yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
25873 commits 89 branches 205 tags 114 MiB
Commit graph

11413 commits

Author SHA1 Message Date
Gilles Peskine a3a0025e18
Merge pull request #7806 from paul-elliott-arm/fix_32bit_builds 
[Bignum] Fix 32 bit unreachable code build failure
 2023-06-20 22:13:06 +02:00
Gilles Peskine 5faccf038b
Merge pull request #7805 from paul-elliott-arm/fix_retval 
Pacify clang15 warnings about empty \retval
 2023-06-20 22:12:51 +02:00
Paul Elliott 215ed131cf Fix 32 bit unreachable code build failure 
Given the size of ciL is set dependant on MBEDTLS_HAVE_INT32 /
MBEDTLS_HAVE_INT64, clang rightfully reports this as unreachable code in
32 bit builds. Fix this by using #define guards instead.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-20 17:55:15 +01:00
Paul Elliott 458b96b1a7
Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips 
Use better IP parsing in x509 apps
 2023-06-20 17:21:04 +01:00
Demi Marie Obenour 690b8c9ca7 Add a do-while loop around macros 
This is good practice in C.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-06-20 11:48:04 -04:00
Paul Elliott 24f4b73ee5 Pacify clang15 warnings about empty /retval 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-20 15:51:46 +01:00
Valerio Setti e1651360c0 pkwrite: fix wrong guard position for pk_get_opaque_ec_family() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti a9aab1a85b pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa() 
This allows also to:
- removing the dependency on ECP_C for these functions and only rely
  on PSA symbols
- removing extra header inclusing from crypto_extra.h
- return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to
  their original position in pk.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti bc2b1d3288 psa: move mbedtls_ecc_group_to_psa() from inline function to standard one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti 30fdc03819 pk: remove useless internal function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti 81d75127ba library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Dave Rodgman 086e137dc4 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 20:21:39 +01:00
Dave Rodgman 96a9e6a9dd Address test review comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 20:18:36 +01:00
Dave Rodgman e1dd6e9e8f Merge remote-tracking branch 'origin/development' into prefer-intrinsics 2023-06-16 17:46:16 +01:00
Dave Rodgman 4ad81ccdae Only force O2 when hw acceleration available 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 15:04:04 +01:00
Valerio Setti addeee4531 mbedtls_config: add new MBEDTLS_PK_PARSE_EC_COMPRESSED symbol 
This includes also:
- auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is
  defined
- replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse
- disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves
  (it get disabled also in the reference components because we want
  to achieve test parity)
- remove skipped checks in analyze_outcomes.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 16:03:46 +02:00
Gilles Peskine 5760bf77c7
Merge pull request #7641 from valeriosetti/issue7614 
Define PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy (step 1)
 2023-06-16 16:00:17 +02:00
Dave Rodgman b2814bd089 Only enable gcc -Os fix if we have AES hw support 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 14:50:33 +01:00
Dave Rodgman 73b0c0b051 Improve comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 14:48:14 +01:00
Przemek Stekiel f595c5b69a Use valid guard for filling group list with EC groups 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-16 15:45:37 +02:00
Dave Rodgman bd1add94c0 Respect -Os for everything except XTS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 13:50:14 +01:00
Minos Galanakis de87461c23 ecp_curves: Updated the optimised reduction function pointer. 
This patch modifies the `mbedtls_mpi_opt_red_struct` to use an
mpi_uint * pointer and size_t limps arguments.

The methods interacting with this pointer have been updated
accordingly:

- mbedtls_mpi_mod_optred_modulus_setup
- mbedtls_ecp_modulus_setup

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 5c238d80cd bignum_mod: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 65210952ec ecp_curves: Updated mbedtls_ecp_modulus_setup to use optimised reduction. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 1d3e332986 ecp_curves: Updated input argument for mbedtls_ecp_modulus_setup. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis be1bf15f76 bignum_mod: Updated optred_modulus_setup to use function input. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis c6e68ed85d bignum_mod: Added mbedtls_mpi_opt_red_struct structure. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 0f718c9ed0 bignum_mod: Fixed code-style 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis f055ad61dc bignum_mod: Added static standard_modulus_setup(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 88e16dfa2a bignum_mod: Refactored mbedtls_mpi_mod_modulus_setup() 
This patch removes the `int_rep` input parameter for modular
setup, aiming to align it with the optred variant.

Test and test-suite helper functions have been updated
accordingly.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis bbe9db4b29 binum_mod: Added mbedtls_mpi_mod_optred_modulus_setup(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Paul Elliott 680233dc3f
Merge pull request #7680 from paul-elliott-arm/raw_ecp_mod_p448 
[Bignum] Split out raw ECP mod p448
 2023-06-16 13:46:25 +01:00
Dave Rodgman e07c670e47 Allow all.sh to override intrinsics vs asm selection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 13:21:28 +01:00
Valerio Setti b46217d5c1 tls: never destroy a priavte key that is not owned/created by TLS module 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 13:18:52 +02:00
Valerio Setti 01cc88a46b config_psa: replace USE symbols with BASIC one for all KEY_PAIRs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:27:02 +02:00
Valerio Setti b0d9aaee1c psa: move PSA_WANT checks to check_crypto_config 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti 8bb5763a85 library: replace deprecated symbols with temporary _LEGACY ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:23:55 +02:00
Valerio Setti 0813b6f28d tls: optimize code in ssl_get_ecdh_params_from_cert() 
When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys
are basically stored in the same way (only a diffferent ownership for
the key itself), so they should be treated similarly in the code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:18:53 +02:00
Janos Follath a426dc31cc
Merge pull request #7782 from gilles-peskine-arm/mbedtls_ecp_modulus_type-move 
Move mbedtls_ecp_modulus_type out of the public headers
 2023-06-16 11:12:57 +01:00
Dave Rodgman 9bb7e6f4ce Rename MBEDTLS_OPTIMIZE_ALWAYS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 09:41:21 +01:00
Dave Rodgman 48fd2ab5d5 Improve readability of unrolled AESCE code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 09:36:50 +01:00
Gilles Peskine f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes 
PBKDF2: Output bytes
 2023-06-16 10:08:02 +02:00
Dave Rodgman 2dd15b3ab5 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 20:27:53 +01:00
Dave Rodgman 660cd378e1 Use MBEDTLS_OPTIMIZE_ALWAYS for gcm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:53:35 +01:00
Dave Rodgman 9149c32192 Use MBEDTLS_OPTIMIZE_ALWAYS for ccm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:50:21 +01:00
Dave Rodgman f88a68cf51 Use MBEDTLS_OPTIMIZE_ALWAYS in aesce 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:46:41 +01:00
Dave Rodgman 6cfd9b54ae use MBEDTLS_OPTIMIZE_ALWAYS in AES-XTS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:46:23 +01:00
Dave Rodgman a0b166e11e Use mbedtls_xor_no_simd from cmac and cbc 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:44:16 +01:00
Dave Rodgman 03bb526c24 Add a non-NEON variant of mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:43:24 +01:00
Dave Rodgman b055f75c3d Introduce MBEDTLS_OPTIMIZE_ALWAYS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:42:59 +01:00
Dave Rodgman 7fdfd70b19 Introduce MBEDTLS_COMPILER_IS_GCC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:42:25 +01:00
Gilles Peskine 637c049349 Move mbedtls_ecp_modulus_type out of the public headers 
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests

Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-15 19:07:41 +02:00
Kusumit Ghoderao 246e51fd0b Add cleanup for intermediate buffer 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-15 22:15:43 +05:30
Paul Elliott a2e48f751b Split out mbedtls_ecp_mod_p448_raw() 
Switch testing over to using the generic raw functions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-15 17:16:38 +01:00
Paul Elliott b4df176610
Merge pull request #7637 from paul-elliott-arm/fixed_ecp_mod_p448 
[Bignum] Fixed width for ecp mod p448
 2023-06-15 17:12:02 +01:00
Dave Rodgman 1c4451d089 Unroll aesce_decrypt_block 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 16:28:00 +01:00
Dave Rodgman 96fdfb8e62 Unroll aesce_encrypt_block 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 16:26:20 +01:00
Przemek Stekiel a05e9c1ec8 Fix selection of default FFDH group 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 17:07:16 +02:00
Przemek Stekiel 8c0a95374f Adapt remaining guards to FFDH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 17:07:10 +02:00
Dave Rodgman 2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf 
AES perf improvements
 2023-06-15 12:10:06 +01:00
Tom Cosgrove 6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only 
Introduce config option of 128-bit key only in AES calculation
 2023-06-15 10:35:32 +01:00
Kusumit Ghoderao d07761c19c add return statement 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-15 12:11:15 +05:30
Dave Rodgman 28a97acb3c code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 20:15:15 +01:00
Paul Elliott bed9ac7b2d Optimise final 2 rounds 
Final two rounds logic could be significantly simplified.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 19:20:33 +01:00
Dave Rodgman d05e7f1ab3 Do not use NEON for AES-CBC on aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 18:58:48 +01:00
Dave Rodgman 906c63cf35 Revert "improve cbc encrypt perf" 
This reverts commit f1e396c427.

Performance is slightly better with this reverted, especially
for AES-CBC 192.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 17:55:41 +01:00
Paul Elliott b8f7305b02 Replace sizeof(mbedtls_mpi_uint) with ciL define 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 17:52:42 +01:00
Andrzej Kurek 15ddda9ff8 Remove PSA_TO_MD_ERR from ssl_tls.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-14 07:37:46 -04:00
Kusumit Ghoderao 257ea00199 Use output block as U_accumulator 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-14 15:55:11 +05:30
Paul Elliott 3646dc78bc Fix coding style issue 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 08:51:08 +01:00
Paul Elliott 436f2ad37c Three round solution 
Attempt to fix failing test by dealing with overflow with three rounds,
instead of previous subtract modulus solution. Also optimise out shifts
by using memcpy / memmove instead. Remove final sub to return canonical
result, as this is not required here.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-13 17:39:44 +01:00
Przemek Stekiel 7d42c0d0e5 Code cleanup #2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 12:30:40 +02:00
Andrzej Kurek a6033ac431 Add missing guards in tls 1.3 
Error translation is only used with these
defines on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek 1e4a030b00 Fix wrong array size calculation in error translation code 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek b22b9778c7 Move the ARRAY_LENGTH definition to common.h 
Reuse it in the library and tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek 1c7a99856f Add missing ifdefs 
Make sure that the error translating functions
are only defined when they're used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek 0064484a70 Optimize error translation code size 
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:46 -04:00
Przemek Stekiel 75a5a9c205 Code cleanup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 09:57:23 +02:00
Manuel Pégourié-Gonnard 14f65a47c8
Merge pull request #7714 from daverodgman/sha3-update 
SHA-3 update
 2023-06-12 15:13:30 +02:00
Dave Rodgman 5c394ff203 Use a single fast-path in mbedtls_xor, gains around 1% in benchmarks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 20:10:36 +01:00
Dave Rodgman 159dc099fd Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 19:46:07 +01:00
Dave Rodgman 360e04f379 Fix AES-XTS perf regression 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 17:23:15 +01:00
Dave Rodgman f32176c0e3 Remove unnecessary cast 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 16:25:49 +01:00
Tom Cosgrove ef2aa0ecad Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c 
If we're built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
way to detect the crypto extensions required, the code turns off _IF_PRESENT
and falls back to C only (with a warning). This was done after the attributes
are pushed, and the pop is done only #if defined(xxx_IF_PRESENT), so this
commit fixes that.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-06-09 11:29:50 +01:00
Dave Rodgman 6d4933e54d Replace use of MBEDTLS_SHA3_C with MBEDTLS_MD_CAN_SHA3_xxx 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-08 16:03:54 +01:00
Kusumit Ghoderao d9ec1afd13 Fix failing Ci 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 20:19:51 +05:30
Gilles Peskine e5e8ba654e
Merge pull request #7666 from mprse/ip_info 
OPC UA: parsing IP's in SubjectAltNames & printing info
 2023-06-08 15:23:21 +02:00
Gilles Peskine 95b43a04a9
Merge pull request #7651 from daverodgman/fix-armclang-compile-fail 
Fix armclang compile fail
 2023-06-08 14:36:18 +02:00
Kusumit Ghoderao 109ee3de36 Use size of buffer for mac_size 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 16:36:45 +05:30
Kusumit Ghoderao b821a5fd67 Use multipart mac operation for adding salt and counter 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 16:35:55 +05:30
Xiaokang Qian fcdd0477b3 Replace loop zeroise with memset 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-06-08 10:03:53 +00:00
Janos Follath 035e5fc885 Add comments to 448 optimised reduction 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-06-08 09:44:30 +00:00
Dave Rodgman ff45d44c02 Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-08 10:11:34 +01:00
Dave Rodgman 2c91f4b8b2 Fix for big-endian architectures 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 19:59:05 +01:00
Dave Rodgman 2f0f998ec4 Unify ABSORB and ABSORB8 to fix compile error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 19:12:04 +01:00
Dave Rodgman b61cd1042a Correct minor merge mistakes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 18:14:45 +01:00
Dave Rodgman 05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Dave Rodgman f213d0a7b0 Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:09:47 +01:00
Dave Rodgman 1b42763516 Remove NULL checks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:09:02 +01:00
Dave Rodgman cf4d2bdc09 Spell as SHA-3 not SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:08:09 +01:00
Dave Rodgman 9d7fa93e6c move mbedtls_sha3_family_functions out of public interface 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:50:15 +01:00
Dave Rodgman 1789d84282 remove not-needed fields from SHA-3 context 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:50:15 +01:00
Dave Rodgman bcfd79c699 Consume input in 8-byte chunks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:50:15 +01:00
Dave Rodgman 2070c2074e Avoid possible NEON alignment issue 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:38:26 +01:00
Dave Rodgman 9d1635e742 Revert not-useful changes to AES-CBC decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-07 16:38:26 +01:00
Dave Rodgman f1e396c427 improve cbc encrypt perf 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-07 16:38:26 +01:00
Dave Rodgman 3f47b3f7a3 Extend NEON use to 32-bit Arm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:38:26 +01:00
Andrzej Kurek c40a1b552c Remove references to x509_invasive.h 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-07 08:54:34 -04:00
Andrzej Kurek cd17ecfe85 Use better IP parsing in x509 programs 
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-07 08:50:05 -04:00
Gilles Peskine 13230a4ad3
Merge pull request #7349 from mpg/rm-hash-info 
Remove `hash_info` module
 2023-06-06 21:05:13 +02:00
Gilles Peskine d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string 
Parse an OID from a string
 2023-06-06 20:57:17 +02:00
Przemek Stekiel ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:53:40 +02:00
Przemek Stekiel a4700fa69d mbedtls_psa_ffdh_export_public_key: allow bigger output buffer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel da4fba64b8 Further code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel 152bb4632b Adapt function names 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel 29c219c285 Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel 316c19ef93 Adapt guards, dependencies + optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel e7db09bede Move FFDH helper functions and macros to more suitable locations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel 63706628d0 Adapt guards for FFDH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel 947ff56c45 Replace deprecated functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel 24e50d3dbd Compile out length check to silent the compiler warning 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel c89f3ea9f2 Add support for FFDH in TLS 1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel cceb933e30 Add FFDH definitions and translation functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:07 +02:00
Przemek Stekiel 060012c5fd ssl_write_supported_groups_ext(): add support for ffdh keys 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:07 +02:00
Przemek Stekiel 383f471bf4 Add the DHE groups to the default list of supported groups 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:07 +02:00
Przemek Stekiel 4d3fc216fc Use safe snprintf 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Przemek Stekiel 01cb6eb251 Fix parsing of SAN IP (use mbedtls_snprintf, validate buffer length) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Przemek Stekiel 093c97d492 Add separate case for ip address 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Przemek Stekiel 0ab5b93922 Add support for parsing SAN IP address 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Kusumit Ghoderao f6a0d57e4d Add pbkdf2 function to key_derivation_output_bytes 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:41 +05:30
Kusumit Ghoderao a4346cdc50 Add pbkdf2_generate_block function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:39 +05:30
Manuel Pégourié-Gonnard cf61a74209 Add static check for macros that should be in sync 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 28f504e892 Use PSA-neutral function for availability check 
We just want to check if this hash is available, and the check is
present in builds both with PSA and without it. The function we were
using is only present in builds with PSA, so it wasn't appropriate.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 725d2e24aa Fix guard for PSA->MD error conversion 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard b3b54abf8a Fix duplicated definition of a function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 3761e9e8fd Use function instead of macro for error conversion 
tests/scripts/all.sh build_arm_none_eabi_gcc_m0plus | grep TOTALS

Before: 323003
After:  322883
Saved:     120 bytes

Not huge, but still nice to have.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 02b10d8266 Add missing include 
Fix build failures with config full

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard ddbf61a938 Use general framework for PSA status conversion 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 1f2a587cdf Use actual function instead of static inline 
Large static inline functions used from several translation units in the
library are bad for code size as we end up with multiple copies. Use the
actual function instead. There's already a comment that says so.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 6076f4124a Remove hash_info.[ch] 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 2d6d993662 Use MD<->PSA functions from MD light 
As usual, just a search-and-replace plus:

1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 36fb12e7dd Add MD <-> PSA translation functions to MD light 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 1b180bec40 Remove unused function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 8857984b2f Replace hash_info macro with MD macro 
Now the MD macro also accounts for PSA-only hashes.

Just a search-and-replace, plus manually removing the definition in
hash_info.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 9b41eb8533 Replace hash_info_get_type with MD function 
Mostly a search and replace with just two manual changes:

1. Now PK and TLS need MD light, so auto-enable it.
2. Remove the old function in hash_info.[ch]

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Gilles Peskine 5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification 
Add partial support for URI SubjectAltNames verification
 2023-06-05 16:46:47 +02:00
Gilles Peskine b21f32eba6
Merge pull request #6257 from Laserdance100/development 
Change macros in mps_common.h
 2023-06-05 15:51:59 +02:00
Gilles Peskine b47fb4cdd8
Merge pull request #7676 from valeriosetti/issue7485 
PK: add support for check_pair() with "opaque" EC keys
 2023-06-05 15:51:03 +02:00
Gilles Peskine 763c19afcb
Merge pull request #7639 from Taowyoo/yx/fix-time-tls13-client-server 
Fix: correct calling to time function in tls13 client&server
 2023-06-05 15:50:32 +02:00
Gilles Peskine 975d9c0faf
Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes 
Miscellaneous fixes for SubjectAltName code / docs
 2023-06-05 15:38:53 +02:00