lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-20 16:42:59 +03:00
Code Activity
29,227 Commits 173 Branches 272 Tags
e093281a8b51a3d89e61c99b7ac28c7bae47fbfa
Commit Graph

29227 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
662c497395 Merge pull request #8144 from daverodgman/zeroize-stronger 
Add more protection to mbedtls_platform_zeroize
 2023-09-02 10:59:12 +01:00
Dave Rodgman
1dab445804 Update guard for ecp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-02 10:56:44 +01:00
Dave Rodgman
16a76721b6 Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization 
Fix TLS pad buffer zeroization
 2023-09-01 23:35:23 +00:00
Janos Follath
4d43f2ed0e Add Everest to threat model 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-09-01 16:22:25 +01:00
Tom Cosgrove
02ad791f29 Merge pull request #8116 from gilles-peskine-arm/config_psa-changelog-3.5 
Announce that #7420 is fixed
 2023-09-01 13:53:44 +00:00
Paul Elliott
83ae22dbbd Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-01 14:29:04 +01:00
Waleed-Ziad Maamoun-Elmelegy
c5fef82c52 Fix typo in pkcs5.c 
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-01 11:45:39 +01:00
Yanray Wang
a6757765c0 Add ChangeLog entry for MBEDTLS_CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 18:37:38 +08:00
Dave Rodgman
fe55320b5c Avoid error from old gcc version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 11:15:28 +01:00
Dave Rodgman
5f6060a1f3 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 11:00:58 +01:00
Yanray Wang
782190417c all.sh: ciper_encrypt_only: cover VIA PADLOCK 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:52 +08:00
Yanray Wang
bf66ef9085 all.sh: ciper_encrypt_only: cover baremetal build for AESCE 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:24 +08:00
Yanray Wang
207c991d56 all.sh: ciper_encrypt_only: cover AESNI and C Implementation 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:43:42 +08:00
Yanray Wang
dbcc0c6172 aes: define internal macro to simplify #if Directive 
No semantic changes, only yo simplify #if Directive
with introduction of MBEDTLS_AES_NEED_FORWARD_S_BOXES and
MBEDTLS_AES_NEED_REVERSE_TABLES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
72d7bb4bca check_config.h: add checks for CIPHER_ENCRYPT_ONLY 
MBEDTLS_CIPHER_ENCRYPT_ONLY is an internal configuration which is
automatically enabled via the PSA. Typically,
once MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled,
MBEDTLS_PSA_CRYPTO_CONFIG must be enabled. This check is only used
to prevent user explicitly enabling MBEDTLS_CIPHER_ENCRYPT_ONLY.

In addition, we shouldn't enable MBEDTLS_CIPHER_ENCRYPT_ONLY if
either CIPHER_MODE_CBC, CIPHER_MODE_XTS or NIST_KW_C is enabled.
Since three of them always need AES-decrypt.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
3c565275c4 des: add CIPHER_ENCRYPT_ONLY dependency for test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
ba473b1c82 camellia: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
702c220809 aria: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
85c3023c60 AES-ECB: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
d7058b0a35 dh_client: removed under CIPHER_ENCRYPT_ONLY 
dh_client requests AES-ECB to do decryption. So it needs to be
removed under CIPHER_ENCRYPT_ONLY.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
db9b3095fb cipher_wrap: remove *setkey_dec_func in CIPHER_ENCRYPT_ONLY 
There is no need to set decrypt key under CIPHER_ENCRYPT_ONLY,
so we can remove *setkey_dec_func from ctx to save extra code size.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:31 +08:00
Dave Rodgman
ba67451562 Fix gcc compile warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 10:14:46 +01:00
Dave Rodgman
ac3cf7c20b Add more protection to mbedtls_platform_zeroize 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 10:09:31 +01:00
Yanray Wang
9141ad1223 aria/camellia/des: guard setkey_dec by CIPHER_ENCRYPT_ONLY 
This is a pre-step to remove *setkey_dec_func in cipher_wrap ctx
when CIPHER_ENCRYPT_ONLY is enabled.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:06:38 +08:00
Yanray Wang
a8ac23a758 all.sh: add test case for CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:40:11 +08:00
Yanray Wang
67208fdba8 PSA: auto-enable CIPHER_ENCRYPT_ONLY if cipher-decrypt is not needed 
Some cipher modes use cipher-encrypt to encrypt and decrypt.
(E.g: ECB, CBC). This commit adds support to automatically
enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't
need cipher_decrypt.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:40:11 +08:00
Yanray Wang
380be5af3a AESNI: add macro guard of CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:40:11 +08:00
Yanray Wang
590c9b7abe AESCE: add macro guard of CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:39:28 +08:00
Yanray Wang
78ee0c9e4f aes.c: add config option to support cipher_encrypt_only 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:35:33 +08:00
Paul Elliott
6147511bc0 Merge pull request #7955 from davidhorstmann-arm/psa-crypto-script-changes 
Miscellaneous changes to scripts for PSA-Crypto enablement
 2023-08-31 18:19:52 +00:00
Paul Elliott
6ebe7d2e3a Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name 
Coverity fix: Set `type_id` in `x509_get_other_name()`
 2023-08-31 16:26:00 +00:00
Tom Cosgrove
c43c3aaf02 Define all PSA_xxx macros to 1 rather than have them empty, for consistency 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-08-31 17:06:58 +01:00
Paul Elliott
b5d97156e4 Merge pull request #7857 from minosgalanakis/bugifx/address_curve_bits 
[BigNum] test_suite_ecp: Fixed curve bit-length.
 2023-08-31 13:14:11 +00:00
Janos Follath
b4527fbd82 Add clarifications to the threading requirements 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 14:01:24 +01:00
Janos Follath
b6954730f0 Fix typo 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 13:54:21 +01:00
Dave Rodgman
4f47f3dac8 Covert PSA guards to MBEDTLS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-31 12:10:00 +01:00
Dave Rodgman
a9a53a05f0 Merge remote-tracking branch 'origin/development' into misc-code-size 2023-08-31 11:53:46 +01:00
Dave Rodgman
dea266f3f5 Use MBEDTLS_MD_LIGHT instead of MBEDTLS_MD_C 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-31 11:52:43 +01:00
Dave Rodgman
8d706f6b59 Simplify camellia error conversion macros 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-31 11:48:44 +01:00
Dave Rodgman
09a9e589c1 Add missing error conversion case 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-31 11:05:22 +01:00
Dave Rodgman
68efcf56ed Remove not-needed #include 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-31 10:09:05 +01:00
Gilles Peskine
f7632382cc Merge pull request #8130 from davidhorstmann-arm/fix-unnecessary-include-prefixes 
Fix unnecessary header prefixes in tests
 2023-08-31 08:57:26 +00:00
Paul Elliott
793654b78c Merge pull request #8137 from paul-elliott-arm/regen_coverity_token 
Regenerate coverity scan token
 2023-08-31 14:55:39 +01:00
Janos Follath
35633dd977 Add threading non-requirement 
State explicitly the non-requirement that it's ok for psa_destroy_key to
block waiting for a driver.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 08:31:19 +01:00
Gilles Peskine
7990a3296d Explain the story about cryptography version requirements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-31 09:30:56 +02:00
Gilles Peskine
7b2b76a2d4 Merge pull request #7165 from yanrayw/7094-collect-compatsh-test-cases 
check_test_cases.py: support to collect test cases for compat.sh
 2023-08-31 07:30:20 +00:00
Janos Follath
15d9ec29be Improve thread safety presentation 
- Use unique section titles so that there are unique anchors
- Make list style consistent between similar sections

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-31 08:22:21 +01:00
Tom Cosgrove
5a387c8515 Merge pull request #8140 from daverodgman/sha3-zeroize 
Ensure mbedtls_sha3_finish zeroizes the context
 2023-08-31 07:16:35 +00:00
Dave Rodgman
984309c2c3 Call mbedtls_platform_zeroize via mbedtls_sha3_free 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-30 19:22:28 +01:00
Dave Rodgman
dbddb00158 Ensure mbedtls_sha3_finish zeroizes the context 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-30 18:43:23 +01:00