Commit graph

12276 commits

Author SHA1 Message Date
Dave Rodgman
1ec1a0f0cc Introduce MBEDTLS_MAYBE_UNUSED
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 13:50:54 +01:00
Minos Galanakis
591416f32b Auto-generated files for v3.5.0
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-04 00:55:02 +01:00
Minos Galanakis
31ca313efa Bump version to 3.5.0
```
./scripts/bump_version.sh --version 3.5.0
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 22:02:18 +01:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 21:57:51 +01:00
Dave Rodgman
cc5bf4946f Make SHA256 depend on Armv8, not aarch64
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-03 18:02:56 +01:00
Gilles Peskine
3713bee34c Remove leftover local debug line
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 18:43:18 +02:00
Gilles Peskine
7910cdd47f Avoid compiler warning about size comparison
GCC warns about comparing uint8_t to a size that may be >255.

Strangely, casting the uint8_t to a size_t in the comparison expression
doesn't avoid the warning. So change the type of the variable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 16:11:05 +02:00
Gilles Peskine
530c423ad2 Improve some debug messages and error codes
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:42:11 +02:00
Gilles Peskine
c29df535ee Improve robustness of ECDH public key length validation
In client-side code with MBEDTLS_USE_PSA_CRYPTO, use the buffer size to
validate what is written in handshake->xxdh_psa_peerkey. The previous code
was correct, but a little fragile to misconfiguration or maintenance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:39 +02:00
Gilles Peskine
c8df898204 Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing
Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:33 +02:00
Gilles Peskine
12c5aaae57 Fix buffer overflow in TLS 1.3 ECDH public key parsing
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:10 +02:00
Dave Rodgman
a06d45ec4a Code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 18:59:34 +01:00
Dave Rodgman
450c1ff353 Fix some more incorrect guards in aes.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 16:23:37 +01:00
Gilles Peskine
16e9256fe8
Merge pull request #8272 from daverodgman/iar-warnings
Fix IAR warnings
2023-09-29 13:11:03 +00:00
Dave Rodgman
e81a632257 Restore missing #if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 13:54:27 +01:00
Dave Rodgman
782df03553 Improve AES hardware-only check
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 13:04:36 +01:00
David Horstmann
de527fbfe0 Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake
MBEDTLS_TARGET_PREFIX is prepended to the CMake targets for Mbed TLS
except for targets in 3rdparty. Change this so that 3rdparty targets use
the prefix as well.

This allows multiple copies of Mbed TLS to be used in the same CMake
tree when using code in the 3rdparty directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-28 18:39:33 +01:00
Dave Rodgman
90330a4a2d Fix IAR control bypasses initialisation warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:13:46 +01:00
Dave Rodgman
02a53d7bef Fix IAR pointless integer comparison
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:19:50 +01:00
Dave Rodgman
7e9af05409 Fix IAR control bypasses initialisation warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:08:49 +01:00
Dave Rodgman
73d8591f7f Fix IAR change of sign warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:00:50 +01:00
Gilles Peskine
42f8d5f0c9
Merge pull request #8261 from Mbed-TLS/fix-cmake-header-include
Add CMake include path for generated header
2023-09-28 15:16:15 +00:00
Manuel Pégourié-Gonnard
f07ce3b8ff Don't extend support for deprecated functions
Restore guards from the previous release, instead of the new, more
permissive guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-28 08:51:51 +02:00
Dave Rodgman
0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016
driver-only ECC: curve acceleration macros
2023-09-27 14:39:02 +00:00
David Horstmann
b7b4f23c38 Add CMake include path for generated header
Now that we are generating psa_crypto_driver_wrappers.h, we need to pass
build/library as an include directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-27 14:05:32 +01:00
Xiaokang Qian
e9dc63e069 No need to include the 3rd party entry point head file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
b909aeafa3 Remove useless spaces in Makefile
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
0e5b53c7e4 Move the dependency adjacent to the generated file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
1b61d6e13f Change include guards of psa_crypto_driver_wrappers_no_static.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
845693c513 Change comments to psa_crypto_driver_wrappers.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
fe9666b8c0 Change the extension type of the file psa_crypto_driver_wrapper
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
54a4fdfe91 Automaticly generate psa_crypto_driver_wrappers_no_static.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
97d1ccb781 Dont't generate object file for file only include static functions
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
42266dd670 Revert the Makefile to remove the dependency of generate_files
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
9345b2e98f Move functions out of the static file
Move get_key_buf_size/get_builtin_key out of
    the psa wrapper auto generated file
Slot_management.c include the head file instead of the source file

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
cad99fa998 Change code style
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e9c39c42fd Enable build of non-static psa wrapper functions
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e518eeada9 Move function psa_driver_wrapper_export_public_key out of auto-generated
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
5db65c72ec Remove static inline functions declare and make it only in c file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Xiaokang Qian
077ffc0991 Ensure build of P256 pass
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Xiaokang Qian
b862031afa Remove useless declaration
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Thomas Daubney
7046468a02 Define the psa wrapper functions as static inline
This is a commit from Thomas Daubney.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Gilles Peskine
391dd7fe87 Fix propagation of return value from parse_attribute_value_hex_der_encoded
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Gilles Peskine
7077781af5 Fix integer overflow with an input buffer larger than INT_MAX
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Gilles Peskine
25665781f6 Rewrite parse_attribute_value_hex_der_encoded()
Rename the function from parse_attribute_value_der_encoded: the hex aspect
seems important.

There was a buffer overflow due to not validating that the intermediate data
fit in the stack buffer. The rewrite doesn't use this buffer, and takes care
not to overflow the buffer that it does use.

Document all that's going on.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925
Merge development into development-restricted
2023-09-25 18:16:01 +01:00
Valerio Setti
c437faeaa1 psa_crypto: fix guards in mbedtls_ecc_group_to_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
f250ada3ab tls/oid: add PSA_WANT_ECC_xxx guards together with existing MBEDTLS_ECP_DP_xxx
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:40 +02:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called
Check set_padding has been called in mbedtls_cipher_finish
2023-09-25 17:12:36 +02:00
Minos Galanakis
21087754a5 x509_crt: Removed unused intsafe.h
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 15:17:38 +01:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
2023-09-25 16:16:26 +02:00
Minos Galanakis
a9bb34cd73 x509_crt: Removed length_as_int intermediate variable
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:42:41 +01:00
Minos Galanakis
59108d3f4d x509_crt: Adjusted the len of lpMultiByteStr arg in WideCharToMultiByte
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:23 +01:00
Minos Galanakis
08a67ccefd x509_crt: Set WideCharToMultiByte to use -1 for length.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

WideCharToMultiByte
2023-09-25 14:12:23 +01:00
Minos Galanakis
40995e1390 x509_crt: Removed checks for windows versions < WINXP
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
fac45fbafe entropy_poll: Removed checks for windows versions < WINXP
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
e8a5d1afbd entropy_poll: Updated documentation for entropy_poll loop.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
2c6e561ff8 entropy_poll.c: Added looping logic to mbedtls_platform_entropy_poll().
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
4952f705ee Removed unsupported Visual Studio related code in entropy_poll.c and x509_crt.c.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
12b493f4dc entropy_poll/x509_crt: Added MBEDTLS_POP_TARGET_PRAGMA define guards.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:21 +01:00
Minos Galanakis
24a1c16fac library Makefile: Moved -lbcrypt to LOCAL_LDFLAGS
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:21 +01:00
Minos Galanakis
a277b210ff Code style fixes
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:21 +01:00
Simon Butcher
de573f56e5 Fix coding style of length_as_int var in x509_crt.c
Variable had the very Windows name of lengthAsInt, which is fine for C# but
doesn't match the Mbed TLS coding standards.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2023-09-25 14:12:21 +01:00
Simon Butcher
35e5dad865 Add clarifying comment on use of MultiByteToWideChar() and CP_ACP
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2023-09-25 14:12:21 +01:00
Simon Butcher
def90f4966 Fix formatting and detail of comments in PR #730
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2023-09-25 14:12:20 +01:00
Simon Butcher
e068aa7ad5 Fix the build for mingw and CMake + VStudio
Changes to the build to add the new Win32 Crypto API's inadvertently broke
the build for mingw and Visual Studio builds when generated by CMake.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2023-09-25 14:12:20 +01:00
Kevin Kane
0ec1e68548 Replace Windows APIs that are banned in Windows Store apps
CryptGenRandom and lstrlenW are not permitted in Windows Store apps,
meaning apps that use mbedTLS can't ship in the Windows Store.
Instead, use BCryptGenRandom and wcslen, respectively, which are
permitted.

Also make sure conversions between size_t, ULONG, and int are
always done safely; on a 64-bit platform, these types are different
sizes.

Also suppress macro redefinition warning for intsafe.h:

Visual Studio 2010 and earlier generates C4005 when including both
<intsafe.h> and <stdint.h> because a number of <TYPE>_MAX constants
are redefined. This is fixed in later versions of Visual Studio.
The constants are guaranteed to be the same between both files,
however, so we can safely suppress the warning when including
intsafe.h.

Signed-off-by: Kevin Kane <kkane@microsoft.com>
2023-09-25 14:12:20 +01:00
Dave Rodgman
025bed9eb7
Merge pull request #1076 from daverodgman/more-ct
Use CT module more consistently
2023-09-25 11:50:10 +01:00
Dave Rodgman
5a3add2c67
Merge pull request #8234 from kouzhudong/development
Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c
2023-09-25 10:51:46 +01:00
Gilles Peskine
6809f231a6
Merge pull request #8210 from yanrayw/aes_128bit_improvement
AES 128bit only: add guards in cipher_wrap.c
2023-09-22 18:15:03 +00:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext
Switch pkparse to use new pkcs5/12 pbe functions
2023-09-22 18:06:50 +02:00
Dave Rodgman
4f53520f54
Merge pull request #8241 from daverodgman/cast_warning
fix cast warning
2023-09-22 14:23:05 +00:00
Dave Rodgman
c0633bc777 Add comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 10:54:43 +01:00
Dave Rodgman
38c3228f3e fix cast warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 10:51:37 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
2023-09-22 11:43:03 +02:00
Dave Rodgman
d03f483dbe Use mbedtls_ct_error_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 10:01:47 +01:00
Dave Rodgman
fbe74a9e51 Add mbedtls_ct_error_if, with tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 09:58:25 +01:00
Tom Cosgrove
41434d043c
Merge pull request #8237 from tom-cosgrove-arm/mbedtls_pk_write_key_der-unused-len-and-unreachable-ret
Remove unused variable and unreachable return from mbedtls_pk_write_key_der()
2023-09-22 08:45:48 +00:00
Dave Rodgman
a9d70125a3 Remove mbedtls_ct_int_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 21:53:54 +01:00
Dave Rodgman
7ad37e40a6 Remove use of mbedtls_ct_int_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 21:53:31 +01:00
Dave Rodgman
530c3da698 Improve implementation of mbedtls_ct_int_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 21:06:48 +01:00
Dave Rodgman
61f1beaccf Update library to use mbedtls_ct_int_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 19:23:17 +01:00
Dave Rodgman
f81b2a14f2 Generalise mbedtls_ct_error_if to mbedtls_ct_int_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 19:22:43 +01:00
Dave Rodgman
aaebc9be51
Merge pull request #8235 from daverodgman/misc-size 2023-09-21 18:42:37 +01:00
Tom Cosgrove
8d276fbc23 Remove unused variable and unreachable return from mbedtls_pk_write_key_der()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-21 17:19:36 +01:00
correy
a15b4851d4 Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c
Signed-off-by: correy <112426112@qq.com>
2023-09-21 20:18:52 +08:00
Dave Rodgman
1a404e8f34 Use mbedtls_ct_error for CT error selection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 13:12:28 +01:00
Dave Rodgman
e50b537266 Add mbedtls_ct_error_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 11:29:58 +01:00
Dave Rodgman
ef6795d2a9 Reduce size of mbedtls_asn1_get_len
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 10:35:33 +01:00
Dave Rodgman
584a08f91d Add cast for MSVC
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-20 20:15:52 +01:00
Gilles Peskine
efaee9a299 Give a production-sounding name to the p256m option
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-20 20:49:47 +02:00
Waleed Elmelegy
1db5cdaf57 Add tests to test pkcs8 parsing of encrypted keys
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:29:02 +01:00
Waleed Elmelegy
5e48cad7f0 Fix codestyle issues in pkcs12.h & pkparse.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:29:02 +01:00
Waleed Elmelegy
d527896b7e Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:29:02 +01:00
Waleed Elmelegy
c9f4040f7f Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:28:28 +01:00
Dave Rodgman
1cf181fd46 Reinstate more robust return value handling
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-20 19:10:17 +01:00
Dave Rodgman
c43a0a4adb rename dont_ignore to in_padding
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-20 19:09:51 +01:00
Dave Rodgman
e834d6c9f2 Move declaration for robustness against future edits
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-20 19:09:51 +01:00
Dave Rodgman
c62f7fcce9 Use more meaningful variable name in mbedtls_rsa_rsaes_oaep_decrypt
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-20 19:09:51 +01:00
Dave Rodgman
e94cd0b99b Correct use of mbedtls_ct_mpi_uint_if_else_0
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-20 19:09:51 +01:00
Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613
TLS: Clean up ECDSA dependencies
2023-09-20 12:47:55 +00:00
Dave Rodgman
ee5464fab9 Simplify unnecessarily complex error code handling
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-20 09:13:12 +01:00
Dave Rodgman
fd96579ecd Use properly typed versions of mbedtls_ct_xxx_if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 21:52:13 +01:00
Dave Rodgman
143f5f7c68 Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 21:52:13 +01:00
Dave Rodgman
437500c5b1 Fix MSVC type complaint
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 21:52:13 +01:00
Dave Rodgman
814d096420 Fix error in handling of return value from mbedtls_nist_kw_unwrap
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 20:48:51 +01:00
Dave Rodgman
6be4bcff16 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 19:47:51 +01:00
Dave Rodgman
4fc14cc4ae Fix error in handling of return value from mbedtls_nist_kw_unwrap
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 19:45:54 +01:00
Dave Rodgman
f8182d91a7 Simplify add_zeros_padding
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:39:33 +01:00
Dave Rodgman
d8c68a948a Use CT interface in get_zeros_padding
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:39:33 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:39:33 +01:00
Dave Rodgman
89a9bd5887 Use CT interface in get_one_and_zeros_padding
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:39:33 +01:00
Dave Rodgman
6cec41c3bb use CT interface in add_zeros_and_len_padding()
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:34:06 +01:00
Dave Rodgman
6b7e2a5809 Use CT interface in get_pkcs_padding
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:34:06 +01:00
Dave Rodgman
b4e6b41aa0 Use const-time interface throughout mbedtls_rsa_rsaes_oaep_decrypt
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:34:06 +01:00
Dave Rodgman
51c15309f2 Make padlen check const-time
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:22:18 +01:00
Dave Rodgman
c2630fac52 Simplify mbedtls_ct_memcmp_partial
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:21:50 +01:00
Dave Rodgman
66d6ac92e6 Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 09:10:59 +01:00
Dave Rodgman
d337bd9bfe Improve const-timeness of mbedtls_nist_kw_unwrap
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 09:10:59 +01:00
Dave Rodgman
9c14007ac3 Add mbedtls_ct_memcmp_partial
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 09:10:59 +01:00
Dave Rodgman
d26a3d6da7 Eliminate duplicate ct memcmp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-18 19:09:45 +01:00
Gilles Peskine
faf0b8604a mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 19:07:50 +02:00
Gilles Peskine
bd50d5baec
Merge pull request #8177 from gilles-peskine-arm/generated-files-off-in-release
Generated files off in release
2023-09-18 14:11:58 +00:00
Dave Rodgman
25c271a035
Merge pull request #8182 from daverodgman/asn1write-size
Reduce code size in mbedtls_asn1_write_len
2023-09-18 10:27:23 +00:00
Manuel Pégourié-Gonnard
275afe187f Fix preset shared between 1.2 and 1.3
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 11:19:20 +02:00
Gilles Peskine
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
2023-09-18 08:13:12 +00:00
Dave Rodgman
0c9516ea89 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-15 18:30:09 +01:00
Dave Rodgman
127f35d5e5 Merge remote-tracking branch 'origin/development' into asn1write-size
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-15 18:02:59 +01:00
Dave Rodgman
ecdfc1c94f Fix poorly named function
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-15 18:00:37 +01:00
Gilles Peskine
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun
Add new pkcs12 pbe2 ext fun
2023-09-15 18:43:03 +02:00
Gilles Peskine
170be457bd
Merge pull request #8207 from mcagriaksoy/branch_old_try
Fixes log level for got supported group message
2023-09-15 05:53:00 +00:00
Dave Rodgman
a11eac4292 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-14 16:16:04 +01:00
Dave Rodgman
e99b24dd9f Fix some clang-18 warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-14 15:52:02 +01:00
Yanray Wang
7732ced037 cipher_wrap: remove 192- and 256-bit for AES_ONLY_128_BIT_KEY_LENGTH
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-14 14:35:44 +08:00
mcagriaksoy
d9f22804ea Fixes log level for got supported group message
Signed-off-by: mcagriaksoy <mcagriaksoy@yandex.com>
2023-09-13 22:43:38 +02:00
Gilles Peskine
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
2023-09-13 16:38:55 +02:00
Gilles Peskine
9b5d7d7801
Merge pull request #8195 from daverodgman/improve_sslmsg
Improve use of ct interface in mbedtls_ssl_decrypt_buf
2023-09-13 12:32:12 +00:00
Gilles Peskine
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
Accept numericoid hexstring x509
2023-09-13 08:54:33 +00:00
Gilles Peskine
f22999e99f
Merge pull request #8093 from yuhaoth/pr/add-target-architecture-macros
Add architecture detection macros
2023-09-13 08:53:47 +00:00
Dave Rodgman
da0bb9fae8
Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage
Update capitalization of "Mbed" and fix bump_version.sh
2023-09-13 08:41:20 +00:00
Dave Rodgman
7d52f2a0d9 Improve use of ct interface in mbedtls_ssl_decrypt_buf
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-13 09:30:03 +01:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Agathiyan Bragadeesh
a72ea814d8 Remove double blank line in x509_create.c
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-12 17:57:09 +01:00
Agathiyan Bragadeesh
c7959b22c6 Remove magic number in x509.c
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-12 17:56:58 +01:00
Tom Cosgrove
9d8a7d62f5 Use the correct variable when tracking padding length
Fixes an error introduced in a81373f80

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-12 16:01:52 +01:00
Waleed Elmelegy
57d09b72ef Return back to modifying input parameters in pkcs12_parse_pbe_params
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 14:05:10 +01:00
Waleed Elmelegy
a7d206fce6 Check set_padding has been called in mbedtls_cipher_finish
Check set_padding has been called in mbedtls_cipher_finish
in modes that require padding.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 13:39:36 +01:00
Dave Rodgman
bd58944252 Avoid implementation defined behaviour
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-12 12:38:53 +01:00
Dave Rodgman
2b0d53a2a8
Merge pull request #7590 from daverodgman/ct-x86-asm
Constant time asm for x86 and x86-64
2023-09-12 09:58:44 +00:00
Dave Rodgman
50b0a35494 Test INT_MAX rather than UINT_MAX
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-12 09:30:44 +01:00
Dave Rodgman
98926d5fb1 Update comment, and replace bit-twiddling with #error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-12 09:29:33 +01:00
Ronald Cron
ad2f351c6b
Merge pull request #8171 from ronald-cron-arm/misc-minor-fixes
One minor fix
2023-09-12 06:00:48 +00:00
Dave Rodgman
4f26770291 Ensure mbedtls_ct_memcpy behaves correctly with 16-bit int
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 19:10:09 +01:00
Dave Rodgman
dc669a1944 Fix type error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 18:39:57 +01:00
Dave Rodgman
5265c318a0 Fix type-conversion error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 18:04:13 +01:00
Dave Rodgman
49352832c9 Eliminate duplicate of mbedtls_asn1_find_named_data
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 17:10:43 +01:00
Dave Rodgman
33287ae134 Tidy up mbedtls_asn1_write_len
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 17:10:43 +01:00
Dave Rodgman
cf5f746a8c Refactor out some common code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 16:27:34 +01:00
Dave Rodgman
7fda906a68
Merge pull request #8161 from gilles-peskine-arm/config-boolean-options-wrong-section-202309
Fix module configuration options in mbedtls_config.h
2023-09-11 15:08:56 +00:00
Dave Rodgman
3bbedf6ba0 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 16:06:28 +01:00
Dave Rodgman
9f366b07ea Reduce code size in mbedtls_asn1_write_len
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 16:00:03 +01:00
Dave Rodgman
82fe0828b2
Merge pull request #8180 from daverodgman/sha2-zeroize
Ensure all md_<hash>_finish functions perform zeroization
2023-09-11 15:13:27 +01:00
Dave Rodgman
aafd1e0924 Ensure all md_<hash>_finish functions perform zeroization
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 12:59:36 +01:00
Tom Cosgrove
876346e451 Remove always-false null pointer check in sha3.c that Coverity complains about
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-11 09:03:01 +01:00
Dave Rodgman
3f8e483eed Mark y as modified in x86 asm for mbedtls_ct_uint_lt
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-08 17:57:40 +01:00
Dave Rodgman
4a97e73661 Eliminate a redundant not from x86 asm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-08 17:26:18 +01:00
Dave Rodgman
b6b8f6c68d Make variable name consistent in x86_64 asm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-08 17:19:32 +01:00
Dave Rodgman
5f249852a5 Better register allocation for x86_64 asm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-08 17:18:29 +01:00
Dave Rodgman
99f0cdc0e0 Remove not-needed mov in x86_64 asm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-08 17:18:04 +01:00
Waleed Elmelegy
e1cb35b719 Add new mbedtls_pkcs12_pbe_ext function to replace old function
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-08 16:51:26 +01:00
Gilles Peskine
0b62b7a21f Allow turning off re-generation of files with make
In make builds, when GEN_FILES is false (empty), don't try to re-generate
configuration-independent source files, regardless of whether they seem
out of date. This is useful, for example, if you have a source tree where
`make generated_files` has already run and file timestamps reflect the
time the files were copied or extracted, and you are now in an environment
that lacks some of the necessary tools to re-generate the files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-08 16:19:13 +02:00
Gilles Peskine
31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe
Improve & test legacy mbedtls_pkcs12_pbe
2023-09-08 13:08:05 +02:00
Agathiyan Bragadeesh
706a1c3c3f Fix code style
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-08 12:04:41 +01:00
Agathiyan Bragadeesh
c34804dea2 Fix bug with checking max dn length with hexpairs
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-08 11:32:19 +01:00
Ronald Cron
b9c7953442 pkwrite: Fix defined but not used warning
Fix defined but not used warning when
MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_HAVE_RFC8410_CURVES
and MBEDTLS_PK_HAVE_ECC_KEYS are defined but not
MBEDTLS_PEM_WRITE_C.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-09-07 14:20:49 +02:00
Gilles Peskine
58590983c5
Merge pull request #8160 from daverodgman/warn-unreachable
Fix clang warnings about unreachable code
2023-09-06 09:47:03 +00:00
Dave Rodgman
85061b97b5 Improve sanity checking of MBEDTLS_HAVE_INTxx
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-06 08:41:05 +01:00
Dave Rodgman
b7b8c09c81
Update bignum_core.c
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-05 20:35:19 +01:00
Gilles Peskine
ff2558a470 Fix unused variable in some TLS 1.3 builds
Fix unused variable when MBEDTLS_SSL_PROTO_TLS1_3 and
MBEDTLS_SSL_SESSION_TICKETS are enabled but not MBEDTLS_DEBUG_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-05 21:10:39 +02:00
Dave Rodgman
7e1e7be8fc Simplify fixes for unreachable code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-05 18:15:31 +01:00
Dave Rodgman
cfa722324c Fix warnings about unreachable code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-05 16:53:33 +01:00
Dave Rodgman
0364c8a773 Introduce MBEDTLS_IGNORE_UNREACHABLE_BEGIN
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-05 16:20:19 +01:00
Waleed Elmelegy
255db80910 Improve & test legacy mbedtls_pkcs12_pbe
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
2023-09-05 15:45:55 +01:00
Paul Elliott
945d674c8d
Merge pull request #8157 from actonlang/fix-include-psa-utils-internals
Use quotes include of psa_util_internal.h
2023-09-05 12:52:19 +00:00
Tom Cosgrove
8bd8a462d2
Merge pull request #8141 from tom-cosgrove-arm/define-psa-macros-to-1
Define all PSA_xxx macros to 1 rather than have them empty, for consistency
2023-09-04 21:27:01 +00:00
Agathiyan Bragadeesh
fca0861e8e Add asn1 get tag and len to x509 create config
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-04 15:45:37 +01:00
Agathiyan Bragadeesh
86dc08599b Add asn1 write tag and len to x509 use c config
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-04 15:40:41 +01:00
Gilles Peskine
1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun
Add new pkcs5 pbe2 ext fun
2023-09-04 15:33:42 +02:00
Kristian Larsson
a1aeff4124 Use quotes include of psa_util_internal.h
psa_utils_internal.h was broken out of mbedtls/psa_utils.h, which in
some places were included as <mbedtls/psa_utils.h>. But since
psa_utils_internals.h should be internal, we should not rely on the
system include paths. I suspect a regexp replace gone slightly wrong.

Signed-off-by: Kristian Larsson <kristian@spritelink.net>
2023-09-04 10:36:37 +02:00
Dave Rodgman
4f69668558
Merge pull request #8082 from daverodgman/misc-code-size
Misc code size improvements
2023-09-02 11:44:31 +00:00
Dave Rodgman
662c497395
Merge pull request #8144 from daverodgman/zeroize-stronger
Add more protection to mbedtls_platform_zeroize
2023-09-02 10:59:12 +01:00
Dave Rodgman
1dab445804 Update guard for ecp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-02 10:56:44 +01:00
Dave Rodgman
16a76721b6
Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization
Fix TLS pad buffer zeroization
2023-09-01 23:35:23 +00:00
Waleed-Ziad Maamoun-Elmelegy
c5fef82c52 Fix typo in pkcs5.c
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-01 11:45:39 +01:00
Dave Rodgman
fe55320b5c Avoid error from old gcc version
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-01 11:15:28 +01:00
Dave Rodgman
5f6060a1f3 Code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-01 11:00:58 +01:00