yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
26929 commits 1 branch 0 tags 94 MiB
Commit graph

26929 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine
4843278237 Allow "Mbed TLS" as the project name in Doxygen 
Previously the code only recognized the old spelling "mbed TLS", so it
missed doxygen/input/doc_mainpage.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-12 19:16:17 +02:00
Dave Rodgman
2b0d53a2a8
Merge pull request #7590 from daverodgman/ct-x86-asm 
Constant time asm for x86 and x86-64
 2023-09-12 09:58:44 +00:00
Ronald Cron
9b9ac4c6ef
Merge pull request #8175 from ronald-cron-arm/fix-query-config-generation-with-cmake 
Fix query_config.c generation with CMake build system
 2023-09-12 06:03:01 +00:00
Ronald Cron
ad2f351c6b
Merge pull request #8171 from ronald-cron-arm/misc-minor-fixes 
One minor fix
 2023-09-12 06:00:48 +00:00
Dave Rodgman
7fda906a68
Merge pull request #8161 from gilles-peskine-arm/config-boolean-options-wrong-section-202309 
Fix module configuration options in mbedtls_config.h
 2023-09-11 15:08:56 +00:00
Dave Rodgman
82fe0828b2
Merge pull request #8180 from daverodgman/sha2-zeroize 
Ensure all md_<hash>_finish functions perform zeroization
 2023-09-11 15:13:27 +01:00
Dave Rodgman
aafd1e0924 Ensure all md_<hash>_finish functions perform zeroization 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-11 12:59:36 +01:00
Paul Elliott
ce1bb3d1da
Merge pull request #8178 from tom-cosgrove-arm/remove-tautological-null-pointer-check-sha3_c 
Remove always-false null pointer check in sha3.c that Coverity complains about
 2023-09-11 10:54:36 +00:00
Tom Cosgrove
876346e451 Remove always-false null pointer check in sha3.c that Coverity complains about 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-11 09:03:01 +01:00
Dave Rodgman
3f8e483eed Mark y as modified in x86 asm for mbedtls_ct_uint_lt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 17:57:40 +01:00
Dave Rodgman
4a97e73661 Eliminate a redundant not from x86 asm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 17:26:18 +01:00
Dave Rodgman
b6b8f6c68d Make variable name consistent in x86_64 asm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 17:19:32 +01:00
Dave Rodgman
5f249852a5 Better register allocation for x86_64 asm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 17:18:29 +01:00
Dave Rodgman
99f0cdc0e0 Remove not-needed mov in x86_64 asm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 17:18:04 +01:00
Ronald Cron
d7a983a0d8 Fix generate_query_config.pl usage 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-09-08 10:53:35 +02:00
Ronald Cron
eab2055bde Fix query_config.c generation with CMake build system 
In case of an out-of-tree build with the CMake build
system the path to crypto_config.h has to be defined
as the path to mbedtls_config.h. Add this possibility
tp generate_query_config.pl.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-09-08 10:23:25 +02:00
Ronald Cron
33fbd373be
Merge pull request #8174 from Mbed-TLS/fix-pkwrite-test-dependencies 
Fix incorrect dependencies in pkwrite tests
 2023-09-08 08:16:52 +02:00
David Horstmann
8ece2e9712 Fix incorrect test dependencies in pkwrite tests 
These should rely in MBEDTLS_PEM_{PARSE,WRITE}_C where applicable, not
MBEDTLS_BASE64_C.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-07 17:43:12 +01:00
Gilles Peskine
86733834bc Modernize documentation of MBEDTLS_PLATFORM_ZEROIZE_ALT 
The documentation was not updated when we started detecting memset_s() and
such.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-07 17:29:15 +02:00
Ronald Cron
d3d566f1d8 PSA config: Add comment about HKDF 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-09-07 15:25:53 +02:00
Ronald Cron
b9c7953442 pkwrite: Fix defined but not used warning 
Fix defined but not used warning when
MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_HAVE_RFC8410_CURVES
and MBEDTLS_PK_HAVE_ECC_KEYS are defined but not
MBEDTLS_PEM_WRITE_C.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-09-07 14:20:49 +02:00
Gilles Peskine
58590983c5
Merge pull request #8160 from daverodgman/warn-unreachable 
Fix clang warnings about unreachable code
 2023-09-06 09:47:03 +00:00
Gilles Peskine
d1ce030de2
Merge pull request #8159 from gilles-peskine-arm/split-config_psa-split 
Split out configuration adjustments from build_info.h and config_psa.h
 2023-09-06 09:04:19 +00:00
Dave Rodgman
85061b97b5 Improve sanity checking of MBEDTLS_HAVE_INTxx 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-06 08:41:05 +01:00
Dave Rodgman
b7b8c09c81
Update bignum_core.c 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 20:35:19 +01:00
Gilles Peskine
f9e4caf388 Comment out default definition 
This is not required (it's ok to define the default in mbedtls_config and
skip the definition in rsa.h), but comment it out for uniformity with all
the other options in this section.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 21:11:27 +02:00
Gilles Peskine
ff2558a470 Fix unused variable in some TLS 1.3 builds 
Fix unused variable when MBEDTLS_SSL_PROTO_TLS1_3 and
MBEDTLS_SSL_SESSION_TICKETS are enabled but not MBEDTLS_DEBUG_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 21:10:39 +02:00
Gilles Peskine
d65ea42262 Fix some TLS 1.3 settings that were required in mbedtls_config.h 
Mbed TLS can be configured by writing a configuration file from scratch,
without copying mbedtls_config.h. As a consequence, all the macro
definitions in mbedtls_config.h must be optional. This was not the case for
some MBEDTLS_SSL_TLS1_3_xxx macros with numerical values related to session
tickets. Fix that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 21:10:35 +02:00
Gilles Peskine
da69eaa366 TLS 1.3 support is mostly complete 
In particular, pre-shared keys are supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 20:54:17 +02:00
Gilles Peskine
a8861e086e Fix boolean options in the wrong section 
Boolean options that modify the behavior of a module are supposed to be in
the "feature support" section, not in the "configuration options" support:
that section is documented to contain commented-out definitions with a
value, for which the comment contains the default version. In particular,
merely uncommenting a definition in the "configuration options" section is
not supposed to change anything.

Move the offending boolean options to the proper section.

This causes those options to be enabled by `config.py full` unless
explicitly excluded. For all the offending options, this is undesirable, so
make sure those options are indeed excluded.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 20:20:51 +02:00
Dave Rodgman
7e1e7be8fc Simplify fixes for unreachable code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 18:15:31 +01:00
Dave Rodgman
cfa722324c Fix warnings about unreachable code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 16:53:33 +01:00
Dave Rodgman
0364c8a773 Introduce MBEDTLS_IGNORE_UNREACHABLE_BEGIN 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 16:20:19 +01:00
Paul Elliott
945d674c8d
Merge pull request #8157 from actonlang/fix-include-psa-utils-internals 
Use quotes include of psa_util_internal.h
 2023-09-05 12:52:19 +00:00
Gilles Peskine
edc237938a Split build_info.h: create and populate mbedtls/config_adjust_ssl.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine
dc720b0a70 Split build_info.h: create mbedtls/config_adjust_x509.h 
There isn't anything to put in this file. Create it anyway for consistency
with crypto and TLS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine
9d6a63b4fb Split build_info.h: create and populate mbedtls/config_adjust_legacy_crypto.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine
4fb1542354 Split config_psa.h: create and populate mbedtls/config_adjust_legacy_from_psa.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:08 +02:00
Gilles Peskine
10c6f07963 Split config_psa.h: create and populate mbedtls/config_adjust_psa_from_legacy.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:02:13 +02:00
Gilles Peskine
eca0178cfa Split config_psa.h: create and populate mbedtls/config_adjust_psa_superset_legacy.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine
5823977981 Split config_psa.h: create and populate psa/crypto_adjust_auto_enabled.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine
7b7d903cac Split config_psa.h: create and populate psa/crypto_adjust_config_synonyms.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine
b9664ee676 Don't include configuration adjustment headers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Tom Cosgrove
8bd8a462d2
Merge pull request #8141 from tom-cosgrove-arm/define-psa-macros-to-1 
Define all PSA_xxx macros to 1 rather than have them empty, for consistency
 2023-09-04 21:27:01 +00:00
Kristian Larsson
a1aeff4124 Use quotes include of psa_util_internal.h 
psa_utils_internal.h was broken out of mbedtls/psa_utils.h, which in
some places were included as <mbedtls/psa_utils.h>. But since
psa_utils_internals.h should be internal, we should not rely on the
system include paths. I suspect a regexp replace gone slightly wrong.

Signed-off-by: Kristian Larsson <kristian@spritelink.net>
 2023-09-04 10:36:37 +02:00
Dave Rodgman
8595984d72
Merge pull request #8143 from tom-cosgrove-arm/check-mbedtls_platform_zeroize-calls 
Check mbedtls_platform_zeroize() calls
 2023-09-03 11:22:06 +00:00
Tom Cosgrove
b2fafa5a49 config-wrapper-zeroize-memset.h should be user-config-zeroize-memset.h and not include mbedtls_config.h 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
d9572c0270 Move the description of MBEDTLS_TEST_DEFINES_ZEROIZE to before its use 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
7eced7d1d2 Move zeroize-as-memset into a config file under tests/ 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
daddf11a30 Add a build to all.sh to check mbedtls_platform_zeroize() calls 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00