Commit graph

29248 commits

Author SHA1 Message Date
Dave Rodgman
ba8e9addd9 Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-01 13:54:46 +00:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00
Paul Elliott
cb88c4945a
Merge pull request #8754 from Redfoxymoon/development
fix build for midipix
2024-02-01 10:01:49 +00:00
Dave Rodgman
6823247376 Fix compile warning in tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-31 15:59:06 +00:00
Ronald Cron
eb84534ee3 Use TEST_EQUAL instead of TEST_ASSERT where possible
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 15:23:38 +01:00
Ronald Cron
5de9c6f295 Fix and add comments in ticket and early data test function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 15:23:33 +01:00
Ronald Cron
095a3a5a29 Fix PSA init and done macros in TLS unit tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 15:02:09 +01:00
Ronald Cron
faf026c67c Explain purpose of test specific write/parse ticket functions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 14:32:11 +01:00
Dave Rodgman
4c92845210
Merge pull request #8767 from daverodgman/sha-glibc-changelog
SHA-256 and 512 support for old libc
2024-01-31 13:21:52 +00:00
Paul Elliott
1ee85b4c61
Merge pull request #8766 from tom-cosgrove-arm/unify-clang-version-checking-in-all.sh
Unify clang version checking in all.sh
2024-01-31 12:51:34 +00:00
Manuel Pégourié-Gonnard
f1562a7217
Merge pull request #8657 from gilles-peskine-arm/pk-psa-bridge-design
PK-PSA bridge design document
2024-01-31 09:51:43 +00:00
Dave Rodgman
dae21d3808 Support SHA-512 hwcap detection on old libc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-30 15:31:42 +00:00
Gilles Peskine
cbb9caead4 Changelog for building SHA-256 and 512 with old libc
Linux/Aarch64: support SHA acceleration detection with older libc

On Linux on aarch64 (64-bit ARMv8) processors, we use getauxval() to detect
whether the runtime environment supports SHA-256 or SHA-512 acceleration.
Some libc do not define the necessary HWCAP_xxx constants to analyze the
result of getauxval(), either because they don't bother or because they're
too old to recognize the values we need (for example, HWCAP_SHA2 appeared in
Glibc 2.24 and HWCAP_SHA512 appeared in Glibc 2.27). In such cases, assume
that the values are the same as in the kernel ABI and define the constants
manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-30 15:25:37 +00:00
Gilles Peskine
36dee75368 Update ECDSA signature conversion based on experimentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 16:15:17 +01:00
Tom Cosgrove
d4c373a597 Refactor all.sh clang version detection code
Prevents a script failure when attempting to run build_aes_armce on a system without clang

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-01-30 13:56:38 +00:00
Tom Cosgrove
9e4eeff6e0 Fix comment about verison of clang required for 'build_aes_armce'
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-01-30 13:51:18 +00:00
Ørjan Malde
2a6cb5c881 fix build for midipix
Signed-off-by: Ørjan Malde <red@foxi.me>
2024-01-30 14:50:23 +01:00
Paul Elliott
47c74a4773
Merge pull request #8741 from Ryan-Everett-arm/add-locking-macros
Add macros for locking/unlocking the key slot mutex
2024-01-26 13:53:38 +00:00
Paul Elliott
12abdde951
Merge pull request #8699 from minosgalanakis/update/rsa_context_in_programs_5014
[MBEDTLS_PRIVATE] Update rsa context in programs 5014
2024-01-26 11:03:43 +00:00
Paul Elliott
c4e911889e
Merge pull request #8751 from trofi/gcc-14-calloc-fix
tests: fix `calloc()` argument list (`gcc-14` fix)
2024-01-26 11:02:53 +00:00
Sergei Trofimovich
da2a33de0f tests: fix calloc() argument list (gcc-14 fix)
`gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It
detected minor infelicity in `calloc()` API usage in `mbedtls`:

    In file included from /build/mbedtls/tests/include/test/ssl_helpers.h:19,
                     from /build/mbedtls/tests/src/test_helpers/ssl_helpers.c:11:
    /build/mbedtls/tests/src/test_helpers/ssl_helpers.c: In function 'mbedtls_test_init_handshake_options':
    /build/mbedtls/tests/include/test/macros.h:128:46:
      error: 'calloc' sizes specified with 'sizeof' in the earlier argument
        and not in the later argument [-Werror=calloc-transposed-args]
      128 |             (pointer) = mbedtls_calloc(sizeof(*(pointer)),  \
          |                                              ^

Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
2024-01-25 21:29:56 +00:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc
Mbedtls 3.5.2rc
2024-01-25 12:22:54 +00:00
Chien Wong
ef56795fd2
Fix 1 forgotten separate input/output buffer
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-25 19:22:50 +08:00
Chien Wong
92c17c456c
Use separate input/output buffer. Explain why error is expected
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-25 19:11:03 +08:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen
Improve codegen of unaligned access for IAR and gcc
2024-01-25 08:31:45 +00:00
Ryan Everett
3877d4858b Refactor macros
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-24 13:26:26 +00:00
Chien Wong
99ff1f505b
Add test cases on GCM AD, input, IV length
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-24 20:52:27 +08:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Dave Rodgman
daca7a3979 Update BRANCHES.md
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-24 09:49:11 +00:00
Ryan Everett
cb05ce30e9 Minor fixes to locking macros
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 19:25:10 +00:00
Ryan Everett
90afb132e0 Add ..._GOTO_EXIT macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:34:55 +00:00
Ryan Everett
d6d6a76e46 Add ..._GOTO_RETURN macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:32:42 +00:00
Chien Wong
019c2a7817
Handle sizeof(size_t) > sizeof(uint64_t)
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-23 21:38:06 +08:00
Janos Follath
aa3fa98bc4
Merge pull request #8726 from v1gnesh/patch-1
Update entropy_poll.c to allow build in z/OS
2024-01-23 12:43:18 +00:00
Dave Rodgman
c64280a2d7 Fix comment typo
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 10:05:08 +00:00
v1gnesh
468c02cf61
Update ChangeLog.d/8726.txt
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
2024-01-23 15:29:40 +05:30
Dave Rodgman
00b530e395 Limit compiler hint to compilers that are known to benefit from it
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 09:41:34 +00:00
Dave Rodgman
e23d6479cc Bump version
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Dave Rodgman
6ba416968b Assemble Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:40:12 +00:00
Janos Follath
0d57f1034e Update Marvin fix Changelog entry
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:58 +00:00
Janos Follath
393df9c995 Add warning for PKCS 1.5 decryption
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
16ab76bbe7 Fix typo
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
b4b8f3df3b RSA: improve readability
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
47ee770812 RSA: remove unneeded temporaries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
e6750b2a0b RSA: document Montgomery trick in unblind
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
a62a554071 Fix style
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
100dcddfca Make local function static
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
a865fc951e Add Changelog for the Marvin attack fix
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
6bcbc925bf Extend blinding to RSA result check
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
d6b096532c Make RSA unblinding constant flow
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00