mbedtls

Author	SHA1	Message	Date
Bence Szépkúti	51328162e6	Merge pull request #8374 from sergio-nsk/sergio-nsk/8372/2 Fix compiling AESNI in Mbed-TLS with clang on Windows	2023-10-26 21:21:01 +00:00
Dave Rodgman	2db1e354e3	Merge pull request #8408 from daverodgman/iar-fix-aes Fix MBEDTLS_MAYBE_UNUSED for IAR	2023-10-26 15:53:11 +00:00
Gilles Peskine	b3d0ed2e6e	Merge pull request #8303 from valeriosetti/issue6316 Add test component with all ciphers and AEADs accelerated only	2023-10-26 15:53:10 +00:00
Tom Cosgrove	257f6dd57d	Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME Fixes #8422 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-10-26 14:04:34 +01:00
Ronald Cron	95b735530c	Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello TLS 1.3: EarlyData SRV: Add early data extension parser.	2023-10-26 08:31:53 +00:00
Valerio Setti	bbc46b4cc2	cipher: improve code readibility in mbedtls_cipher_setup() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-26 09:00:21 +02:00
Dave Rodgman	6e51abf11d	Merge remote-tracking branch 'origin/development' into msft-aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 15:17:11 +01:00
Dave Rodgman	d1c4fb07ee	Support older IAR versions Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 15:07:35 +01:00
Valerio Setti	79a02de79f	cipher: check that ctx_alloc_func is not NULL before calling it Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-25 12:03:36 +02:00
Valerio Setti	a6c0761c43	cipher_wrap: fix guards for GCM/CCM AES Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-25 12:03:36 +02:00
Valerio Setti	e86677d0c3	pkparse: fix missing guards for pkcs5/12 functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-25 12:03:36 +02:00
Dave Rodgman	5e41937eba	Remove dependency on asm/hwcap.h Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	9fd1b526c3	Use MBEDTLS_ARCH_IS_ARMV8_A not MBEDTLS_ARCH_IS_ARMV8 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	cb5c9fb0c2	Add volatile to prevent asm being optimised out Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	b34fe8b88b	Fix #error typo Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	90291dfe33	Share some definitions that are common for clang and GCC 5 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	46267f6a2d	Tidy-up: move GCM code into one place Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	f4ee5d4c94	Code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	2c25bdb7cf	Don't use #ifdef on vreinterpretq_xxx Co-authored-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	f60e44d063	Add link to ACLE docs in comment Co-authored-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	48b965d941	Update clang version requirements Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	472a1906d5	fix tabs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	4b8e8dc043	Improve compiler version checking + docs + testing for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	ece803b0ae	Fix behaviour for Armv8 targets without Neon Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	851cf5a325	Fix runtime detection on A32/T32 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	27e3c87fc1	Suppport AESCE on A32 and T32 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:22 +01:00
Dave Rodgman	d69d3cda34	Merge pull request #8298 from daverodgman/sha-armce-thumb2 Support SHA256 acceleration on Armv8 thumb2 and arm	2023-10-24 21:23:15 +00:00
Dave Rodgman	f842868dd9	Fix MBEDTLS_MAYBE_UNUSED for IAR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-24 14:18:38 +01:00
Pengyu Lv	7b711710b2	Add check_ticket_flags helper function Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-24 17:07:14 +08:00
Dave Rodgman	514590210b	Merge remote-tracking branch 'origin/development' into sha-armce-thumb2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-23 15:35:07 +01:00
Dave Rodgman	66d5512571	Remove dependency on asm/hwcap.h Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-23 15:12:32 +01:00
Dave Rodgman	bcb810252c	Merge pull request #8363 from daverodgman/iar-fixes-2 Stop IAR warning about goto skipping variable definition	2023-10-23 14:59:15 +01:00
Tom Cosgrove	235e361b6c	Merge pull request #8339 from lpy4105/issue/support-cpuid-for-win32 Support cpuid for win32	2023-10-23 10:43:39 +00:00
Manuel Pégourié-Gonnard	2bf0870e25	Merge pull request #7861 from mpg/cleanup-pk-parse cleanup PK parse - part 1	2023-10-23 08:49:16 +00:00
Matthias Schulz	edc32eaf1a	Uncrustified Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-19 16:09:08 +02:00
Sergey Markelov	3898f10fed	Fix #8372 - Error compiling AESNI in Mbed-TLS with clang on Windows It can successfully compile w/ the clang options -maes -mpclmul. Signed-off-by: Sergey Markelov <sergey@solidstatenetworks.com>	2023-10-18 20:24:39 -07:00
Gilles Peskine	6407f8fc54	Merge pull request #8322 from valeriosetti/issue8257 Improve location of MD_CAN macros	2023-10-18 14:31:28 +00:00
Matthias Schulz	ab4082290e	Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-18 13:20:59 +02:00
Gilles Peskine	f6f4695824	Merge pull request #8320 from valeriosetti/issue8263 Fix dependencies of mbedtls_pk_ec_ro and mbedtls_pk_ec_rw	2023-10-18 10:03:46 +00:00
Pengyu Lv	ed5e4e86a5	Merge branch 'development' into issue/6935/ticket_flags-kex-mode-determination	2023-10-18 18:03:07 +08:00
Jerry Yu	b47b2990d6	fix various issues - fix wrong typo - remove redundant check - remove psk mode tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-18 15:50:35 +08:00
Manuel Pégourié-Gonnard	c6d633ffbc	Merge pull request #8297 from valeriosetti/issue8064 Change accel_aead component to full config	2023-10-18 07:15:59 +00:00
Matthias Schulz	873a202d18	Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-17 16:02:20 +02:00
Matthias Schulz	cc923f307e	Added missing like between variables and function body. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-17 12:36:56 +02:00
Matthias Schulz	adb3cc4d43	Fixes #8377 . Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-17 11:57:10 +02:00
Valerio Setti	2f00b7a5da	cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard	745ec5d75e	Fix static initializer warning In a hypothetical build with no curves, or in the future when we add a new curve type and possibly forget updating this function with a new block for the new type, we write to `ret` at the beginning or the function then immediately overwrite it with MPI_CHK(check_privkey), which static analyzers understandably find questionable. Use `ret` here and check the key only if it was actually set. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-17 10:13:45 +02:00
Yanray Wang	4b6595aa83	Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only	2023-10-17 11:13:00 +08:00
Dave Rodgman	2fde39a22c	Merge pull request #8283 from daverodgman/more-aes-checks More AES guards testing and some fixes	2023-10-16 18:22:51 +00:00
Valerio Setti	9fc1f24331	md: restore md.h includes in source files directly using its elements Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 14:39:38 +02:00
Valerio Setti	74cb404b0d	ssl: improve ssl_check_key_curve() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 13:40:50 +02:00
Yanray Wang	aa01ee303a	Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only	2023-10-16 17:38:32 +08:00
Valerio Setti	dcee98730b	cipher_wrap: add VIA_LEGACY_OR_USE_PSA to new internal symbols Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 11:35:57 +02:00
Valerio Setti	596ef6c0b1	cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 11:26:08 +02:00
Valerio Setti	0521633559	cipher: fix guards in mbedtls_cipher_auth_[encrypt/decrypt]_ext() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 11:22:21 +02:00
Manuel Pégourié-Gonnard	52e9548c22	Fix check for format supported by PSA For non-Weierstrass curves there's only one format and it's supported. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	f1b7633443	Use clearer function name I went for "may be" as I was thinking just checking the tag technically does not guarantee that what follows is correct, but I was wrong: according to ASN.1, when there are variants, the tag does distinguish unambiguously between variants, so we can be more positive here. (Whether the thing inside that variant is correct is a different question.) As a welcome side effect, this makes the name more standard hence more readable. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	842ffc5085	Make code more robust Using return here is only correct if we know that group_load() is atomic (either succeeds, or allocates no ressources). I'm not sure it is, and even if it were, goto exit is more obviously correct, so let's use that. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	94cf1f82ad	Fix a typo in a comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	564bc1bb96	Fix limitation in checking supported alg in pk_sign The recent changes in pkparse made it so ECDSA (deterministic or not) is set as the secondary alg and ECDH the first one. This broke the wrapper in pk_wrap as it was only checking the first alg when deciding whether to use deterministic or not. The wrapper should not have unnecessary requirements on how algs are set up, so make the check more flexible. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	53d3e40a21	Fix unused warnings in dummy definition Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	12ea63a5f7	Abstract away MBEDTLS_PK_PARSE_EC_EXTENDED Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	fac9819edc	Fix and document return of pk_ecc_set_pubkey() One of the calling site needs to distinguish between "the format is potentially valid but not supported" vs "other errors", and it uses MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for that. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	ff72ea9d51	Rework pk_ecc_set_pubkey() - Fix the logic around format: we were just assuming that if the format was not compressed, it was uncompressed, but it could also have been just invalid. - Remove redundant length check: the fallback does its own checks. - Remove set_algorithm() that's not needed and introduced a depencency on ECDSA. - Some style / naming / scope reduction. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	e4c883bc8c	New signature for pk_ecc_set_pubkey() Also new name, for consistency, and documentation. The signature *p, end is mostly for parsing functions that may not consume everything, and need to update the "current" pointer to reflect what has been consumed. This is not the case here. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	681e30b727	Rework pk_ecc_set_pubkey_psa_ecp_fallback() - new semantic: sets the pubkey directly in the PK context - new name to reflect that semantic and obey the naming scheme - trivial case first - documentation and better parameter names Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	0b8e45650f	Tune body of pk_ecc_set_pubkey_from_prv() - avoid useless use of ret in PSA code, keep only status - improve variable names - keep declarations closer to use - a few internal comments Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	de25194a20	Rename and document pk_ecc_set_pubkey_from_prv() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	d1aa642394	Document pk_ecc_set_group() and pk_ecc_set_key() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	5470898e37	Move code around again Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	997a95e592	Merge two consecutive #ifs Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	212517b87d	Start re-ordering functions in pkparse The general order is low-level first, top-level last, for the sake of static function and avoiding forward declarations. The obvious exception was functions that parse files that were at the beginning; move them to the end. Also start defining sections in the file; this is incomplete as I don't have a clear view of the beginning of the file yet. Will continue in further commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	df151bbc37	Minor improvements to pk_ecc_read_compressed() - new name starting with pk_ecc for consistency - re-order params to match the PSA convention: buf, len, &size - add comment about input consumption Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	e82fcd9c9e	Avoid nested #ifs in body of pk_get_ecpubkey() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	116175c5d7	Use helper macro for (deterministic) ECDSA - centralizes decision making about which version to use when - avoids nested #ifs in pk_ecc_set_key() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Dave Rodgman	0a48717b83	Simplify Windows-on-Arm macros Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	c5cc727dd0	Use new MBEDTLS_ARCH_IS_xxx macros Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	a0f10da9d2	Use MBEDTLS_HAVE_NEON_INTRINSICS instead of __ARM_NEON Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	4ffd7c7614	Introduce MBEDTLS_HAVE_NEON_INTRINSICS and simplify NEON header inclusion Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	be09286666	Enable 8-byte fastpath in mbedtls_xor on ARM64 and ARM64EC Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	ad71b6a834	Support ARM64EC in the same way as ARM64 in sha256 and sha512 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	78fc0bd1db	Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS on Windows-on-Arm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Manuel Pégourié-Gonnard	dcd98fffab	Factor similar code into pk_ecc_set_key() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard	6db11d5068	Group two versions of the same code Just moving code around. The two blocks do morally the same thing: load the key, and grouping them makes the #if #else structure clearer. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard	d5b4372012	Slightly simplify pk_derive_public_key() - add a comment explain potentially surprising parameters - avoid nesting #if guards: I find the linear structure #if #elif #else makes the three cases clearer. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard	2585852231	Factor common code into a function There were two places that were calling either pk_update_ecparams() or mbedtls_ecp_group_load() depending on the same guard. Factor this into a single function, that works in both configs, so that callers don't have to worry about guards. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard	5fcbe4c1f8	Further rationalize includes - only include psa_util when we use PSA Crypto - re-order includes Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard	da88c380bd	Minimize key-type-related includes - we don't use any ECDSA function here - we only need to include ecp.h when supporting ECC keys Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard	4b0e8f0e2c	Remove redundant include It's also included later, guarded by support for ECC keys, and actually that's the only case where we need it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:25:44 +02:00
Valerio Setti	5f5573fa90	cipher: reintroduce symbol for legacy AEAD support Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-13 17:29:27 +02:00
Dave Rodgman	515af1d80d	Stop IAR warning about goto skipping variable definition Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-13 16:03:25 +01:00
Bence Szépkúti	195411bb17	Merge pull request #8062 from yanrayw/save_stack_usage_pkwrite pkwrite: use heap to save stack usage for writing keys in PEM string	2023-10-13 14:27:13 +00:00
Dave Rodgman	2457bcd26c	Tidy up logic for MBEDTLS_MAYBE_UNUSED Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-13 12:31:45 +01:00
Gilles Peskine	97a6231b5c	Revert "Fix a few IAR warnings"	2023-10-13 11:39:53 +02:00
Dave Rodgman	2d67e3a07b	Merge pull request #8352 from daverodgman/iar-fixes Fix a few IAR warnings	2023-10-13 09:20:28 +01:00
Tom Cosgrove	71f2e398bd	Merge pull request #8345 from mcagriaksoy/branch_issue_8344 Add missing casting size_t to int on ssl_tls13_keys.c	2023-10-12 18:39:33 +00:00
Dave Rodgman	584c8108b3	Use a block to save 12b Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-12 16:55:23 +01:00
Dave Rodgman	351a81c65d	Keep initialisation of p in its original location Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-12 16:36:05 +01:00
Dave Rodgman	bcb1818e19	Fix IAR 'transfer of control bypasses initialization' warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-12 16:23:11 +01:00
Dave Rodgman	4b779bef9e	Merge branch 'development' into more-aes-checks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-12 16:17:10 +01:00
Dave Rodgman	54bb76e106	Merge pull request #8348 from kasjer/kasjer/aes-rcon-rename Rename local variable in aes.c	2023-10-12 12:30:35 +00:00
Valerio Setti	db1ca8fc33	cipher: keep MBEDTLS_CIPHER_HAVE symbols private This commit also improve the usage of these new symbols in cipher_wrap code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:54 +02:00
Valerio Setti	e570704f1f	ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:37 +02:00
Dave Rodgman	4fd868e4b1	Refer to Armv8-A (not Armv8) in comments Co-authored-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-12 09:09:42 +01:00
Jerry Yu	ab0da370a4	Add early data status update Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:02:01 +08:00
Jerry Yu	1eb0bd557d	Add not-received status Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:02:01 +08:00
Jerry Yu	33bf240e53	Add max_early_data_size into copy list Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:00:26 +08:00
Jerry Yu	02e3a074a3	Add max_early_data_size into ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:00:26 +08:00
Jerzy Kasenberg	ee62fceade	Rename local variable in aes.c This changes local variable name RCON to round_constants. RCON being definition in xc32 compiler headers for some PIC32 register. Without this change, mynewt project for PIC32 platform fails to build due to macro redefinition. This does not changes behavior of library in any way. Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>	2023-10-11 16:36:24 +02:00
Mehmet Cagri Aksoy	56e9011bde	Add casting size_t to int Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>	2023-10-11 15:28:06 +02:00
Mehmet Cagri Aksoy	66f9b3f810	Add casting size_t to int Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>	2023-10-11 15:26:23 +02:00
Dave Rodgman	b0d9830373	Merge branch 'development' into sha-armce-thumb2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-11 13:53:41 +01:00
Valerio Setti	02a634decd	md: remove unnecessary inclusions of mbedtls/md.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:15:58 +02:00
Valerio Setti	4d0e84628c	ssl: reorganize guards surrounding ssl_get_ecdh_params_from_cert() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:15:29 +02:00
Valerio Setti	d4a10cebe4	cipher/tls: use new symbols for guarding AEAD code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Dave Rodgman	be7915aa6c	Revert renaming of SHA512 options Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-11 10:59:05 +01:00
Ronald Cron	a89d2ba132	Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name Adapt to new PSA Crypto repo name	2023-10-11 06:45:30 +00:00
Pengyu Lv	0ecb635ca5	aesni: select `__cpuid` impl based on compiler type MinGW provides both kinds of implementations of `__cpuid`, but since `cpuid.h` is provided by GNUC, so we should choose the implementation by the compiler type instead of OS type. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-11 11:09:58 +08:00
Dave Rodgman	5b89c55bb8	Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:57 +01:00
Dave Rodgman	fe9fda81aa	Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:56 +01:00
Dave Rodgman	5d4ef83e01	Fix hwcap detection on 32-bit Arm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 13:04:07 +01:00
Dave Rodgman	94a634db96	Rename A64 config options Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 12:59:29 +01:00
Pengyu Lv	e8c4bf180b	aesni: declare cpuinfo as int Change the type of array that stores the cpuinfo data to int[4] to match the signature of `__cpuinfo` in `intrin.h` header file. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-10 18:12:43 +08:00
Pengyu Lv	308cb232bf	aesni: support cpuid on WIN32 `__cpuid` has two kinds of signatures in different headers depending on the target OS. We make it consistent between the usages ang the included header. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-10 17:56:12 +08:00
Dave Rodgman	78d78462ac	Make asm without side-effects not optimisable-out Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 09:53:44 +01:00
Ronald Cron	7871cb14a7	Include psa/build_info.h instead of mbedtls/build_info.h In PSA headers include psa/build_info.h instead of mbedtls/build_info.h. In Mbed TLS, both are equivalent but not in TF-PSA-Crypto where psa/build_info.h is the correct one. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-10-10 09:35:22 +02:00
Dave Rodgman	e7ebec6723	Merge pull request #8281 from daverodgman/fix-hwonly-warnings Improve AES hardware-only check	2023-10-09 11:25:50 +00:00
Dave Rodgman	8ba9f42acd	Fix arch detection for auto setting of clang flags Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-08 10:46:25 +01:00
Dave Rodgman	866b3a1886	Merge pull request #8323 from tom-daubney-arm/fix_mbedtls_styling_docs Correct styling of Mbed TLS in documentation	2023-10-06 19:10:10 +00:00
Thomas Daubney	540324cd21	Correct styling of Mbed TLS in documentation Several bits of documentation were incorrectly styling Mbed TLS as MbedTLS. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2023-10-06 17:07:24 +01:00
Paul Elliott	3677352631	Merge pull request #8308 from valeriosetti/issue8052 PKCS12: use one-shot API	2023-10-06 15:39:31 +00:00
Dave Rodgman	8e00fe0cd8	Merge pull request #8309 from daverodgman/iar-warnings2 Fix IAR warnings	2023-10-06 13:24:12 +00:00
Valerio Setti	e7cefae5f4	ssl: fix getting group id in ssl_check_key_curve() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-06 13:19:48 +02:00
Valerio Setti	d3925d25ec	pk_internal: change guards for mbedtls_pk_ec_[ro/rw] Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-06 13:13:19 +02:00
Valerio Setti	f484884fba	pkcs12: use mbedtls_cipher_crypt() instead of explicitly defining all steps Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-06 11:25:08 +02:00
Dave Rodgman	2eab462a8c	Fix IAR warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 13:30:37 +01:00
Dave Rodgman	9a36f4cb97	Fix cast errors on IAR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 11:25:52 +01:00
Dave Rodgman	790370b392	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 11:02:23 +01:00
Dave Rodgman	3ba9ce3c1d	Warn if using runtime detection and no Neon Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 09:58:33 +01:00
Dave Rodgman	7ed619d3fa	Enable run-time detection for Thumb and Arm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 09:39:56 +01:00
Dave Rodgman	9bf752c45d	Support MSVS with clang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 08:20:44 +01:00
Minos Galanakis	4855fdf887	Revert "Auto-generated files for v3.5.0" This reverts commit `591416f32b`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-05 00:17:21 +01:00
Dave Rodgman	749f2227c6	Get MBEDTLS_MAYBE_UNUSED to cover more compilers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 22:12:33 +01:00
Dave Rodgman	04d0d06e83	Code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 18:05:08 +01:00
Dave Rodgman	ebe4292a9c	Improve behaviour on gcc targetting arm or thumb Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 17:36:44 +01:00
Dave Rodgman	793e264fbb	Fix indentation Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 17:36:20 +01:00
Minos Galanakis	e35e387ad7	Bump library so-crypto, so-x509, so-tls versions. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-04 16:17:46 +01:00
Minos Galanakis	8f4c19a680	Merge pull request #8273 from davidhorstmann-arm:target-prefix-3rdparty Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake	2023-10-04 16:03:22 +01:00
Dave Rodgman	feadcaf4a6	Support MBEDTLS_MAYBE_UNUSED in MSVC and IAR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 15:27:33 +01:00
Dave Rodgman	18ddf61a75	Use MBEDTLS_MAYBE_UNUSED to simplify aes.c and let compiler remove unused variables Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 14:03:12 +01:00
Dave Rodgman	1ec1a0f0cc	Introduce MBEDTLS_MAYBE_UNUSED Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 13:50:54 +01:00
Minos Galanakis	591416f32b	Auto-generated files for v3.5.0 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-04 00:55:02 +01:00
Minos Galanakis	31ca313efa	Bump version to 3.5.0 ``` ./scripts/bump_version.sh --version 3.5.0 ``` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-03 22:02:18 +01:00
Minos Galanakis	1a3ad265cc	Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-03 21:57:51 +01:00
Dave Rodgman	cc5bf4946f	Make SHA256 depend on Armv8, not aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-03 18:02:56 +01:00
Gilles Peskine	3713bee34c	Remove leftover local debug line Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 18:43:18 +02:00
Gilles Peskine	7910cdd47f	Avoid compiler warning about size comparison GCC warns about comparing uint8_t to a size that may be >255. Strangely, casting the uint8_t to a size_t in the comparison expression doesn't avoid the warning. So change the type of the variable. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 16:11:05 +02:00
Gilles Peskine	530c423ad2	Improve some debug messages and error codes On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a crypto error code. On error paths, emit a level-1 debug message. Report the offending sizes. Downgrade an informational message's level to 3. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:42:11 +02:00
Gilles Peskine	c29df535ee	Improve robustness of ECDH public key length validation In client-side code with MBEDTLS_USE_PSA_CRYPTO, use the buffer size to validate what is written in handshake->xxdh_psa_peerkey. The previous code was correct, but a little fragile to misconfiguration or maintenance. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:02:39 +02:00
Gilles Peskine	c8df898204	Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH or ECDHE key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:02:33 +02:00
Gilles Peskine	12c5aaae57	Fix buffer overflow in TLS 1.3 ECDH public key parsing Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The length of the public key in an ECDH- or FFDH-based key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:02:10 +02:00
Dave Rodgman	a06d45ec4a	Code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-29 18:59:34 +01:00
Dave Rodgman	450c1ff353	Fix some more incorrect guards in aes.c Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-29 16:23:37 +01:00
Gilles Peskine	16e9256fe8	Merge pull request #8272 from daverodgman/iar-warnings Fix IAR warnings	2023-09-29 13:11:03 +00:00
Dave Rodgman	e81a632257	Restore missing #if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-29 13:54:27 +01:00
Dave Rodgman	782df03553	Improve AES hardware-only check Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-29 13:04:36 +01:00
David Horstmann	de527fbfe0	Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake MBEDTLS_TARGET_PREFIX is prepended to the CMake targets for Mbed TLS except for targets in 3rdparty. Change this so that 3rdparty targets use the prefix as well. This allows multiple copies of Mbed TLS to be used in the same CMake tree when using code in the 3rdparty directory. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-09-28 18:39:33 +01:00
Dave Rodgman	90330a4a2d	Fix IAR control bypasses initialisation warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-28 18:13:46 +01:00
Dave Rodgman	02a53d7bef	Fix IAR pointless integer comparison Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-28 17:19:50 +01:00
Dave Rodgman	7e9af05409	Fix IAR control bypasses initialisation warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-28 17:08:49 +01:00
Dave Rodgman	73d8591f7f	Fix IAR change of sign warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-28 17:00:50 +01:00
Gilles Peskine	42f8d5f0c9	Merge pull request #8261 from Mbed-TLS/fix-cmake-header-include Add CMake include path for generated header	2023-09-28 15:16:15 +00:00
Manuel Pégourié-Gonnard	f07ce3b8ff	Don't extend support for deprecated functions Restore guards from the previous release, instead of the new, more permissive guards. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:51:51 +02:00
Dave Rodgman	0fc86b2ddf	Merge pull request #8075 from valeriosetti/issue8016 driver-only ECC: curve acceleration macros	2023-09-27 14:39:02 +00:00
David Horstmann	b7b4f23c38	Add CMake include path for generated header Now that we are generating psa_crypto_driver_wrappers.h, we need to pass build/library as an include directory. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-09-27 14:05:32 +01:00
Xiaokang Qian	e9dc63e069	No need to include the 3rd party entry point head file Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	b909aeafa3	Remove useless spaces in Makefile Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	0e5b53c7e4	Move the dependency adjacent to the generated file Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	1b61d6e13f	Change include guards of psa_crypto_driver_wrappers_no_static.h Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	845693c513	Change comments to psa_crypto_driver_wrappers.h Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	fe9666b8c0	Change the extension type of the file psa_crypto_driver_wrapper Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	54a4fdfe91	Automaticly generate psa_crypto_driver_wrappers_no_static.c Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	97d1ccb781	Dont't generate object file for file only include static functions Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	42266dd670	Revert the Makefile to remove the dependency of generate_files Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	9345b2e98f	Move functions out of the static file Move get_key_buf_size/get_builtin_key out of the psa wrapper auto generated file Slot_management.c include the head file instead of the source file Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	cad99fa998	Change code style Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	e9c39c42fd	Enable build of non-static psa wrapper functions Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	e518eeada9	Move function psa_driver_wrapper_export_public_key out of auto-generated Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	5db65c72ec	Remove static inline functions declare and make it only in c file Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:06 +00:00
Xiaokang Qian	077ffc0991	Ensure build of P256 pass Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:06 +00:00
Xiaokang Qian	b862031afa	Remove useless declaration Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:06 +00:00
Thomas Daubney	7046468a02	Define the psa wrapper functions as static inline This is a commit from Thomas Daubney. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com> Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:06 +00:00
Gilles Peskine	391dd7fe87	Fix propagation of return value from parse_attribute_value_hex_der_encoded Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-25 19:59:31 +02:00
Gilles Peskine	7f420faf03	parse_attribute_value_hex_der_encoded: clean up length validation Separate the fits-in-buffer check (data_length <= data_size) from the we-think-it's-a-sensible-size check (data_length <= MBEDTLS_X509_MAX_DN_NAME_SIZE). This requires using an intermediate buffer for the DER data, since its maximum sensible size has to be larger than the maximum sensible size for the payload, due to the overhead of the ASN.1 tag+length. Remove test cases focusing on the DER length since the implementation no longer has a threshold for it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-25 19:59:31 +02:00
Gilles Peskine	7077781af5	Fix integer overflow with an input buffer larger than INT_MAX Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-25 19:59:31 +02:00
Gilles Peskine	25665781f6	Rewrite parse_attribute_value_hex_der_encoded() Rename the function from parse_attribute_value_der_encoded: the hex aspect seems important. There was a buffer overflow due to not validating that the intermediate data fit in the stack buffer. The rewrite doesn't use this buffer, and takes care not to overflow the buffer that it does use. Document all that's going on. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-25 19:59:31 +02:00
Dave Rodgman	6da7872aa2	Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 Merge development into development-restricted	2023-09-25 18:16:01 +01:00
Valerio Setti	c437faeaa1	psa_crypto: fix guards in mbedtls_ecc_group_to_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	db6b4db7a0	Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	cf29c5d9d5	ssl: don't require MBEDTLS_ECP_DP with TLS1.3 Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	6d809cc969	lib/test: use new internal helpers in library's code and tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	f250ada3ab	tls/oid: add PSA_WANT_ECC_xxx guards together with existing MBEDTLS_ECP_DP_xxx Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Gilles Peskine	ffe590d197	Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called Check set_padding has been called in mbedtls_cipher_finish	2023-09-25 17:12:36 +02:00
Minos Galanakis	21087754a5	x509_crt: Removed unused intsafe.h Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 15:17:38 +01:00
Gilles Peskine	ca1e605b9c	Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 Conflicts: * `include/mbedtls/build_info.h`: a new fragment to auto-enable `MBEDTLS_CIPHER_PADDING_PKCS7` was added in `c9f4040f7f` in `development-restricted`. In `development`, this section of the file has moved to `include/mbedtls/config_adjust_legacy_crypto.h`. * `library/bignum.c`: function name change in `development-restricted` vs comment change in development. The comment change in `development` is not really relevant, so just take the line from `development-restricted`.	2023-09-25 16:16:26 +02:00
Minos Galanakis	a9bb34cd73	x509_crt: Removed length_as_int intermediate variable Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:42:41 +01:00
Minos Galanakis	59108d3f4d	x509_crt: Adjusted the len of lpMultiByteStr arg in WideCharToMultiByte Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:23 +01:00
Minos Galanakis	08a67ccefd	x509_crt: Set WideCharToMultiByte to use -1 for length. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com> WideCharToMultiByte	2023-09-25 14:12:23 +01:00
Minos Galanakis	40995e1390	x509_crt: Removed checks for windows versions < WINXP Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:22 +01:00
Minos Galanakis	fac45fbafe	entropy_poll: Removed checks for windows versions < WINXP Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:22 +01:00
Minos Galanakis	e8a5d1afbd	entropy_poll: Updated documentation for entropy_poll loop. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:22 +01:00
Minos Galanakis	2c6e561ff8	entropy_poll.c: Added looping logic to `mbedtls_platform_entropy_poll()`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:22 +01:00
Minos Galanakis	4952f705ee	Removed unsupported Visual Studio related code in entropy_poll.c and x509_crt.c. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:22 +01:00
Minos Galanakis	12b493f4dc	entropy_poll/x509_crt: Added MBEDTLS_POP_TARGET_PRAGMA define guards. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:21 +01:00
Minos Galanakis	24a1c16fac	library Makefile: Moved -lbcrypt to LOCAL_LDFLAGS Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:21 +01:00
Minos Galanakis	a277b210ff	Code style fixes Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-09-25 14:12:21 +01:00
Simon Butcher	de573f56e5	Fix coding style of length_as_int var in x509_crt.c Variable had the very Windows name of lengthAsInt, which is fine for C# but doesn't match the Mbed TLS coding standards. Signed-off-by: Simon Butcher <simon.butcher@arm.com>	2023-09-25 14:12:21 +01:00
Simon Butcher	35e5dad865	Add clarifying comment on use of MultiByteToWideChar() and CP_ACP Signed-off-by: Simon Butcher <simon.butcher@arm.com>	2023-09-25 14:12:21 +01:00
Simon Butcher	def90f4966	Fix formatting and detail of comments in PR #730 Signed-off-by: Simon Butcher <simon.butcher@arm.com>	2023-09-25 14:12:20 +01:00
Simon Butcher	e068aa7ad5	Fix the build for mingw and CMake + VStudio Changes to the build to add the new Win32 Crypto API's inadvertently broke the build for mingw and Visual Studio builds when generated by CMake. Signed-off-by: Simon Butcher <simon.butcher@arm.com>	2023-09-25 14:12:20 +01:00
Kevin Kane	0ec1e68548	Replace Windows APIs that are banned in Windows Store apps CryptGenRandom and lstrlenW are not permitted in Windows Store apps, meaning apps that use mbedTLS can't ship in the Windows Store. Instead, use BCryptGenRandom and wcslen, respectively, which are permitted. Also make sure conversions between size_t, ULONG, and int are always done safely; on a 64-bit platform, these types are different sizes. Also suppress macro redefinition warning for intsafe.h: Visual Studio 2010 and earlier generates C4005 when including both <intsafe.h> and <stdint.h> because a number of <TYPE>_MAX constants are redefined. This is fixed in later versions of Visual Studio. The constants are guaranteed to be the same between both files, however, so we can safely suppress the warning when including intsafe.h. Signed-off-by: Kevin Kane <kkane@microsoft.com>	2023-09-25 14:12:20 +01:00
Dave Rodgman	025bed9eb7	Merge pull request #1076 from daverodgman/more-ct Use CT module more consistently	2023-09-25 11:50:10 +01:00
Dave Rodgman	5a3add2c67	Merge pull request #8234 from kouzhudong/development Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c	2023-09-25 10:51:46 +01:00
Gilles Peskine	6809f231a6	Merge pull request #8210 from yanrayw/aes_128bit_improvement AES 128bit only: add guards in cipher_wrap.c	2023-09-22 18:15:03 +00:00
Gilles Peskine	18e1d11cfe	Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext Switch pkparse to use new pkcs5/12 pbe functions	2023-09-22 18:06:50 +02:00
Dave Rodgman	4f53520f54	Merge pull request #8241 from daverodgman/cast_warning fix cast warning	2023-09-22 14:23:05 +00:00
Dave Rodgman	c0633bc777	Add comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-22 10:54:43 +01:00
Dave Rodgman	38c3228f3e	fix cast warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-22 10:51:37 +01:00
Gilles Peskine	193f94276e	Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher	2023-09-22 11:43:03 +02:00
Dave Rodgman	d03f483dbe	Use mbedtls_ct_error_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-22 10:01:47 +01:00
Dave Rodgman	fbe74a9e51	Add mbedtls_ct_error_if, with tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-22 09:58:25 +01:00
Tom Cosgrove	41434d043c	Merge pull request #8237 from tom-cosgrove-arm/mbedtls_pk_write_key_der-unused-len-and-unreachable-ret Remove unused variable and unreachable return from mbedtls_pk_write_key_der()	2023-09-22 08:45:48 +00:00
Dave Rodgman	a9d70125a3	Remove mbedtls_ct_int_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 21:53:54 +01:00
Dave Rodgman	7ad37e40a6	Remove use of mbedtls_ct_int_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 21:53:31 +01:00
Dave Rodgman	530c3da698	Improve implementation of mbedtls_ct_int_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 21:06:48 +01:00
Dave Rodgman	61f1beaccf	Update library to use mbedtls_ct_int_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 19:23:17 +01:00
Dave Rodgman	f81b2a14f2	Generalise mbedtls_ct_error_if to mbedtls_ct_int_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 19:22:43 +01:00
Dave Rodgman	aaebc9be51	Merge pull request #8235 from daverodgman/misc-size	2023-09-21 18:42:37 +01:00
Tom Cosgrove	8d276fbc23	Remove unused variable and unreachable return from mbedtls_pk_write_key_der() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-21 17:19:36 +01:00
correy	a15b4851d4	Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c Signed-off-by: correy <112426112@qq.com>	2023-09-21 20:18:52 +08:00
Dave Rodgman	1a404e8f34	Use mbedtls_ct_error for CT error selection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 13:12:28 +01:00
Dave Rodgman	e50b537266	Add mbedtls_ct_error_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 11:29:58 +01:00
Dave Rodgman	ef6795d2a9	Reduce size of mbedtls_asn1_get_len Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 10:35:33 +01:00
Pengyu Lv	6f0259e6da	AESNI: improve comments on some guards in aesni.h Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-09-21 10:34:32 +08:00
Dave Rodgman	584a08f91d	Add cast for MSVC Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-20 20:15:52 +01:00
Gilles Peskine	efaee9a299	Give a production-sounding name to the p256m option Now that p256-m is officially a production feature and not just an example, give it a more suitable name. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-20 20:49:47 +02:00
Waleed Elmelegy	1db5cdaf57	Add tests to test pkcs8 parsing of encrypted keys Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:29:02 +01:00
Waleed Elmelegy	5e48cad7f0	Fix codestyle issues in pkcs12.h & pkparse.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:29:02 +01:00
Waleed Elmelegy	d527896b7e	Switch pkparse to use new mbedtls_pkcs12_pbe_ext function Switch pkparse to use new mbedtls_pkcs12_pbe_ext function and deprecate mbedtls_pkcs12_pbe function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:29:02 +01:00
Waleed Elmelegy	c9f4040f7f	Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function and deprecate mbedtls_pkcs5_pbes2 function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:28:28 +01:00
Dave Rodgman	1cf181fd46	Reinstate more robust return value handling Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-20 19:10:17 +01:00
Dave Rodgman	c43a0a4adb	rename dont_ignore to in_padding Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-20 19:09:51 +01:00
Dave Rodgman	e834d6c9f2	Move declaration for robustness against future edits Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-20 19:09:51 +01:00
Dave Rodgman	c62f7fcce9	Use more meaningful variable name in mbedtls_rsa_rsaes_oaep_decrypt Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-20 19:09:51 +01:00
Dave Rodgman	e94cd0b99b	Correct use of mbedtls_ct_mpi_uint_if_else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-20 19:09:51 +01:00
Gilles Peskine	eda1b1f744	Merge pull request #7921 from valeriosetti/issue7613 TLS: Clean up ECDSA dependencies	2023-09-20 12:47:55 +00:00
Dave Rodgman	ee5464fab9	Simplify unnecessarily complex error code handling Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-20 09:13:12 +01:00
Dave Rodgman	fd96579ecd	Use properly typed versions of mbedtls_ct_xxx_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 21:52:13 +01:00
Dave Rodgman	143f5f7c68	Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 21:52:13 +01:00
Dave Rodgman	437500c5b1	Fix MSVC type complaint Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 21:52:13 +01:00
Dave Rodgman	814d096420	Fix error in handling of return value from mbedtls_nist_kw_unwrap Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 20:48:51 +01:00
Dave Rodgman	6be4bcff16	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 19:47:51 +01:00
Dave Rodgman	4fc14cc4ae	Fix error in handling of return value from mbedtls_nist_kw_unwrap Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 19:45:54 +01:00
Dave Rodgman	f8182d91a7	Simplify add_zeros_padding Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:39:33 +01:00
Dave Rodgman	d8c68a948a	Use CT interface in get_zeros_padding Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:39:33 +01:00
Dave Rodgman	1cfc43c77b	Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:39:33 +01:00
Dave Rodgman	89a9bd5887	Use CT interface in get_one_and_zeros_padding Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:39:33 +01:00
Dave Rodgman	6cec41c3bb	use CT interface in add_zeros_and_len_padding() Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:34:06 +01:00
Dave Rodgman	6b7e2a5809	Use CT interface in get_pkcs_padding Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:34:06 +01:00
Dave Rodgman	b4e6b41aa0	Use const-time interface throughout mbedtls_rsa_rsaes_oaep_decrypt Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:34:06 +01:00
Dave Rodgman	51c15309f2	Make padlen check const-time Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:22:18 +01:00
Dave Rodgman	c2630fac52	Simplify mbedtls_ct_memcmp_partial Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:21:50 +01:00
Dave Rodgman	66d6ac92e6	Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 09:10:59 +01:00
Dave Rodgman	d337bd9bfe	Improve const-timeness of mbedtls_nist_kw_unwrap Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 09:10:59 +01:00
Dave Rodgman	9c14007ac3	Add mbedtls_ct_memcmp_partial Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 09:10:59 +01:00
Dave Rodgman	d26a3d6da7	Eliminate duplicate ct memcmp Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-18 19:09:45 +01:00
Gilles Peskine	faf0b8604a	mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 19:07:50 +02:00
Gilles Peskine	bd50d5baec	Merge pull request #8177 from gilles-peskine-arm/generated-files-off-in-release Generated files off in release	2023-09-18 14:11:58 +00:00
Dave Rodgman	25c271a035	Merge pull request #8182 from daverodgman/asn1write-size Reduce code size in mbedtls_asn1_write_len	2023-09-18 10:27:23 +00:00
Manuel Pégourié-Gonnard	275afe187f	Fix preset shared between 1.2 and 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-18 11:19:20 +02:00
Gilles Peskine	67c86e626b	Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config	2023-09-18 08:13:12 +00:00
Dave Rodgman	0c9516ea89	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-15 18:30:09 +01:00
Dave Rodgman	127f35d5e5	Merge remote-tracking branch 'origin/development' into asn1write-size Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-15 18:02:59 +01:00
Dave Rodgman	ecdfc1c94f	Fix poorly named function Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-15 18:00:37 +01:00
Gilles Peskine	8a7fb2d799	Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun Add new pkcs12 pbe2 ext fun	2023-09-15 18:43:03 +02:00
Gilles Peskine	170be457bd	Merge pull request #8207 from mcagriaksoy/branch_old_try Fixes log level for got supported group message	2023-09-15 05:53:00 +00:00
Dave Rodgman	a11eac4292	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-14 16:16:04 +01:00
Dave Rodgman	e99b24dd9f	Fix some clang-18 warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-14 15:52:02 +01:00
Yanray Wang	7732ced037	cipher_wrap: remove 192- and 256-bit for AES_ONLY_128_BIT_KEY_LENGTH Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-09-14 14:35:44 +08:00
mcagriaksoy	d9f22804ea	Fixes log level for got supported group message Signed-off-by: mcagriaksoy <mcagriaksoy@yandex.com>	2023-09-13 22:43:38 +02:00
Gilles Peskine	0ddffb6de2	Merge pull request #7210 from sergio-nsk/patch-2 Fix llvm error: variable 'default_iv_length' and other may be used uninitialized	2023-09-13 16:38:55 +02:00
Gilles Peskine	9b5d7d7801	Merge pull request #8195 from daverodgman/improve_sslmsg Improve use of ct interface in mbedtls_ssl_decrypt_buf	2023-09-13 12:32:12 +00:00
Gilles Peskine	3cea3efc25	Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 Accept numericoid hexstring x509	2023-09-13 08:54:33 +00:00
Gilles Peskine	f22999e99f	Merge pull request #8093 from yuhaoth/pr/add-target-architecture-macros Add architecture detection macros	2023-09-13 08:53:47 +00:00
Dave Rodgman	da0bb9fae8	Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage Update capitalization of "Mbed" and fix bump_version.sh	2023-09-13 08:41:20 +00:00
Dave Rodgman	7d52f2a0d9	Improve use of ct interface in mbedtls_ssl_decrypt_buf Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-13 09:30:03 +01:00
Gilles Peskine	e820c0abc8	Update spelling "mbed TLS" to "Mbed TLS" The official spelling of the trade mark changed from all-lowercase "mbed" to normal proper noun capitalization "Mbed" a few years ago. We've been using the new spelling in new text but still have the old spelling in a lot of text. This commit updates most occurrences of "mbed TLS": ``` sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/*' ':!tests/suites/.data' ':!programs/x509/' ':!configs/tfm') ``` Justification for the omissions: * `ChangeLog`: historical text. * `test/data_files/*`, `tests/suites/.data`, `programs/x509/`: many occurrences are significant names in certificates and such. Changing the spelling would invalidate many signatures and tests. `configs/tfm*`: this is an imported file. We'll follow the upstream updates. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:18:17 +02:00
Agathiyan Bragadeesh	a72ea814d8	Remove double blank line in x509_create.c Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-12 17:57:09 +01:00
Agathiyan Bragadeesh	c7959b22c6	Remove magic number in x509.c Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-12 17:56:58 +01:00
Tom Cosgrove	9d8a7d62f5	Use the correct variable when tracking padding length Fixes an error introduced in `a81373f80` Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-12 16:01:52 +01:00

... 4 5 6 7 8 ...

12537 commits