yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
26917 commits 1 branch 0 tags 94 MiB
Commit graph

26917 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yanray Wang
9b811658a8 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-09-07 16:18:00 +08:00
Gilles Peskine
58590983c5
Merge pull request #8160 from daverodgman/warn-unreachable 
Fix clang warnings about unreachable code
 2023-09-06 09:47:03 +00:00
Gilles Peskine
d1ce030de2
Merge pull request #8159 from gilles-peskine-arm/split-config_psa-split 
Split out configuration adjustments from build_info.h and config_psa.h
 2023-09-06 09:04:19 +00:00
Dave Rodgman
85061b97b5 Improve sanity checking of MBEDTLS_HAVE_INTxx 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-06 08:41:05 +01:00
Dave Rodgman
b7b8c09c81
Update bignum_core.c 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 20:35:19 +01:00
Dave Rodgman
7e1e7be8fc Simplify fixes for unreachable code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 18:15:31 +01:00
Dave Rodgman
cfa722324c Fix warnings about unreachable code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 16:53:33 +01:00
Dave Rodgman
0364c8a773 Introduce MBEDTLS_IGNORE_UNREACHABLE_BEGIN 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-05 16:20:19 +01:00
Paul Elliott
945d674c8d
Merge pull request #8157 from actonlang/fix-include-psa-utils-internals 
Use quotes include of psa_util_internal.h
 2023-09-05 12:52:19 +00:00
Gilles Peskine
edc237938a Split build_info.h: create and populate mbedtls/config_adjust_ssl.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine
dc720b0a70 Split build_info.h: create mbedtls/config_adjust_x509.h 
There isn't anything to put in this file. Create it anyway for consistency
with crypto and TLS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine
9d6a63b4fb Split build_info.h: create and populate mbedtls/config_adjust_legacy_crypto.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine
4fb1542354 Split config_psa.h: create and populate mbedtls/config_adjust_legacy_from_psa.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:08 +02:00
Gilles Peskine
10c6f07963 Split config_psa.h: create and populate mbedtls/config_adjust_psa_from_legacy.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:02:13 +02:00
Gilles Peskine
eca0178cfa Split config_psa.h: create and populate mbedtls/config_adjust_psa_superset_legacy.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine
5823977981 Split config_psa.h: create and populate psa/crypto_adjust_auto_enabled.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine
7b7d903cac Split config_psa.h: create and populate psa/crypto_adjust_config_synonyms.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine
b9664ee676 Don't include configuration adjustment headers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Tom Cosgrove
8bd8a462d2
Merge pull request #8141 from tom-cosgrove-arm/define-psa-macros-to-1 
Define all PSA_xxx macros to 1 rather than have them empty, for consistency
 2023-09-04 21:27:01 +00:00
Kristian Larsson
a1aeff4124 Use quotes include of psa_util_internal.h 
psa_utils_internal.h was broken out of mbedtls/psa_utils.h, which in
some places were included as <mbedtls/psa_utils.h>. But since
psa_utils_internals.h should be internal, we should not rely on the
system include paths. I suspect a regexp replace gone slightly wrong.

Signed-off-by: Kristian Larsson <kristian@spritelink.net>
 2023-09-04 10:36:37 +02:00
Dave Rodgman
8595984d72
Merge pull request #8143 from tom-cosgrove-arm/check-mbedtls_platform_zeroize-calls 
Check mbedtls_platform_zeroize() calls
 2023-09-03 11:22:06 +00:00
Tom Cosgrove
b2fafa5a49 config-wrapper-zeroize-memset.h should be user-config-zeroize-memset.h and not include mbedtls_config.h 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
d9572c0270 Move the description of MBEDTLS_TEST_DEFINES_ZEROIZE to before its use 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
7eced7d1d2 Move zeroize-as-memset into a config file under tests/ 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
daddf11a30 Add a build to all.sh to check mbedtls_platform_zeroize() calls 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
351a391011 Fix incorrect use of mbedtls_platform_zeroize() in tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
42b02a909c Add the ability to verify mbedtls_platform_zeroize() calls with -Wsizeof-pointer-memaccess 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Dave Rodgman
4f69668558
Merge pull request #8082 from daverodgman/misc-code-size 
Misc code size improvements
 2023-09-02 11:44:31 +00:00
Dave Rodgman
662c497395
Merge pull request #8144 from daverodgman/zeroize-stronger 
Add more protection to mbedtls_platform_zeroize
 2023-09-02 10:59:12 +01:00
Dave Rodgman
1dab445804 Update guard for ecp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-02 10:56:44 +01:00
Dave Rodgman
16a76721b6
Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization 
Fix TLS pad buffer zeroization
 2023-09-01 23:35:23 +00:00
Tom Cosgrove
02ad791f29
Merge pull request #8116 from gilles-peskine-arm/config_psa-changelog-3.5 
Announce that #7420 is fixed
 2023-09-01 13:53:44 +00:00
Paul Elliott
83ae22dbbd Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-01 14:29:04 +01:00
Yanray Wang
a6757765c0 Add ChangeLog entry for MBEDTLS_CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 18:37:38 +08:00
Dave Rodgman
fe55320b5c Avoid error from old gcc version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 11:15:28 +01:00
Dave Rodgman
5f6060a1f3 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 11:00:58 +01:00
Yanray Wang
782190417c all.sh: ciper_encrypt_only: cover VIA PADLOCK 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:52 +08:00
Yanray Wang
bf66ef9085 all.sh: ciper_encrypt_only: cover baremetal build for AESCE 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:24 +08:00
Yanray Wang
207c991d56 all.sh: ciper_encrypt_only: cover AESNI and C Implementation 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:43:42 +08:00
Yanray Wang
dbcc0c6172 aes: define internal macro to simplify #if Directive 
No semantic changes, only yo simplify #if Directive
with introduction of MBEDTLS_AES_NEED_FORWARD_S_BOXES and
MBEDTLS_AES_NEED_REVERSE_TABLES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
72d7bb4bca check_config.h: add checks for CIPHER_ENCRYPT_ONLY 
MBEDTLS_CIPHER_ENCRYPT_ONLY is an internal configuration which is
automatically enabled via the PSA. Typically,
once MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled,
MBEDTLS_PSA_CRYPTO_CONFIG must be enabled. This check is only used
to prevent user explicitly enabling MBEDTLS_CIPHER_ENCRYPT_ONLY.

In addition, we shouldn't enable MBEDTLS_CIPHER_ENCRYPT_ONLY if
either CIPHER_MODE_CBC, CIPHER_MODE_XTS or NIST_KW_C is enabled.
Since three of them always need AES-decrypt.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
3c565275c4 des: add CIPHER_ENCRYPT_ONLY dependency for test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
ba473b1c82 camellia: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
702c220809 aria: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
85c3023c60 AES-ECB: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
d7058b0a35 dh_client: removed under CIPHER_ENCRYPT_ONLY 
dh_client requests AES-ECB to do decryption. So it needs to be
removed under CIPHER_ENCRYPT_ONLY.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
db9b3095fb cipher_wrap: remove *setkey_dec_func in CIPHER_ENCRYPT_ONLY 
There is no need to set decrypt key under CIPHER_ENCRYPT_ONLY,
so we can remove *setkey_dec_func from ctx to save extra code size.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:31 +08:00
Dave Rodgman
ba67451562 Fix gcc compile warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 10:14:46 +01:00
Dave Rodgman
ac3cf7c20b Add more protection to mbedtls_platform_zeroize 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-01 10:09:31 +01:00
Yanray Wang
9141ad1223 aria/camellia/des: guard setkey_dec by CIPHER_ENCRYPT_ONLY 
This is a pre-step to remove *setkey_dec_func in cipher_wrap ctx
when CIPHER_ENCRYPT_ONLY is enabled.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:06:38 +08:00