mbedtls

Author	SHA1	Message	Date
Gilles Peskine	3cea3efc25	Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 Accept numericoid hexstring x509	2023-09-13 08:54:33 +00:00
Gilles Peskine	f22999e99f	Merge pull request #8093 from yuhaoth/pr/add-target-architecture-macros Add architecture detection macros	2023-09-13 08:53:47 +00:00
Dave Rodgman	da0bb9fae8	Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage Update capitalization of "Mbed" and fix bump_version.sh	2023-09-13 08:41:20 +00:00
Dave Rodgman	7d52f2a0d9	Improve use of ct interface in mbedtls_ssl_decrypt_buf Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-13 09:30:03 +01:00
Gilles Peskine	e820c0abc8	Update spelling "mbed TLS" to "Mbed TLS" The official spelling of the trade mark changed from all-lowercase "mbed" to normal proper noun capitalization "Mbed" a few years ago. We've been using the new spelling in new text but still have the old spelling in a lot of text. This commit updates most occurrences of "mbed TLS": ``` sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/*' ':!tests/suites/.data' ':!programs/x509/' ':!configs/tfm') ``` Justification for the omissions: * `ChangeLog`: historical text. * `test/data_files/*`, `tests/suites/.data`, `programs/x509/`: many occurrences are significant names in certificates and such. Changing the spelling would invalidate many signatures and tests. `configs/tfm*`: this is an imported file. We'll follow the upstream updates. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:18:17 +02:00
Agathiyan Bragadeesh	a72ea814d8	Remove double blank line in x509_create.c Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-12 17:57:09 +01:00
Agathiyan Bragadeesh	c7959b22c6	Remove magic number in x509.c Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-12 17:56:58 +01:00
Tom Cosgrove	9d8a7d62f5	Use the correct variable when tracking padding length Fixes an error introduced in `a81373f80` Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-12 16:01:52 +01:00
Waleed Elmelegy	57d09b72ef	Return back to modifying input parameters in pkcs12_parse_pbe_params Return back to modifying input parameters in pkcs12_parse_pbe_params to avoid change in behaviour. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-12 14:05:10 +01:00
Waleed Elmelegy	a7d206fce6	Check set_padding has been called in mbedtls_cipher_finish Check set_padding has been called in mbedtls_cipher_finish in modes that require padding. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-12 13:39:36 +01:00
Dave Rodgman	bd58944252	Avoid implementation defined behaviour Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 12:38:53 +01:00
Dave Rodgman	2b0d53a2a8	Merge pull request #7590 from daverodgman/ct-x86-asm Constant time asm for x86 and x86-64	2023-09-12 09:58:44 +00:00
Dave Rodgman	50b0a35494	Test INT_MAX rather than UINT_MAX Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 09:30:44 +01:00
Dave Rodgman	98926d5fb1	Update comment, and replace bit-twiddling with #error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 09:29:33 +01:00
Ronald Cron	ad2f351c6b	Merge pull request #8171 from ronald-cron-arm/misc-minor-fixes One minor fix	2023-09-12 06:00:48 +00:00
Dave Rodgman	4f26770291	Ensure mbedtls_ct_memcpy behaves correctly with 16-bit int Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 19:10:09 +01:00
Dave Rodgman	dc669a1944	Fix type error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 18:39:57 +01:00
Dave Rodgman	5265c318a0	Fix type-conversion error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 18:04:13 +01:00
Dave Rodgman	49352832c9	Eliminate duplicate of mbedtls_asn1_find_named_data Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 17:10:43 +01:00
Dave Rodgman	33287ae134	Tidy up mbedtls_asn1_write_len Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 17:10:43 +01:00
Dave Rodgman	cf5f746a8c	Refactor out some common code Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 16:27:34 +01:00
Dave Rodgman	7fda906a68	Merge pull request #8161 from gilles-peskine-arm/config-boolean-options-wrong-section-202309 Fix module configuration options in mbedtls_config.h	2023-09-11 15:08:56 +00:00
Dave Rodgman	3bbedf6ba0	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 16:06:28 +01:00
Dave Rodgman	9f366b07ea	Reduce code size in mbedtls_asn1_write_len Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 16:00:03 +01:00
Dave Rodgman	82fe0828b2	Merge pull request #8180 from daverodgman/sha2-zeroize Ensure all md_<hash>_finish functions perform zeroization	2023-09-11 15:13:27 +01:00
Dave Rodgman	aafd1e0924	Ensure all md_<hash>_finish functions perform zeroization Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 12:59:36 +01:00
Tom Cosgrove	876346e451	Remove always-false null pointer check in sha3.c that Coverity complains about Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-11 09:03:01 +01:00
Dave Rodgman	3f8e483eed	Mark y as modified in x86 asm for mbedtls_ct_uint_lt Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 17:57:40 +01:00
Dave Rodgman	4a97e73661	Eliminate a redundant not from x86 asm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 17:26:18 +01:00
Dave Rodgman	b6b8f6c68d	Make variable name consistent in x86_64 asm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 17:19:32 +01:00
Dave Rodgman	5f249852a5	Better register allocation for x86_64 asm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 17:18:29 +01:00
Dave Rodgman	99f0cdc0e0	Remove not-needed mov in x86_64 asm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 17:18:04 +01:00
Waleed Elmelegy	e1cb35b719	Add new mbedtls_pkcs12_pbe_ext function to replace old function Add new mbedtls_pkcs12_pbe_ext function to replace old mbedtls_pkcs12_pbe function that have security issues. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-08 16:51:26 +01:00
Gilles Peskine	0b62b7a21f	Allow turning off re-generation of files with make In make builds, when GEN_FILES is false (empty), don't try to re-generate configuration-independent source files, regardless of whether they seem out of date. This is useful, for example, if you have a source tree where `make generated_files` has already run and file timestamps reflect the time the files were copied or extracted, and you are now in an environment that lacks some of the necessary tools to re-generate the files. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-08 16:19:13 +02:00
Gilles Peskine	31d49cd57f	Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe Improve & test legacy mbedtls_pkcs12_pbe	2023-09-08 13:08:05 +02:00
Agathiyan Bragadeesh	706a1c3c3f	Fix code style Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-08 12:04:41 +01:00
Agathiyan Bragadeesh	c34804dea2	Fix bug with checking max dn length with hexpairs Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-08 11:32:19 +01:00
Ronald Cron	b9c7953442	pkwrite: Fix defined but not used warning Fix defined but not used warning when MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_HAVE_RFC8410_CURVES and MBEDTLS_PK_HAVE_ECC_KEYS are defined but not MBEDTLS_PEM_WRITE_C. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-09-07 14:20:49 +02:00
Gilles Peskine	58590983c5	Merge pull request #8160 from daverodgman/warn-unreachable Fix clang warnings about unreachable code	2023-09-06 09:47:03 +00:00
Dave Rodgman	85061b97b5	Improve sanity checking of MBEDTLS_HAVE_INTxx Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-06 08:41:05 +01:00
Dave Rodgman	b7b8c09c81	Update bignum_core.c Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-05 20:35:19 +01:00
Gilles Peskine	ff2558a470	Fix unused variable in some TLS 1.3 builds Fix unused variable when MBEDTLS_SSL_PROTO_TLS1_3 and MBEDTLS_SSL_SESSION_TICKETS are enabled but not MBEDTLS_DEBUG_C. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-05 21:10:39 +02:00
Dave Rodgman	7e1e7be8fc	Simplify fixes for unreachable code Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-05 18:15:31 +01:00
Dave Rodgman	cfa722324c	Fix warnings about unreachable code Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-05 16:53:33 +01:00
Dave Rodgman	0364c8a773	Introduce MBEDTLS_IGNORE_UNREACHABLE_BEGIN Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-05 16:20:19 +01:00
Waleed Elmelegy	255db80910	Improve & test legacy mbedtls_pkcs12_pbe * Prevent pkcs12_pbe encryption when PKCS7 padding has been disabled since this not part of the specs. * Allow decryption when PKCS7 padding is disabled for legacy reasons, However, invalid padding is not checked. * Document new behaviour, known limitations and possible security concerns. * Add tests to check these scenarios. Test data has been generated by the below code using OpenSSL as a reference: #include <openssl/pkcs12.h> #include <openssl/evp.h> #include <openssl/des.h> #include <openssl/asn1.h> #include "crypto/asn1.h" #include <string.h> int main() { char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB"; unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC"; unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"; unsigned char ciphertext = NULL; int iter = 10; X509_ALGOR alg = X509_ALGOR_new(); int ciphertext_len = 0; int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; alg->parameter = ASN1_TYPE_new(); struct asn1_object_st * aobj; PKCS5_pbe_set0_algor(alg, alg_nid, iter, salt, sizeof(salt)-1); aobj = alg->algorithm; printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length); printf("06%.2X", aobj->length); for (int i = 0; i < aobj->length; i++) { printf("%.2X", aobj->data[i]); } for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) { printf("%.2X", alg->parameter->value.asn1_string->data[i]); } printf("\":\""); for (int i = 0; i < sizeof(pass)-1; i++) { printf("%.2X", pass[i] & 0xFF); } printf("\":\""); for (int i = 0; i < sizeof(plaintext)-1; i++) { printf("%.2X", plaintext[i]); } printf("\":"); printf("0"); printf(":\""); unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1); if (res == NULL) printf("Encryption failed!\n"); for (int i = 0; i < ciphertext_len; i++) { printf("%.2X", res[i]); } printf("\"\n"); return 0; } Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> #	2023-09-05 15:45:55 +01:00
Paul Elliott	945d674c8d	Merge pull request #8157 from actonlang/fix-include-psa-utils-internals Use quotes include of psa_util_internal.h	2023-09-05 12:52:19 +00:00
Tom Cosgrove	8bd8a462d2	Merge pull request #8141 from tom-cosgrove-arm/define-psa-macros-to-1 Define all PSA_xxx macros to 1 rather than have them empty, for consistency	2023-09-04 21:27:01 +00:00
Agathiyan Bragadeesh	fca0861e8e	Add asn1 get tag and len to x509 create config Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-04 15:45:37 +01:00
Agathiyan Bragadeesh	86dc08599b	Add asn1 write tag and len to x509 use c config Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-09-04 15:40:41 +01:00
Gilles Peskine	1a7d387072	Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun Add new pkcs5 pbe2 ext fun	2023-09-04 15:33:42 +02:00
Kristian Larsson	a1aeff4124	Use quotes include of psa_util_internal.h psa_utils_internal.h was broken out of mbedtls/psa_utils.h, which in some places were included as <mbedtls/psa_utils.h>. But since psa_utils_internals.h should be internal, we should not rely on the system include paths. I suspect a regexp replace gone slightly wrong. Signed-off-by: Kristian Larsson <kristian@spritelink.net>	2023-09-04 10:36:37 +02:00
Dave Rodgman	4f69668558	Merge pull request #8082 from daverodgman/misc-code-size Misc code size improvements	2023-09-02 11:44:31 +00:00
Dave Rodgman	662c497395	Merge pull request #8144 from daverodgman/zeroize-stronger Add more protection to mbedtls_platform_zeroize	2023-09-02 10:59:12 +01:00
Dave Rodgman	1dab445804	Update guard for ecp Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-02 10:56:44 +01:00
Dave Rodgman	16a76721b6	Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization Fix TLS pad buffer zeroization	2023-09-01 23:35:23 +00:00
Waleed-Ziad Maamoun-Elmelegy	c5fef82c52	Fix typo in pkcs5.c Co-authored-by: Janos Follath <janos.follath@arm.com> Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-01 11:45:39 +01:00
Dave Rodgman	fe55320b5c	Avoid error from old gcc version Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-01 11:15:28 +01:00
Dave Rodgman	5f6060a1f3	Code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-01 11:00:58 +01:00
Dave Rodgman	ba67451562	Fix gcc compile warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-01 10:14:46 +01:00
Dave Rodgman	ac3cf7c20b	Add more protection to mbedtls_platform_zeroize Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-01 10:09:31 +01:00
Paul Elliott	6ebe7d2e3a	Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name Coverity fix: Set `type_id` in `x509_get_other_name()`	2023-08-31 16:26:00 +00:00
Tom Cosgrove	c43c3aaf02	Define all PSA_xxx macros to 1 rather than have them empty, for consistency Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-08-31 17:06:58 +01:00
Dave Rodgman	4f47f3dac8	Covert PSA guards to MBEDTLS Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-31 12:10:00 +01:00
Dave Rodgman	a9a53a05f0	Merge remote-tracking branch 'origin/development' into misc-code-size	2023-08-31 11:53:46 +01:00
Dave Rodgman	dea266f3f5	Use MBEDTLS_MD_LIGHT instead of MBEDTLS_MD_C Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-31 11:52:43 +01:00
Dave Rodgman	8d706f6b59	Simplify camellia error conversion macros Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-31 11:48:44 +01:00
Dave Rodgman	09a9e589c1	Add missing error conversion case Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-31 11:05:22 +01:00
Dave Rodgman	68efcf56ed	Remove not-needed #include Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-31 10:09:05 +01:00
Dave Rodgman	984309c2c3	Call mbedtls_platform_zeroize via mbedtls_sha3_free Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-30 19:22:28 +01:00
Dave Rodgman	dbddb00158	Ensure mbedtls_sha3_finish zeroizes the context Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-30 18:43:23 +01:00
Gilles Peskine	03e9dea30b	Merge remote-tracking branch 'development' into psa_crypto_config-in-full Conflicts: * `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and `PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions from `development`, and add the `u` suffix to the relevant constants.	2023-08-30 18:32:57 +02:00
Agathiyan Bragadeesh	a2423debcc	Fix code style Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-30 16:24:31 +01:00
Agathiyan Bragadeesh	de02ee268e	Refactor parse_attribute_value_string Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-30 16:12:57 +01:00
Agathiyan Bragadeesh	1aece47e8c	Make hexpair_to_int take a char pointer Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-30 16:05:24 +01:00
Agathiyan Bragadeesh	e9d1c8e1eb	Reword and reformat comments Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-30 15:55:31 +01:00
Agathiyan Bragadeesh	ef6abd4062	Add blank lines after variable declarations Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-30 15:55:12 +01:00
Dave Rodgman	730bbee226	Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30	2023-08-30 11:22:00 +01:00
Dave Rodgman	29bf911058	Merge pull request #7839 from daverodgman/psa-sha3 SHA-3 via PSA	2023-08-30 08:51:36 +00:00
Waleed Elmelegy	79b6e26b1b	Improve mbedtls_pkcs5_pbes2_ext function test data Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-29 14:55:03 +01:00
Dave Rodgman	787011542b	Fully replace mbedtls_psa_safer_memcmp Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 14:20:18 +01:00
Dave Rodgman	e97de40e7b	Typo fix Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 09:47:35 +01:00
Dave Rodgman	6d5261e38f	Fix typo in doxygen for mbedtls_ct_memcpy_offset Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 09:42:14 +01:00
Dave Rodgman	b69239c604	Improve docs in mbedtls_mpi_lt_mpi_ct Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 09:42:14 +01:00
Dave Rodgman	d44dd96132	Improve docs re duplicate declarations Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 09:42:14 +01:00
Dave Rodgman	0cf9dd1056	Whitespace - tidy up asm and make it more consistent Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 09:42:14 +01:00
Dave Rodgman	81673bba77	Add x86 const-time assembly Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 09:42:14 +01:00
Dave Rodgman	664fea481c	Add x86-64 const-time assembly Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-29 09:42:14 +01:00
Dave Rodgman	d395590597	Merge pull request #7579 from daverodgman/safer-ct-asm Arm assembly implementation of constant time primitives	2023-08-28 08:26:29 +00:00
Jerry Yu	f65f71eef3	improve various issues - duplicate definition - wrong comments - redundant include statement Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-28 10:58:24 +08:00
Gilles Peskine	2a296729d0	Merge pull request #8084 from AgathiyanB/remove-type-qualifier-in-assignment-casts Remove type qualifier in assignment casts	2023-08-24 18:02:11 +00:00
Agathiyan Bragadeesh	457ac84f01	Refactor previous fix Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-23 11:35:26 +01:00
Agathiyan Bragadeesh	4c7d7bf583	Add guard for empty AttributeValue Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-23 11:28:30 +01:00
Jerry Yu	782b966666	replace target arch macros in padlock Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-23 17:15:35 +08:00
Jerry Yu	d6e312dde4	replace aesni target detection macros Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-23 17:15:34 +08:00
Jerry Yu	72fd0bdc71	replace arm64 macro and aesce enable flag Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-23 17:15:34 +08:00
Agathiyan Bragadeesh	15df01240d	Fix code style Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 17:50:00 +01:00
Agathiyan Bragadeesh	4606bf3f38	Refactor reading AttributeValue in dn gets Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 17:29:18 +01:00
Agathiyan Bragadeesh	022f86f108	Prevent output of escaped null characters dn gets Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 16:56:04 +01:00
Agathiyan Bragadeesh	d9d79bb74b	Rename parse_attribute_value_ber_encoded Now renamed to parse_attribute_value_der_encoded to be consistent with names elsewhere Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 16:43:58 +01:00
Agathiyan Bragadeesh	8aa74ab6a9	Add return for buffer too small when reading OIDs Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 16:42:27 +01:00
Agathiyan Bragadeesh	f3b9724dcd	Remove questionable use of macro. MBEDTLS_X509_SAFE_SNPRINTF was used after mbedtls_oid_get_numeric_string so instead we have expanded the macro and kept the relevant code. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 16:37:11 +01:00
Agathiyan Bragadeesh	07f472a88b	Add corruption detected return when writing asn1 Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 16:29:39 +01:00
Tom Cosgrove	3d2d599d3e	Merge pull request #7996 from gilles-peskine-arm/small_primes-gaps Reduce the size of the small primes table used by primality testing	2023-08-22 12:48:56 +00:00
Agathiyan Bragadeesh	ba386ec23e	Remove magic number for null tag Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	12b9d7040e	Remove x509_oid_from_numericoid Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	fb94702762	Add catch for alloc error x509_oid_from_numericoid Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	4294ccc608	Use mbedtls_calloc instead of calloc Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	55d93192b1	Fix oid memory leak Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	f826d1113e	Reject null bytes in DER encoded values in DNs Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	eb55867520	Fix code style Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	9caaa6d967	Reject escaped null hexpairs in DNs Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	957ca0595d	Accept short name/ber encoded data in DNs Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	17984874af	Change error from unknown oid to invalid name Since the implementation no longer needs to know the oid, it makes more sense for the error message to be an invalid name. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	f88bd5ac86	Accept any valid oid in string_to_names Instead of using x509_attrs, use generic oid conversion. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	af70c7dce7	Write numeric oid directly to buffer mbedtls_oid_get_numeric_string now points to output buffer in dn_gets Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	a7f9630925	Remove duplicate '+' in comparison string Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	5adffb2488	Refactor dn_gets use library function to write tag Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	2bf09a61a3	Fix style on left shift operations Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	e18a1789fd	Use MBEDTLS_X509_MAX_DN_NAME_SIZE for buffer size Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	ee642d93a8	Format preprocessor conditionals Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	ed88eefe8e	Rename in_tag to in_attr_type Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	97178f231f	Fix code style in mbedtls_x509_string_to_names Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	7f639fc7ab	Fix Windows x64 build errors with type conversions Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	39ba121d3a	Fix memory leak in alternative code route If no oid is found, and x509_attr_descr_from_numericoid returns NULL, previously the memory allocated for the oid wasn't freed. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	f818e01edb	FIx memory leak in x509_attr_descr_from_numericoid; Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	a1f5c2d06f	Move declaration of variables in dn_gets to top Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	0a4b6d88d0	Alter conditions on hexstring output dn_gets Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	4987c8fcb0	Fix code style on x509.c and x509_create.c Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	c9d74f3109	Refactor AttributeType in mbedtls_x509_dn_gets Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	0eb6673a80	Add preprocessor config guards Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	6cbfae591a	Parse DER tag mbedtls_x509_string_to_names Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	ddc720d209	Add mbedtls_x509_dn_gets hexstring output If the data is a bitstring or an octet string, instead use the hexstring of the BER encoding (RFC 4514 Section 2.4) Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	b73778d8f9	Implement parse_attribute_value_ber_encoded Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	e119f3c0ea	Refactor mbedtls_x509_string_to_names This refactor is to accomodate future support of numericoid/hexstring attributetype value pairs. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	f0e1ac59d8	Rewrite nibble_to_hex_digit for readability Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	9d2507c81d	Rename x509_int_to_hexdigit to nibble_to_hex_digit Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	ef2decbe4a	Escape hexpairs characters RFC 4514 Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and interprets hexpairs in mbedtls_x509_string_to_names. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:38:16 +01:00
Agathiyan Bragadeesh	48513b8639	Escape special characters RFC 4514 This escapes special characters according to RFC 4514 in mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names. This commit does not handle hexpairs. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:38:16 +01:00
Gilles Peskine	30b0378008	Fix off-by-one error The value of p after adding the last entry in the gap table is not used. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-22 11:06:47 +02:00
Dave Rodgman	e20d688463	Fix missing operand modifier Co-authored-by: Yanray Wang <yanray.wang@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-22 08:46:18 +01:00
Dave Rodgman	0c99a9083e	Avoid signed right shift UB Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-21 17:06:24 +01:00
Tom Cosgrove	31b2d7414d	Merge pull request #8053 from gilles-peskine-arm/mpi_exp_mod-remove_initial_copy mbedtls_mpi_exp_mod: remove spurious copy of the output variable	2023-08-21 15:50:28 +00:00
Gilles Peskine	0addbe6dc7	Merge pull request #8069 from paul-elliott-arm/fix_ecjpake_deadcode Fix logical dead code found by Coverity	2023-08-21 14:44:36 +00:00
Dave Rodgman	65204f8fc8	Merge pull request #8035 from daverodgman/aesce-support-perf Make mbedtls_aesce_has_support more efficient	2023-08-21 14:39:08 +00:00
Tom Cosgrove	d29648026b	Merge pull request #8017 from ivq/unchecked_return Fix a few unchecked return values	2023-08-21 13:02:53 +00:00
Janos Follath	e220d258fd	Merge pull request #8086 from yanesca/remove-new-bignum Remove new bignum when not needed	2023-08-21 10:59:41 +00:00
Dave Rodgman	0ce0fbc32a	Simplify aarch64 asm for mbedtls_ct_uint_lt Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-21 07:58:50 +01:00
Dave Rodgman	3ab114e3da	Move non-function-specific macro outside of function definition Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-21 07:54:11 +01:00
Gilles Peskine	ead1766b5f	Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL "Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of making an empty salt work. But it didn't fix the case of an empty salt segment followed by a non-empty salt segment, which still invoked memcpy with a potentially null pointer as the source. This commit fixes that case, and also simplifies the logic in the function a little. Test data obtained with: ``` pip3 install cryptodome python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64 ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-20 22:05:16 +02:00
Dave Rodgman	f2249ec905	Rename mbedtls_aesce_has_support macro to satisfy case rules Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	b30adce7fd	Use -1 as uninitialised marker Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	4566132163	Make mbedtls_aesce_has_support more efficient Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	1fdc884ed8	Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode AES: Add accelerator only mode	2023-08-18 20:55:44 +00:00
David Horstmann	cfae6a1ae9	Fix incorrect detection of HardwareModuleName The hardware module name otherName SAN contains 2 OIDs: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING } The first, type-id, is the one that identifies the otherName as a HardwareModuleName. The second, hwType, identifies the type of hardware. This change fixes 2 issues: 1. We were erroneously trying to identify HardwareModuleNames by looking at hwType, not type-id. 2. We accidentally inverted the check so that we were checking that hwType did NOT match HardwareModuleName. This fix ensures that type-id is correctly checked to make sure that it matches the OID for HardwareModuleName. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-08-18 19:31:39 +01:00
David Horstmann	2ea44d28de	Fix: Set type_id in x509_get_other_name() When parsing a subject alternative name of type otherName, retain the type-id field of the otherName. Previously this was not copied to the mbedtls_x509_san_other_name struct when it should have been. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-08-18 18:36:02 +01:00
Jerry Yu	0a6272d6c9	revert padlock from aesni module Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:35:59 +08:00
Jerry Yu	61fc5ed5f3	improve readability of error message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:28:48 +08:00
Jerry Yu	372f7a04d0	Add missing check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:26:25 +08:00
Gilles Peskine	eeaad50cd6	Merge pull request #8079 from adeaarm/port_IAR_build_fix Small fixes for IAR support	2023-08-17 19:10:51 +00:00
Gilles Peskine	73936868b8	Merge remote-tracking branch 'development' into psa_crypto_config-in-full Conflicts: * tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed in the development branch.	2023-08-17 19:46:34 +02:00
Antonio de Angelis	8e9d6b927e	Remove the workaround for psa_key_agreement_internal Remove the workaround for psa_key_agreement_internal to have a shared_secret array always non-zero. The spec is recently updated so that PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE is always non-zero Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2023-08-17 15:27:56 +01:00
Janos Follath	f2334b7b39	Remove new bignum when not needed New bignum modules are only needed when the new ecp_curves module is present. Remove them when they are not needed to save code size. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-17 14:36:59 +01:00
Waleed Elmelegy	5d3f315478	Add new mbedtls_pkcs5_pbe2_ext function Add new mbedtls_pkcs5_pbe2_ext function to replace old function with possible security issues. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-08-17 14:20:58 +01:00
Gilles Peskine	294be94922	Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation PBKDF2 CMAC implementation	2023-08-17 11:15:16 +00:00
Jerry Yu	9608447545	replace padlock_c with padlock_have_code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 18:10:45 +08:00
Jerry Yu	3a0f044bde	improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 17:06:21 +08:00
Agathiyan Bragadeesh	9ebfa7f64c	Fix style Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-17 10:00:45 +01:00
Jerry Yu	e9c6b53e74	remove return-type when runtime detection enabled without plain c This case does not exist Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 13:53:38 +08:00
Jerry Yu	1b4c7eda80	add hardware only check for padlock Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 11:25:17 +08:00
Jerry Yu	9e628621b4	Add via padlock detection macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 11:20:09 +08:00
Jerry Yu	2319af0d64	Change the order of runtime detection If aesni is available, we will use it. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 10:38:57 +08:00
Jerry Yu	35b59d7805	exclude arm64ec mode for aesni AESNI does not work correctly for msvc arm64ec Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 10:34:15 +08:00
Dave Rodgman	f4efd19dd0	Reduce code size in ccm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 22:37:32 +01:00
Dave Rodgman	509b567911	add ifdefs to reduce size of mbedtls_to_psa_error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 22:37:29 +01:00
Dave Rodgman	6f6820345a	add #ifdefs to reduce switch size Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 18:44:32 +01:00
Dave Rodgman	864f594acc	Adjust layout of some stucts Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 18:04:44 +01:00
Dave Rodgman	164614af3d	Reduce code-size to access key slots init flag Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 17:56:28 +01:00
Dave Rodgman	58c8b942d2	Eliminate redundant version of mbedtls_ct_memcmp Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 17:51:04 +01:00
Dave Rodgman	6a9fb932fb	Use MBEDTLS_GET_UINT16_BE in mbedtls_ecp_tls_read_group_id Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 17:50:36 +01:00
Agathiyan Bragadeesh	285f85f962	Remove unnecessary const type qualifiers in casts Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-16 17:15:48 +01:00
Antonio de Angelis	f1adc2a7a1	Use asm instead of __asm in constant_time.c The original IAR fix submitted to TF-M directly changed asm to __asm. But mbed TLS now has a workaround for such cases hence just remove the original change modification. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2023-08-16 12:48:48 +01:00
Antonio de Angelis	1ee4d1228c	Fix error strings without quotes Some of the error strings that should be printed with the error preprocessor directive are missing quotes Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2023-08-16 12:48:33 +01:00
TTornblom	e4f6d79bbe	BUILD: Update For IAR support Applied the same change as in mbed-crypto for using this as a sub project with the IAR toolchain. Use __asm generic ,and avoid empty enum. Avoid declaration of array with null size. This is a porting of the original patch contributed to trusted-firmware-m. Signed-off-by: TTornblom <thomas.tornblom@iar.com> Signed-off-by: Michel Jaouen <michel.jaouen@st.com> Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2023-08-16 12:36:21 +01:00
Jerry Yu	516cf27d45	fix msvc build fail on i386 target Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 17:33:32 +08:00
Gilles Peskine	a4c01dd6e9	Merge pull request #7991 from sarveshb14/fix/psa_rsa_signature_using_large_stack rsa_signature: Use heap memory to allocate DER encoded RSA private key	2023-08-16 09:23:29 +00:00
Jerry Yu	3ce0398d1d	Add compiler cflags error message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 17:22:18 +08:00
Gilles Peskine	d370f93898	Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's	2023-08-16 09:19:46 +00:00
Jerry Yu	c628486cd9	enable runtime detection when padlock enabled and plain c disabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 16:14:02 +08:00
Jerry Yu	cc068ae631	fix `-Werror=return-type` when runtime detection enabled and plain c disabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 16:14:01 +08:00
Jerry Yu	e62ff09569	Restore aesni for i386 intrinsic code can be work on i386 also Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-16 14:33:16 +08:00
David Horstmann	ba44e918b8	Remove unnecessary include from constant_time.c This was added in order to use TEST_CF_XYZ macros which have since been removed. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-08-15 15:17:22 +01:00
Dave Rodgman	e3330f86d2	Make naming more consistent Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-14 15:26:28 +01:00
Dave Rodgman	0b7bf876e4	Fix compile fail for empty enum in cipher_wrap Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-14 14:25:29 +01:00
Dave Rodgman	2f4e6e748c	Merge pull request #8066 from paul-elliott-arm/aes_memcpy_iv_fix Fix potential corruption of IV for AES CBC with zero length	2023-08-14 09:32:45 +01:00
Paul Elliott	2a12fc20f2	Fix logical dead code found by Coverity Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-08-11 17:45:20 +01:00
Paul Elliott	2ad93674dc	Fix potential corruption of IV for AES CBC If passed a zero length, AES CBC could potentially corrupt the passed in IV by memcpying it over itself. Although this might be ok with more recent compilers, its not for every compiler we support. Found by coverity. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-08-11 17:04:06 +01:00
Paul Elliott	ecb95bea1d	Fix incorrect size used for zeroization of buffer Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-08-11 16:41:04 +01:00
Chien Wong	2e3858f5eb	Undo a change Signed-off-by: Chien Wong <m@xv97.com>	2023-08-11 18:16:06 +08:00
Dave Rodgman	42391b4378	Perf improvement in memcpy_if Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-11 08:47:38 +01:00

... 2 3 4 5 6 ...

12124 commits