espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-07-17 23:32:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 34 Branches 164 Tags
Commit Graph

31240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
4b0e8f0e2c Remove redundant include 
It's also included later, guarded by support for ECC keys, and actually
that's the only case where we need it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Pengyu Lv
132261345d all.sh: revert changes in test_m32* 
AESNI for x86 (32-bit) have been tested in
a seperate component, we don't need to test
twice.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-16 14:03:29 +08:00
Gilles Peskine
1f2802c403 Suggest validating copy by memory poisoning 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 21:49:17 +02:00
Gilles Peskine
6998721c69 Add a section skeleton for copy bypass 
It's something we're likely to want to do at some point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:05:32 +02:00
Gilles Peskine
7bc1bb65e9 Short explanations of what is expected in the design sections 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:05:25 +02:00
Gilles Peskine
35de1f7a7d Distinguish whole-message signature from other asymmetric cryptography 
Whole-message signature may process the message multiple times (EdDSA
signature does it).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:04:16 +02:00
Gilles Peskine
9cad3b3a70 Design change for cipher/AEAD 
There are many reasons why a driver might violate the security requirements
for plaintext or ciphertext buffers, so mandate copying.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:03:18 +02:00
Gilles Peskine
2859267a27 Clarify terminology: built-in driver 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:02:00 +02:00
Gilles Peskine
db00543b3a Add a section on write-read feedback 
It's a security violation, although it's not clear whether it really needs
to influence the design.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 19:57:53 +02:00
Gilles Peskine
352095ca86 Simplify the relaxed output-output rule 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 19:56:22 +02:00
Gilles Peskine
60c453ee72 Expand explanations of the vulnerabilities 
Add a few more examples.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 19:07:56 +02:00
Gilles Peskine
8daedaeac9 Fix typos and copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 18:47:29 +02:00
Valerio Setti
5f5573fa90 cipher: reintroduce symbol for legacy AEAD support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-13 17:29:27 +02:00
Gilles Peskine
28b56335bb
Merge pull request #7942 from tom-daubney-arm/psa_crypto_example_hash 
Add example program for PSA hash
 2023-10-13 15:22:58 +00:00
Dave Rodgman
37801d714b Invert no_hwcap variable 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 16:06:55 +01:00
Dave Rodgman
515af1d80d Stop IAR warning about goto skipping variable definition 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 16:03:25 +01:00
Bence Szépkúti
195411bb17
Merge pull request #8062 from yanrayw/save_stack_usage_pkwrite 
pkwrite: use heap to save stack usage for writing keys in PEM string
 2023-10-13 14:27:13 +00:00
Gilles Peskine
73cb6f85a5
Merge pull request #8360 from Mbed-TLS/revert-8352-iar-fixes 
Revert "Fix a few IAR warnings" which breaks the CI
 2023-10-13 13:11:40 +00:00
Dave Rodgman
2457bcd26c Tidy up logic for MBEDTLS_MAYBE_UNUSED 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 12:31:45 +01:00
Dave Rodgman
cc88ccdda1 Include existing Makefile 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 12:25:23 +01:00
Gilles Peskine
9a32632577 Fix 3rdparty/Makefile.inc when included recursively 
3rdparty/Makefile.inc could only be used when included from the primary
makefile passed to make. It could not be used directly, or included from a
makefile that is itself included. This was due to counting from the left of
$(MAKEFILE_LIST) instead of using the last element.

Since each include directive appends to $(MAKEFILE_LIST), when using it to
determine $(THIRDPARTY_DIR), we need to use a simply-expanded variable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 12:25:18 +01:00
Gilles Peskine
97a6231b5c
Revert "Fix a few IAR warnings" 2023-10-13 11:39:53 +02:00
Waleed Elmelegy
0badeb4560 Fix changelog code style issue 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-13 10:27:13 +01:00
Waleed Elmelegy
107c60c765 Fix changelog style issue 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-13 10:25:58 +01:00
Dave Rodgman
768bc143ad Fix hwcap test for CI 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 10:15:55 +01:00
Waleed Elmelegy
5867465e90 Fix code style issue in cert_write program 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-13 10:03:12 +01:00
Waleed Elmelegy
eade3fedb2 Fix code style issue in cert_req program 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-13 09:59:19 +01:00
Dave Rodgman
7821df3e8b Adjust use of deprecated in Doxygen 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 09:39:11 +01:00
Dave Rodgman
ab0cff5b4e Require asm/hwcap.h for testing 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 09:32:04 +01:00
Dave Rodgman
d85277c62e Doxygen fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 09:22:54 +01:00
Dave Rodgman
2d67e3a07b
Merge pull request #8352 from daverodgman/iar-fixes 
Fix a few IAR warnings
 2023-10-13 09:20:28 +01:00
Valerio Setti
193e383686 check_config: fix typo causing build issues with only CCM enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-13 09:37:24 +02:00
Tom Cosgrove
71f2e398bd
Merge pull request #8345 from mcagriaksoy/branch_issue_8344 
Add missing casting size_t to int on ssl_tls13_keys.c
 2023-10-12 18:39:33 +00:00
Dave Rodgman
584c8108b3 Use a block to save 12b 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:55:23 +01:00
Dave Rodgman
351a81c65d Keep initialisation of p in its original location 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:36:05 +01:00
Dave Rodgman
bcb1818e19 Fix IAR 'transfer of control bypasses initialization' warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:23:11 +01:00
Dave Rodgman
4b779bef9e
Merge branch 'development' into more-aes-checks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:17:10 +01:00
Dave Rodgman
7cb635a563 Adjust the full config 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:14:51 +01:00
Waleed Elmelegy
737cfe184b Add changelog entry for x509 cert_req null dereference fix 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-12 15:51:13 +01:00
Waleed Elmelegy
ac97af223e Fix possible NULL dereference issue in X509 cert_req program 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-12 15:46:06 +01:00
Gilles Peskine
f7806ca782 Analyze requirements for protection of arguments in shared memory 
Propose a dual-approach strategy where some buffers are copied and others
can remain shared.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-12 16:00:11 +02:00
Waleed Elmelegy
1444c0eb20 Add changelog entry for x509 cert_write null dereference fix 
Also fix a typo in cert_write.c

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-12 14:31:06 +01:00
Waleed Elmelegy
476c1198e8 Fix possible NULL dereference issue in X509 cert_write program 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-10-12 14:19:25 +01:00
Dave Rodgman
54bb76e106
Merge pull request #8348 from kasjer/kasjer/aes-rcon-rename 
Rename local variable in aes.c
 2023-10-12 12:30:35 +00:00
Ryan Everett
86bfbe8ef2 Fix test data dependencies 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00
Ryan Everett
cd80f09aa3 Fix Changelog formatting 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00
Ryan Everett
632699b925 Add Changelog 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00
Ryan Everett
8494c986a0 Add Encryption test data for AES 128,196,256 PBES2 
Data (for encryption and decryption) generated using openssl:

openssl kdf -keylen 24 -kdfopt digest:SHA256 -kdfopt
    iter:10000 -kdfopt pass:"PasswordPasswordPassword"
    -kdfopt hexsalt:0102030405060708
    PBKDF2 69D1831EA16816B82797E5E9619C2F62153BC65C1791B5C0
openssl enc $MODE -iv 2F904F75B47B48A618068D79BD9A826C
    -K $KEY -in $FILE -e -out $ENC

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00
Ryan Everett
223e716693 Replace AES-CBC test data 
Previously the buffer size was increased in order to allow for large
test data, these new tests fit in the original sized buffer.

Test data generated with openssl using the following command line:
openssl kdf -keylen $LEN -kdfopt digest:SHA256 -kdfopt iter:10000 -kdfopt
pass:"PasswordPasswordPassword" -kdfopt hexsalt:0102030405060708 PBKDF2

openssl enc -$ENC -iv 2F904F75B47B48A618068D79BD9A826C -K $KEY -in $IN
-e -out $OUT

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00
Ryan Everett
1a91309324 Restore array formatting 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00