mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 03:55:33 +00:00

Author	SHA1	Message	Date
Kevin Bracey	585e9e0922	Add MBEDTLS_SSL_CONF_TRANSPORT Follow the model of `MBEDTLS_SSL_CONF_ENDPOINT`. This saves a small amount - most of the saving was already acheived via` MBEDTLS_SSL_TRANSPORT_IS_TLS` but we can scrape out a little more by totally eliminating `ssl->conf->transport` references. Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>	2020-11-04 15:16:22 +02:00
Kevin Bracey	d859db833c	Fix MBEDTLS_SSL_CONF_ENDPOINT flagging Compilation failed if MBEDTLS_SSL_CONF_ENDPOINT was set - add necessary conditions. Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>	2020-11-04 15:16:09 +02:00
Andrzej Kurek	8b0910a791	Merge pull request #3815 from AndrzejKurek/cipher-optim-mem-fix ssl_tls.c: Fix unchecked memory allocation	2020-11-02 11:41:24 +01:00
Andrzej Kurek	28b3b29306	ssl_tls.c: Fix unchecked memory allocation Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-10-22 11:40:41 +02:00
Andrzej Kurek	2e49d079d6	Describe the behaviour of buffer resizing on an out-of-memory error Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-10-22 11:16:25 +02:00
Andrzej Kurek	cd9a6ff3c1	Introduce additional flags for buffer upsizing and downsizing Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-10-22 11:12:07 +02:00
Andrzej Kurek	79db2f14da	Refactor the buffer resize feature to reduce codesize Extract a common part of the code to a function. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-10-20 17:11:54 +02:00
Andrzej Kurek	f384495972	Sideport the variable IO buffer size feature to baremetal Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-10-17 00:55:17 +02:00
Andrzej Kurek	dd5ad6924e	Merge pull request #3785 from AndrzejKurek/m_tinycrypt_asm TinyCrypt ARM assembler and other optimisations	2020-10-15 13:27:39 +02:00
Andrzej Kurek	db0e50ea70	Introduce MBEDTLS_OPTIMIZE_TINYCRYPT_ASM Make the ASM optimizations in tinycrypt optional. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-10-14 14:32:50 +02:00
Andrzej Kurek	f4d2c7de31	Improve FI resistance of pk verification in ssl_cli.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-20 02:15:16 +02:00
Andrzej Kurek	f74a86c0b0	Improve FI resistance of certificate verification in ssl_srv.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-20 01:57:30 +02:00
Andrzej Kurek	ef34494d80	ssl_srv.c: change the initial return variable value Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-20 00:29:43 +02:00
Andrzej Kurek	ff51721e99	ssl_tls: reduce the complexity of encryption validation Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-20 00:29:43 +02:00
Andrzej Kurek	8ec9e136cf	ssl_tls: Add a flag indicating that encryption succeeded Protect against encryption skipping by introducing a new flag. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-20 00:29:43 +02:00
Andrzej Kurek	6c30be8e4b	ssl: call signature verification twice for non-restartable operations Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-20 00:29:43 +02:00
Andrzej Kurek	69bafce7a3	Improve the FI resistance in ssl_tls.c key switching Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-19 12:45:20 +02:00
Andrzej Kurek	f7df0d37ab	Reduce the size of used constant in ssl_tls.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-19 12:00:57 +02:00
Andrzej Kurek	a793237998	Calculate hashes of ssl encryption and decryption keys Optimize the key switching mechanism to set the key only if a different operation is performed with the context. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-19 08:04:05 +02:00
Andrzej Kurek	d81351b047	Change the default value of initialized cipher operation to NONE This way, an initialized cipher context but without a key set can be identified. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-19 04:07:03 +02:00
Andrzej Kurek	73680ad5a2	Merge pull request #3694 from AndrzejKurek/transform-cipher-optimization Merge enc/dec cipher contexts in ssl transforms	2020-09-23 14:06:43 +01:00
Andrzej Kurek	1175044156	Merge enc/dec cipher contexts in ssl transforms Store the raw encryption and decryption keys in transforms to set them before each cipher operation. Add a config option for this - MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-09-17 23:51:58 +02:00
Shelly Liberman	05beb9ac70	replace user rand by platform rand in ecc delays Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>	2020-09-16 18:58:50 +03:00
Andrzej Kurek	9539f831b2	Swap out CRC calculation in AES in favour of a simple hash XOR the key bytes upon setting and re-check hash during each use. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-10 20:46:48 -04:00
Andrzej Kurek	8bb0839555	Add a deprecated version of mbedtls_platform_memcmp. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-09 02:18:12 -04:00
Andrzej Kurek	c87e91ce2b	Merge pull request #3553 from AndrzejKurek/crc-calculation-base Validate AES keys after each use checking CRC	2020-08-13 12:42:54 +02:00
Piotr Nowicki	305a5ec496	Checking in critical places if secured memset() and memcpy() was successful Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:22:20 +02:00
Piotr Nowicki	ea8e846fdc	Add flow monitor for mbedtls_platform_memcpy() and mbedtls_platform_memmove() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:22:06 +02:00
Piotr Nowicki	a6348edc23	Checking in critical places if the mbedtls_platform_zeroize() was successful Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:12:20 +02:00
Piotr Nowicki	ed840dbcd8	Add flow montitor to the mbedtls_platform_memset() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:12:20 +02:00
Piotr Nowicki	26c33692b0	Fix CI failure. For ASanDbg tests of the earlier implementation of the mbedtls_platform_random_in_range(), there was no case where ‘shift’ value was zero. Such a case generated a bit shift of 32, which is treated as an error by ASanDbg. Increasing the ‘shift’ value by one ensures that it will always be non-zero. Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:41:34 +02:00
Piotr Nowicki	057daa3b28	Random delay can be disabled in configuration Use random delay depending on whether MBEDTLS_FI_COUNTERMEASURES is defined Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:41:34 +02:00
Piotr Nowicki	77b7a7754c	Expanded the random number generator in the `platform_util.c` file The earlier implementation had two problems: the random generator always returned 0 if the MBEDTLS_ENTROPY_HARDWARE_ALT flag was not defined and there was no protection needed if the HW RNG was malfunctioning. Both these problems have been solved in this commit by adding the linear congruential generator algorithm. Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:41:34 +02:00
Piotr Nowicki	8656fc6525	Change the value type in the mbedtls_platform_random_in_range() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:38:25 +02:00
Piotr Nowicki	fa635dfaa1	Merge pull request #3448 from piotr-now/platform_util Renamed mbedtls_platform_memcmp() to mbedtls_platform_memequal()	2020-08-11 14:30:35 +02:00
Andrzej Kurek	8fba6e99ce	Merge pull request #3532 from AndrzejKurek/fi-hmac-drbg-fixes Fi-related hmac_drbg fixes	2020-08-10 19:02:25 +02:00
Andrzej Kurek	0305753d7a	Merge pull request #3477 from AndrzejKurek/aes-fake-key Use a fake random key in AES calculations	2020-08-10 13:05:46 +02:00
Piotr Nowicki	e3c4ee51b2	Rename mbedtls_platform_memcmp() to mbedtls_platform_memequal() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-10 12:41:00 +02:00
Andrzej Kurek	e4f865d53c	Makefile: alphabetically order object files Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-08 19:08:26 -04:00
Andrzej Kurek	fba5921186	aes: validate keys using crc before encryption/decryption CRC is calculated when the key is set. This commit also adds new tests for ecb encryption and decryption, simulating a fault injection after the key is set. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-08 19:06:44 -04:00
Andrzej Kurek	9df2b416b9	Add a CRC module to mbedtls and baremetal config Add a new CRC module along with some tests for it. The table and the CRC function body is generated using pycrc v0.9.2. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-08 02:10:52 -04:00
Shelly Liberman	c6319a70ab	Merge pull request #3514 from shelib01/fi_write_user_data Fi write user data	2020-08-06 07:41:15 +03:00
Shelly Liberman	3799fc1578	Splitting buffers comment added Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>	2020-08-05 17:53:31 +03:00
Shelly Liberman	c6a7e6b0c4	Enhancement fixes Co-authored-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>	2020-08-05 15:40:15 +03:00
shelib01	4062d6ca68	Add user pointer and data size duplication to ssl context. Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>	2020-08-05 15:01:05 +03:00
Andrzej Kurek	e9cb642748	Merge pull request #3516 from AndrzejKurek/fi-pkparse-changes FI-related pkparse.c fixes	2020-08-03 12:14:22 +02:00
Andrzej Kurek	7400fae7ee	Merge pull request #3510 from AndrzejKurek/fi-pk-fixes pk.c FI-related fixes	2020-08-03 12:14:06 +02:00
Andrzej Kurek	898d330148	Merge pull request #3500 from AndrzejKurek/fi-sha256-fixes Introduce sha256 security review fixes	2020-08-03 12:13:40 +02:00
Andrzej Kurek	84afe68ad4	Merge pull request #3509 from AndrzejKurek/fi-x509-changes x509.c: Remove one unnecessary cast	2020-08-03 12:11:47 +02:00
Andrzej Kurek	4353b698ed	hmac_drbg: make no reseeding behaviour explicit Add a flag to the hmac_drbg context that will signal that reseeding is not required. Change tests and one ecdsa call to not use reseeding, as was the previous case. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-19 09:00:18 -04:00

1 2 3 4 5 ...

5098 commits