yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 18:55:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,616 Commits 88 Branches 205 Tags 69 MiB
c34d9cf37a
Commit Graph

10616 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hannes Tschofenig
c34d9cf37a Adding storage for public key to handshake_params 2020-12-03 17:37:06 +01:00
Hannes Tschofenig
77cddb3ef7 Adding early key computation config option 2020-12-03 17:36:00 +01:00
Hannes Tschofenig
3cb3db7961 Adding early key computation config check 2020-12-03 17:35:50 +01:00
Hannes Tschofenig
2279ffd2a0 Adding immediate message transmission 2020-12-03 15:52:35 +01:00
Hannes Tschofenig
dfa4bae320 Adding immediate transmission option 2020-12-03 15:49:35 +01:00
Hannes Tschofenig
cb6410c67d Wrapper function for calling parse_certificate_verify 2020-12-03 15:48:55 +01:00
Hannes Tschofenig
635f86874f Adding delayed server cert verification to client state machine 2020-12-03 15:48:32 +01:00
Hannes Tschofenig
4f8c88312c Adding wrapper function for certificate verification function 2020-12-03 15:48:12 +01:00
Hannes Tschofenig
f336c7ea71 Adding delayed server cert verification config option 2020-12-03 15:47:47 +01:00
Hannes Tschofenig
c7f6d7f75c Making sure that keep peer certificate option is set when server cert verification is used. 2020-12-03 15:47:31 +01:00
Andrzej Kurek
b0b1cdc059
Merge pull request #3932 from AndrzejKurek/tinycrypt-ecdh-test-vectors 
Tinycrypt - ecdh test vectors
 2020-12-02 11:43:35 -05:00
Shelly Liberman
c6603c501c
Merge pull request #3931 from shelib01/plat_rand_buf_FI_protection 
Platform  random buf FI mitigation added
 2020-12-02 13:30:25 +02:00
Andrzej Kurek
0e6c01796d Add NIST CAVP SP 800-56A tests for tinycrypt ecdh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-12-01 07:29:50 -05:00
Shelly Liberman
7326c62efb Add flow control to platform rnd buf 
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
 2020-12-01 14:04:51 +02:00
Shelly Liberman
26bea33674
Merge pull request #3899 from shelib01/masked-aes 
Masked AES 128 bit, encrypt only (boolean mask technique)
 2020-11-27 17:17:23 +02:00
Shelly Liberman
11c64885a6 After review fixes 
1. Formating
2. Check config added
3. Dependency description fixed

Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
 2020-11-26 23:58:41 +02:00
Andrzej Kurek
6994eb2b52
Merge pull request #3919 from AndrzejKurek/fi-flag-ccm-countermeasures 
Make CCM shuffling an masking optional
 2020-11-26 14:08:32 -05:00
Andrzej Kurek
7d0a6864d3 Make CCM shuffling and masking optional 
Add a define for CCM shuffling and masking operations.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-11-26 06:35:04 -05:00
Shelly Liberman
44b4229352 masked-aes CI problems fixes 
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
 2020-11-26 10:54:19 +02:00
Andrzej Kurek
ab3de1daff Add flow control protection to ccm 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-11-26 03:24:14 -05:00
Shelly Liberman
c907c81a3b aes boolean masking 
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
 2020-11-25 20:58:25 +02:00
Andrzej Kurek
8265f5cc4f
Merge pull request #3880 from AndrzejKurek/fi-random-delays 
Add random delays to sha256 to protect against fault injection
 2020-11-25 13:38:52 -05:00
Shelly Liberman
88da3c245b
Merge branch 'baremetal' into masked-aes 2020-11-25 18:32:19 +02:00
Shelly Liberman
cdebcfe1a3 aes boolean masking 
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
 2020-11-25 18:14:59 +02:00
Andrzej Kurek
9b92865bcd
Merge pull request #3850 from AndrzejKurek/ccm-clean-temp-data 
ccm - clean temp data
 2020-11-25 11:14:05 -05:00
Andrzej Kurek
549a35690c
Merge pull request #3890 from AndrzejKurek/fi-memcpy-memset-fail 
Add a callback for platform faults in platform_util.c
 2020-11-25 11:13:32 -05:00
Andrzej Kurek
1c448168b2
Merge pull request #3913 from jarvte/memfix_variablebuffer 
Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined
 2020-11-25 09:45:53 -05:00
Andrzej Kurek
7f81c86a0d Add a callback for platform faults in platform_util.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-11-25 06:53:59 -05:00
Andrzej Kurek
9bc6119bb9 Add random delays to sha256 to protect against fault injection 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-11-25 06:38:05 -05:00
Andrzej Kurek
142f09fb96 ccm: zeroize buffers before and after usage 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-11-25 06:20:43 -05:00
Andrzej Kurek
5eba1d82a2
Merge pull request #3841 from AndrzejKurek/baremetal-rnd-in-range-fix 
Move size checks outside of mbedtls_platform_random_in_range
 2020-11-25 11:41:40 +01:00
Andrzej Kurek
21f64d3633
Merge pull request #3840 from AndrzejKurek/baremetal-aes-shuffling-2 
CCM countermeasures - shuffling and masking
 2020-11-25 11:33:53 +01:00
Teppo Järvelin
b89cf99a57 Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is defined 
Signed-off-by: Teppo Järvelin <teppo.jarvelin@arm.com>
 2020-11-25 11:44:05 +02:00
Shelly Liberman
9e27b901b7
Merge pull request #3900 from shelib01/fix_uninitialized_var 
Fix uninitialized variables
 2020-11-25 11:25:51 +02:00
Shelly Liberman
c5b0c6e8ae fix uninitialized variables 
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
 2020-11-19 20:01:21 +02:00
Andrzej Kurek
18c60aaca1
ccm: use random_in_range instead of duplicating its functionality 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-11-18 12:37:41 +01:00
Andrzej Kurek
a138c0a0b0
Move size checks outside of mbedtls_platform_random_in_range 
Update the documentation to mention that calling it with zero
as an argument will result in an undefined behavior.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-11-12 17:05:51 +01:00
Shelly Liberman
560203ae01
Merge pull request #3853 from kjbracey-arm/m_narrowloop 
[baremetal] Avoid narrow loop counters etc
 2020-11-08 08:03:48 +02:00
Kevin Bracey
a967a58ed3 [baremetal] Avoid narrow loop counters etc 
Use `uint_fast8_t` instead of `unsigned char` in various loop-type
situations. This avoids the need for a 16 or 32-bit system to insert
explicit narrow-to-8-bit instructions.

Not the result of an exhaustive source analysis, rather inspecting
the disassembly output for a cut-down Cortex-M0+ build looking for
UXTB etc instructions, so there could well be more in the complete
configuration.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
 2020-11-06 10:56:16 +02:00
Shelly Liberman
e766628db1
Merge pull request #3827 from AndrzejKurek/ssl_server2_memory_fixes 
[baremetal] ssl_server2: move memory allocation to the beginning
 2020-11-05 13:37:22 +02:00
Shelly Liberman
356121903f
Merge pull request #3849 from kjbracey-arm/m_tlsopt 
[baremetal] micro-optimisations for Thumb and small configs
 2020-11-05 13:34:59 +02:00
Kevin Bracey
57d9bdc5f9 Reorder structures 
Place smallest items first, as this makes them most easily addressable
in Thumb architecture. 16-bit access instructions have a 5-bit offset
field, which is interpreted as bytes, halfwords, or words depending
on access size, so smaller fields have smaller range. Range is 0-31
times the access size.

The mbedtls_ssl_context structure is too large to be fully easily
accessed even for words, so reorder functional blocks to put more
frequently-referenced fields in the first 128 bytes, reducing
total code size.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
 2020-11-04 15:16:22 +02:00
Kevin Bracey
1d53ce33c4 Avoid bitfields 
Bitfields in context structures do not have sufficient (if any) RAM
payoff for the ROM complexity to manipulate them. Replace with
plain uint8_t.

On the smallest targets, the configuration options mean that there
are 4 or fewer members anyway, so a bitfield saves no RAM compared
to uint8_t.

ROM saving will be further increased if the uint8_t members are at the
start of the structure (when compiling for Thumb).

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
 2020-11-04 15:16:22 +02:00
Kevin Bracey
585e9e0922 Add MBEDTLS_SSL_CONF_TRANSPORT 
Follow the model of `MBEDTLS_SSL_CONF_ENDPOINT`. This saves a small
amount - most of the saving was already acheived via`
MBEDTLS_SSL_TRANSPORT_IS_TLS` but we can scrape out a little more by
totally eliminating `ssl->conf->transport` references.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
 2020-11-04 15:16:22 +02:00
Kevin Bracey
d859db833c Fix MBEDTLS_SSL_CONF_ENDPOINT flagging 
Compilation failed if MBEDTLS_SSL_CONF_ENDPOINT was set - add necessary
conditions.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
 2020-11-04 15:16:09 +02:00
Andrzej Kurek
8b0910a791
Merge pull request #3815 from AndrzejKurek/cipher-optim-mem-fix 
ssl_tls.c: Fix unchecked memory allocation
 2020-11-02 11:41:24 +01:00
Andrzej Kurek
0fa427b027
ccm: add masking to the UPDATE_CBC_MAC macro 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-10-31 17:55:21 +01:00
Andrzej Kurek
8bef87ee5e
Add basic shuffling and masking to CCM operations 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-10-31 10:19:07 +01:00
Andrzej Kurek
b7dc52a965
ssl_server2: move memory allocation to the beginning 
This way, even when an error is encountered early, the memory
will be deallocated properly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-10-27 16:46:18 +01:00
Shelly Liberman
938d4d3fa3
Merge pull request #3820 from shelib01/regularize_k_restore 
Restore tinycrypt implementation of regularize_k()
 2020-10-27 12:57:00 +02:00