-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import mbedtls 3.6.0 #6797
base: import/mbedtls-3.6.0
Are you sure you want to change the base?
Import mbedtls 3.6.0 #6797
Commits on Apr 29, 2024
-
Imports Mbed TLS 3.6.0 from https://github.com/Mbed-TLS/mbedtls.git tags mbedtls-3.6.0, v3.6.0 Files that are not needed are removed: cd lib/libmbedtls rm -rf mbedtls cp -R path/to/mbedtls-3.6.0/mbedtls . cd mbedtls rm CMakeLists.txt DartConfiguration.tcl Makefile rm .gitignore .travis.yml .pylintrc .globalrc .mypy.ini BRANCHES.md rm include/.gitignore include/CMakeLists.txt library/.gitignore rm library/CMakeLists.txt library/Makefile rm -r cmake rm -rf .git .github doxygen configs programs scripts tests visualc rm -rf 3rdparty ChangeLog.d docs pkgconfig .gitmodules .readthedocs.yaml rm library/mps_* cd .. git add mbedtls This time we leave library/psa_* present to enable TLS 1.3 features. This is a complete overwrite of previous code so earlier changes in the previous branch import/mbedtls-3.4.0 will be added on top of this commit. Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be> Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Configuration menu - View commit details
-
Copy full SHA for d34075d - Browse repository at this point
Copy the full SHA d34075dView commit details -
mbedtls: remove default include/mbedtls/config.h
Removes default config include/mbedtls/config.h Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jf: rebased onto mbedtls-2.28.1] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for d955b10 - Browse repository at this point
Copy the full SHA d955b10View commit details -
mbedtls: configure mbedtls to reach for config
Configures mbedtls to reach outside the imported source tree for configuration .h file. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0 and removed inclusion of check_config.h] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 75adae9 - Browse repository at this point
Copy the full SHA 75adae9View commit details -
libmbedtls: make mbedtls_mpi_mont*() available
Makes mbedtls_mpi_montg_init(), mbedtls_mpi_montmul() and mbedtls_mpi_montred() available for external use. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0, keep static functions] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jf: rebased onto mbedtls-2.28.1] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0, replace original functions] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 1ab314f - Browse repository at this point
Copy the full SHA 1ab314fView commit details -
libmbedtls: add mbedtls_mpi_init_mempool()
Adds mbedtls_mpi_init_mempool() which initializes a mbedtls_mpi struct to use the mempool mbedtls_mpi_mempool if configured for memory allocation. All local memory allocation are changed to use mbedtls_mpi_init_mempool() instead of mbedtls_mpi_init(). This will give a stack like alloc/free pattern for which the mempool is optimized. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0, fold fixup commit: 2df910b ("libmbedtls: mbedtls_mpi_shrink(): fix possible unwanted truncation"), adjust macro ECP_MPI_INIT] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0, adjust new coding style] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0, reintroduce mbedtls_mpi_zeroize] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 84fc0cf - Browse repository at this point
Copy the full SHA 84fc0cfView commit details -
libmedtls: mpi_miller_rabin: increase count limit
Increase the count limit when generating the witness in the Rabin-Miller primality test. The previous number 30 was too low to reliably detect 000000022770A7DC599BC90B2FF981CCB5CF05703344C8F350418AAD as a prime number. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebased onto mbedtls-2.22.0] [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for cdce1df - Browse repository at this point
Copy the full SHA cdce1dfView commit details -
libmbedtls: add interfaces in mbedtls for context memory operation
For integrating into OPTEE_OS, it needs add some interfaces: 1. add mbedtls_cipher_clone() for cipher to copy context between two operations. 2. add mbedtls_cipher_setup_info() for cipher. cipher need to get its "cipher_info" according the key length, while the key length is not an input in allocate function. So, use a default key len in the beginning. It need to reset the cipher info again in init function. 3. add mbedtls_cipher_cmac_setup() for cmac. This function is separate from mbedtls_cipher_cmac_starts(). 4. copy hmac context in md. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Edison Ai <edison.ai@arm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebase onto mbedtls-2.22.0] [jf: rebase onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jf: rebase onto mbedtls-2.28.1, fix typo in comment] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebase onto mbedtls-3.4.0, adjust new coding style] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebase onto mbedtls-3.6.0, adjust for changes between 3.4 and 3.6] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 78cf9d6 - Browse repository at this point
Copy the full SHA 78cf9d6View commit details -
In NO_CRT mode, Q and P may be invalid. But Q and P will be re-filled again if PRNG function is valid. So add judgement process if it is in NO_CRT mode. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Summer Qin <summer.qin@arm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: rebase onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebase onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for c350fe1 - Browse repository at this point
Copy the full SHA c350fe1View commit details -
When MBEDTLS_ECP_DP_SM2_ENABLED is set, adds support for the ECC curve defined for the Chinese SM2 algorithm (G/MT 0003 Part 5, [1]). Link: [1] http://www.gmbz.org.cn/upload/2018-07-24/1532401863206085511.pdf Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> [jf: rebased onto mbedtls-2.27.0] Signed-off-by: Jerome Forissier <jerome@forissier.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for ebf0a5a - Browse repository at this point
Copy the full SHA ebf0a5aView commit details -
libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()
Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp() when checking that the hash in the RSA signature is matching the expected value. FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local storage if fault mitigations was enabled when the function was called. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 48a37cf - Browse repository at this point
Copy the full SHA 48a37cfView commit details -
libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_veri…
…fy() Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using the macro FTMN_CALLEE_DONE_MEMCMP() instead of just mbedtls_safer_memcmp() when checking that the hash in the RSA signature is matching the expected value. FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local storage if fault mitigations was enabled when the function was called. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 7e5db0e - Browse repository at this point
Copy the full SHA 7e5db0eView commit details -
libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly
For chacha20 and chachapoly, the *_ctx_clone() function is missing and therefore the wrong function pointers are assigned to .ctx_clone_func and .ctx_free_func when MBEDTLS_CHACHA20_C or MBEDTLS_CHACHAPOLY_C is enabled. Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> [jw: rebased onto mbedtls-3.4.0] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 613ebdb - Browse repository at this point
Copy the full SHA 613ebdbView commit details -
libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode
For AES Key Wrap mode, the *_ctx_clone() function is missing and therefore the wrong function pointers are assigned to .ctx_clone_func and .ctx_free_func when MBEDTLS_NIST_KW_C is enabled. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-By: Jerome Forissier <jerome.forissier@linaro.org> [tve: rebased onto mbedtls-3.6.0] Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
Configuration menu - View commit details
-
Copy full SHA for 7246fa2 - Browse repository at this point
Copy the full SHA 7246fa2View commit details -
libmbedtls: allow inclusion of arm_neon.h
mbedtls/library/common.h includes arm_neon.h since 3.5.0, which collides with the definition of __section and __data in compiler.h. Temporarily remove those definitions while including arm_neon.h. Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be> Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Configuration menu - View commit details
-
Copy full SHA for fd642da - Browse repository at this point
Copy the full SHA fd642daView commit details -
libmbedtls: adjust use of rsa pk_wrap API
These functions now accept `mbedtls_pk_context` instead of `mbedtls_rsa_context`. Use this wrapper struct in `libmbedtls/core/rsa.c`. Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be> Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Configuration menu - View commit details
-
Copy full SHA for 338f146 - Browse repository at this point
Copy the full SHA 338f146View commit details -
libmbedtls: reset minimum rsa key size
MbedTLS set the default minimum key size to 1024, while test regression_4007 requires a minimum key size of 128. Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Configuration menu - View commit details
-
Copy full SHA for afd7e60 - Browse repository at this point
Copy the full SHA afd7e60View commit details