diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt new file mode 100644 index 0000000000..a3f4b96573 --- /dev/null +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -0,0 +1,3 @@ +Removals + * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. + Fixes #5903. diff --git a/SECURITY.md b/SECURITY.md index 7ed72de921..9506eb9134 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -128,7 +128,7 @@ even a remote. The attacks can result in key recovery. - Turn on hardware acceleration for AES. This is supported only on selected architectures and currently only available for AES. See configuration options - `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` and `MBEDTLS_PADLOCK_C` for details. + `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details. - Add a secure alternative implementation (typically hardware acceleration) for the vulnerable cipher. See the [Alternative Implementations Guide](docs/architecture/alternative-implementations.md) for more information. diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index ecdecea5ee..0e7bc684d2 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -56,7 +56,6 @@ * * Required by: * MBEDTLS_AESNI_C - * MBEDTLS_PADLOCK_C * * Comment to disable the use of assembly code. */ diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index eacdea7c3a..549d47c956 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -46,7 +46,7 @@ Generally, alternative implementations can define their context types to any C t Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`. -* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`. +* AES: if `MBEDTLS_AESNI_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`. * DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`. * ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`. * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set. diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index d5eb1fd5c2..a07c8a5f98 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -35,7 +35,7 @@ #include #include -/* padlock.c and aesni.c rely on these values! */ +/* aesni.c relies on these values! */ #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ @@ -64,19 +64,15 @@ typedef struct mbedtls_aes_context { int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES round keys in the buffer. */ -#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C) +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold 10 round keys for 128-bit case. */ #else uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can hold 32 extra Bytes, which can be used for - one of the following purposes: - */ -#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */ + simplifying key expansion in the 256-bit + case by generating an extra round key. */ +#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ } mbedtls_aes_context; diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 186589ac5b..d101dee3ae 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -45,7 +45,6 @@ * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B - * PADLOCK 1 0x0030-0x0030 * DES 2 0x0032-0x0032 0x0033-0x0033 * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 35921412c6..2e98c3aae5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -40,12 +40,10 @@ * library/aria.c * library/bn_mul.h * library/constant_time.c - * library/padlock.h * * Required by: * MBEDTLS_AESCE_C * MBEDTLS_AESNI_C (on some platforms) - * MBEDTLS_PADLOCK_C * * Comment to disable the use of assembly code. */ @@ -3010,20 +3008,6 @@ */ #define MBEDTLS_OID_C -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - /** * \def MBEDTLS_PEM_PARSE_C * diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5ccbe64161..9b26b6b102 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -53,7 +53,6 @@ set(src_crypto memory_buffer_alloc.c nist_kw.c oid.c - padlock.c pem.c pk.c pk_ecc.c diff --git a/library/Makefile b/library/Makefile index 4eadf41053..014e0caab4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -145,7 +145,6 @@ OBJS_CRYPTO= \ memory_buffer_alloc.o \ nist_kw.o \ oid.o \ - padlock.o \ pem.o \ pk.o \ pk_ecc.o \ diff --git a/library/aes.c b/library/aes.c index b1a5c3ed10..72e2c57450 100644 --- a/library/aes.c +++ b/library/aes.c @@ -30,21 +30,6 @@ #endif #endif -#if defined(MBEDTLS_ARCH_IS_X86) -#if defined(MBEDTLS_PADLOCK_C) -#if !defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites" -#endif -#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \ - "MBEDTLS_PADLOCK_C is set" -#endif -#endif -#endif - -#if defined(MBEDTLS_PADLOCK_C) -#include "padlock.h" -#endif #if defined(MBEDTLS_AESNI_C) #include "aesni.h" #endif @@ -67,10 +52,6 @@ #if !defined(MBEDTLS_AES_ALT) -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) -static int aes_padlock_ace = -1; -#endif - #if defined(MBEDTLS_AES_ROM_TABLES) /* * Forward S-box @@ -527,8 +508,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) * Note that the offset is in units of elements of buf, i.e. 32-bit words, * i.e. an offset of 1 means 4 bytes and so on. */ -#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \ - (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2) +#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2 #define MAY_NEED_TO_ALIGN #endif @@ -537,15 +517,6 @@ MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf) #if defined(MAY_NEED_TO_ALIGN) int align_16_bytes = 0; -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (aes_padlock_ace == -1) { - aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); - } - if (aes_padlock_ace) { - align_16_bytes = 1; - } -#endif - #if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2 if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { align_16_bytes = 1; @@ -1000,13 +971,15 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ -/* VIA Padlock and our intrinsics-based implementation of AESNI require - * the round keys to be aligned on a 16-byte boundary. We take care of this - * before creating them, but the AES context may have moved (this can happen - * if the library is called from a language with managed memory), and in later - * calls it might have a different alignment with respect to 16-byte memory. - * So we may need to realign. +/* + * Our intrinsics-based implementation of AESNI requires the round keys to be + * aligned on a 16-byte boundary. We take care of this before creating them, + * but the AES context may have moved (this can happen if the library is + * called from a language with managed memory), and in later calls it might + * have a different alignment with respect to 16-byte memory. So we may need + * to realign. */ +#if defined(MAY_NEED_TO_ALIGN) MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) { unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf); @@ -1017,7 +990,7 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) ctx->rk_offset = new_offset; } } - +#endif /* MAY_NEED_TO_ALIGN */ /* * AES-ECB block encryption/decryption */ @@ -1046,12 +1019,6 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, } #endif -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (aes_padlock_ace > 0) { - return mbedtls_padlock_xcryptecb(ctx, mode, input, output); - } -#endif - #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_DECRYPT) { @@ -1092,18 +1059,6 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; } -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (aes_padlock_ace > 0) { - if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) { - return 0; - } - - // If padlock data misaligned, we just fall back to - // unaccelerated mode - // - } -#endif - const unsigned char *ivp = iv; if (mode == MBEDTLS_AES_DECRYPT) { @@ -1860,11 +1815,6 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES note: using AESNI.\n"); } else #endif -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) { - mbedtls_printf(" AES note: using VIA Padlock.\n"); - } else -#endif #if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { mbedtls_printf(" AES note: using AESCE.\n"); diff --git a/library/padlock.c b/library/padlock.c deleted file mode 100644 index 1f006910c2..0000000000 --- a/library/padlock.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * VIA PadLock support functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * This implementation is based on the VIA PadLock Programming Guide: - * - * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/ - * programming_guide.pdf - */ - -#include "common.h" - -#if defined(MBEDTLS_PADLOCK_C) - -#include "padlock.h" - -#include - -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - -/* - * PadLock detection routine - */ -int mbedtls_padlock_has_support(int feature) -{ - static int flags = -1; - int ebx = 0, edx = 0; - - if (flags == -1) { - asm ("movl %%ebx, %0 \n\t" - "movl $0xC0000000, %%eax \n\t" - "cpuid \n\t" - "cmpl $0xC0000001, %%eax \n\t" - "movl $0, %%edx \n\t" - "jb 1f \n\t" - "movl $0xC0000001, %%eax \n\t" - "cpuid \n\t" - "1: \n\t" - "movl %%edx, %1 \n\t" - "movl %2, %%ebx \n\t" - : "=m" (ebx), "=m" (edx) - : "m" (ebx) - : "eax", "ecx", "edx"); - - flags = edx; - } - - return flags & feature; -} - -/* - * PadLock AES-ECB block en(de)cryption - */ -int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]) -{ - int ebx = 0; - uint32_t *rk; - uint32_t *blk; - uint32_t *ctrl; - unsigned char buf[256]; - - rk = ctx->buf + ctx->rk_offset; - - if (((long) rk & 15) != 0) { - return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED; - } - - blk = MBEDTLS_PADLOCK_ALIGN16(buf); - memcpy(blk, input, 16); - - ctrl = blk + 4; - *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9); - - asm ("pushfl \n\t" - "popfl \n\t" - "movl %%ebx, %0 \n\t" - "movl $1, %%ecx \n\t" - "movl %2, %%edx \n\t" - "movl %3, %%ebx \n\t" - "movl %4, %%esi \n\t" - "movl %4, %%edi \n\t" - ".byte 0xf3,0x0f,0xa7,0xc8 \n\t" - "movl %1, %%ebx \n\t" - : "=m" (ebx) - : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) - : "memory", "ecx", "edx", "esi", "edi"); - - memcpy(output, blk, 16); - - return 0; -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/* - * PadLock AES-CBC buffer en(de)cryption - */ -int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - int ebx = 0; - size_t count; - uint32_t *rk; - uint32_t *iw; - uint32_t *ctrl; - unsigned char buf[256]; - - rk = ctx->buf + ctx->rk_offset; - - if (((long) input & 15) != 0 || - ((long) output & 15) != 0 || - ((long) rk & 15) != 0) { - return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED; - } - - iw = MBEDTLS_PADLOCK_ALIGN16(buf); - memcpy(iw, iv, 16); - - ctrl = iw + 4; - *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9); - - count = (length + 15) >> 4; - - asm ("pushfl \n\t" - "popfl \n\t" - "movl %%ebx, %0 \n\t" - "movl %2, %%ecx \n\t" - "movl %3, %%edx \n\t" - "movl %4, %%ebx \n\t" - "movl %5, %%esi \n\t" - "movl %6, %%edi \n\t" - "movl %7, %%eax \n\t" - ".byte 0xf3,0x0f,0xa7,0xd0 \n\t" - "movl %1, %%ebx \n\t" - : "=m" (ebx) - : "m" (ebx), "m" (count), "m" (ctrl), - "m" (rk), "m" (input), "m" (output), "m" (iw) - : "memory", "eax", "ecx", "edx", "esi", "edi"); - - memcpy(iv, iw, 16); - - return 0; -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */ - -#endif /* MBEDTLS_PADLOCK_C */ diff --git a/library/padlock.h b/library/padlock.h deleted file mode 100644 index 92d72af516..0000000000 --- a/library/padlock.h +++ /dev/null @@ -1,111 +0,0 @@ -/** - * \file padlock.h - * - * \brief VIA PadLock ACE for HW encryption/decryption supported by some - * processors - * - * \warning These functions are only for internal use by other library - * functions; you must not call them directly. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_PADLOCK_H -#define MBEDTLS_PADLOCK_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/aes.h" - -#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ - -#if defined(__has_feature) -#if __has_feature(address_sanitizer) -#define MBEDTLS_HAVE_ASAN -#endif -#endif - -/* - * - `padlock` is implements with GNUC assembly for x86 target. - * - Some versions of ASan result in errors about not enough registers. - */ -#if defined(MBEDTLS_PADLOCK_C) && \ - defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \ - defined(MBEDTLS_HAVE_ASM) && \ - !defined(MBEDTLS_HAVE_ASAN) - -#define MBEDTLS_VIA_PADLOCK_HAVE_CODE - -#include - -#define MBEDTLS_PADLOCK_RNG 0x000C -#define MBEDTLS_PADLOCK_ACE 0x00C0 -#define MBEDTLS_PADLOCK_PHE 0x0C00 -#define MBEDTLS_PADLOCK_PMM 0x3000 - -#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15)) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Internal PadLock detection routine - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param feature The feature to detect - * - * \return non-zero if CPU has support for the feature, 0 otherwise - */ -int mbedtls_padlock_has_support(int feature); - -/** - * \brief Internal PadLock AES-ECB block en(de)cryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 if success, 1 if operation failed - */ -int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]); - -/** - * \brief Internal PadLock AES-CBC buffer en(de)cryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if success, 1 if operation failed - */ -int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); - -#ifdef __cplusplus -} -#endif - -#endif /* HAVE_X86 */ - -#endif /* padlock.h */ diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 0134c94f07..b3acb0e6c3 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -36,7 +36,7 @@ my $error_format_file = $data_dir.'/error.fmt'; my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 - NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 + NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); my @high_level_modules = qw( CIPHER DHM ECP MD PEM PK PKCS12 PKCS5 diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1ea70ff5fb..93054e5c79 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2440,9 +2440,8 @@ component_build_module_alt () { scripts/config.py full # Disable options that are incompatible with some ALT implementations: - # aesni.c and padlock.c reference mbedtls_aes_context fields directly. + # aesni.c references mbedtls_aes_context fields directly. scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C # MBEDTLS_ECP_RESTARTABLE is documented as incompatible. scripts/config.py unset MBEDTLS_ECP_RESTARTABLE @@ -4153,9 +4152,6 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then - if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - return 1 - fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then return 1 @@ -4176,7 +4172,7 @@ component_build_aes_variations() { build_test_config_combos library/aes.o validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" cd "$MBEDTLS_ROOT_DIR" @@ -4193,7 +4189,7 @@ component_build_aes_variations() { build_test_config_combos library/aes.o validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" } @@ -4536,7 +4532,6 @@ component_test_aesni_m32 () { # ~ 60s msg "build: default config with different AES implementations" scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY scripts/config.py set MBEDTLS_HAVE_ASM @@ -4548,11 +4543,9 @@ component_test_aesni_m32 () { # ~ 60s ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" grep -q "AES note: using AESNI" ./programs/test/selftest grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q "AES note: using VIA Padlock" ./programs/test/selftest grep -q mbedtls_aesni_has_support ./programs/test/selftest scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean @@ -4561,7 +4554,6 @@ component_test_aesni_m32 () { # ~ 60s ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." grep -q "AES note: using AESNI" ./programs/test/selftest not grep -q "AES note: built-in implementation." ./programs/test/selftest - not grep -q "AES note: using VIA Padlock" ./programs/test/selftest not grep -q mbedtls_aesni_has_support ./programs/test/selftest } @@ -4573,7 +4565,6 @@ support_test_aesni_m32_clang() { component_test_aesni_m32_clang() { scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY scripts/config.py set MBEDTLS_HAVE_ASM @@ -4585,7 +4576,6 @@ component_test_aesni_m32_clang() { ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" grep -q "AES note: using AESNI" ./programs/test/selftest grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q "AES note: using VIA Padlock" ./programs/test/selftest grep -q mbedtls_aesni_has_support ./programs/test/selftest } @@ -4744,24 +4734,6 @@ component_build_sha_armce () { not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o } -# For timebeing, no VIA Padlock platform available. -component_build_aes_via_padlock () { - - msg "AES:VIA PadLock, build with default configuration." - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - grep -q mbedtls_padlock_has_support ./programs/test/selftest - -} - -support_build_aes_via_padlock_only () { - ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \ - [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \ - [ "`dpkg --print-foreign-architectures`" == "i386" ] -} - support_build_aes_aesce_armcc () { support_build_armcc } @@ -4769,7 +4741,6 @@ support_build_aes_aesce_armcc () { component_test_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py unset MBEDTLS_PADLOCK_C make CFLAGS='-O2 -Werror -Wall -Wextra' @@ -4781,7 +4752,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_PADLOCK_C make CC=clang CFLAGS='-Werror -Wall -Wextra' @@ -4792,7 +4762,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { component_test_aes_only_128_bit_keys_have_builtins () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C @@ -4808,7 +4777,6 @@ component_test_aes_only_128_bit_keys_have_builtins () { component_test_gcm_largetable () { msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C" scripts/config.py set MBEDTLS_GCM_LARGE_TABLE - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C @@ -5206,7 +5174,6 @@ component_test_m32_no_asm () { msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" @@ -5287,7 +5254,6 @@ component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' @@ -5299,7 +5265,6 @@ component_test_have_int64 () { msg "build: gcc, force 64-bit bignum limbs" scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' @@ -5311,7 +5276,6 @@ component_test_have_int32_cmake_new_bignum () { msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT