Replace memcmp with mbedtls_ct_memcmp in PSA MAC verify_finish entries
(CMAC, HMAC-transparent, HMAC-opaque) to prevent timing side-channel
MAC forgery, and unconditionally zeroize the locally-computed MAC on
the stack before return so a later stack-disclosure primitive cannot
recover the valid MAC.
Replace bzero with mbedtls_platform_zeroize in AES context free paths.
feat(esp_tee): Clear out all sensitive buffers explicitly after TEE cryptographic operations
Closes IDF-15671
See merge request espressif/esp-idf!48004
fix(esp_crt_bundle): fixes verification failures with cross signed certificates
Closes IDFGH-17582 and IDFGH-17627
See merge request espressif/esp-idf!47966
esp_mem.c in the builtin target via
target_sources(builtin PRIVATE ...) called from the parent CMakeLists.
This cross-directory source injection causes CMake's Ninja generator on
Windows to produce unstable TARGET_PDB/RSP_FILE paths across
reconfigures, changing the ninja command hash and forcing a re-archive
of libmbed-builtin.a on every cmake run — even when no source changed.
This broke test_rebuild_source_files.
Fix by adding esp_mem.c to the IDF mbedtls component library
(mbedtls_srcs) instead. The final ELF link uses --start-group, so
builtin's platform.o resolves esp_mbedtls_mem_calloc/free from the
component library regardless of archive order. esp_mem.c is IDF-specific
code (heap_caps_calloc, sdkconfig.h) and belongs in the port layer, not
in any submodule target.
esp_hmac_abort_opaque() had an inverted guard that called
mbedtls_platform_zeroize() on the context only when the context pointer
was NULL, dereferencing NULL and skipping cleanup of valid contexts.
Effect:
* Calling the abort path with a NULL pointer crashes (NULL write)
instead of being a safe no-op.
* The valid (non-NULL) HMAC opaque operation context is never zeroized
on abort, leaving sensitive intermediate HMAC state and key handle
references in operation memory until the buffer is overwritten or
freed.
Fix: invert the check so zeroization runs only when the context pointer
is non-NULL.
platform.c (compiled into the 'builtin' archive) calls
esp_mbedtls_mem_calloc and esp_mbedtls_mem_free directly by name via
the MBEDTLS_PLATFORM_STD_CALLOC/FREE macros in esp_config.h.
Previously, esp_mem.c was compiled into the 'tfpsacrypto' archive, which
appears after 'builtin' in the link command, causing the linker to fail
with undefined reference errors when 'builtin' was processed first.
Moving esp_mem.c into 'builtin' to assure that the function used by
esp_mbedtls_mem_calloc and esp_mbedtls_mem_free are available when
pltform.c is linked.
The Key Manager holds a key usage register, thus, the Key Manager peripheral
clock must be enabled even for efuses-based key operations to route the
crypto operations to correctly to the efuses (default is Key Manager)
