cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-08-26 14:30:23 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,410 Commits 7 Branches 115 Tags
Commit Graph

18410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
043325d191 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
6122cb1013 Quote directory name from cmake wrapper 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
62ba696bae Undo not-needed change 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
e2317649dd Allow wrappers to be missing; quote directory name from make 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
0b069bd5b1 Avoid infinite loop 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
57783d7459 Extract common parts of quiet wrapper 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
6529f12d35 Tidy up quiet wrappers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
4cb98a930c Move quiet wrapper setup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:48 +00:00
Dave Rodgman
634fe908b7 Improve quote_args output readability 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:16 +00:00
Dave Rodgman
d4a5563417 Improve output from make/cmake wrapper 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:16 +00:00
Dave Rodgman
59f9df999d Always display make/cmake invocation command 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:16 +00:00
Dave Rodgman
75da313166 Pacify check_files 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:16 +00:00
Dave Rodgman
8470d114e2 Spelling fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:16 +00:00
Dave Rodgman
a0b7c08b60 Use quiet make wrappers from all.sh 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:14 +00:00
Dave Rodgman
99fa0d08d3 Create quiet wrappers for make and cmake 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:09:58 +00:00
Gilles Peskine
36e6bd6926
Merge pull request #8811 from gilles-peskine-arm/pk_import_into_psa-backports-2.28 
Backport 2.28: bugs fixed in "Implement mbedtls_pk_import_into_psa"
 2024-02-21 15:45:21 +00:00
Janos Follath
53e5adfca4
Merge pull request #8841 from BensonLiou/use_init_api-228 
use mbedtls_ssl_session_init() to init session variable
 2024-02-19 15:49:29 +00:00
Benson Liou
6805ff7892 use mbedtls_ssl_session_init() to init session variable 
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described

Signed-off-by: Benson Liou <benson.liou@sony.com>
 2024-02-17 00:19:10 +08:00
Gilles Peskine
049ea32931 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-15 15:32:47 +01:00
Gilles Peskine
039c903e7b
Merge pull request #8818 from forkiee2/mbedtls-2.28 
Backport 2.28: move entropy init prior arguments number recognition
 2024-02-14 13:43:32 +00:00
Tom Cosgrove
75c8e61ce0
Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28 
Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
 2024-02-14 11:18:28 +00:00
PiotrBzdrega
c609654665 newline at end of changelog file 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-13 22:12:23 +01:00
PiotrBzdrega
14e4727d0e fill out missing dot in changelog 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-13 17:09:40 +01:00
PiotrBzdrega
7c1cd5ae1c move entropy init prior arguments number recognition 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-13 16:59:05 +01:00
Janos Follath
09cd7dd96a
Merge pull request #8660 from ivq/fix_ecp_comment 
Fix a comment in ecp
 2024-02-13 12:12:10 +00:00
Gilles Peskine
0196f4886a Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:00:48 +01:00
Gilles Peskine
c89f9ceb41 Don't define pk_sign_verify in configurations where it's unused 
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:

```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```

This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 14:33:41 +01:00
Gilles Peskine
0af7a90329 depends.py: set unique configuration names in outcome file 
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.

Fix #7290

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 14:30:59 +01:00
Tom Cosgrove
ede909f99a
Merge pull request #8798 from ivq/8665-backport 
Backport 2.28: Reduce many unnecessary static memory consumption
 2024-02-07 23:26:24 +00:00
Chien Wong
b6d57934bc
Reduce many unnecessary static memory consumption 
.data section of ssl_client1 becomes 128 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
 2024-02-07 21:48:12 +08:00
Gilles Peskine
856bf3ad09
Merge pull request #8781 from silabs-Kusumit/kdf_incorrect_initial_capacity_backport 
Backport 2.28: Fix KDF Incorrect Initial Capacity
 2024-02-06 17:29:33 +00:00
Kusumit Ghoderao
bfa27e33ff Fix kdf incorrect initial capacity 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-02-02 19:56:37 +05:30
Paul Elliott
6b36a5db07
Merge pull request #8771 from Redfoxymoon/mbedtls-2.28 
[backport 2.28] fix build for midipix
 2024-02-01 10:00:58 +00:00
Ørjan Malde
670100f475 fix build for midipix 
Signed-off-by: Ørjan Malde <red@foxi.me>
 2024-01-31 14:14:27 +01:00
Dave Rodgman
1b9cea30b1
Merge pull request #1159 from daverodgman/mbedtls-2.28.7rc 
Mbedtls 2.28.7rc
 2024-01-25 12:21:38 +00:00
Dave Rodgman
2866a6bb20 Merge remote-tracking branch 'restricted/mbedtls-2.28' into mbedtls-2.28.7rc 2024-01-22 16:48:18 +00:00
Dave Rodgman
555f84735a Update BRANCHES.md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:47:55 +00:00
Dave Rodgman
f154831067 bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:47:12 +00:00
Dave Rodgman
e557764cf3 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:46:41 +00:00
Paul Elliott
634748da23 Add Changelog for #8687 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-22 16:00:33 +00:00
Jonathan Winzig
e90cbc3d12 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 16:00:07 +00:00
Jonathan Winzig
d78496cccf Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 16:00:07 +00:00
Janos Follath
4a606d6f3f Update Marvin fix Changelog entry 
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:59:22 +00:00
Janos Follath
80a12f86f9 Add new internal header to visualc project 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
1a9a69778e Fix 'missing prototype' warnings 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
8cdb6064de Align Montgomery init with development 
The signature and naming of the Montgomrey initialisation function in
development and in the LTS was different. Align them for easier
readability and maintenance.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
f10bfbbe74 Add Changelog for the Marvin attack fix 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
eaeff5b75a Add warning for PKCS 1.5 decryption 
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
601bffc4ce Extend blinding to RSA result check 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
aa6760d7b5 Make RSA unblinding constant flow 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00