cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-07 06:05:03 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,383 Commits 7 Branches 115 Tags
Commit Graph

18383 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Janos Follath
09cd7dd96a
Merge pull request #8660 from ivq/fix_ecp_comment 
Fix a comment in ecp
 2024-02-13 12:12:10 +00:00
Tom Cosgrove
ede909f99a
Merge pull request #8798 from ivq/8665-backport 
Backport 2.28: Reduce many unnecessary static memory consumption
 2024-02-07 23:26:24 +00:00
Chien Wong
b6d57934bc
Reduce many unnecessary static memory consumption 
.data section of ssl_client1 becomes 128 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
 2024-02-07 21:48:12 +08:00
Gilles Peskine
856bf3ad09
Merge pull request #8781 from silabs-Kusumit/kdf_incorrect_initial_capacity_backport 
Backport 2.28: Fix KDF Incorrect Initial Capacity
 2024-02-06 17:29:33 +00:00
Kusumit Ghoderao
bfa27e33ff Fix kdf incorrect initial capacity 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-02-02 19:56:37 +05:30
Paul Elliott
6b36a5db07
Merge pull request #8771 from Redfoxymoon/mbedtls-2.28 
[backport 2.28] fix build for midipix
 2024-02-01 10:00:58 +00:00
Ørjan Malde
670100f475 fix build for midipix 
Signed-off-by: Ørjan Malde <red@foxi.me>
 2024-01-31 14:14:27 +01:00
Dave Rodgman
1b9cea30b1
Merge pull request #1159 from daverodgman/mbedtls-2.28.7rc 
Mbedtls 2.28.7rc
 2024-01-25 12:21:38 +00:00
Dave Rodgman
2866a6bb20 Merge remote-tracking branch 'restricted/mbedtls-2.28' into mbedtls-2.28.7rc 2024-01-22 16:48:18 +00:00
Dave Rodgman
555f84735a Update BRANCHES.md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:47:55 +00:00
Dave Rodgman
f154831067 bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:47:12 +00:00
Dave Rodgman
e557764cf3 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:46:41 +00:00
Paul Elliott
634748da23 Add Changelog for #8687 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-22 16:00:33 +00:00
Jonathan Winzig
e90cbc3d12 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 16:00:07 +00:00
Jonathan Winzig
d78496cccf Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 16:00:07 +00:00
Janos Follath
4a606d6f3f Update Marvin fix Changelog entry 
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:59:22 +00:00
Janos Follath
80a12f86f9 Add new internal header to visualc project 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
1a9a69778e Fix 'missing prototype' warnings 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
8cdb6064de Align Montgomery init with development 
The signature and naming of the Montgomrey initialisation function in
development and in the LTS was different. Align them for easier
readability and maintenance.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
f10bfbbe74 Add Changelog for the Marvin attack fix 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
eaeff5b75a Add warning for PKCS 1.5 decryption 
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
601bffc4ce Extend blinding to RSA result check 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
aa6760d7b5 Make RSA unblinding constant flow 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
4fe396f1e1 Move some bignum functions to internal header 
We will need a couple of low level functions to implement safe
unblinding in RSA.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
42175031ca Move calculating RR into a separate function 
So far we needed it only locally here, but we will need calculating RR
for safe unblinding in RSA as well.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Tom Cosgrove
c7e208d2fa
Merge pull request #8662 from LocutusOfBorg/mbedtls-2.28 
timing.c fix build failure with -O3 optimization level
 2024-01-18 13:52:02 +00:00
Gianfranco Costamagna
d7768235da Update library/timing.c 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
 2024-01-18 12:25:18 +01:00
Paul Elliott
56fd26cee9
Merge pull request #8640 from bensze01/release_components_2.28 
[Backport 2.28] Set OpenSSL/GnuTLS variables when running release components
 2024-01-11 15:38:23 +00:00
Paul Elliott
1296ac8348
Merge pull request #8695 from jwinzig-at-hilscher/mbedtls-2.28 
Backport 2.28: Fix bug in mbedtls_x509_set_extension
 2024-01-10 16:57:03 +00:00
Jonathan Winzig
a836a8499e Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-10 13:26:36 +01:00
Jonathan Winzig
61f4fc24a9 Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-10 13:26:12 +01:00
Manuel Pégourié-Gonnard
05bd9a9455
Merge pull request #8685 from gilles-peskine-arm/asymmetric_key_data-secpr1-2.28 
Backport 2.28: Fix incorrect test data for SECP_R1 in automatically generated tests
 2024-01-09 11:06:41 +00:00
Gilles Peskine
1bc4348477 Indicate which curves Mbed TLS supports 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-09 09:55:24 +01:00
Gilles Peskine
4bc4a2d6a5 Note unusual curve size 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-09 09:55:24 +01:00
Gilles Peskine
6bf4dfc8db Fix typo in curve name 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-09 09:55:24 +01:00
Gilles Peskine
fafc6cd201 Update generated test data files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-09 09:55:24 +01:00
Gilles Peskine
64dcb78e42 Add test data for secp192r1 
Same generation methodology as 0cbaf056fadf60228b32245aeba893959be31ede:

```
openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-192 -text |perl -0777 -pe 's/.*\npriv:([\n 0-9a-f:]*)pub:([\n 0-9a-f:]*).*/"$1","$2"/s or die; y/\n ://d; s/,/,\n              /;'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-09 09:53:54 +01:00
Gilles Peskine
92b90b848a Fix mixup between secp224r1 and secp224k1 in test scripts 
secp224k1 is the one with 225-bit private keys.

The consequences of this mistake were:

* We emitted positive test cases for hypothetical SECP_R1_225 and
  SECP_K1_224 curves, which were never executed.
* We emitted useless not-supported test cases for SECP_R1_225 and SECP_K1_224.
* We were missing positive test cases for SECP_R1_224 in automatically
  generated tests.
* We were missing not-supported test cases for SECP_R1_224 and SECP_K1_225.

Thus this didn't cause test failures, but it caused missing test coverage
and some never-executed test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-09 09:53:54 +01:00
Dave Rodgman
ffb18d2012
Merge pull request #8670 from daverodgman/default-compiler-all-2.28 
Backport CI perf: Use clang by default in all.sh
 2024-01-04 12:58:50 +00:00
Dave Rodgman
0fd07d5e10 Mark test function with MBEDTLS_MAYBE_UNUSED 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 11:37:35 +00:00
Dave Rodgman
52c294acb4 backport MBEDTLS_MAYBE_UNUSED 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 11:37:17 +00:00
Dave Rodgman
e42c23569b Don't use full path for setting CC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:35:35 +00:00
Dave Rodgman
9d2c67f8e2 Use gcc in test_full_deprecated_warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:35:16 +00:00
Dave Rodgman
ce04f24737 Add -O2 to some CFLAGS which were not setting it 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:34:31 +00:00
Dave Rodgman
374b188468 Don't specify gcc unless the test requires it 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:30:57 +00:00
Dave Rodgman
b046b9a96b Enable -O2 in depends.py 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:26:22 +00:00
Dave Rodgman
5b00fb111f Use gcc in test_psa_compliance 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:26:17 +00:00
Dave Rodgman
b0660c22d9 Ensure test_psa_compliance uses gcc 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:26:07 +00:00
Dave Rodgman
e0a2f6d08d Ensure clang is present 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:24:34 +00:00
Dave Rodgman
62be456449 Use clang by default 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-04 10:24:30 +00:00