cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-09 15:22:11 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,375 Commits 7 Branches 115 Tags
Commit Graph

18375 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JonathanWitthoeft
930679a1d7 Make mbedtls_ecdsa_can_do definition unconditional 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:48 +02:00
JonathanWitthoeft
bfb0b39460 Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT 
When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail

Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:47 +02:00
Dave Rodgman
ba1d63e36f
Merge pull request #1085 from daverodgman/update-ct-changelog-2.28 
Backport 2.28: Update padding const-time fix changelog
 2023-09-28 11:34:03 +01:00
Dave Rodgman
0ea272d110 Update padding const-time fix changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-27 16:31:33 +01:00
Dave Rodgman
dce82cd914
Merge pull request #8254 from paul-elliott-arm/fix_travis_coverity_build_2_28 
[Backport 2.28] Re-add python install of requirements to Travis CI.
 2023-09-26 16:56:17 +00:00
Dave Rodgman
7a8ec0f56c
Merge pull request #8209 from lpy4105/issue/8168/2.28_fix-aesni-selection 
2.28: Fix AESNI selection
 2023-09-26 16:55:28 +00:00
Paul Elliott
13481f0439 Re-add python install of requirements to Travis CI. 
Also correct 'distro to 'dist' and update ubuntu to jammy and python
to 3.10 to hopefully fend off future issues. Too much got removed
when disabling travis and the Coverity scan build was failing on 'make
generated-files', due to lack of installed python dependencies

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-26 16:04:44 +01:00
Pengyu Lv
8068b0835b Fix comment 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-26 09:27:04 +08:00
Gilles Peskine
9fe480a5f6
Merge pull request #1081 from waleed-elmelegy-arm/backport_check-set_padding-is-called 
Backport 2.28: Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:41 +02:00
Waleed Elmelegy
916ed7b8db restore internal comment in cipher.h due to LTS 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-25 15:18:48 +01:00
Waleed Elmelegy
8ce42ebd87 Remove invalid comments from cipher.h 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-25 14:21:49 +01:00
Manuel Pégourié-Gonnard
e4138e3279 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:13:24 +01:00
Manuel Pégourié-Gonnard
8013e685f5 Clarify calling sequence in the Cipher layer 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:12:08 +01:00
Manuel Pégourié-Gonnard
3697954ac6 Fix inconsistent documentation of cipher_setup() 
- the \internal note said that calling cipher_init() first would be made
mandatory later, but the documention of the ctx parameter already said
the context had to be initialized...
- the documentation was using the word initialize for two different
meanings (calling setup() vs calling init()), making the documentation
of the ctx parameter quite confusing (you must initialize before you can
initialize...)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:10:49 +01:00
Dave Rodgman
fb6f2cc9d7
Merge pull request #1082 from daverodgman/padding-ct-changelog-2.28 
Backport 2.28: Add Changelog for CT fixes
 2023-09-25 14:02:16 +01:00
Dave Rodgman
0ab94d1239
Merge pull request #1077 from daverodgman/better-ct-2.28 
2.28 backport - Use CT module more consistently
 2023-09-25 11:50:16 +01:00
Dave Rodgman
e8358d400f Add Changelog for CT fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-25 11:34:35 +01:00
Gilles Peskine
b53e630d8a
Merge pull request #8245 from paul-elliott-arm/remove_travis_ci_2.28 
[Backport 2.28] Remove all travis builds except for coverity_scan
 2023-09-24 19:59:13 +02:00
Paul Elliott
471425def2 Remove all travis builds except for coverity_scan 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-22 17:58:57 +01:00
Waleed Elmelegy
08fd33a875 Add warning to mbedtls_cipher_setup() about setting padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-22 14:45:25 +01:00
Gilles Peskine
f8fc956714
Merge pull request #1072 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer-2.28 
Backport 2.28: Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:01 +02:00
Gilles Peskine
326ba3c0bb mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher 
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:25:05 +02:00
Gilles Peskine
dc48f6ed27 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a stream cipher (RC4 or null). Test the
good case (to make sure the test code constructs the input correctly), test
with an invalid MAC, and test with a shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:25:05 +02:00
Gilles Peskine
2198cc5273 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:38 +02:00
Gilles Peskine
027e1b4b3d Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:38 +02:00
Gilles Peskine
9013b818c6 Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:36 +02:00
Pengyu Lv
20384f416e Fix the comments of some guards 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-21 10:14:16 +08:00
Dave Rodgman
6063d82f04 Correct macro guards in constant_time_internal.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 21:54:15 +01:00
Dave Rodgman
5ea6bb06a7 Add cast for MSVC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 20:14:15 +01:00
Dave Rodgman
caa942569f Improve return value handling 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:26:08 +01:00
Dave Rodgman
e0ad9a4707 Misc CT robustness improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:26:08 +01:00
Dave Rodgman
1924adbf99 Fix macro guards for mbedtls_ct_size_mask 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 18:00:47 +01:00
Dave Rodgman
1d52368e85 build fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 16:26:49 +01:00
Dave Rodgman
c1a17f5458 CT fix for get_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
51773aa68b CT fix for get_zeros_and_len_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
df254f6bb6 CT fix for get_one_and_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
9f3f73d212 CT fix for get_pkcs_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
40dc3b3727 CT fixes in nist_kw 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
954a2da1e4 Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
c280520999 Eliminate duplicate ct memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
f4cf4a6e25
Merge pull request #1070 from gilles-peskine-arm/merge-2.28-restricted-20230915 
Merge mbedtls-2.28 into restricted
 2023-09-20 12:07:55 +01:00
Gilles Peskine
3591cc61f2
Merge pull request #8103 from gilles-peskine-arm/7961-2.28 
Backport 2.28: parts of #7961
 2023-09-18 08:13:08 +00:00
Gilles Peskine
433aa1cc5c
Merge pull request #8218 from paul-elliott-arm/remove_unused_values_programs_2_28 
Backport 2.28: Remove unneeded setting of ret from ssl programs
 2023-09-18 08:13:05 +00:00
Paul Elliott
2391649e7e Remove unneeded setting of ret from ssl programs 
Remove a coverity warning on unused values.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-15 17:45:43 +01:00
Gilles Peskine
fac34d7dbf
Merge pull request #1065 from waleed-elmelegy-arm/backport-add-new-pkcs12-pbe2-ext-fun 
Backport 2.28: Add new pkcs12 pbe2 ext fun
 2023-09-15 18:43:00 +02:00
Gilles Peskine
9cacae3c7a Merge remote-tracking branch 'upstream-public/mbedtls-2.28' into HEAD 2023-09-15 18:32:36 +02:00
Waleed Elmelegy
d24b546f3d Reduce line size in new pkcs function changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-15 15:35:08 +01:00
Waleed Elmelegy
58ed2318c5 Modify changelog entry to add pkcs12 pbe functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-15 15:34:47 +01:00
Waleed Elmelegy
f919393e05 Return back to modifying input parameters in pkcs12_parse_pbe_params 
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-15 15:34:25 +01:00
Waleed Elmelegy
6060cf1043 Add new mbedtls_pkcs12_pbe_ext function to replace old function 
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-15 15:33:39 +01:00