cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-07 22:27:01 -04:00
Code Issues Packages Projects Releases Wiki Activity
17,866 Commits 7 Branches 115 Tags
Commit Graph

7340 Commits

Author SHA1 Message Date
aditya-deshpande-arm
1d00c3dea6 Add comments after #endif 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-09 15:08:36 +00:00
Gilles Peskine
760d1ffef9
Merge pull request #6554 from daverodgman/development-2.28 
Backport 2.28: Fix outdated reference in debug message
 2022-11-08 17:12:27 +01:00
Gilles Peskine
cb492102bf
Merge pull request #6380 from Kabbah/backport2.28-x509-info-hwmodulename-hex 
[Backport 2.28] `x509_info_subject_alt_name`: Render HardwareModuleName as hex
 2022-11-08 17:11:09 +01:00
Jan Bruckner
a084c93be9 Fix outdated reference in debug message 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2022-11-08 10:55:44 +00:00
Janos Follath
95655a2ba0 mpi_exp_mod: protect out of window zeroes 
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.

Loading the output variable from the table in constant time removes this
leakage.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-08 09:09:14 +00:00
Janos Follath
91c0286917 mpi_exp_mod: load the output variable to the table 
This is done in preparation for constant time loading that will be added
in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-08 09:09:14 +00:00
David Horstmann
b410566ba7 Reverse logic for compression in ssl_cli.c 
Change is_compression_ok() to is_compression_bad() for more semantics
that are a better match for what's really going on in the case of no
compression support.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 16:33:57 +00:00
David Horstmann
08a37516ff Minor style fixes to ssl_cli.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 15:55:00 +00:00
David Horstmann
bcc18f2bec Simplify PSA fallback logic in ssl_ticket.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:48:38 +00:00
David Horstmann
9fc2f959b3 Change 0-checks to NULL-checks in ecp.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:48:38 +00:00
David Horstmann
0955f82642 Tidy up compression logic with auxiliary function 
This refactors some logic in ssl_cli.c, removing some previously added
technical debt.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:48:29 +00:00
David Horstmann
0448de58d7 Simplify logic in ssl_cli.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:08:12 +00:00
David Horstmann
dbb6f08c3f Eliminate bad_params variable 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:08:12 +00:00
David Horstmann
79bb19f702 Remove redundant checks for renegotiation 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:08:12 +00:00
Gilles Peskine
c4698502d6
Merge pull request #6491 from davidhorstmann-arm/2.28-fix-unusual-macros-0 
[Backport-ish 2.28] Fix unusual macros
 2022-11-03 10:29:06 +01:00
Dave Rodgman
e9e0eeccec
Merge pull request #6525 from daverodgman/fix-duplicate-header-2.28 
Remove duplicate function prototype - 2.28 backport
 2022-11-02 13:06:04 +00:00
Dave Rodgman
490f804555 Improve documentation for psa_crypto_cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-02 09:29:35 +00:00
Dave Rodgman
8e322b1e99 Move declaration of mbedtls_cipher_info_from_psa into psa_crypto_cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-02 09:27:01 +00:00
Dave Rodgman
e222637cfe Remove duplicate function prototype 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:41:48 +00:00
Dave Rodgman
369f495afc Fix zeroization at NULL pointer 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:11:47 +00:00
Dave Rodgman
0bbe75838e
Merge pull request #6191 from daverodgman/invalid-ecdsa-pubkey-backport-2.28 
Improve ECDSA verify validation - 2.28 backport
 2022-10-31 09:37:38 +00:00
David Horstmann
b5b1ed2969 Fix unused warning in ssl_tls.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 13:21:49 +01:00
Aurelien Jarno
edc110d15a Fix a timing leak in ecp_mul_mxz() 
The bit length of m is leaked through through timing in ecp_mul_mxz().
Initially found by Manuel Pégourié-Gonnard on ecp_mul_edxyz(), which has
been inspired from ecp_mul_mxz(), during initial review of the EdDSA PR.
See: https://github.com/Mbed-TLS/mbedtls/pull/3245#discussion_r490827996

Fix that by using grp->nbits + 1 instead, which anyway is very close to
the length of m, which means there is no significant performance impact.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
 2022-10-27 11:58:15 +01:00
David Horstmann
ab6175130b Fix macro-spanning if in x509_crt.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:45:01 +01:00
David Horstmann
04020abfae Fix macro-spanning ifs in ssl_ticket.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:39:03 +01:00
David Horstmann
d4f22083ba Fix macro-spanning ifs in ssl_tls.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:39:03 +01:00
David Horstmann
197b240089 Fix macro-spanning if in ssl_msg.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:39:03 +01:00
David Horstmann
ef661c531f Fix macro-spanning ifs in ecp.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:38:53 +01:00
David Horstmann
74ace59dc6 Fix macro-spanning ifs in ssl_srv.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:38:15 +01:00
Ronald Cron
c527796ecb
Merge pull request #6392 from davidhorstmann-arm/2.28-fix-x509-get-name-cleanup 
[Backport 2.28] Fix `mbedtls_x509_get_name()` cleanup
 2022-10-26 14:28:04 +02:00
David Horstmann
ee0a0e75c8 Fix macro-spanning ifs in ssl_cli.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 17:20:00 +01:00
David Horstmann
e9af9e3e12 Minor improvements to ecp.c changes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
David Horstmann
9430330d2f Rename ARIA_SELF_TEST_IF_FAIL 
Change to ARIA_SELF_TEST_ASSERT

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
David Horstmann
864cc8dba2 Minor changes to asn1write.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
David Horstmann
d209197f37 Refactor macro-spanning ifs in ecdh.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
David Horstmann
b95ee00244 Refactor macro-spanning ifs in ecp.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
David Horstmann
863b17d0cc Refactor macro-spanning if in asn1write.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:56 +01:00
David Horstmann
f3b1eaf95d Refactor macro-spanning if in sha512.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:47:53 +01:00
David Horstmann
5846c9de19 Refactor macro-spanning if in ssl_msg.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:43:05 +01:00
David Horstmann
0bb7243425 Refactor macro-spanning if in ssl_tls12_client.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:39:26 +01:00
David Horstmann
75b1fe7199 Refactor ARIA_SELF_TEST_IF_FAIL macro 
Change the ARIA_SELF_TEST_IF_FAIL macro to be more code-style friendly.
Currently it expands to the body of an if statement, which causes
problems for automatic brace-addition for if statements.

Convert the macro to a function-like macro that takes the condition as
an argument and expands to a full if statement inside a do {} while (0)
idiom.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 16:36:03 +01:00
Andrzej Kurek
84fc52c6b3 Formatting & cosmetic fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-25 04:18:30 -04:00
David Horstmann
670a993dcd Fix incorrect return style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 15:30:30 +01:00
David Horstmann
e6917d05d3 Remove unnecessary NULL assignments 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 15:30:30 +01:00
David Horstmann
5ad5e1657d Clarify wording on allocation 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 15:30:30 +01:00
Andrzej Kurek
96298f960f Add a temporary solution to create a seedfile 
This caused problems if a config with SHA512 was
compiled after a config without it and the seedfile
did not contain enough data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-20 06:38:12 -04:00
Andrzej Kurek
dc4a25249f Fix tls 1.3 test dependencies 
Remove the dependency of tls1_3 key Remove the dependency of secret evolution tests on curve25519
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-20 06:36:20 -04:00
Andrzej Kurek
b3b0ec9bed Add missing dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-20 06:22:13 -04:00
Andrzej Kurek
e8ed2a1115 Compile constant time masking and hmac if there are suites using MAC 
This is used in TLS 1.2 authentication with NULL cipher,
when there are no TLS_CBC suites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-20 06:21:50 -04:00
Andrzej Kurek
f9412f77ac Add tls prf handling when there's no SHA256 or SHA384 
Return a null prf function pointer and check for it when populating transform.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-18 07:30:19 -04:00