polarssl

mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 14:49:59 -04:00

Author	SHA1	Message	Date
Dave Rodgman	99fa0d08d3	Create quiet wrappers for make and cmake Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 14:09:58 +00:00
Gilles Peskine	36e6bd6926	Merge pull request #8811 from gilles-peskine-arm/pk_import_into_psa-backports-2.28 Backport 2.28: bugs fixed in "Implement mbedtls_pk_import_into_psa"	2024-02-21 15:45:21 +00:00
Janos Follath	53e5adfca4	Merge pull request #8841 from BensonLiou/use_init_api-228 use mbedtls_ssl_session_init() to init session variable	2024-02-19 15:49:29 +00:00
Benson Liou	6805ff7892	use mbedtls_ssl_session_init() to init session variable Use mbedtls_ssl_session_init() to init variable just like session-family APIs described Signed-off-by: Benson Liou <benson.liou@sony.com>	2024-02-17 00:19:10 +08:00
Gilles Peskine	049ea32931	Fix copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-15 15:32:47 +01:00
Gilles Peskine	039c903e7b	Merge pull request #8818 from forkiee2/mbedtls-2.28 Backport 2.28: move entropy init prior arguments number recognition	2024-02-14 13:43:32 +00:00
Tom Cosgrove	75c8e61ce0	Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28 Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8	2024-02-14 11:18:28 +00:00
PiotrBzdrega	c609654665	newline at end of changelog file Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>	2024-02-13 22:12:23 +01:00
PiotrBzdrega	14e4727d0e	fill out missing dot in changelog Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>	2024-02-13 17:09:40 +01:00
PiotrBzdrega	7c1cd5ae1c	move entropy init prior arguments number recognition Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>	2024-02-13 16:59:05 +01:00
Janos Follath	09cd7dd96a	Merge pull request #8660 from ivq/fix_ecp_comment Fix a comment in ecp	2024-02-13 12:12:10 +00:00
Gilles Peskine	0196f4886a	Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes Add non-regression tests. Update some test functions to not assume that byte_length == bit_length / 8. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-12 17:00:48 +01:00
Gilles Peskine	c89f9ceb41	Don't define pk_sign_verify in configurations where it's unused In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is useful but cannot perform any signatures. Then modern GCC complains: ``` ../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’: ../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds] ../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’ … ``` This fixes test-ref-configs.pl with a modern GCC (specifically with config-thread.h). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-12 14:33:41 +01:00
Gilles Peskine	0af7a90329	depends.py: set unique configuration names in outcome file Set unique configuration names in the outcome file. This was lost in the rewrite from depends-*.pl to depends.py. Fix #7290 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-12 14:30:59 +01:00
Tom Cosgrove	ede909f99a	Merge pull request #8798 from ivq/8665-backport Backport 2.28: Reduce many unnecessary static memory consumption	2024-02-07 23:26:24 +00:00
Chien Wong	b6d57934bc	Reduce many unnecessary static memory consumption .data section of ssl_client1 becomes 128 bytes smaller on AMD64. Signed-off-by: Chien Wong <m@xv97.com>	2024-02-07 21:48:12 +08:00
Gilles Peskine	856bf3ad09	Merge pull request #8781 from silabs-Kusumit/kdf_incorrect_initial_capacity_backport Backport 2.28: Fix KDF Incorrect Initial Capacity	2024-02-06 17:29:33 +00:00
Kusumit Ghoderao	bfa27e33ff	Fix kdf incorrect initial capacity Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2024-02-02 19:56:37 +05:30
Paul Elliott	6b36a5db07	Merge pull request #8771 from Redfoxymoon/mbedtls-2.28 [backport 2.28] fix build for midipix	2024-02-01 10:00:58 +00:00
Ørjan Malde	670100f475	fix build for midipix Signed-off-by: Ørjan Malde <red@foxi.me>	2024-01-31 14:14:27 +01:00
Dave Rodgman	1b9cea30b1	Merge pull request #1159 from daverodgman/mbedtls-2.28.7rc Mbedtls 2.28.7rc	2024-01-25 12:21:38 +00:00
Dave Rodgman	2866a6bb20	Merge remote-tracking branch 'restricted/mbedtls-2.28' into mbedtls-2.28.7rc	2024-01-22 16:48:18 +00:00
Dave Rodgman	555f84735a	Update BRANCHES.md Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-22 16:47:55 +00:00
Dave Rodgman	f154831067	bump version Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-22 16:47:12 +00:00
Dave Rodgman	e557764cf3	Assemble changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-22 16:46:41 +00:00
Paul Elliott	634748da23	Add Changelog for #8687 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-01-22 16:00:33 +00:00
Jonathan Winzig	e90cbc3d12	Fix Issue #8687 Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>	2024-01-22 16:00:07 +00:00
Jonathan Winzig	d78496cccf	Add tests for Issue #8687 Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>	2024-01-22 16:00:07 +00:00
Janos Follath	4a606d6f3f	Update Marvin fix Changelog entry Upon further consideration we think that a remote attacker close to the victim might be able to have precise enough timing information to exploit the side channel as well. Update the Changelog to reflect this. Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:59:22 +00:00
Janos Follath	80a12f86f9	Add new internal header to visualc project Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	1a9a69778e	Fix 'missing prototype' warnings Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	8cdb6064de	Align Montgomery init with development The signature and naming of the Montgomrey initialisation function in development and in the LTS was different. Align them for easier readability and maintenance. Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	f10bfbbe74	Add Changelog for the Marvin attack fix Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	eaeff5b75a	Add warning for PKCS 1.5 decryption Any timing variance dependant on the output of this function enables a Bleichenbacher attack. It is extremely difficult to use safely. In the Marvin attack paper (https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the author suggests that implementations of PKCS 1.5 decryption that don't include a countermeasure should be considered inherently dangerous. They suggest that all libraries implement the same countermeasure, as implementing different countermeasures across libraries enables the Bleichenbacher attack as well. This is extremely fragile and therefore we don't implement it. The use of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable. Add a warning to PKCS 1.5 decryption to warn users about this. Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	601bffc4ce	Extend blinding to RSA result check Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	aa6760d7b5	Make RSA unblinding constant flow Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	4fe396f1e1	Move some bignum functions to internal header We will need a couple of low level functions to implement safe unblinding in RSA. Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Janos Follath	42175031ca	Move calculating RR into a separate function So far we needed it only locally here, but we will need calculating RR for safe unblinding in RSA as well. Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:58:57 +00:00
Tom Cosgrove	c7e208d2fa	Merge pull request #8662 from LocutusOfBorg/mbedtls-2.28 timing.c fix build failure with -O3 optimization level	2024-01-18 13:52:02 +00:00
Gianfranco Costamagna	d7768235da	Update library/timing.c Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>	2024-01-18 12:25:18 +01:00
Paul Elliott	56fd26cee9	Merge pull request #8640 from bensze01/release_components_2.28 [Backport 2.28] Set OpenSSL/GnuTLS variables when running release components	2024-01-11 15:38:23 +00:00
Paul Elliott	1296ac8348	Merge pull request #8695 from jwinzig-at-hilscher/mbedtls-2.28 Backport 2.28: Fix bug in mbedtls_x509_set_extension	2024-01-10 16:57:03 +00:00
Jonathan Winzig	a836a8499e	Fix Issue #8687 Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>	2024-01-10 13:26:36 +01:00
Jonathan Winzig	61f4fc24a9	Add tests for Issue #8687 Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>	2024-01-10 13:26:12 +01:00
Manuel Pégourié-Gonnard	05bd9a9455	Merge pull request #8685 from gilles-peskine-arm/asymmetric_key_data-secpr1-2.28 Backport 2.28: Fix incorrect test data for SECP_R1 in automatically generated tests	2024-01-09 11:06:41 +00:00
Gilles Peskine	1bc4348477	Indicate which curves Mbed TLS supports Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-09 09:55:24 +01:00
Gilles Peskine	4bc4a2d6a5	Note unusual curve size Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-09 09:55:24 +01:00
Gilles Peskine	6bf4dfc8db	Fix typo in curve name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-09 09:55:24 +01:00
Gilles Peskine	fafc6cd201	Update generated test data files Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-09 09:55:24 +01:00
Gilles Peskine	64dcb78e42	Add test data for secp192r1 Same generation methodology as 0cbaf056fadf60228b32245aeba893959be31ede: ``` openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-192 -text \|perl -0777 -pe 's/.\npriv:([\n 0-9a-f:])pub:([\n 0-9a-f:])./"$1","$2"/s or die; y/\n ://d; s/,/,\n /;' ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-09 09:53:54 +01:00

1 2 3 4 5 ...

18396 Commits