cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 14:49:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
17,348 Commits 7 Branches 115 Tags
Commit Graph

17348 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Janos Follath
9e4ea3a8a8 Add ChangeLog entry 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-08 09:09:14 +00:00
Janos Follath
95655a2ba0 mpi_exp_mod: protect out of window zeroes 
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.

Loading the output variable from the table in constant time removes this
leakage.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-08 09:09:14 +00:00
Janos Follath
91c0286917 mpi_exp_mod: load the output variable to the table 
This is done in preparation for constant time loading that will be added
in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-08 09:09:14 +00:00
David Horstmann
b410566ba7 Reverse logic for compression in ssl_cli.c 
Change is_compression_ok() to is_compression_bad() for more semantics
that are a better match for what's really going on in the case of no
compression support.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 16:33:57 +00:00
David Horstmann
08a37516ff Minor style fixes to ssl_cli.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 15:55:00 +00:00
David Horstmann
bcc18f2bec Simplify PSA fallback logic in ssl_ticket.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:48:38 +00:00
David Horstmann
9fc2f959b3 Change 0-checks to NULL-checks in ecp.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:48:38 +00:00
David Horstmann
0955f82642 Tidy up compression logic with auxiliary function 
This refactors some logic in ssl_cli.c, removing some previously added
technical debt.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:48:29 +00:00
David Horstmann
0448de58d7 Simplify logic in ssl_cli.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:08:12 +00:00
David Horstmann
dbb6f08c3f Eliminate bad_params variable 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:08:12 +00:00
David Horstmann
79bb19f702 Remove redundant checks for renegotiation 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 14:08:12 +00:00
David Horstmann
14bae83ca0 Change test templating syntax to be valid C 
For the benefit of auto-formatting tools, move from the '$placeholder'
templating syntax to a new syntax of the form:

__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER

This change allows the test code template to be almost entirely valid C.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-07 09:55:35 +00:00
Gilles Peskine
c4698502d6
Merge pull request #6491 from davidhorstmann-arm/2.28-fix-unusual-macros-0 
[Backport-ish 2.28] Fix unusual macros
 2022-11-03 10:29:06 +01:00
Dave Rodgman
e9e0eeccec
Merge pull request #6525 from daverodgman/fix-duplicate-header-2.28 
Remove duplicate function prototype - 2.28 backport
 2022-11-02 13:06:04 +00:00
Dave Rodgman
e43caca4ab
Merge pull request #6527 from daverodgman/update_pr_template-2.28 
Update pr template - 2.28 backport
 2022-11-02 13:05:03 +00:00
Dave Rodgman
a4f10bec28
Merge pull request #6526 from daverodgman/psalinks-2.28 
Update PSA links in README.md - 2.28 backport
 2022-11-02 10:02:03 +00:00
Dave Rodgman
490f804555 Improve documentation for psa_crypto_cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-02 09:29:35 +00:00
Dave Rodgman
8e322b1e99 Move declaration of mbedtls_cipher_info_from_psa into psa_crypto_cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-02 09:27:01 +00:00
Dave Rodgman
d39cf1e07c Align CONTRIBUTING.md with development 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 20:58:30 +00:00
Dave Rodgman
bc1e670fb7 Improve list formatting 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 20:56:49 +00:00
Dave Rodgman
9a1c38a3c1 Reinstate note about all PRs receiving review 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 20:56:45 +00:00
Dave Rodgman
53b65f65ff Update CONTRIBUTING.md, and refer to this from the template 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 20:55:32 +00:00
Dave Rodgman
f1d74acb18 Update PR template 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 20:55:20 +00:00
Dave Rodgman
35e2b2b2bd
Merge pull request #6523 from daverodgman/fix_ssl_zeroize-2.28 
Fix zeroization at NULL pointer - 2.28 backport
 2022-11-01 20:50:33 +00:00
Dave Rodgman
428ef795e6 Update PSA links in README.md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 20:43:24 +00:00
Dave Rodgman
e222637cfe Remove duplicate function prototype 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:41:48 +00:00
Dave Rodgman
febe14e6e0 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:28:20 +00:00
Dave Rodgman
369f495afc Fix zeroization at NULL pointer 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:11:47 +00:00
Dave Rodgman
a1ea28fc40
Merge pull request #6513 from daverodgman/allsh-redundancies-2.28 
All.sh redundancies 2.28
 2022-10-31 15:03:48 +00:00
Gilles Peskine
83264bed63 Group cpp_dummy_build test into an existing component 
No need to do yet another build just to compile an additional trivial program.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-31 11:45:17 +00:00
Gilles Peskine
e86cdcb7bf Remove redundant build-only driver interface component 
component_build_psa_accel_alg_ecdsa is subsumed by
component_test_psa_crypto_config_accel_ecdsa, which has the same
configuration and additionally runs the unit tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-31 11:41:47 +00:00
Dave Rodgman
0bbe75838e
Merge pull request #6191 from daverodgman/invalid-ecdsa-pubkey-backport-2.28 
Improve ECDSA verify validation - 2.28 backport
 2022-10-31 09:37:38 +00:00
Dave Rodgman
6d61d83f29 Build fix - remove line of dead code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 09:23:09 +01:00
Dave Rodgman
23b79b6c9c Credit Cryptofuzz in the changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:36:47 +01:00
Dave Rodgman
a66e7edf09 Improve changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:34:59 +01:00
Dave Rodgman
584200cf4e Update tests/suites/test_suite_ecdsa.function 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:34:56 +01:00
Gilles Peskine
e0917c0346
Merge pull request #6492 from daverodgman/ecp_mul_mxz-timing-leak-2.28 
Fix a timing leak in ecp_mul_mxz() - 2.28 backport
 2022-10-27 19:46:44 +02:00
David Horstmann
b5b1ed2969 Fix unused warning in ssl_tls.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 13:21:49 +01:00
Andrzej Kurek
31788cd8ae Add missing SHA256 dependencies in test_suite_ssl 
Most of the tests (including those using endpoint_init functions) parse
certificates that require MBEDTLS_SHA256_C to be present.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-27 07:44:13 -04:00
Andrzej Kurek
9821253847 Add missing CBC dependency in test_suite_ssl 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-27 07:44:13 -04:00
Andrzej Kurek
c5acdb9e92 Remove unused perl dependency scripts 
curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-27 07:44:13 -04:00
Andrzej Kurek
20d8a5f688 Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-27 07:44:13 -04:00
Andrzej Kurek
2b44a929a4 depends.py: add a config option to unset MBEDTLS_USE_PSA 
This lets us perform any test without MBEDTLS_USE_PSA
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-27 07:44:13 -04:00
Aurelien Jarno
edc110d15a Fix a timing leak in ecp_mul_mxz() 
The bit length of m is leaked through through timing in ecp_mul_mxz().
Initially found by Manuel Pégourié-Gonnard on ecp_mul_edxyz(), which has
been inspired from ecp_mul_mxz(), during initial review of the EdDSA PR.
See: https://github.com/Mbed-TLS/mbedtls/pull/3245#discussion_r490827996

Fix that by using grp->nbits + 1 instead, which anyway is very close to
the length of m, which means there is no significant performance impact.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
 2022-10-27 11:58:15 +01:00
David Horstmann
ab6175130b Fix macro-spanning if in x509_crt.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:45:01 +01:00
David Horstmann
04020abfae Fix macro-spanning ifs in ssl_ticket.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:39:03 +01:00
David Horstmann
d4f22083ba Fix macro-spanning ifs in ssl_tls.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:39:03 +01:00
David Horstmann
197b240089 Fix macro-spanning if in ssl_msg.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:39:03 +01:00
David Horstmann
ef661c531f Fix macro-spanning ifs in ecp.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:38:53 +01:00
David Horstmann
74ace59dc6 Fix macro-spanning ifs in ssl_srv.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-27 11:38:15 +01:00