cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-07 22:27:01 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,284 Commits 7 Branches 115 Tags
Commit Graph

18284 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Minos Galanakis
6d169947e9 Merge branch 'mbedtls-2.28-restricted' into mbedtls-2.28.5rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:22:36 +01:00
Dave Rodgman
3c6b7c8efc Move check into list_files_to_merge 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-02 17:20:08 +01:00
Dave Rodgman
68cb9359a6 Check for incorrect changelog extensions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-02 17:03:47 +01:00
Dave Rodgman
da635ab657
Merge pull request #8280 from gilles-peskine-arm/ssl_cache-negative_errors-2.28 
Backport 2.28: ssl_cache: misc improvements
 2023-09-29 17:58:10 +00:00
Dave Rodgman
8c28032537
Merge pull request #8279 from gilles-peskine-arm/mbedtls_ecdsa_can_do 
Backport 2.28: Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT
 2023-09-29 13:11:43 +00:00
Gilles Peskine
5856fd32dd Changelog entry for mbedtls_ssl_cache error code fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:42:47 +02:00
Gilles Peskine
fe4d93ad4d ssl_cache: return error codes on error 
mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() returned 1 on many error
conditions. Change this to returning a negative MBEDTLS_ERR_xxx error code.

Completeness: after this commit, there are no longer any occurrences of
`return 1` or `ret = 1`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:40:33 +02:00
Gilles Peskine
917dd8bd81 Add new error code for SSL cache entry not found 
There was no good error to return in this case.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:39:49 +02:00
JonathanWitthoeft
3ead877b68 Adjust ChangeLog 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:49 +02:00
JonathanWitthoeft
930679a1d7 Make mbedtls_ecdsa_can_do definition unconditional 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:48 +02:00
JonathanWitthoeft
bfb0b39460 Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT 
When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail

Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:47 +02:00
Dave Rodgman
ba1d63e36f
Merge pull request #1085 from daverodgman/update-ct-changelog-2.28 
Backport 2.28: Update padding const-time fix changelog
 2023-09-28 11:34:03 +01:00
Dave Rodgman
0ea272d110 Update padding const-time fix changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-27 16:31:33 +01:00
Dave Rodgman
dce82cd914
Merge pull request #8254 from paul-elliott-arm/fix_travis_coverity_build_2_28 
[Backport 2.28] Re-add python install of requirements to Travis CI.
 2023-09-26 16:56:17 +00:00
Dave Rodgman
7a8ec0f56c
Merge pull request #8209 from lpy4105/issue/8168/2.28_fix-aesni-selection 
2.28: Fix AESNI selection
 2023-09-26 16:55:28 +00:00
Paul Elliott
13481f0439 Re-add python install of requirements to Travis CI. 
Also correct 'distro to 'dist' and update ubuntu to jammy and python
to 3.10 to hopefully fend off future issues. Too much got removed
when disabling travis and the Coverity scan build was failing on 'make
generated-files', due to lack of installed python dependencies

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-26 16:04:44 +01:00
Pengyu Lv
8068b0835b Fix comment 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-26 09:27:04 +08:00
Gilles Peskine
9fe480a5f6
Merge pull request #1081 from waleed-elmelegy-arm/backport_check-set_padding-is-called 
Backport 2.28: Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:41 +02:00
Waleed Elmelegy
916ed7b8db restore internal comment in cipher.h due to LTS 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-25 15:18:48 +01:00
Waleed Elmelegy
8ce42ebd87 Remove invalid comments from cipher.h 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-25 14:21:49 +01:00
Manuel Pégourié-Gonnard
e4138e3279 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:13:24 +01:00
Manuel Pégourié-Gonnard
8013e685f5 Clarify calling sequence in the Cipher layer 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:12:08 +01:00
Manuel Pégourié-Gonnard
3697954ac6 Fix inconsistent documentation of cipher_setup() 
- the \internal note said that calling cipher_init() first would be made
mandatory later, but the documention of the ctx parameter already said
the context had to be initialized...
- the documentation was using the word initialize for two different
meanings (calling setup() vs calling init()), making the documentation
of the ctx parameter quite confusing (you must initialize before you can
initialize...)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:10:49 +01:00
Dave Rodgman
fb6f2cc9d7
Merge pull request #1082 from daverodgman/padding-ct-changelog-2.28 
Backport 2.28: Add Changelog for CT fixes
 2023-09-25 14:02:16 +01:00
Dave Rodgman
0ab94d1239
Merge pull request #1077 from daverodgman/better-ct-2.28 
2.28 backport - Use CT module more consistently
 2023-09-25 11:50:16 +01:00
Dave Rodgman
e8358d400f Add Changelog for CT fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-25 11:34:35 +01:00
Gilles Peskine
b53e630d8a
Merge pull request #8245 from paul-elliott-arm/remove_travis_ci_2.28 
[Backport 2.28] Remove all travis builds except for coverity_scan
 2023-09-24 19:59:13 +02:00
Paul Elliott
471425def2 Remove all travis builds except for coverity_scan 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-22 17:58:57 +01:00
Waleed Elmelegy
08fd33a875 Add warning to mbedtls_cipher_setup() about setting padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-22 14:45:25 +01:00
Gilles Peskine
f8fc956714
Merge pull request #1072 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer-2.28 
Backport 2.28: Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:01 +02:00
Gilles Peskine
326ba3c0bb mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher 
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:25:05 +02:00
Gilles Peskine
dc48f6ed27 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a stream cipher (RC4 or null). Test the
good case (to make sure the test code constructs the input correctly), test
with an invalid MAC, and test with a shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:25:05 +02:00
Gilles Peskine
2198cc5273 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:38 +02:00
Gilles Peskine
027e1b4b3d Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:38 +02:00
Gilles Peskine
9013b818c6 Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:36 +02:00
Pengyu Lv
20384f416e Fix the comments of some guards 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-21 10:14:16 +08:00
Dave Rodgman
6063d82f04 Correct macro guards in constant_time_internal.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 21:54:15 +01:00
Dave Rodgman
5ea6bb06a7 Add cast for MSVC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 20:14:15 +01:00
Dave Rodgman
caa942569f Improve return value handling 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:26:08 +01:00
Dave Rodgman
e0ad9a4707 Misc CT robustness improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:26:08 +01:00
Dave Rodgman
1924adbf99 Fix macro guards for mbedtls_ct_size_mask 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 18:00:47 +01:00
Dave Rodgman
1d52368e85 build fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 16:26:49 +01:00
Dave Rodgman
c1a17f5458 CT fix for get_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
51773aa68b CT fix for get_zeros_and_len_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
df254f6bb6 CT fix for get_one_and_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
9f3f73d212 CT fix for get_pkcs_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
40dc3b3727 CT fixes in nist_kw 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
954a2da1e4 Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
c280520999 Eliminate duplicate ct memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 15:14:28 +01:00
Dave Rodgman
f4cf4a6e25
Merge pull request #1070 from gilles-peskine-arm/merge-2.28-restricted-20230915 
Merge mbedtls-2.28 into restricted
 2023-09-20 12:07:55 +01:00