cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-09 07:09:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,798 Commits 7 Branches 115 Tags
Commit Graph

18798 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
4fc2b9b80f
Merge pull request #1175 from davidhorstmann-arm/cipher-multipart-test-fix-backport 
[Backport 2.28] Fix a multipart test that overwrites the same buffer twice
 2024-02-07 17:18:52 +00:00
Chien Wong
b6d57934bc
Reduce many unnecessary static memory consumption 
.data section of ssl_client1 becomes 128 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
 2024-02-07 21:48:12 +08:00
Gilles Peskine
856bf3ad09
Merge pull request #8781 from silabs-Kusumit/kdf_incorrect_initial_capacity_backport 
Backport 2.28: Fix KDF Incorrect Initial Capacity
 2024-02-06 17:29:33 +00:00
David Horstmann
7274590ef6 Update buffer start and length in multipart test 
This fixes a test failure in which the buffer was not properly filled.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 17:15:52 +00:00
David Horstmann
448bc018d0 Add testcase to fail multipart cipher tests 
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().

This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 17:15:51 +00:00
Dave Rodgman
5a2e95dcfa
Merge pull request #1164 from daverodgman/update-2.28-restricted 2024-02-02 17:45:18 +00:00
David Horstmann
8f7a5f6682
Merge pull request #1157 from Ryan-Everett-arm/key-management-buffer-protection-backport 
[Backport] Key management buffer protection
 2024-02-02 17:43:34 +00:00
Kusumit Ghoderao
bfa27e33ff Fix kdf incorrect initial capacity 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-02-02 19:56:37 +05:30
Ryan Everett
081803d6ec Remove unnecessary dependencies from psa_crypto_helpers.h 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
c8b6c05014 Update tests/scripts/generate_psa_wrappers.py 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
cb4f855456 Fix line-too-long in script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
810421ccc6 Re-add cipher_encrypt buffer copying 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
3a4153a768 Conditionally guard exit label to stop unused label error 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
dcbc1d3750 Generate test wrappers for key management 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
30827915a4 Protect buffer in psa_export_public_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
e3e760cddb Protect buffer in psa_export_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
6b97025466 Protect buffer in psa_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
David Horstmann
3e7ef37e07
Merge pull request #1152 from tom-daubney-arm/backport_asymmetric_sign_buffer_protection 
[Backport] asymmetric sign buffer protection
 2024-02-02 10:04:37 +00:00
David Horstmann
90b94ff85f Allow GCM IV to be NULL if zero-length 
The operation will still return an error, but the assert-based
validation checks will pass. This allows GCM to work with buffer
copies / local inputs, which may be NULL when they are zero-length.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-01 19:38:22 +00:00
Paul Elliott
6b36a5db07
Merge pull request #8771 from Redfoxymoon/mbedtls-2.28 
[backport 2.28] fix build for midipix
 2024-02-01 10:00:58 +00:00
Ørjan Malde
670100f475 fix build for midipix 
Signed-off-by: Ørjan Malde <red@foxi.me>
 2024-01-31 14:14:27 +01:00
Thomas Daubney
f446b8917d Conditionally include exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 13:36:01 +00:00
Thomas Daubney
c63e31af8b Generate test wrappers 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 13:33:14 +00:00
Thomas Daubney
290aac472a Implement safe buffer copying in asymmetric signature API 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric signature API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:45:26 +00:00
David Horstmann
435118c0c0
Merge pull request #1163 from gabor-mezei-arm/bp228_buffer_sharing_copy_output_buffer 
[Backport] Add allocate and copy style output buffer protection
 2024-01-29 11:08:25 +00:00
Dave Rodgman
8e3a837e1b Remove already-assembled Changelog entries 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-26 10:29:00 +00:00
Dave Rodgman
9d52c713b2 Merge remote-tracking branch 'restricted/mbedtls-2.28' into mbedtls-2.28-restricted 2024-01-26 10:27:26 +00:00
Dave Rodgman
1b9cea30b1
Merge pull request #1159 from daverodgman/mbedtls-2.28.7rc 
Mbedtls 2.28.7rc
 2024-01-25 12:21:38 +00:00
Gabor Mezei
3b0c371c04
Add allocate and copy style output buffer handling 
Add a new macro `LOCAL_OUTPUT_ALLOC_WITH_COPY` to support the output buffer
handling of the multipart operations like `psa_cipher_update`. This will
allocate a local buffer and copy the content of the original buffer.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-01-24 17:28:33 +01:00
David Horstmann
436b2ef633 Generate poisoning wrappers for AEAD 
Modify wrapper generation script to generate poisoning calls and
regenerate wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-24 14:58:05 +00:00
David Horstmann
6baf6e9a06 Add buffer copying to psa_aead_decrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-24 14:58:05 +00:00
David Horstmann
21c1a94813 Copy buffers in psa_aead_encrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-24 14:58:05 +00:00
David Horstmann
001ae3349d
Merge pull request #1143 from davidhorstmann-arm/memory-poisoning-runtime-enable-2.28 
[Backport 2.28] Enable and disable memory poisoning at runtime
 2024-01-24 14:46:52 +00:00
David Horstmann
7dfb6121fc Remove _Thread_local variable for 2.28 
We do not intend to support multithreaded testing in 2.28, so
introducing a C11 feature here is an unnecessary burden.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-23 15:35:20 +00:00
Dave Rodgman
2866a6bb20 Merge remote-tracking branch 'restricted/mbedtls-2.28' into mbedtls-2.28.7rc 2024-01-22 16:48:18 +00:00
Dave Rodgman
555f84735a Update BRANCHES.md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:47:55 +00:00
Dave Rodgman
f154831067 bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:47:12 +00:00
Dave Rodgman
e557764cf3 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:46:41 +00:00
Paul Elliott
634748da23 Add Changelog for #8687 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-22 16:00:33 +00:00
Jonathan Winzig
e90cbc3d12 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 16:00:07 +00:00
Jonathan Winzig
d78496cccf Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 16:00:07 +00:00
Janos Follath
4a606d6f3f Update Marvin fix Changelog entry 
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:59:22 +00:00
Janos Follath
80a12f86f9 Add new internal header to visualc project 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
1a9a69778e Fix 'missing prototype' warnings 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
8cdb6064de Align Montgomery init with development 
The signature and naming of the Montgomrey initialisation function in
development and in the LTS was different. Align them for easier
readability and maintenance.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
f10bfbbe74 Add Changelog for the Marvin attack fix 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
eaeff5b75a Add warning for PKCS 1.5 decryption 
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
601bffc4ce Extend blinding to RSA result check 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
aa6760d7b5 Make RSA unblinding constant flow 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
4fe396f1e1 Move some bignum functions to internal header 
We will need a couple of low level functions to implement safe
unblinding in RSA.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00