cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-03 10:34:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
26,891 Commits 7 Branches 115 Tags
Commit Graph

26891 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
d8c68a948a Use CT interface in get_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
89a9bd5887 Use CT interface in get_one_and_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
6cec41c3bb use CT interface in add_zeros_and_len_padding() 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:34:06 +01:00
Dave Rodgman
6b7e2a5809 Use CT interface in get_pkcs_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:34:06 +01:00
Dave Rodgman
b4e6b41aa0 Use const-time interface throughout mbedtls_rsa_rsaes_oaep_decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:34:06 +01:00
Dave Rodgman
986006e567 Make TEST_CALLOC_NONNULL more robust 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:30:25 +01:00
Dave Rodgman
6568f60358 Simplify mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6 Add docs for mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923 Use exact bounds for allocations in mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:57 +01:00
Dave Rodgman
a328635305 Introduce TEST_CALLOC_NONNULL 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:39 +01:00
Dave Rodgman
ba600b2fd9 Remove expected param from mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:26:13 +01:00
Dave Rodgman
51c15309f2 Make padlen check const-time 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:22:18 +01:00
Dave Rodgman
c2630fac52 Simplify mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:21:50 +01:00
Waleed Elmelegy
071b69f47b Add correct dependency to DES3 test 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-19 11:24:49 +01:00
Dave Rodgman
66d6ac92e6 Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
d337bd9bfe Improve const-timeness of mbedtls_nist_kw_unwrap 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
771ac65b0c Add tests for mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
9c14007ac3 Add mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
d26a3d6da7 Eliminate duplicate ct memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-18 19:09:45 +01:00
Gilles Peskine
faf0b8604a mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher 
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Gilles Peskine
d2e004e401 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c Adjust cipher tests to new requirement of specifying padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-18 17:41:25 +01:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 17:21:15 +02:00
Gilles Peskine
68ec3ccc7c Add missing cleanup 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:52 +02:00
Gilles Peskine
ac5fabed25 Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:42 +02:00
Gilles Peskine
a3237efefb Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:23:13 +02:00
Gilles Peskine
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun 
Add new pkcs12 pbe2 ext fun
 2023-09-15 18:43:03 +02:00
Waleed Elmelegy
50888643f4 Reduce line size in new pkcs function changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-14 18:27:17 +01:00
Waleed Elmelegy
0684965f5a Modify changelog entry to add pkcs12 pbe functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-13 13:35:16 +01:00
Waleed Elmelegy
2b143c67a4 Add changelog entry for checking set_padding() before cipher_finish() 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-12 16:20:35 +01:00
Dave Rodgman
9b1ae3d7c8
Merge pull request #1059 from daverodgman/ct_memcmp_fix 
Constant time memcmp check for 16-bit int
 2023-09-12 16:13:03 +01:00
Waleed Elmelegy
57d09b72ef Return back to modifying input parameters in pkcs12_parse_pbe_params 
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-12 14:05:10 +01:00
Waleed Elmelegy
a7d206fce6 Check set_padding has been called in mbedtls_cipher_finish 
Check set_padding has been called in mbedtls_cipher_finish
in modes that require padding.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-12 13:39:36 +01:00
Dave Rodgman
bd58944252 Avoid implementation defined behaviour 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 12:38:53 +01:00
Dave Rodgman
49d7223036 Fix test under memsan 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 11:03:23 +01:00
Dave Rodgman
1a1b03bfb4
Merge pull request #1024 from daverodgman/safer-ct-changelog 
Changelog for safer constant-time
 2023-09-12 10:59:14 +01:00
Dave Rodgman
50b0a35494 Test INT_MAX rather than UINT_MAX 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 09:30:44 +01:00
Dave Rodgman
98926d5fb1 Update comment, and replace bit-twiddling with #error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 09:29:33 +01:00
Dave Rodgman
70e022b024 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 09:29:13 +01:00
Dave Rodgman
4f26770291 Ensure mbedtls_ct_memcpy behaves correctly with 16-bit int 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-11 19:10:09 +01:00
Dave Rodgman
140d5c77d0 Add single-bit difference tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-11 19:10:05 +01:00
Waleed Elmelegy
e1cb35b719 Add new mbedtls_pkcs12_pbe_ext function to replace old function 
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-08 16:51:26 +01:00
Gilles Peskine
31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe 
Improve & test legacy mbedtls_pkcs12_pbe
 2023-09-08 13:08:05 +02:00
Dave Rodgman
26923c7e49 Add missing hyphen 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:45:34 +01:00
Dave Rodgman
241a80b717 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Dave Rodgman
3fc3ae708e wip 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Dave Rodgman
d441a14f38 Add reference to x86 asm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Dave Rodgman
cd1de6350e Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Waleed Elmelegy
1f59ee078f Add correct dependencies to pkcs12 tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:59:35 +01:00