mbedtls

mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00

Author	SHA1	Message	Date
Gilles Peskine	193f94276e	Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher	2023-09-22 11:43:03 +02:00
Gilles Peskine	7641667abf	Merge pull request #1073 from Mbed-TLS/better-ct-memcmp More consistent use of mbedtls_ct_memcmp	2023-09-21 10:00:58 +02:00
Dave Rodgman	814d096420	Fix error in handling of return value from mbedtls_nist_kw_unwrap Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 20:48:51 +01:00
Dave Rodgman	986006e567	Make TEST_CALLOC_NONNULL more robust Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 18:30:25 +01:00
Dave Rodgman	6568f60358	Simplify mbedtls_ct_memcmp_partial test Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:48:24 +01:00
Dave Rodgman	2c9f86b3b6	Add docs for mbedtls_ct_memcmp_partial test Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:48:13 +01:00
Dave Rodgman	28bc1ab923	Use exact bounds for allocations in mbedtls_ct_memcmp_partial test Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:34:57 +01:00
Dave Rodgman	a328635305	Introduce TEST_CALLOC_NONNULL Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:34:39 +01:00
Dave Rodgman	ba600b2fd9	Remove expected param from mbedtls_ct_memcmp_partial test Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:26:13 +01:00
Dave Rodgman	51c15309f2	Make padlen check const-time Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:22:18 +01:00
Dave Rodgman	c2630fac52	Simplify mbedtls_ct_memcmp_partial Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 17:21:50 +01:00
Dave Rodgman	66d6ac92e6	Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 09:10:59 +01:00
Dave Rodgman	d337bd9bfe	Improve const-timeness of mbedtls_nist_kw_unwrap Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 09:10:59 +01:00
Dave Rodgman	771ac65b0c	Add tests for mbedtls_ct_memcmp_partial Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 09:10:59 +01:00
Dave Rodgman	9c14007ac3	Add mbedtls_ct_memcmp_partial Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-19 09:10:59 +01:00
Dave Rodgman	d26a3d6da7	Eliminate duplicate ct memcmp Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-18 19:09:45 +01:00
Gilles Peskine	faf0b8604a	mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 19:07:50 +02:00
Gilles Peskine	d2e004e401	Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream cipher we support). Test the good case (to make sure the test code constructs the input correctly), test with an invalid MAC, and test with a shortened input. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 19:07:50 +02:00
Gilles Peskine	9099d3fd76	Refactoring: create mbedtls_test_ssl_prepare_record_mac() No semantic change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 17:21:15 +02:00
Gilles Peskine	68ec3ccc7c	Add missing cleanup Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 14:35:52 +02:00
Gilles Peskine	ac5fabed25	Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() No semantic change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 14:35:42 +02:00
Gilles Peskine	a3237efefb	Move testing of mbedtls_ssl_decrypt_buf to a new test suite test_suite_ssl is huge and needs splitting. Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a complicated function that needs more thorough testing with malformed inputs. At this point, we are only doing negative testing with CBC-non-ETM test suites. This needs to grow. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 14:23:13 +02:00
Gilles Peskine	8a7fb2d799	Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun Add new pkcs12 pbe2 ext fun	2023-09-15 18:43:03 +02:00
Waleed Elmelegy	50888643f4	Reduce line size in new pkcs function changelog Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-14 18:27:17 +01:00
Waleed Elmelegy	0684965f5a	Modify changelog entry to add pkcs12 pbe functions Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-13 13:35:16 +01:00
Dave Rodgman	9b1ae3d7c8	Merge pull request #1059 from daverodgman/ct_memcmp_fix Constant time memcmp check for 16-bit int	2023-09-12 16:13:03 +01:00
Waleed Elmelegy	57d09b72ef	Return back to modifying input parameters in pkcs12_parse_pbe_params Return back to modifying input parameters in pkcs12_parse_pbe_params to avoid change in behaviour. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-12 14:05:10 +01:00
Dave Rodgman	bd58944252	Avoid implementation defined behaviour Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 12:38:53 +01:00
Dave Rodgman	49d7223036	Fix test under memsan Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 11:03:23 +01:00
Dave Rodgman	1a1b03bfb4	Merge pull request #1024 from daverodgman/safer-ct-changelog Changelog for safer constant-time	2023-09-12 10:59:14 +01:00
Dave Rodgman	50b0a35494	Test INT_MAX rather than UINT_MAX Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 09:30:44 +01:00
Dave Rodgman	98926d5fb1	Update comment, and replace bit-twiddling with #error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 09:29:33 +01:00
Dave Rodgman	70e022b024	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-12 09:29:13 +01:00
Dave Rodgman	4f26770291	Ensure mbedtls_ct_memcpy behaves correctly with 16-bit int Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 19:10:09 +01:00
Dave Rodgman	140d5c77d0	Add single-bit difference tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-11 19:10:05 +01:00
Waleed Elmelegy	e1cb35b719	Add new mbedtls_pkcs12_pbe_ext function to replace old function Add new mbedtls_pkcs12_pbe_ext function to replace old mbedtls_pkcs12_pbe function that have security issues. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-08 16:51:26 +01:00
Gilles Peskine	31d49cd57f	Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe Improve & test legacy mbedtls_pkcs12_pbe	2023-09-08 13:08:05 +02:00
Dave Rodgman	26923c7e49	Add missing hyphen Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 10:45:34 +01:00
Dave Rodgman	241a80b717	Improve changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 10:21:18 +01:00
Dave Rodgman	3fc3ae708e	wip Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 10:21:18 +01:00
Dave Rodgman	d441a14f38	Add reference to x86 asm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 10:21:18 +01:00
Dave Rodgman	cd1de6350e	Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-08 10:21:18 +01:00
Waleed Elmelegy	1f59ee078f	Add correct dependencies to pkcs12 tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 17:59:35 +01:00
Waleed Elmelegy	096017023d	Fix identation error in pkcs12 tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 17:48:40 +01:00
Waleed Elmelegy	75b9eb36b4	Change pkcs12 test comparison macro to the new macro Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 17:02:37 +01:00
Waleed Elmelegy	8317e91b1e	Change pkcs12 test allocation macros to the new macros Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-07 15:46:58 +01:00
Waleed Elmelegy	15de809e1a	Improve pkcs12 pbe tests * Simplify pkcs12 tests to use algo parameters instead of asn1 buffers. * Fix output buffers allocation size. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-05 16:34:55 +01:00
Waleed Elmelegy	255db80910	Improve & test legacy mbedtls_pkcs12_pbe * Prevent pkcs12_pbe encryption when PKCS7 padding has been disabled since this not part of the specs. * Allow decryption when PKCS7 padding is disabled for legacy reasons, However, invalid padding is not checked. * Document new behaviour, known limitations and possible security concerns. * Add tests to check these scenarios. Test data has been generated by the below code using OpenSSL as a reference: #include <openssl/pkcs12.h> #include <openssl/evp.h> #include <openssl/des.h> #include <openssl/asn1.h> #include "crypto/asn1.h" #include <string.h> int main() { char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB"; unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC"; unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"; unsigned char ciphertext = NULL; int iter = 10; X509_ALGOR alg = X509_ALGOR_new(); int ciphertext_len = 0; int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; alg->parameter = ASN1_TYPE_new(); struct asn1_object_st * aobj; PKCS5_pbe_set0_algor(alg, alg_nid, iter, salt, sizeof(salt)-1); aobj = alg->algorithm; printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length); printf("06%.2X", aobj->length); for (int i = 0; i < aobj->length; i++) { printf("%.2X", aobj->data[i]); } for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) { printf("%.2X", alg->parameter->value.asn1_string->data[i]); } printf("\":\""); for (int i = 0; i < sizeof(pass)-1; i++) { printf("%.2X", pass[i] & 0xFF); } printf("\":\""); for (int i = 0; i < sizeof(plaintext)-1; i++) { printf("%.2X", plaintext[i]); } printf("\":"); printf("0"); printf(":\""); unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1); if (res == NULL) printf("Encryption failed!\n"); for (int i = 0; i < ciphertext_len; i++) { printf("%.2X", res[i]); } printf("\"\n"); return 0; } Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> #	2023-09-05 15:45:55 +01:00
Gilles Peskine	1a7d387072	Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun Add new pkcs5 pbe2 ext fun	2023-09-04 15:33:42 +02:00
Janos Follath	3574ec27fe	Merge pull request #1052 from yanesca/add_everest_to_threat_model Add Everest to threat model	2023-09-04 14:05:13 +01:00

1 2 3 4 5 ...

26834 commits