yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
29205 commits 89 branches 205 tags 114 MiB
Commit graph

29205 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dave Rodgman e23d6479cc Bump version 
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 15:45:49 +00:00
Dave Rodgman 6ba416968b Assemble Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 15:40:12 +00:00
Janos Follath 0d57f1034e Update Marvin fix Changelog entry 
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:58 +00:00
Janos Follath 393df9c995 Add warning for PKCS 1.5 decryption 
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath 16ab76bbe7 Fix typo 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath b4b8f3df3b RSA: improve readability 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath 47ee770812 RSA: remove unneeded temporaries 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath e6750b2a0b RSA: document Montgomery trick in unblind 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath a62a554071 Fix style 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath 100dcddfca Make local function static 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath a865fc951e Add Changelog for the Marvin attack fix 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath 6bcbc925bf Extend blinding to RSA result check 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath d6b096532c Make RSA unblinding constant flow 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Paul Elliott 968a928659 Add Changelog for #8687 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-22 15:32:18 +00:00
Jonathan Winzig af553bf719 Add required dependency to the testcase 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig acd35a55c8 Remove unneeded testcase 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig 144bfde1cd Update test-data to use SIZE_MAX 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig 93f5240ae5 Add missing newline at the end of test_suite_x509write.data 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig a0c9448bea Update fix to be more platform-independent 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig 63b5e216f8 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig 1c7629c1c0 Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
v1gnesh d0b55edea3
Create 8726.txt changelog entry 
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
 2024-01-22 17:13:56 +05:30
v1gnesh 3c129dd6aa
Update entropy_poll.c 
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
 2024-01-22 15:59:49 +05:30
Manuel Pégourié-Gonnard 34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461 
psa_asymmetric_encrypt() doesn't work with opaque driver
 2024-01-22 08:43:08 +00:00
Ronald Cron f8fdbb5174 tests: tls13: Run early data test only in TLS 1.3 only config 
Temporary workaround to not run the early data test
in Windows-2013 where there is an issue with
mbedtls_vsnprintf().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron a8dd81b4de tests: tls13: Add early data unit test 
This aims to provide a basis for negative
testing around TLS 1.3 early data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron ec3408d707 tests: ssl: Move setting of debug callback 
Move the setting of the debug callback to
the endpoint initialization function. That
way, no need to repeat it in various testing
scenarios.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron d903a86e52 tests: tls13: Add session resume with ticket unit test 
This aims to provide a basis for negative testing
around TLS 1.3 ticket, replacing eventually the
negative tests done in ssl-opt.sh using the
dummy_ticket option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron 77abfe67db ssl_helpers.c: Add ticket write/parse test functions 
Add ticket write/parse test functions as defined
by mbedtls_ssl_ticket_write/parse_t. They are
intended to be used in negative testing
involving tickets.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron 297c608915 tls13: cli: Fix setting of early data transform 
Fix setting of early data transform when we
do not send dummy CCS for middlebox compatibility.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Janos Follath fb12d9204d
Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex 
Implement the key slot mutex
 2024-01-19 20:49:18 +00:00
Dave Rodgman 075f8797ac Remove include of build_info.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 16:48:42 +00:00
Dave Rodgman 336efeec50 Move MBEDTLS_COMPILER_IS_GCC & MBEDTLS_GCC_VERSION into build_info 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 16:38:53 +00:00
Dave Rodgman 00b4eeb0b3 Improve comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 16:14:55 +00:00
Dave Rodgman 7470557855 Add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 16:14:55 +00:00
Dave Rodgman 2143a4ad1f Improve mbedtls_xor docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 15:25:33 +00:00
Dave Rodgman 18d90d7519 Make mbedtls_xor always inline 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 15:25:33 +00:00
Dave Rodgman 55b5dd2cfc Make unaligned accessors always inline 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 15:25:33 +00:00
Dave Rodgman c581264977 Fix unaligned access on old compilers 
Add an alternative implementation of unaligned access that is efficient
for IAR and old versions of gcc.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 15:25:33 +00:00
Minos Galanakis 42151380af programs_dh_client/server: Updated config guards. 
Adjusted to use `MBEDTLS_SHA256_C` instead of `MBEDTLS_MD_CAN_SHA256`
since the former is being used in accelerated driver configurations.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-19 14:39:41 +00:00
Minos Galanakis db8915287e programs_dh_client/server: Changed mdlen type to unsigned integer. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-19 14:38:51 +00:00
Dave Rodgman 7d8c99abb0 Move MBEDTLS_COMPILER_IS_GCC defn into alignment.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 14:02:58 +00:00
Dave Rodgman 69b5a86064 Improve mbedtls_xor for IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-19 14:02:08 +00:00
Ryan Everett 63952b7de5 Fix typo 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-19 13:45:19 +00:00
Ryan Everett 7aeacc1ec4 Add empty line in register_read comment 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-19 13:02:58 +00:00
Ryan Everett 558da2ffd3 Move key_slot_mutex to threading.h 
Make this a global mutex so that we don't have to init and free it.
Also rename the mutex to follow the convention

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-19 12:59:28 +00:00
Minos Galanakis 7c8448842d programs_dh_client/server: Updated to query digest size using mbedtls_md_info_from_type(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-18 14:29:41 +00:00
Minos Galanakis 6e92df12c2 programs_rsa_rsa_verify: Updated program to use mbedtls_rsa_get_len() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-18 14:29:41 +00:00
Minos Galanakis 992f0b8427 programs_rsa_rsa_sign: Updated program to use mbedtls_rsa_get_len() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-18 14:29:41 +00:00
Minos Galanakis ee757d35df programs_rsa_encrypt/decrypt: Updated programs to use mbedtls_rsa_get_len() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-18 14:29:41 +00:00