yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 02:45:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,359 Commits 88 Branches 205 Tags 69 MiB
beddfdcd7f
Commit Graph

4976 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
ae48d86cb1 Fix bug in record decompression 
ssl_decompress_buf() was operating on data from the ssl context, but called at
a point where this data is actually in the rec structure. Call it later so
that the data is back to the ssl structure.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
 2020-03-09 17:39:04 +00:00
jiblime
92af9a9792 Fixes definition error when the deprecated MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for zlib support in mbedtls 
100% tests passed, 0 tests failed out of 85

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
 2020-03-09 17:39:04 +00:00
Arto Kinnunen
17540ab74c Fix usage of randomized number in AES 
-Fix usage of randomized bits (do not reuse the bits)
-Update comments
 2020-01-21 12:01:42 +02:00
Arto Kinnunen
311ab594d7 Flag SCA_CM encrypt/decrypt functions 
There is a 50% performance drop in the SCA_CM enabled encrypt and
decrypt functions. Therefore use the older version of encrypt/decypt
functions when SCA_CM is disabled.
 2020-01-21 12:01:42 +02:00
Arto Kinnunen
2b24f4280f AES review corrections 
-Do not reuse any part of randomized number, use separate byte for
 each purpose.
-Combine some separate loops together to get rid of gap between them
-Extend usage of flow_control
 2020-01-21 12:01:42 +02:00
Arto Kinnunen
98c93af1ef Randomize number of AES dummy calculation rounds 
Use either 4 or 5 dummy rounds in AES encryption/decryption.
 2020-01-21 12:01:42 +02:00
Arto Kinnunen
2eb678f5e8 Update AES SCA countermeasures 
-Add dummy rounds to the start and/or end of the AES calculation
 rounds.
 2020-01-21 12:01:42 +02:00
Arto Kinnunen
28ecfb002f Merge remote-tracking branch 'upstream/pr/2983' into baremetal 
* upstream/pr/2983:
  Fix mbedtls_strerror to work with all wanted codes
 2020-01-17 11:21:53 +02:00
Arto Kinnunen
ca1978b7d5 Merge remote-tracking branch 'upstream/pr/2982' into baremetal 
* upstream/pr/2982:
  Use mbedtls_platform_memset in data_randomize
  Protect get/put on secret data on AES-module
 2020-01-17 11:21:41 +02:00
Arto Kinnunen
d1340e455c Merge remote-tracking branch 'upstream/pr/2980' into baremetal 
* upstream/pr/2980:
  Protect get/put on secret data on sha256-module
 2020-01-17 11:21:32 +02:00
Arto Kinnunen
10a2ffde5d Merge remote-tracking branch 'upstream/pr/2945' into baremetal 
* upstream/pr/2945:
  Rename macro MBEDTLS_MAX_RAND_DELAY
  Update signature of mbedtls_platform_random_delay
  Replace mbedtls_platform_enforce_volatile_reads 2
  Replace mbedtls_platform_enforce_volatile_reads
  Add more variation to random delay countermeasure
  Add random  delay to enforce_volatile_reads
  Update comments of mbedtls_platform_random_delay
  Follow Mbed TLS coding style
  Add random delay function to platform_utils
 2020-01-17 11:21:16 +02:00
Jarno Lamsa
8f8c0bdfc7 Use mbedtls_platform_memset in data_randomize 
More secure memset should be used here instead
of standard memset.
 2020-01-10 08:19:37 +02:00
Jarno Lamsa
282db8e3f8 Protect get/put on secret data on AES-module 
When reading the input, buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will start
from a random offset.
 2020-01-10 08:19:37 +02:00
Teppo Järvelin
5bc072f737 Fix mbedtls_strerror to work with all wanted codes 2020-01-09 14:22:32 +02:00
Arto Kinnunen
b148651e49 Rename macro MBEDTLS_MAX_RAND_DELAY 
MBEDTLS_MAX_RAND_DELAY renamed to MAX_RAND_DELAY to get CI passing.
 2020-01-09 11:11:23 +02:00
Arto Kinnunen
ac6d226939 Update signature of mbedtls_platform_random_delay 
Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks.
 2020-01-09 10:19:07 +02:00
Simon Butcher
05ca9d46c1 Merge remote-tracking branch 'public/pr/2979' into baremetal 2020-01-08 18:15:52 +00:00
Simon Butcher
01d78fcefe Merge remote-tracking branch 'public/pr/2971' into baremetal 2020-01-08 18:10:44 +00:00
Simon Butcher
2d9c0eb215 Merge remote-tracking branch 'public/pr/2948' into baremetal 2020-01-08 18:08:28 +00:00
Simon Butcher
4b3b8c208e Merge remote-tracking branch 'public/pr/2886' into baremetal 2020-01-08 17:53:43 +00:00
Jarno Lamsa
bb86c52430 Protect get/put on secret data on sha256-module 
When reading the input, the buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will
start from a random offset.
 2020-01-08 10:45:51 +02:00
Teppo Järvelin
cafb6c91b0 Clear internal decrypted buffer after read 2020-01-08 10:25:16 +02:00
Arto Kinnunen
7195571681 Replace mbedtls_platform_enforce_volatile_reads 2 
Replace remaining mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
 2020-01-07 10:47:58 +02:00
Arto Kinnunen
e91f0dc905 Replace mbedtls_platform_enforce_volatile_reads 
Replace function mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
 2020-01-07 10:47:58 +02:00
Arto Kinnunen
dbf2b43ceb Add more variation to random delay countermeasure 
Add more variation to the random delay function by xor:ing two
variables. It is not enough to increment just a counter to create a
delay as it will be visible as uniform delay that can be easily
removed from the trace by analysis.
 2020-01-07 10:47:58 +02:00
Arto Kinnunen
0490485be5 Add random delay to enforce_volatile_reads 
Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks.
 2020-01-07 10:47:58 +02:00
Arto Kinnunen
b47b105838 Follow Mbed TLS coding style 2020-01-07 10:47:58 +02:00
Arto Kinnunen
4c63b98e94 Add random delay function to platform_utils 
Add delay function to platform_utils. The function will delay
program execution by incrementing local variable randomised number of
times.
 2020-01-07 10:47:58 +02:00
Teppo Järvelin
8f7e36fc98 Coverity fixes, check hmac return values 2020-01-05 12:02:37 +02:00
Jarno Lamsa
5aa4c07b85 Minor review fixes 2019-12-20 13:09:27 +02:00
Jarno Lamsa
015aa44b93 Make authmode volatile 
This is to enforce reading it from memory for the double
check to prevent compiler from optimising it away.
 2019-12-20 12:09:37 +02:00
Jarno Lamsa
af60cd7698 Protect the peer_authenticated flag more 
Add more protection to the flag preventing attacker
possibly to glitch using faulty certificate.
 2019-12-20 10:50:33 +02:00
Jarno Lamsa
8d09e5744c Increase hamming distance for session resume flag 
This is to prevent glitching a single bit for the resume flag.
 2019-12-19 17:07:35 +02:00
Jarno Lamsa
489dccd158 Adress review comments 2019-12-19 17:07:35 +02:00
Jarno Lamsa
88db2ae9a0 Use Platform fault when double check fails 2019-12-19 17:07:35 +02:00
Jarno Lamsa
f5b6af01d3 Fix double check in entropy_gather_internal 
The double check was wrong way, glitching either check
could have compromised the flow there.
 2019-12-19 17:07:29 +02:00
Jarno Lamsa
06164057b3 Check that we have all the proper keys 
The proper keys should be set at the end of
the handshake, if not, fail the handshake.
 2019-12-19 14:40:36 +02:00
Jarno Lamsa
e1621d4700 Check that the peer_authenticated flag 
Check that the peer has been authenticated in the end
of the handshake.
 2019-12-19 14:29:24 +02:00
Jarno Lamsa
ba4730fe4c Protect setting of peer_authenticated flag 
Use flow counting and double checks when setting the flag.
Also protect the flow to prevent causing a glitch.
 2019-12-19 09:43:25 +02:00
Jarno Lamsa
4031a45019 Protect key_derivation_done flag 
The flag is used to track that the key derivation
has been done.
 2019-12-19 09:43:25 +02:00
Jarno Lamsa
67f0a1e833 Protect setting of premaster_generated flag 
The flag is used for tracking if the premaster has
been succesfully generated. Note that when resuming
a session, the flag should not be used when trying to
notice if all the key generation/derivation has been done.
 2019-12-19 09:43:19 +02:00
Jarno Lamsa
98801af26b Protect setting of hello_random flag 
The handshake flag tells when the handshake hello.random
is set and can be used later to decide if we have the correct
keys.
 2019-12-19 09:02:02 +02:00
Jarno Lamsa
6122b59042 Address review comments 2019-12-19 07:56:10 +02:00
Jarno Lamsa
46afd5d8fa Fix CI issues 
Default flow assumes failure causes multiple issues with
compatibility tests when the return value is initialised
with error value in ssl_in_server_key_exchange_parse.
The function would need a significant change in structure for this.
 2019-12-19 07:56:10 +02:00
Jarno Lamsa
91dbb79ae4 Fix error return code 2019-12-19 07:56:10 +02:00
Jarno Lamsa
b83a2136d6 Protect the return value from mbedtls_pk_verify 
Add double checks to the return value and default flow assumes
failure.
 2019-12-19 07:56:10 +02:00
Jarno Lamsa
47aab8da8a Protect return value from mbedtls_pk_verify 
Use double checks and default flow assumes failure.
 2019-12-19 07:56:10 +02:00
Jarno Lamsa
83a56a630a Double check mbedtls_pk_verify 
The verification could be skipped in server, changed the default flow
so that the handshake status is ever updated if the verify
succeeds, and that is checked twice.
 2019-12-19 07:56:10 +02:00
Jarno Lamsa
acb5eb00ca Add a double check to protect from glitch 
Check that the encryption has been done for the outbut buffer.
This is to ensure that glitching out the encryption doesn't
result as a unecrypted buffer to be sent.
 2019-12-19 07:56:10 +02:00
Jarno Lamsa
d05da1fa45 Add double check for checking if source is strong 
To prevent glitching past a strong source.
 2019-12-19 07:56:10 +02:00