Commit graph

5132 commits

Author SHA1 Message Date
Janos Follath 2850cdaed9 Add Changelog entry for RSA exponent blinding 2017-05-16 10:22:37 +01:00
Janos Follath c66e5596ba Add Changelog entry for CA list suppression 2017-05-16 10:22:37 +01:00
Andres Amaya Garcia 46fe17ecf2 Remove obsolete macros from compat-1.3.h 2017-05-16 10:22:37 +01:00
Gilles Peskine 18ac716021 RSA: wipe more stack buffers
MGF mask and PSS salt are not highly sensitive, but wipe them anyway
for good hygiene.
2017-05-16 10:22:37 +01:00
Gilles Peskine 4a7f6a0ddb RSA: wipe stack buffers
The RSA private key functions rsa_rsaes_pkcs1_v15_decrypt and
rsa_rsaes_oaep_decrypt put sensitive data (decryption results) on the
stack. Wipe it before returning.

Thanks to Laurent Simon for reporting this issue.
2017-05-16 10:22:37 +01:00
Simon Butcher 77da95357f Add fix for #667 to ChangeLog 2017-05-16 10:22:37 +01:00
Simon Butcher 4775e83337 Fix ChangeLog
Fixes the ChangeLog following the merge of the ECP HW acceleration interfaces
in aab9efb.
2017-05-16 10:22:37 +01:00
Janos Follath 6e876988de Fix bug in threading sample implementation #667 2017-05-16 10:22:37 +01:00
Janos Follath 45182a0065 Add Changelog entry for RSA exponent blinding 2017-05-16 10:22:37 +01:00
Janos Follath f9203b4139 Add exponent blinding to RSA with CRT
The sliding window exponentiation algorithm is vulnerable to
side-channel attacks. As a countermeasure we add exponent blinding in
order to prevent combining the results of different measurements.

This commit handles the case when the Chinese Remainder Theorem is used
to accelerate the computation.
2017-05-16 10:22:37 +01:00
Janos Follath e81102e476 Add exponent blinding to RSA without CRT
The sliding window exponentiation algorithm is vulnerable to
side-channel attacks. As a countermeasure we add exponent blinding in
order to prevent combining the results of fifferent measurements.

This commits handles the case when the Chinese Remainder Theorem is NOT
used to accelerate computations.
2017-05-16 10:22:37 +01:00
Janos Follath 7a8a090f55 Add Changelog entry for CA list suppression 2017-05-16 10:22:37 +01:00
Janos Follath 89baba2375 Add tests for the CA suppression option 2017-05-16 10:22:37 +01:00
Janos Follath 4817e27d4d Add the CA list suppression option to ssl_server2
Adding the CA suppression list option to the 'ssl_server2' sample
program is a prerequisite for adding tests for this feature to the
integration test suite (ssl-opt.sh).
2017-05-16 10:22:37 +01:00
Janos Follath 088ce43ffe Implement optional CA list suppression in Certificate Request
According to RFC5246 the server can indicate the known Certificate
Authorities or can constrain the aurhorisation space by sending a
certificate list. This part of the message is optional and if omitted,
the client may send any certificate in the response.

The previous behaviour of mbed TLS was to always send the name of all the
CAs that are configured as root CAs. In certain cases this might cause
usability and privacy issues for example:
- If the list of the CA names is longer than the peers input buffer then
  the handshake will fail
- If the configured CAs belong to third parties, this message gives away
  information on the relations to these third parties

Therefore we introduce an option to suppress the CA list in the
Certificate Request message.

Providing this feature as a runtime option comes with a little cost in
code size and advantages in maintenance and flexibility.
2017-05-16 10:22:37 +01:00
Andres Amaya Garcia 75fdf631fd Remove obsolete macros from compat-1.3.h 2017-05-16 10:22:37 +01:00
Andres Amaya Garcia af610a0baf Fix check-doxy-blocks.pl errors (cmac.c ecjpake.h) 2017-05-12 00:18:04 +01:00
Andres Amaya Garcia d3f0f5e1c8 Fix check-doxy-blocks.pl to run from root dir
Modify tests/scripts/check-doxy-blocks.pl to ensure that:
  * It can only be run from the mbed TLS root directory.
  * An error code is returned to the environment when a potential error
    in the source code is found.
2017-05-12 00:16:50 +01:00
Janos Follath 5634b8609b Apply feedback to ECP internal interface documentation 2017-05-11 22:42:14 +01:00
Janos Follath aab9efb4ce Add doxygen documentation to the new ECP interface
Document the functions in the Elliptic Curve Point module hardware
acceleration to guide silicon vendors when implementing the drivers.
2017-05-11 22:42:14 +01:00
Janos Follath 6c8ccd5be4 Fix cleanup label alignment 2017-05-11 22:42:14 +01:00
Janos Follath 7e2406f6f0 Add Changelog entry 2017-05-11 22:42:14 +01:00
Janos Follath 69b2051e76 Update version features with ECP macros 2017-05-11 22:42:14 +01:00
Janos Follath 333d163523 Remove obsolote ECP abstraction macros
Some macros have been removed from the Elliptic Curve Point abstraction
layer, and they shouldn't have remained in the check_config.h
2017-05-11 22:42:14 +01:00
Janos Follath c44ab97cc9 Apply review feedback on ECP interface
Naming conventions are revised, style issues corrected and minor
optimisation added.
2017-05-11 22:42:14 +01:00
Janos Follath b8a90fb51c Update ECP hardware abstraction interface
With this commit the Elliptic Curve Point interface is rewised. Two
compile time options has been removed to simplify the interface and
the function names got a new prefix that indicates that these functions
are for internal use and not part of the public interface.
2017-05-11 22:42:14 +01:00
Janos Follath ee782bcd54 Adjust documentation to new ECP function names. 2017-05-11 22:42:14 +01:00
Janos Follath 430d3376c9 Add thread safety to ECP hardware acceleration
The intended use of the abstraction layer for Elliptic Curve Point
arithmetic is to enable using hardware cryptographic accelerators.
These devices are a shared resource and the driver code rarely provides
thread safety.

This commit adds mutexes to the abstraction layer to protect the device
in a multi-threaded environment.
2017-05-11 22:42:14 +01:00
Janos Follath 552f6b6d17 Add global mutex for asymmetric crypto accelerator
The primary use case behind providing an abstraction layer to enable
alternative Elliptic Curve Point arithmetic implementation, is making
use of cryptographic acceleration hardware if it is present.

To provide thread safety for the hardware accelerator we need a mutex
to guard it.
2017-05-11 22:42:14 +01:00
Janos Follath 16e63ea2e2 Fix alternative ECP function names
The alternative Elliptic Curve Point arithmetic functions didn't have
an 'mbedtls_' prefix as required by check-names.sh.
2017-05-11 22:42:14 +01:00
Janos Follath 4d9c69dde8 Fix ECP alternative macro names
The compile time macros enabling the initialisation and deinitialisation
in the alternative Elliptic Curve Point arithmetic implementation had
names that did not end with '_ALT' as required by check-names.sh.
2017-05-11 22:42:14 +01:00
Janos Follath 47d28f08a6 Remove alt_internal directory 2017-05-11 22:42:14 +01:00
Janos Follath 372697b6b7 Clean up ECP abstraction layer code
This commit fixes several style issues and fixes in the documentation
of the Elliptic Curve Point arithmetic abstraction layer.
2017-05-11 22:42:14 +01:00
Janos Follath b069753313 ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
Andres AG 5c79d25d94 Add PK tests to avoid hashlen overflow for RSA 2017-05-11 21:58:25 +01:00
Andres AG 72849877d0 Fix data loss in unsigned int cast in PK
This patch introduces some additional checks in the PK module for 64-bit
systems only. The problem is that the API functions in the PK
abstraction accept a size_t value for the hashlen, while the RSA module
accepts an unsigned int for the hashlen. Instead of silently casting
size_t to unsigned int, this change checks whether the hashlen overflows
an unsigned int and returns an error.
2017-05-11 21:55:17 +01:00
Simon Butcher b65c2be5f1 Updated version number to 2.4.2 for release 2017-03-10 18:50:44 +00:00
Simon Butcher f8c45eb61a Merge branch 'development' 2017-03-10 18:45:21 +00:00
Simon Butcher 81cf88f6d7 Added missing credit to ChangeLog for #555 2017-03-07 19:35:49 +00:00
Simon Butcher 8b987500f2 Corrected attibution in Changelog 2017-03-07 12:37:14 +00:00
Andres AG d1cc7f6f34 Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 21:34:21 +00:00
Andres AG 99acfc4521 Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 16:01:08 +00:00
Andres AG b5ba28cbea Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 15:26:09 +00:00
Ron Eldor 12e0b800da Fix resource leak when using mutex and ssl_cookie
When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by
initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it.
Raised and fix suggested by lan Gillingham in the mbed TLS forum
Tracked in #771
2017-03-02 12:26:11 +00:00
Simon Butcher 28d9fe031d Fix mistake in ChangeLog from file merge 2017-03-02 12:05:54 +00:00
Ron Eldor 04965edaa8 Fix resource leak when using mutex and ssl_cookie
When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by
initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it.
Raised and fix suggested by lan Gillingham in the mbed TLS forum
Tracked in #771
2017-03-02 11:58:15 +00:00
Simon Butcher 956c58ffa9 Add fix and credit for #742 to the ChangeLog 2017-03-02 09:20:53 +00:00
Simon Butcher 065cede476 Add fix and credit for #742 to the ChangeLog 2017-03-02 09:18:09 +00:00
Andres AG 429aaee671 Remove use of inttypes.h in MSVC from ssl_server2
The sample application programs/ssl/ssl_server2.c was previously
modifies to use inttypes.h to parse a string to a 64-bit integer.
However, MSVC does not support C99, so compilation fails. This
patch modifies the sample app to use the MSVC specific parsing
functions instead of inttypes.h.
2017-03-02 00:09:55 +00:00
Simon Butcher 24ce844530 Update of the Visual Studio files
Contains additional project file, ecdh_curve25519.vcxproj, as well as fix
for intermediate files causing the warning MSB8028 with Visual Studio 2015.
2017-03-02 00:09:55 +00:00