yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 19:21:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
2042 commits 88 branches 205 tags 69 MiB
Commit graph

1258 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard fbf0915404 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-02-05 17:01:24 +01:00
Paul Bakker 5fb8efe71e Merged HMAC-DRBG code 2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard 6e8e34d61e Fix ecp_gen_keypair() 
Too few tries caused failures for some curves (esp. secp224k1)
 2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard b05db2a6aa Save memory by not storing the HMAC key 2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard cf38367f45 Fix HMAC_DRBG and RIPEMD160 error codes 2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard 446ee6618f Add LCOV_EXCLUDE_LINE on some IO errors 2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard b3b205e081 Clean up details in ctr_drbg_selftest() 2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard 79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard 48bc3e81da Add hmac_drbg_{write,update}_seed_file() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard efc8d8078b Use safer names for macros 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 6e897c2a59 Add more checks and references 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard d742a032f4 Use md_hmac_reset() when possible 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 658dbed080 Add automatic periodic reseeding 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard af786ff6cc Add hmac_drbg_set_prediction_resistance() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 8fc484d1df Add hmac_drbg_reseed() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 4e669c614d Add hmac_drbg_set_entropy_len() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard fe34a5fb83 Add entropy callbacks to HMAC_DRBG 2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard 8208d167da Add hmac_random_with_add() 2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard 7845fc06c9 Use new HMAC_DRBG module for deterministic ECDSA 2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard 490bdf3928 Add minimalistic HMAC_DRBG implementation 
(copied from ECDSA)
 2014-01-30 10:58:48 +01:00
Paul Bakker 2aca241425 Ready for release 1.3.4 2014-01-27 11:59:30 +01:00
Paul Bakker 42099c3155 Revert "Add pk_rsa_set_padding() and rsa_set_padding()" 
This reverts commit b4fae579e8.

Conflicts:
	library/pk.c
	tests/suites/test_suite_pk.data
	tests/suites/test_suite_pk.function
 2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard 27b93ade6e Factor common code for printing sig_alg 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 5cac583482 Factor out some common code 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 41cae8e1f9 Parse CSRs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 5eeb32b552 Parse CRLs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard ce7c6fd433 Fix dependencies 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard b7de86d834 More checks for length match in rsassa-pss params 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 3c1e8b539c Finish parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard d9fd87be33 Start parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard b1d4eb16e4 Basic parsing of certs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Paul Bakker 556efba51c Added AES CFB8 mode 2014-01-24 15:38:12 +01:00
Paul Bakker 80025417eb net_is_block() renamed to net_would_block() and corrected behaviour on 
non-blocking sockets

net_would_block() now does not return 1 if the socket is blocking.
 2014-01-23 21:00:57 +01:00
Paul Bakker c2024f4592 Added MPI_CHK around unguarded mpi calls 2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard 8e205fc0bc Fix potential buffer overflow in suported_curves_ext 2014-01-23 17:27:10 +01:00
Paul Bakker 9f3c7d7278 Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det() 2014-01-23 16:11:14 +01:00
Paul Bakker 18e9f3282b Added missing static to md_info_by_size() in ecdsa.c 2014-01-23 16:08:38 +01:00
Paul Bakker bf98c3dd11 Merged deterministic ECDSA 
Conflicts:
	library/ecdsa.c
 2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard dfab4c1193 Add forgotten #ifdef and depends_on 2014-01-22 16:01:06 +01:00
Paul Bakker 5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker 61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Paul Bakker 0ac99ca7bc Merged support for secp224k1, secp192k1 and secp25k1 2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard b4fae579e8 Add pk_rsa_set_padding() and rsa_set_padding() 2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard 7c59363a85 Remove a few dead stores 2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard 9e987edf9f Fix potential memory leak in bignum selftest 2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard fd6a191381 Fix misplaced initialisation. 
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
 2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard 073f0fa2fb Fix missing error checking in gcm 2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard 280f95bd00 Add #ifs arround ssl_ciphersuite_uses_XXX() 2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard 7cfdcb8c7f Add a length check in ssl_derive_keys() 2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard 9af7d3a35b Add fast reduction for the other Koblitz curves 2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard 8887d8d37c Add mod_p256k1 
Makes secp256k1 about 4x faster
 2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard ea499a7321 Add support for secp192k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 0a56c2c698 Fix bug in ecdh_calc_secret() 
Only affects curves with nbits != pbits (currently only secp224k1)
 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 5304812b2d Fix theoretical compliance issue in ECDSA 
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 18e3ec9b4d Add support for secp224k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard e4d47a655b Add RIPEMD-160 to the generic MD layer 2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard ff40c3ac34 Add HMAC support to RIPEMD-160 2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard cab4a8807c Add RIPEMD-160 (core functions) 2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard 9bcff3905b Add OIDs and TLS IDs for prime Koblitz curves 2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard f51c8fc353 Add support for secp256k1 arithmetic 2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard 65ad3e4daf Use deterministic ECDSA in the PK layer 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard 5e6edcfd96 Add fallback for md_alg == NONE to ecdsa_sign_det() 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard 937340bce0 Add ecdsa_write_signature_det() 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard f42bca6da0 Little HMAC_DRBG refactoring 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard 4daaef7e27 Add ecdsa_sign_det() with test vectors 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard 461d416892 Add minified HMAC_DRBG for deterministic ECDSA 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard e7072f8d11 Fix theoretical compliance issue in ECDSA 
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard c9573998ca Fix unchecked error codes in ecp_gen_keypair() 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard 79f73b96d9 Remove bias in EC private key generation 2014-01-06 10:19:35 +01:00
Paul Bakker c78c8422c2 Added failure stub for uninitialized POLARSSL_THREADING_ALT functions 2013-12-31 11:55:27 +01:00
Paul Bakker a8fd3e31ed Removed POLARSSL_THREADING_DUMMY option 2013-12-31 11:54:08 +01:00
Paul Bakker 4de44aa0ae Rewrote check to prevent read of uninitialized data in 
rsa_rsassa_pss_verify()
 2013-12-31 11:43:01 +01:00
Paul Bakker 6992eb762c Fixed potential overflow in certificate size in ssl_write_certificate() 2013-12-31 11:38:33 +01:00
Paul Bakker 6ea1a95ce8 Added missing MPI_CHK() around some statements 2013-12-31 11:17:14 +01:00
Paul Bakker 5bc07a3d30 Prepped for 1.3.3 2013-12-31 10:57:44 +01:00
Paul Bakker 00f5c52bfe Added cast to socket() return value to prevent Windows warning 2013-12-31 10:45:16 +01:00
Paul Bakker c73879139e Merged ECP memory usage optimizations 2013-12-31 10:33:47 +01:00
Paul Bakker 53e1513fea Initialize ebx and edx in padlock functions 2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard 26bc1c0f5d Fix a few unchecked return codes in EC 2013-12-30 19:33:33 +01:00
Paul Bakker 93759b048f Made AES-NI bit-size specific key expansion functions static 2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard 9e4191c3e7 Add another option to reduce EC memory usage 
Also document speed/memory trade-offs better.
 2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard 70896a023e Add statistics about number of allocated blocks 2013-12-30 19:16:05 +01:00
Paul Bakker ec4bea7eee Forced cast to unsigned int for %u format in ecp_selftest() 2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard 1f789b8348 Lessen peak memory usage in EC by freeing earlier 
Cuts peak usage by 25% :)
 2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard 72c172a13d Save some small memory allocations inside ecp_mul() 2013-12-30 16:04:55 +01:00
Paul Bakker f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker 92bcadb110 Removed 'z' length modifier from low-value size_t in ecp_selftest() 2013-12-30 15:37:17 +01:00
Paul Bakker e7f5133590 Fixed superfluous return value in aesni.c 2013-12-30 15:32:02 +01:00
Paul Bakker 0d0de92156 Only specify done label in aes.c when AES-NI is possible 2013-12-30 15:29:04 +01:00
Paul Bakker 956c9e063d Reduced the input / output overhead with 200+ bytes and covered corner 
case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
 2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard d4588cfb6a aesni_gcm_mult() now returns void 2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard bfa3c9a85f Remove temporary code 2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard 23c2f6fee5 Add AES-NI key expansion for 192 bits 2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard 4a5b995c26 Add AES-NI key expansion for 256 bits 2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard 47a3536a31 Add AES-NI key expansion for 128 bits 2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard 01e31bbffb Add support for key inversion using AES-NI 2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard 80637c7520 Use aesni_gcm_mult() if available 2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard d333f67f8c Add aesni_gcm_mult() 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 9d57482280 Add comments on GCM multiplication 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 8eaf20b18d Allow detection of CLMUL 2013-12-26 15:51:13 +01:00