yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-04-28 23:16:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
5197 commits 88 branches 205 tags 69 MiB
Commit graph

164 commits

Author SHA1 Message Date
Hanno Becker 2dec5e8b00 Correct outdated comment 2017-10-03 07:49:52 +01:00
Hanno Becker 4e1be398f6 Remove FORCE_VERIFICATION and FORCE_BLINDING 2017-10-02 16:02:55 +01:00
Hanno Becker 2fdffe0da0 Check exactly for the RSA context fields required in rsa_private 
Previously, the code was also checking for the presence of D for RSA-CRT, which
is not needed in this case.
 2017-09-29 15:28:49 +01:00
Hanno Becker 2c9f027e32 Don't require P,Q if CRT is not used 
Previously, verification used P,Q regardless of whether CRT was used in the
computation, but this has changed in the meantime.
 2017-09-28 11:04:13 +01:00
Hanno Becker a988a2702a Emit deprecation warning if MBEDTLS_RSA_FORCE_BLINDING is not set 2017-09-07 13:11:33 +01:00
Hanno Becker cc209ca56d Remove signature verification from rsa_rsassa_pkcs1_v15_sign 
This verification path is redundant now that verification is uniformly done in
rsa_private.
 2017-08-25 11:52:29 +01:00
Hanno Becker 43f94721ab Add quick-check for presence of relevant parameters in rsa_private 2017-08-25 11:52:27 +01:00
Hanno Becker c6075cc5ac Don't use CRT for signature verification 
If CRT is not used, the helper fields CRT are not assumed to be present in the
RSA context structure, so do the verification directly in this case. If CRT is
used, verification could be done using CRT, but we're sticking to ordinary
verification for uniformity.
 2017-08-25 11:45:35 +01:00
Hanno Becker 06811ced27 Put configuration options for RSA blinding and verification to work. 2017-06-09 13:29:53 +01:00
Hanno Becker 5bc8729b9e Correct memory leak in RSA self test 
The RSA self test didn't free the RSA context on failure.
 2017-06-09 13:29:53 +01:00
Gilles Peskine 18ac716021 RSA: wipe more stack buffers 
MGF mask and PSS salt are not highly sensitive, but wipe them anyway
for good hygiene.
 2017-05-16 10:22:37 +01:00
Gilles Peskine 4a7f6a0ddb RSA: wipe stack buffers 
The RSA private key functions rsa_rsaes_pkcs1_v15_decrypt and
rsa_rsaes_oaep_decrypt put sensitive data (decryption results) on the
stack. Wipe it before returning.

Thanks to Laurent Simon for reporting this issue.
 2017-05-16 10:22:37 +01:00
Janos Follath f9203b4139 Add exponent blinding to RSA with CRT 
The sliding window exponentiation algorithm is vulnerable to
side-channel attacks. As a countermeasure we add exponent blinding in
order to prevent combining the results of different measurements.

This commit handles the case when the Chinese Remainder Theorem is used
to accelerate the computation.
 2017-05-16 10:22:37 +01:00
Janos Follath e81102e476 Add exponent blinding to RSA without CRT 
The sliding window exponentiation algorithm is vulnerable to
side-channel attacks. As a countermeasure we add exponent blinding in
order to prevent combining the results of fifferent measurements.

This commits handles the case when the Chinese Remainder Theorem is NOT
used to accelerate computations.
 2017-05-16 10:22:37 +01:00
Janos Follath ef44178474 Restore P>Q in RSA key generation (#558) 
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
 2016-10-13 00:25:07 +01:00
Simon Butcher ab069c6b46 Merge branch 'development' into development-restricted 2016-06-23 21:42:26 +01:00
Brian J Murray e7be5bdb96 Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502) 
* Fixed unchecked calls to mbedtls_md_setup in rsa.c:

* style fixes
 2016-06-23 20:57:03 +01:00
Simon Butcher f991128d40 Revert accidental changes to file mode of rsa.c 2016-06-09 13:41:28 +01:00
Janos Follath a338691b46 Merge branch 'development' into development-restricted 2016-06-07 09:24:41 +01:00
Simon Butcher 50cdede726 Revert accidental changes to file mode of rsa.c 2016-06-06 20:15:33 +01:00
Janos Follath 04b591ee79 Merge branch 'development' for weekly test report. 2016-05-31 10:18:41 +01:00
Simon Butcher 9c22e7311c Merge branch 'development' 2016-05-24 13:25:46 +01:00
Simon Butcher 65b1fa6b07 Fixes warnings found by Clang static analyser 
Also removes annotations in the code to avoid warnings which don't appear to
be needed.
 2016-05-23 23:18:26 +01:00
Brian Murray 930a3701e7 fix indentation in output of selftest.c 2016-05-23 14:29:32 +01:00
Paul Bakker 38d188896c Cleanup ifdef statements 2016-05-23 14:29:31 +01:00
Nicholas Wilson e735303026 Shut up a few clang-analyze warnings about use of uninitialized variables 
The functions are all safe, Clang just isn't clever enough to realise
it.
 2016-05-23 14:29:28 +01:00
Simon Butcher 94bafdf834 Merge branch 'development' 2016-05-18 18:40:46 +01:00
Simon Butcher c21bec8af4 Merge branch 'development' 2016-05-16 16:15:20 +01:00
Paul Bakker 21cc5741cf Cleanup ifdef statements 2016-05-12 12:46:28 +01:00
Paul Bakker f4743a6f5e Merge pull request #457 from NWilson/clang-analyze-fixes 
Clang analyze fixes
 2016-05-11 20:20:42 +02:00
Simon Butcher 2300776816 Merge branch 'development' 2016-04-19 10:39:36 +01:00
Janos Follath 1ed9f99ef3 Fix null pointer dereference in the RSA module. 
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
 2016-04-19 10:16:31 +01:00
Simon Butcher 3f5c875654 Adds test for odd bit length RSA key size 
Also tidy up ChangeLog following review.
 2016-04-15 19:06:59 +01:00
Janos Follath 10c575be3e Fix odd bitlength RSA key generation 
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
 2016-04-15 18:49:13 +01:00
Nicholas Wilson 409401c044 Shut up a few clang-analyze warnings about use of uninitialized variables 
The functions are all safe, Clang just isn't clever enough to realise
it.
 2016-04-13 11:56:22 +01:00
Simon Butcher 078bcdd6f6 Merge branch 'IOTSSL-628-BufferOverread' 2016-03-16 22:53:11 +00:00
Simon Butcher 0203745e23 Swap C++ comments to C for style consistency in rsa.c 2016-03-09 21:06:20 +00:00
Janos Follath c69fa50d4c Removing 'if' branch from the fix. 
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
 2016-03-09 21:06:19 +00:00
Janos Follath b6eb1ca01c Length check added 2016-03-09 21:06:19 +00:00
Manuel Pégourié-Gonnard 370717b571 Add precision about exploitability in ChangeLog 
Also fix some whitespace while at it.
 2016-03-09 21:06:19 +00:00
Janos Follath eddfe8f6f3 Included tests for the overflow 2016-03-09 21:06:19 +00:00
Janos Follath c17cda1ab9 Moved underflow test to better reflect time constant behaviour. 2016-02-11 11:08:18 +00:00
Janos Follath b8afe1bb2c Included test for integer underflow. 2016-02-09 14:51:35 +00:00
Simon Butcher bdae02ce90 Corrected references for RSA and DHM 
The links in the references in rsa.c and dhm.c were no longer valid and needed
updating.
 2016-01-20 00:44:42 +00:00
Simon Butcher 1285ab5dc2 Fix for memory leak in RSA-SSA signing 
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c
 2016-01-01 21:42:47 +00:00
Manuel Pégourié-Gonnard fb84d38b45 Try to prevent some misuse of RSA functions 
fixes #331
 2015-10-30 10:56:25 +01:00
Manuel Pégourié-Gonnard 5f50104c52 Add counter-measure against RSA-CRT attack 
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
 2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard 4d04cdcd12 Fix RSA mutex fix 
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
 2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard 1385a289f4 Fix possible mutex lock/unlock mismatch 
fixes #257
 2015-08-27 11:30:58 +02:00