yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-04-01 23:07:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
6537 commits 88 branches 205 tags 69 MiB
Commit graph

6537 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jaeden Amero 7c68878e17 Merge remote-tracking branch 'upstream-public/pr/1511' into development-proposed 2018-04-24 10:28:25 +01:00
Jaeden Amero d803c1f1ab Merge remote-tracking branch 'upstream-public/pr/1510' into development-proposed 
Resolve conflict in comment for mbedtls_ecdsa_read_signature in include/mbedtls/ecdsa.h
 2018-04-24 10:27:38 +01:00
Jaeden Amero f852f4c35b Merge remote-tracking branch 'upstream-public/pr/1506' into development-proposed 2018-04-24 10:27:05 +01:00
Jaeden Amero ebfd3cad58 Merge remote-tracking branch 'upstream-public/pr/1505' into development-proposed 2018-04-24 10:26:48 +01:00
Rose Zadik abc9ec73b0
Update ecdsa.h 
Merged change to MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH from other commit for merging, as requested (lines 282+283).
 2018-04-23 06:16:40 +01:00
Rose Zadik 93f9919c26
Update cipher.h 
Fixed typo.
 2018-04-19 14:41:33 +01:00
Rose Zadik c441f74900
Update cipher.h 
minor fix
 2018-04-19 14:38:20 +01:00
Rose Zadik 4c368e82cc
Update cipher.h 
Additional changes based on review comments
 2018-04-19 14:24:11 +01:00
Rose Zadik 826f264920
Update cipher.h 
Additional changes based on review comments
 2018-04-19 14:01:29 +01:00
Manuel Pégourié-Gonnard 7aeb470f61 Merge remote-tracking branch 'public/pr/1234' into development-proposed 
* public/pr/1234:
  Doxygen: don't traverse symbolic links
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 64f5adf9f9 Merge remote-tracking branch 'public/pr/1380' into development-proposed 
* public/pr/1380:
  Update ChangeLog for #1380
  Generate RSA keys according to FIPS 186-4
  Generate primes according to FIPS 186-4
  Avoid small private exponents during RSA key generation
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 4acb0055e3 Merge remote-tracking branch 'public/pr/1518' into development-proposed 
* public/pr/1518:
  Update platform.h
  Update platform.h
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 66d396826a Merge remote-tracking branch 'public/pr/1516' into development-proposed 
* public/pr/1516:
  Update sha512.h
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard bb93c04aab Merge remote-tracking branch 'public/pr/1515' into development-proposed 
* public/pr/1515:
  Update sha256.h
  Update sha256.h
 2018-04-18 16:13:52 +02:00
Gilles Peskine b80f04eb67 Merge remote-tracking branch 'upstream-public/pr/1514' into development-proposed 2018-04-18 16:13:30 +02:00
Gilles Peskine 2e1934ac0c Fix comment formatting to pacify check-names.sh 2018-04-18 16:08:26 +02:00
Manuel Pégourié-Gonnard a9377336be Merge remote-tracking branch 'public/pr/1513' into development-proposed 
* public/pr/1513:
  Update rsa.h
  Update rsa.h
  Update rsa.h
 2018-04-18 11:58:53 +02:00
Manuel Pégourié-Gonnard 0392bff1b9 Merge remote-tracking branch 'public/pr/1512' into development-proposed 
* public/pr/1512:
  Update md.h
  Update md.h
 2018-04-18 11:57:50 +02:00
Manuel Pégourié-Gonnard b3a8fe7285 Merge remote-tracking branch 'public/pr/1509' into development-proposed 
* public/pr/1509:
  Update ecdh.h
  Update ecdh.h
 2018-04-18 11:56:49 +02:00
Manuel Pégourié-Gonnard 01d72df113 Merge remote-tracking branch 'public/pr/1508' into development-proposed 
* public/pr/1508:
  Update ctr_drbg.h
  Update ctr_drbg.h
 2018-04-18 11:55:30 +02:00
Manuel Pégourié-Gonnard 7153496395 Merge remote-tracking branch 'public/pr/1507' into development-proposed 
* public/pr/1507:
  Update cmac.h
  Update cmac.h
 2018-04-18 11:54:42 +02:00
Manuel Pégourié-Gonnard c265a25f4f Merge remote-tracking branch 'public/pr/1503' into development-proposed 
* public/pr/1503:
  Update aes.h
  Update aes.h
 2018-04-18 11:48:10 +02:00
Rose Zadik 379b95ca9b
Update ccm.h 
Updated return values for mbedtls_ccm_auth_decrypt().
 2018-04-17 16:43:00 +01:00
Rose Zadik 477dce15bc
Update ccm.h 
updated brief desc.
 2018-04-17 16:31:22 +01:00
Rose Zadik ec5d416cb2
Update ecdsa.h 
minor fix based on review comments
 2018-04-17 15:55:28 +01:00
Rose Zadik 21e2926736
Update rsa.h 
minor change to the file's brief desc.
 2018-04-17 14:08:56 +01:00
Rose Zadik ef87179842
Update ccm.h 
updated failure returns to "A CCM or cipher-specific error code on failure."
 2018-04-17 10:41:48 +01:00
Rose Zadik 6ee22a7d52
Update sha256.h 
Minor fix based on review comments
 2018-04-17 10:38:39 +01:00
Rose Zadik 92d66b88ae
Update sha1.h 
Changes based on review comments
 2018-04-17 10:36:56 +01:00
Rose Zadik f2ec288bf8
Update rsa.h 
Changes based on review comments.
 2018-04-17 10:27:25 +01:00
Rose Zadik f3e4736131
Update md.h 
Changes based on review comments
 2018-04-16 16:31:16 +01:00
Rose Zadik 6a7ebc4c86
Update gcm.h 
minor fix based on review comments
 2018-04-16 16:11:49 +01:00
Rose Zadik 14d0d57c51
Update ecdsa.h 
Minor changes based on review comments
 2018-04-16 16:09:30 +01:00
Rose Zadik 7375b0f6c1
Update ecdh.h 
Changs based on review comments
 2018-04-16 16:04:57 +01:00
Rose Zadik 9464d7b6e3
Update platform.h 
Implemented changes based on review comments
 2018-04-16 15:28:35 +01:00
Rose Zadik f25eb6eef6
Update ctr_drbg.h 
minor changes based on comments
 2018-04-16 14:51:52 +01:00
Rose Zadik c138bb7b05
Update cmac.h 
minor changes based on comments
 2018-04-16 11:11:25 +01:00
Rose Zadik b5607bf61d
Update cipher.h 
minor changes based on comments
 2018-04-16 10:34:51 +01:00
Rose Zadik bd9571a01e
Update ccm.h 
minor changes based on comments
 2018-04-16 09:45:12 +01:00
Rose Zadik 819d13dfff
Update aes.h 
fixed missing multiple returns on mbedtls_aes_setkey_enc
 2018-04-16 09:35:15 +01:00
Jethro Beekman cb122373f0 Update ChangeLog for #1380 2018-04-11 08:40:38 -07:00
Jethro Beekman c645bfe176 Generate RSA keys according to FIPS 186-4 
The specification requires that P and Q are not too close. The specification
also requires that you generate a P and stick with it, generating new Qs until
you have found a pair that works. In practice, it turns out that sometimes a
particular P results in it being very unlikely a Q can be found matching all
the constraints. So we keep the original behavior where a new P and Q are
generated every round.
 2018-04-11 08:38:37 -07:00
Jethro Beekman 666892792d Generate primes according to FIPS 186-4 
The specification requires that numbers are the raw entropy (except for odd/
even) and at least 2^(nbits-0.5). If not, new random bits need to be used for
the next number. Similarly, if the number is not prime new random bits need to
be used.
 2018-04-11 08:38:37 -07:00
Jethro Beekman 97f95c9ef3 Avoid small private exponents during RSA key generation 
Attacks against RSA exist for small D. [Wiener] established this for
D < N^0.25. [Boneh] suggests the bound should be N^0.5.

Multiple possible values of D might exist for the same set of E, P, Q. The
attack works when there exists any possible D that is small. To make sure that
the generated key is not susceptible to attack, we need to make sure we have
found the smallest possible D, and then check that D is big enough. The
Carmichael function λ of p*q is lcm(p-1, q-1), so we can apply Carmichael's
theorem to show that D = d mod λ(n) is the smallest.

[Wiener] Michael J. Wiener, "Cryptanalysis of Short RSA Secret Exponents"
[Boneh] Dan Boneh and Glenn Durfee, "Cryptanalysis of RSA with Private Key d Less than N^0.292"
 2018-04-11 08:38:37 -07:00
Manuel Pégourié-Gonnard 4ca9a45756 Merge remote-tracking branch 'public/pr/1560' into development-proposed 
* public/pr/1560:
  Warn if using a memory sanitizer on AESNI
 2018-04-11 13:06:30 +02:00
Manuel Pégourié-Gonnard e72d3225a7 Merge remote-tracking branch 'public/pr/1559' into development-proposed 
* public/pr/1559:
  Make the memset call prior to FD_ZERO conditional to needing it
 2018-04-11 13:05:31 +02:00
Gilles Peskine 5053efde33 Warn if using a memory sanitizer on AESNI 
Clang-Msan is known to report spurious errors when MBEDTLS_AESNI_C is
enabled, due to the use of assembly code. The error reports don't
mention AES, so they can be difficult to trace back to the use of
AES-NI. Warn about this potential problem at compile time.
 2018-04-05 15:37:38 +02:00
Gilles Peskine ec4733b645 Make the memset call prior to FD_ZERO conditional to needing it 
Zeroing out an fd_set before calling FD_ZERO on it is in principle
useless, but without it some memory sanitizers think the fd_set is
still uninitialized after FD_ZERO (e.g. clang-msan/Glibc/x86_64 where
FD_ZERO is implemented in assembly). Make the zeroing conditional on
using a memory sanitizer.
 2018-04-05 14:55:47 +02:00
Gilles Peskine 80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Gilles Peskine 5c77f2ef37 Merge remote-tracking branch 'upstream-public/pr/1535' into development-proposed 2018-04-04 10:31:09 +02:00