Commit graph

6323 commits

Author SHA1 Message Date
Hanno Becker 936f72c641 Disable MBEDTLS_RSA_FORCE_BLINDING by default
This commit disables the new MBEDTLS_RSA_FORCE_BLINDING option by default to preserve backwards
compatibility. Further, it deprecates disabling to prepare for a future release in which blinding will be
unconditionally enforced.
2017-09-07 13:09:58 +01:00
Ron Eldor bc18eb3b92 Fix compilation error with Mingw32
Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use
`_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by
Thomas Glanzmann and Nick Wilson on issue #355
2017-09-06 17:51:14 +03:00
Ron Eldor 65112b15e6 Adress Hannos's comments
Remove zeroizing buffer, as it was done already in PR #369
Check that buffer is not null by `!= NULL` statement
2017-09-06 17:09:41 +03:00
Manuel Pégourié-Gonnard d23bc1b2cf Merge branch 'iotssl-1381-x509-verify-refactor' into iotssl-1381-x509-verify-refactor-restricted
* iotssl-1381-x509-verify-refactor:
  Tests: depends-pkalgs.pl - disable less options
  Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
2017-09-06 11:35:11 +02:00
Manuel Pégourié-Gonnard c1c16436c6 Merge pull request #1 from gertvdijk/issue1040-mpgbranch
Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
2017-09-06 11:31:01 +02:00
Ron Eldor 9d84b4c102 update after Andres comments
Update after Andres coments:
1. zeroize the buffer in `mbedtls_pem_read_buffer()` before freeing it
2. use `mbedtls_zeroize()` instead of `memset()`
2017-09-05 17:17:31 +03:00
Ron Eldor 31162e4423 Set PEM buffer to zero before freeing it
Set PEM buffer to zero before freeing it, to avoid private keys
being leaked to memory after releasing it.
2017-09-05 15:34:35 +03:00
Gert van Dijk 25d124dc74 Tests: depends-pkalgs.pl - disable less options
Rather than disabling SSL & Key exchanges as a whole, only disable those
options required by reverse dependencies.

GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
See also discussion in PR #1074.
https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303
2017-09-05 14:29:28 +02:00
Ron Eldor 7268ca9500 remove redundant include
Remove redunadnat include for platform.h which was acciddently pushed,
for debugging purposes
2017-09-05 14:29:20 +03:00
Hanno Becker 55b1a0af0c Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys
For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for
PKCS8-v2-3DES encrypted RSA keys.
2017-09-05 10:43:20 +01:00
Hanno Becker 7d108257a4 Add further tests for new RSA keys
For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present.
2017-09-05 10:35:31 +01:00
Hanno Becker 8fdfc98676 Update keyfiles
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
2017-09-05 10:08:37 +01:00
Hanno Becker d16f6126c7 Add RSA key generation commands to test Makefile
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
2017-09-05 10:08:37 +01:00
Hanno Becker 9c6cb38ba8 Fix typo in pkparse.c 2017-09-05 10:08:01 +01:00
Gert van Dijk 4f13195f3b Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
2017-09-04 14:17:10 +02:00
Hanno Becker f28dc2f900 Adapt ChangeLog 2017-09-04 13:07:52 +01:00
Ron Eldor 0a47d12717 Rephrase the backport sectio
Rephrase the backport sectoin, since development branch is not a legacy
branch
2017-09-03 10:20:25 +03:00
VOLAT Matthieu 22923 533751f98f
Use current source paths for config file creation command
That way, the project integrate more nicely when used as a cmake sub-project.
2017-09-01 09:55:40 +02:00
Ron Eldor ea24d75c67 Addres Andres' comment
Update the document after Andres review comments
2017-08-31 17:02:01 +03:00
Manuel Pégourié-Gonnard 4b6e210d00 Merge branch 'mbedtls-2.6' into iotssl-1381-x509-verify-refactor-restricted
* mbedtls-2.6: (27 commits)
  Update version number to 2.6.0
  Fix language in Changelog for clarity
  Improve documentation of PKCS1 decryption functions
  Fix style and missing item in ChangeLog
  Add credit to Changelog to fix for #666
  Fix naked call to time() with platform call
  Fix ChangeLog for duplication after merge
  Rename time and index parameter to avoid name conflict.
  Correct comment
  Adapt ChangeLog
  Reliably zeroize sensitive data in AES sample application
  Reliably zeroize sensitive data in Crypt-and-Hash sample application
  Fix potential integer overflow parsing DER CRT
  Fix potential integer overflow parsing DER CRL
  Move the git scripts to correct path
  Update after @sbutcher-arm comments
  Fix slash direction for linux path
  Add note for the git_hoos README file
  Pre push hook script
  Check return code of mbedtls_mpi_fill_random
  ...
2017-08-31 10:09:43 +02:00
Hanno Becker 37c6b6b339 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-08-26 09:22:14 +01:00
Hanno Becker fab3569963 Use in-place decryption in pk_parse_pkcs8_encrypted_der
The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.

This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.

There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key.
   This does not need adaption since the PEM context used to hold the decoded
   key is already constructed and owned by mbedtls_pk_parse_key.
2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key.
   In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with
   the buffer provided by the user, which is declared const. The commit
   therefore adds a small code paths making a copy of the keybuffer before
   calling pk_parse_pkcs8_encrypted_der.
2017-08-25 13:57:21 +01:00
Hanno Becker 771d30edac Add missing calls to mbedtls_pem_free in mbedtls_pk_parse 2017-08-25 13:57:21 +01:00
Hanno Becker cc209ca56d Remove signature verification from rsa_rsassa_pkcs1_v15_sign
This verification path is redundant now that verification is uniformly done in
rsa_private.
2017-08-25 11:52:29 +01:00
Hanno Becker 43f94721ab Add quick-check for presence of relevant parameters in rsa_private 2017-08-25 11:52:27 +01:00
Hanno Becker c6075cc5ac Don't use CRT for signature verification
If CRT is not used, the helper fields CRT are not assumed to be present in the
RSA context structure, so do the verification directly in this case. If CRT is
used, verification could be done using CRT, but we're sticking to ordinary
verification for uniformity.
2017-08-25 11:45:35 +01:00
Hanno Becker 603b8c62c4 Clarify guarantees made by successful mbedtls_rsa_complete call 2017-08-25 11:03:07 +01:00
Hanno Becker b269a8584a Change mbedtls_rsa_check_privkey to use new helper functions 2017-08-25 08:35:09 +01:00
Hanno Becker d9431a7817 Minor comments improvement 2017-08-25 08:35:09 +01:00
Hanno Becker d363799a9d Add mbedtls_rsa_validate_crt
This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function
mbedtls_rsa_check_crt is simplified accordingly.
2017-08-25 08:35:09 +01:00
Hanno Becker d56d83a7f3 Remove double-checking code from rsa_deduce_moduli and rsa_complete 2017-08-25 08:35:08 +01:00
Hanno Becker 750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Hanno Becker fb81c0ec2e Guard primality checks in RSA module by MBEDTLS_GENPRIME
Primality testing is guarded by the configuration flag MBEDTLS_GENPRIME and used in the new RSA helper functions. This
commit adds a corresponding preprocessor directive.
2017-08-24 06:55:11 +01:00
Hanno Becker b0c5edcc2f Correct typo in rsa.h 2017-08-23 22:16:10 +01:00
Hanno Becker ab3773123c Add support for alternative RSA implementations
Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in
config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and
re-implementing the RSA interface specified in rsa.h.

Through the previous reworkings, the adherence to the interface is the only
implementation obligation - in particular, implementors are free to use a
different layout for the RSA context structure.
2017-08-23 16:24:51 +01:00
Hanno Becker bf37b10370 Add test run for RSA_NO_CRT to all.sh 2017-08-23 16:17:28 +01:00
Hanno Becker 6345dd33b9 Adapt rsa_check_privkey to deal with NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker bee3aaeb50 Adapt rsa_gen_key to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker dc95c890ad Adapt rsa_deduce_crt to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker 33c30a0c7e Adapt rsa_copy and rsa_free to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker 23344b5fcc Adapt rsa_complete to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker 131134fa1a Adapt RSA test suite to deal with RSA_NON_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker 1a59e791e5 Remove CRT fields from RSA context if RSA_NO_CRT is defined 2017-08-23 16:17:28 +01:00
Hanno Becker f073de0c25 Adapt rsa_genkey example program to use new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker 0c2639386e Adapt rsa_encrypt example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker d6ba5e3d8b Adapt rsa_sign example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker ccef18c2ff Adapt rsa_decrypt example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker 40371ec783 Adapt key_app_writer example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker 54ebf9971d Adapt key_app example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker 83aad1fa86 Adapt gen_key example program to new RSA interface 2017-08-23 16:17:27 +01:00