yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 17:21:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
9115 commits 88 branches 205 tags 69 MiB
Commit graph

202 commits

Author SHA1 Message Date
Andres Amaya Garcia 1f6301b3c8 Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
Jethro Beekman 666892792d Generate primes according to FIPS 186-4 
The specification requires that numbers are the raw entropy (except for odd/
even) and at least 2^(nbits-0.5). If not, new random bits need to be used for
the next number. Similarly, if the number is not prime new random bits need to
be used.
 2018-04-11 08:38:37 -07:00
Gilles Peskine 90a8b5219f Merge branch 'pr_1480' into development-proposed 2018-04-01 12:44:06 +02:00
Gilles Peskine 5bdb671404 Merge branch 'pr_403' into development-proposed 2018-03-22 21:34:15 +01:00
Gilles Peskine 4e4be7cf62 Optimize unnecessary zeorizing in mbedtls_mpi_copy 
Based on a contribution by Alexey Skalozub
(https://github.com/ARMmbed/mbedtls/pull/405).
 2018-03-21 16:29:03 +01:00
Hanno Becker a3389ebb09 Merge branch 'development-restricted' into iotssl-1306-rsa-is-vulnerable-to-bellcore-glitch-attack 2018-03-06 11:55:21 +00:00
Hanno Becker 888071184c Zeroize stack before returning from mpi_fill_random 2017-10-18 12:41:30 +01:00
Hanno Becker 073c199224 Make mpi_read_binary time constant 
This commit modifies mpi_read_binary to always allocate the minimum number of
limbs required to hold the entire buffer provided to the function, regardless of
its content. Previously, leading zero bytes in the input data were detected and
used to reduce memory footprint and time, but this non-constant behavior turned
out to be non-tolerable for the cryptographic applications this function is used
for.
 2017-10-17 15:17:27 +01:00
Hanno Becker 8d1dd1b5b9 Fix bug in mbedtls_mpi_exp_mod 
Calling `mbedtls_mpi_exp_mod` with a freshly initialized exponent MPI `N`,
i.e. `N.p == NULL`, would lead to a null-pointer dereference.
 2017-09-28 11:02:24 +01:00
Manuel Pégourié-Gonnard db108ac944 Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development 
* hanno/mpi_read_file_underflow:
  Fix potential stack underflow in mpi_read_file.
 2017-06-08 19:48:03 +02:00
Hanno Becker b2034b7785 Fix potential stack underflow in mpi_read_file. 
When provided with an empty line, mpi_read_file causes a numeric
underflow resulting in a stack underflow. This commit fixes this and
adds some documentation to mpi_read_file.
 2017-05-09 10:29:06 +01:00
Hanno Becker 4bcb4914c5 Abort modular inversion when modulus is one. 
The modular inversion function hangs when provided with the modulus 1. This commit refuses this modulus with a BAD_INPUT error code. It also adds a test for this case.
 2017-05-08 14:47:04 +01:00
Hanno Becker a4af1c47d2 Correct sign in modular exponentiation algorithm. 
The modular exponentiation function  handled the sign incorrectly. This commit fixes this and a test case which should have caught it.
 2017-04-18 09:07:45 +01:00
Andres AG d1cc7f6f34 Fix buffer overflow in mbedtls_mpi_write_string() 
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
 2017-03-02 21:34:21 +00:00
Simon Butcher 29176897a1 Adds additional casts to calloc calls 
Casts added to allow compilation of the library as C++
 2016-05-23 14:29:33 +01:00
Nicholas Wilson 91c68a5e15 Shut up a clang-analyzer warning 
The function appears to be safe, since grow() is called with sensible
arguments in previous functions.  Ideally Clang would be clever enough to
realise this.  Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will
cause the grow to fail, the affected lines in montmul won't be reached.
Having this sanity check can hardly hurt though.
 2016-05-23 14:29:28 +01:00
Alexey Skalozub e17a8da17e Rename MPI zeroize function to mbedtls_mpi_zeroize 
Avoid naming confusion
 2016-04-25 16:01:07 +01:00
Alexey Skalozub 3d53f41638 Faster mbedtls_zeroize for MPI 
Writes in `sizeof(mbedtls_mpi_uint)` units perform faster than plain chars, also eliminates multiplication by `ciL`
 2016-04-25 16:00:50 +01:00
Alexey Skalozub 8e75e68531 Remove redundant i increments 
Doesn't matter performance-wise, but still...
 2016-01-13 21:59:27 +02:00
Manuel Pégourié-Gonnard e9c1b1a3bf Merge remote-tracking branch 'yanesca/iss309' into development 
* yanesca/iss309:
  Improved on the previous fix and added a test case to cover both types of carries.
  Removed recursion from fix #309.
  Improved on the fix of #309 and extended the test to cover subroutines.
  Tests and fix added for #309 (inplace mpi doubling).
 2016-01-07 13:22:27 +01:00
Simon Butcher 9803d07a63 Fix for MPI divide on MSVC 
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
 2016-01-03 00:24:34 +00:00
Simon Butcher f5ba04541e Fix for compiler warnings and style 
Changes for C90 compliance, and style following review
 2015-12-27 23:01:55 +00:00
Manuel Pégourié-Gonnard 1630888aa0 Fix two more compiler warnings 
- declaration after statement
- always true comparison due to limited range of operand
 2015-12-01 10:27:00 +01:00
Manuel Pégourié-Gonnard e3e8edfa51 Fix potential integer overflow in prev. commit 
Found by Clang's -Wshift-count-overflow
 2015-12-01 09:34:36 +01:00
Simon Butcher 15b15d1361 Added integer divide by as separate function 
Added 64bit integer divided by 32bit integer, with remainder
 2015-11-26 19:35:03 +00:00
Janos Follath 6c92268093 Improved on the previous fix and added a test case to cover both types 
of carries.
 2015-10-30 17:50:12 +01:00
Janos Follath 3fc644f246 Removed recursion from fix #309. 2015-10-25 14:24:10 +01:00
Janos Follath 8483e28e21 Merge remote-tracking branch 'upstream/development' into iss309 2015-10-25 12:36:03 +01:00
Janos Follath 6cbacec3b3 Improved on the fix of #309 and extended the test to cover subroutines. 2015-10-25 12:31:27 +01:00
Janos Follath 044a86bde8 Tests and fix added for #309 (inplace mpi doubling). 2015-10-25 10:58:03 +01:00
Simon Butcher 334a87be0b Corrected URL/reference to MPI library 2015-10-14 22:56:44 +01:00
Manuel Pégourié-Gonnard 2d7083435d Fix references to non-standard SIZE_T_MAX 
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
 2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard 58fb49531d Fix potential buffer overflow in mpi_read_string() 
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
 2015-09-28 15:59:54 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard f79b425226 Avoid in-out length parameter in bignum 2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard 6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard 7551cb9ee9 Replace malloc with calloc 
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
 2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard da61ed3346 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
 2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard 770b5e1e9e Fix missing NULL check in MPI 2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard 53c76c07de Merge branch 'mbedtls-1.3' into development 
* commit 'ce60fbe':
  Fix potential timing difference with RSA PMS
  Update Changelog for recent merge
  Added more constant-time code and removed biases in the prime number generation routines.

Conflicts:
	library/bignum.c
	library/ssl_srv.c
 2015-04-17 20:19:32 +02:00
Manuel Pégourié-Gonnard aac657a1d3 Merge remote-tracking branch 'pj/development' into mbedtls-1.3 
* pj/development:
  Added more constant-time code and removed biases in the prime number generation routines.
 2015-04-15 14:12:59 +02:00
Manuel Pégourié-Gonnard 2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard fa8aebcbcc Fix a constness issue 2015-03-19 13:38:17 +00:00
Manuel Pégourié-Gonnard 35f1d7f0aa Update signature of mpi_mul_mpi() 2015-03-19 12:42:40 +00:00
Pascal Junod b99183dfc6 Added more constant-time code and removed biases in the prime number generation routines. 2015-03-11 16:49:45 +01:00
Manuel Pégourié-Gonnard 7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Mansour Moufid c531b4af3c Apply the semantic patch rm-malloc-cast.cocci. 
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
 2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard d72704b0d5 Remove work-around for alleged compiler bug 
It turns out the problem was with the way the reporter was invoking its
toolchain, not the toolchain itself.
 2015-02-12 09:38:54 +00:00
Rich Evans 00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard 860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard 085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard 9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard 19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard 967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard 7f4ed67a97 Fix compile error with armcc in mpi_is_prime() 2014-10-15 22:06:46 +02:00
Paul Bakker 6c343d7d9a Fix mpi_write_string() to write "00" as hex output for empty MPI 2014-07-10 15:27:10 +02:00
Paul Bakker 66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker db20c10423 Add #endif comments for #endif more than 10 lines from #if / #else 2014-06-17 14:34:44 +02:00
Paul Bakker d8bb82665e Fix code styling for return statements 2014-06-17 14:06:49 +02:00
Paul Bakker 3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker c37b0ac4b2 Fix typo in bignum.c 2014-05-01 14:19:23 +02:00
Paul Bakker b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker 9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Paul Bakker 9bb04b6389 Removed redundant code in mpi_fill_random() 2014-05-01 09:47:02 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker 33dc46b080 Fix bug with mpi_fill_random() on big-endian 2014-04-30 16:20:39 +02:00
Paul Bakker 75a2860f26 Potential memory leak in mpi_exp_mod() when error occurs during 
calculation of RR.
 2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard 2eea29238c Make the compiler work-around more specific 2014-03-14 18:23:26 +01:00
Manuel Pégourié-Gonnard bb8661e006 Work around a compiler bug on OS X. 2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard fdf3f0e671 Avoid "unreachable code" warning 2014-03-11 13:47:05 +01:00
Paul Bakker 7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Paul Bakker c2024f4592 Added MPI_CHK around unguarded mpi calls 2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard 9e987edf9f Fix potential memory leak in bignum selftest 2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard fd6a191381 Fix misplaced initialisation. 
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
 2014-01-22 12:57:04 +01:00
Paul Bakker 6ea1a95ce8 Added missing MPI_CHK() around some statements 2013-12-31 11:17:14 +01:00
Manuel Pégourié-Gonnard a60fe8943d Add mpi_safe_cond_swap() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Paul Bakker 3209ce3692 Merged ECP improvements 2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard 96c7a92b08 Change mpi_safe_cond_assign() for more const-ness 2013-11-25 18:28:53 +01:00
Paul Bakker 45f457d872 Reverted API change for mpi_is_prime() 2013-11-25 14:26:52 +01:00
Manuel Pégourié-Gonnard ddf7615d49 gen_prime: check small primes early (3x speed-up) 2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard 378fb4b70a Split mpi_is_prime() and make its first arg const 2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard 0160eacc82 gen_prime: ensure X = 2 mod 3 -> 2.5x speedup 2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard 711507a726 gen_prime: ensure X = 3 mod 4 always (2x speed-up) 2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard 3e3d2b818c Fix bug in mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 71c2c21601 Add mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 5868163e07 Add mpi_shrink() 2013-11-21 21:56:38 +01:00
Paul Bakker 0d7702c3ee Minor change that makes life easier for static analyzers / compilers 2013-10-29 16:18:35 +01:00
Paul Bakker 60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Manuel Pégourié-Gonnard df0142bd17 Fix some dependencies in tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard f499993cb2 Add ecdsa_from_keypair() 
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
 2013-08-20 20:46:03 +02:00
Paul Bakker 6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker fc4f46fa9a Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler 
(cherry picked from commit 52b845be34)
 2013-06-25 15:06:52 +02:00
Paul Bakker 8ddb645ad3 Added conversion to int for a t_uint value to prevent compiler warnings 
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
 2013-03-06 18:00:54 +01:00
Manuel Pégourié-Gonnard e44ec108be Fixed segfault in mpi_shift_r() 
Fixed memory leak in test_suite_mpi
Amended ChangeLog
 2012-11-18 23:15:02 +01:00
Paul Bakker f02c5642d0 - Allow R and A to point to same mpi in mpi_div_mpi 2012-11-13 10:25:21 +00:00