ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-21 16:05:46 +08:00
Code Issues Releases Wiki Activity
7,681 Commits 172 Branches 268 Tags
Commit Graph

3710 Commits

Author SHA1 Message Date
Hanno Becker
a90658f248 Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param 2017-10-04 15:29:08 +01:00
Hanno Becker
470a8c4d87 Deprecate mbedtls_ssl_conf_dh_param 2017-10-04 15:28:46 +01:00
Hanno Becker
184f675256 Improve debugging output 2017-10-04 13:47:33 +01:00
Hanno Becker
a6dd90de30 Add error string for failure code in mbedtls_dhm_set_group 2017-10-04 13:17:52 +01:00
Hanno Becker
ab74056037 Make use of mbedtls_dhm_set_group when generating DHM params 2017-10-04 13:17:52 +01:00
Hanno Becker
8880e75dcb Add new function mbedtls_dhm_set_group to DHM Group 2017-10-04 13:17:52 +01:00
Hanno Becker
00d0a6834a Adapt code setting default DHM parameters 2017-10-04 13:17:49 +01:00
Hanno Becker
e2fcfa84ea Stick to the use of constant-macros 
This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros
providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated.
 2017-10-04 13:12:15 +01:00
Hanno Becker
0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
Hanno Becker
8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
Hanno Becker
45a0ef32d9 Correct memory leak in mbedtls_rsa_validate_crt 2017-10-03 14:32:56 +01:00
Hanno Becker
e58d38c66f Minor improvements 2017-10-03 07:59:29 +01:00
Hanno Becker
2b2f898cbd Streamline code-path in rsa_rsassa_pkcs1_v15_encode 2017-10-03 07:59:29 +01:00
Hanno Becker
64a8c0acd6 Verify PKCS1 v1.5 signature without parsing 
This commit modifies the PKCS1 v1.5 signature verification function `mbedtls_rsa_rsassa_pkcs1_v15_verify` to prepare the
expected PKCS1-v1.5-encoded hash using the function also used by the signing routine `mbedtls_rsa_rsassa_pkcs1_v15_sign`
and comparing it to the provided byte-string afterwards. This comes at the benefits of (1) avoiding any error-prone
parsing, (2) removing the dependency of the RSA module on the ASN.1 parsing module, and (3) reducing code size.
 2017-10-03 07:58:00 +01:00
Hanno Becker
fdf38030de Outsource code for generating PKCS1 v1.5 encoding 
This commit moves the code preparing PKCS1 v1.5 encoded hashes from `mbedtls_rsa_rsassa_pkcs1_v15_sign` to a separate
non-public function `rsa_rsassa_pkcs1_v15_encode`. This code-path will then be re-used by the signature verification function
`mbetls_rsa_rsassa_pkcs1_v15_verify` in a later commit.
 2017-10-03 07:58:00 +01:00
Hanno Becker
171a8f1c95 Move constant time memcmp for signature verification 
This commit replaces the ad-hoc code for constant-time double-checking the PKCS1 v1.5 RSA signature by an invocation of
`mbedtls_safer_memcmp`.
 2017-10-03 07:58:00 +01:00
Hanno Becker
2dec5e8b00 Correct outdated comment 2017-10-03 07:49:52 +01:00
Hanno Becker
4e1be398f6 Remove FORCE_VERIFICATION and FORCE_BLINDING 2017-10-02 16:02:55 +01:00
Hanno Becker
de6c1644cc Add brackets around arguments of internal macro DHM_MPI_EXPORT 2017-10-02 15:03:15 +01:00
Hanno Becker
b5beaa8995 Check that 1 < D, E < N in mbedtls_rsa_validate_params 2017-10-02 13:20:20 +01:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt 
This is no longer needed after the decision to not exhaustively validate private key material.
 2017-10-02 13:20:15 +01:00
Hanno Becker
98838b04af Minor improvements 2017-10-02 13:17:01 +01:00
Hanno Becker
7471631dde Make input arguments to mbedtls_rsa_import_raw constant 
Original intention was to be allowed to perform in-place operations like changing the byte-order before importing
parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments
to be left untouched.
 2017-10-02 13:17:01 +01:00
Hanno Becker
bdefff1dde Change signature of mbedtls_rsa_deduce_private 
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
 2017-10-02 09:59:48 +01:00
Hanno Becker
ba5b755f1a Change signature and semantics of mbedtls_rsa_deduce_moduli 
Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has
been found.
 2017-10-02 09:55:49 +01:00
Hanno Becker
2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. 
Add a reference to the relevant RFC, adapt ChangeLog.
 2017-09-30 23:35:21 +01:00
Hanno Becker
39f5d359f5 Make mbedtls_ssl_set_hostname safe to be called multiple times 
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
 2017-09-30 23:35:02 +01:00
Hanno Becker
b4274210a4 Improve documentation in pkparse.c 
State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for
zeroizing and freeing the provided key buffer.
 2017-09-29 19:18:51 +01:00
Hanno Becker
f04111f5c5 Fix typo 2017-09-29 19:18:42 +01:00
Hanno Becker
56bae95e1d Improve style and documentation, fix typo 2017-09-29 15:43:49 +01:00
Hanno Becker
2fdffe0da0 Check exactly for the RSA context fields required in rsa_private 
Previously, the code was also checking for the presence of D for RSA-CRT, which
is not needed in this case.
 2017-09-29 15:28:49 +01:00
Hanno Becker
bead71752e Correct typo in rsa.c 2017-09-29 12:41:06 +01:00
Hanno Becker
ba1ba11a98 Check that length is properly set in mbedtls_rsa_check_pubkey 2017-09-29 11:54:05 +01:00
Hanno Becker
2f8f06aa25 Don't always recompute context length in mbedtls_rsa_get_len 
This commit changes the implementation of `mbedtls_rsa_get_len` to return
`ctx->len` instead of always re-computing the modulus' byte-size via
`mbedtls_mpi_size`.
 2017-09-29 11:54:05 +01:00
Hanno Becker
2cca6f3290 Always deduce N from P, Q in mbedtls_rsa_complete 
Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D,
E) wasn't - this is odd.
 2017-09-29 11:54:05 +01:00
Hanno Becker
a6f5539413 Adapt version_features.c to new config options 2017-09-28 13:10:46 +01:00
Hanno Becker
e71ad12cd5 Minor code-improvements in dhm.c 2017-09-28 11:06:31 +01:00
Hanno Becker
2c9f027e32 Don't require P,Q if CRT is not used 
Previously, verification used P,Q regardless of whether CRT was used in the
computation, but this has changed in the meantime.
 2017-09-28 11:04:13 +01:00
Hanno Becker
8d1dd1b5b9 Fix bug in mbedtls_mpi_exp_mod 
Calling `mbedtls_mpi_exp_mod` with a freshly initialized exponent MPI `N`,
i.e. `N.p == NULL`, would lead to a null-pointer dereference.
 2017-09-28 11:02:24 +01:00
Hanno Becker
4c72b000cb Add const-qualifiers to prime constants 2017-09-27 16:06:37 +01:00
Hanno Becker
8c8b0ab877 Change default Diffie-Hellman parameters from RFC 5114 to RFC 7919 
The origin of the primes in RFC 5114 is undocumented and their use therefore
constitutes a security risk.
 2017-09-27 12:43:57 +01:00
Hanno Becker
b2bad800e4 Introduce Diffie-Hellman parameters from RFC 7919 2017-09-27 12:43:55 +01:00
Hanno Becker
0e6dc84f3e Deprecate Diffie-Hellman groups from RFC 5114 
Also, change the way the standardized Diffie-Hellman groups are provided from
macro-based string-literals to global variables.
 2017-09-27 11:48:02 +01:00
Ron Eldor
2981a0a740 Address Andres PR comments 
Address Andres' comments in the PR
 2017-09-24 15:41:09 +03:00
Jaeden Amero
1526330931 Allow alternate implementation of GCM 
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
 2017-09-22 17:42:44 +01:00
Hanno Becker
d8a6f7cfbe Clarify code-paths in x509write_csr and x509write_crt 2017-09-22 16:05:43 +01:00
Hanno Becker
a20e33ad59 Use X509 CRT version macros for version checks in x509write_crt_der 2017-09-22 15:40:01 +01:00
Janos Follath
1ad1c6d4e1 Fix typo 2017-09-21 12:05:30 +01:00
Janos Follath
aa325d7b7f DHM: Fix dhm_check_range() always returning 0 
Although the variable ret was initialised to an error, the
MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being
0 whenewer the bignum computation was successfull and stayed 0
independently of the actual check.
 2017-09-21 12:04:41 +01:00
Florin
0b7b83fd91 Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes 
Signed-off-by: Florin <petriuc.florin@gmail.com>
 2017-09-18 16:11:42 +01:00