ef44178474
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
ab069c6b46
Merge branch 'development' into development-restricted
2016-06-23 21:42:26 +01:00
e7be5bdb96
Fixed unchecked calls to mbedtls_md_setup in rsa.c ( #502 )
...
* Fixed unchecked calls to mbedtls_md_setup in rsa.c:
* style fixes
2016-06-23 20:57:03 +01:00
f991128d40
Revert accidental changes to file mode of rsa.c
2016-06-09 13:41:28 +01:00
a338691b46
Merge branch 'development' into development-restricted
2016-06-07 09:24:41 +01:00
50cdede726
Revert accidental changes to file mode of rsa.c
2016-06-06 20:15:33 +01:00
04b591ee79
Merge branch 'development' for weekly test report.
2016-05-31 10:18:41 +01:00
9c22e7311c
Merge branch 'development'
2016-05-24 13:25:46 +01:00
65b1fa6b07
Fixes warnings found by Clang static analyser
...
Also removes annotations in the code to avoid warnings which don't appear to
be needed.
2016-05-23 23:18:26 +01:00
930a3701e7
fix indentation in output of selftest.c
2016-05-23 14:29:32 +01:00
38d188896c
Cleanup ifdef statements
2016-05-23 14:29:31 +01:00
e735303026
Shut up a few clang-analyze warnings about use of uninitialized variables
...
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-05-23 14:29:28 +01:00
94bafdf834
Merge branch 'development'
2016-05-18 18:40:46 +01:00
c21bec8af4
Merge branch 'development'
2016-05-16 16:15:20 +01:00
21cc5741cf
Cleanup ifdef statements
2016-05-12 12:46:28 +01:00
f4743a6f5e
Merge pull request #457 from NWilson/clang-analyze-fixes
...
Clang analyze fixes
2016-05-11 20:20:42 +02:00
2300776816
Merge branch 'development'
2016-04-19 10:39:36 +01:00
1ed9f99ef3
Fix null pointer dereference in the RSA module.
...
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:16:31 +01:00
3f5c875654
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
10c575be3e
Fix odd bitlength RSA key generation
...
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-15 18:49:13 +01:00
409401c044
Shut up a few clang-analyze warnings about use of uninitialized variables
...
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-04-13 11:56:22 +01:00
078bcdd6f6
Merge branch 'IOTSSL-628-BufferOverread'
2016-03-16 22:53:11 +00:00
0203745e23
Swap C++ comments to C for style consistency in rsa.c
2016-03-09 21:06:20 +00:00
c69fa50d4c
Removing 'if' branch from the fix.
...
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-03-09 21:06:19 +00:00
b6eb1ca01c
Length check added
2016-03-09 21:06:19 +00:00
370717b571
Add precision about exploitability in ChangeLog
...
Also fix some whitespace while at it.
2016-03-09 21:06:19 +00:00
eddfe8f6f3
Included tests for the overflow
2016-03-09 21:06:19 +00:00
c17cda1ab9
Moved underflow test to better reflect time constant behaviour.
2016-02-11 11:08:18 +00:00
b8afe1bb2c
Included test for integer underflow.
2016-02-09 14:51:35 +00:00
bdae02ce90
Corrected references for RSA and DHM
...
The links in the references in rsa.c and dhm.c were no longer valid and needed
updating.
2016-01-20 00:44:42 +00:00
1285ab5dc2
Fix for memory leak in RSA-SSA signing
...
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c
2016-01-01 21:42:47 +00:00
fb84d38b45
Try to prevent some misuse of RSA functions
...
fixes #331
2015-10-30 10:56:25 +01:00
5f50104c52
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
4d04cdcd12
Fix RSA mutex fix
...
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.
Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.
see #257
2015-08-31 09:31:55 +02:00
1385a289f4
Fix possible mutex lock/unlock mismatch
...
fixes #257
2015-08-27 11:30:58 +02:00
d1004f02e6
Fix printed output of some selftests
2015-08-07 10:57:41 +02:00
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
c0696c216b
Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen
2015-06-18 16:49:37 +02:00
bdd7828ca0
Always check return status of mutex_(un)lock()
2015-04-24 14:43:24 +02:00
53c76c07de
Merge branch 'mbedtls-1.3' into development
...
* commit 'ce60fbe':
Fix potential timing difference with RSA PMS
Update Changelog for recent merge
Added more constant-time code and removed biases in the prime number generation routines.
Conflicts:
library/bignum.c
library/ssl_srv.c
2015-04-17 20:19:32 +02:00
aac657a1d3
Merge remote-tracking branch 'pj/development' into mbedtls-1.3
...
* pj/development:
Added more constant-time code and removed biases in the prime number generation routines.
2015-04-15 14:12:59 +02:00
2cf5a7c98e
The Great Renaming
...
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
998930ae0d
Replace non-ascii characters in source files
2015-04-03 13:48:06 +02:00
26c9f90cae
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Add missing depends in x509 programs
Simplify ifdef checks in programs/x509
Fix thread safety issue in RSA operations
Add test certificate for bitstring in DN
Add support for X.520 uniqueIdentifier
Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
88fca3ef0e
Fix thread safety issue in RSA operations
...
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).
The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.
A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
2015-03-27 15:12:05 +01:00
abb674467b
Rename md_init_ctx() to md_setup()
2015-03-25 21:55:56 +01:00
4063ceb281
Make hmac_ctx optional
...
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
ca878dbaa5
Make md_info_t an opaque structure
...
- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
negligible
2015-03-25 21:37:15 +01:00
b99183dfc6
Added more constant-time code and removed biases in the prime number generation routines.
2015-03-11 16:49:45 +01:00
