1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-04 08:02:28 +03:00
Commit Graph

7174 Commits

Author SHA1 Message Date
aadbadbf42 mpi_exp_mod: move X next to the precomputed values
With small exponents (for example, when doing RSA-1024 with CRT, each
prime is 512 bits and we'll use wsize = 5 which may be smaller that the
maximum - or even worse when doing public RSA operations which typically
have a 16-bit exponent so we'll use wsize = 1) the usage of W will have
pre-computed values, then empty space, then the accumulator at the very
end.

Move X next to the precomputed values to make accesses more efficient
and intuitive.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 14:55:05 +00:00
6632383993 mpi_exp_mod: rename local variables
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 14:48:02 +00:00
f0ceb1cae1 mpi_exp_mod: remove memory ownership confusion
Elements of W didn't all have the same owner: all were owned by this
function, except W[x_index]. It is more robust if we make a proper copy
of X.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 14:31:22 +00:00
3a3c50ca0a mpi_exp_mod: improve documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-11 15:56:38 +00:00
95655a2ba0 mpi_exp_mod: protect out of window zeroes
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.

Loading the output variable from the table in constant time removes this
leakage.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-08 09:09:14 +00:00
91c0286917 mpi_exp_mod: load the output variable to the table
This is done in preparation for constant time loading that will be added
in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-08 09:09:14 +00:00
c4698502d6 Merge pull request #6491 from davidhorstmann-arm/2.28-fix-unusual-macros-0
[Backport-ish 2.28] Fix unusual macros
2022-11-03 10:29:06 +01:00
e9e0eeccec Merge pull request #6525 from daverodgman/fix-duplicate-header-2.28
Remove duplicate function prototype - 2.28 backport
2022-11-02 13:06:04 +00:00
490f804555 Improve documentation for psa_crypto_cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-02 09:29:35 +00:00
8e322b1e99 Move declaration of mbedtls_cipher_info_from_psa into psa_crypto_cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-02 09:27:01 +00:00
e222637cfe Remove duplicate function prototype
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-01 16:41:48 +00:00
369f495afc Fix zeroization at NULL pointer
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-01 16:11:47 +00:00
0bbe75838e Merge pull request #6191 from daverodgman/invalid-ecdsa-pubkey-backport-2.28
Improve ECDSA verify validation - 2.28 backport
2022-10-31 09:37:38 +00:00
b5b1ed2969 Fix unused warning in ssl_tls.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-27 13:21:49 +01:00
edc110d15a Fix a timing leak in ecp_mul_mxz()
The bit length of m is leaked through through timing in ecp_mul_mxz().
Initially found by Manuel Pégourié-Gonnard on ecp_mul_edxyz(), which has
been inspired from ecp_mul_mxz(), during initial review of the EdDSA PR.
See: https://github.com/Mbed-TLS/mbedtls/pull/3245#discussion_r490827996

Fix that by using grp->nbits + 1 instead, which anyway is very close to
the length of m, which means there is no significant performance impact.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2022-10-27 11:58:15 +01:00
ab6175130b Fix macro-spanning if in x509_crt.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-27 11:45:01 +01:00
04020abfae Fix macro-spanning ifs in ssl_ticket.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-27 11:39:03 +01:00
d4f22083ba Fix macro-spanning ifs in ssl_tls.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-27 11:39:03 +01:00
197b240089 Fix macro-spanning if in ssl_msg.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-27 11:39:03 +01:00
ef661c531f Fix macro-spanning ifs in ecp.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-27 11:38:53 +01:00
74ace59dc6 Fix macro-spanning ifs in ssl_srv.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-27 11:38:15 +01:00
c527796ecb Merge pull request #6392 from davidhorstmann-arm/2.28-fix-x509-get-name-cleanup
[Backport 2.28] Fix `mbedtls_x509_get_name()` cleanup
2022-10-26 14:28:04 +02:00
ee0a0e75c8 Fix macro-spanning ifs in ssl_cli.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 17:20:00 +01:00
e9af9e3e12 Minor improvements to ecp.c changes
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:47:56 +01:00
9430330d2f Rename ARIA_SELF_TEST_IF_FAIL
Change to ARIA_SELF_TEST_ASSERT

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:47:56 +01:00
864cc8dba2 Minor changes to asn1write.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:47:56 +01:00
d209197f37 Refactor macro-spanning ifs in ecdh.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:47:56 +01:00
b95ee00244 Refactor macro-spanning ifs in ecp.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:47:56 +01:00
863b17d0cc Refactor macro-spanning if in asn1write.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:47:56 +01:00
f3b1eaf95d Refactor macro-spanning if in sha512.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:47:53 +01:00
5846c9de19 Refactor macro-spanning if in ssl_msg.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:43:05 +01:00
0bb7243425 Refactor macro-spanning if in ssl_tls12_client.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:39:26 +01:00
75b1fe7199 Refactor ARIA_SELF_TEST_IF_FAIL macro
Change the ARIA_SELF_TEST_IF_FAIL macro to be more code-style friendly.
Currently it expands to the body of an if statement, which causes
problems for automatic brace-addition for if statements.

Convert the macro to a function-like macro that takes the condition as
an argument and expands to a full if statement inside a do {} while (0)
idiom.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 16:36:03 +01:00
670a993dcd Fix incorrect return style
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 15:30:30 +01:00
e6917d05d3 Remove unnecessary NULL assignments
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 15:30:30 +01:00
5ad5e1657d Clarify wording on allocation
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 15:30:30 +01:00
279188f3f3 Merge pull request #6396 from gilles-peskine-arm/platform.h-unconditional-2.28
Backport 2.28: Include platform.h unconditionally
2022-10-13 10:19:25 +02:00
36b33ba42f Restore platform.h inclusion in error.c
This is an automatically generated file. The automatic processing to change
platform.h inclusion made it diverge, so put it back the way it needs to be.
platform.h is getting included once unconditionally from the fixed part of
the template, and once from the automatic enumeration of headers, which is
perfectly fine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-07 19:49:05 +02:00
7705a4614e Include platform.h unconditionally: gcm
gcm.c had a slightly different pattern for the conditional inclusion of
platform.h which didn't fit the general replacement. Simplify it manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-07 15:47:39 +02:00
169554c68f Adapt macro names: MBEDTLS_SSL_SOME_SUITES_USE_MAC->MBEDTLS_SSL_SOME_MODES_USE_MAC
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 10:53:20 +02:00
8c176b487a Free structs in mbedtls_x509_get_name() on error
mbedtls_x509_get_name() allocates a linked list of mbedtls_x509_name
structs but does not free these when there is an error, leaving the
caller to free them itself. Change this to cleanup these objects within
the function in case of an error.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-05 12:57:32 +01:00
093a4aa51b Remove useless platform macro redefinitions: automatic part
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-05 11:54:51 +02:00
8474fe072b Include platform.h unconditionally: second automatic part
Some source files included platform.h in a nested conditional. The previous
commit "Include platform.h unconditionally: automatic part" only removed
the outer conditional. This commit removes the inner conditional.

This commit once again replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-05 11:49:12 +02:00
9450dc7b6f Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq()
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-05 11:38:25 +02:00
36f19b97e2 Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-05 11:26:07 +02:00
4268731b2f Fix ECDSA signature verification edge-case
For R and S equal to 1, ensure the public key is checked
for validity.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-09-23 10:42:33 +01:00
250a612969 Merge pull request #6212 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1-2.28
Backport 2.28: Be explicit about constant time bignum functions that must take a 0 or 1 condition value
2022-08-22 17:24:10 +02:00
81e742333e ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-19 13:42:08 +01:00
f211d824d7 Be explicit about constant time bignum functions that must take a 0 or 1 condition value
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-18 14:56:00 +01:00
f222b8e041 Merge pull request #6161 from daverodgman/backport-cert-symlink
Backport 2.28: x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:31 +02:00