yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
23550 commits 1 branch 0 tags 94 MiB
Commit graph

124 commits

Author SHA1 Message Date
Hanno Becker
895c5ab88e Preserve old behavior by checking public key in RSA parsing function 
The function `pk_get_rsapubkey` originally performed some basic
sanity checks (e.g. on the size of public exponent) on the parsed
RSA public key by a call to `mbedtls_rsa_check_pubkey`.
This check was dropped because it is not possible to thoroughly
check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ).

Still, for the sake of not silently changing existing behavior,
this commit puts back the call to `mbedtls_rsa_check_pubkey`.
 2018-01-05 08:08:09 +00:00
Hanno Becker
32297e8314 Merge branch 'development' into iotssl-1619 2017-12-22 10:24:32 +00:00
Manuel Pégourié-Gonnard
6774fa6e87 Merge branch 'development' into development-restricted 
* development:
  Add --no-yotta option to all.sh
  Fix build without MBEDTLS_FS_IO
 2017-12-18 11:43:35 +01:00
Gilles Peskine
832f349f93 Fix build without MBEDTLS_FS_IO 
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by e7707228b4
    Merge remote-tracking branch 'upstream-public/pr/1062' into development
 2017-11-30 12:03:27 +01:00
Gilles Peskine
c753f5daf4 Merge remote-tracking branch 'upstream-restricted/pr/369' into development-restricted 2017-11-28 14:16:47 +01:00
Ron Eldor
3f2da84bca Resolve PR review comments 
1) Fix style comments
2) Fix typo in Makefile
3) Remove the `MBEDTLS_MD5_C` dependency from test data file,
as the used keys are not encrypted
 2017-10-17 15:53:32 +03:00
Ron Eldor
5472d43ffb Fix issues when MBEDTLS_PEM_PARSE_C not defined 
1) Fix compilatoin issues when `MBEDTLS_PEM_PARSE_C` not defined
2) remove dependency for `MBEDTLS_PEM_PARSE_C` in DER tests
 2017-10-17 09:50:39 +03:00
Ron Eldor
40b14a894b change order of parsing public key 
First parse PEM, and if fails, parse DER. Use some convention as
in parsing the private key (`mbedtls_pk_parse_key`)
 2017-10-17 09:40:33 +03:00
Ron Eldor
84df1aeeaf use internal pk_get_rsapubkey function 
1) use `pk_get_rsapubkey` function instead of `pk_parse_key_pkcs1_der`
2) revert changes in `pk_parse_key_pkcs1_der`
 2017-10-16 17:14:46 +03:00
Ron Eldor
b006518289 Resolve PR review comments 
1) use `pk_get_rsapubkey` instead of reimplementing the parsing
2) rename the key files, according to their type and key size
3) comment in the data_files/Makefile hoe the keys were generated
4) Fix issue of failure parsing pkcs#1 DER format parsing, missed in previous commit
 2017-10-16 12:40:27 +03:00
Hanno Becker
efa14e8b0c Reduce number of MPI's used in pk_parse_key_pkcs1_der 
As the optional RSA parameters DP, DQ and QP are effectively discarded (they are only considered for their length to
ensure that the key fills the entire buffer), it is not necessary to read them into separate MPI's.
 2017-10-11 19:45:19 +01:00
Hanno Becker
7f25f850ac Adapt uses of mbedtls_rsa_complete to removed PRNG argument 2017-10-10 16:56:22 +01:00
Ron Eldor
d0c56de934 Add support for public keys encoded with PKCS#1 
1) Add support for public keys encoded with PKCS#1
2) Add tests for PKCS#1 PEM and DER, and PKCS#8 DER
 2017-10-10 17:12:07 +03:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt 
This is no longer needed after the decision to not exhaustively validate private key material.
 2017-10-02 13:20:15 +01:00
Hanno Becker
b4274210a4 Improve documentation in pkparse.c 
State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for
zeroizing and freeing the provided key buffer.
 2017-09-29 19:18:51 +01:00
Hanno Becker
f04111f5c5 Fix typo 2017-09-29 19:18:42 +01:00
Hanno Becker
9be1926b69 Correct parsing checks in mbedtls_pk_parse_key 
Two code-paths in `mbedtls_pk_parse_key` returned success on a failure in `mbedtls_pk_setup`.
 2017-09-08 12:39:44 +01:00
Hanno Becker
66a0f83d58 Remove unreachable branches in pkparse.c 2017-09-08 12:39:21 +01:00
Hanno Becker
b8d1657148 Mention in-place decryption in pk_parse_key_pkcs8_encrypted_der 
Also fixes a typo.
 2017-09-07 15:29:01 +01:00
Hanno Becker
2aa80a706f Remove unnecessary cast 2017-09-07 15:28:45 +01:00
Hanno Becker
9c6cb38ba8 Fix typo in pkparse.c 2017-09-05 10:08:01 +01:00
Hanno Becker
fab3569963 Use in-place decryption in pk_parse_pkcs8_encrypted_der 
The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.

This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.

There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key.
   This does not need adaption since the PEM context used to hold the decoded
   key is already constructed and owned by mbedtls_pk_parse_key.
2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key.
   In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with
   the buffer provided by the user, which is declared const. The commit
   therefore adds a small code paths making a copy of the keybuffer before
   calling pk_parse_pkcs8_encrypted_der.
 2017-08-25 13:57:21 +01:00
Hanno Becker
771d30edac Add missing calls to mbedtls_pem_free in mbedtls_pk_parse 2017-08-25 13:57:21 +01:00
Hanno Becker
d58c5b2d16 Adapt pkparse.c to new RSA interface 2017-08-23 16:17:24 +01:00
Andres Amaya Garcia
1f2666f9ec Zeroize return buf on failure in pkparse.c 2017-06-26 10:36:20 +01:00
Brian J Murray
2adecba01f Clarify Comments and Fix Typos (#651) 
Fixes many typos, and errors in comments.

* Clarifies many comments
* Grammar correction in config.pl help text
* Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE.
* Comment typo fix (Dont => Don't)
* Comment typo fix (assure => ensure)
* Comment typo fix (byes => bytes)
* Added citation for quoted standard
* Comment typo fix (one complement => 1's complement)

The is some debate about whether to prefer "one's complement",  "ones'
complement", or "1's complement".  The more recent RFCs related to TLS
(RFC 6347,  RFC 4347, etc) use " 1's complement", so I followed that
convention.

* Added missing ")" in comment
* Comment alignment
* Incorrect comment after #endif
 2016-11-06 12:45:15 +00:00
Robert Cragie
e8377d66b7 Clean up compilation warnings 2015-10-02 13:32:17 +01:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc 
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
 2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
d9e6a3ac10 Rename pk_init_ctx() -> pk_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
0ece0f94f2 Fix checks for nul-termination 2015-05-12 12:43:54 +02:00
Manuel Pégourié-Gonnard
43b37cbc92 Fix use of pem_read_buffer() in PK, DHM and X509 2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f Rename ecp_use_known_dp -> mbedtls_ecp_group_load() 2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
862d503c01 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix typos in Changelog
  Fix macro name from wrong branch
  Fix bug in pk_parse_key()
  Fixed typos
  Updated Travis CI config for mbedtls project

Conflicts:
	include/mbedtls/ecp.h
	include/polarssl/compat-1.2.h
	include/polarssl/openssl.h
	include/polarssl/platform.h
	library/pkparse.c
	programs/pkey/mpi_demo.c
 2015-04-15 11:30:46 +02:00
Manuel Pégourié-Gonnard
e6c8366b46 Fix bug in pk_parse_key() 2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e1e5871a55 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix bug in pk_parse_key()
  Update generated file

Conflicts:
	library/pkparse.c
	library/version_features.c
 2015-04-15 10:50:34 +02:00
Manuel Pégourié-Gonnard
924cd100a6 Fix bug in pk_parse_key() 2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
6e0643762d Reverse meaning of OID_CMP 2015-03-19 16:54:56 +00:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard
a2424a045a PKCS8 encrypted key depend on PKCS5 or PKCS12 2015-02-16 17:22:47 +00:00
Mansour Moufid
c531b4af3c Apply the semantic patch rm-malloc-cast.cocci. 
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
 2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard
7f84905552 Fix two warnings from armcc v5 
assignment in condition
 2015-02-10 17:34:35 +01:00
Rich Evans
00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
9439f93ea4 Use pk_load_file() in X509 
Saves a bit of ROM. X509 depends on PK anyway.
 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
66e20c6318 Fix warning and typo->error. 2014-06-24 17:47:40 +02:00
Paul Bakker
66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker
d8bb82665e Fix code styling for return statements 2014-06-17 14:06:49 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker
9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
f4cf80b86f Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code 2014-04-17 17:24:29 +02:00
Manuel Pégourié-Gonnard
5b8c409f53 Fix a warning (theoretical uninitialised variable) 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
6fac3515d0 Make support for SpecifiedECDomain optional 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
5246ee5c59 Work around compressed EC public key in some cases 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
eab20d2a9c Implement parsing SpecifiedECParameters 2014-03-19 15:51:12 +01:00
Paul Bakker
7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
387a211fad Fix some dependencies in tests 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec Fix some dependencies and warnings in small config 2013-09-19 10:49:00 +02:00
Manuel Pégourié-Gonnard
ff29f9c825 Compute public key if absent when reading EC key 2013-09-18 16:13:02 +02:00
Paul Bakker
da7711594e Changed pk_parse_get_pubkey() to pk_parse_subpubkey() 2013-09-16 22:45:03 +02:00
Paul Bakker
cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker
4606c7317b Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C 2013-09-15 17:04:23 +02:00
Paul Bakker
1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00