yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mbedtls/library
History
Manuel Pégourié-Gonnard f29857ca0a Reject low-order points on Curve25519 early 
We were already rejecting them at the end, due to the fact that with the
usual (x, z) formulas they lead to the result (0, 0) so when we want to
normalize at the end, trying to compute the modular inverse of z will
give an error.

If we wanted to support those points, we'd a special case in
ecp_normalize_mxz(). But it's actually permitted by all sources
(RFC 7748 say we MAY reject 0 as a result) and recommended by some to
reject those points (either to ensure contributory behaviour, or to
protect against timing attack when the underlying field arithmetic is
not constant-time).

Since our field arithmetic is indeed not constant-time, let's reject
those points before they get mixed with sensitive data (in
ecp_mul_mxz()), in order to avoid exploitable leaks caused by the
special cases they would trigger. (See the "May the Fourth" paper
https://eprint.iacr.org/2017/806.pdf)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-23 10:14:58 +02:00
..
.gitignore Ignore generated source files that are no longer checked in 2021-05-20 10:37:22 +02:00
aes.c Merge pull request #4469 from xiaoxiang781216/padlock 2021-05-28 11:06:40 +02:00
aesni.c Move aesni.h to library 2021-03-10 12:52:37 +00:00
aesni.h Move aesni.h to library 2021-03-10 12:52:37 +00:00
aria.c ARIA: add missing context init/free 2021-05-25 09:23:10 +02:00
asn1parse.c Add missing const attribute to asn1 api 2021-01-26 13:57:46 +01:00
asn1write.c Add missing const attribute to asn1write api 2021-01-27 15:37:12 +01:00
base64.c Code style fixups 2021-03-04 14:34:50 +00:00
bignum.c Merge pull request #828 from mpg/rsa-lookup-restricted 2021-06-22 09:33:20 +02:00
bn_mul.h Move bn_mul.h to library/ 2021-03-10 12:52:37 +00:00
camellia.c CAMELLIA: add missing context init/free 2021-05-25 09:23:10 +02:00
ccm.c Fix additional data length field check for CCM 2020-10-08 12:09:44 +02:00
chacha20.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
chachapoly.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
check_crypto_config.h psa: config: Add CAMELLIA to the list of possible CMAC ciphers 2021-03-25 14:25:46 +01:00
cipher.c Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length 2021-05-20 15:08:55 +02:00
cipher_wrap.c Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
cipher_wrap.h Rename <pk/md/cipher>_internal.h to *_wrap.h 2021-03-10 12:52:37 +00:00
cmac.c Allow skipping 3DES in CMAC self-test when ALT implemented 2021-03-02 10:18:08 +01:00
CMakeLists.txt Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
common.h Fix typo 2021-05-27 14:39:53 +02:00
ctr_drbg.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
debug.c Add missing parentheses 2021-06-17 21:46:29 +02:00
des.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
dhm.c Make RNG parameters mandatory in DHM functions 2021-06-17 09:38:38 +02:00
ecdh.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ecdsa.c avoid "maybe-uninitialized" and "free-nonheap-object" errors/warnings with gcc11 2021-05-19 11:31:37 -04:00
ecjpake.c Make RNG parameters mandatory in ECP functions 2021-06-17 09:38:38 +02:00
ecp.c Reject low-order points on Curve25519 early 2021-06-23 10:14:58 +02:00
ecp_curves.c static initialize comb table 2021-06-01 10:02:13 +08:00
ecp_internal_alt.h Rename library/ecp_alt.h to ecp_internal_alt.h 2021-06-15 00:10:37 +02:00
ecp_invasive.h Move mbedtls_mpi_random to the bignum module 2021-06-03 18:10:04 +02:00
entropy.c Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test 2021-06-18 16:35:58 +01:00
entropy_poll.c Move part of timing module out of the library 2021-06-15 15:47:44 +02:00
entropy_poll.h Move part of timing module out of the library 2021-06-15 15:47:44 +02:00
gcm.c Rework and reword the guarantees on output_size 2021-05-18 23:15:40 +02:00
hkdf.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
hmac_drbg.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
Makefile Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
md.c Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
md5.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
md_wrap.h Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
memory_buffer_alloc.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
mps_common.h Capitalise MPS trace macros 2021-04-07 12:45:35 +01:00
mps_error.h Fix Doxygen headers for MPS files 2021-03-29 14:20:18 +01:00
mps_reader.c Capitalise MPS trace macros 2021-04-07 12:45:35 +01:00
mps_reader.h Fix Doxygen headers for MPS files 2021-03-29 14:20:18 +01:00
mps_trace.c Capitalise MPS trace macros 2021-04-07 12:45:35 +01:00
mps_trace.h Capitalise MPS trace macros 2021-04-07 12:45:35 +01:00
net_sockets.c Fix fd range for select on Windows 2021-06-20 23:14:36 +02:00
nist_kw.c Fix null pointer arithmetic in error case 2021-06-01 11:22:56 +02:00
oid.c Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
padlock.c Move padlock.h to library 2021-03-10 12:52:37 +00:00
padlock.h Fix docs for mbedtls_padlock_has_support 2021-05-18 19:01:42 +01:00
pem.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
pk.c Add RNG parameter to check_pair functions 2021-06-17 09:38:38 +02:00
pk_wrap.c Add RNG parameter to check_pair functions 2021-06-17 09:38:38 +02:00
pk_wrap.h Add RNG parameter to check_pair functions 2021-06-17 09:38:38 +02:00
pkcs5.c Apply MBEDTLS_ERROR_ADD to library 2021-04-15 11:19:47 +01:00
pkcs12.c Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
pkparse.c Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA 2021-06-22 09:27:41 +02:00
pkwrite.c Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-21 12:31:43 +02:00
platform.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
platform_util.c Fixes two _POSIX_C_SOURCE typos. 2020-11-13 09:20:18 +00:00
poly1305.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto.c Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC 2021-06-22 12:18:25 +02:00
psa_crypto_aead.c Update all uses of old AEAD output size macros 2021-04-15 17:32:06 +02:00
psa_crypto_aead.h psa: aead: Move AEAD driver entry points to psa_crypto_aead.c 2021-04-07 16:03:31 +02:00
psa_crypto_cipher.c Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
psa_crypto_cipher.h psa: cipher: Remove cipher_generate_iv driver entry point 2021-03-26 15:58:25 +01:00
psa_crypto_client.c psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined 2021-02-09 15:36:08 +01:00
psa_crypto_core.h Update documentation 2021-05-13 11:19:01 +02:00
psa_crypto_driver_wrappers.c Introduce MBEDTLS_PRIVATE macro. 2021-05-21 18:07:06 +02:00
psa_crypto_driver_wrappers.h Dispatch sign/verify funtions through the driver interface 2021-05-13 11:18:57 +02:00
psa_crypto_ecp.c Move mbedtls_md_info_from_psa into the mbedtls hash driver 2021-03-15 12:14:40 +01:00
psa_crypto_ecp.h psa: Rework ECDSA sign/verify support in the transparent test driver 2021-02-18 15:45:12 +01:00
psa_crypto_hash.c Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
psa_crypto_hash.h Merge branch 'development' into development_3.0 2021-04-19 10:51:59 +02:00
psa_crypto_invasive.h Rework MAC algorithm / key type validation 2021-03-03 19:58:02 +01:00
psa_crypto_its.h Update documentation 2020-11-25 13:10:50 +01:00
psa_crypto_mac.c Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC 2021-06-22 12:18:25 +02:00
psa_crypto_mac.h Move is_sign and mac_size checking back to PSA core scope 2021-05-10 11:29:13 +02:00
psa_crypto_random_impl.h Work around MSVC bug with duplicate static declarations 2021-02-16 18:55:05 +01:00
psa_crypto_rsa.c Add RNG params to private key parsing 2021-06-17 09:38:38 +02:00
psa_crypto_rsa.h psa: Add RSA sign/verify hash support to the transparent test driver 2021-02-18 15:45:06 +01:00
psa_crypto_se.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_se.h Update documentation 2020-11-25 13:10:50 +01:00
psa_crypto_service_integration.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_slot_management.c Remove MBEDTLS_CHECK_PARAMS option 2021-05-27 17:33:32 +02:00
psa_crypto_slot_management.h psa: Fix error code when creating/registering a key with invalid id 2021-04-01 14:05:41 +02:00
psa_crypto_storage.c Add missing common.h include. 2021-05-27 14:40:40 +02:00
psa_crypto_storage.h Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT 2021-02-15 14:26:44 +01:00
psa_its_file.c Add missing common.h include. 2021-05-27 14:40:40 +02:00
ripemd160.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
rsa.c Check for mandatory RNG parameters in RSA private 2021-06-17 09:37:55 +02:00
rsa_alt_helpers.c Rename rsa_internal.* to rsa_alt_helpers.* 2021-03-10 12:52:37 +00:00
rsa_alt_helpers.h Rename rsa_internal.* to rsa_alt_helpers.* 2021-03-10 12:52:37 +00:00
sha1.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
sha256.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
sha512.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
ssl_cache.c Fix search for outdated entries in SSL session cache 2021-05-14 14:55:15 +01:00
ssl_ciphersuites.c Code review fixes 2021-06-18 12:59:38 +02:00
ssl_cli.c Removes truncated HMAC code from ssl_X.c 2021-06-16 16:19:53 +01:00
ssl_cookie.c Remove the TLS 1.0 and 1.1 support 2021-05-24 12:45:20 +02:00
ssl_invasive.h Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted 2020-08-25 14:35:55 +01:00
ssl_misc.h Merge pull request #4382 from hanno-arm/max_record_payload_api 2021-06-08 11:07:27 +02:00
ssl_msg.c Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev 2021-06-07 20:53:33 +02:00
ssl_srv.c Removes truncated HMAC code from ssl_X.c 2021-06-16 16:19:53 +01:00
ssl_ticket.c Rename ssl_internal.h to ssl_misc.h 2021-03-10 12:52:37 +00:00
ssl_tls.c Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export 2021-06-22 18:52:37 +02:00
ssl_tls13_keys.c Remove misleading comment in TLS 1.3 key schedule code 2021-05-31 19:40:45 +01:00
ssl_tls13_keys.h Fix Doxygen for TLS 1.3 PSK binder helper 2021-05-26 04:47:29 +01:00
threading.c Explain the usage of is_valid in pthread mutexes 2021-02-22 19:24:03 +01:00
timing.c Removing global variable and moving variant function comment block 2021-06-18 13:22:57 +02:00
version.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509.c Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased 2021-04-28 17:31:55 +01:00
x509_create.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509_crl.c Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased 2021-04-28 17:31:55 +01:00
x509_crt.c Remove secp256k1 from the default X.509 and TLS profiles 2021-06-17 23:17:52 +02:00
x509_csr.c Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased 2021-04-28 17:31:55 +01:00
x509write_crt.c Rename the _ret() functions 2021-06-08 16:45:41 +02:00
x509write_csr.c Expose flag for critical extensions 2021-05-27 14:27:43 +02:00