Janos Follath
3072458ec3
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 09:27:18 +01:00
Janos Follath
742783fe85
Included tests for the overflow
...
Conflicts:
library/rsa.c
2016-05-18 19:58:41 +01:00
Simon Butcher
d3253b018e
Fix for backprt of IOTSSL-628
...
Corrections to constand and function names changed between 1.3 and 2.1
2016-05-18 19:58:41 +01:00
Janos Follath
092f2c48c4
Move underflow test to make time constant
2016-05-18 19:58:41 +01:00
Janos Follath
3bed13df1c
Included test for integer underflow.
2016-05-18 19:58:40 +01:00
Janos Follath
f18263d78b
Removing 'if' branch from the fix.
...
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-05-18 19:58:40 +01:00
Janos Follath
f570f7f686
Length check added
2016-05-18 19:58:40 +01:00
Janos Follath
7ddc2cdfce
Fix null pointer dereference in the RSA module.
...
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:28:24 +01:00
Simon Butcher
e9f842782b
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-19 10:02:43 +01:00
Janos Follath
d61fc6881a
Fix odd bitlength RSA key generation
...
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:42:17 +01:00
Simon Butcher
7d3f3a8ac8
Fix for memory leak in RSA-SSA signing
...
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2016-01-02 00:03:39 +00:00
Manuel Pégourié-Gonnard
a1cdcd2364
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
backport of 5f50104
2015-09-09 12:23:47 +02:00
Manuel Pégourié-Gonnard
5efed09c5f
Fix possible unlock before lock in RSA
...
Backport of 1385a28
and 4d04cdc
see #257
2015-08-31 10:21:10 +02:00
Manuel Pégourié-Gonnard
aac657a1d3
Merge remote-tracking branch 'pj/development' into mbedtls-1.3
...
* pj/development:
Added more constant-time code and removed biases in the prime number generation routines.
2015-04-15 14:12:59 +02:00
Manuel Pégourié-Gonnard
88fca3ef0e
Fix thread safety issue in RSA operations
...
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).
The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.
A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
2015-03-27 15:12:05 +01:00
Pascal Junod
b99183dfc6
Added more constant-time code and removed biases in the prime number generation routines.
2015-03-11 16:49:45 +01:00
Manuel Pégourié-Gonnard
fe44643b0e
Rename website and repository
2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard
a273371fc4
Fix "int vs enum" warnings from armcc v5
...
enumerated type mixed with another type
2015-02-10 17:34:48 +01:00
Rich Evans
00ab47026b
cleanup library and some basic tests. Includes, add guards to includes
2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard
860b51642d
Fix url again
2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
085ab040aa
Fix website url to use https.
2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c
Remove maintainer line.
2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa
Remove redundant "all rights reserved"
2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b
Update copyright
2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c
Change name to mbed TLS in the copyright notice
2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
e10e06d863
Blind RSA operations even without CRT
2014-11-06 18:25:44 +01:00
Paul Bakker
21e081b068
Prevent (incorrect) compiler warning
2014-07-24 10:38:01 +02:00
Paul Bakker
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
Paul Bakker
66d5d076f7
Fix formatting in various code to match spacing from coding style
2014-06-17 17:06:47 +02:00
Paul Bakker
d8bb82665e
Fix code styling for return statements
2014-06-17 14:06:49 +02:00
Manuel Pégourié-Gonnard
88aa6e0b58
Fix potential memory leak in RSASSA-PSS verify
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
0eaa8beb36
Fix signedness warning
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
5ec628a2b9
Add rsa_rsassa_pss_verify_ext()
2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
e6d1d82b66
Relax checks on RSA mode for public key operations
2014-06-04 12:09:08 +02:00
Paul Bakker
9af723cee7
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
f96f7b607a
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-04-30 16:02:38 +02:00
Paul Bakker
24f37ccaed
rsa_check_pubkey() now allows an E up to N
2014-04-30 13:43:51 +02:00
Paul Bakker
3d8fb63e11
Added missing MPI_CHK around mpi functions
2014-04-17 12:42:41 +02:00
Manuel Pégourié-Gonnard
fdddac90a6
Fix stupid bug in rsa_copy()
2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard
844a4c0aef
Fix RSASSA-PSS example programs
2014-03-13 19:25:06 +01:00
Paul Bakker
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
fbf0915404
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-02-05 17:01:24 +01:00
Paul Bakker
42099c3155
Revert "Add pk_rsa_set_padding() and rsa_set_padding()"
...
This reverts commit b4fae579e8
.
Conflicts:
library/pk.c
tests/suites/test_suite_pk.data
tests/suites/test_suite_pk.function
2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard
b4fae579e8
Add pk_rsa_set_padding() and rsa_set_padding()
2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
7c59363a85
Remove a few dead stores
2014-01-22 13:02:39 +01:00
Paul Bakker
4de44aa0ae
Rewrote check to prevent read of uninitialized data in
...
rsa_rsassa_pss_verify()
2013-12-31 11:43:01 +01:00
Paul Bakker
fef3c5a652
Fixed typo in POLARSSL_PKCS1_V15 in rsa.c
2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard
27290daf3b
Check PKCS 1.5 padding in a more constant-time way
...
(Avoid branches that depend on secret data.)
2013-11-30 13:36:53 +01:00