mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 20:54:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
mbedtls/library
History
Janos Follath 865a75e95b Reject low-order points on Curve448 early 
We were already rejecting them at the end, due to the fact that with the
usual (x, z) formulas they lead to the result (0, 0) so when we want to
normalize at the end, trying to compute the modular inverse of z will
give an error.

If we wanted to support those points, we'd a special case in
ecp_normalize_mxz(). But it's actually permitted by all sources (RFC
7748 say we MAY reject 0 as a result) and recommended by some to reject
those points (either to ensure contributory behaviour, or to protect
against timing attack when the underlying field arithmetic is not
constant-time).

Since our field arithmetic is indeed not constant-time, let's reject
those points before they get mixed with sensitive data (in
ecp_mul_mxz()), in order to avoid exploitable leaks caused by the
special cases they would trigger. (See the "May the Fourth" paper
https://eprint.iacr.org/2017/806.pdf)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-24 15:34:59 +01:00
..
.gitignore
Ignore generated source files that are no longer checked in
2021-05-20 10:37:22 +02:00
aes.c
Merge pull request #4469 from xiaoxiang781216/padlock
2021-05-28 11:06:40 +02:00
aesni.c
Move aesni.h to library
2021-03-10 12:52:37 +00:00
aesni.h
Move aesni.h to library
2021-03-10 12:52:37 +00:00
aria.c
ARIA: add missing context init/free
2021-05-25 09:23:10 +02:00
asn1parse.c
Add missing const attribute to asn1 api
2021-01-26 13:57:46 +01:00
asn1write.c
Add missing const attribute to asn1write api
2021-01-27 15:37:12 +01:00
base64.c
Code style fixups
2021-03-04 14:34:50 +00:00
bignum.c
Merge pull request #828 from mpg/rsa-lookup-restricted
2021-06-22 09:33:20 +02:00
bn_mul.h
Move mpi constant macros to bn_mul.h
2021-06-24 14:48:38 +01:00
camellia.c
CAMELLIA: add missing context init/free
2021-05-25 09:23:10 +02:00
ccm.c
Fix additional data length field check for CCM
2020-10-08 12:09:44 +02:00
chacha20.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
chachapoly.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
check_crypto_config.h
psa: config: Add CAMELLIA to the list of possible CMAC ciphers
2021-03-25 14:25:46 +01:00
cipher_wrap.c
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
cipher_wrap.h
Rename <pk/md/cipher>_internal.h to *_wrap.h
2021-03-10 12:52:37 +00:00
cipher.c
Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length
2021-05-20 15:08:55 +02:00
cmac.c
Allow skipping 3DES in CMAC self-test when ALT implemented
2021-03-02 10:18:08 +01:00
CMakeLists.txt
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
common.h
Fix typo
2021-05-27 14:39:53 +02:00
ctr_drbg.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
debug.c
Add missing parentheses
2021-06-17 21:46:29 +02:00
des.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
dhm.c
Make RNG parameters mandatory in DHM functions
2021-06-17 09:38:38 +02:00
ecdh.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
ecdsa.c
avoid "maybe-uninitialized" and "free-nonheap-object" errors/warnings with gcc11
2021-05-19 11:31:37 -04:00
ecjpake.c
Make RNG parameters mandatory in ECP functions
2021-06-17 09:38:38 +02:00
ecp_curves.c
Use mbedtls_mpi_lset() more
2021-06-24 15:00:33 +01:00
ecp_internal_alt.h
Rename library/ecp_alt.h to ecp_internal_alt.h
2021-06-15 00:10:37 +02:00
ecp_invasive.h
Move mbedtls_mpi_random to the bignum module
2021-06-03 18:10:04 +02:00
ecp.c
Reject low-order points on Curve448 early
2021-06-24 15:34:59 +01:00
entropy_poll.c
Move part of timing module out of the library
2021-06-15 15:47:44 +02:00
entropy_poll.h
Move part of timing module out of the library
2021-06-15 15:47:44 +02:00
entropy.c
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
2021-06-18 16:35:58 +01:00
gcm.c
Rework and reword the guarantees on output_size
2021-05-18 23:15:40 +02:00
hkdf.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
hmac_drbg.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
Makefile
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
md5.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
md_wrap.h
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
md.c
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
memory_buffer_alloc.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
mps_common.h
Capitalise MPS trace macros
2021-04-07 12:45:35 +01:00
mps_error.h
Fix Doxygen headers for MPS files
2021-03-29 14:20:18 +01:00
mps_reader.c
Capitalise MPS trace macros
2021-04-07 12:45:35 +01:00
mps_reader.h
Fix Doxygen headers for MPS files
2021-03-29 14:20:18 +01:00
mps_trace.c
Capitalise MPS trace macros
2021-04-07 12:45:35 +01:00
mps_trace.h
Capitalise MPS trace macros
2021-04-07 12:45:35 +01:00
net_sockets.c
Fix fd range for select on Windows
2021-06-20 23:14:36 +02:00
nist_kw.c
Fix null pointer arithmetic in error case
2021-06-01 11:22:56 +02:00
oid.c
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
padlock.c
Move padlock.h to library
2021-03-10 12:52:37 +00:00
padlock.h
Fix docs for mbedtls_padlock_has_support
2021-05-18 19:01:42 +01:00
pem.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
pk_wrap.c
Add RNG parameter to check_pair functions
2021-06-17 09:38:38 +02:00
pk_wrap.h
Add RNG parameter to check_pair functions
2021-06-17 09:38:38 +02:00
pk.c
Add RNG parameter to check_pair functions
2021-06-17 09:38:38 +02:00
pkcs5.c
Apply MBEDTLS_ERROR_ADD to library
2021-04-15 11:19:47 +01:00
pkcs12.c
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
pkparse.c
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
2021-06-22 09:27:41 +02:00
pkwrite.c
Merge branch 'development_3.0' into remove_depr_error_codes
2021-04-21 12:31:43 +02:00
platform_util.c
Fixes two _POSIX_C_SOURCE typos.
2020-11-13 09:20:18 +00:00
platform.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
poly1305.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
psa_crypto_aead.c
Update all uses of old AEAD output size macros
2021-04-15 17:32:06 +02:00
psa_crypto_aead.h
psa: aead: Move AEAD driver entry points to psa_crypto_aead.c
2021-04-07 16:03:31 +02:00
psa_crypto_cipher.c
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
psa_crypto_cipher.h
psa: cipher: Remove cipher_generate_iv driver entry point
2021-03-26 15:58:25 +01:00
psa_crypto_client.c
psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
2021-02-09 15:36:08 +01:00
psa_crypto_core.h
Update documentation
2021-05-13 11:19:01 +02:00
psa_crypto_driver_wrappers.c
Introduce MBEDTLS_PRIVATE macro.
2021-05-21 18:07:06 +02:00
psa_crypto_driver_wrappers.h
Dispatch sign/verify funtions through the driver interface
2021-05-13 11:18:57 +02:00
psa_crypto_ecp.c
Move mbedtls_md_info_from_psa into the mbedtls hash driver
2021-03-15 12:14:40 +01:00
psa_crypto_ecp.h
psa: Rework ECDSA sign/verify support in the transparent test driver
2021-02-18 15:45:12 +01:00
psa_crypto_hash.c
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-16 10:34:25 +02:00
psa_crypto_hash.h
Merge branch 'development' into development_3.0
2021-04-19 10:51:59 +02:00
psa_crypto_invasive.h
Rework MAC algorithm / key type validation
2021-03-03 19:58:02 +01:00
psa_crypto_its.h
Update documentation
2020-11-25 13:10:50 +01:00
psa_crypto_mac.c
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC
2021-06-22 12:18:25 +02:00
psa_crypto_mac.h
Move is_sign and mac_size checking back to PSA core scope
2021-05-10 11:29:13 +02:00
psa_crypto_random_impl.h
Work around MSVC bug with duplicate static declarations
2021-02-16 18:55:05 +01:00
psa_crypto_rsa.c
Add RNG params to private key parsing
2021-06-17 09:38:38 +02:00
psa_crypto_rsa.h
psa: Add RSA sign/verify hash support to the transparent test driver
2021-02-18 15:45:06 +01:00
psa_crypto_se.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
psa_crypto_se.h
Update documentation
2020-11-25 13:10:50 +01:00
psa_crypto_service_integration.h
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
psa_crypto_slot_management.c
Remove MBEDTLS_CHECK_PARAMS option
2021-05-27 17:33:32 +02:00
psa_crypto_slot_management.h
psa: Fix error code when creating/registering a key with invalid id
2021-04-01 14:05:41 +02:00
psa_crypto_storage.c
Add missing common.h include.
2021-05-27 14:40:40 +02:00
psa_crypto_storage.h
Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
2021-02-15 14:26:44 +01:00
psa_crypto.c
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC
2021-06-22 12:18:25 +02:00
psa_its_file.c
Add missing common.h include.
2021-05-27 14:40:40 +02:00
ripemd160.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
rsa_alt_helpers.c
Rename rsa_internal.* to rsa_alt_helpers.*
2021-03-10 12:52:37 +00:00
rsa_alt_helpers.h
Rename rsa_internal.* to rsa_alt_helpers.*
2021-03-10 12:52:37 +00:00
rsa.c
Check for mandatory RNG parameters in RSA private
2021-06-17 09:37:55 +02:00
sha1.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
sha256.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
sha512.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
ssl_cache.c
Fix search for outdated entries in SSL session cache
2021-05-14 14:55:15 +01:00
ssl_ciphersuites.c
Code review fixes
2021-06-18 12:59:38 +02:00
ssl_cli.c
Removes truncated HMAC code from ssl_X.c
2021-06-16 16:19:53 +01:00
ssl_cookie.c
Remove the TLS 1.0 and 1.1 support
2021-05-24 12:45:20 +02:00
ssl_invasive.h
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
2020-08-25 14:35:55 +01:00
ssl_misc.h
Merge pull request #4382 from hanno-arm/max_record_payload_api
2021-06-08 11:07:27 +02:00
ssl_msg.c
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev
2021-06-07 20:53:33 +02:00
ssl_srv.c
Removes truncated HMAC code from ssl_X.c
2021-06-16 16:19:53 +01:00
ssl_ticket.c
Rename ssl_internal.h to ssl_misc.h
2021-03-10 12:52:37 +00:00
ssl_tls13_keys.c
Remove misleading comment in TLS 1.3 key schedule code
2021-05-31 19:40:45 +01:00
ssl_tls13_keys.h
Fix Doxygen for TLS 1.3 PSK binder helper
2021-05-26 04:47:29 +01:00
ssl_tls.c
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
2021-06-22 18:52:37 +02:00
threading.c
Explain the usage of is_valid in pthread mutexes
2021-02-22 19:24:03 +01:00
timing.c
Removing global variable and moving variant function comment block
2021-06-18 13:22:57 +02:00
version.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
x509_create.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
x509_crl.c
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
2021-04-28 17:31:55 +01:00
x509_crt.c
Remove secp256k1 from the default X.509 and TLS profiles
2021-06-17 23:17:52 +02:00
x509_csr.c
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
2021-04-28 17:31:55 +01:00
x509.c
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
2021-04-28 17:31:55 +01:00
x509write_crt.c
Rename the _ret() functions
2021-06-08 16:45:41 +02:00
x509write_csr.c
Expose flag for critical extensions
2021-05-27 14:27:43 +02:00