SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-03-13 02:12:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,273 Commits 1 Branch 0 Tags
5aa4e2cedd819b4fd307531eaa64f4f5ca8a01d4
Commit Graph

3532 Commits

Author SHA1 Message Date
Hanno Becker
cc209ca56d Remove signature verification from rsa_rsassa_pkcs1_v15_sign 
This verification path is redundant now that verification is uniformly done in
rsa_private.
 2017-08-25 11:52:29 +01:00
Hanno Becker
43f94721ab Add quick-check for presence of relevant parameters in rsa_private 2017-08-25 11:52:27 +01:00
Hanno Becker
c6075cc5ac Don't use CRT for signature verification 
If CRT is not used, the helper fields CRT are not assumed to be present in the
RSA context structure, so do the verification directly in this case. If CRT is
used, verification could be done using CRT, but we're sticking to ordinary
verification for uniformity.
 2017-08-25 11:45:35 +01:00
Hanno Becker
b269a8584a Change mbedtls_rsa_check_privkey to use new helper functions 2017-08-25 08:35:09 +01:00
Hanno Becker
d9431a7817 Minor comments improvement 2017-08-25 08:35:09 +01:00
Hanno Becker
d363799a9d Add mbedtls_rsa_validate_crt 
This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function
mbedtls_rsa_check_crt is simplified accordingly.
 2017-08-25 08:35:09 +01:00
Hanno Becker
d56d83a7f3 Remove double-checking code from rsa_deduce_moduli and rsa_complete 2017-08-25 08:35:08 +01:00
Hanno Becker
750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Hanno Becker
fb81c0ec2e Guard primality checks in RSA module by MBEDTLS_GENPRIME 
Primality testing is guarded by the configuration flag MBEDTLS_GENPRIME and used in the new RSA helper functions. This
commit adds a corresponding preprocessor directive.
 2017-08-24 06:55:11 +01:00
Hanno Becker
ab3773123c Add support for alternative RSA implementations 
Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in
config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and
re-implementing the RSA interface specified in rsa.h.

Through the previous reworkings, the adherence to the interface is the only
implementation obligation - in particular, implementors are free to use a
different layout for the RSA context structure.
 2017-08-23 16:24:51 +01:00
Hanno Becker
6345dd33b9 Adapt rsa_check_privkey to deal with NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker
bee3aaeb50 Adapt rsa_gen_key to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker
dc95c890ad Adapt rsa_deduce_crt to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker
33c30a0c7e Adapt rsa_copy and rsa_free to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker
23344b5fcc Adapt rsa_complete to deal with RSA_NO_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker
83aad1fa86 Adapt gen_key example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
d71dc159a6 Adapt PK test suite to use new interface 2017-08-23 16:17:27 +01:00
Hanno Becker
15f81fa21c Adapt pkwrite.c to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
d58c5b2d16 Adapt pkparse.c to new RSA interface 2017-08-23 16:17:24 +01:00
Hanno Becker
6a1e7e5f4c Adapt pk_wrap.c to new RSA interface 
This commit replaces direct manipulation of RSA context structure fields by
calls to the extended RSA interface in pk_wrap.c.
 2017-08-23 15:07:40 +01:00
Hanno Becker
3a701161ff Adapt RSA selftest to new RSA interface 
This commit replaces direct manipulation of structure fields in the RSA selftest
by calls to the extended interface.
 2017-08-23 15:07:40 +01:00
Hanno Becker
8fd5548241 Minor formatting changes 2017-08-23 14:47:25 +01:00
Hanno Becker
617c1aeb18 Implement new RSA interface functions 2017-08-23 14:47:22 +01:00
Hanno Becker
e2e8b8da1d Implement RSA helper functions 2017-08-23 14:44:33 +01:00
Simon Butcher
72ea31b026 Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
Manuel Pégourié-Gonnard
24611f9383 Remove redundant variable 
path_cnt was always chain_len - 1 in the loop body
 2017-08-09 10:28:07 +02:00
Manuel Pégourié-Gonnard
562df401d3 Improve some comments, fix some typos+whitespace 2017-08-08 18:17:53 +02:00
Ron Eldor
433f39c437 ECDH alternative implementation support 
Add alternative implementation support for ECDH at the higher layer
 2017-08-08 18:43:56 +03:00
Manuel Pégourié-Gonnard
66a36b03c6 Update comments 2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
505c3953c7 Make the ver_chain length explicit 2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
a707e1d1ef Extract code to separate function for readablity 2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
ce6e52ff42 Make verify_chain() iterative 2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
f86f491f25 Rm unneeded function arguments & update comments 2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
c547d1ab1f Start using an explicit stack for callback info 
This is the first step towards making verify_chain() iterative. While from a
readability point of view the current recursive version is fine, one of the
goals of this refactoring is to prepare for restartable ECC integration, which
will need the explicit stack anyway.
 2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
a468eb1764 verify_name(): factor duplicated code to function 2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
1300e99eb1 Extract name checking to separate function 
Just copy-paste and unindent
 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
6368612a8f Move code to separate function for readability 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
27e94797aa Simplify handling of locally trusted EE certs 
Though this might require one more walk of the list in some cases,
this avoid having a check for that deep inside check_parent().
 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
bdc5440232 Update comments 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
cb39610093 Finally merge the remains of top() into child() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
63642776b1 Let verify_top() handle only the parent 
It felt wrong for it to call the vrfy callback on two certs.
 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
6e786747fb Move top()'s checks on child to child() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
784aee3366 Move other special case from top() to child() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
b9983be73a Move one special case from verify_top() to child() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
66fac75f8b Merge duplicated checks between child() and top() 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
58dcd2d9b2 Get rid of unused variables/arguments 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
8f8c282de9 Merge near-duplicated (grand)parent finding code 
Besides avoiding near-duplication, this avoids having three generations of
certificate (child, parent, grandparent) in one function, with all the
off-by-one opportunities that come with it.

This also allows to simplify the signature of verify_child(), which will be
done in next commit.
 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
f82a4d5aba Factor duplicated code into function 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
32fdc60c7b Unnest code in verify_top() 
We now know that trust_ca != NULL till the end of the function
 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
6038cb6909 Remove duplicate parent-searching in verify_top() 2017-08-08 11:06:50 +02:00