commit 4d211f3651520a3699ecc7d9be82e8107fdcdcf3
author Sungbae Yoo <sungbaey@nvidia.com> Tue Nov 19 02:47:55 2024 +0000
committer Jerome Forissier <jerome@forissier.org> Mon Nov 25 09:21:51 2024 +0100
tree d224fb3bbda793ef92740a4cd309ff14b084ac54
parent 3c1b812393fd89833e87ef88d33b8e9a1968b608

Import mbedtls-3.6.2

Imports Mbed TLS 3.6.2 from https://github.com/Mbed-TLS/mbedtls.git
tags mbedtls-3.6.2, v3.6.2

Files that are not needed are removed:

cd lib/libmbedtls
rm -rf mbedtls
cp -R path/to/mbedtls-3.6.2/mbedtls .
cd mbedtls
rm CMakeLists.txt DartConfiguration.tcl Makefile
rm .gitignore .travis.yml .pylintrc .globalrc .mypy.ini BRANCHES.md
rm include/.gitignore include/CMakeLists.txt library/.gitignore
rm library/CMakeLists.txt library/Makefile
rm -r cmake
rm -rf .git .github doxygen configs programs scripts tests visualc
rm -rf 3rdparty ChangeLog.d docs pkgconfig .gitmodules .readthedocs.yaml
rm library/mps_*
cd ..
git add mbedtls

This is a complete overwrite of previous code so earlier changes in the
previous branch import/mbedtls-3.6.0 will be added on top of this
commit.

Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>

lib/libmbedtls/mbedtls/library/rsa.c

diff --git a/lib/libmbedtls/mbedtls/library/rsa.c b/lib/libmbedtls/mbedtls/library/rsa.c
index e99e4af..557faaf 100644
--- a/lib/libmbedtls/mbedtls/library/rsa.c
+++ b/lib/libmbedtls/mbedtls/library/rsa.c
@@ -29,6 +29,7 @@
 
 #include "mbedtls/rsa.h"
 #include "bignum_core.h"
+#include "bignum_internal.h"
 #include "rsa_alt_helpers.h"
 #include "rsa_internal.h"
 #include "mbedtls/oid.h"
@@ -47,8 +48,6 @@
 
 #include "mbedtls/platform.h"
 
-#include <fault_mitigation.h>
-
 /*
  * Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
  *
@@ -1261,7 +1260,7 @@
     }
 
     olen = ctx->len;
-    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &ctx->E, &ctx->N, &ctx->RN));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod_unsafe(&T, &T, &ctx->E, &ctx->N, &ctx->RN));
     MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen));
 
 cleanup:
@@ -1957,10 +1956,7 @@
     /*
      * RSA operation
      */
-    if( ctx->P.n == 0 )
-        ret = mbedtls_rsa_private( ctx, NULL, NULL, input, buf );
-    else
-        ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
+    ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
 
     if (ret != 0) {
         goto cleanup;
@@ -2221,9 +2217,6 @@
     p += hlen;
     *p++ = 0xBC;
 
-    if (ctx->P.n == 0)
-        return mbedtls_rsa_private(ctx, NULL, NULL, sig, sig);
-
     return mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig);
 }
 
@@ -2641,7 +2634,7 @@
         return ret;
     }
 
-    if (FTMN_CALLEE_DONE_MEMCMP(memcmp, hash_start, result, hlen) != 0) {
+    if (memcmp(hash_start, result, hlen) != 0) {
         return MBEDTLS_ERR_RSA_VERIFY_FAILED;
     }
 
@@ -2723,8 +2716,8 @@
      * Compare
      */
 
-    if ((ret = FTMN_CALLEE_DONE_MEMCMP(mbedtls_ct_memcmp, encoded,
-                                       encoded_expected, sig_len )) != 0) {
+    if ((ret = mbedtls_ct_memcmp(encoded, encoded_expected,
+                                 sig_len)) != 0) {
         ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
         goto cleanup;
     }