Commit Graph

2393 Commits

Author SHA1 Message Date
Andres Amaya Garcia
1e8ea5fa68 Improve docs for mbedtls_zeroize() and add refs 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
6606d5c414 Add config.h docs for MBEDTLS_UTILS_ZEROIZE_ALT 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
b1262a3bdb Allow compile-time alternate to mbedtls_zeroize()
Add a new macro MBEDTLS_UTILS_ZEROIZE that allows users to configure
mbedtls_zeroize() to an alternative definition when defined. If the
macro is not defined, then mbed TLS will use the default definition of
the function.
2018-04-17 09:19:05 -05:00
Andres Amaya Garcia
614d9c0667 Add a utils.h file that contains common functions
The new header contains common information across various mbed TLS
modules and avoids code duplication. To start, utils.h currently only
contains the mbedtls_zeroize() function.
2018-04-17 09:17:38 -05:00
Rose Zadik
21e2926736
Update rsa.h
minor change to the file's brief desc.
2018-04-17 14:08:56 +01:00
Rose Zadik
f763f2bbc1
Update dhm.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*p_rng descriptions changed from "parameter" to "context".
*Suggest to specify issue for each return code, where multiple failure return codes are listed, or generalize.
*Minor improvements to parameter documentation proposed by eng.
2018-04-17 11:00:40 +01:00
Rose Zadik
d3c9bfcbeb
Update ecp.h
Reviewed and standardized
2018-04-17 10:56:55 +01:00
Rose Zadik
ef87179842
Update ccm.h
updated failure returns to "A CCM or cipher-specific error code on failure."
2018-04-17 10:41:48 +01:00
Rose Zadik
6ee22a7d52
Update sha256.h
Minor fix based on review comments
2018-04-17 10:38:39 +01:00
Rose Zadik
92d66b88ae
Update sha1.h
Changes based on review comments
2018-04-17 10:36:56 +01:00
Rose Zadik
f2ec288bf8
Update rsa.h
Changes based on review comments.
2018-04-17 10:27:25 +01:00
Rose Zadik
f3e4736131
Update md.h
Changes based on review comments
2018-04-16 16:31:16 +01:00
Rose Zadik
6a7ebc4c86
Update gcm.h
minor fix based on review comments
2018-04-16 16:11:49 +01:00
Rose Zadik
14d0d57c51
Update ecdsa.h
Minor changes based on review comments
2018-04-16 16:09:30 +01:00
Rose Zadik
7375b0f6c1
Update ecdh.h
Changs based on review comments
2018-04-16 16:04:57 +01:00
Ron Eldor
05d0e51bb1 Minor modifications for alt support in des and ecp
1. Add 3des context to be allowed for alternative defintion
2. Move some ecp structs, to disallow alternative definition of them,
as other modules rely on them
2018-04-16 17:40:04 +03:00
Rose Zadik
9464d7b6e3
Update platform.h
Implemented changes based on review comments
2018-04-16 15:28:35 +01:00
Rose Zadik
f25eb6eef6
Update ctr_drbg.h
minor changes based on comments
2018-04-16 14:51:52 +01:00
Rose Zadik
c138bb7b05
Update cmac.h
minor changes based on comments
2018-04-16 11:11:25 +01:00
Rose Zadik
b5607bf61d
Update cipher.h
minor changes based on comments
2018-04-16 10:34:51 +01:00
Rose Zadik
bd9571a01e
Update ccm.h
minor changes based on comments
2018-04-16 09:45:12 +01:00
Rose Zadik
819d13dfff
Update aes.h
fixed missing multiple returns on mbedtls_aes_setkey_enc
2018-04-16 09:35:15 +01:00
Ron Eldor
bf027e736a Minor modifications after PR review
1. Move ChangLog entry to correct location
2. Move point formats outside the ECP_ALT check, as it's part of the RFC
2018-04-09 15:51:19 +03:00
Gilles Peskine
80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Gilles Peskine
315b460593 Merge remote-tracking branch 'upstream-public/pr/1457' into development-proposed 2018-04-04 09:19:27 +02:00
Gilles Peskine
be2371c3d9 Merge branch 'pr_348' into development-proposed 2018-04-04 09:18:27 +02:00
Gilles Peskine
1fae860f0f Merge remote-tracking branch 'upstream-public/pr/1543' into development-proposed 2018-04-04 09:03:25 +02:00
Ron Eldor
810e650c70 Adjust more modules to new design
Add `ecp.h` anf `timing.h` to new XXX_alt design
2018-04-01 15:59:58 +03:00
Ron Eldor
4e6d55d14d Add new modules to the refactoring
Add new alternative supported modules to the new arcitecture design
2018-04-01 15:12:46 +03:00
Ron Eldor
b2aacec417 Take Cryptographic API outside the XXX_ALT check
The cryptographic API should not be related to whether or not
there is alternative implementation. The API should be same for regular
implementation, and for alternative implementation, so it is defined
outside of the XXX_ALT precompilation check in the cryptographic API header
2018-04-01 15:12:46 +03:00
Gilles Peskine
90a8b5219f Merge branch 'pr_1480' into development-proposed 2018-04-01 12:44:06 +02:00
Gilles Peskine
5114d3e4e1 Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Darryl Green
eea1c4ee5a Improve documentation of mbedtls_ssl_write() 2018-03-29 16:41:09 +01:00
Nicholas Wilson
08f3ef1861 Basic support for Curve448, similar to the current level of support for Curve25519 2018-03-29 14:29:06 +01:00
Jaeden Amero
4ba87fc958 Merge remote-tracking branch 'upstream-public/pr/758' into development-proposed 2018-03-29 11:01:38 +01:00
Jaeden Amero
2ad47e3bcc Merge remote-tracking branch 'upstream-public/pr/1528' into development-proposed 2018-03-29 11:00:50 +01:00
Hanno Becker
2bd57578af Merge branch 'development' into iotssl-1204 2018-03-28 14:52:35 +01:00
Jaeden Amero
5ec118352e Merge remote-tracking branch 'upstream-public/pr/1474' into development-proposed 2018-03-28 14:22:29 +01:00
Jaeden Amero
552b9cc5ba Merge remote-tracking branch 'upstream-public/pr/1477' into development-proposed 2018-03-28 13:42:32 +01:00
Jaeden Amero
8645e90825 Merge remote-tracking branch 'upstream-restricted/pr/363' into development-proposed 2018-03-28 11:54:28 +01:00
Hanno Becker
6a92ce6fd9 Improve documentation of MBEDTLS_AES_FEWER_TABLES in config.h 2018-03-28 11:42:28 +01:00
Nicholas Wilson
54fc34ea68 Include order of Curve25519 base point in curve data 2018-03-28 11:08:30 +02:00
Hanno Becker
4c1dc3c2a4 Improve documentation of MBEDTLS_AES_ROM_TABLES 2018-03-27 16:52:03 +01:00
Rose Zadik
4bca2b0ccd
Update platform.h
Minor documentation improvements:
*Standardized file brief description.
*Reordered tags within documentation blocks so that params and returns are last in block.
*Some minor rephrasing.
2018-03-27 13:12:52 +01:00
Rose Zadik
1a6275ad62
Update sha512.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Removed bullets from parameter descriptions.
2018-03-27 13:03:42 +01:00
Rose Zadik
bde68b48d4
Update sha256.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*Removed bullets from parameter descriptions.
2018-03-27 12:59:13 +01:00
Rose Zadik
8274142e45
Update sha1.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*Applied previous function documentation improvements to depracated functions.
2018-03-27 12:49:48 +01:00
Rose Zadik
e8b5b99159
Update rsa.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*p_rng descriptions changed from "parameter" to "context".
2018-03-27 12:19:47 +01:00
Rose Zadik
8c9c794518
Update md.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
2018-03-27 11:52:58 +01:00
Rose Zadik
d8c4f61d26
Update gcm.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*Suggest to specify issue for each return code, where multiple failure return codes are listed.
2018-03-27 11:43:04 +01:00
Rose Zadik
817297fcd7
Update ecdsa.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*p_rng descriptions changed from "parameter" to "context".
2018-03-27 11:30:14 +01:00
Rose Zadik
6899328bf8
Update ecdh.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*p_rng descriptions changed from "parameter" to "context".
*Removed bullets from parameter descriptions.
2018-03-27 11:12:25 +01:00
Rose Zadik
c9474ebdbb
Update ctr_drbg.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*Suggest to specify issue for each return code, where multiple failure return codes are listed.
2018-03-27 10:58:22 +01:00
Rose Zadik
8c154935f6
Update cmac.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Please verify RFC in file description.
2018-03-27 10:45:16 +01:00
Rose Zadik
02facfb4d9
Update cipher.h 2018-03-27 10:26:56 +01:00
Azim Khan
f4659efedc Document config restrictions of psk fields 2018-03-26 22:11:24 +01:00
Rose Zadik
02f73a6b55
Update cipher.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*Added missing documentation in lines 99-159 (values in enums) - need to be verified.
*lines 79+80 and 97+98 - verify descriptions + what is the difference here between none and null?
*lines 177-187 - seems to be an enum without a name?
2018-03-26 18:02:32 +01:00
Rose Zadik
4ee9d24c90
Update ccm.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
2018-03-26 17:18:44 +01:00
Rose Zadik
5ad7aea568
Update aes.h
Minor documentation improvements:
Standardized brief file description.
Split returns.
Minor fixes.
2018-03-26 12:00:09 +01:00
Ivan Krylov
5cb1f09ab4 slight rewording requested by reviewer (#758) 2018-03-24 18:48:04 +03:00
Azim Khan
8d54c069f6 Use correct version of snprintf on Windows
platform.h defines MBEDTLS_PLATFORM_STD_SNPRINTF based on _WIN32. But while defining macro mbedtls_snprintf it sets it to STD C snprintf that is deprecated on Windows.
2018-03-23 18:35:14 +00:00
Gilles Peskine
be038366ea Fix some comments regarding what files are symlinked 2018-03-23 14:39:52 +01:00
Jaeden Amero
f65379bc40 Merge remote-tracking branch 'upstream-restricted/pr/382' into development 2018-03-23 11:14:17 +00:00
Gilles Peskine
15ad579895 Merge tag 'mbedtls-2.8.0' into iotssl-1381-x509-verify-refactor-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:16:22 +01:00
Gilles Peskine
4b6b247512 Merge remote-tracking branch 'upstream-public/pr/1441' into development-proposed 2018-03-22 21:30:07 +01:00
Gilles Peskine
70ad839725 Clarify the behavior of bignum resize and copy functions 2018-03-21 16:28:41 +01:00
Gergely Budai
13f7fb372e Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:01:55 +00:00
Gilles Peskine
8405257035 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:28:59 +01:00
Jaeden Amero
8be0e6db41 Update version to 2.8.0 2018-03-16 16:25:12 +00:00
Simon Butcher
a4cbfa3ea2 Add clarity to use of the rsa_internal.h interface
Added additional clarification to the use of the rsa_internal.h interface and as
and when it can be used by whom. Policy hasn't changed, but it needed to be
clearer who can and can't use it and it's level of support.
2018-03-16 15:42:54 +00:00
Jaeden Amero
64293777eb Merge remote-tracking branch 'upstream-public/pr/1423' into development-proposed 2018-03-15 08:22:48 +00:00
Gilles Peskine
5f1932817c Merge remote-tracking branch 'upstream-restricted/pr/398' into development-restricted-proposed 2018-03-13 17:18:06 +01:00
Gilles Peskine
553a06f08a Merge remote-tracking branch 'upstream-restricted/pr/351' into development-restricted-proposed
Move the added ChangeLog entry to the bottom so that the list remains
in merge order.
2018-03-13 17:15:34 +01:00
Andrzej Kurek
ccbd8a4bbb Add a missing bracket in ifdef for __cplusplus 2018-03-13 07:52:09 -04:00
Gilles Peskine
b4c571e603 Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD 2018-03-11 00:44:14 +01:00
Gilles Peskine
29d7d4da2f Merge remote-tracking branch 'upstream-public/pr/936' into development-proposed 2018-03-10 23:51:58 +01:00
Gilles Peskine
1ed45ea36b Refer to X.690 by number
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
2018-03-08 18:19:17 +01:00
Hanno Becker
e494e20f0c Move and reword deprecation warning/error on compression support 2018-03-08 13:26:12 +00:00
Hanno Becker
cf092b2ccf Deprecate support for record compression 2018-03-06 14:27:09 +00:00
Hanno Becker
a3389ebb09 Merge branch 'development-restricted' into iotssl-1306-rsa-is-vulnerable-to-bellcore-glitch-attack 2018-03-06 11:55:21 +00:00
Manuel Pégourié-Gonnard
05e464dff7 Merge branch 'development' into iotssl-1381-x509-verify-refactor-restricted
* development: (557 commits)
  Add attribution for #1351 report
  Adapt version_features.c
  Note incompatibility of truncated HMAC extension in ChangeLog
  Add LinkLibraryDependencies to VS2010 app template
  Add ChangeLog entry for PR #1382
  MD: Make deprecated functions not inline
  Add ChangeLog entry for PR #1384
  Have Visual Studio handle linking to mbedTLS.lib internally
  Mention in ChangeLog that this fixes #1351
  Add issue number to ChangeLog
  Note in the changelog that this fixes an interoperability issue.
  Style fix in ChangeLog
  Add ChangeLog entries for PR #1168 and #1362
  Add ChangeLog entry for PR #1165
  ctr_drbg: Typo fix in the file description comment.
  dhm: Fix typo in RFC 5114 constants
  tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
  data_files/pkcs8-v2: add keys generated with PRF != SHA1
  tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results
  tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
  ...
2018-03-05 11:55:38 +01:00
Manuel Pégourié-Gonnard
f6b787cbcc Fix typo in documentation (CTR warning) 2018-03-01 13:48:21 +01:00
Manuel Pégourié-Gonnard
8abc349881 aria: rationalize buffer sizes in test functions 2018-03-01 11:28:51 +01:00
Manuel Pégourié-Gonnard
906bc90b30 aria: number of rounds is non-negative 2018-03-01 09:39:01 +01:00
Manuel Pégourié-Gonnard
5ad88b6d0d aria: define constants for block size and max rounds 2018-03-01 09:25:31 +01:00
Manuel Pégourié-Gonnard
3c80009615 aria: add error codes for hw implementations 2018-03-01 09:25:05 +01:00
Manuel Pégourié-Gonnard
22997b7200 block ciphers: improve CTR nonce warning 2018-03-01 09:25:05 +01:00
Manuel Pégourié-Gonnard
5aa4e3b1d0 aria: align documentation on AES 2018-03-01 09:25:05 +01:00
Manuel Pégourié-Gonnard
4231e7f46f Fix some whitespace and other style issues
In addition to whitespace:
- wrapped a few long lines
- added parenthesis to return statements
2018-02-28 11:34:01 +01:00
Manuel Pégourié-Gonnard
fdd4354329 config.h: SSL no longer uses ciphers directly 2018-02-28 10:49:02 +01:00
Manuel Pégourié-Gonnard
525168c7ef aria: expand config.h entry: ciphersuites & caller 2018-02-28 10:47:02 +01:00
Manuel Pégourié-Gonnard
2268b967cb aria: disable by default in config.h 2018-02-27 12:39:12 +01:00
Manuel Pégourié-Gonnard
26b54fabaf aria: document optional asm usage in config.h 2018-02-27 12:39:12 +01:00
Manuel Pégourié-Gonnard
a6d639e553 aria: improve some comments & internal names 2018-02-27 12:39:12 +01:00
Manuel Pégourié-Gonnard
9decaf57b7 Document Aria suites as TLS 1.2-only 2018-02-27 12:39:12 +01:00
Manuel Pégourié-Gonnard
4db944c5f4 Don't declare unsupported ciphersuites
Removed DSS, static DH, DH_anon
2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
841192ba88 fixed a macro to uppercase for a test script (.._TLS_DH_anon_WITH.. -> _DH_ANON_WITH_) 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
c06e1014e1 ARIA ciphersuites for TLS 1.2 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
0fb47fe71f MBEDTLS_ARIA_ALT added as a feature 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
3c0b53b2b0 ARIA build integration 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
41efbaabc9 ARIA cipher implementation 2018-02-27 12:39:12 +01:00
Gilles Peskine
b7f6086ba3 Merge branch 'prr_424' into development-proposed 2018-02-22 16:15:01 +01:00
Jaeden Amero
041039f81e MD: Make deprecated functions not inline
In 2.7.0, we replaced a number of MD functions with deprecated inline
versions. This causes ABI compatibility issues, as the functions are no
longer guaranteed to be callable when built into a shared library.
Instead, deprecate the functions without also inlining them, to help
maintain ABI backwards compatibility.
2018-02-22 10:24:30 +00:00
Gilles Peskine
42a97ac693 Merge branch 'pr_1219' into development-proposed 2018-02-14 16:17:21 +01:00
Jaeden Amero
6d6c7982ce Merge remote-tracking branch 'upstream-public/pr/1362' into development 2018-02-08 17:02:31 +00:00
Jaeden Amero
129f50838b dhm: Fix typo in RFC 5114 constants
We accidentally named the constant MBEDTLS_DHM_RFC5114_MODP_P instead of
MBEDTLS_DHM_RFC5114_MODP_2048_P.

Fixes #1358
2018-02-08 14:29:14 +00:00
Antonio Quartulli
12ccef2761
pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:15 +08:00
Mathieu Briand
ffb6efd383 Fix doxygen documentation for CCM encryption
Fix valid tag length values for mbedtls_ccm_encrypt_and_tag() function.
Add valid value ranges for mbedtls_ccm_auth_decrypt() parameters.

Signed-off-by: Mathieu Briand <mbriand@witekio.com>
2018-02-07 10:29:27 +01:00
Jaeden Amero
3b438d33c1 Update version to 2.7.0 2018-02-02 18:09:45 +00:00
Jaeden Amero
98b9373849 Merge branch 'development' into development-restricted 2018-01-30 17:32:12 +00:00
Jaeden Amero
15f90e0266 Merge remote-tracking branch 'upstream-public/pr/1336' into development 2018-01-30 17:28:31 +00:00
Jaeden Amero
9564e97460 Merge branch 'development' into development-restricted 2018-01-30 17:04:47 +00:00
Rose Zadik
27ff120a61 Improve SHA-512 documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Align deprecated function descriptions with those of the superseding
  functions.

GitHub PR: #1326
2018-01-30 16:22:05 +00:00
Rose Zadik
602285eac2 Improve SHA-256 documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Align deprecated function descriptions with those of the superseding
  functions.

GitHub PR: #1325
2018-01-30 16:22:05 +00:00
Rose Zadik
64feefb4a2 Improve message digest documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1319
2018-01-30 16:22:05 +00:00
Rose Zadik
2f8163d3cd Improve CTR-DRBG documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Add full standard name in file description.

GitHub PR: #1316
2018-01-30 16:22:05 +00:00
Rose Zadik
44833d9597 Improve SHA-1 documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1322
2018-01-30 16:22:05 +00:00
Rose Zadik
bff87d905d Improve ECDSA documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1318
2018-01-30 16:22:05 +00:00
Rose Zadik
de2d6221c8 Improve ECDH documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1317
2018-01-30 16:22:05 +00:00
Rose Zadik
042e97fa75 Improve RSA documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Rephrase the descriptions of all md_alg and hashlen parameters.

GitHub PR: #1327
2018-01-30 16:22:05 +00:00
Rose Zadik
17b4f7fc60 Improve GCM documentation
- Rephrase file/function/parameter/enum/define/error descriptions into
  full and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1324
2018-01-30 16:22:05 +00:00
Rose Zadik
41ad082484 Improve DHM documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Standardize defines documentation

GitHub PR: #1323
2018-01-30 16:22:05 +00:00
Rose Zadik
332658d80e Improve platform documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1320
2018-01-30 16:22:05 +00:00
Rose Zadik
380d05d7ff Improve CMAC documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1315
2018-01-30 16:22:05 +00:00
Rose Zadik
9ba6b621de Improve cipher documentation
- Rephrase function/parameter/enum/define/error descriptions into full and
  clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1306
2018-01-30 16:22:04 +00:00
Rose Zadik
eecdbea30f Improve CCM documentation
- Rephrase function/parameter/enum/define/error descriptions into full and
  clear sentences.
- Make sure to adhering to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Fix iv_len values per the standard.

GitHub PR: #1305
2018-01-30 16:22:04 +00:00
Rose Zadik
7f44127c71 Improve AES documentation
- Separate "\file" blocks from copyright, so that Doxygen doesn't repeat
  the copyright information in all the Detailed Descriptions.
- Improve phrasing and clarity of functions, parameters, defines and enums.

GitHub PR: #1292
2018-01-30 16:22:04 +00:00
Hanno Becker
bbca8c5d3c Add documentation warnings for weak algorithms
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
2018-01-30 14:40:10 +00:00
Jaeden Amero
2acbf17b97 Merge branch 'development' into development-restricted 2018-01-26 20:57:38 +00:00
Jaeden Amero
751aa510c0 Merge remote-tracking branch 'upstream-public/pr/1303' into development 2018-01-26 20:48:55 +00:00
Jaeden Amero
784de59ccd Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted
- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
2018-01-26 18:43:04 +00:00
Gilles Peskine
7ecab3df4c Error codes for hardware accelerator failures
Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography
modules where the software implementation can be replaced by a hardware
implementation.

This does not include the individual message digest modules since they
currently have no way to return error codes.

This does include the higher-level md, cipher and pk modules since
alternative implementations and even algorithms can be plugged in at
runtime.
2018-01-26 17:56:38 +01:00
Jaeden Amero
66954e1c1f Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
Jaeden Amero
005239e3ed Merge remote-tracking branch 'upstream-public/pr/1294' into development 2018-01-25 14:47:39 +00:00
Jaeden Amero
65ba60a975 Merge branch 'development' into development-restricted 2018-01-25 10:09:03 +00:00
Hanno Becker
616d1ca605 Add support for alternative ECJPAKE implementation
This commit allows users to provide alternative implementations of the
ECJPAKE interface through the configuration option MBEDTLS_ECJPAKE_ALT.
When set, the user must add `ecjpake_alt.h` declaring the same
interface as `ecjpake.h`, as well as add some compilation unit which
implements the functionality. This is in line with the preexisting
support for alternative implementations of other modules.
2018-01-24 10:36:22 +00:00
Jaeden Amero
7383062b46 Merge branch 'development' into development-restricted 2018-01-23 18:20:09 +00:00
Gilles Peskine
342d928e8d Fix proprocessor directives for MBEDTLS_RIPEMD160_ALT 2018-01-23 18:21:21 +01:00
Gilles Peskine
a381fe84ce Add HW_FAILED error codes for message digest modules
New error codes to report failures from alternative implementations of
MD2, MD4, MD5, RIPEMD160, SHA-1, SHA-256, SHA-512.
2018-01-23 18:16:11 +01:00
Darryl Green
a40a101e26 Update Doxygen file blocks to remove copyright and license information 2018-01-23 15:44:39 +00:00
Gilles Peskine
2840f945d2 Add definition of inline in md5.h 2018-01-23 11:57:19 +01:00
Gilles Peskine
aaaa98cd60 Merge branch 'development-proposed' into development-restricted 2018-01-23 00:59:17 +01:00
Gilles Peskine
ff812804fb Merge branch 'pr_1239' into development-proposed 2018-01-23 00:58:13 +01:00
Gilles Peskine
a79001e5b2 Merge remote-tracking branch 'upstream-public/pr/1167' into development-proposed 2018-01-23 00:57:04 +01:00
Ron Eldor
5e9f14d4d9 Set correct minimal versions in default conf
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:06:44 +01:00
Gilles Peskine
3e28d70813 New MD API: update version number in deprecation statements 2018-01-22 12:18:59 +01:00
Gilles Peskine
9e4f77c606 New MD API: rename functions from _ext to _ret
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine
15932e0cbf Fix typo in deprecation statement 2018-01-22 11:43:45 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
nirekh01
d569ecfc2c Add some corrections based on code review
-Add the DHM_ALT in an alphabetical order
-Close correctly the 'extern "C" { ...'
2018-01-09 16:43:21 +00:00
Jaeden Amero
f342cb791b Merge branch 'development' into development-restricted 2018-01-09 13:16:37 +00:00
Jaeden Amero
0bc9e30435 Merge remote-tracking branch 'upstream-public/pr/1060' into development 2018-01-09 12:20:54 +00:00
Jaeden Amero
7de0b8aae7 Merge remote-tracking branch 'upstream-public/pr/1046' into development 2018-01-09 11:31:55 +00:00
Jaeden Amero
35285cca67 Merge remote-tracking branch 'upstream-public/pr/1027' into development 2018-01-09 10:42:03 +00:00
Hanno Becker
efeef6cf03 Correct typo in bignum.h 2018-01-05 08:07:47 +00:00
Hanno Becker
88683b2c6d Correct all.sh and config.h after merge commit
- Adapt the change in all.sh to the new keep-going mode
- Restore alphabetical order of configuration flags for
  alternative implementations in config.h and rebuild
  library/version_features.c
2018-01-04 18:48:32 +00:00
Hanno Becker
8bc74d6f2f Merge branch 'development' into iotssl-1619 2018-01-03 10:24:02 +00:00
Gilles Peskine
07d1078cdc Merge branch 'development' into development-restricted 2018-01-02 17:45:08 +01:00
Gilles Peskine
17196cd3be Merge remote-tracking branch 'upstream-public/pr/964' into development 2018-01-02 16:24:29 +01:00
Gilles Peskine
197a6d454b Merge remote-tracking branch 'upstream-public/pr/1097' into development 2018-01-02 16:09:15 +01:00
Gilles Peskine
3fcc045c23 Merge remote-tracking branch 'upstream-public/pr/866' into development
Conflict resolution: additions in the same places as
upstream-public/pr/865, both adding into lexicographically sorted
lists, resolved by taking the additions in lexicographic order.
2018-01-02 15:55:55 +01:00
Gilles Peskine
7c483b6765 Merge remote-tracking branch 'upstream-public/pr/865' into development 2018-01-02 15:35:18 +01:00
nirekh01
08ba530bff Remove some extra lines
Remove some extra lines as was requested in code review
2017-12-28 16:21:38 +00:00
Manuel Pégourié-Gonnard
eb2a6ab518 Merge branch 'development' into development-restricted
* development:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:50 +01:00
Manuel Pégourié-Gonnard
ae3925c774 Merge remote-tracking branch 'public/pr/1136' into development
* public/pr/1136:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:20 +01:00
nirekh01
49762fa21f Add 'MBEDTLS_DHM_ALT' #DEFINE to library/config.h
Add 'MBEDTLS_DHM_ALT' #DEFINE to library/config.h to support alternate DHM
2017-12-25 06:46:48 +00:00
Reuven Levin
1f35ca9471 Added alternated Diffie-Hellman module.
1. Add modified files dhm.c and dhm.h
2017-12-25 06:42:59 +00:00
Hanno Becker
a47023e4d5 Incorporate comments on merge commit
* Correct order of sections in ChangeLog
* Restore unintentionally removed whitespace and
  formatting improvements.
* Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
  to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h
  documentation.
2017-12-22 17:08:40 +00:00
Hanno Becker
32297e8314 Merge branch 'development' into iotssl-1619 2017-12-22 10:24:32 +00:00
Hanno Becker
25b96ea2da Remove comment on potential future removal of non-CRT fields 2017-12-21 17:45:11 +00:00
Gilles Peskine
d92f0aa3be mbedtls_timing_get_timer: don't use uninitialized memory
mbedtls_timing_get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 18:53:52 +01:00
Gilles Peskine
a9edc4805b timing interface documentation: minor clarifications 2017-12-20 18:50:25 +01:00
Manuel Pégourié-Gonnard
d04c623ed6 Merge remote-tracking branch 'restricted/pr/403' into development-restricted
* restricted/pr/403:
  Correct record header size in case of TLS
  Don't allocate space for DTLS header if DTLS is disabled
  Improve debugging output
  Adapt ChangeLog
  Add run-time check for handshake message size in ssl_write_record
  Add run-time check for record content size in ssl_encrypt_buf
  Add compile-time checks for size of record content and payload
2017-12-19 11:31:20 +01:00
Manuel Pégourié-Gonnard
1827368b01 Merge branch 'development' into development-restricted
* development:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
2017-12-19 11:28:36 +01:00
Manuel Pégourié-Gonnard
4712119687 Merge remote-tracking branch 'restricted/pr/397' into development
* restricted/pr/397:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
2017-12-19 11:27:22 +01:00
Hanno Becker
1434a365a6 Don't split error code description across multiple lines 2017-12-13 11:24:49 +00:00
Gilles Peskine
86ffd80456 Register new error code in error.h 2017-12-10 20:04:13 +01:00
Hanno Becker
25d6d1a1df Correct record header size in case of TLS
The previous commit reduced the internal header size to 5 bytes in case of
TLS. This is not a valid since in that situation Mbed TLS internally uses the
first 8 bytes of the message buffer for the implicit record sequence number.
2017-12-07 08:22:51 +00:00
Gilles Peskine
0960f0663e Merge branch 'development' into development-restricted 2017-11-29 21:07:55 +01:00
Gilles Peskine
0884f4811b Merge remote-tracking branch 'upstream-public/pr/1141' into development 2017-11-29 20:50:59 +01:00
Hanno Becker
702dfbcf13 Improve documentation of truncated HMAC fallback option 2017-11-29 16:55:56 +00:00
Andres Amaya Garcia
c5380649d9 Change value of MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE
Change the value of the error MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE to
0x0023 to ensure the errors in the AES module are all in a continuous
range.
2017-11-29 10:42:49 +00:00
Gilles Peskine
7fb29b17c7 Merge branch 'development' into development-restricted 2017-11-28 18:46:09 +01:00
Gilles Peskine
4b117d9c92 Merge remote-tracking branch 'upstream-public/pr/1055' into development 2017-11-28 17:23:37 +01:00
Gilles Peskine
41e974178f Merge remote-tracking branch 'upstream-restricted/pr/419' into development-restricted
Resolved simple conflicts caused by the independent addition of
calls to mbedtls_zeroize with sometimes whitespace or comment
differences.
2017-11-28 16:16:27 +01:00
Gilles Peskine
80441c666f Merge branch 'iotssl-1419-safermemcmp-volatile' into development-restricted 2017-11-28 13:52:33 +01:00
Hanno Becker
4c2ac7ef58 Deprecate MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT 2017-11-21 18:28:35 +00:00
Hanno Becker
563423fb21 Improve documentation of MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT option
Explain more clearly when this option should be used and which versions of Mbed
TLS build on the non-compliant implementation.
2017-11-21 17:20:17 +00:00
Hanno Becker
e89353a6b4 Add fallback to non-compliant truncated HMAC for compatibiltiy
In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated
yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to
temporarily fall back to the old, non-compliant implementation of the truncated
HMAC extension.
2017-11-20 16:50:43 +00:00
Andres Amaya Garcia
5a6da63138 Fix indentation for mbedtls_x509_crt_check_key_usage() 2017-11-14 21:47:08 +00:00
Andres Amaya Garcia
c81fcb9d36 Fix typos in documentation for mbedtls_x509_crt_check_extended_key_usage() 2017-11-14 21:43:14 +00:00
Andres Amaya Garcia
7786abc16b Define ASN1 bitmask macros in more direct way 2017-11-07 20:21:56 +00:00
Andres Amaya Garcia
7512bf7d63 Add macros to ASN.1 module to parse ASN.1 tags
The macros simply extract the component bits of an ASN.1 tag value
2017-11-07 19:34:35 +00:00
Hanno Becker
298a7b214d Change wording of directions on the usage of SSL context after error 2017-11-06 10:45:26 +00:00
Hanno Becker
9b19a1253f Clarify use of mbedtls_ssl_check_pending 2017-10-31 13:07:49 +00:00
Hanno Becker
2412061a5a Correct typo and improve documentation 2017-10-26 11:53:35 +01:00
Hanno Becker
3319555b7c Improve documentation of mbedtls_rsa_import[_raw] 2017-10-25 17:04:10 +01:00
Hanno Becker
ffb1e1ab3d Documentation improvements 2017-10-23 13:17:42 +01:00
Manuel Pégourié-Gonnard
08eacecc62 Fix some style issues and comment typos 2017-10-18 14:40:11 +02:00
Hanno Becker
15f2b3e538 Mention that mpi_fill_random interprets PRNG output as big-endian 2017-10-17 15:17:05 +01:00
Hanno Becker
6851b10ec7 Note that disabling SSL_RENEGO doesn't open door for renego attack 2017-10-17 11:03:50 +01:00
Hanno Becker
fc8fbfa059 Switch to gender neutral wording in rsa.h 2017-10-17 10:34:04 +01:00
Hanno Becker
554c32dae6 Mention validate_params does primality tests only if GENPRIME def'd 2017-10-17 10:34:01 +01:00
Hanno Becker
68767a6e88 Improve documentation in mbedtls_rsa_check_privkey 2017-10-17 10:13:31 +01:00
Hanno Becker
f8c028a2fb Minor corrections 2017-10-17 09:20:57 +01:00
Hanno Becker
c36aab69b5 Swap D,E parameters in mbedtls_rsa_deduce_primes 2017-10-17 09:15:06 +01:00
Andres Amaya Garcia
9fb02057a5 Fix typo in asn1.h 2017-10-12 23:21:37 +01:00
Hanno Becker
f5dce36a24 Don't claim ECDH parameters are nothing-up-my-sleeve numbers 2017-10-12 13:45:10 +01:00
Ron Eldor
3226d36d61 Fix typo in configuration
Change duplicate of MBEDTLS_ECDH_GEN_PUBLIC_ALT to
MBEDTLS_ECDH_COMPUTE_SHARED_ALT
2017-10-12 14:17:48 +03:00
Hanno Becker
d22b78bf12 Switch to old model for alternative implementations 2017-10-12 11:42:17 +01:00
Hanno Becker
08f055eb4f Don't remove CRT parameters from RSA context for ABI compatibility
Albeit possible without conflicts now, this has to wait for the next ABI
changing releaese.
2017-10-12 10:53:58 +01:00
Hanno Becker
a565f54c4c Introduce new files rsa_internal.[ch] for RSA helper functions
This commit splits off the RSA helper functions into separate headers and
compilation units to have a clearer separation of the public RSA interface,
intended to be used by end-users, and the helper functions which are publicly
provided only for the benefit of designers of alternative RSA implementations.
2017-10-11 11:00:19 +01:00
Ron Eldor
a84c1cb355 Address PR cpomments reviews
1) move the change into Features from Changes, in the changLog
2) Change the feature alternative configuration MBEDTLS_ECDH_ALT
definition to function alternative defintions
MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT
2017-10-10 19:04:27 +03:00
Hanno Becker
f9e184b9df Remove PRNG argument from mbedtls_rsa_complete 2017-10-10 16:55:41 +01:00
Ron Eldor
314adb6baa Address PR review comments
1) update ChangLog to have new feature in Features instead of Changes
2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions:
MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
2017-10-10 18:49:02 +03:00
Hanno Becker
1e801f5706 Clarify guarantees made by rsa_complete and rsa_check_privkey 2017-10-10 16:44:47 +01:00
Hanno Becker
68b4d58bd8 Remove PRNG argument from mbedtls_rsa_deduce_moduli
It is not necessary to pass a CSPRNG to `mbedtls_rsa_deduce_moduli`, as there
exist well-working static strategies, and even if a PRNG is preferred, a
non-secure one would be sufficient.

Further, the implementation is changed to use a static strategy for the choice
of candidates which according to some benchmarks even performs better than the
previous one using random candidate choices.
2017-10-10 16:39:10 +01:00
Hanno Becker
8ec8102c9a Split WANT_READ in two error codes
This commit restricts WANT_READ to indicate that no data is available on the
underlying transport. To signal the need for further processing - which was
previously also handled through this error code - a new internal error code
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING is introduced.
2017-10-10 16:04:48 +01:00
Hanno Becker
8b170a0a0b Enhance and extend checking of message processing state
-  Enhances the documentation of mbedtls_ssl_get_bytes_avail (return
   the number of bytes left in the current application data record, if
   there is any).
-  Introduces a new public function mbedtls_ssl_check_pending for
   checking whether any data in the internal buffers still needs to be
   processed. This is necessary for users implementing event-driven IO
   to decide when they can safely idle until they receive further
   events from the underlying transport.
2017-10-10 16:04:32 +01:00
Hanno Becker
e09ca3d9b6 Add polling function for network contexts
This commit adds a function `mbedtls_net_poll` to the network module
allowing to check if a network context is available for read or write.
2017-10-10 16:03:18 +01:00
Hanno Becker
1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
Hanno Becker
0446a39744 Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-10-06 11:58:50 +01:00
Hanno Becker
bc389d1d3c Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code 2017-10-05 11:49:53 +01:00
Hanno Becker
3cdc711972 Deprecate usage of RSA primitives with wrong key type
Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those
may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
2017-10-05 10:28:21 +01:00
Hanno Becker
e3481ab533 Improve top warning in dhm.h 2017-10-04 16:05:10 +01:00
Hanno Becker
a90658f248 Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param 2017-10-04 15:29:08 +01:00
Hanno Becker
470a8c4d87 Deprecate mbedtls_ssl_conf_dh_param 2017-10-04 15:28:46 +01:00
Hanno Becker
d25d444134 Don't allocate space for DTLS header if DTLS is disabled 2017-10-04 13:58:03 +01:00
Hanno Becker
5e6b8d7d29 Add missing whitespace 2017-10-04 13:41:36 +01:00
Hanno Becker
0482fd597a Remove reference to utility program for RFC 3526/7919 verification 2017-10-04 13:39:08 +01:00
Hanno Becker
5a7c35d1a8 Correct documentation of mbedtls_ssl_conf_dh_param 2017-10-04 13:32:12 +01:00
Hanno Becker
8880e75dcb Add new function mbedtls_dhm_set_group to DHM Group 2017-10-04 13:17:52 +01:00
Hanno Becker
e2fcfa84ea Stick to the use of constant-macros
This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros
providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated.
2017-10-04 13:12:15 +01:00
Hanno Becker
0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
Hanno Becker
8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
Hanno Becker
5178dcab12 Clarify parameter ownership in mbedtls_rsa_import[_raw] 2017-10-03 14:29:37 +01:00
Hanno Becker
f9734b35b5 Change wording of warnings 2017-10-03 12:09:22 +01:00
Hanno Becker
4e1be398f6 Remove FORCE_VERIFICATION and FORCE_BLINDING 2017-10-02 16:02:55 +01:00
Hanno Becker
f240ea0b50 Expand documentation of mbedtls_dhm_read_params 2017-10-02 15:09:14 +01:00
Hanno Becker
f8258e7d5a Adapt documentation of mbedtls_ssl_conf_dh_param to new moduli 2017-10-02 15:04:40 +01:00
Hanno Becker
70da2c545b Improve documentation of mbedtls_dhm_make_params 2017-10-02 15:02:59 +01:00
Hanno Becker
b5beaa8995 Check that 1 < D, E < N in mbedtls_rsa_validate_params 2017-10-02 13:20:20 +01:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt
This is no longer needed after the decision to not exhaustively validate private key material.
2017-10-02 13:20:15 +01:00
Hanno Becker
98838b04af Minor improvements 2017-10-02 13:17:01 +01:00
Hanno Becker
7471631dde Make input arguments to mbedtls_rsa_import_raw constant
Original intention was to be allowed to perform in-place operations like changing the byte-order before importing
parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments
to be left untouched.
2017-10-02 13:17:01 +01:00
Hanno Becker
43a08d029e Clarify guarantees made by rsa_check_privkey and rsa_complete
Document explicitly that `mbedtls_rsa_check_privkey` and `mbedtls_rsa_complete` succeeding does not guarantee the
consistency of the underlying RSA private key but only that enough information is present to perform a private key
operation.
2017-10-02 13:17:01 +01:00
Hanno Becker
1b831fe1c5 Clarify guarantees made by rsa_deduce_moduli/private/crt 2017-10-02 13:06:47 +01:00
Hanno Becker
bdefff1dde Change signature of mbedtls_rsa_deduce_private
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
2017-10-02 09:59:48 +01:00
Hanno Becker
ba5b755f1a Change signature and semantics of mbedtls_rsa_deduce_moduli
Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has
been found.
2017-10-02 09:55:49 +01:00
Hanno Becker
2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:35:21 +01:00
Hanno Becker
f5f9d11acc Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-09-30 23:35:12 +01:00
Hanno Becker
56bae95e1d Improve style and documentation, fix typo 2017-09-29 15:43:49 +01:00
Hanno Becker
4b2f691691 Doxygen: Use typewriter font for variables in rsa.h documentation 2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321 Increase readability of Doxygen output
Multiple lists were not properly recognized as such.
2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb Add and document an RSA-specific error code for unsupported exports
E.g., a private key on an external chip might not be exportable to RAM.
2017-09-29 12:50:12 +01:00
Hanno Becker
5063cd2cca Deprecate direct manipulation of structure fields in RSA context 2017-09-29 11:54:05 +01:00
Hanno Becker
a2f6b72cbb Add warnings regarding the use of DHM in general 2017-09-28 11:06:31 +01:00
Hanno Becker
e764324d96 Improve documentation in dhm.h 2017-09-28 11:06:31 +01:00
Hanno Becker
4c72b000cb Add const-qualifiers to prime constants 2017-09-27 16:06:37 +01:00
Hanno Becker
b1d4d1fa6e Add description of how the primes from RFC 3526/7919 were generated 2017-09-27 12:43:57 +01:00
Hanno Becker
b2bad800e4 Introduce Diffie-Hellman parameters from RFC 7919 2017-09-27 12:43:55 +01:00
Hanno Becker
0e6dc84f3e Deprecate Diffie-Hellman groups from RFC 5114
Also, change the way the standardized Diffie-Hellman groups are provided from
macro-based string-literals to global variables.
2017-09-27 11:48:02 +01:00
Jaeden Amero
1526330931 Allow alternate implementation of GCM
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
2017-09-22 17:42:44 +01:00
Hanno Becker
a8434e8f95 Add compile-time checks for size of record content and payload 2017-09-18 10:56:14 +01:00
Hanno Becker
936f72c641 Disable MBEDTLS_RSA_FORCE_BLINDING by default
This commit disables the new MBEDTLS_RSA_FORCE_BLINDING option by default to preserve backwards
compatibility. Further, it deprecates disabling to prepare for a future release in which blinding will be
unconditionally enforced.
2017-09-07 13:09:58 +01:00
Manuel Pégourié-Gonnard
4b6e210d00 Merge branch 'mbedtls-2.6' into iotssl-1381-x509-verify-refactor-restricted
* mbedtls-2.6: (27 commits)
  Update version number to 2.6.0
  Fix language in Changelog for clarity
  Improve documentation of PKCS1 decryption functions
  Fix style and missing item in ChangeLog
  Add credit to Changelog to fix for #666
  Fix naked call to time() with platform call
  Fix ChangeLog for duplication after merge
  Rename time and index parameter to avoid name conflict.
  Correct comment
  Adapt ChangeLog
  Reliably zeroize sensitive data in AES sample application
  Reliably zeroize sensitive data in Crypt-and-Hash sample application
  Fix potential integer overflow parsing DER CRT
  Fix potential integer overflow parsing DER CRL
  Move the git scripts to correct path
  Update after @sbutcher-arm comments
  Fix slash direction for linux path
  Add note for the git_hoos README file
  Pre push hook script
  Check return code of mbedtls_mpi_fill_random
  ...
2017-08-31 10:09:43 +02:00
Manuel Pégourié-Gonnard
bb216bd940 Fix MSVC 64-bit warnings
"conversion from size_t to int, possible loss of data"
2017-08-28 13:25:55 +02:00
Hanno Becker
603b8c62c4 Clarify guarantees made by successful mbedtls_rsa_complete call 2017-08-25 11:03:07 +01:00
Hanno Becker
d363799a9d Add mbedtls_rsa_validate_crt
This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function
mbedtls_rsa_check_crt is simplified accordingly.
2017-08-25 08:35:09 +01:00
Hanno Becker
750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Manuel Pégourié-Gonnard
fd87e354f6 Improve comments on parity trick 2017-08-24 14:21:19 +02:00
Manuel Pégourié-Gonnard
0b23f167ba SSL: rework restart state handling
As done by previous commits for ECC and ECDSA:
- use explicit state assignments rather than increment
- always place the state update right before the operation label

This will make it easier to add restart support for other operations later if
desired.

SSL-specific changes:
- remove useless states: when the last restartable operation on a message is
  complete, ssl->state is incremented already, so we don't need any additional
state update: ecrs_state is only meant to complement ssl->state
- rename remaining states consistently as <message>_<operation>
- move some labels closer to the actual operation when possible (no assignment
  to variables used after the label between its previous and current position)
2017-08-24 12:08:33 +02:00
Hanno Becker
b0c5edcc2f Correct typo in rsa.h 2017-08-23 22:16:10 +01:00
Hanno Becker
ab3773123c Add support for alternative RSA implementations
Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in
config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and
re-implementing the RSA interface specified in rsa.h.

Through the previous reworkings, the adherence to the interface is the only
implementation obligation - in particular, implementors are free to use a
different layout for the RSA context structure.
2017-08-23 16:24:51 +01:00
Hanno Becker
1a59e791e5 Remove CRT fields from RSA context if RSA_NO_CRT is defined 2017-08-23 16:17:28 +01:00
Hanno Becker
8fd5548241 Minor formatting changes 2017-08-23 14:47:25 +01:00
Hanno Becker
cbb59bc2a8 Extend RSA interface to allow structure-independent setup
This commit extends the RSA interface by import/export calls that can be used to
setup an RSA context from a subset of the core RSA parameters (N,P,Q,D,E).

The intended workflow is the following:
1. Call mbedtls_rsa_import one or multiple times to import the core parameters.
2. Call mbedtls_rsa_complete to deduce remaining core parameters as well as any
   implementation-defined internal helper variables.

The RSA context is ready for use after this call.

The import function comes in two variants mbedtls_rsa_import and
mbedtls_rsa_import_raw, the former taking pointers to MPI's as input, the latter
pointers buffers holding to big-endian encoded MPI's.
The reason for this splitting is the following: When only providing an import
function accepting const MPI's, a user trying to import raw binary data into an
RSA context has to convert these to MPI's first which before passing them to the
import function, introducing an unnecessary copy of the data in memory. The
alternative would be to have another MPI-based import-function with
move-semantics, but this would be in contrast to the rest of the library's
interfaces.

Similarly, there are functions mbedtls_rsa_export and mbedtls_rsa_export_raw for
exporting the core RSA parameters, either as MPI's or in big-endian binary
format.

The main import/export functions deliberately do not include the additional
helper values DP, DQ and QP present in ASN.1-encoded RSA private keys. To
nonetheless be able to check whether given parameters DP, DQ and QP are in
accordance with a given RSA private key, the interface is extended by a function
mbedtls_rsa_check_opt (in line with mbedtls_rsa_check_privkey,
mbedtls_rsa_check_pubkey and mbedtls_rsa_check_pub_priv). Exporting the optional
parameters is taken care of by mbedtls_export_opt (currently MPI format only).
2017-08-23 14:44:36 +01:00
Hanno Becker
a3ebec2423 Declare RSA helper functions
This commit adds convenience functions to the RSA module for computing a
complete RSA private key (with fields N, P, Q, D, E, DP, DQ, QP) from a subset
of core parameters, e.g. (N, D, E).
2017-08-23 14:06:24 +01:00
Manuel Pégourié-Gonnard
eaf55beead Misc documentation fixes/improvements 2017-08-23 14:40:21 +02:00
Manuel Pégourié-Gonnard
7037e222ea Improve comments and doc for ECP 2017-08-23 14:30:36 +02:00
Manuel Pégourié-Gonnard
daf049144e Rework state saving for verify_chain()
Child was almost redundant as it's already saved in ver_chain, except it was
multiplexed to also indicate whether an operation is in progress. This commit
removes it and introduces an explicit state variable instead.

This state can be useful later if we start returning IN_PROGRESS at other
points than find_parent() (for example when checking CRL).

Note that the state goes none -> find_parent and stays there until the context
is free(), as it's only on the first call that nothing was in progress.
2017-08-23 12:32:19 +02:00
Manuel Pégourié-Gonnard
8b7b96bbd3 Fix typo 2017-08-23 10:02:51 +02:00
Ron Eldor
f231eaae28 Add configuration file in md.h
include `*config.h*` in md.h as MACROS in the header file get ignored.
Fix for #1001.
2017-08-22 14:50:14 +03:00
Manuel Pégourié-Gonnard
7766a2c9c0 Improve some comments 2017-08-21 10:57:57 +02:00
Manuel Pégourié-Gonnard
aaa9814879 Uniformize ifdefs to ECDSA_C+ECP_RESTARTABLE
Some parts were already implicitly using this as the two ifdefs were nested,
and some others didn't, which resulted in compile errors in some configs. This
fixes those errors and saves a bit of code+RAM that was previously wasted when
ECP_RESTARTABLE was defined but ECDSA_C wasn't
2017-08-18 17:30:37 +02:00
Manuel Pégourié-Gonnard
fe6877034d Keep PK layer context in the PK layer
Previously we kept the ecdsa context created by the PK layer for ECDSA
operations on ECKEY in the ecdsa_restart_ctx structure, which was wrong, and
caused by the fact that we didn't have a proper handling of restart
sub-contexts in the PK layer.
2017-08-18 17:04:07 +02:00
Manuel Pégourié-Gonnard
0bbc66cc76 Dynamically allocate/free restart subcontext in PK 2017-08-18 16:22:06 +02:00
Manuel Pégourié-Gonnard
15d7df2ba8 Introduce mbedtls_pk_restart_ctx and use it
The fact that you needed to pass a pointer to mbedtls_ecdsa_restart_ctx (or
that you needed to know the key type of the PK context) was a breach of
abstraction.

Change the API (and callers) now, and the implementation will be changed in
the next commit.
2017-08-17 15:16:11 +02:00
Manuel Pégourié-Gonnard
c9e16a97da Disable restartable ECC by default 2017-08-15 14:30:59 +02:00
Manuel Pégourié-Gonnard
3bf49c4552 Enable restart for certificate verify 2017-08-15 14:12:47 +02:00
Manuel Pégourié-Gonnard
6b7301c872 Change restart context type.
No need to have both x509 and ecdsa, as the former contains the later.
2017-08-15 12:08:45 +02:00
Manuel Pégourié-Gonnard
d27d1a5a82 Clean up existing SSL restartable ECC code
- more consistent naming with ecrs prefix for everything
- always check it enabled before touching the rest
- rm duplicated code in parse_server_hello()
2017-08-15 11:49:08 +02:00
Manuel Pégourié-Gonnard
8b59049407 Make verify() actually restartable 2017-08-15 10:45:09 +02:00
Manuel Pégourié-Gonnard
c11e4baa63 Rework type for verify chain
- create container with length + table
- make types public (will be needed in restart context)
2017-08-15 10:44:13 +02:00
Simon Butcher
72ea31b026 Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
Manuel Pégourié-Gonnard
bc3f44ae9c Introduce mbedtls_x509_crt_verify_restartable() 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
23e416261c ECDH: not restartable unless explicitly enabled
This is mainly for the benefit of SSL modules, which only supports restart in
a limited number of cases. In the other cases (ECDHE_PSK) it would currently
return ERR_ECP_IN_PROGRESS and the user would thus call ssl_handshake() again,
but the SSL code wouldn't handle state properly and things would go wrong in
possibly unexpected ways.  This is undesirable, so it should be possible for
the SSL module to choose if ECDHE should behave the old or the new way.

Not that it also brings ECDHE more in line with the other modules which
already have that choice available (by passing a NULL or valid restart
context).
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
1f1f2a1ca6 Adapt ServerKeyEchange processing to restart 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
862cde5b8e Add restart support for ECDSA client auth 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
2350b4ebdc Adapt ECDHE_ECDSA key exchange to restartable EC
For now some other key exchanges (ECDHE_PSK) will just fail to work, this will
be either fixed or properly fixed later.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
1f596064bc Make PK EC sign/verify actually restartable 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
82cb27b3db PK: declare restartable sign/verify functions
For RSA, we could either have the function return an error code like
NOT_IMPLEMENTED or just run while disregarding ecp_max_ops. IMO the second
option makes more sense, as otherwise the caller would need to check whether
the key is EC or RSA before deciding to call either sign() or
sign_restartable(), and having to do this kind of check feels contrary to the
goal of the PK layer.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
fd838dab5c Comment cosmetics 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
66ba48a3c8 Make ECDH functions actually restartable 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
c90d3b0f89 Update doc for restartable ECDH functions 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
b90883dc1d Prepare infra for restartable sign 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
addb10efac Create functions for restartable sign 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
5314f234ca Make verify_restartable() actually restartable 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
a0c5bcc2bc Add infrastructure for ecdsa_verify_restartable() 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
722e5156fd Add test for ecdsa_read_signature_restartable()
Test values taken from a random signature as generated in
ecdsa_write_read_random() test function
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
32aa4375cc Declare ecdsa_read_signature_restartable()
Not making ecdsa_verify_restartable() public, as it isn't called from any
other module.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
1ed2505f85 Add some negative testing for ecdsa_verify() 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
c751148cc5 Make some macros/functions public
These will be needed in other modules that already include ecp.h
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
b5a50e754d Always declare restartable function variants
Otherwise code that uses these functions in other modules will have to do:

    #if defined(MBEDTLS_ECP_RESTARTABLE)
    ret = do_stuff( there, may, be, many, args );
    #else
    ret = do_stuff( their, may, be, namy, args, rs_ctx );
    #fi

and there is a risk that the arg list will differ when code is updated, and
this might not be caught immediately by tests because this depends on a
config.h compile-time option which are harder to test.

Always declaring the restartable variants of the API functions avoids this
problem; the cost in ROM size should be negligible.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
4b9c51ef32 Rename EARLY_RETURN -> RESTARTABLE
This is more consistent with function and context names.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
a7937f9967 Add public function generating private keys
This will be useful for restartable ECDH and ECDSA. Currently they call
mbedtls_ecp_gen_keypair(); one could make that one restartable, but that means
adding its own sub-context, while ECDH and ECDSA (will) have their own
contexts already, so switching to this saves one extra context.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
54dd6527f0 Introduce muladd_restartable() and its sub-context
Only the administrative parts for now, not actually restartable so far.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
3a256128d6 Reset ops_done at the right time
This should only be done in the top-level function.

Also, we need to know if we indeed are the top-level function or not: for
example, when mbedtls_ecp_muladd() calls mbedtls_ecp_mul(), the later should
not reset ops_done. This is handled by the "depth" parameter in the restart
context.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
646393bb1e Move ops count to top-level context
When a restartable function calls another restartable function, the current
ops_count needs to be shared to avoid either doing too many operations or
returning IN_PROGRESS uselessly. So it needs to be in the top-level context
rather than a specific sub-context.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
8467e6848d Stop checking for argument change
This was intended to detect aborted operations, but now that case is handled
by the caller freeing the restart context.

Also, as the internal sub-context is managed by the callee, no need for the
caller to free/reset the restart context between successful calls.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
3cade22f96 Switch to restart context internally 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
8f28addb27 Update documentation for new design/API
EC-JPAKE warning is no longer needed as we now have separate _restartable()
functions, and JPAKE will just call the non-restartable version.

Concurrency warning removed as this is one of the reasons why this design was
chosen.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
b739a712d1 Start moving to new design/API
Following discussion in the team, it was deemed preferable for the restart
context to be explicitly managed by the caller.

This commits in the first in a series moving in that directly: it starts by
only changing the public API, while still internally using the old design.
Future commits in that series will change to the new design internally.

The test function was simplified as it no longer makes sense to test for some
memory management errors since that responsibility shifted to the caller.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
45fd0164dd Rename multiplication-specific restart context
It's going to be convenient for each function that can generate a
MBEDTLS_ERR_ECP_IN_PROGRESS on its own (as opposed to just passing it around)
to have its own restart context that they can allocate and free as needed
independently of the restart context of other functions.

For example ecp_muladd() is going to have its own restart_muladd context that
in can managed, then when it calls ecp_mul() this will manage a restart_mul
context without interfering with the caller's context.

So, things need to be renames to avoid future name clashes.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
e58f65a04b Expand documentation with notes and warnings 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
e685449004 Scale ops count for larger curves
From a user's perspective, you want a "basic operation" to take approximately
the same amount of time regardless of the curve size, especially since max_ops
is a global setting: otherwise if you pick a limit suitable for P-384 then
when you do an operation on P-256 it will return way more often than needed.

Said otherwise, a user is actually interested in actual running time, and we
do the API in terms of "basic ops" for practical reasons (no timers) but then
we should make sure it's a good proxy for running time.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
9c5c78ff5c Fix indicative values of ops counts
Previous measurements were wrong due to counting multiplication by a small
constant as a full multiplication, which it is not.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
1c678e0e06 Update doc about minimum max_ops value
Ok, so the original plan was to make mpi_inv_mod() the smallest block that
could not be divided. Updated plan is that the smallest block will be either:
- ecp_normalize_jac_many() (one mpi_inv_mod() + a number or mpi_mul_mpi()s)
- or the second loop in ecp_precompute_comb()

With default settings, the minimum non-restartable sequence is:
- for P-256: 222M
- for P-384: 341M

This is within a 2-3x factor of originally planned value of 120M. However,
that value can be approached, at the cost of some performance, by setting
ECP_WINDOW_SIZE (w below) lower than the default of 6. For example:
- w=4 -> 166M for any curve (perf. impact < 10%)
- w=2 -> 130M for any curve (perf. impact ~ 30%)

My opinion is that the current state with w=4 is a good compromise, and the
code complexity need to attain 120M is not warranted by the 1.4 factor between
that and the current minimum with w=4 (which is close to optimal perf).
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
77af79a324 Add proper allocation of restart context
We'll need to store MPIs and other things that allocate memory in this
context, so we need a place to free it. We can't rely on doing it before
returning from ecp_mul() as we might return MBEDTLS_ERR_ECP_IN_PROGRESS (thus
preserving the context) and never be called again (for example, TLS handshake
aborted for another reason). So, ecp_group_free() looks like a good place to
do this, if the restart context is part of struct ecp_group.

This means it's not possible to use the same ecp_group structure in different
threads concurrently, but:
- that's already the case (and documented) for other reasons
- this feature is precisely intended for environments that lack threading

An alternative option would be for the caller to have to allocate/free the
restart context and pass it explicitly, but this means creating new functions
that take a context argument, and putting a burden on the user.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
054433c493 Add mbedtls_ecp_set_max_ops()
The plan is to count basic operations as follows:
- call to ecp_add_mixed()   -> 11
- call to ecp_double_jac()  -> 8
- call to mpi_mul_mpi()     -> 1
- call to mpi_inv_mod()     -> 120
- everything else           -> not counted

The counts for ecp_add_mixed() and ecp_double_jac() are based on the actual
number of calls to mpi_mul_mpi() they they make.

The count for mpi_inv_mod() is based on timing measurements on K64F and
LPC1768 boards, and are consistent with the usual very rough estimate of one
inversion = 100 multiplications. It could be useful to repeat that measurement
on a Cortex-M0 board as those have smaller divider and multipliers, so the
result could be a bit different but should be the same order of magnitude.

The documented limitation of 120 basic ops is due to the calls to mpi_inv_mod()
which are currently not interruptible nor planned to be so far.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
5e3c62fd1d Add MBEDTLS_ERR_ECP_IN_PROGRESS 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
c3a3bc7636 Add config flag MBEDTLS_ECP_EARLY_RETURN 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
225b37a543 Fix typos in comment 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
562df401d3 Improve some comments, fix some typos+whitespace 2017-08-08 18:17:53 +02:00
Ron Eldor
433f39c437 ECDH alternative implementation support
Add alternative implementation support for ECDH at the higher layer
2017-08-08 18:43:56 +03:00
Manuel Pégourié-Gonnard
a4a206e834 Clarify documentation for directly-trusted certs
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification #73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests #42 and #43, so I'm not touching it for now.
2017-08-08 11:06:49 +02:00
Ron Eldor
b68733bf62 ECDSA alternative support
Support for alternative implementation of ECDSA, at the higher layer
2017-08-07 18:00:22 +03:00
Hanno Becker
61937d4a83 Rename time and index parameter to avoid name conflict.
As noted in #557, several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.

This commit renames the arguments accordingly.
2017-07-28 22:28:08 +01:00
Andres Amaya Garcia
c630ce6b4c Improve MBEDTLS_NO_UDBL_DIVISION description 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
df1486afe4 Remove MBEDTLS_TYPE_UDBL option 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
b39467dda7 Fix check_config.h #error directive 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
93db11a395 Fix typo in check_config.h 2017-07-27 21:44:33 +01:00
Gilles Peskine
b1a977f5a7 MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
d7fce008c5 Allow forcing 64-bit integer type
Allow forcing 64-bit integer type for bignum operations. Also introduce
the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length
integer in unknown compilers.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
aa27dfeecc Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-27 21:44:33 +01:00
Simon Butcher
a95d630197 Fix platform setup/teardown feature and comments
Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it
as a feature  in 'version_features.c'.
2017-07-27 21:44:33 +01:00
Simon Butcher
d3be27a92a Add additional comments to platform setup/teardown functions 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
d91f99f868 Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
64b02cd947 Improve documentation for mbedtls_platform_context 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
3c8a39d28a Remove internal functions from setup API 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
2a6f39cb63 Add library setup and teardown APIs
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:

* mbedtls_platform_setup()
* mbedtls_platform_teardown()

An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:

* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()

Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
2017-07-27 21:44:33 +01:00
Hanno Becker
ca1cdb2bf3 Make minor changes to documentation 2017-07-27 21:44:33 +01:00
Hanno Becker
bedc2050b6 Export mbedtls_aes_(en/de)crypt to retain for API compatibility
The commit f5bf7189d3 made the AES
functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing
the library's API.

This commit reverts this.
2017-07-27 21:44:33 +01:00
Hanno Becker
6d84ae7e57 Clarify documentation for alternative AES implementations
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.

This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
2017-07-27 21:44:33 +01:00
Hanno Becker
d300a5734a Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-07-27 21:44:33 +01:00
Janos Follath
bfea4a7c02 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-27 21:44:32 +01:00
Hanno Becker
b6479192d8 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-27 21:43:17 +01:00
Andres Amaya Garcia
2801d00c6a Improve MBEDTLS_NO_UDBL_DIVISION description 2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
031622ffa2 Remove MBEDTLS_TYPE_UDBL option 2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
75c0b2c192 Fix check_config.h #error directive 2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
99716caf5d Fix typo in check_config.h 2017-07-27 15:08:01 +01:00
Gilles Peskine
ed942f84e6 MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
6316ceb4b5 Allow forcing 64-bit integer type
Allow forcing 64-bit integer type for bignum operations. Also introduce
the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length
integer in unknown compilers.
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
b820bf8e45 Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-27 15:08:01 +01:00
Simon Butcher
9469919447 Fix platform setup/teardown feature and comments
Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it
as a feature  in 'version_features.c'.
2017-07-27 15:08:01 +01:00
Simon Butcher
0a1f94775c Add additional comments to platform setup/teardown functions 2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
59c202618e Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
3d3aadc736 Improve documentation for mbedtls_platform_context 2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
d24f5feb59 Remove internal functions from setup API 2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
d9e7ada52a Add library setup and teardown APIs
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:

* mbedtls_platform_setup()
* mbedtls_platform_teardown()

An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:

* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()

Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
2017-07-27 15:08:01 +01:00
Hanno Becker
2de930fdec Make minor changes to documentation 2017-07-27 15:08:01 +01:00
Hanno Becker
09b30789e5 Export mbedtls_aes_(en/de)crypt to retain for API compatibility
The commit f5bf7189d3 made the AES
functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing
the library's API.

This commit reverts this.
2017-07-27 15:08:01 +01:00
Hanno Becker
a5723f454a Clarify documentation for alternative AES implementations
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.

This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
2017-07-27 15:08:01 +01:00
Hanno Becker
ff1b846b67 Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-07-27 15:08:01 +01:00
Janos Follath
78b1473ff3 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-27 15:08:01 +01:00
Hanno Becker
49c80f72df Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-27 15:05:12 +01:00
Andres Amaya Garcia
fdd11b2531 Improve MBEDTLS_NO_UDBL_DIVISION description 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
de2e70431f Remove MBEDTLS_TYPE_UDBL option 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
713c6fdd4e Fix check_config.h #error directive 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
bebc5f69f8 Fix typo in check_config.h 2017-07-22 11:53:56 +02:00
Gilles Peskine
9a9adcd6aa MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
6ee7dad896 Allow forcing 64-bit integer type
Allow forcing 64-bit integer type for bignum operations. Also introduce
the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length
integer in unknown compilers.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
05d9535c90 Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-22 11:53:56 +02:00
Simon Butcher
c0da47dd1e Fix platform setup/teardown feature and comments
Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it
as a feature  in 'version_features.c'.
2017-07-21 23:48:55 +01:00
Simon Butcher
be4f75c12f Add additional comments to platform setup/teardown functions 2017-07-21 02:15:14 +02:00
Andres Amaya Garcia
9da69514ec Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
9d80a36336 Improve documentation for mbedtls_platform_context 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
82d7314c43 Remove internal functions from setup API 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
122d899296 Add library setup and teardown APIs
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:

* mbedtls_platform_setup()
* mbedtls_platform_teardown()

An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:

* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()

Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
2017-07-21 02:11:35 +02:00
Andres Amaya Garcia
46f5a3e9b4 Check return codes from MD in ssl code 2017-07-20 16:17:51 +01:00
Andres Amaya Garcia
a21247ead7 Remove unwanted whitespace in MD comments 2017-07-20 14:01:08 +01:00
Hanno Becker
1a28b01b5e Make minor changes to documentation 2017-07-20 12:36:53 +02:00
Hanno Becker
489b985fae Export mbedtls_aes_(en/de)crypt to retain for API compatibility
The commit f5bf7189d3 made the AES
functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing
the library's API.

This commit reverts this.
2017-07-20 12:36:53 +02:00
Hanno Becker
649dcab175 Clarify documentation for alternative AES implementations
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.

This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
2017-07-20 12:36:53 +02:00
Hanno Becker
544039ac59 Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-07-20 12:36:53 +02:00
Janos Follath
a9e775efe4 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-19 02:07:59 +01:00
Hanno Becker
248ae6dbb8 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-19 01:46:44 +01:00
Manuel Pégourié-Gonnard
760c9b91d7 Update doc of return value of verify() 2017-07-06 15:00:32 +02:00
Manuel Pégourié-Gonnard
31458a1878 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Andres Amaya Garcia
7a005e2fa4 Remove invalid doxygen docs from deprecated func 2017-07-03 14:42:34 +01:00