Commit Graph

1549 Commits

Author SHA1 Message Date
Andres Amaya Garcia
b4d008430c Allow 0 as a valid ret value for mbedtls_ssl_write
This patch modifies the documentation for mbedtls_ssl_write() to allow
0 as a valid return value as this is the correct number of bytes that
should be returned when an empty TLS Application record is sent.
2018-06-21 19:37:13 +01:00
Simon Butcher
6fc9ceece3 Change the library version to 2.1.13 2018-06-18 14:49:02 +01:00
Simon Butcher
0a715b1587 Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1 2018-06-17 18:02:57 +01:00
Zach van Rijn
7cea62b8ad Fix MicroBlaze register typo. 2018-06-15 07:40:03 +01:00
Azim Khan
c57d0e5ed5 Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-06-14 08:48:49 +01:00
Simon Butcher
29298cbf8c Merge remote-tracking branch 'public/pr/1671' into mbedtls-2.1 2018-06-12 18:36:39 +01:00
Simon Butcher
a5fb40d9f9 Merge remote-tracking branch 'public/pr/1465' into mbedtls-2.1 2018-06-11 11:49:28 +01:00
Gilles Peskine
5b256af2f2 mbedtls_gcm_crypt_and_tag: clarify what each mode does and doesn't do 2018-06-07 15:05:03 +02:00
Gilles Peskine
bfc3b74674 Correct and clarify the documentation of GCM whole-message functions
Clarify the roles of the buffer parameter and their sizes.

Document the possible error codes.

Warn that mbedtls_gcm_crypt_and_tag in decrypt mode does not
authenticate the data and recommend using mbedtls_gcm_auth_decrypt
instead.
2018-06-06 16:58:02 +02:00
Simon Butcher
fcc7a62bb1 Merge remote-tracking branch 'public/pr/1403' into mbedtls-2.1 2018-06-01 19:43:55 +01:00
Moran Peker
6981df59e7 Remove double declaration of mbedtls_ssl_list_ciphersuites
Raised by TrinityTonic. #1359
2018-05-23 18:42:36 +01:00
Andres AG
879e62697e Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2018-05-11 16:38:38 +01:00
Jaeden Amero
753afd85a1 Merge remote-tracking branch 'upstream-public/pr/1585' into mbedtls-2.1-proposed 2018-05-04 11:09:28 +01:00
Jaeden Amero
6c0fba4350 Update version to 2.1.12 2018-04-27 13:13:54 +01:00
Azim Khan
006848db2a Use correct version of snprintf on Windows
platform.h defines MBEDTLS_PLATFORM_STD_SNPRINTF based on _WIN32. But while defining macro mbedtls_snprintf it sets it to STD C snprintf that is deprecated on Windows.
2018-04-17 23:36:02 +01:00
Jaeden Amero
b40dae5c21 Merge remote-tracking branch 'upstream-public/pr/1546' into mbedtls-2.1-proposed 2018-04-03 12:03:12 +01:00
Gilles Peskine
1198e6329f Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:51:14 +02:00
Darryl Green
093c170377 Improve documentation of mbedtls_ssl_write() 2018-03-29 16:56:09 +01:00
Jaeden Amero
cbe731c653 Merge remote-tracking branch 'upstream-public/pr/1532' into mbedtls-2.1-proposed 2018-03-29 11:03:17 +01:00
Ivan Krylov
c501f9cbb9 mbedtls_net_bind: ip_len can be NULL if client_ip is null 2018-03-28 17:21:54 +03:00
Jaeden Amero
8b4cd26eaf Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed 2018-03-28 13:44:28 +01:00
Gilles Peskine
f22c59bc15 Fix some comments regarding what files are symlinked 2018-03-23 14:38:14 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Gergely Budai
0a91973e4b Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:32:47 +00:00
Paul Bakker
3d72b5d688 Add end guard comment 2018-03-21 15:29:35 +00:00
Embedthis Software
d641260987 Fix single threaded builds 2018-03-21 15:29:01 +00:00
Gilles Peskine
cd0265ec85 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:12:47 +01:00
Jaeden Amero
1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Gilles Peskine
df6f3dd9b0 Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed 2018-03-13 17:28:42 +01:00
Gilles Peskine
8c1217984b Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
2018-03-13 17:26:49 +01:00
Gilles Peskine
5e533f43ee Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed 2018-03-12 23:51:50 +01:00
Gilles Peskine
9a00ef3cf1 Merge branch 'pr_953' into HEAD 2018-03-11 00:52:24 +01:00
Gilles Peskine
af18faca22 Merge remote-tracking branch 'upstream-public/pr/937' into mbedtls-2.1-proposed 2018-03-10 23:52:22 +01:00
Gilles Peskine
ca4efdd0ad Refer to X.690 by number
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
2018-03-08 18:16:45 +01:00
Manuel Pégourié-Gonnard
78df7fcc8c Fix some comment typos 2018-03-05 13:46:08 +01:00
Manuel Pégourié-Gonnard
e9c44d2362 Improve some comments 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard
b119d40fa9 Improve some comments, fix some typos 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard
ab7796faf3 Clarify documentation for directly-trusted certs
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification #73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests #42 and #43, so I'm not touching it for now.
2018-03-05 13:43:43 +01:00
Gilles Peskine
25ec9cc9b3 Merge branch 'prr_428' into mbedtls-2.1-proposed 2018-02-22 16:24:13 +01:00
Gilles Peskine
2e50efad44 Merge remote-tracking branch 'upstream-public/pr/1334' into mbedtls-2.1-proposed 2018-02-14 15:13:37 +01:00
Antonio Quartulli
b9e3c6d9c6 pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Jaeden Amero
f885c81f15 Update version to 2.1.10 2018-02-02 18:10:05 +00:00
Jaeden Amero
4913826aff Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-30 17:33:25 +00:00
Hanno Becker
15e4951651 Add documentation warnings for weak algorithms
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
2018-01-30 10:39:32 +00:00
James Cowgill
ca20ced208 Fix segfault on x32 by using better register constraints in bn_mul.h
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.

The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2018-01-29 21:54:26 +01:00
Jaeden Amero
bfafd12789 Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted 2018-01-26 18:09:14 +00:00
Ron Eldor
1ac9aa7085 Set correct minimal versions in default conf
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:03:12 +01:00
Manuel Pégourié-Gonnard
c313e7e679 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  selftest: fix build error in some configurations
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: fixed an erroneous return code
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:43:51 +01:00
Gilles Peskine
b29e70bb01 mbedtls_timing_get_timer: don't use uninitialized memory
mbedtls_timing_get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 19:33:48 +01:00
Gilles Peskine
02c3167b40 timing interface documentation: minor clarifications 2017-12-20 19:33:42 +01:00