Jaeden Amero
9f4f8eec93
Update library version to 2.16.1
2019-03-19 16:20:02 +00:00
Janos Follath
9f24b73151
Add warning for alternative ECDSA implementations
...
Alternative implementations are often hardware accelerators and might
not need an RNG for blinding. But if they do, then we make them misuse
the RNG in the deterministic case.
There are several way around this:
- Exposing a lower level function for replacement. This would be the
optimal solution, but litters the API and is not backward compatible.
- Introducing a new compile time option for replacing the deterministic
function. This would mostly cover the same code as
MBEDTLS_ECDSA_DETERMINISTIC and would be yet another compile time flag.
- Reusing the existing MBEDTLS_ECDSA_DETERMINISTIC macro. This changes
the algorithm used by the PK layer from deterministic to randomised if
the alternative implementation is present.
This commit implements the third option. This is a temporary solution
and should be fixed at the next device driver API change.
2019-03-06 16:51:22 +00:00
Janos Follath
f1713e96c9
Add a safer deterministic ECDSA function
...
`mbedtls_ecdsa_sign_det` reuses the internal HMAC-DRBG instance to
implement blinding. The advantage of this is that the algorithm is
deterministic too, not just the resulting signature. The drawback is
that the blinding is always the same for the same key and message.
This diminishes the efficiency of blinding and leaks information about
the private key.
A function that takes external randomness fixes this weakness.
2019-03-06 14:41:44 +00:00
Simon Butcher
799cd57c72
Merge remote-tracking branch 'restricted/pr/550' into mbedtls-2.16
...
* restricted/pr/550:
Update query_config.c
Fix failure in SSLv3 per-version suites test
Adjust DES exclude lists in test scripts
Clarify 3DES changes in ChangeLog
Fix documentation for 3DES removal
Exclude 3DES tests in test scripts
Fix wording of ChangeLog and 3DES_REMOVE docs
Reduce priority of 3DES ciphersuites
2019-03-01 13:05:43 +00:00
Andres Amaya Garcia
7c86e9a03e
Fix documentation for 3DES removal
2019-03-01 10:29:49 +01:00
Andres Amaya Garcia
6882ec1521
Fix wording of ChangeLog and 3DES_REMOVE docs
2019-03-01 10:29:49 +01:00
Andres Amaya Garcia
5d8aade01d
Reduce priority of 3DES ciphersuites
2019-03-01 10:29:13 +01:00
Gilles Peskine
4dc50bc06e
Fix typo in documentation
2019-02-21 16:58:20 +01:00
Antonin Décimo
d5f4759594
Fix #2370 , minor typos and spelling mistakes
2019-02-18 14:50:57 +00:00
Andres Amaya Garcia
6490034fb2
Improve docs for ASN.1 bitstrings and their usage
2019-02-11 21:25:09 +00:00
Jaeden Amero
5788314d63
Merge remote-tracking branch 'origin/pr/2319' into mbedtls-2.16
2019-01-30 16:09:56 +00:00
Jaeden Amero
f0f8c09178
Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16
2019-01-30 16:09:08 +00:00
Jeffrey Martin
541055e197
Backport #1949 into mbedtls-2.16
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:16:34 -06:00
Simon Butcher
874b60423e
Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16
2019-01-08 16:34:19 +00:00
Darryl Green
b779759745
Move ecp_restartable definitions out of the MBEDTLS_ECP_ALT guards
...
As there are some definitions that are defined regardless of
whether MBEDTLS_ECP_RESTARTABLE is defined or not, these definitions
need to be moved outside the MBEDTLS_ECP_ALT guards. This is a simple
move as MBEDTLS_ECP_ALT and MBEDTLS_ECP_RESTARTABLE are mutually
exclusive options.
2019-01-07 13:12:44 +00:00
GuHaijun
983acb75f0
Fix include file path
2018-12-28 11:11:10 +08:00
Simon Butcher
6c164e754b
Update the version of the library to 2.16.0
2018-12-21 10:51:51 +00:00
Simon Butcher
fed19be501
Merge remote-tracking branch 'public/pr/2126' into development-restricted
2018-12-20 12:35:09 +00:00
Simon Butcher
6df8c53cd4
Merge remote-tracking branch 'public/pr/2134' into development-restricted
2018-12-20 12:34:44 +00:00
Simon Butcher
ad7c2105a2
Merge remote-tracking branch 'public/pr/2274' into development
2018-12-20 12:16:57 +00:00
Simon Butcher
12b4240300
Merge remote-tracking branch 'public/pr/2288' into development
2018-12-20 12:16:46 +00:00
Simon Butcher
c831193c85
Merge remote-tracking branch 'public/pr/2302' into development
2018-12-20 12:16:39 +00:00
Simon Butcher
1efda39f8a
Merge remote-tracking branch 'public/pr/2297' into development
2018-12-20 12:16:29 +00:00
Simon Butcher
5aa7809ac8
Merge remote-tracking branch 'public/pr/2275' into development
2018-12-20 12:15:19 +00:00
Simon Butcher
780cf189b0
Merge remote-tracking branch 'public/pr/2271' into development
2018-12-20 12:15:08 +00:00
Simon Butcher
032c037052
Merge remote-tracking branch 'public/pr/2270' into development
2018-12-20 12:04:13 +00:00
Simon Butcher
a033633bb0
Merge remote-tracking branch 'public/pr/2269' into development
2018-12-20 12:02:56 +00:00
Simon Butcher
70935a4001
Merge remote-tracking branch 'public/pr/2299' into development
2018-12-20 12:02:23 +00:00
Simon Butcher
003c0e032f
Merge remote-tracking branch 'public/pr/2292' into development
2018-12-20 12:02:17 +00:00
Simon Butcher
decf2f5c2c
Merge remote-tracking branch 'public/pr/2291' into development
2018-12-20 12:02:11 +00:00
Simon Butcher
65ce5dc981
Merge remote-tracking branch 'public/pr/2290' into development
2018-12-20 12:02:05 +00:00
Simon Butcher
ad2e0dae32
Merge remote-tracking branch 'public/pr/2283' into development
2018-12-20 12:01:58 +00:00
Simon Butcher
0bbf7f450d
Merge remote-tracking branch 'public/pr/2279' into development
2018-12-20 12:01:49 +00:00
Simon Butcher
962b7b17d5
Merge remote-tracking branch 'public/pr/2273' into development
2018-12-20 12:01:17 +00:00
Simon Butcher
6be67a6518
Merge remote-tracking branch 'public/pr/2281' into development
2018-12-20 12:01:09 +00:00
Simon Butcher
dac513e246
Merge remote-tracking branch 'public/pr/2282' into development
2018-12-20 12:01:04 +00:00
Simon Butcher
ccafd14fee
Merge remote-tracking branch 'public/pr/2276' into development
2018-12-20 12:00:57 +00:00
Simon Butcher
2a8d32c6c1
Merge remote-tracking branch 'public/pr/2287' into development
2018-12-20 12:00:50 +00:00
k-stachowiak
247a782668
Increase strictness of NULL parameter validity in CCM's doxygen
2018-12-19 19:02:39 +01:00
k-stachowiak
6adb0574ea
Improve details of CCM parameter validation and documentation
2018-12-19 19:02:39 +01:00
k-stachowiak
9da5d7cd83
Adjust mbedtls_ccm_free() documentation
2018-12-19 19:02:39 +01:00
k-stachowiak
373a660193
Fix a documentation typo
2018-12-19 19:02:39 +01:00
k-stachowiak
b92f9334e4
Doxygen comments improvement
2018-12-19 19:02:39 +01:00
k-stachowiak
12f0d5c66d
Improve the constraints definition in the doxygen comments in CCM
2018-12-19 19:02:39 +01:00
k-stachowiak
fd42d531ba
Explicitly allow NULL as an argument to mbedtls_ccm_free()
2018-12-19 19:02:39 +01:00
k-stachowiak
438448e45f
Format NULL occurrences in CCM's Doxygen comments
2018-12-19 19:02:39 +01:00
k-stachowiak
26d365eb54
Add parameter validation for CCM
2018-12-19 19:02:39 +01:00
Gilles Peskine
6af45ec53e
PK: document context validity requirements
...
Document when a context must be initialized or not, when it must be
set up or not, and whether it needs a private key or a public key will
do.
The implementation is sometimes more liberal than the documentation,
accepting a non-set-up context as a context that can't perform the
requested information. This preserves backward compatibility.
2018-12-19 18:10:03 +01:00
Gilles Peskine
d54b97503b
pk parse: the password is optional
...
For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is
optional. Clarify what this means: NULL is ok and means no password.
Validate parameters and test accordingly.
2018-12-19 17:36:14 +01:00
k-stachowiak
e4b8d28ca7
Remove imprecise clause from documenting comment
2018-12-19 17:34:58 +01:00
k-stachowiak
95070a8286
Make some cipher parameter validation unconditional
2018-12-19 17:34:58 +01:00
k-stachowiak
6df25e7930
Increase strictness of NULL parameter validity in Cipher's doxygen
2018-12-19 17:34:58 +01:00
k-stachowiak
90b8d4a11e
Include static cipher functions in the parameter validation scheme
2018-12-19 17:34:13 +01:00
k-stachowiak
d5913bc115
Improve documentation of the parameter validation in the Cipher module
2018-12-19 17:34:13 +01:00
Krzysztof Stachowiak
e0215d7869
Add Cipher module parameter validation
2018-12-19 17:34:13 +01:00
k-stachowiak
6009ece91d
Increase strictness of NULL parameter validity in GCM's doxygen
2018-12-19 17:32:19 +01:00
k-stachowiak
21298a20c4
Improve parameter validation in mbedtls_gcm_free()
2018-12-19 17:32:19 +01:00
k-stachowiak
2ae7ae5301
Doxygen comments improvement
2018-12-19 17:30:38 +01:00
k-stachowiak
8ffc92a1e8
Add parameter validation for the GCM module
2018-12-19 17:30:38 +01:00
Hanno Becker
8ce11a323e
Minor improvements to bignum module
2018-12-19 16:18:52 +00:00
Gilles Peskine
159171b72a
PK parse/write: support keylen=0 correctly
...
A 0-length buffer for the key is a legitimate edge case. Ensure that
it works, even with buf=NULL. Document the key and keylen parameters.
There are already test cases for parsing an empty buffer. A subsequent
commit will add tests for writing to an empty buffer.
2018-12-19 17:03:28 +01:00
Hanno Becker
df4b59696d
Minor Camellia documentation improvements
2018-12-19 15:50:02 +00:00
Hanno Becker
ed54128fdb
Minor Blowfish documentation improvements
2018-12-19 15:48:37 +00:00
Hanno Becker
70ded3602c
Minor improvements to Camellia module and documentation
2018-12-19 13:42:05 +00:00
Hanno Becker
20376d631d
Don't promise that passing NULL input to Blowfish works
...
It seems to work, but we don't test it currently,
so we shouldn't promise it.
2018-12-19 12:52:59 +00:00
Hanno Becker
3d9a3490f8
Improve Blowfish documentation
2018-12-19 12:52:59 +00:00
Hanno Becker
49acc64c69
Minor improvements to Blowfish documentation and tests
2018-12-19 12:52:59 +00:00
Hanno Becker
3b4d6c6925
Document parameter preconditions for Blowfish module
2018-12-19 12:52:59 +00:00
Hanno Becker
938a15e584
Leave behaviour on NULL input unspecified in ARIA
...
We allow a NULL input buffer if the input length is zero,
but we don't test it. As long as that's the case, we shouldn't
promise to support it.
2018-12-19 12:51:00 +00:00
Hanno Becker
2f87504cb7
Minor ARIA documentation improvements
2018-12-19 12:51:00 +00:00
Hanno Becker
02d524c05c
Minor ARIA documentation improvements
2018-12-19 12:51:00 +00:00
Hanno Becker
139d8313d9
Document parameter preconditions for the ARIA module
2018-12-19 12:51:00 +00:00
Hanno Becker
1e2f3ed08f
Remove merge artifact
2018-12-19 12:47:55 +00:00
Hanno Becker
bdb7cd4840
Don't promise that passing NULL input to Camellia works
2018-12-19 12:47:55 +00:00
Hanno Becker
c7579ecb17
Improve Camellia documentation
2018-12-19 12:47:55 +00:00
Hanno Becker
af4b83bb2a
Minor improvements to CAMELLIA documentation
2018-12-19 12:47:55 +00:00
Hanno Becker
e939de7247
Minor fixes to Camellia parameter validation
2018-12-19 12:47:55 +00:00
Hanno Becker
f10905a6a7
Use full sentences in documentation of CAMELLIA preconditions
2018-12-19 12:47:55 +00:00
Hanno Becker
b4b7fb7504
Implement parameter validation for CAMELLIA module
2018-12-19 12:47:55 +00:00
Hanno Becker
7a16aaddba
Document parameter preconditions in CAMELLIA module
2018-12-19 12:47:55 +00:00
Hanno Becker
bb186f89fc
Weaken preconditions for mbedtls[_internal]_sha512_process()
2018-12-19 10:27:24 +00:00
Hanno Becker
fbf67770d8
Improve ECJPAKE documentation
2018-12-19 10:14:43 +00:00
Hanno Becker
185e516309
Minor fixes to ECJPAKE parameter validation
2018-12-19 09:48:50 +00:00
Simon Butcher
54b789aa74
Merge remote-tracking branch 'public/pr/2298' into development
2018-12-19 08:08:14 +00:00
Gilles Peskine
a310b41ebe
Add null-pointer support information to init/free
2018-12-19 00:51:21 +01:00
Hanno Becker
035c6baefe
Fix documentation bug in ECDSA module
2018-12-18 23:35:53 +00:00
Hanno Becker
c81cfece8f
Minor fixes to parameter validation in ECDH module
2018-12-18 23:32:42 +00:00
Hanno Becker
3f1f4ad9bd
Weaken preconditions on mbedtls_[internal_]sha256_process()
2018-12-18 23:19:37 +00:00
Hanno Becker
79b9e39732
Weaken preconditions for mbedtls[_internal]_sha1_process()
2018-12-18 23:17:49 +00:00
Hanno Becker
d01ff493e5
Minor improvements in bignum documentation
2018-12-18 23:10:28 +00:00
Hanno Becker
3f2d1ef169
Fix typo in SHA512 documentation
2018-12-18 18:41:40 +00:00
Hanno Becker
42f783d3b7
Fix minor issues in SHA1 documentation
2018-12-18 18:39:32 +00:00
Hanno Becker
d73101266d
Don't promise that passing a NULL to mbedtls_mpi_read_string works
2018-12-18 18:12:13 +00:00
Hanno Becker
01c3c10640
Fix typos in documentation of bignum module
...
Found by doxygen.sh
2018-12-18 18:12:13 +00:00
Hanno Becker
e118504a5f
Numerous minor improvements to bignum documentation
2018-12-18 18:12:13 +00:00
Hanno Becker
8282c2f070
Minor improvements to bignum documentation
2018-12-18 18:12:13 +00:00
Hanno Becker
c23483ed8c
Document preconditions on parameters in public bignum API
2018-12-18 18:12:13 +00:00
Hanno Becker
974ca0d947
Fix documentation bug on necessity of RNG in RSA PKCS v1.5
2018-12-18 18:03:24 +00:00
Hanno Becker
2f660d047d
Forbid passing NULL input buffers to RSA encryption routines
2018-12-18 17:07:30 +00:00
Hanno Becker
9171c6e9ec
Leave behaviour on NULL buffers to SHA-1 unspecified for now
...
We deal correctly with NULL being passed alongside a zero length
argument, but don't have tests for it, so we shouldn't promise
that it works.
2018-12-18 17:01:58 +00:00
Hanno Becker
6c5c45f400
Document parameter preconditions in DHM module
2018-12-18 16:59:09 +00:00
Hanno Becker
ca6f4585c7
Fix parameter validation in SHA-512 module
2018-12-18 16:36:26 +00:00
Hanno Becker
fc2a0b2e67
Minor SHA-256 documentation improvement
2018-12-18 16:32:50 +00:00
Hanno Becker
77886af63e
Improve SHA-256 documentation on parameter preconditions
2018-12-18 16:30:36 +00:00
Hanno Becker
ad7581fac5
Minor improvements to ChaCha20/Poly1305/ChaChaPoly documentation
2018-12-18 15:30:30 +00:00
Hanno Becker
e463c42902
Minor improvements
2018-12-18 15:30:30 +00:00
Hanno Becker
b3c10b348b
Add documentation on parameter preconditions to ChaChaPoly modules
2018-12-18 15:30:30 +00:00
Hanno Becker
b5c99f5c72
Improve documentation of SHA-512 parameter preconditions
2018-12-18 15:29:32 +00:00
Andres Amaya Garcia
ff1052e6b0
Document valid function params for SHA-512 functions
2018-12-18 15:06:39 +00:00
Andres Amaya Garcia
ba519b94a5
Add parameter validation to SHA-512 module
2018-12-18 15:06:39 +00:00
Hanno Becker
a9020f2107
Clarify the need for a PRNG in various RSA operations
2018-12-18 14:45:45 +00:00
Hanno Becker
e2e509ca5d
Document parameter preconditions in ECDSA module
2018-12-18 14:31:50 +00:00
Hanno Becker
8ce3d939be
Fix typo in documentation of ECJPAKE module
2018-12-18 14:31:18 +00:00
Hanno Becker
c4e5aa5746
Document parameter preconditions for ECJPAKE module
2018-12-18 14:31:18 +00:00
Hanno Becker
60b65044ac
Fix parameter name in documentation of ECDH module
2018-12-18 14:30:39 +00:00
Hanno Becker
e77ef2ad33
Document parameter preconditions in ECH module
2018-12-18 14:30:39 +00:00
Hanno Becker
5bdfca926f
Further RSA documentation improvements
2018-12-18 13:59:28 +00:00
Hanno Becker
f66f294e2e
Improve documentation in RSA module
2018-12-18 13:38:05 +00:00
Hanno Becker
0118d4190a
Document that RSA public exponent must be odd
2018-12-18 13:38:05 +00:00
Hanno Becker
385ce91592
Minor improvements
2018-12-18 13:38:05 +00:00
Hanno Becker
9a46777d66
Document parameter preconditions in RSA module
2018-12-18 13:38:05 +00:00
Hanno Becker
486f1b33d7
Improve wording in ECP documentation
2018-12-18 13:00:48 +00:00
Hanno Becker
5edcfa529f
Improve ECP documentation
2018-12-18 13:00:48 +00:00
Hanno Becker
ebffa7995b
Document parameter preconditions in ECP module
2018-12-18 13:00:48 +00:00
Hanno Becker
03f2ffa7bc
Undo documentation change in ARIA, Blowfish, Camellia modules
2018-12-18 12:45:06 +00:00
Andres Amaya Garcia
0152f1e948
Document valid function params for SHA-256 functions
2018-12-18 11:41:20 +00:00
Andres Amaya Garcia
79e593f617
Add parameter validation to SHA-256 module
2018-12-18 11:41:20 +00:00
Hanno Becker
5359ca8a54
Improve SHA-1 documentation
2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
c523e011e0
Document valid function params for SHA-1 functions
2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
a685d4f28d
Add MBEDTLS_ERR_SHA1_BAD_INPUT_DATA to error.{h,c}
2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
f7c43b3145
Add parameter validation to SHA-1
2018-12-18 11:37:28 +00:00
Manuel Pégourié-Gonnard
b66e7dbcc1
Fix some documentation markup/wording issues
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
ad54c49e75
Document AES accelerator functions as internal
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
2bc535be86
Add parameter validation for AES-CTR
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
8e41eb7187
Add parameter validation for AES-OFB
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
1677cca54b
Add parameter validation for AES-CFB functions
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
191af1313a
Add param validation for mbedtls_aes_crypt_xts()
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
3178d1a997
Add param validation for mbedtls_aes_crypt_cbc()
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
1aca260571
Add parameter validation for mbedtls_aes_crypt_ecb()
2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
68e3dff3f1
Add parameter validation XTS setkey functions
2018-12-18 12:22:40 +01:00
Hanno Becker
6640b0d9a3
Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
2018-12-18 09:53:14 +00:00
Hanno Becker
a034369eca
Undo deprecation of MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
2018-12-18 09:53:11 +00:00
Hanno Becker
938f9e9bdb
Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
...
Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and
MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break.
2018-12-18 09:50:57 +00:00
Hanno Becker
9dbefa1793
Fix conflict between constant deprecation and check-names.sh
...
The previous introduction of constant deprecation macros
in platform_util.h lead to failure of tests/scrips/check-names.sh
because the regular expressions in the latter choked on the brackets
in the part `__attribute__((deprecated))` of the definition of the
helper type `mbedtls_deprecated_{numeric|string}_constant_t`.
Postponing any further study and potential robustness improvements
in check-names.sh to another time, this commit circumvents this
problem by temporarily abbreviating `__attribute__((deprecated))`
as `MBEDTLS_DEPRECATED`, which doesn't lead to problems with
check-names.sh.
2018-12-17 22:49:13 +00:00
Hanno Becker
4fb258a868
Remove mentioning of deprecated error codes
2018-12-17 16:09:15 +00:00
Hanno Becker
d2f3a00062
Introduce single BLOWFISH error code for bad input data
...
Deprecate the old specific error codes
* MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
* MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
2018-12-17 13:26:37 +00:00
Hanno Becker
4c029d09be
Introduce single CAMELLIA error code for bad input data
...
Deprecate the old specific error codes
* MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:33 +00:00
Hanno Becker
2f47550018
Introduce single ARIA error code for bad input data
...
Deprecate the old specific error codes
* MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:28 +00:00
Manuel Pégourié-Gonnard
548cecdd2c
Discourage making MBEDTLS_PARAM_FAILED() empty.
2018-12-17 13:13:30 +01:00
Hanno Becker
6d0816a8ae
Introduce macros to deprecate constants in the API
...
This commit introduces macros
* MBEDTLS_DEPRECATED_STRING_CONSTANT
* MBEDTLS_DEPRECATED_NUMERIC_CONSTANT
to platform_util.h which can be used to deprecate public macro constants.
Their definition is essentially taken from dhm.h where the
MBEDTLS_DEPRECATED_STRING_CONSTANT was used to deprecate
insecure hardcoded DHM primes.
2018-12-17 11:39:38 +00:00