Commit Graph

1890 Commits

Author SHA1 Message Date
Zach van Rijn
df484d6b11 Fix MicroBlaze register typo. 2018-06-15 07:39:57 +01:00
Simon Butcher
fb6da8815c Merge remote-tracking branch 'public/pr/1655' into mbedtls-2.7 2018-06-12 17:40:08 +01:00
Simon Butcher
c26080e23f Merge remote-tracking branch 'public/pr/1670' into mbedtls-2.7 2018-06-12 17:27:19 +01:00
Simon Butcher
856870952a Merge remote-tracking branch 'public/pr/1709' into mbedtls-2.7 2018-06-12 17:25:19 +01:00
Simon Butcher
ee3a3d4a72 Merge remote-tracking branch 'public/pr/1470' into mbedtls-2.7 2018-06-11 11:30:33 +01:00
Simon Butcher
bb5e1c3973 Fix multiple quality issues in the source
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
2018-06-08 11:14:43 +01:00
Gilles Peskine
db37cb4752 mbedtls_gcm_crypt_and_tag: clarify what each mode does and doesn't do 2018-06-07 15:06:02 +02:00
Gilles Peskine
282bd24a44 Correct and clarify the documentation of GCM whole-message functions
Clarify the roles of the buffer parameter and their sizes.

Remove a statement about input size restrictions that only applies to
mbedtls_gcm_update, not to the whole-message functions.

Document the possible error codes.

Warn that mbedtls_gcm_crypt_and_tag in decrypt mode does not
authenticate the data and recommend using mbedtls_gcm_auth_decrypt
instead.
2018-06-06 16:57:03 +02:00
Azim Khan
826cdab010 Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-05-25 14:58:33 +01:00
Moran Peker
9259b3be03 Remove double declaration of mbedtls_ssl_list_ciphersuites
Raised by TrinityTonic. #1359
2018-05-23 18:22:29 +01:00
Jaeden Amero
6856c2ebb5 Merge remote-tracking branch 'upstream-public/pr/1586' into mbedtls-2.7-proposed 2018-05-04 11:09:42 +01:00
Jaeden Amero
1fc4d33f5f Update version to 2.7.3 2018-04-27 13:15:45 +01:00
Azim Khan
26838608f8 Use correct version of snprintf on Windows
platform.h defines MBEDTLS_PLATFORM_STD_SNPRINTF based on _WIN32. But while defining macro mbedtls_snprintf it sets it to STD C snprintf that is deprecated on Windows.
2018-04-17 23:35:04 +01:00
Jaeden Amero
15cdc5ec7b Merge remote-tracking branch 'upstream-public/pr/1458' into mbedtls-2.7-proposed 2018-04-03 18:28:46 +01:00
Jaeden Amero
e7dc46240d Merge remote-tracking branch 'upstream-public/pr/1543' into mbedtls-2.7-proposed 2018-04-03 12:03:30 +01:00
Gilles Peskine
5114d3e4e1 Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Darryl Green
28448b267f Improve documentation of mbedtls_ssl_write() 2018-03-29 16:51:16 +01:00
Jaeden Amero
0c692cda8b Merge remote-tracking branch 'upstream-public/pr/758' into mbedtls-2.7-proposed 2018-03-29 11:02:52 +01:00
Jaeden Amero
ef59b732c2 Merge remote-tracking branch 'upstream-public/pr/1479' into mbedtls-2.7-proposed 2018-03-28 14:21:19 +01:00
Ivan Krylov
5cb1f09ab4 slight rewording requested by reviewer (#758) 2018-03-24 18:48:04 +03:00
Gilles Peskine
be038366ea Fix some comments regarding what files are symlinked 2018-03-23 14:39:52 +01:00
Jaeden Amero
877c6dcf22 Merge remote-tracking branch 'upstream-restricted/pr/456' into mbedtls-2.7 2018-03-23 11:19:43 +00:00
Gilles Peskine
2cfeb887b4 Merge tag 'mbedtls-2.7.2' into iotssl-1381-x509-verify-refactor-2.7-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:12:44 +01:00
Gilles Peskine
48115740da Merge remote-tracking branch 'upstream-public/pr/1442' into mbedtls-2.7-proposed 2018-03-22 21:30:19 +01:00
Gergely Budai
8190678c01 Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:13:08 +00:00
Gilles Peskine
8405257035 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:28:59 +01:00
Jaeden Amero
9ae1fba869 Update version to 2.7.2 2018-03-16 16:30:17 +00:00
Simon Butcher
001427b6c3 Add clarity to use of the rsa_internal.h interface
Added additional clarification to the use of the rsa_internal.h interface and as
and when it can be used by whom. Policy hasn't changed, but it needed to be
clearer who can and can't use it and it's level of support.
2018-03-16 15:46:29 +00:00
Gilles Peskine
64540d9577 Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:46 +01:00
Gilles Peskine
955d70459d Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:33 +01:00
Andrzej Kurek
f21eaa1502 Add a missing bracket in ifdef for __cplusplus 2018-03-13 08:17:28 -04:00
Gilles Peskine
427ff4836c Merge remote-tracking branch 'upstream-public/pr/1219' into mbedtls-2.7-proposed 2018-03-12 23:52:24 +01:00
Gilles Peskine
158fc33368 Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD 2018-03-11 00:47:54 +01:00
Gilles Peskine
c0826f1625 Merge remote-tracking branch 'upstream-public/pr/936' into mbedtls-2.7-proposed 2018-03-10 23:48:10 +01:00
Hanno Becker
930ec7dfe5 Minor fixes 2018-03-09 10:48:12 +00:00
Hanno Becker
26f1f6061d Improve documentation on the use of blinding in RSA 2018-03-09 10:47:30 +00:00
Gilles Peskine
c1a493d79b Refer to X.690 by number
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
2018-03-08 18:18:34 +01:00
Andres Amaya Garcia
5e85c612fc Define ASN1 bitmask macros in more direct way 2018-03-06 19:26:26 +00:00
Andres Amaya Garcia
d5101aa27a Add macros to ASN.1 module to parse ASN.1 tags
The macros simply extract the component bits of an ASN.1 tag value
2018-03-06 19:24:15 +00:00
Manuel Pégourié-Gonnard
75d35600de Fix some comment typos 2018-03-05 13:22:59 +01:00
Manuel Pégourié-Gonnard
fcc4348ee2 Improve some comments 2018-03-05 13:20:21 +01:00
Manuel Pégourié-Gonnard
2f1633e002 Improve some comments, fix some typos 2018-03-05 13:19:41 +01:00
Manuel Pégourié-Gonnard
3a130848fd Clarify documentation for directly-trusted certs
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification #73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests #42 and #43, so I'm not touching it for now.
2018-03-05 13:00:20 +01:00
Jaeden Amero
6a4e22c26c Update version to 2.7.1 2018-02-26 10:53:47 +00:00
Gilles Peskine
3f9cff20d7 Merge branch 'prr_424' into mbedtls-2.7-proposed 2018-02-22 16:07:32 +01:00
Jaeden Amero
a53ff8d088 MD: Make deprecated functions not inline
In 2.7.0, we replaced a number of MD functions with deprecated inline
versions. This causes ABI compatibility issues, as the functions are no
longer guaranteed to be callable when built into a shared library.
Instead, deprecate the functions without also inlining them, to help
maintain ABI backwards compatibility.
2018-02-22 08:20:42 +00:00
Jaeden Amero
6d6c7982ce Merge remote-tracking branch 'upstream-public/pr/1362' into development 2018-02-08 17:02:31 +00:00
Jaeden Amero
129f50838b dhm: Fix typo in RFC 5114 constants
We accidentally named the constant MBEDTLS_DHM_RFC5114_MODP_P instead of
MBEDTLS_DHM_RFC5114_MODP_2048_P.

Fixes #1358
2018-02-08 14:29:14 +00:00
Antonio Quartulli
12ccef2761
pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:15 +08:00
Mathieu Briand
ffb6efd383 Fix doxygen documentation for CCM encryption
Fix valid tag length values for mbedtls_ccm_encrypt_and_tag() function.
Add valid value ranges for mbedtls_ccm_auth_decrypt() parameters.

Signed-off-by: Mathieu Briand <mbriand@witekio.com>
2018-02-07 10:29:27 +01:00