Commit Graph

8852 Commits

Author SHA1 Message Date
Gilles Peskine
e215a4d05e mbedtls_ctr_drbg_seed: correct maximum for len 2019-10-04 18:22:50 +02:00
Gilles Peskine
f6c2061af2 Add a note about CTR_DRBG security strength to config.h 2019-10-04 11:21:25 +02:00
Gilles Peskine
1989218456 Move MBEDTLS_CTR_DRBG_USE_128_BIT_KEY to the correct section
It's an on/off feature, so it should be listed in version_features.
2019-10-04 11:21:25 +02:00
Gilles Peskine
dd5b67b4f4 CTR_DRBG: more consistent formatting and wording
In particular, don't use #MBEDTLS_xxx on macros that are undefined in
some configurations, since this would be typeset with a literal '#'.
2019-10-04 11:21:25 +02:00
Gilles Peskine
e3d8cf1966 CTR_DRBG documentation: further wording improvements 2019-10-02 19:02:13 +02:00
Gilles Peskine
596fdfd6cf CTR_DRBG: Improve the explanation of security strength
Separate the cases that achieve a 128-bit strength and the cases that
achieve a 256-bit strength.
2019-10-02 19:01:31 +02:00
Gilles Peskine
8cec70a8c4 CTR_DRBG: make it easier to understand the security strength
Explain how MBEDTLS_CTR_DRBG_ENTROPY_LEN is set next to the security
strength statement, rather than giving a partial explanation (current
setting only) in the documentation of MBEDTLS_CTR_DRBG_ENTROPY_LEN.
2019-10-02 18:25:06 +02:00
Gilles Peskine
340d6099a0 HMAC_DRBG: note that the initial seeding grabs entropy for the nonce 2019-10-01 18:41:12 +02:00
Gilles Peskine
9fb4518728 Use standard terminology to describe the personalization string
NIST and many other sources call it a "personalization string", and
certainly not "device-specific identifiers" which is actually somewhat
misleading since this is just one of many things that might go into a
personalization string.
2019-10-01 18:39:45 +02:00
Gilles Peskine
3f9c973452 Do note that xxx_drbg_random functions reseed with PR enabled 2019-10-01 18:31:28 +02:00
Gilles Peskine
759c91d66a Consistently use \c NULL and \c 0 2019-10-01 18:30:02 +02:00
Gilles Peskine
6735363f80 Also mention HMAC_DRBG in the changelog entry
There were no tricky compliance issues for HMAC_DBRG, unlike CTR_DRBG,
but mention it anyway. For CTR_DRBG, summarize the salient issue.
2019-09-30 15:27:33 +02:00
Gilles Peskine
0b5e804c09 HMAC_DRBG: improve the documentation of the entropy length 2019-09-30 15:23:53 +02:00
Gilles Peskine
db6f41402c HMAC_DRBG documentation improvements clarifications
Improve the formatting and writing of the documentation based on what
had been done for CTR_DRBG.

Document the maximum size and nullability of some buffer parameters.
2019-09-30 15:20:41 +02:00
Gilles Peskine
0bf49eb85b More CTR_DRBG documentation improvements and clarifications 2019-09-30 15:20:41 +02:00
Gilles Peskine
4284becde9 Fix wording 2019-09-26 14:54:42 +02:00
Gilles Peskine
761f88818e Remove warning that the previous expanded discussion has obsoleted 2019-09-26 14:53:44 +02:00
Gilles Peskine
c85dcb31d9 CTR_DRBG: improve the discussion of entropy length vs strength 2019-09-25 20:22:40 +02:00
Gilles Peskine
3354f75bc1 CTR_DRBG: Finish an unfinished paragraph 2019-09-25 20:22:24 +02:00
Gilles Peskine
3c3bf4dfdb CTR_DRBG documentation: add changelog entry
This is a documentation-only change, but one that users who care about
NIST compliance may be interested in, to review if they're using the
module in a compliant way.
2019-09-25 20:07:04 +02:00
Gilles Peskine
1eb7ba7cdd CTR_DRBG: Document the security strength and SP 800-90A compliance
Document that a derivation function is used.

Document the security strength of the DRBG depending on the
compile-time configuration and how it is set up. In particular,
document how the nonce specified in SP 800-90A is set.

Mention how to link the ctr_drbg module with the entropy module.
2019-09-25 20:06:55 +02:00
Gilles Peskine
80b3f4b20a CTR_DRBG: Document the maximum size of some parameters 2019-09-24 14:48:30 +02:00
Gilles Peskine
6b2c50c01f CTR_DRBG documentation clarifications
* State explicit whether several numbers are in bits or bytes.
* Clarify whether buffer pointer parameters can be NULL.
* Explain the value of constants that are dependent on the configuration.
2019-09-24 14:48:10 +02:00
Jaeden Amero
a48270a0d8 Merge remote-tracking branch 'origin/pr/2826' into mbedtls-2.16
* origin/pr/2826:
  Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh
  Remove unnecessary memory buffer alloc and memory backtrace unsets
  Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test
  all.sh: restructure memory allocator tests
  Add missing dependency in memory buffer alloc set in all.sh
  Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full`
  Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C
  Add all.sh run with full config and ASan enabled
  Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
  Update documentation of exceptions for `config.pl full`
  Adapt all.sh to removal of buffer allocator from full config
  Disable memory buffer allocator in full config
  Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h
2019-09-12 16:46:28 +01:00
Andrzej Kurek
60ebd98a50 Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh 2019-09-10 03:07:44 -04:00
Andrzej Kurek
c73f857217 Remove unnecessary memory buffer alloc and memory backtrace unsets
Also unify the sanitization LDFLAGS with development
2019-09-10 03:07:29 -04:00
Andrzej Kurek
1f5a596fe2 Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test 2019-09-09 05:29:02 -04:00
Andrzej Kurek
1d0708215b all.sh: restructure memory allocator tests
Run basic tests and ssl-opt with memory backtrace disabled, then
run basic tests only with it enabled.
2019-09-09 05:28:53 -04:00
Hanno Becker
d130b98c68 Add missing dependency in memory buffer alloc set in all.sh 2019-09-09 05:28:42 -04:00
Hanno Becker
dfc974412c Don't set MBEDTLS_MEMORY_DEBUG through scripts/config.pl full 2019-09-09 05:28:25 -04:00
Hanno Becker
9ae9da93d8 Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C 2019-09-09 05:28:13 -04:00
Hanno Becker
f8799e8b84 Add all.sh run with full config and ASan enabled 2019-09-09 05:25:33 -04:00
Hanno Becker
74b5e34d1b Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the
full config, there are no tests for it remaining in all.sh.
This commit adds a build as well as runs of `make test` and
`ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-09-09 05:25:21 -04:00
Andrzej Kurek
8762101c01 Update documentation of exceptions for config.pl full 2019-09-09 05:25:05 -04:00
Andrzej Kurek
a9c2a3b244 Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-09 05:22:39 -04:00
Hanno Becker
307dfcd439 Disable memory buffer allocator in full config
This commit modifies `config.pl` to not set MBEDTLS_MEMORY_BUFFER_ALLOC
with the `full` option.
2019-09-09 05:17:37 -04:00
Hanno Becker
e29e7eb36c Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h 2019-09-09 05:17:13 -04:00
Jaeden Amero
04a049bda1 Merge remote-tracking branch 'origin/pr/2823' into mbedtls-2.16
* origin/pr/2823:
  Bump version to Mbed TLS 2.16.3
2019-09-06 13:35:30 +01:00
Jaeden Amero
fcb8711f6f Bump version to Mbed TLS 2.16.3 2019-09-06 13:27:00 +01:00
Jaeden Amero
89408672eb Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted
* origin/mbedtls-2.16:
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 18:14:55 +01:00
Jaeden Amero
c3bfb20a41 Merge remote-tracking branch 'origin/pr/2645' into mbedtls-2.16
* origin/pr/2645:
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 17:37:13 +01:00
Jaeden Amero
71db1de226 Merge remote-tracking branch 'origin/pr/2793' into mbedtls-2.16
* origin/pr/2793:
  Changelog entry
  Check for zero length and NULL buffer pointer
2019-09-05 15:57:34 +01:00
Jaeden Amero
f09a120b08 Merge remote-tracking branch 'origin/pr/2817' into mbedtls-2.16
* origin/pr/2817:
  ssl-opt.sh: wait for proxy to start before running the script further
2019-09-05 14:24:39 +01:00
Vikas Katariya
cc9135f42e Changelog entry 2019-09-04 12:46:02 +01:00
Vikas Katariya
0c34499805 Check for zero length and NULL buffer pointer
In reference to issue https://github.com/ARMmbed/mbed-crypto/issues/49
2019-09-04 11:19:38 +01:00
Unknown
43dc0d6a8f ssl-opt.sh: wait for proxy to start before running the script further 2019-09-04 06:06:46 -04:00
Jaeden Amero
e7e55158f8 Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted
* origin/mbedtls-2.16:
  Fix uninitialized variable in x509_crt
  Fix the license header of hkdf
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 19:43:13 +01:00
Jaeden Amero
fe1d66d3e2 Merge remote-tracking branch 'origin/pr/2813' into mbedtls-2.16
* origin/pr/2813:
  Fix uninitialized variable in x509_crt
2019-09-03 16:34:23 +01:00
Jaeden Amero
f170449daf Merge remote-tracking branch 'origin/pr/2770' into mbedtls-2.16
* origin/pr/2770:
  Fix the license header of hkdf
2019-09-03 16:33:28 +01:00
Jaeden Amero
adb4fa5921 Merge remote-tracking branch 'origin/pr/2398' into mbedtls-2.16
* origin/pr/2398:
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 16:32:54 +01:00