Janos Follath
f1713e96c9
Add a safer deterministic ECDSA function
...
`mbedtls_ecdsa_sign_det` reuses the internal HMAC-DRBG instance to
implement blinding. The advantage of this is that the algorithm is
deterministic too, not just the resulting signature. The drawback is
that the blinding is always the same for the same key and message.
This diminishes the efficiency of blinding and leaks information about
the private key.
A function that takes external randomness fixes this weakness.
2019-03-06 14:41:44 +00:00
Simon Butcher
799cd57c72
Merge remote-tracking branch 'restricted/pr/550' into mbedtls-2.16
...
* restricted/pr/550:
Update query_config.c
Fix failure in SSLv3 per-version suites test
Adjust DES exclude lists in test scripts
Clarify 3DES changes in ChangeLog
Fix documentation for 3DES removal
Exclude 3DES tests in test scripts
Fix wording of ChangeLog and 3DES_REMOVE docs
Reduce priority of 3DES ciphersuites
2019-03-01 13:05:43 +00:00
Andres Amaya Garcia
7c86e9a03e
Fix documentation for 3DES removal
2019-03-01 10:29:49 +01:00
Andres Amaya Garcia
6882ec1521
Fix wording of ChangeLog and 3DES_REMOVE docs
2019-03-01 10:29:49 +01:00
Andres Amaya Garcia
5d8aade01d
Reduce priority of 3DES ciphersuites
2019-03-01 10:29:13 +01:00
Andres Amaya Garcia
6490034fb2
Improve docs for ASN.1 bitstrings and their usage
2019-02-11 21:25:09 +00:00
Jaeden Amero
5788314d63
Merge remote-tracking branch 'origin/pr/2319' into mbedtls-2.16
2019-01-30 16:09:56 +00:00
Jaeden Amero
f0f8c09178
Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16
2019-01-30 16:09:08 +00:00
Jeffrey Martin
541055e197
Backport #1949 into mbedtls-2.16
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:16:34 -06:00
Simon Butcher
874b60423e
Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16
2019-01-08 16:34:19 +00:00
Darryl Green
b779759745
Move ecp_restartable definitions out of the MBEDTLS_ECP_ALT guards
...
As there are some definitions that are defined regardless of
whether MBEDTLS_ECP_RESTARTABLE is defined or not, these definitions
need to be moved outside the MBEDTLS_ECP_ALT guards. This is a simple
move as MBEDTLS_ECP_ALT and MBEDTLS_ECP_RESTARTABLE are mutually
exclusive options.
2019-01-07 13:12:44 +00:00
GuHaijun
983acb75f0
Fix include file path
2018-12-28 11:11:10 +08:00
Simon Butcher
6c164e754b
Update the version of the library to 2.16.0
2018-12-21 10:51:51 +00:00
Simon Butcher
fed19be501
Merge remote-tracking branch 'public/pr/2126' into development-restricted
2018-12-20 12:35:09 +00:00
Simon Butcher
6df8c53cd4
Merge remote-tracking branch 'public/pr/2134' into development-restricted
2018-12-20 12:34:44 +00:00
Simon Butcher
ad7c2105a2
Merge remote-tracking branch 'public/pr/2274' into development
2018-12-20 12:16:57 +00:00
Simon Butcher
12b4240300
Merge remote-tracking branch 'public/pr/2288' into development
2018-12-20 12:16:46 +00:00
Simon Butcher
c831193c85
Merge remote-tracking branch 'public/pr/2302' into development
2018-12-20 12:16:39 +00:00
Simon Butcher
1efda39f8a
Merge remote-tracking branch 'public/pr/2297' into development
2018-12-20 12:16:29 +00:00
Simon Butcher
5aa7809ac8
Merge remote-tracking branch 'public/pr/2275' into development
2018-12-20 12:15:19 +00:00
Simon Butcher
780cf189b0
Merge remote-tracking branch 'public/pr/2271' into development
2018-12-20 12:15:08 +00:00
Simon Butcher
032c037052
Merge remote-tracking branch 'public/pr/2270' into development
2018-12-20 12:04:13 +00:00
Simon Butcher
a033633bb0
Merge remote-tracking branch 'public/pr/2269' into development
2018-12-20 12:02:56 +00:00
Simon Butcher
70935a4001
Merge remote-tracking branch 'public/pr/2299' into development
2018-12-20 12:02:23 +00:00
Simon Butcher
003c0e032f
Merge remote-tracking branch 'public/pr/2292' into development
2018-12-20 12:02:17 +00:00
Simon Butcher
decf2f5c2c
Merge remote-tracking branch 'public/pr/2291' into development
2018-12-20 12:02:11 +00:00
Simon Butcher
65ce5dc981
Merge remote-tracking branch 'public/pr/2290' into development
2018-12-20 12:02:05 +00:00
Simon Butcher
ad2e0dae32
Merge remote-tracking branch 'public/pr/2283' into development
2018-12-20 12:01:58 +00:00
Simon Butcher
0bbf7f450d
Merge remote-tracking branch 'public/pr/2279' into development
2018-12-20 12:01:49 +00:00
Simon Butcher
962b7b17d5
Merge remote-tracking branch 'public/pr/2273' into development
2018-12-20 12:01:17 +00:00
Simon Butcher
6be67a6518
Merge remote-tracking branch 'public/pr/2281' into development
2018-12-20 12:01:09 +00:00
Simon Butcher
dac513e246
Merge remote-tracking branch 'public/pr/2282' into development
2018-12-20 12:01:04 +00:00
Simon Butcher
ccafd14fee
Merge remote-tracking branch 'public/pr/2276' into development
2018-12-20 12:00:57 +00:00
Simon Butcher
2a8d32c6c1
Merge remote-tracking branch 'public/pr/2287' into development
2018-12-20 12:00:50 +00:00
k-stachowiak
247a782668
Increase strictness of NULL parameter validity in CCM's doxygen
2018-12-19 19:02:39 +01:00
k-stachowiak
6adb0574ea
Improve details of CCM parameter validation and documentation
2018-12-19 19:02:39 +01:00
k-stachowiak
9da5d7cd83
Adjust mbedtls_ccm_free() documentation
2018-12-19 19:02:39 +01:00
k-stachowiak
373a660193
Fix a documentation typo
2018-12-19 19:02:39 +01:00
k-stachowiak
b92f9334e4
Doxygen comments improvement
2018-12-19 19:02:39 +01:00
k-stachowiak
12f0d5c66d
Improve the constraints definition in the doxygen comments in CCM
2018-12-19 19:02:39 +01:00
k-stachowiak
fd42d531ba
Explicitly allow NULL as an argument to mbedtls_ccm_free()
2018-12-19 19:02:39 +01:00
k-stachowiak
438448e45f
Format NULL occurrences in CCM's Doxygen comments
2018-12-19 19:02:39 +01:00
k-stachowiak
26d365eb54
Add parameter validation for CCM
2018-12-19 19:02:39 +01:00
Gilles Peskine
6af45ec53e
PK: document context validity requirements
...
Document when a context must be initialized or not, when it must be
set up or not, and whether it needs a private key or a public key will
do.
The implementation is sometimes more liberal than the documentation,
accepting a non-set-up context as a context that can't perform the
requested information. This preserves backward compatibility.
2018-12-19 18:10:03 +01:00
Gilles Peskine
d54b97503b
pk parse: the password is optional
...
For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is
optional. Clarify what this means: NULL is ok and means no password.
Validate parameters and test accordingly.
2018-12-19 17:36:14 +01:00
k-stachowiak
e4b8d28ca7
Remove imprecise clause from documenting comment
2018-12-19 17:34:58 +01:00
k-stachowiak
95070a8286
Make some cipher parameter validation unconditional
2018-12-19 17:34:58 +01:00
k-stachowiak
6df25e7930
Increase strictness of NULL parameter validity in Cipher's doxygen
2018-12-19 17:34:58 +01:00
k-stachowiak
90b8d4a11e
Include static cipher functions in the parameter validation scheme
2018-12-19 17:34:13 +01:00
k-stachowiak
d5913bc115
Improve documentation of the parameter validation in the Cipher module
2018-12-19 17:34:13 +01:00