Commit Graph

1991 Commits

Author SHA1 Message Date
Ron Eldor
314adb6baa Address PR review comments
1) update ChangLog to have new feature in Features instead of Changes
2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions:
MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
2017-10-10 18:49:02 +03:00
Hanno Becker
1e801f5706 Clarify guarantees made by rsa_complete and rsa_check_privkey 2017-10-10 16:44:47 +01:00
Hanno Becker
68b4d58bd8 Remove PRNG argument from mbedtls_rsa_deduce_moduli
It is not necessary to pass a CSPRNG to `mbedtls_rsa_deduce_moduli`, as there
exist well-working static strategies, and even if a PRNG is preferred, a
non-secure one would be sufficient.

Further, the implementation is changed to use a static strategy for the choice
of candidates which according to some benchmarks even performs better than the
previous one using random candidate choices.
2017-10-10 16:39:10 +01:00
Hanno Becker
1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
Hanno Becker
0446a39744 Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-10-06 11:58:50 +01:00
Hanno Becker
bc389d1d3c Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code 2017-10-05 11:49:53 +01:00
Hanno Becker
3cdc711972 Deprecate usage of RSA primitives with wrong key type
Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those
may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
2017-10-05 10:28:21 +01:00
Hanno Becker
e3481ab533 Improve top warning in dhm.h 2017-10-04 16:05:10 +01:00
Hanno Becker
a90658f248 Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param 2017-10-04 15:29:08 +01:00
Hanno Becker
470a8c4d87 Deprecate mbedtls_ssl_conf_dh_param 2017-10-04 15:28:46 +01:00
Hanno Becker
d25d444134 Don't allocate space for DTLS header if DTLS is disabled 2017-10-04 13:58:03 +01:00
Hanno Becker
5e6b8d7d29 Add missing whitespace 2017-10-04 13:41:36 +01:00
Hanno Becker
0482fd597a Remove reference to utility program for RFC 3526/7919 verification 2017-10-04 13:39:08 +01:00
Hanno Becker
5a7c35d1a8 Correct documentation of mbedtls_ssl_conf_dh_param 2017-10-04 13:32:12 +01:00
Hanno Becker
8880e75dcb Add new function mbedtls_dhm_set_group to DHM Group 2017-10-04 13:17:52 +01:00
Hanno Becker
e2fcfa84ea Stick to the use of constant-macros
This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros
providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated.
2017-10-04 13:12:15 +01:00
Hanno Becker
0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
Hanno Becker
8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
Hanno Becker
5178dcab12 Clarify parameter ownership in mbedtls_rsa_import[_raw] 2017-10-03 14:29:37 +01:00
Hanno Becker
f9734b35b5 Change wording of warnings 2017-10-03 12:09:22 +01:00
Hanno Becker
f240ea0b50 Expand documentation of mbedtls_dhm_read_params 2017-10-02 15:09:14 +01:00
Hanno Becker
f8258e7d5a Adapt documentation of mbedtls_ssl_conf_dh_param to new moduli 2017-10-02 15:04:40 +01:00
Hanno Becker
70da2c545b Improve documentation of mbedtls_dhm_make_params 2017-10-02 15:02:59 +01:00
Hanno Becker
b5beaa8995 Check that 1 < D, E < N in mbedtls_rsa_validate_params 2017-10-02 13:20:20 +01:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt
This is no longer needed after the decision to not exhaustively validate private key material.
2017-10-02 13:20:15 +01:00
Hanno Becker
98838b04af Minor improvements 2017-10-02 13:17:01 +01:00
Hanno Becker
7471631dde Make input arguments to mbedtls_rsa_import_raw constant
Original intention was to be allowed to perform in-place operations like changing the byte-order before importing
parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments
to be left untouched.
2017-10-02 13:17:01 +01:00
Hanno Becker
43a08d029e Clarify guarantees made by rsa_check_privkey and rsa_complete
Document explicitly that `mbedtls_rsa_check_privkey` and `mbedtls_rsa_complete` succeeding does not guarantee the
consistency of the underlying RSA private key but only that enough information is present to perform a private key
operation.
2017-10-02 13:17:01 +01:00
Hanno Becker
1b831fe1c5 Clarify guarantees made by rsa_deduce_moduli/private/crt 2017-10-02 13:06:47 +01:00
Hanno Becker
bdefff1dde Change signature of mbedtls_rsa_deduce_private
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
2017-10-02 09:59:48 +01:00
Hanno Becker
ba5b755f1a Change signature and semantics of mbedtls_rsa_deduce_moduli
Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has
been found.
2017-10-02 09:55:49 +01:00
Hanno Becker
2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:35:21 +01:00
Hanno Becker
f5f9d11acc Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-09-30 23:35:12 +01:00
Hanno Becker
56bae95e1d Improve style and documentation, fix typo 2017-09-29 15:43:49 +01:00
Hanno Becker
4b2f691691 Doxygen: Use typewriter font for variables in rsa.h documentation 2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321 Increase readability of Doxygen output
Multiple lists were not properly recognized as such.
2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb Add and document an RSA-specific error code for unsupported exports
E.g., a private key on an external chip might not be exportable to RAM.
2017-09-29 12:50:12 +01:00
Hanno Becker
5063cd2cca Deprecate direct manipulation of structure fields in RSA context 2017-09-29 11:54:05 +01:00
Hanno Becker
a2f6b72cbb Add warnings regarding the use of DHM in general 2017-09-28 11:06:31 +01:00
Hanno Becker
e764324d96 Improve documentation in dhm.h 2017-09-28 11:06:31 +01:00
Hanno Becker
4c72b000cb Add const-qualifiers to prime constants 2017-09-27 16:06:37 +01:00
Hanno Becker
b1d4d1fa6e Add description of how the primes from RFC 3526/7919 were generated 2017-09-27 12:43:57 +01:00
Hanno Becker
b2bad800e4 Introduce Diffie-Hellman parameters from RFC 7919 2017-09-27 12:43:55 +01:00
Hanno Becker
0e6dc84f3e Deprecate Diffie-Hellman groups from RFC 5114
Also, change the way the standardized Diffie-Hellman groups are provided from
macro-based string-literals to global variables.
2017-09-27 11:48:02 +01:00
Jaeden Amero
1526330931 Allow alternate implementation of GCM
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
2017-09-22 17:42:44 +01:00
Hanno Becker
a8434e8f95 Add compile-time checks for size of record content and payload 2017-09-18 10:56:14 +01:00
Hanno Becker
603b8c62c4 Clarify guarantees made by successful mbedtls_rsa_complete call 2017-08-25 11:03:07 +01:00
Hanno Becker
d363799a9d Add mbedtls_rsa_validate_crt
This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function
mbedtls_rsa_check_crt is simplified accordingly.
2017-08-25 08:35:09 +01:00
Hanno Becker
750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Hanno Becker
b0c5edcc2f Correct typo in rsa.h 2017-08-23 22:16:10 +01:00
Hanno Becker
ab3773123c Add support for alternative RSA implementations
Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in
config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and
re-implementing the RSA interface specified in rsa.h.

Through the previous reworkings, the adherence to the interface is the only
implementation obligation - in particular, implementors are free to use a
different layout for the RSA context structure.
2017-08-23 16:24:51 +01:00
Hanno Becker
1a59e791e5 Remove CRT fields from RSA context if RSA_NO_CRT is defined 2017-08-23 16:17:28 +01:00
Hanno Becker
8fd5548241 Minor formatting changes 2017-08-23 14:47:25 +01:00
Hanno Becker
cbb59bc2a8 Extend RSA interface to allow structure-independent setup
This commit extends the RSA interface by import/export calls that can be used to
setup an RSA context from a subset of the core RSA parameters (N,P,Q,D,E).

The intended workflow is the following:
1. Call mbedtls_rsa_import one or multiple times to import the core parameters.
2. Call mbedtls_rsa_complete to deduce remaining core parameters as well as any
   implementation-defined internal helper variables.

The RSA context is ready for use after this call.

The import function comes in two variants mbedtls_rsa_import and
mbedtls_rsa_import_raw, the former taking pointers to MPI's as input, the latter
pointers buffers holding to big-endian encoded MPI's.
The reason for this splitting is the following: When only providing an import
function accepting const MPI's, a user trying to import raw binary data into an
RSA context has to convert these to MPI's first which before passing them to the
import function, introducing an unnecessary copy of the data in memory. The
alternative would be to have another MPI-based import-function with
move-semantics, but this would be in contrast to the rest of the library's
interfaces.

Similarly, there are functions mbedtls_rsa_export and mbedtls_rsa_export_raw for
exporting the core RSA parameters, either as MPI's or in big-endian binary
format.

The main import/export functions deliberately do not include the additional
helper values DP, DQ and QP present in ASN.1-encoded RSA private keys. To
nonetheless be able to check whether given parameters DP, DQ and QP are in
accordance with a given RSA private key, the interface is extended by a function
mbedtls_rsa_check_opt (in line with mbedtls_rsa_check_privkey,
mbedtls_rsa_check_pubkey and mbedtls_rsa_check_pub_priv). Exporting the optional
parameters is taken care of by mbedtls_export_opt (currently MPI format only).
2017-08-23 14:44:36 +01:00
Hanno Becker
a3ebec2423 Declare RSA helper functions
This commit adds convenience functions to the RSA module for computing a
complete RSA private key (with fields N, P, Q, D, E, DP, DQ, QP) from a subset
of core parameters, e.g. (N, D, E).
2017-08-23 14:06:24 +01:00
Ron Eldor
f231eaae28 Add configuration file in md.h
include `*config.h*` in md.h as MACROS in the header file get ignored.
Fix for #1001.
2017-08-22 14:50:14 +03:00
Simon Butcher
72ea31b026 Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
Ron Eldor
433f39c437 ECDH alternative implementation support
Add alternative implementation support for ECDH at the higher layer
2017-08-08 18:43:56 +03:00
Ron Eldor
b68733bf62 ECDSA alternative support
Support for alternative implementation of ECDSA, at the higher layer
2017-08-07 18:00:22 +03:00
Hanno Becker
61937d4a83 Rename time and index parameter to avoid name conflict.
As noted in #557, several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.

This commit renames the arguments accordingly.
2017-07-28 22:28:08 +01:00
Andres Amaya Garcia
c630ce6b4c Improve MBEDTLS_NO_UDBL_DIVISION description 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
df1486afe4 Remove MBEDTLS_TYPE_UDBL option 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
b39467dda7 Fix check_config.h #error directive 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
93db11a395 Fix typo in check_config.h 2017-07-27 21:44:33 +01:00
Gilles Peskine
b1a977f5a7 MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
d7fce008c5 Allow forcing 64-bit integer type
Allow forcing 64-bit integer type for bignum operations. Also introduce
the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length
integer in unknown compilers.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
aa27dfeecc Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-27 21:44:33 +01:00
Simon Butcher
a95d630197 Fix platform setup/teardown feature and comments
Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it
as a feature  in 'version_features.c'.
2017-07-27 21:44:33 +01:00
Simon Butcher
d3be27a92a Add additional comments to platform setup/teardown functions 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
d91f99f868 Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
64b02cd947 Improve documentation for mbedtls_platform_context 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
3c8a39d28a Remove internal functions from setup API 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
2a6f39cb63 Add library setup and teardown APIs
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:

* mbedtls_platform_setup()
* mbedtls_platform_teardown()

An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:

* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()

Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
2017-07-27 21:44:33 +01:00
Hanno Becker
ca1cdb2bf3 Make minor changes to documentation 2017-07-27 21:44:33 +01:00
Hanno Becker
bedc2050b6 Export mbedtls_aes_(en/de)crypt to retain for API compatibility
The commit f5bf7189d3 made the AES
functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing
the library's API.

This commit reverts this.
2017-07-27 21:44:33 +01:00
Hanno Becker
6d84ae7e57 Clarify documentation for alternative AES implementations
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.

This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
2017-07-27 21:44:33 +01:00
Hanno Becker
d300a5734a Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-07-27 21:44:33 +01:00
Janos Follath
bfea4a7c02 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-27 21:44:32 +01:00
Hanno Becker
b6479192d8 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-27 21:43:17 +01:00
Andres Amaya Garcia
fdd11b2531 Improve MBEDTLS_NO_UDBL_DIVISION description 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
de2e70431f Remove MBEDTLS_TYPE_UDBL option 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
713c6fdd4e Fix check_config.h #error directive 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
bebc5f69f8 Fix typo in check_config.h 2017-07-22 11:53:56 +02:00
Gilles Peskine
9a9adcd6aa MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
6ee7dad896 Allow forcing 64-bit integer type
Allow forcing 64-bit integer type for bignum operations. Also introduce
the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length
integer in unknown compilers.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
05d9535c90 Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-22 11:53:56 +02:00
Simon Butcher
c0da47dd1e Fix platform setup/teardown feature and comments
Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it
as a feature  in 'version_features.c'.
2017-07-21 23:48:55 +01:00
Simon Butcher
be4f75c12f Add additional comments to platform setup/teardown functions 2017-07-21 02:15:14 +02:00
Andres Amaya Garcia
9da69514ec Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
9d80a36336 Improve documentation for mbedtls_platform_context 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
82d7314c43 Remove internal functions from setup API 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
122d899296 Add library setup and teardown APIs
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:

* mbedtls_platform_setup()
* mbedtls_platform_teardown()

An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:

* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()

Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
2017-07-21 02:11:35 +02:00
Andres Amaya Garcia
46f5a3e9b4 Check return codes from MD in ssl code 2017-07-20 16:17:51 +01:00
Andres Amaya Garcia
a21247ead7 Remove unwanted whitespace in MD comments 2017-07-20 14:01:08 +01:00
Hanno Becker
1a28b01b5e Make minor changes to documentation 2017-07-20 12:36:53 +02:00
Hanno Becker
489b985fae Export mbedtls_aes_(en/de)crypt to retain for API compatibility
The commit f5bf7189d3 made the AES
functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing
the library's API.

This commit reverts this.
2017-07-20 12:36:53 +02:00
Hanno Becker
649dcab175 Clarify documentation for alternative AES implementations
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.

This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
2017-07-20 12:36:53 +02:00
Hanno Becker
544039ac59 Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-07-20 12:36:53 +02:00
Janos Follath
a9e775efe4 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-19 02:07:59 +01:00
Hanno Becker
248ae6dbb8 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-19 01:46:44 +01:00
Manuel Pégourié-Gonnard
760c9b91d7 Update doc of return value of verify() 2017-07-06 15:00:32 +02:00
Manuel Pégourié-Gonnard
31458a1878 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Andres Amaya Garcia
7a005e2fa4 Remove invalid doxygen docs from deprecated func 2017-07-03 14:42:34 +01:00
Andres Amaya Garcia
95869c4934 Do not start md accumulator in mbedtls_entropy_init
This change moves the calls to mbedtls_sha256_starts() and
mbedtls_sha512_starts() out of the mbedtls_entropy_init() function as
these now have return codes which need to be checked.
2017-06-29 16:31:44 +01:00
Andres Amaya Garcia
5f872df26a Change func ptrs to have ret val in MD layer
This patch modifies the internal md context structure in md_wrap.c to
add return values to the function pointers. This enables us to use the
new API in the corresponding MD modules so that failures can be
found at any point in an MD computation.
2017-06-28 14:12:44 +01:00
Andres Amaya Garcia
cccfe08530 Rename md process functions with _internal_ 2017-06-28 12:52:16 +01:00
Andres Amaya Garcia
614c689e05 Add int return values to SHA-512 function calls
The following function calls are being deprecated to introduce int
return values.
    * mbedtls_sha512()
    * mbedtls_sha512_starts()
    * mbedtls_sha512_update()
    * mbedtls_sha512_finish()
    * mbedtls_sha512_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
2017-06-28 12:52:16 +01:00
Andres Amaya Garcia
72a7f53064 Add int return values to SHA-256 function calls
The following function calls are being deprecated to introduce int
return values.
    * mbedtls_sha256()
    * mbedtls_sha256_starts()
    * mbedtls_sha256_update()
    * mbedtls_sha256_finish()
    * mbedtls_sha256_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
2017-06-28 12:52:16 +01:00
Andres Amaya Garcia
b1a8bf9725 Add int return values to RIPEMD-160 function calls
The following function calls are being deprecated to introduce int
return values.
    * mbedtls_ripemd160()
    * mbedtls_ripemd160_starts()
    * mbedtls_ripemd160_update()
    * mbedtls_ripemd160_finish()
    * mbedtls_ripemd160_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
2017-06-28 12:52:16 +01:00
Andres Amaya Garcia
2cfd7a982c Add int return values to MD5 function calls
The following function calls are being deprecated to introduce int
return values.
    * mbedtls_md5()
    * mbedtls_md5_starts()
    * mbedtls_md5_update()
    * mbedtls_md5_finish()
    * mbedtls_md5_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
2017-06-28 12:52:16 +01:00
Andres Amaya Garcia
bee0635b15 Add int return values to MD4 function calls
The following function calls are being deprecated to introduce int
return values.
    * mbedtls_md4()
    * mbedtls_md4_starts()
    * mbedtls_md4_update()
    * mbedtls_md4_finish()
    * mbedtls_md4_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
2017-06-28 12:52:16 +01:00
Andres Amaya Garcia
1d85213602 Add int return values to MD2 function calls
The following function calls are being deprecated to introduce int
return values.
    * mbedtls_md2()
    * mbedtls_md2_starts()
    * mbedtls_md2_update()
    * mbedtls_md2_finish()
    * mbedtls_md2_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
2017-06-28 12:52:15 +01:00
Andres Amaya Garcia
034ea7e754 Add int return values to SHA1 function calls
The following function calls are being deprecated to introduce int
return values.
    * mbedtls_sha1()
    * mbedtls_sha1_starts()
    * mbedtls_sha1_update()
    * mbedtls_sha1_finish()
    * mbedtls_sha1_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
2017-06-28 12:52:15 +01:00
Hanno Becker
59e6963a37 Prevent clever optimization to prematurely quit loop in safe memcmp
The previous version of `mbedtls_ssl_safer_memcmp` did not qualify the
pointers to the arrays to be compared as volatile, theoretically
opening the possibility for the compiler to notice that the loop
operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This
commit changes this. It also declares the stack variable `diff` as
volatile, to force read and write in every loop; omitting that, the
compiler would still be allowed to get away with reading `A[i]` and
`B[i]` but not doing the XOR and not updating `diff`.
2017-06-26 13:26:58 +01:00
Simon Butcher
f2a597fa3d Update the version number to 2.5.1 2017-06-20 23:08:10 +01:00
Andres Amaya Garcia
fd48739461 Add AES feature unavailable error code 2017-06-14 16:19:12 +01:00
Manuel Pégourié-Gonnard
4a42f3c405 Merge remote-tracking branch 'restricted/iotssl-1398' into development-restricted
* restricted/iotssl-1398:
  Add ChangeLog entry
  Ensure application data records are not kept when fully processed
  Add hard assertion to mbedtls_ssl_read_record_layer
  Fix mbedtls_ssl_read
  Simplify retaining of messages for future processing
2017-06-09 15:02:40 +02:00
Manuel Pégourié-Gonnard
db108ac944 Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development
* hanno/mpi_read_file_underflow:
  Fix potential stack underflow in mpi_read_file.
2017-06-08 19:48:03 +02:00
Manuel Pégourié-Gonnard
1178ac5e77 Merge remote-tracking branch 'hanno/sliding_exponentiation' into development
* hanno/sliding_exponentiation:
  Adapt ChangeLog
  Abort modular inversion when modulus is one.
  Correct sign in modular exponentiation algorithm.
2017-06-08 19:46:30 +02:00
Hanno Becker
4a810fba69 Fix mbedtls_ssl_read
Don't fetch a new record in mbedtls_ssl_read_record_layer as long as an application data record is being processed.
2017-06-08 10:12:16 +01:00
Hanno Becker
af0665d8b0 Simplify retaining of messages for future processing
There are situations in which it is not clear what message to expect
next. For example, the message following the ServerHello might be
either a Certificate, a ServerKeyExchange or a CertificateRequest. We
deal with this situation in the following way: Initially, the message
processing function for one of the allowed message types is called,
which fetches and decodes a new message. If that message is not the
expected one, the function returns successfully (instead of throwing
an error as usual for unexpected messages), and the handshake
continues to the processing function for the next possible message. To
not have this function fetch a new message, a flag in the SSL context
structure is used to indicate that the last message was retained for
further processing, and if that's set, the following processing
function will not fetch a new record.

This commit simplifies the usage of this message-retaining parameter
by doing the check within the record-fetching routine instead of the
specific message-processing routines. The code gets cleaner this way
and allows retaining messages to be used in other situations as well
without much effort. This will be used in the next commits.
2017-06-08 10:12:16 +01:00
Manuel Pégourié-Gonnard
c44c3c288d Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development
* janos/iotssl-1156-ecdsa-sample-and-doc-clarification:
  Clarify the use of ECDSA API
2017-06-08 10:16:54 +02:00
Gilles Peskine
f11d33b2df Cleaned up negative test predicate for test case
The test infrastructure does support negative predicates for test
cases, thanks to Andreas for letting me know.
2017-06-06 19:16:18 +02:00
Gilles Peskine
5d2511c4d4 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 18:44:14 +02:00
Gilles Peskine
4fa6bed0c6 X.509 tests: obey compile-time SHA-1 support option
There is now one test case to validate that SHA-1 is rejected in
certificates by default, and one test case to validate that SHA-1 is
supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2017-06-06 18:44:14 +02:00
Gilles Peskine
5e79cb3662 Remove SHA-1 in TLS by default
Default to forbidding the use of SHA-1 in TLS where it is unsafe: for
certificate signing, and as the signature hash algorithm for the TLS
1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the
XXX_SHA ciphersuites and in the PRF for TLS <= 1.1.

For easy backward compatibility for use in controlled environments,
turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.
2017-06-06 18:44:13 +02:00
Manuel Pégourié-Gonnard
23b33f8663 Merge remote-tracking branch 'hanno/sig_hash_compatibility' into development
* hanno/sig_hash_compatibility:
  Improve documentation
  Split long lines
  Remember suitable hash function for any signature algorithm.
  Introduce macros and functions to characterize certain ciphersuites.
2017-06-06 18:14:57 +02:00
Gilles Peskine
4ae7d5df96 Clarified documentation of mbedtls_ssl_setup
Note that the configuration structure must remain accessible. The
previous wording could have been taken as implying that it's ok to
change the structure but changes wouldn't be taken into account.

Also note that calling this function twice is not supported (it would
at least be a memory leak).
2017-05-26 11:59:29 +02:00
Simon Butcher
9f77017a8d Updated version number to 2.5.0 2017-05-16 10:22:37 +01:00
Andres AG
f5bf7189d3 Change return type of AES decrypt and encrypt
This patch modifies the following 2 functions in the AES module to
change the return type from void to int:
    * mbedtls_aes_encrypt() -> mbedtls_internal_aes_encrypt()
    * mbedtls_aes_decrypt() -> mbedtls_internal_aes_decrypt()
This change is necessary to allow users of MBEDTLS_AES_ALT,
MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT to return an error
code when replacing the default with their own implementation, e.g.
a hardware crypto accelerator.
2017-05-16 10:22:37 +01:00
Janos Follath
088ce43ffe Implement optional CA list suppression in Certificate Request
According to RFC5246 the server can indicate the known Certificate
Authorities or can constrain the aurhorisation space by sending a
certificate list. This part of the message is optional and if omitted,
the client may send any certificate in the response.

The previous behaviour of mbed TLS was to always send the name of all the
CAs that are configured as root CAs. In certain cases this might cause
usability and privacy issues for example:
- If the list of the CA names is longer than the peers input buffer then
  the handshake will fail
- If the configured CAs belong to third parties, this message gives away
  information on the relations to these third parties

Therefore we introduce an option to suppress the CA list in the
Certificate Request message.

Providing this feature as a runtime option comes with a little cost in
code size and advantages in maintenance and flexibility.
2017-05-16 10:22:37 +01:00
Andres Amaya Garcia
75fdf631fd Remove obsolete macros from compat-1.3.h 2017-05-16 10:22:37 +01:00
Hanno Becker
7e5437a972 Remember suitable hash function for any signature algorithm.
This commit changes `ssl_parse_signature_algorithms_ext` to remember
one suitable ( := supported by client and by our config ) hash
algorithm per signature algorithm.

It also modifies the ciphersuite checking function
`ssl_ciphersuite_match` to refuse a suite if there
is no suitable hash algorithm.

Finally, it adds the corresponding entry to the ChangeLog.
2017-05-15 11:50:11 +01:00
Hanno Becker
1aa267cbc3 Introduce macros and functions to characterize certain ciphersuites.
The routine `mbedtls_ssl_write_server_key_exchange` heavily depends on
what kind of cipher suite is active: some don't need a
ServerKeyExchange at all, some need (EC)DH parameters but no server
signature, some require both. Each time we want to restrict a certain
piece of code to some class of ciphersuites, it is guarded by a
lengthy concatentation of configuration checks determining whether at
least one of the relevant cipher suites is enabled in the config; on
the code level, it is guarded by the check whether one of these
cipher suites is the active one.

To ease readability of the code, this commit introduces several helper
macros and helper functions that can be used to determine whether a
certain class of ciphersuites (a) is active in the config, and
(b) contains the currently present ciphersuite.
2017-05-15 11:46:57 +01:00
Andres Amaya Garcia
af610a0baf Fix check-doxy-blocks.pl errors (cmac.c ecjpake.h) 2017-05-12 00:18:04 +01:00
Janos Follath
5634b8609b Apply feedback to ECP internal interface documentation 2017-05-11 22:42:14 +01:00
Janos Follath
aab9efb4ce Add doxygen documentation to the new ECP interface
Document the functions in the Elliptic Curve Point module hardware
acceleration to guide silicon vendors when implementing the drivers.
2017-05-11 22:42:14 +01:00
Janos Follath
333d163523 Remove obsolote ECP abstraction macros
Some macros have been removed from the Elliptic Curve Point abstraction
layer, and they shouldn't have remained in the check_config.h
2017-05-11 22:42:14 +01:00
Janos Follath
c44ab97cc9 Apply review feedback on ECP interface
Naming conventions are revised, style issues corrected and minor
optimisation added.
2017-05-11 22:42:14 +01:00
Janos Follath
b8a90fb51c Update ECP hardware abstraction interface
With this commit the Elliptic Curve Point interface is rewised. Two
compile time options has been removed to simplify the interface and
the function names got a new prefix that indicates that these functions
are for internal use and not part of the public interface.
2017-05-11 22:42:14 +01:00
Janos Follath
ee782bcd54 Adjust documentation to new ECP function names. 2017-05-11 22:42:14 +01:00
Janos Follath
552f6b6d17 Add global mutex for asymmetric crypto accelerator
The primary use case behind providing an abstraction layer to enable
alternative Elliptic Curve Point arithmetic implementation, is making
use of cryptographic acceleration hardware if it is present.

To provide thread safety for the hardware accelerator we need a mutex
to guard it.
2017-05-11 22:42:14 +01:00
Janos Follath
16e63ea2e2 Fix alternative ECP function names
The alternative Elliptic Curve Point arithmetic functions didn't have
an 'mbedtls_' prefix as required by check-names.sh.
2017-05-11 22:42:14 +01:00
Janos Follath
4d9c69dde8 Fix ECP alternative macro names
The compile time macros enabling the initialisation and deinitialisation
in the alternative Elliptic Curve Point arithmetic implementation had
names that did not end with '_ALT' as required by check-names.sh.
2017-05-11 22:42:14 +01:00
Janos Follath
47d28f08a6 Remove alt_internal directory 2017-05-11 22:42:14 +01:00
Janos Follath
372697b6b7 Clean up ECP abstraction layer code
This commit fixes several style issues and fixes in the documentation
of the Elliptic Curve Point arithmetic abstraction layer.
2017-05-11 22:42:14 +01:00
Janos Follath
b069753313 ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
Hanno Becker
b2034b7785 Fix potential stack underflow in mpi_read_file.
When provided with an empty line, mpi_read_file causes a numeric
underflow resulting in a stack underflow. This commit fixes this and
adds some documentation to mpi_read_file.
2017-05-09 10:29:06 +01:00
Hanno Becker
4bcb4914c5 Abort modular inversion when modulus is one.
The modular inversion function hangs when provided with the modulus 1. This commit refuses this modulus with a BAD_INPUT error code. It also adds a test for this case.
2017-05-08 14:47:04 +01:00
Steven Cooreman
6334277320 Allow alternate core implementation of CMAC 2017-04-04 11:47:16 +02:00
Steven Cooreman
222e2ff421 Allow alternate core implementation of CCM 2017-04-04 11:37:15 +02:00
Janos Follath
0a5154b8a1 Clarify the use of ECDSA API
In the ecdsa.c sample application we don't use hashing, we use ecdsa
directly on a buffer containing plain text. Although the text explains
that it should be the message hash it still can be confusing.

Any misunderstandings here are potentially very dangerous, because ECDSA
truncates the message hash if necessary and this can lead to trivial
signature forgeries if the API is misused and the message is passed
directly to the function without hashing.

This commit adds a hash computation step to the ecdsa.c sample
application and clarification to the doxygen documentation of the
ECDSA functions involved.
2017-03-10 11:31:41 +00:00
Jaakko Korhonen
aca11a071d Fixed typo in ssl.h 2017-02-28 08:58:02 +00:00
Simon Butcher
ee75b9b417 Add clarification to the TLS renegotiation period
Expanded details on use of mbedtls_ssl_conf_renegotiation_period()
2017-02-03 00:21:28 +00:00
Simon Butcher
1d4db5b7b5 Merge 'iotssl-1099-incorrect-renego-dtls'
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-02-02 23:47:08 +00:00
Simon Butcher
a90f6bd657 Merge PR #737 - type in ssl.h 2017-02-02 15:32:47 +00:00
Simon Butcher
4d1e104bc1 Merge iotssl-1079-macro-redefinition-warning
Fix redefinition of macro ssl_set_bio to undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h.
2017-02-02 12:19:04 +00:00
Andres AG
18c5c59b5b Fix renegotiation at incorrect times in DTLS
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-01-19 16:30:15 +00:00
aitap
4dab551698 mbedtls_net_accept: client_ip can be NULL
This is currently used in example programs, but not explicitly documented.
2017-01-13 13:22:31 +04:00
Jaakko Korhonen
14918fbda4 Fixed typo in ssl.h 2017-01-09 11:07:46 +02:00
Simon Butcher
f4957a8855 Clarify CMAC API
Added additional text to cmac.h to make the API clearer.
2016-12-14 15:27:22 +00:00
Janos Follath
1808dc01bd Update library version number to 2.4.1 2016-12-13 16:00:52 +00:00
Andres AG
ee7157e735 Fix redefinition of macro ssl_set_bio
Fix redefinition of macro ssl_set_bio to undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h.
2016-12-07 10:27:00 +00:00
DSiekmeier
b67c897ded removed outdated comment 2016-11-17 14:17:23 +00:00
Brian J Murray
2adecba01f Clarify Comments and Fix Typos (#651)
Fixes many typos, and errors in comments.

* Clarifies many comments
* Grammar correction in config.pl help text
* Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE.
* Comment typo fix (Dont => Don't)
* Comment typo fix (assure => ensure)
* Comment typo fix (byes => bytes)
* Added citation for quoted standard
* Comment typo fix (one complement => 1's complement)

The is some debate about whether to prefer "one's complement",  "ones'
complement", or "1's complement".  The more recent RFCs related to TLS
(RFC 6347,  RFC 4347, etc) use " 1's complement", so I followed that
convention.

* Added missing ")" in comment
* Comment alignment
* Incorrect comment after #endif
2016-11-06 12:45:15 +00:00
Simon Butcher
2cb4739ad2 Fix multiple erroneously named source files in comments
This fixes many incorrect references to filenames in the comments in config.h.
2016-11-04 12:23:11 +00:00
Simon Butcher
16c54ee9c8 Update library version number to 2.4.0 2016-10-16 19:34:39 +01:00
Simon Butcher
8e00410402 Merge fix for AEAD Random IVs 2016-10-14 00:48:33 +01:00
Simon Butcher
99000142cb Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
Andres AG
314d8a8400 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-13 13:54:47 +01:00
Andres AG
2280e9cc48 Fix typo in docs for mbedtls_x509write_csr_der() 2016-10-13 13:53:56 +01:00
Janos Follath
2b3b740574 Remove unnecessary flag from CMAC context 2016-10-13 13:53:33 +01:00
Andres AG
8254b6c9f3 Clean up of formatting, and potential integer overflow fix 2016-10-13 13:51:13 +01:00
Simon Butcher
f394e09431 Clean up and minor fixes following review
Minor fixes following review including:
    * formatting changes including indentation and code style
    * corrections
    * removal of debug code
    * clarification of code through variable renaming
    * memory leak
    * compiler warnings
2016-10-13 13:51:12 +01:00
Simon Butcher
5805fbedcb Fix CMAC interface for doxygen
Parameters didn't match the function definition.
2016-10-13 13:51:12 +01:00
Simon Butcher
08e890004c Fix naming in cmac.h to comply with check-names.sh 2016-10-13 13:51:12 +01:00
Simon Butcher
59b4c888fe Clean up comment formatting in md.h 2016-10-13 13:51:12 +01:00
Simon Butcher
53b5e9c0a9 Remove CMAC as a separate and independent error group 2016-10-13 13:51:12 +01:00
Simon Butcher
0c79073a8b Refactor and change CMAC interface
Change the CMAC interface to match the mbedtls_md_hmac_xxxx() interface. This
changes the overall design of the CMAC interface to make it more consistent with
the existing HMAC interface, and will allow incremental updates of input data
rather than requiring all data to be presented at once, which is what the
current interface requires.
2016-10-13 13:51:11 +01:00
Brian Murray
57104fb773 Specify AES-CMAC-PRF buffer output size in comment 2016-10-13 13:51:11 +01:00
Brian Murray
5168618294 Minor fixes to comments 2016-10-13 13:51:11 +01:00
Brian Murray
3d64431a33 Minor CMAC fixes for merge 2016-10-13 13:51:11 +01:00
Brian Murray
ba426948b2 Minor change to pass build tests 2016-10-13 13:51:10 +01:00
Brian Murray
6eae89bb6f No CMAC minimum tag length is specified by NIST SP800-38B A
Minor Typo Changes
2016-10-13 13:51:10 +01:00
Brian Murray
86ff986884 selftest supports cmac if only MBEDTLS_DES_C is defined
Other minor typo fixes
2016-10-13 13:51:10 +01:00
Brian Murray
afdb60f84f Only compile AES CMAC PRF support if MBEDTLS_AES_C is defined and other cleanups 2016-10-13 13:51:09 +01:00
Brian Murray
029d79bf25 Updated comments for CMAC in config.h 2016-10-13 13:51:09 +01:00
Brian Murray
7c6476c330 CMAC support for cipher with 64bit blocks (DES/3DES) 2016-10-13 13:51:09 +01:00
Manuel Pégourié-Gonnard
2b0e21f130 cmac: more cosmetic changes 2016-10-13 13:51:09 +01:00
Manuel Pégourié-Gonnard
9c83eebe67 cmac: improve argument order and naming
- always use the pattern "buffer, length"
- avoid using unqualified "length" as a name when there are more than one
2016-10-13 13:51:08 +01:00
Robert Cragie
9bf1e5dd3b Line endings wrong 2016-10-13 13:51:08 +01:00
Robert Cragie
468320d6f5 Bad code in function documentation 2016-10-13 13:51:08 +01:00
Robert Cragie
2fa11cd197 Added CMAC as proper low-level module and changed error returns 2016-10-13 13:51:07 +01:00
Robert Cragie
45feb6ef20 Add support for AES-128-CMAC and AES-CMAC-PRF-128 2016-10-13 13:51:07 +01:00
Andres AG
94d73b0b0a Add config macro for min bytes hw entropy 2016-10-13 13:48:48 +01:00
Andres AG
3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Andres AG
f9113194af Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2016-09-16 11:42:35 +01:00
Andres Amaya Garcia
a928e67278 Documentation and entropy self test changes (#610)
Ensure that the entropy self test always fails whenever
MBEDTLS_TEST_NULL_ENTROPY is defined. This is because the option is
meant to be for testing and development purposes rather than production
quality software. Also, this patch enhances the documentation for
mbedtls_entropy_source_self_test() and mbedtls_entropy_self_test().
2016-09-13 13:30:02 +01:00
Andres AG
e7723ec284 Make entropy bias self test poll multiple times
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG
b34e42e69e Add a new self test to entropy module
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:

- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
  at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Brian J Murray
98844ff59f Fix minor typo in comments (#531) 2016-08-30 09:50:12 +01:00
Paul Bakker
c7d6bd4b5f Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths
As a consequence also adds coverage for reading 3 and 4 byte lengths
(which were not covered before)
2016-08-25 15:42:27 +01:00
Paul Bakker
7eb1243fb4 Add check for lengths over 65535 in mbedtls_asn1_write_len() 2016-08-25 15:42:27 +01:00
Andres Amaya Garcia
1e4ec667a4 Check time platform abstraction macro definitions (#534)
* Check time platform abstraction macro definitions

This patch adds some checks to check_config.h to ensure that macro
definitions for the time platform abstraction are acceptable. In this
case the requirements are:
  - MBEDTLS_PLATFORM_C and MBEDTLS_HAVE_TIME must be defined whenever
    MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_TYPE_MACRO or
    MBEDTLS_PLATFORM_TIME_MACRO is defined.
  - MBEDTLS_PLATFORM_STD_TIME and MBEDTLS_PLATFORM_TIME_ALT cannot be
    defined simultaneously with MBEDTLS_PLATFORM_TIME_TYPE_MACRO or
    MBEDTLS_PLATFORM_TIME_MACRO.
  - MBEDTLS_HAVE_TIME and MBEDTLS_PLATFORM_TIME_ALT must be defined
    whenever MBEDTLS_PLATFORM_STD_TIME is defined.

* Document requirements for time abstraction macros

Document that time platform abstraction macros
MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_MACRO,
MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME require
MBEDTLS_HAVE_TIME to be defined in config.h.

* Fix requires comment in config.h

* Split preprocessor condition for simplicity
2016-07-20 10:16:25 +01:00
Simon Butcher
b5b6af2663 Puts platform time abstraction into its own header
Separates platform time abstraction into it's own header from the
general platform abstraction as both depend on different build options.
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
2016-07-13 14:46:18 +01:00
James Cowgill
7247f99b3e Fixes missing dependency in ss.h on platform.h
Fixes #522 - 'mbedtls_time_t does not name a type in ssl.h'
2016-07-11 13:57:05 +01:00
Simon Butcher
1d46a2d5aa Fix issue with reuse of custom yotta configs for target_config.h (#530) 2016-07-11 10:17:03 +01:00
Simon Butcher
905cef6c2c Changed library version number to 2.3.0 2016-06-27 19:36:45 +01:00
Simon Butcher
ab069c6b46 Merge branch 'development' into development-restricted 2016-06-23 21:42:26 +01:00
Simon Butcher
b2c81b12bb Added target_config.h as a custom header for yotta use 2016-06-23 13:56:06 +01:00
Janos Follath
efc665f80f Fix mbedtls_ssl_set_hostname documentation 2016-06-22 00:21:32 +01:00
Janos Follath
1b8571cd25 Merge branch 'development' into development-restricted 2016-06-21 13:51:17 +01:00
Aaron Jones
d96e526093 ssl.h: tidy up the documentation comments (#505)
ssl.h: Tidy up and correct documentation errors.
2016-06-17 15:40:41 +01:00
Janos Follath
15ab7ed0f3 Merge branch 'development' into development-restricted
Conflicts:
	programs/pkey/rsa_decrypt.c
	programs/pkey/rsa_encrypt.c
	programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Simon Butcher
4157b6004d Renames null entropy source function for clarity 2016-06-12 00:31:33 +01:00
Simon Butcher
ab5df40054 Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY
Following review and for clarity, changed the name of the feature to 'null
entropy'.
2016-06-11 02:31:21 +01:00
Simon Butcher
30b5f978eb Removes target_config.h file from default and thread configs
target_config.h is no longer needed for target/platform configurations so
this change removes it from the default and platform configurations for mbed
builds.
2016-06-10 19:42:15 +01:00
Paul Bakker
71a597a2ba Update documentation for MBEDTLS_ENTROPY_NV_SEED 2016-06-10 19:42:15 +01:00
Paul Bakker
fc9c7c8bf4 Initial entropy run should be context specific
Otherwise test influence each other.
Is a change to the context but only if the NV seed feature is enabled
2016-06-10 19:42:15 +01:00
Paul Bakker
66fdf34e81 Add MBEDTLS_FS_IO guard on default NV seed defines in platform.h
The default implementation won't work without MBEDTLS_FS_IO, so
leave undefined otherwise.
2016-06-10 19:42:15 +01:00
Paul Bakker
d5c9f6d226 Automatically update NV seed on initial entropy run
Update the NV entropy seed before generating any entropy for outside
use. The reason this is triggered here and not in mbedtls_entropy_init(),
is that not all entropy sources mights have been added at that time.
2016-06-10 19:42:14 +01:00
Paul Bakker
9988d6bbd9 Introduce mbedtls_nv_seed_poll() entropy polling function 2016-06-10 19:42:14 +01:00
Paul Bakker
cf0a9f96c5 Introduce platform-layer functions for reading/writing seed from NV
Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write().

The platform-layer functions are only available when
MBEDTLS_ENTROPY_NV_SEED is enabled.
2016-06-10 19:42:14 +01:00
Janos Follath
f93b8bc2e0 Add requirements for the entropy safety switch in documentation. 2016-06-09 13:54:15 +01:00
Janos Follath
53de78444c Add entropy safety switch.
Add a switch that turns entropy collecting off entirely, but enables
mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS
on platforms that don't have their entropy sources integrated yet.
2016-06-09 11:54:54 +01:00
Janos Follath
ce52d7823c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
Janos Follath
04b591ee79 Merge branch 'development' for weekly test report. 2016-05-31 10:18:41 +01:00
Simon Butcher
2917b9e5de Clarified function param in dhm.h 2016-05-25 00:59:37 +01:00
Simon Butcher
9c22e7311c Merge branch 'development' 2016-05-24 13:25:46 +01:00
Paul Bakker
cfe392bdd4 Add end guard comment 2016-05-23 14:29:31 +01:00
Embedthis Software
c0715cb39f Fix single threaded builds 2016-05-23 14:29:31 +01:00
Simon Butcher
80119c5d28 Fixes minor typos in comments in pk.h and ctr_drbg.c
Fixes typos in PRs #475 and #437
2016-05-23 14:29:30 +01:00
Paul Bakker
4fde40f656 Fix logic to allow at least one PKCS version enabled 2016-05-23 14:29:30 +01:00
Paul Bakker
37068a79fe Add check to prevent enabling of RSA without selecting PKCS version(s) 2016-05-23 14:29:30 +01:00
SimonB
295dfa24e7 Clarifies documentation on reported memory statistics 2016-05-23 14:29:29 +01:00
James Cowgill
c788b4cb5a Fix segfault on x32 by using better register constraints in bn_mul.h
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.

The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2016-05-23 14:29:28 +01:00
Simon Butcher
db0feca55c Fixes platform time_t abstraction
Fixes platform abstraction in error.c and the file that it's generated
from as well as DTLS samples.
2016-05-17 00:03:14 +01:00
Paul Bakker
9edf1eb062 Merge pull request #376 from jcowgill/x32
Support for x32
2016-05-11 20:40:08 +02:00
Paul Bakker
e049ccd405 Add end guard comment 2016-05-11 14:13:02 +01:00
Embedthis Software
17ddff5eaf Fix single threaded builds 2016-05-11 14:13:02 +01:00
Simon Butcher
295639bfa1 Fixes minor typos in comments in pk.h and ctr_drbg.c
Fixes typos in PRs #475 and #437
2016-05-10 19:39:36 +01:00
Attila Molnar
7e8a6fb78c Fix minor doc issue 2016-05-05 14:28:28 +01:00
SimonB
5be3a25691 Clarifies documentation on reported memory statistics 2016-05-05 14:25:03 +01:00
Attila Molnar
0b98d2f086 Fix minor doc issue 2016-05-02 11:06:47 +02:00
Simon Butcher
80aea30aa5 Fixes syntax and naming for check-names.sh
Some macros were failing checks by check-names.sh
2016-04-27 00:28:14 +01:00
Simon Butcher
3fe6cd3a2d Fixes time() abstraction for custom configs
Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.
2016-04-26 19:51:29 +01:00
SimonB
d5800b7761 Abstracts away time()/stdlib.h into platform
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
Janos Follath
c351d18c0e Restore a change in the documentation.
Using the wildcard name MBEDTLS_PLATFORM_XXX_ALT made the Travis build
fail.
2016-03-21 08:43:59 +00:00
Janos Follath
d75b782d0d Fix a typo that confuses check-names.sh 2016-03-18 16:47:10 +00:00
Janos Follath
9194744595 Add exit value macros to platform abstraction layer. 2016-03-18 14:05:28 +00:00
Simon Butcher
68c0bd72bc Clarified current status of RC4 usage
Made clear RC4 has been deprecated by IETF standard, and disabled
by default in the library.
2016-03-17 21:08:46 +00:00
Simon Butcher
7ef5cf3c54 Provided doxygen function definitions for debug.h
Documented each function definition.
2016-03-17 21:08:29 +00:00
Simon Butcher
d567a23c59 Fix typos, grammar in the comments and clarify them 2016-03-09 20:19:21 +00:00
Janos Follath
e2681a448b Update default configuration
Change the default settings for SSL and modify the tests accordingly.
2016-03-09 19:32:11 +00:00
Simon Butcher
e846b5128f Use the SSL IO and time callback typedefs consistently
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-09 19:32:09 +00:00
Simon Butcher
c0957bdc13 Fix some minor typos in comments
Fix spelling mistakes and typos.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
986bbf24ce x509:
-
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
d1b7f2b8cf ssl: ignore CertificateRequest's content for real
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
  the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
eeef947040 Clarify documentation about missing CRLs
Also tune up some working while at it.
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
9d6241269a Add note about not implementing PSK id_hint 2016-03-09 19:32:08 +00:00
Simon Butcher
157cb656a9 Clarified mbedtls_ssl_conf_alpn_protocols() doc
Clarified the lifetime of the protos parameter passed in the
function mbedtls_ssl_conf_alpn_protocols().
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
02049dcbd1 Add links to KB articles 2016-02-22 16:46:34 +00:00
Manuel Pégourié-Gonnard
325ce093f9 Give better error messages for semi-portable parts
Previously it was failing with errors about headers not found, which is
suboptimal in terms of clarity. Now give a clean error with pointer to the
documentation.

Do the checks in the .c files rather than check_config.h as it keeps them
closer to the platform-specific implementations.
2016-02-22 10:47:32 +01:00
Manuel Pégourié-Gonnard
d13b9507b3 Improve documentation of some SSL callbacks
The previous documentation was not explicit about what was expected of the
callbacks - the user had to infer that from the descriptions in net.h or
timing.h, and it was not clear what was part of the calling convention and
what was specific to our implementation.
2016-02-22 10:13:22 +01:00
Manuel Pégourié-Gonnard
edb1a48397 dtls: improve doc about handshake timeouts 2016-01-29 16:05:55 +01:00
Manuel Pégourié-Gonnard
365f325e03 Make check-names.sh happy 2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
25caaf36a6 Avoid build errors with -O0 due to assembly 2016-01-08 14:29:11 +01:00
Simon Butcher
bfafadb45d Change version number to 2.2.1
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
76da60c56e Fix doxygen warnings for generic names in config.h
When we use the same documentation for a list of #defines, we used to use a
generic name in the \def command. Use the first name of the list instead so
that doxygen stops complaining, and mention the generic name in the longer
description.

This is not entirely satisfactory as the full list of macros will not be
included in the generated doc, but it's still an improvement as at least the
first macro is documented now, with a hint that there are others.
2016-01-04 13:51:01 +01:00
Manuel Pégourié-Gonnard
ddbb166041 Reintroduce line deleted by accident 2016-01-04 12:40:15 +01:00
Simon Butcher
5b331b9d48 Various fixes to doxygen API generation
* Fixed incorrect file definitions
 * Fixed accidental tag problems in ecjpake.h
 * Corrected function naming in X.509 module definition
2016-01-03 16:14:14 +00:00
Simon Butcher
9803d07a63 Fix for MPI divide on MSVC
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 00:24:34 +00:00
Simon Butcher
4c2bfdbff6 Merge 'iotssl-558-md5-tls-sigs-restricted' 2015-12-23 18:33:54 +00:00
Simon Butcher
fabce5e137 Merge branch 'misc' into development
Fixes github #358, #362 and IOTSSL-536
2015-12-22 18:56:56 +00:00
James Cowgill
21e402a3ae Fix segfault on x32 by using better register constraints in bn_mul.h
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.

The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2015-12-17 13:08:47 +00:00
Manuel Pégourié-Gonnard
acbb050118 Make documentation more explicit on TLS errors
fixes #358
2015-12-10 13:57:27 +01:00
Manuel Pégourié-Gonnard
47229c7cbb Disable MD5 in handshake signatures by default 2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard
e2e25e7427 DTLS: avoid dropping too many records
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
2015-12-03 16:13:17 +01:00
Simon Butcher
8254ed2a9f Change version number to 2.2.0
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard
ba1d897987 Merge branch 'bugfixes' into development
* bugfixes:
  Fix typo in an OID name
  Disable reportedly broken assembly of Sparc(64)
2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard
fb84d38b45 Try to prevent some misuse of RSA functions
fixes #331
2015-10-30 10:56:25 +01:00
Simon Butcher
204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
Simon Butcher
5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard
65eefc8707 Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
e5f3072aed Fix #ifdef inconsistency
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard
cf82893411 Disable EC J-PAKE by default (experimental) 2015-10-20 14:57:00 +02:00
Manuel Pégourié-Gonnard
db90c82eb7 Fix typo in documentation 2015-10-20 09:36:39 +02:00
Simon Butcher
e3132a9e5a Corrected misleading fn description in ssl_cache.h
Mistake in comments spotted by Andris Mednis
2015-10-19 19:28:41 +01:00
Manuel Pégourié-Gonnard
024b6df3b1 Improve key export API and documentation
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths

Also fix some trailing whitespace while at it
2015-10-19 13:52:53 +02:00
Manuel Pégourié-Gonnard
4104864e54 ECHDE-PSK does not use a certificate
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
adeb7d8ec9 Move all KEY_EXCHANGE__ definitions in one place 2015-10-09 14:44:47 +01:00
Robert Cragie
4289c0d1fa Typo in parameter name 2015-10-06 17:20:41 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
c80a74f734 Merge branch 'development' into development-restricted
* development:
  Add 'inline' workaround where needed
2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard
2ac9c60838 Add 'inline' workaround where needed
Was previously using the workaround from md.h
2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
2d7083435d Fix references to non-standard SIZE_T_MAX
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:23:11 +01:00