Commit graph

6044 commits

Author SHA1 Message Date
Markku-Juhani O. Saarinen 259fa60f6c ARIA test vectors for CBC CFB CTR modes 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen 41efbaabc9 ARIA cipher implementation 2018-02-27 12:39:12 +01:00
Gilles Peskine 1bf6123fca Add attribution for #1351 report 2018-02-27 08:37:52 +01:00
Gilles Peskine b7f6086ba3 Merge branch 'prr_424' into development-proposed 2018-02-22 16:15:01 +01:00
Hanno Becker e80cd463ef Adapt version_features.c 2018-02-22 15:02:47 +00:00
Gilles Peskine 04f9bd028f Note incompatibility of truncated HMAC extension in ChangeLog
The change in the truncated HMAC extension aligns Mbed TLS with the
standard, but breaks interoperability with previous versions. Indicate
this in the ChangeLog, as well as how to restore the old behavior.
2018-02-22 15:41:26 +01:00
Gilles Peskine 9d56251260 Merge remote-tracking branch 'upstream-public/pr/1384' into development-proposed 2018-02-22 14:49:16 +01:00
Gilles Peskine 02550f47e9 Merge remote-tracking branch 'upstream-public/pr/1382' into development-proposed 2018-02-22 14:43:58 +01:00
Jaeden Amero 0cb770973c Add LinkLibraryDependencies to VS2010 app template
Add mbedTLS.vcxproj to the VS2010 application template so that the next
time we auto-generate the application project files, the
LinkLibraryDependencies for mbedTLS.vcxproj are maintained.

Fixes #1347
2018-02-22 12:23:53 +00:00
Gilles Peskine bb2565cf12 Add ChangeLog entry for PR #1382 2018-02-22 10:24:59 +00:00
Jaeden Amero 041039f81e MD: Make deprecated functions not inline
In 2.7.0, we replaced a number of MD functions with deprecated inline
versions. This causes ABI compatibility issues, as the functions are no
longer guaranteed to be callable when built into a shared library.
Instead, deprecate the functions without also inlining them, to help
maintain ABI backwards compatibility.
2018-02-22 10:24:30 +00:00
Jaeden Amero c5d08f8ea5 Add ChangeLog entry for PR #1384 2018-02-21 13:34:04 +00:00
Krzysztof Stachowiak 5fa987647a Have Visual Studio handle linking to mbedTLS.lib internally
Fixes #1347
2018-02-21 13:33:15 +00:00
Gilles Peskine d76d8bc9a5 Merge branch 'pr_1352' into development-proposed 2018-02-20 16:42:08 +01:00
Gilles Peskine 200b24fdf8 Mention in ChangeLog that this fixes #1351 2018-02-20 16:40:11 +01:00
Gilles Peskine e6844ccf2b Merge branch 'pr_1135' into development-proposed 2018-02-14 17:20:42 +01:00
Gilles Peskine 3dabd6a145 Add issue number to ChangeLog
Resolves #1122
2018-02-14 17:19:41 +01:00
Gilles Peskine 42a97ac693 Merge branch 'pr_1219' into development-proposed 2018-02-14 16:17:21 +01:00
Gilles Peskine 1d80a67869 Note in the changelog that this fixes an interoperability issue.
Fixes #1339
2018-02-14 16:16:08 +01:00
Gilles Peskine df29868bb6 Merge branch 'pr_1280' into development-proposed
Conflict: configs/config-picocoin.h was both edited and removed.
Resolution: removed, since this is the whole point of PR #1280 and the
changes in development are no longer relevant.
2018-02-14 15:49:54 +01:00
Gilles Peskine 2235bd677a Style fix in ChangeLog 2018-02-14 15:47:46 +01:00
Gilles Peskine 1e3fd69777 Merge remote-tracking branch 'upstream-public/pr/1333' into development-proposed 2018-02-14 15:12:49 +01:00
Gilles Peskine 49ac5d06ed Merge branch 'pr_1365' into development-proposed 2018-02-14 14:36:44 +01:00
Gilles Peskine 27b0754501 Add ChangeLog entries for PR #1168 and #1362 2018-02-14 14:36:33 +01:00
Gilles Peskine 5daa76537a Add ChangeLog entry for PR #1165 2018-02-14 14:10:24 +01:00
Paul Sokolovsky 8d6d8c84b1 ctr_drbg: Typo fix in the file description comment.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
2018-02-10 11:11:41 +02:00
Jaeden Amero 6d6c7982ce Merge remote-tracking branch 'upstream-public/pr/1362' into development 2018-02-08 17:02:31 +00:00
Jaeden Amero 69f3072553 Merge remote-tracking branch 'upstream-public/pr/1168' into development 2018-02-08 15:18:52 +00:00
Jaeden Amero 129f50838b dhm: Fix typo in RFC 5114 constants
We accidentally named the constant MBEDTLS_DHM_RFC5114_MODP_P instead of
MBEDTLS_DHM_RFC5114_MODP_2048_P.

Fixes #1358
2018-02-08 14:29:14 +00:00
Antonio Quartulli 8d7d1ea9f6
tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:20 +08:00
Antonio Quartulli f476b9d98c
data_files/pkcs8-v2: add keys generated with PRF != SHA1
We now have support for the entire SHA family to be used as
PRF in PKCS#5 v2.0, therefore we need to add new keys to test
these new functionalities.

This patch adds the new keys in `tests/data_files` and
commands to generate them in `tests/data_files/Makefile`.

Note that the pkcs8 command in OpenSSL 1.0 called with
the -v2 argument generates keys using PKCS#5 v2.0 with SHA1
as PRF by default.

(This behaviour has changed in OpenSSL 1.1, where the exact same
command instead uses PKCS#5 v2.0 with SHA256)

The new keys are generated by specifying different PRFs with
-v2prf.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:19 +08:00
Antonio Quartulli bfa440e9fb
tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results
Some unit tests for pbkdf2_hmac() have results longer than
99bytes when represented in hexadecimal form.

For this reason extend the result array to accommodate
longer strings.

At the same time make memset() parametric to avoid
bugs in the future.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:19 +08:00
Antonio Quartulli e87e885756
tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
Test vectors for SHA224,256,384 and 512 have been
generated using Python's hashlib module by the
following oneliner:

import binascii, hashlib
binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN)))

where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512'
respectively.

Values for PASSWORD, SALT, ITER and KEYLEN were copied from the
existent test vectors for SHA1.

For SHA256 we also have two test vectors coming from RFC7914 Sec 11.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:19 +08:00
Antonio Quartulli 12ccef2761
pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:15 +08:00
Ron Eldor 9566ff7913 Fix minor issues raised in PR review
1. Style issues fixes - remove redundant spacing.
2. Remove depency of `MBEDTLS_RSA_C` in `pk_parse_public_keyfile_rsa()`
tests, as the function itself is dependent on it.
2018-02-07 18:59:41 +02:00
Ron Eldor 1072e5c7e5 Update ChangeLog style
Add dot at end of change in ChangeLog
2018-02-07 18:43:02 +02:00
Mathieu Briand ffb6efd383 Fix doxygen documentation for CCM encryption
Fix valid tag length values for mbedtls_ccm_encrypt_and_tag() function.
Add valid value ranges for mbedtls_ccm_auth_decrypt() parameters.

Signed-off-by: Mathieu Briand <mbriand@witekio.com>
2018-02-07 10:29:27 +01:00
Ron Eldor c15399843e Add some tests for different available profiles
Add tests for suite b profile and for the next profile
2018-02-06 18:47:17 +02:00
Ron Eldor 099e61df52 Rephrase Changelog
Rephrase Changelog to be more coherent to users
2018-02-06 17:34:27 +02:00
Ron Eldor 85e1dcff6a Fix handshake failure in suite B
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-06 15:59:38 +02:00
Jaeden Amero 32605dc830 Merge remote-tracking branch 'upstream-restricted/pr/451' into development-restricted 2018-02-05 11:36:59 +00:00
Jaeden Amero d79bce1d4e Merge remote-tracking branch 'upstream-restricted/pr/452' into development-restricted 2018-02-05 08:49:51 +00:00
Simon Butcher 55fc4e0c5a Update ChangeLog with language and technical corrections
To clarify and correct the ChangeLog.
2018-02-05 08:41:14 +00:00
Jaeden Amero 3b438d33c1 Update version to 2.7.0 2018-02-02 18:09:45 +00:00
Jaeden Amero 98b9373849 Merge branch 'development' into development-restricted 2018-01-30 17:32:12 +00:00
Jaeden Amero 15f90e0266 Merge remote-tracking branch 'upstream-public/pr/1336' into development 2018-01-30 17:28:31 +00:00
Jaeden Amero 9564e97460 Merge branch 'development' into development-restricted 2018-01-30 17:04:47 +00:00
Jaeden Amero 8dd16ab7c0 doxygen: Disable JAVADOC_AUTOBRIEF
Disable JAVADOC_AUTOBRIEF so that we can have periods in our brief
descriptions. We always use '\brief' where we want a brief, so this won't
hide any documentation previously used as a brief.
2018-01-30 16:22:05 +00:00
Rose Zadik 27ff120a61 Improve SHA-512 documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Align deprecated function descriptions with those of the superseding
  functions.

GitHub PR: #1326
2018-01-30 16:22:05 +00:00
Rose Zadik 602285eac2 Improve SHA-256 documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Align deprecated function descriptions with those of the superseding
  functions.

GitHub PR: #1325
2018-01-30 16:22:05 +00:00