Commit graph

5588 commits

Author SHA1 Message Date
Ron Eldor e13b224d17 fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:34 +01:00
Janos Follath 325294013f Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia c630ce6b4c Improve MBEDTLS_NO_UDBL_DIVISION description 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia f755bb3adf Remove MBEDTLS_TYPE_UDBL tests from all.sh 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia df1486afe4 Remove MBEDTLS_TYPE_UDBL option 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 465db7eba1 Fix no 64-bit division test in all.sh 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 9946783218 Add tests for 64 and 32-bit int types compilation 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia b39467dda7 Fix check_config.h #error directive 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 93db11a395 Fix typo in check_config.h 2017-07-27 21:44:33 +01:00
Gilles Peskine 683ac27b0f Checked names 2017-07-27 21:44:33 +01:00
Gilles Peskine b1a977f5a7 MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia d7fce008c5 Allow forcing 64-bit integer type
Allow forcing 64-bit integer type for bignum operations. Also introduce
the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length
integer in unknown compilers.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 5e873fb464 Add all.sh test to force 32-bit compilation 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia aa27dfeecc Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-27 21:44:33 +01:00
Simon Butcher a95d630197 Fix platform setup/teardown feature and comments
Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it
as a feature  in 'version_features.c'.
2017-07-27 21:44:33 +01:00
Simon Butcher d3be27a92a Add additional comments to platform setup/teardown functions 2017-07-27 21:44:33 +01:00
Simon Butcher 9a6748cff1 Correct order of sections in the ChangeLog 2017-07-27 21:44:33 +01:00
Ron Eldor 528c621271 Check return code of mbedtls_mpi_fill_random
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-27 21:44:33 +01:00
Ron Eldor 5274f274f0 Resource leak fix on windows platform
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-27 21:44:33 +01:00
Ron Eldor d551c24ddb Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-27 21:44:33 +01:00
Ron Eldor e56d1ec60a fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:33 +01:00
Janos Follath 3240c55b30 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 586d3773ec Fix typo in ChangeLog and update macro name 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia d91f99f868 Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 64b02cd947 Improve documentation for mbedtls_platform_context 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 052ac860ae Modify ChangeLog according to API changes 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 3c8a39d28a Remove internal functions from setup API 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 63e672b09d Add ChangeLog entry for platform setup and teardown 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 2a6f39cb63 Add library setup and teardown APIs
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:

* mbedtls_platform_setup()
* mbedtls_platform_teardown()

An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:

* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()

Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
2017-07-27 21:44:33 +01:00
Simon Butcher 51e8c3ed7e Update Changelog for API/ABI fixes to revert interface 2017-07-27 21:44:33 +01:00
Hanno Becker ca1cdb2bf3 Make minor changes to documentation 2017-07-27 21:44:33 +01:00
Hanno Becker bedc2050b6 Export mbedtls_aes_(en/de)crypt to retain for API compatibility
The commit f5bf7189d3 made the AES
functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing
the library's API.

This commit reverts this.
2017-07-27 21:44:33 +01:00
Hanno Becker 6d84ae7e57 Clarify documentation for alternative AES implementations
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.

This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
2017-07-27 21:44:33 +01:00
Hanno Becker 639ce56b6a Undo API change from SHA1 deprecation
The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed
the definition of the global constants
- mbedtls_test_ca_crt_rsa_len,
- mbedtls_test_cli_crt_rsa_len,
- mbedtls_test_ca_crt_rsa, and
- mbedtls_test_cli_crt_rsa.
This commit restores these to maintain ABI compatibility.

Further, it was noticed that without SHA256_C being enabled the
previous code failed to compile because because the SHA1 resp. SHA256
certificates were only defined when the respective SHAXXX_C options
were set, but the emission of the global variable mbedtls_test_ca_crt
was unconditionally defined through the SHA256
certificate. Previously, the RSA SHA1 certificate was unconditionally
defined and used for that.

As a remedy, this commit makes sure some RSA certificate is defined
and exported through the following rule:
1. If SHA256_C is active, define an RSA SHA256 certificate and export
   it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if
   SHA1_C is set.
2. If SHA256_C is not set, always define SHA1 certificate and export
   it as mbedtls_test_ca_crt.
2017-07-27 21:44:33 +01:00
Hanno Becker d300a5734a Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-07-27 21:44:33 +01:00
Ron Eldor 7269fee0b6 Check return code of mbedtls_mpi_fill_random
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-27 21:44:33 +01:00
Ron Eldor 3e19df5c95 Resource leak fix on windows platform
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-27 21:44:33 +01:00
Ron Eldor 8ab0595538 Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-27 21:44:33 +01:00
Ron Eldor 5a21fd62bf fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:33 +01:00
Ron Eldor 2a47be5012 Minor: Fix typos in program comments
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 92fcfe2933 Add ChangeLog entry for config-no-entropy.h change 2017-07-27 21:44:32 +01:00
Andres Amaya Garcia 28f320e60e Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy
Enable the MBEDTLS_AES_ROM_TABLES option in the
configs/config-no-entropy.h to place AES lookup tables in ROM. This
saves considerable RAM space, a resource that is very limited in small
devices that use this configuration.
2017-07-27 21:44:32 +01:00
Janos Follath bfea4a7c02 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-27 21:44:32 +01:00
Hanno Becker b6479192d8 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-27 21:43:17 +01:00
Simon Butcher f85c90a61d Fixes running order of sections in Changelog 2017-07-27 15:11:52 +01:00
Simon Butcher 5deb518d05 Fix merge errors in ChangeLog 2017-07-27 15:08:01 +01:00
Andres AG 2e65a54d5a Prevent signed integer overflow in CSR parsing
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-27 15:08:01 +01:00
Andres AG 7ca4a03955 Fix potential integer overflow parsing DER CRT
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-27 15:08:01 +01:00
Andres AG 7d97e669f0 Add CRT DER tests with incorrect version 2017-07-27 15:08:01 +01:00
Andres AG fff826cfd6 Add CRL DER tests with incorrect version 2017-07-27 15:08:01 +01:00