Commit graph

1645 commits

Author SHA1 Message Date
Janos Follath 3332937538 Changelog: Add entry for prime test improvement 2018-10-09 16:33:27 +01:00
Hanno Becker abe6003f5a Adapt ChangeLog 2018-10-09 12:44:47 +01:00
Hanno Becker dc71ef8fcc Adapt ChangeLog 2018-10-08 13:51:38 +01:00
Gilles Peskine c5ccd7a1e7 Indicate the memory access variations in the changelog entry 2018-10-05 15:42:52 +02:00
Hanno Becker 617a321ed9 Adapt ChangeLog 2018-10-05 09:52:59 +01:00
Gilles Peskine ddffa06501 Add ChangeLog entry 2018-10-03 13:40:16 +02:00
Simon Butcher 404aa65813 Add ChangeLog entry for Windows threading fix 2018-10-01 14:44:22 +01:00
Simon Butcher df0500d7bc Add Changelog entry for #482
Add Changelog entry for inline assembly/literal strings too long issue with
Clang.
2018-09-30 12:37:27 +01:00
Jaeden Amero 3725bb2d6d rsa: pss: Enable use of big hashes with small keys
It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or
1032-bit RSA key, but with the salt size being always equal to the hash
size, this isn't possible: the key is too small.

To enable use of hashes that are relatively large compared to the key
size, allow reducing the salt size to no less than the hash size minus 2
bytes. We don't allow salt sizes smaller than the hash size minus 2
bytes because that too significantly changes the security guarantees the
library provides compared to the previous implementation which always
used a salt size equal to the hash size. The new calculated salt size
remains compliant with FIPS 186-4.

We also need to update the "hash too large" test, since we now reduce
the salt size when certain key sizes are used. We used to not support
1024-bit keys with SHA-512, but now we support this by reducing the salt
size to 62. Update the "hash too large" test to use a 1016-bit RSA key
with SHA-512, which still has too large of a hash because we will not
reduce the salt size further than 2 bytes shorter than the hash size.

The RSA private key used for the test was generated using "openssl
genrsa 1016" using OpenSSL 1.1.1-pre8.

    $ openssl genrsa 1016
    Generating RSA private key, 1016 bit long modulus (2 primes)
    ..............++++++
    ....++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK
    yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D
    FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC
    gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0
    fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn
    Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk
    YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL
    DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK
    mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89
    5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns
    TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2
    JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS
    SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Simon Butcher 0592ea772a Merge remote-tracking branch 'public/pr/1140' into development 2018-09-27 11:37:42 +01:00
Simon Butcher 1afc767f23 Merge remote-tracking branch 'public/pr/1758' into development 2018-09-27 11:35:19 +01:00
Simon Butcher c86993e33c Merge remote-tracking branch 'public/pr/1970' into development 2018-09-27 09:48:54 +01:00
Simon Butcher c0514bfffe Added ChangeLog entry for yotta support removal 2018-09-26 18:08:54 +01:00
Manuel Pégourié-Gonnard 125af948c3 Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted
* development-restricted: (578 commits)
  Update library version number to 2.13.1
  Don't define _POSIX_C_SOURCE in header file
  Don't declare and define gmtime()-mutex on Windows platforms
  Correct preprocessor guards determining use of gmtime()
  Correct documentation of mbedtls_platform_gmtime_r()
  Correct typo in documentation of mbedtls_platform_gmtime_r()
  Correct POSIX version check to determine presence of gmtime_r()
  Improve documentation of mbedtls_platform_gmtime_r()
  platform_utils.{c/h} -> platform_util.{c/h}
  Don't include platform_time.h if !MBEDTLS_HAVE_TIME
  Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Replace 'thread safe' by 'thread-safe' in the documentation
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  ChangeLog: Add missing renamings gmtime -> gmtime_r
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  Minor documentation improvements
  Style: Add missing period in documentation in threading.h
  Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
  Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT
  ...
2018-09-11 12:39:14 +02:00
Simon Butcher 5d40f67138 Merge remote-tracking branch 'public/pr/1927' into development-restricted 2018-09-06 16:24:48 +01:00
Hanno Becker 921b76d056 Replace 'thread safe' by 'thread-safe' in the documentation 2018-09-05 16:21:36 +01:00
Hanno Becker acef292eac ChangeLog: Add missing renamings gmtime -> gmtime_r 2018-09-05 16:19:07 +01:00
Hanno Becker cfeb70c6b9 gmtime: Remove special treatment for IAR
Previous commits attempted to use `gmtime_s()` for IAR systems; however,
this attempt depends on the use of C11 extensions which lead to incompatibility
with other pieces of the library, such as the use of `memset()` which is
being deprecated in favor of `memset_s()` in C11.
2018-09-05 13:52:46 +01:00
Andres Amaya Garcia 45e30201a4 Document that IAR gmtime_s() is auto selected 2018-09-05 12:05:59 +01:00
Andres Amaya Garcia c29c34c1b4 Improve wording of gmtime feature in ChangeLog 2018-09-05 11:54:40 +01:00
Andres Amaya Garcia 8c9a620fb6 Fix missing word in ChangeLog entry for gmtime() 2018-09-05 11:30:28 +01:00
Simon Butcher c0a63bd0c1 Remove duplication of some entries in the ChangeLog
Fixes for #1941 and #1954 were listed twice.
2018-09-04 09:54:28 +01:00
Simon Butcher 4d075cd7d0 Update library version number to 2.13.0 2018-08-31 15:59:10 +01:00
Simon Butcher b5afb97244 Revised and clarified ChangeLog
Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
2018-08-31 11:59:56 +01:00
Simon Butcher 0bbb4fc132 Merge branch 'development' into development 2018-08-30 01:11:35 +01:00
Simon Butcher 552754a6ee Merge remote-tracking branch 'public/pr/1988' into development 2018-08-30 00:57:28 +01:00
Simon Butcher 68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Simon Butcher 07de4c0035 Merge remote-tracking branch 'public/pr/1920' into development 2018-08-30 00:56:08 +01:00
Nir Sonnenschein b7ebbcaa2c compile time warning of 128bit ctr_drbg keys and standardized warnings
a compile time print was added warning in case of 128bit ctr_drbg keys.
This was don't to avoid an actual warning in these cases
(making build with warnings as errors possible).
Additional warnings on the Changelog/headers were set to use the same phrasing
phrasing was approved by Gilles and Janos.
2018-08-29 10:20:12 +03:00
Simon Butcher 8a552cf9d6 Merge remote-tracking branch 'public/pr/1920' into development-restricted 2018-08-28 15:39:38 +01:00
Simon Butcher 129fa82908 Merge remote-tracking branch 'restricted/pr/470' into development-restricted 2018-08-28 15:26:11 +01:00
Simon Butcher 7f85563f9b Merge remote-tracking branch 'restricted/pr/491' into development-restricted 2018-08-28 15:22:40 +01:00
Hanno Becker 02f6f5af26 Adapt ChangeLog
Make explicit that buffering support is about DTLS.
2018-08-28 12:54:27 +01:00
Simon Butcher 9ce5160fea Merge remote-tracking branch 'public/pr/1965' into development 2018-08-28 12:34:14 +01:00
Simon Butcher 676d3fd116 Merge remote-tracking branch 'public/pr/1129' into development 2018-08-28 12:31:23 +01:00
Simon Butcher 9d5a9e1213 Merge remote-tracking branch 'public/pr/1625' into development 2018-08-28 12:23:40 +01:00
Simon Butcher 14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher 1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Simon Butcher 9598845d11 Merge remote-tracking branch 'public/pr/1955' into development 2018-08-28 12:00:18 +01:00
Simon Butcher 4613772dea Merge remote-tracking branch 'public/pr/1915' into development 2018-08-28 11:45:44 +01:00
Hanno Becker 0e96585bdd Merge branch 'datagram_packing' into message_reordering 2018-08-24 12:16:41 +01:00
Hanno Becker 1841b0a11c Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00
Hanno Becker a70fb95c82 Adapt ChangeLog 2018-08-23 14:36:50 +01:00
Hanno Becker aa24937853 Adapt ChangeLog 2018-08-22 10:27:13 +01:00
Hanno Becker 3546201dbc Merge branch 'datagram_packing' into message_reordering 2018-08-22 10:25:40 +01:00
Hanno Becker a67dee256d Merge branch 'iotssl-2402-basic-pmtu-adaptation' into datagram_packing 2018-08-22 10:06:38 +01:00
Manuel Pégourié-Gonnard b8eec192f6 Implement PMTU auto-reduction in handshake 2018-08-22 10:50:30 +02:00
Hanno Becker 170e2d89da Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-22 09:44:54 +01:00
Hanno Becker 5e863e02ac Adapt ChangeLog 2018-08-21 17:52:45 +01:00
Hanno Becker 903ee3d363 Merge branch 'datagram_packing' into message_reordering 2018-08-21 17:24:17 +01:00
Nir Sonnenschein 04354b0796 add ChangeLog entry 2018-08-21 17:53:38 +03:00
Manuel Pégourié-Gonnard f2f1d40d6d Improve wording in ChangeLog and documentation 2018-08-21 09:53:22 +02:00
Hanno Becker 6aeaa05a95 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-20 12:53:37 +01:00
Manuel Pégourié-Gonnard 6e7aaca146 Move MTU setting to SSL context, not config
This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)

There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
  during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
  based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 10:37:23 +02:00
Ron Eldor 34b03ef78f Remove redundant else statement
Remove `else` statement, as it is redundant. resolves #1776
2018-08-20 10:39:27 +03:00
Hanno Becker f103542c3d Adapt ChangeLog 2018-08-17 16:52:08 +01:00
Hanno Becker d87a59cc36 Adapt ChangeLog 2018-08-17 15:51:24 +01:00
Jaeden Amero 141e767fa9 Merge remote-tracking branch 'upstream-public/pr/1942' into development
Resolve conflicts in ChangeLog
2018-08-17 14:26:51 +01:00
Manuel Pégourié-Gonnard 3879fdfece Merge remote-tracking branch 'public/pr/1955' into iotssl-165-dtls-hs-fragmentation-new
* public/pr/1955:
  Adapt ChangeLog
  Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-17 10:49:47 +02:00
Hanno Becker eb2b15accd Improve ChangeLog wording for the commmit that Fixes #1954. 2018-08-17 09:47:22 +01:00
Andres Amaya Garcia a7b9f15f27 Add ChangeLog entry for configurable gmtime() in platform 2018-08-16 21:46:35 +01:00
Hanno Becker ad0fe92fb6 Adapt ChangeLog 2018-08-16 15:52:22 +01:00
Manuel Pégourié-Gonnard 637e234d9f Merge remote-tracking branch 'public/pr/1915' into iotssl-165-dtls-hs-fragmentation-new
* public/pr/1915:
  Adapt ChangeLog
  Fix mbedtls_ssl_get_record_expansion() for ChaChaPoly and CBC
2018-08-16 10:01:21 +02:00
Manuel Pégourié-Gonnard 0b1d9b2c75 Declare ssl_conf_mtu() 2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard 01ec4af023 Add ChangeLog entry 2018-08-16 10:01:10 +02:00
Janos Follath 08a4aebc46 HKDF: Add warning to partial functions
The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is
used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are
called in succession carefully and an equivalent way.

Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would
prevent any misuse, but doing so would require the TLS 1.3 stack to
break abstraction and bypass the module API.

To reduce the risk of misuse we add warnings to the function
descriptions.
2018-08-14 16:08:38 +01:00
Hanno Becker 9dc3be7601 Improve wording in ChangeLog 2018-08-14 15:22:05 +01:00
Hanno Becker 361f254eab Adapt ChangeLog 2018-08-13 16:36:58 +01:00
Ron Eldor d1a4762adb Use mbedtls_printf instead of printf
Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes #1908
2018-08-13 13:49:52 +03:00
Jaeden Amero d8f41698d2 Merge remote-tracking branch 'upstream-public/pr/1598' into development
Add a Changelog entry
2018-08-10 11:23:15 +01:00
Jaeden Amero 03bd4847b3 Merge remote-tracking branch 'upstream-public/pr/1861' into development
Add Changelog entry
2018-08-10 11:17:14 +01:00
Jaeden Amero cac0c1a250 Merge remote-tracking branch 'upstream-public/pr/1378' into development 2018-08-10 10:59:53 +01:00
Jaeden Amero 372b50b252 Add a ChangeLog entry for #1816 2018-08-10 10:56:31 +01:00
Jaeden Amero f48163a960 Merge remote-tracking branch 'upstream-public/pr/1834' into development 2018-08-10 10:49:10 +01:00
Andres Amaya Garcia 824dfb34b4 Add ChangeLog entry for use of gmtime 2018-08-07 20:29:57 +01:00
Hanno Becker 448146407f Adapt ChangeLog 2018-08-03 10:07:39 +01:00
Simon Butcher b363382ba4 Add ChangeLog entry for bug #1890 2018-07-30 22:10:48 +01:00
Angus Gratton 608a487b9c Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-27 09:15:34 +10:00
Simon Butcher 6c34268e20 Merge remote-tracking branch 'restricted/pr/501' into development-restricted 2018-07-26 14:24:56 +01:00
Simon Butcher f11a7cda73 Clarify Changelog entries
Corrected the Changelog to move an entry in the wrong place after a merge, some
entries which were Changes not bugfixes, and corrected style issues.
2018-07-25 17:29:59 +01:00
Jaeden Amero 193c86425e Update version to 2.12.0 2018-07-25 15:42:26 +01:00
Simon Butcher 37b9fd5df6 Merge remote-tracking branch 'restricted/pr/490' into development 2018-07-24 23:40:37 +01:00
Simon Butcher 2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher c88c627fba Merge remote-tracking branch 'public/pr/1658' into development 2018-07-24 17:19:10 +01:00
Ron Eldor 9cf0d53adc Add ChangeLog
Add entry in ChangeLog for the Key Wrapping feature.
2018-07-24 16:43:20 +01:00
Simon Butcher ccb43df37e Merge remote-tracking branch 'public/pr/927' into development 2018-07-24 13:06:54 +01:00
Simon Butcher dad05b7fc9 Merge remote-tracking branch 'public/pr/1844' into development 2018-07-24 13:05:09 +01:00
Simon Butcher 05330541ea Revise ChangeLog entry for empty data records fixes 2018-07-24 12:54:15 +01:00
Simon Butcher 116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher fced1f2fb3 Merge remote-tracking branch 'public/pr/1854' into development 2018-07-24 10:26:46 +01:00
Simon Butcher ecb635efca Add ChangeLog entry for #1098 fix. 2018-07-24 10:03:41 +01:00
Brian J Murray 4736e96568 add myself to changelog 2018-07-23 10:34:47 -07:00
Ron Eldor 4e64e0b922 Fix after PR comments
1. Don't set IV onECB
2. Fix style issues
3. reduce number of tests
2018-07-23 18:18:32 +01:00
Ron Eldor 7b01244b99 Add tests for mbedtls_cipher_crypt API
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
2018-07-23 18:02:09 +01:00
Andres Amaya Garcia 81f0633c16 Add ChangeLog entry for empty app data fix 2018-07-20 23:09:29 +01:00
Angus Gratton 1a7a17e548 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-20 23:09:29 +01:00
Angus Gratton b512bc1d29 CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-20 23:09:29 +01:00
Simon Butcher 922bd1efb2 Merge remote-tracking branch 'public/pr/1752' into development 2018-07-20 14:33:18 +01:00
Simon Butcher 862e703d51 Merge remote-tracking branch 'public/pr/921' into development 2018-07-20 14:30:50 +01:00
Simon Butcher 4f37bcabf9 Fix ChangeLog entry for issue #1663
The ChangeLog entry was under the wrong version, and under Changes, not
BugFixes.
2018-07-19 19:52:32 +01:00