Commit graph

2725 commits

Author SHA1 Message Date
Andres Amaya Garcia 4a512281ec Reduce priority of 3DES ciphersuites 2019-03-01 10:19:27 +01:00
Andres Amaya Garcia d8233f76db Improve docs for named bitstrings and their usage 2019-02-28 09:36:30 +00:00
Andres Amaya Garcia 6e95914f0e Add new function mbedtls_asn1_write_named_bitstring()
Add a new function mbedtls_asn1_write_named_bitstring() that removes
trailing 0s at the end of DER encoded bitstrings. The function is
implemented according to Hanno Becker's suggestions.

This commit also changes the functions x509write_crt_set_ns_cert_type
and crt_set_key_usage to call the new function as the use named
bitstrings instead of the regular bitstrings.
2019-02-28 09:36:30 +00:00
Janos Follath df9295b7ec Make ecp_get_type public
The ecp_get_type function comes handy in higher level modules and tests
as well. It is not inline anymore, to enable alternative implementations
to implement it for themselves.
2019-02-26 16:49:42 +00:00
Janos Follath 28eb06df16 ECP: Catch unsupported import/export
mbedtls_ecp_read_key() module returned without an error even when
importing keys corresponding to the requested group was not
implemented.

We change this and return an error when the requested group is not
supported and make the remaining import/export functions more robust.
2019-02-26 16:48:40 +00:00
Janos Follath b65853c6b6 Improve documentation of mbedtls_ecp_read_key 2019-02-26 16:48:40 +00:00
Hanno Becker fe4ef0c1ae Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2019-02-26 14:38:09 +00:00
Hanno Becker 958efeb481 Improve documentation of mbedtls_ssl_get_peer_cert() 2019-02-26 14:38:09 +00:00
Hanno Becker fd7f298c6a Improve documentation of MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2019-02-26 14:38:09 +00:00
Hanno Becker 3fd3f5ebe4 Fix indentation of Doxygen comment in ssl_internal.h 2019-02-26 14:38:09 +00:00
Hanno Becker 1aed7779ec Remove misleading and redundant guard around restartable ECC field
`MBEDTLS_SSL__ECP_RESTARTABLE` is only defined if
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED` is set, which
requires `MBEDTLS_X509_PARSE_C` to be set (this is checked
in `check_config.`). The additional `MBEDTLS_X509_PARSE_C`
guard around the `ecrs_peer_cert` field is therefore not
necessary; moreover, it's misleading, because it hasn't
been used consistently throughout the code.
2019-02-26 14:38:09 +00:00
Hanno Becker abe6f66c00 Remove peer CRT from mbedtls_ssl_session if new option is disabled 2019-02-26 14:38:09 +00:00
Hanno Becker 75173121fe Add field for peer's raw public key to TLS handshake param structure
When removing the (session-local) copy of the peer's CRT chain, we must
keep a handshake-local copy of the peer's public key, as (naturally) every
key exchange will make use of that public key at some point to verify that
the peer actually owns the corresponding private key (e.g., verify signatures
from ServerKeyExchange or CertificateVerify, or encrypt a PMS in a RSA-based
exchange, or extract static (EC)DH parameters).

This commit adds a PK context field `peer_pubkey` to the handshake parameter
structure `mbedtls_handshake_params_init()` and adapts the init and free
functions accordingly. It does not yet make actual use of the new field.
2019-02-26 14:38:09 +00:00
Hanno Becker 494dd7a6b4 Add raw public key buffer bounds to mbedtls_x509_crt struct
This commit adds an ASN.1 buffer field `pk_raw` to `mbedtls_x509_crt`
which stores the bounds of the raw public key data within an X.509 CRT.

This will be useful in subsequent commits to extract the peer's public
key from its certificate chain.
2019-02-26 14:38:09 +00:00
Hanno Becker a887d1a5b6 Remove peer CRT from cache if !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2019-02-26 14:38:09 +00:00
Hanno Becker 3dad311ef0 Parse and verify peer CRT chain in local variable
`mbedtls_ssl_parse_certificate()` parses the peer's certificate chain
directly into the `peer_cert` field of the `mbedtls_ssl_session`
structure being established. To allow to optionally remove this field
from the session structure, this commit changes this to parse the peer's
chain into a local variable instead first, which can then either be freed
after CRT verification - in case the chain should not be stored - or
mapped to the `peer_cert` if it should be kept. For now, only the latter
is implemented.
2019-02-26 14:38:09 +00:00
Hanno Becker 9198ad1101 Extend mbedtls_ssl_session by buffer holding peer CRT digest 2019-02-26 14:38:09 +00:00
Hanno Becker bb278f52ca Add configuration option to remove peer CRT after handshake 2019-02-26 14:38:09 +00:00
Hanno Becker 4a82c1ccb4 Improve documentation of mbedtls_ssl_get_peer_cert() 2019-02-26 14:38:09 +00:00
Hanno Becker 52055ae91f Give ssl_session_copy() external linkage
A subsequent commit will need this function in the session ticket
and session cache implementations. As the latter are server-side,
this commit also removes the MBEDTLS_SSL_CLI_C guard.

For now, the function is declared in ssl_internal.h and hence not
part of the public API.
2019-02-26 14:38:09 +00:00
Hanno Becker 7177a88a36 Introduce helper function to determine whether suite uses server CRT
This commit introduces a static helper function

   `mbedtls_ssl_ciphersuite_uses_srv_cert()`

which determines whether a ciphersuite may make use of server-side CRTs.

This function is in turn uses in `mbedtls_ssl_parse_certificate()` to
skip certificate parsing for ciphersuites which don't involve CRTs.

Note: Ciphersuites not using server-side CRTs don't allow client-side CRTs
either, so it is safe to guard `mbedtls_ssl_{parse/write}_certificate()`
this way.

Note: Previously, the code uses a positive check over the suites

- MBEDTLS_KEY_EXCHANGE_PSK
- MBEDTLS_KEY_EXCHANGE_DHE_PSK
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
- MBEDTLS_KEY_EXCHANGE_ECJPAKE,

while now, it uses a negative check over `mbedtls_ssl_ciphersuite_uses_srv_cert()`,
which checks for the suites

- MBEDTLS_KEY_EXCHANGE_RSA
- MBEDTLS_KEY_EXCHANGE_RSA_PSK
- MBEDTLS_KEY_EXCHANGE_DHE_RSA
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA

This is equivalent since, together, those are all ciphersuites.
Quoting ssl_ciphersuites.h:

```
typedef enum {
    MBEDTLS_KEY_EXCHANGE_NONE = 0,
    MBEDTLS_KEY_EXCHANGE_RSA,
    MBEDTLS_KEY_EXCHANGE_DHE_RSA,
    MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
    MBEDTLS_KEY_EXCHANGE_PSK,
    MBEDTLS_KEY_EXCHANGE_DHE_PSK,
    MBEDTLS_KEY_EXCHANGE_RSA_PSK,
    MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
    MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
    MBEDTLS_KEY_EXCHANGE_ECJPAKE,
} mbedtls_key_exchange_type_t;
```
2019-02-26 14:38:09 +00:00
Janos Follath e344d0f6fc Add little endian export to Bignum
The function `mbedtls_mpi_write_binary()` writes big endian byte order,
but we need to be able to write little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs ..` to transform the test data to little endian.
2019-02-22 15:41:31 +00:00
Janos Follath 171a7efd02 Add mbedtls_ecp_read_key
The private keys used in ECDH differ in the case of Weierstrass and
Montgomery curves. They have different constraints, the former is based
on big endian, the latter little endian byte order. The fundamental
approach is different too:
- Weierstrass keys have to be in the right interval, otherwise they are
  rejected.
- Any byte array of the right size is a valid Montgomery key and it
  needs to be masked before interpreting it as a number.

Historically it was sufficient to use mbedtls_mpi_read_binary() to read
private keys, but as a preparation to improve support for Montgomery
curves we add mbedtls_ecp_read_key() to enable uniform treatment of EC
keys.

For the masking the `mbedtls_mpi_set_bit()` function is used. This is
suboptimal but seems to provide the best trade-off at this time.
Alternatives considered:
- Making a copy of the input buffer (less efficient)
- removing the `const` constraint from the input buffer (breaks the api
and makes it less user friendly)
- applying the mask directly to the limbs (violates the api between the
modules and creates and unwanted dependency)
2019-02-22 15:39:03 +00:00
Janos Follath a778a94b7d Add little endian import to Bignum
The function `mbedtls_mpi_read_binary()` expects big endian byte order,
but we need to be able to read from little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs .. | tr [a-z] [A-Z]` to transform the test data
to little endian and `echo "ibase=16;xx" | bc` to convert to decimal.
2019-02-22 15:38:32 +00:00
Jaeden Amero 86016a03a1 Merge remote-tracking branch 'origin/pr/2338' into development 2019-02-22 12:55:30 +00:00
Hanno Becker 85fd913950 Fix typo in check_config.h 2019-02-22 12:50:35 +00:00
Gilles Peskine 43f564f29d Define MBEDTLS_ECDH_LEGACY_CONTEXT in config.h
Define MBEDTLS_ECDH_LEGACY_CONTEXT in config.h instead of hard-coding
this in ecdh.h so that its absence can be tested. Document it as
experimental so that we reserve the right to change it in the future.
2019-02-22 13:04:20 +01:00
Jaeden Amero 8963b0311c Merge remote-tracking branch 'origin/pr/2411' into development 2019-02-22 10:32:44 +00:00
Hanno Becker 1ce51e4dc3 Forbid setting MBEDTLS_ECP_RESTARTABLE and MBEDTLS_USE_PSA_CRYPTO_C
Restartable ECC isn't supported in PSA yet.
2019-02-22 10:25:47 +00:00
Gilles Peskine 13cf3eca5b Fix typo in documentation 2019-02-21 17:29:22 +01:00
Hanno Becker 1eeca41472 Improve macro hygiene
This commit improves hygiene and formatting of macro definitions
throughout the library. Specifically:
- It adds brackets around parameters to avoid unintended
  interpretation of arguments, e.g. due to operator precedence.
- It adds uses of the `do { ... } while( 0 )` idiom for macros that
  can be used as commands.
2019-02-19 17:59:00 +00:00
Hanno Becker 135baef1bd Define maximum EC public key length depending on enabled curves 2019-02-18 17:04:24 +00:00
Hanno Becker df51dbe17f Add fields for PSA-based ECDHE to handshake structure
This is the first in a series of commits adding client-side
support for PSA-based ECDHE.

Previously, the state of an ECDHE key agreement was maintained
in the field mbedtls_ssl_handshake_params::ecdh_ctx, of type
::mbedtls_ecdh_context and manipulated through the ECDH API.

The ECDH API will be superseeded by the PSA Crypto API for key
agreement, which needs the following data:
(a) A raw buffer holding the public part of the key agreement
    received from our peer.
(b) A key slot holding the private part of the key agreement.
(c) The algorithm to use.
The commit adds fields to ::mbedtls_ssl_handshake_params
representing these three inputs to PSA-based key agreement.

Specifically, it adds a field for the key slot holding the
ECDH private key, a field for the EC curve identifier, and
a buffer holding the peer's public key.

Note: Storing the peer's public key buffer is slightly
inefficient, as one could perform the ECDH computation
as soon as the peer sends its public key, either working
with in-place or using a stack-buffer to reformat the
public key before passing it to PSA. This optimization
is left for a later commit.
2019-02-18 16:41:55 +00:00
Hanno Becker f75f912c31 Add functions to psa_util module to convert EC public keys 2019-02-18 16:37:12 +00:00
k-stachowiak 28cb6fbd47 Unbump version to 0.0.0 2019-02-18 12:01:03 +01:00
Jaeden Amero 2d7926674d psa_utils: Make fallthrough clear for compilers
Silence a compiler warning about implicit fallthrough by using a comment
format the compiler understand to mean that the fallthrough is
intentional.

  In file included from library/cipher.c:63:0:
  include/mbedtls/psa_util.h: In function ‘mbedtls_psa_translate_cipher_mode’:
  include/mbedtls/psa_util.h:91:15: error: this statement may fall through [-Werror=implicit-fallthrough=]
               if( taglen == 0 )
                 ^
  include/mbedtls/psa_util.h:94:9: note: here
           default:
           ^~~~~~~
  cc1: all warnings being treated as errors

  $ gcc --version
  gcc (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0
  Copyright (C) 2017 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
2019-02-15 09:50:38 -05:00
Hanno Becker 1a65dcd44f Add a new X.509 API call for copy-less parsing of CRTs
Context:
The existing API `mbedtls_x509_parse_crt_der()` for parsing DER
encoded X.509 CRTs unconditionally makes creates a copy of the
input buffer in RAM. While this comes at the benefit of easy use,
-- specifically: allowing the user to free or re-use the input
buffer right after the call -- it creates a significant memory
overhead, as the CRT is duplicated in memory (at least temporarily).
This might not be tolerable a resource constrained device.

As a remedy, this commit adds a new X.509 API call

   `mbedtls_x509_parse_crt_der_nocopy()`

which has the same signature as `mbedtls_x509_parse_crt_der()`
and almost the same semantics, with one difference: The input
buffer must persist and be unmodified for the lifetime of the
established instance of `mbedtls_x509_crt`, that is, until
`mbedtls_x509_crt_free()` is called.
2019-02-08 14:24:58 +00:00
Jaeden Amero fb236739da Revert "Forbid passing NULL input buffers to RSA encryption routines"
Resolve incompatibilties in the RSA module where changes made for
parameter validation prevent Mbed Crypto from working. Mbed Crypto
depends on being able to pass zero-length buffers that are NULL to RSA
encryption functions.

This reverts commit 2f660d047d.
2019-02-08 08:43:31 -05:00
Andrzej Kurek 02f39ace58 Adjust documentation of mbedtls_cipher_update_ad 2019-02-08 06:50:55 -05:00
Andrzej Kurek 57f04e56c1 Adjust documentation of mbedtls_cipher_update_ad
Fix indentation and capitalization
2019-02-08 06:44:43 -05:00
Andrzej Kurek 8a2e97c2df Merge development-psa commit 80b5662 into development-psa-merged branch
Adjust crypto submodule version to use new, forked crypto version accordingly.
2019-02-05 06:02:51 -05:00
Andrzej Kurek c690523d2b Merge PSA config and check-config changes
Introduce MBEDTLS_PSA_HAS_ITS_IO, MBEDTLS_PSA_CRYPTO_SPM,
MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C,
MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C.
Disable crypto storage by default.
2019-02-05 05:26:00 -05:00
Andrzej Kurek b274f2739e Documentation fixes 2019-02-05 05:06:35 -05:00
Andrzej Kurek 246cc86f66 cipher: fix indentation 2019-02-05 04:40:53 -05:00
Jaeden Amero 80b566267f Merge remote-tracking branch 'origin/pr/2386' into development-psa 2019-02-04 16:42:23 +00:00
Jaeden Amero d18b264eaf Merge remote-tracking branch 'origin/pr/2382' into development-psa 2019-02-04 16:41:46 +00:00
Andrzej Kurek de5a007316 Merge development commit f352f7 into development-psa 2019-02-01 07:03:03 -05:00
Hanno Becker 493c171a1c Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.

Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.

Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.

The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.

By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.

The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.

That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:25:25 +00:00
Hanno Becker 812e12452a Add function to find OID for PSA ECC curve identifiers 2019-02-01 10:06:51 +00:00
Andrzej Kurek c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Jaeden Amero c42dd60f1f Merge remote-tracking branch 'origin/pr/1949' into development 2019-01-30 14:46:35 +00:00
Jaeden Amero dac9f45e5a Merge remote-tracking branch 'origin/pr/1551' into development 2019-01-30 13:24:55 +00:00
Jaeden Amero 730ecdf3b1 Merge remote-tracking branch 'origin/pr/2371' into development 2019-01-30 13:15:40 +00:00
Andrzej Kurek 972fba51ed ssl_tls: rename sha_512_psa to sha_384_psa 2019-01-30 03:29:12 -05:00
Andrzej Kurek eb342241a5 ssl_tls: use PSA to compute running handshake hash for TLS 1.2 2019-01-29 09:14:33 -05:00
Andrzej Kurek 814feffd15 Whitespace, logging and documentation fixes
Introduce a psa_status_t status to handle return values.
Add a debug message with API usage description.
2019-01-28 07:04:19 -05:00
Andrzej Kurek d6db9be598 Adapt mbedtls_ssl_get_key_exchange_md_tls1_2 to PSA hashing 2019-01-28 07:04:19 -05:00
Manuel Pégourié-Gonnard 430a66f19a Fix backwards config dependency on oid.c
The file oid.c had conditional inclusion of functions based on a config.h
define that belongs to X.509, which is backwards. For now, just include those
functions unconditionally and rely on the linker to garbage-collect them if
not used.

In the longer term X.509-specific functions are likely to be removed from
libmbedcrypto, but at this step the goal is to preserve the API (and even ABI)
of libmbedcrypto for as long as possible while separating the source trees of
Mbed Crypto and Mbed TLS.
2019-01-28 10:31:39 +01:00
Manuel Pégourié-Gonnard c49ada41d4 Fix backwards include of x509.h in oid.h
As agreed during the workshop, temporarily move definitions to oid.h even if
they might not semantically belong here, as a short-term measure allowing to
build libmbecrypto on its own (without X.509 files present in the source tree)
but still provide all the things Mbed TLS currently expects, and more
specifically preserve the API and ABI exposed by libmbedtls.
2019-01-28 09:26:19 +01:00
Antonin Décimo 36e89b5b71 Fix #2370, minor typos and spelling mistakes 2019-01-24 10:37:40 +01:00
Simon Butcher 442ca5710b Merge remote-tracking branch 'public/pr/1375' into development 2019-01-23 10:27:05 +01:00
Simon Butcher a3c821d143 Merge remote-tracking branch 'public/pr/2319' into development 2019-01-23 10:21:05 +01:00
Andrzej Kurek 7deba18576 Remove unnecessary "#" sign from PSA macros 2019-01-22 06:29:45 -05:00
Jeffrey Martin d25fd8d4c9
MIPS register hints without $ for compatibility
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:01:40 -06:00
Jeffrey Martin 2f70e4b2f9
add hints for mips registers that may need restore
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 16:40:18 -06:00
Andrzej Kurek 62594a8b12 pk_wrap: pass curve size instead of a larger size of the exported key
Whitespace fixes
2019-01-14 05:14:18 -05:00
Andrzej Kurek 93a38a3101 pk: wrap curve_id before passing it to PSA
Add a helper function in PSA utils
2019-01-14 05:09:46 -05:00
Simon Butcher 62ec2dd68f Merge remote-tracking branch 'public/pr/975' into development 2019-01-08 16:28:08 +00:00
Andrzej Kurek 2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
k-stachowiak 6b5ef48bf7 Add a configuration fix for vsnprintf for non-conforming platforms 2019-01-07 16:53:29 +01:00
Darryl Green a7064c3b8c Move ecp_restartable definitions out of the MBEDTLS_ECP_ALT guards
As there are some definitions that are defined regardless of
whether MBEDTLS_ECP_RESTARTABLE is defined or not, these definitions
need to be moved outside the MBEDTLS_ECP_ALT guards. This is a simple
move as MBEDTLS_ECP_ALT and MBEDTLS_ECP_RESTARTABLE are mutually
exclusive options.
2019-01-07 10:23:34 +00:00
GuHaijun 983acb75f0 Fix include file path 2018-12-28 11:11:10 +08:00
Simon Butcher 6c164e754b Update the version of the library to 2.16.0 2018-12-21 10:51:51 +00:00
Simon Butcher fed19be501 Merge remote-tracking branch 'public/pr/2126' into development-restricted 2018-12-20 12:35:09 +00:00
Simon Butcher 6df8c53cd4 Merge remote-tracking branch 'public/pr/2134' into development-restricted 2018-12-20 12:34:44 +00:00
Simon Butcher ad7c2105a2 Merge remote-tracking branch 'public/pr/2274' into development 2018-12-20 12:16:57 +00:00
Simon Butcher 12b4240300 Merge remote-tracking branch 'public/pr/2288' into development 2018-12-20 12:16:46 +00:00
Simon Butcher c831193c85 Merge remote-tracking branch 'public/pr/2302' into development 2018-12-20 12:16:39 +00:00
Simon Butcher 1efda39f8a Merge remote-tracking branch 'public/pr/2297' into development 2018-12-20 12:16:29 +00:00
Simon Butcher 5aa7809ac8 Merge remote-tracking branch 'public/pr/2275' into development 2018-12-20 12:15:19 +00:00
Simon Butcher 780cf189b0 Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
Simon Butcher 032c037052 Merge remote-tracking branch 'public/pr/2270' into development 2018-12-20 12:04:13 +00:00
Simon Butcher a033633bb0 Merge remote-tracking branch 'public/pr/2269' into development 2018-12-20 12:02:56 +00:00
Simon Butcher 70935a4001 Merge remote-tracking branch 'public/pr/2299' into development 2018-12-20 12:02:23 +00:00
Simon Butcher 003c0e032f Merge remote-tracking branch 'public/pr/2292' into development 2018-12-20 12:02:17 +00:00
Simon Butcher decf2f5c2c Merge remote-tracking branch 'public/pr/2291' into development 2018-12-20 12:02:11 +00:00
Simon Butcher 65ce5dc981 Merge remote-tracking branch 'public/pr/2290' into development 2018-12-20 12:02:05 +00:00
Simon Butcher ad2e0dae32 Merge remote-tracking branch 'public/pr/2283' into development 2018-12-20 12:01:58 +00:00
Simon Butcher 0bbf7f450d Merge remote-tracking branch 'public/pr/2279' into development 2018-12-20 12:01:49 +00:00
Simon Butcher 962b7b17d5 Merge remote-tracking branch 'public/pr/2273' into development 2018-12-20 12:01:17 +00:00
Simon Butcher 6be67a6518 Merge remote-tracking branch 'public/pr/2281' into development 2018-12-20 12:01:09 +00:00
Simon Butcher dac513e246 Merge remote-tracking branch 'public/pr/2282' into development 2018-12-20 12:01:04 +00:00
Simon Butcher ccafd14fee Merge remote-tracking branch 'public/pr/2276' into development 2018-12-20 12:00:57 +00:00
Simon Butcher 2a8d32c6c1 Merge remote-tracking branch 'public/pr/2287' into development 2018-12-20 12:00:50 +00:00
k-stachowiak 247a782668 Increase strictness of NULL parameter validity in CCM's doxygen 2018-12-19 19:02:39 +01:00
k-stachowiak 6adb0574ea Improve details of CCM parameter validation and documentation 2018-12-19 19:02:39 +01:00
k-stachowiak 9da5d7cd83 Adjust mbedtls_ccm_free() documentation 2018-12-19 19:02:39 +01:00
k-stachowiak 373a660193 Fix a documentation typo 2018-12-19 19:02:39 +01:00
k-stachowiak b92f9334e4 Doxygen comments improvement 2018-12-19 19:02:39 +01:00
k-stachowiak 12f0d5c66d Improve the constraints definition in the doxygen comments in CCM 2018-12-19 19:02:39 +01:00