Commit graph

2201 commits

Author SHA1 Message Date
Janos Follath 6b4bd3dcc4 CCM*: Improve documentation 2018-05-29 11:59:22 +01:00
Janos Follath 5dc8cfa8f1 CCM*: Add public API
Interface for CCM* (described in IEEE Std 802.15.4.).
2018-05-29 11:59:22 +01:00
Azim Khan 45b79cf12b Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-05-25 14:54:14 +01:00
Zach van Rijn e7d3f8e2ea Fix MicroBlaze register typo. 2018-05-25 08:02:18 -04:00
Manuel Pégourié-Gonnard be78b07015 chachapoly: warn against piecewise decryption 2018-05-24 19:33:59 +02:00
Manuel Pégourié-Gonnard fa0c47d4c8 Fix typo in doc and copy missing warning 2018-05-24 19:02:06 +02:00
Manuel Pégourié-Gonnard 98fae6d800 ChaCha20: move working state from ctx to stack
No need to keep it around.
2018-05-24 17:38:31 +02:00
Manuel Pégourié-Gonnard c22e61a081 Add ifdef for selftest in header file
See https://github.com/ARMmbed/mbedtls/pull/975
2018-05-24 16:54:57 +02:00
Manuel Pégourié-Gonnard 3798b6be6b Add some error codes and merge others
- need HW failure codes too
- re-use relevant poly codes for chachapoly to save on limited space

Values were chosen to leave 3 free slots at the end of the NET odd range.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 32902e6eae cipher: handle ChaCha20 as a stream cipher
That's what it is. So we shouldn't set a block size != 1.

While at it, move call to chachapoly_update() closer to the one for GCM, as
they are similar (AEAD).
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard b8bd80aa02 Add FEATURE_NOT_AVAILABLE error codes. 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 5ef92d309a chachapoly: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the GCM API that
very comparable to it, so switch to (pointer, len) for consistency.

Note that the crypt_and_tag() and auth_decrypt() functions were already using
the same convention as GCM, so this also increases intra-module consistency.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard b1ac5e7842 poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard b500f8b911 Update documentation to match new guidelines. 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 346b8d5050 chachapoly: split crypt_and_mac() to match GCM API
In addition to making the APIs of the various AEAD modules more consistent
with each other, it's useful to have an auth_decrypt() function so that we can
safely check the tag ourselves, as the user might otherwise do it in an
insecure way (or even forget to do it altogether).
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 56206c4db1 Remove semi-internal chacha20_keystrem_block()
It's actually easy to implement chachapoly without it, so let's not clutter
the API (and avoid adding a burden to alt implementers).
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 502f189253 ChaCha20: allow in-place en/decryption
All other ciphers so far allow this. In particular, the TLS layer depends on
this, despite what's documented in the Cipher layer, see
https://github.com/ARMmbed/mbedtls/issues/1085
https://github.com/ARMmbed/mbedtls/issues/1087

Also, this can be useful for implementing chachapoly without depending on the
semi-internal function keystream_block(), see next commit.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 4edd51babe Rename poly1305_setkey() to poly1305_starts()
For consistency with the existing CMAC and HMAC APIs
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 823b7a0ce7 Add missing extern "C" guard to new headers 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 95d0bdbd84 Adapt the _ALT style to our new standard
- in .h files: only put the context declaration inside the #ifdef _ALT
  (this was changed in 2.9.0, ie after the original PR)
- in .c file: only leave selftest out of _ALT: even though some function are
  trivial to build from other parts, alt implementors might want to go another
way about them (for efficiency or other reasons)
2018-05-24 13:37:31 +02:00
Daniel King 8fe4701abe Add ChaCha20+Poly1305 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King a310c5e42b Allow some parameters to be NULL if the length is 0.
This change permits users of the ChaCha20/Poly1305 algorithms
(and the AEAD construction thereof) to pass NULL pointers for
data that they do not need, and avoids the need to provide a valid
buffer for data that is not used.
2018-05-24 13:37:31 +02:00
Daniel King b8025c5826 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-24 13:37:31 +02:00
Daniel King adc32c0b50 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-24 13:37:31 +02:00
Daniel King bd92062269 Add ChaCha20 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King 34b822ce7b Initial implementation of ChaCha20 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard d0f143b1c9 Update CTR doc for the 64-bit block cipher
- constants need adjustment
- don't mention "random nonces" as the space is too small
2018-05-24 12:01:58 +02:00
Manuel Pégourié-Gonnard 4f24e9502e Update CTR doc for other 128-bit block ciphers 2018-05-24 11:59:30 +02:00
Manuel Pégourié-Gonnard f5842864d8 Slightly tune ARIA CTR documentation 2018-05-24 11:51:58 +02:00
Moran Peker a64fba41fb Remove double declaration of mbedtls_ssl_list_ciphersuites
Raised by TrinityTonic. #1359
2018-05-23 18:13:05 +01:00
Simon Butcher 2f3a581567 Merge remote-tracking branch 'public/pr/1178' into development 2018-05-23 16:15:13 +01:00
Manuel Pégourié-Gonnard 8a1b2c8806 Update CTR documentation 2018-05-23 13:26:22 +02:00
Manuel Pégourié-Gonnard a3712beb9b Merge branch 'development' into iotssl-1941-aria-ciphersuites
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
2018-05-22 15:58:50 +02:00
Manuel Pégourié-Gonnard 0960b80d53 Move to new header style for ALT implementations
See https://github.com/ARMmbed/mbedtls-restricted/pull/357
2018-05-22 15:22:07 +02:00
Manuel Pégourié-Gonnard c0893122df Add ifdef for selftest in header file
See https://github.com/ARMmbed/mbedtls/pull/975
2018-05-22 15:17:20 +02:00
Manuel Pégourié-Gonnard 08c337d058 Remove useless parameter from function 2018-05-22 13:18:01 +02:00
Manuel Pégourié-Gonnard 9d410733c2 Fix typos from copy-pasting 2018-05-22 12:49:22 +02:00
Darryl Green 11999bb72e Fix minor code style issues 2018-05-15 09:21:57 +01:00
Jaeden Amero a331e0f0af Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed 2018-05-04 14:39:24 +01:00
Jaeden Amero fb19399f41 Merge remote-tracking branch 'upstream-public/pr/1498' into development-proposed 2018-05-04 11:09:14 +01:00
Gilles Peskine 9ceae8b4f6 Clarify "as directed here" in SSL async callback documentation 2018-04-30 16:37:03 +02:00
Gilles Peskine ea5fab829c SSL async callbacks documentation: clarify resource cleanup
Clarify when resume must clean up resources and when cancel is called.
2018-04-30 13:58:09 +02:00
Gilles Peskine 1febfef561 Rename mbedtls_ssl_async_{get,set}_data for clarity
Rename to mbedtls_ssl_get_async_operation_data and
mbedtls_ssl_set_async_operation_data so that they're about
"async operation data" and not about some not-obvious "data".
2018-04-30 11:54:39 +02:00
Gilles Peskine 6a8cb36c24 Fix copypasta in the async callback documentation 2018-04-30 11:54:14 +02:00
Jaeden Amero 7d7bad6b1f Update version to 2.9.0
Bump SOVERSION for parity with 2.7.2 and 2.7.3.
2018-04-30 09:58:33 +01:00
Gilles Peskine 807d74a062 SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
The certificate passed to async callbacks may not be the one set by
mbedtls_ssl_conf_own_cert. For example, when using an SNI callback,
it's whatever the callback is using. Document this, and add a test
case (and code sample) with SNI.
2018-04-30 10:30:49 +02:00
Jaeden Amero fe0669f52a ecp: Fix binary compatibility with group ID
We naturally added the new Curve448 ECP group ID in alphabetical order in
the mbedtls_ecp_group_id enum. However, this causes binary incompatibility
issues as previous binaries will use values for groups that now have a
different meaning. For example, MBEDTLS_ECP_DP_SECP192K1, old value 10,
would mean Curve448 (MBEDTLS_ECP_DP_CURVE448) and the wrong group ID used.

Fix the binary compatibility issue by adding new enum entries to the end of
the enum, even though this isn't so great for readbility as the list is no
longer in alphabetical order. However, the list wasn't perfectly in
alphabetical order before anyway.
2018-04-27 18:20:31 +01:00
Gilles Peskine 20deb01264 Improve documentation of the async callback's crypto parameters 2018-04-26 17:57:37 +02:00
Gilles Peskine 783007375f Change boolean bitfield to unsigned
Reminder to self: 1 is not a valid value in a 1-bit bitfield. It's
undefined behavior and gcc -ansi -pedantic helpfully complains about it.
2018-04-26 13:03:29 +02:00
Gilles Peskine 5ffe41c8f9 Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default
This is an ABI change in libmbedtls.
2018-04-26 11:51:03 +02:00
Gilles Peskine ac5e8a3286 Document that callbacks must not return arbitrary SSL errors 2018-04-26 11:50:07 +02:00
Gilles Peskine 8f97af7ea3 Don't pass the async config data to async callbacks
The config data is in the SSL config, so callbacks can retrieve it
from there, with the new function mbedtls_ssl_conf_get_async_config_data.
2018-04-26 11:46:10 +02:00
Gilles Peskine 2481a712ed Doxygen formatting improvements 2018-04-26 10:00:40 +02:00
Gilles Peskine d3268834f3 Document what the SSL async sign callback needs to do with RSA
Document how the SSL async sign callback must treat its md_alg and
hash parameters when doing an RSA signature: sign-the-hash if md_alg
is nonzero (TLS 1.2), and sign-the-digestinfo if md_alg is zero
(TLS <= 1.1).

In ssl_server2, don't use md_alg=MBEDTLS_MD_NONE to indicate that
ssl_async_resume must perform an encryption, because md_alg is also
MBEDTLS_MD_NONE in TLS <= 1.1. Add a test case to exercise this
case (signature with MBEDTLS_MD_NONE).
2018-04-26 10:00:40 +02:00
Gilles Peskine ad28bf0e58 Documentation improvements 2018-04-26 10:00:40 +02:00
Gilles Peskine df13d5c7a6 Pass the SSL context to async callbacks
When a handshake step starts an asynchronous operation, the
application needs to know which SSL connection the operation is for,
so that when the operation completes, the application can wake that
connection up. Therefore the async start callbacks need to take the
SSL context as an argument. It isn't enough to let them set a cookie
in the SSL connection, the application needs to be able to find the
right SSL connection later.

Also pass the SSL context to the other callbacks for consistency. Add
a new field to the handshake that the application can use to store a
per-connection context. This new field replaces the former
context (operation_ctx) that was created by the start function and
passed to the resume function.

Add a boolean flag to the handshake structure to track whether an
asynchronous operation is in progress. This is more robust than
relying on the application to set a non-null application context.
2018-04-26 10:00:40 +02:00
Gilles Peskine 9b562d5c36 mbedtls_ssl_handshake_free: take the SSL context as argument
Change the signature of mbedtls_ssl_handshake_free again. Now take the
whole SSL context as argument and not just the configuration and the
handshake substructure.

This is in preparation for changing the asynchronous cancel callback
to take the SSL context as an argument.
2018-04-26 10:00:40 +02:00
Gilles Peskine b74a1c73b1 Rename MBEDTLS_SSL_ASYNC_PRIVATE_C to MBEDTLS_SSL_ASYNC_PRIVATE
This is an optional feature, not a module of its own, so don't call it
MBEDTLS_xxx_C and put it in the appropriate section of config.h.
2018-04-26 10:00:39 +02:00
Gilles Peskine f112725487 Style and grammar fixes 2018-04-26 10:00:39 +02:00
Gilles Peskine b44692f126 Merge branch 'mbedtls_ssl_get_key_exchange_md_ssl_tls-return_hashlen' into tls_async_server-2.9
Conflict resolution:
* ChangeLog: put the new entry from my branch in the proper place.
* include/mbedtls/error.h: counted high-level module error codes again.
* include/mbedtls/ssl.h: picked different numeric codes for the
  concurrently added errors; made the new error a full sentence per
  current standards.
* library/error.c: ran scripts/generate_errors.pl.
* library/ssl_srv.c:
    * ssl_prepare_server_key_exchange "DHE key exchanges": the conflict
      was due to style corrections in development
      (4cb1f4d49c) which I merged with
      my refactoring.
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first case, variable declarations: merged line
      by line:
        * dig_signed_len: added in async
        * signature_len: removed in async
        * hashlen: type changed to size_t in development
        * hash: size changed to MBEDTLS_MD_MAX_SIZE in async
        * ret: added in async
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first cae comment: the conflict was due to style
      corrections in development (4cb1f4d49c)
      which I merged with my comment changes made as part of refactoring
      the function.
    * ssl_prepare_server_key_exchange "Compute the hash to be signed" if
      `md_alg != MBEDTLS_MD_NONE`: conflict between
      ebd652fe2d
      "ssl_write_server_key_exchange: calculate hashlen explicitly" and
      46f5a3e9b4 "Check return codes from
      MD in ssl code". I took the code from commit
      ca1d742904 made on top of development
      which makes mbedtls_ssl_get_key_exchange_md_ssl_tls return the
      hash length.
* programs/ssl/ssl_server2.c: multiple conflicts between the introduction
  of MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and new auxiliary functions and
  definitions for async support, and the introduction of idle().
    * definitions before main: concurrent additions, kept both.
    * main, just after `handshake:`: in the loop around
      mbedtls_ssl_handshake(), merge the addition of support for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and SSL_ASYNC_INJECT_ERROR_CANCEL
      with the addition of the idle() call.
    * main, if `opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM`: take the
      code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS.
    * main, loop around mbedtls_ssl_read() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
    * main, loop around mbedtls_ssl_write() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
2018-04-26 10:00:27 +02:00
Jaeden Amero 8945343a51 Merge branch 'development-proposed' into development-restricted-proposed
Resolve merge conflict in ecp.h, where `mbedtls_ecp_keypair` was moved.
2018-04-24 17:16:34 +01:00
Andres Amaya Garcia 56e06db102 Improve mbedtls_platform_zeroize() docs 2018-04-24 08:37:52 -05:00
Andres Amaya Garcia d0ef468d39 Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT 2018-04-24 08:31:34 -05:00
Jaeden Amero 1afdec1812 Merge remote-tracking branch 'upstream-public/pr/1578' into development-proposed 2018-04-24 14:19:41 +01:00
Jaeden Amero 519b129f78 Merge remote-tracking branch 'upstream-public/pr/1580' into development-proposed 2018-04-24 13:20:11 +01:00
Rose Zadik a7a6155272
Update ecp.h
One fix. Removed trailing whitespaces
2018-04-24 13:14:01 +01:00
Gilles Peskine ca1d742904 mbedtls_ssl_get_key_exchange_md_tls1_2: return hashlen
In mbedtls_ssl_get_key_exchange_md_tls1_2, add an output parameter for
the hash length. The code that calls this function can currently do
without it, but it will need the hash length in the future, when
adding support for a third-party callback to calculate the signature
of the hash.
2018-04-24 11:53:22 +02:00
Jaeden Amero 7c68878e17 Merge remote-tracking branch 'upstream-public/pr/1511' into development-proposed 2018-04-24 10:28:25 +01:00
Jaeden Amero d803c1f1ab Merge remote-tracking branch 'upstream-public/pr/1510' into development-proposed
Resolve conflict in comment for mbedtls_ecdsa_read_signature in include/mbedtls/ecdsa.h
2018-04-24 10:27:38 +01:00
Jaeden Amero f852f4c35b Merge remote-tracking branch 'upstream-public/pr/1506' into development-proposed 2018-04-24 10:27:05 +01:00
Jaeden Amero ebfd3cad58 Merge remote-tracking branch 'upstream-public/pr/1505' into development-proposed 2018-04-24 10:26:48 +01:00
Gilles Peskine 9d12b4c849 SSL asynchronous signature: turn off by default 2018-04-24 09:36:36 +02:00
Gilles Peskine d04d292b64 Get rid of useless handshake field out_async_start
The location where the signature goes is now tracked via
ssl->out_msglen, which makes ssl->handshake->out_async_start redundant.
2018-04-24 09:36:36 +02:00
Gilles Peskine ab50f83a93 Improve documentation of async operation start callbacks 2018-04-24 09:36:36 +02:00
Gilles Peskine 4bf9a28d1d SSL asynchronous signature: first implementation
Implement SSL asynchronous private operation for the case of a
signature operation in a server.

This is a first implementation. It is functional, but the code is not
clean, with heavy reliance on goto.
2018-04-24 09:36:06 +02:00
Gilles Peskine 8bf79f6dc6 SSL asynchronous private key operation callbacks: interface
New compile-time option MBEDTLS_SSL_ASYNC_PRIVATE_C, enabling
callbacks to replace private key operations. These callbacks allow the
SSL stack to make an asynchronous call to an external cryptographic
module instead of calling the cryptography layer inside the library.
The call is asynchronous in that it may return the new status code
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, in which case the SSL stack returns
and can be later called where it left off.

This commit introduces the configuration option. Later commits will
implement the feature proper.
2018-04-24 09:32:28 +02:00
Gilles Peskine 59e83d96db Add conf parameter to mbedtls_ssl_handshake_free
This function is declared in ssl_internal.h, so this is not a public
API change.

This is in preparation for mbedtls_ssl_handshake_free needing to call
methods from the config structure.
2018-04-24 09:32:28 +02:00
Rose Zadik d35340550d
Update ecp.h
fixed omittion
2018-04-23 16:12:42 +01:00
Rose Zadik c32efb3f64
Update ecp.h
Resolved last review comment
2018-04-23 09:38:29 +01:00
Rose Zadik d76ac587d3
Update ecp.h
Changes based on review comments. Waiting for responses on 2 remaining comments
2018-04-23 06:29:34 +01:00
Rose Zadik abc9ec73b0
Update ecdsa.h
Merged change to MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH from other commit for merging, as requested (lines 282+283).
2018-04-23 06:16:40 +01:00
Rose Zadik f089fa3341
Update ecp.h
minor spacing/comment format fixes
2018-04-20 10:41:16 +01:00
Rose Zadik b2e111a288
Update ecp.h
Changes based on review comments. 
2 comments still open pending decisions
2018-04-20 10:13:48 +01:00
Gilles Peskine 5450d1f597 Merge branch 'crypto_alt_revision' into development-restricted-proposed 2018-04-19 21:02:40 +02:00
Rose Zadik 93f9919c26
Update cipher.h
Fixed typo.
2018-04-19 14:41:33 +01:00
Rose Zadik c441f74900
Update cipher.h
minor fix
2018-04-19 14:38:20 +01:00
Rose Zadik 4c368e82cc
Update cipher.h
Additional changes based on review comments
2018-04-19 14:24:11 +01:00
Rose Zadik 826f264920
Update cipher.h
Additional changes based on review comments
2018-04-19 14:01:29 +01:00
Rose Zadik f56cb34d60
Update ecp.h
Updated based on review comment. 
One comment remains open (waiting for input)
2018-04-19 12:49:10 +01:00
Manuel Pégourié-Gonnard 4acb0055e3 Merge remote-tracking branch 'public/pr/1518' into development-proposed
* public/pr/1518:
  Update platform.h
  Update platform.h
2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 66d396826a Merge remote-tracking branch 'public/pr/1516' into development-proposed
* public/pr/1516:
  Update sha512.h
2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard bb93c04aab Merge remote-tracking branch 'public/pr/1515' into development-proposed
* public/pr/1515:
  Update sha256.h
  Update sha256.h
2018-04-18 16:13:52 +02:00
Gilles Peskine b80f04eb67 Merge remote-tracking branch 'upstream-public/pr/1514' into development-proposed 2018-04-18 16:13:30 +02:00
Gilles Peskine 2e1934ac0c Fix comment formatting to pacify check-names.sh 2018-04-18 16:08:26 +02:00
Manuel Pégourié-Gonnard a9377336be Merge remote-tracking branch 'public/pr/1513' into development-proposed
* public/pr/1513:
  Update rsa.h
  Update rsa.h
  Update rsa.h
2018-04-18 11:58:53 +02:00
Manuel Pégourié-Gonnard 0392bff1b9 Merge remote-tracking branch 'public/pr/1512' into development-proposed
* public/pr/1512:
  Update md.h
  Update md.h
2018-04-18 11:57:50 +02:00
Manuel Pégourié-Gonnard b3a8fe7285 Merge remote-tracking branch 'public/pr/1509' into development-proposed
* public/pr/1509:
  Update ecdh.h
  Update ecdh.h
2018-04-18 11:56:49 +02:00
Manuel Pégourié-Gonnard 01d72df113 Merge remote-tracking branch 'public/pr/1508' into development-proposed
* public/pr/1508:
  Update ctr_drbg.h
  Update ctr_drbg.h
2018-04-18 11:55:30 +02:00
Manuel Pégourié-Gonnard 7153496395 Merge remote-tracking branch 'public/pr/1507' into development-proposed
* public/pr/1507:
  Update cmac.h
  Update cmac.h
2018-04-18 11:54:42 +02:00
Manuel Pégourié-Gonnard c265a25f4f Merge remote-tracking branch 'public/pr/1503' into development-proposed
* public/pr/1503:
  Update aes.h
  Update aes.h
2018-04-18 11:48:10 +02:00
Rose Zadik fa1fe36e08
Update dhm.h
Minor fix based on review comments
2018-04-18 10:09:31 +01:00
Rose Zadik ee96359d89
Update dhm.h
Changes based on review comments
2018-04-18 09:46:12 +01:00
Mohammad Azim Khan e5b5bd7a40 Allocate a unique err code for MBEDTLS_ERR_AES_BAD_INPUT_DATA 2018-04-17 23:29:47 +01:00
Mohammad Azim Khan 3f7f8170d6 Check invalid nc_off
Uninitialized nc_off value >0xf passed by the caller can cause array out-of-bound.
2018-04-17 23:18:40 +01:00
Andres Amaya Garcia 14a8b59d7b Fix doxygen error for MBEDTLS_PLATFORM_ZEROIZE_ALT 2018-04-17 16:56:12 +01:00
Rose Zadik 379b95ca9b
Update ccm.h
Updated return values for mbedtls_ccm_auth_decrypt().
2018-04-17 16:43:00 +01:00
Rose Zadik 477dce15bc
Update ccm.h
updated brief desc.
2018-04-17 16:31:22 +01:00
Andres Amaya Garcia c58787f507 Update docs for MBEDTLS_PLATFORM_ZEROIZE_ALT in config.h 2018-04-17 10:21:45 -05:00
Andres Amaya Garcia 904e1efb8c Make utils module part of the platform 2018-04-17 10:00:11 -05:00
Rose Zadik ec5d416cb2
Update ecdsa.h
minor fix based on review comments
2018-04-17 15:55:28 +01:00
Andres Amaya Garcia ae8e306973 Fix docs typos for zeroize related features/test 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia 757cd72edf Update license headers year and branding 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia 1e8ea5fa68 Improve docs for mbedtls_zeroize() and add refs 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia 6606d5c414 Add config.h docs for MBEDTLS_UTILS_ZEROIZE_ALT 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia b1262a3bdb Allow compile-time alternate to mbedtls_zeroize()
Add a new macro MBEDTLS_UTILS_ZEROIZE that allows users to configure
mbedtls_zeroize() to an alternative definition when defined. If the
macro is not defined, then mbed TLS will use the default definition of
the function.
2018-04-17 09:19:05 -05:00
Andres Amaya Garcia 614d9c0667 Add a utils.h file that contains common functions
The new header contains common information across various mbed TLS
modules and avoids code duplication. To start, utils.h currently only
contains the mbedtls_zeroize() function.
2018-04-17 09:17:38 -05:00
Rose Zadik 21e2926736
Update rsa.h
minor change to the file's brief desc.
2018-04-17 14:08:56 +01:00
Rose Zadik f763f2bbc1
Update dhm.h
Minor documentation improvements:
*Standardized file brief description.
*Separated return statements.
*Reordered tags within documentation blocks so that params and returns are last in block.
*p_rng descriptions changed from "parameter" to "context".
*Suggest to specify issue for each return code, where multiple failure return codes are listed, or generalize.
*Minor improvements to parameter documentation proposed by eng.
2018-04-17 11:00:40 +01:00
Rose Zadik d3c9bfcbeb
Update ecp.h
Reviewed and standardized
2018-04-17 10:56:55 +01:00
Rose Zadik ef87179842
Update ccm.h
updated failure returns to "A CCM or cipher-specific error code on failure."
2018-04-17 10:41:48 +01:00
Rose Zadik 6ee22a7d52
Update sha256.h
Minor fix based on review comments
2018-04-17 10:38:39 +01:00
Rose Zadik 92d66b88ae
Update sha1.h
Changes based on review comments
2018-04-17 10:36:56 +01:00
Rose Zadik f2ec288bf8
Update rsa.h
Changes based on review comments.
2018-04-17 10:27:25 +01:00
Rose Zadik f3e4736131
Update md.h
Changes based on review comments
2018-04-16 16:31:16 +01:00
Rose Zadik 6a7ebc4c86
Update gcm.h
minor fix based on review comments
2018-04-16 16:11:49 +01:00
Rose Zadik 14d0d57c51
Update ecdsa.h
Minor changes based on review comments
2018-04-16 16:09:30 +01:00
Rose Zadik 7375b0f6c1
Update ecdh.h
Changs based on review comments
2018-04-16 16:04:57 +01:00
Ron Eldor 05d0e51bb1 Minor modifications for alt support in des and ecp
1. Add 3des context to be allowed for alternative defintion
2. Move some ecp structs, to disallow alternative definition of them,
as other modules rely on them
2018-04-16 17:40:04 +03:00
Rose Zadik 9464d7b6e3
Update platform.h
Implemented changes based on review comments
2018-04-16 15:28:35 +01:00
Rose Zadik f25eb6eef6
Update ctr_drbg.h
minor changes based on comments
2018-04-16 14:51:52 +01:00
Rose Zadik c138bb7b05
Update cmac.h
minor changes based on comments
2018-04-16 11:11:25 +01:00
Rose Zadik b5607bf61d
Update cipher.h
minor changes based on comments
2018-04-16 10:34:51 +01:00
Rose Zadik bd9571a01e
Update ccm.h
minor changes based on comments
2018-04-16 09:45:12 +01:00
Rose Zadik 819d13dfff
Update aes.h
fixed missing multiple returns on mbedtls_aes_setkey_enc
2018-04-16 09:35:15 +01:00
Ron Eldor bf027e736a Minor modifications after PR review
1. Move ChangLog entry to correct location
2. Move point formats outside the ECP_ALT check, as it's part of the RFC
2018-04-09 15:51:19 +03:00
Gilles Peskine 80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Gilles Peskine 315b460593 Merge remote-tracking branch 'upstream-public/pr/1457' into development-proposed 2018-04-04 09:19:27 +02:00
Gilles Peskine be2371c3d9 Merge branch 'pr_348' into development-proposed 2018-04-04 09:18:27 +02:00
Gilles Peskine 1fae860f0f Merge remote-tracking branch 'upstream-public/pr/1543' into development-proposed 2018-04-04 09:03:25 +02:00
Ron Eldor 810e650c70 Adjust more modules to new design
Add `ecp.h` anf `timing.h` to new XXX_alt design
2018-04-01 15:59:58 +03:00
Ron Eldor 4e6d55d14d Add new modules to the refactoring
Add new alternative supported modules to the new arcitecture design
2018-04-01 15:12:46 +03:00
Ron Eldor b2aacec417 Take Cryptographic API outside the XXX_ALT check
The cryptographic API should not be related to whether or not
there is alternative implementation. The API should be same for regular
implementation, and for alternative implementation, so it is defined
outside of the XXX_ALT precompilation check in the cryptographic API header
2018-04-01 15:12:46 +03:00
Gilles Peskine 90a8b5219f Merge branch 'pr_1480' into development-proposed 2018-04-01 12:44:06 +02:00
Gilles Peskine 5114d3e4e1 Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Darryl Green eea1c4ee5a Improve documentation of mbedtls_ssl_write() 2018-03-29 16:41:09 +01:00
Nicholas Wilson 08f3ef1861 Basic support for Curve448, similar to the current level of support for Curve25519 2018-03-29 14:29:06 +01:00
Jaeden Amero 4ba87fc958 Merge remote-tracking branch 'upstream-public/pr/758' into development-proposed 2018-03-29 11:01:38 +01:00
Jaeden Amero 2ad47e3bcc Merge remote-tracking branch 'upstream-public/pr/1528' into development-proposed 2018-03-29 11:00:50 +01:00
Hanno Becker 2bd57578af Merge branch 'development' into iotssl-1204 2018-03-28 14:52:35 +01:00