Add a new macro MBEDTLS_UTILS_ZEROIZE that allows users to configure
mbedtls_zeroize() to an alternative definition when defined. If the
macro is not defined, then mbed TLS will use the default definition of
the function.
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
This commit allows users to provide alternative implementations of the
ECJPAKE interface through the configuration option MBEDTLS_ECJPAKE_ALT.
When set, the user must add `ecjpake_alt.h` declaring the same
interface as `ecjpake.h`, as well as add some compilation unit which
implements the functionality. This is in line with the preexisting
support for alternative implementations of other modules.
- Adapt the change in all.sh to the new keep-going mode
- Restore alphabetical order of configuration flags for
alternative implementations in config.h and rebuild
library/version_features.c
Conflict resolution: additions in the same places as
upstream-public/pr/865, both adding into lexicographically sorted
lists, resolved by taking the additions in lexicographic order.
In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated
yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to
temporarily fall back to the old, non-compliant implementation of the truncated
HMAC extension.
This commit splits off the RSA helper functions into separate headers and
compilation units to have a clearer separation of the public RSA interface,
intended to be used by end-users, and the helper functions which are publicly
provided only for the benefit of designers of alternative RSA implementations.
1) move the change into Features from Changes, in the changLog
2) Change the feature alternative configuration MBEDTLS_ECDH_ALT
definition to function alternative defintions
MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT
1) update ChangLog to have new feature in Features instead of Changes
2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions:
MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
This commit disables the new MBEDTLS_RSA_FORCE_BLINDING option by default to preserve backwards
compatibility. Further, it deprecates disabling to prepare for a future release in which blinding will be
unconditionally enforced.
Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in
config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and
re-implementing the RSA interface specified in rsa.h.
Through the previous reworkings, the adherence to the interface is the only
implementation obligation - in particular, implementors are free to use a
different layout for the RSA context structure.
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:
* mbedtls_platform_setup()
* mbedtls_platform_teardown()
An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:
* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()
Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.
This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:
* mbedtls_platform_setup()
* mbedtls_platform_teardown()
An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:
* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()
Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.
This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
This commit renames the new AES table packing option introduced in the
previous MBEDTLS_AES_PACK_TABLES and documents its use and memory vs.
speed tradeoff. It also enhances the documentation of the other
AES-related option MBEDTLS_AES_ROM_TABLES.
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.
SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
Default to forbidding the use of SHA-1 in TLS where it is unsafe: for
certificate signing, and as the signature hash algorithm for the TLS
1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the
XXX_SHA ciphersuites and in the PRF for TLS <= 1.1.
For easy backward compatibility for use in controlled environments,
turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.
The compile time macros enabling the initialisation and deinitialisation
in the alternative Elliptic Curve Point arithmetic implementation had
names that did not end with '_ALT' as required by check-names.sh.
Minor fixes following review including:
* formatting changes including indentation and code style
* corrections
* removal of debug code
* clarification of code through variable renaming
* memory leak
* compiler warnings
Change the CMAC interface to match the mbedtls_md_hmac_xxxx() interface. This
changes the overall design of the CMAC interface to make it more consistent with
the existing HMAC interface, and will allow incremental updates of input data
rather than requiring all data to be presented at once, which is what the
current interface requires.
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
* Check time platform abstraction macro definitions
This patch adds some checks to check_config.h to ensure that macro
definitions for the time platform abstraction are acceptable. In this
case the requirements are:
- MBEDTLS_PLATFORM_C and MBEDTLS_HAVE_TIME must be defined whenever
MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_TYPE_MACRO or
MBEDTLS_PLATFORM_TIME_MACRO is defined.
- MBEDTLS_PLATFORM_STD_TIME and MBEDTLS_PLATFORM_TIME_ALT cannot be
defined simultaneously with MBEDTLS_PLATFORM_TIME_TYPE_MACRO or
MBEDTLS_PLATFORM_TIME_MACRO.
- MBEDTLS_HAVE_TIME and MBEDTLS_PLATFORM_TIME_ALT must be defined
whenever MBEDTLS_PLATFORM_STD_TIME is defined.
* Document requirements for time abstraction macros
Document that time platform abstraction macros
MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_MACRO,
MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME require
MBEDTLS_HAVE_TIME to be defined in config.h.
* Fix requires comment in config.h
* Split preprocessor condition for simplicity
target_config.h is no longer needed for target/platform configurations so
this change removes it from the default and platform configurations for mbed
builds.
Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write().
The platform-layer functions are only available when
MBEDTLS_ENTROPY_NV_SEED is enabled.
Add a switch that turns entropy collecting off entirely, but enables
mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS
on platforms that don't have their entropy sources integrated yet.
