1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-11 21:41:47 +03:00
Commit Graph

5488 Commits

Author SHA1 Message Date
c36aab69b5 Swap D,E parameters in mbedtls_rsa_deduce_primes 2017-10-17 09:15:06 +01:00
9fb02057a5 Fix typo in asn1.h 2017-10-12 23:21:37 +01:00
f5dce36a24 Don't claim ECDH parameters are nothing-up-my-sleeve numbers 2017-10-12 13:45:10 +01:00
3226d36d61 Fix typo in configuration
Change duplicate of MBEDTLS_ECDH_GEN_PUBLIC_ALT to
MBEDTLS_ECDH_COMPUTE_SHARED_ALT
2017-10-12 14:17:48 +03:00
d22b78bf12 Switch to old model for alternative implementations 2017-10-12 11:42:17 +01:00
08f055eb4f Don't remove CRT parameters from RSA context for ABI compatibility
Albeit possible without conflicts now, this has to wait for the next ABI
changing releaese.
2017-10-12 10:53:58 +01:00
a565f54c4c Introduce new files rsa_internal.[ch] for RSA helper functions
This commit splits off the RSA helper functions into separate headers and
compilation units to have a clearer separation of the public RSA interface,
intended to be used by end-users, and the helper functions which are publicly
provided only for the benefit of designers of alternative RSA implementations.
2017-10-11 11:00:19 +01:00
a84c1cb355 Address PR cpomments reviews
1) move the change into Features from Changes, in the changLog
2) Change the feature alternative configuration MBEDTLS_ECDH_ALT
definition to function alternative defintions
MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT
2017-10-10 19:04:27 +03:00
f9e184b9df Remove PRNG argument from mbedtls_rsa_complete 2017-10-10 16:55:41 +01:00
314adb6baa Address PR review comments
1) update ChangLog to have new feature in Features instead of Changes
2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions:
MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
2017-10-10 18:49:02 +03:00
1e801f5706 Clarify guarantees made by rsa_complete and rsa_check_privkey 2017-10-10 16:44:47 +01:00
68b4d58bd8 Remove PRNG argument from mbedtls_rsa_deduce_moduli
It is not necessary to pass a CSPRNG to `mbedtls_rsa_deduce_moduli`, as there
exist well-working static strategies, and even if a PRNG is preferred, a
non-secure one would be sufficient.

Further, the implementation is changed to use a static strategy for the choice
of candidates which according to some benchmarks even performs better than the
previous one using random candidate choices.
2017-10-10 16:39:10 +01:00
8ec8102c9a Split WANT_READ in two error codes
This commit restricts WANT_READ to indicate that no data is available on the
underlying transport. To signal the need for further processing - which was
previously also handled through this error code - a new internal error code
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING is introduced.
2017-10-10 16:04:48 +01:00
8b170a0a0b Enhance and extend checking of message processing state
-  Enhances the documentation of mbedtls_ssl_get_bytes_avail (return
   the number of bytes left in the current application data record, if
   there is any).
-  Introduces a new public function mbedtls_ssl_check_pending for
   checking whether any data in the internal buffers still needs to be
   processed. This is necessary for users implementing event-driven IO
   to decide when they can safely idle until they receive further
   events from the underlying transport.
2017-10-10 16:04:32 +01:00
e09ca3d9b6 Add polling function for network contexts
This commit adds a function `mbedtls_net_poll` to the network module
allowing to check if a network context is available for read or write.
2017-10-10 16:03:18 +01:00
1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
0446a39744 Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-10-06 11:58:50 +01:00
bc389d1d3c Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code 2017-10-05 11:49:53 +01:00
3cdc711972 Deprecate usage of RSA primitives with wrong key type
Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those
may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
2017-10-05 10:28:21 +01:00
e3481ab533 Improve top warning in dhm.h 2017-10-04 16:05:10 +01:00
a90658f248 Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param 2017-10-04 15:29:08 +01:00
470a8c4d87 Deprecate mbedtls_ssl_conf_dh_param 2017-10-04 15:28:46 +01:00
d25d444134 Don't allocate space for DTLS header if DTLS is disabled 2017-10-04 13:58:03 +01:00
5e6b8d7d29 Add missing whitespace 2017-10-04 13:41:36 +01:00
0482fd597a Remove reference to utility program for RFC 3526/7919 verification 2017-10-04 13:39:08 +01:00
5a7c35d1a8 Correct documentation of mbedtls_ssl_conf_dh_param 2017-10-04 13:32:12 +01:00
8880e75dcb Add new function mbedtls_dhm_set_group to DHM Group 2017-10-04 13:17:52 +01:00
e2fcfa84ea Stick to the use of constant-macros
This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros
providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated.
2017-10-04 13:12:15 +01:00
0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
5178dcab12 Clarify parameter ownership in mbedtls_rsa_import[_raw] 2017-10-03 14:29:37 +01:00
f9734b35b5 Change wording of warnings 2017-10-03 12:09:22 +01:00
4e1be398f6 Remove FORCE_VERIFICATION and FORCE_BLINDING 2017-10-02 16:02:55 +01:00
f240ea0b50 Expand documentation of mbedtls_dhm_read_params 2017-10-02 15:09:14 +01:00
f8258e7d5a Adapt documentation of mbedtls_ssl_conf_dh_param to new moduli 2017-10-02 15:04:40 +01:00
70da2c545b Improve documentation of mbedtls_dhm_make_params 2017-10-02 15:02:59 +01:00
b5beaa8995 Check that 1 < D, E < N in mbedtls_rsa_validate_params 2017-10-02 13:20:20 +01:00
c6fc878eda Remove mbedtls_rsa_check_crt
This is no longer needed after the decision to not exhaustively validate private key material.
2017-10-02 13:20:15 +01:00
98838b04af Minor improvements 2017-10-02 13:17:01 +01:00
7471631dde Make input arguments to mbedtls_rsa_import_raw constant
Original intention was to be allowed to perform in-place operations like changing the byte-order before importing
parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments
to be left untouched.
2017-10-02 13:17:01 +01:00
43a08d029e Clarify guarantees made by rsa_check_privkey and rsa_complete
Document explicitly that `mbedtls_rsa_check_privkey` and `mbedtls_rsa_complete` succeeding does not guarantee the
consistency of the underlying RSA private key but only that enough information is present to perform a private key
operation.
2017-10-02 13:17:01 +01:00
1b831fe1c5 Clarify guarantees made by rsa_deduce_moduli/private/crt 2017-10-02 13:06:47 +01:00
bdefff1dde Change signature of mbedtls_rsa_deduce_private
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
2017-10-02 09:59:48 +01:00
ba5b755f1a Change signature and semantics of mbedtls_rsa_deduce_moduli
Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has
been found.
2017-10-02 09:55:49 +01:00
2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:35:21 +01:00
f5f9d11acc Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-09-30 23:35:12 +01:00
56bae95e1d Improve style and documentation, fix typo 2017-09-29 15:43:49 +01:00
4b2f691691 Doxygen: Use typewriter font for variables in rsa.h documentation 2017-09-29 13:36:54 +01:00
ed20361321 Increase readability of Doxygen output
Multiple lists were not properly recognized as such.
2017-09-29 13:34:25 +01:00
91c194dabb Add and document an RSA-specific error code for unsupported exports
E.g., a private key on an external chip might not be exportable to RAM.
2017-09-29 12:50:12 +01:00