Commit graph

157 commits

Author SHA1 Message Date
Simon Butcher
e47d6fd97e Merge remote-tracking branch 'public/pr/1497' into development 2018-06-12 16:53:04 +01:00
Thomas Fossati
656864b360 Add an HKDF (RFC 5869) implementation 2018-06-11 13:10:14 +01:00
Simon Butcher
246cb05a92 Merge remote-tracking branch 'public/pr/1410' into development 2018-06-01 19:25:56 +01:00
Simon Butcher
2f3a581567 Merge remote-tracking branch 'public/pr/1178' into development 2018-05-23 16:15:13 +01:00
Manuel Pégourié-Gonnard
a3712beb9b Merge branch 'development' into iotssl-1941-aria-ciphersuites
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
2018-05-22 15:58:50 +02:00
Jaeden Amero
3dd8abd037 Regenerate errors after ecp.h updates
The error descriptions were updated in ecp.h (PR #1578), so also update
the strings in error.c.
2018-04-24 14:13:15 +01:00
Mohammad Azim Khan
e5b5bd7a40 Allocate a unique err code for MBEDTLS_ERR_AES_BAD_INPUT_DATA 2018-04-17 23:29:47 +01:00
Gilles Peskine
80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Gilles Peskine
cc78ac46e7 Update error.c 2018-03-30 18:52:10 +02:00
Hanno Becker
2bd57578af Merge branch 'development' into iotssl-1204 2018-03-28 14:52:35 +01:00
Hanno Becker
c9f4d6d448 Correct error.c 2018-03-19 09:23:13 +00:00
Manuel Pégourié-Gonnard
3c80009615 aria: add error codes for hw implementations 2018-03-01 09:25:05 +01:00
Markku-Juhani O. Saarinen
07478d6f30 something to do with whitespaces 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
3c0b53b2b0 ARIA build integration 2018-02-27 12:39:12 +01:00
Jaeden Amero
9564e97460 Merge branch 'development' into development-restricted 2018-01-30 17:04:47 +00:00
Rose Zadik
2f8163d3cd Improve CTR-DRBG documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Add full standard name in file description.

GitHub PR: #1316
2018-01-30 16:22:05 +00:00
Rose Zadik
042e97fa75 Improve RSA documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Rephrase the descriptions of all md_alg and hashlen parameters.

GitHub PR: #1327
2018-01-30 16:22:05 +00:00
Rose Zadik
41ad082484 Improve DHM documentation
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Standardize defines documentation

GitHub PR: #1323
2018-01-30 16:22:05 +00:00
Rose Zadik
9ba6b621de Improve cipher documentation
- Rephrase function/parameter/enum/define/error descriptions into full and
  clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1306
2018-01-30 16:22:04 +00:00
Rose Zadik
eecdbea30f Improve CCM documentation
- Rephrase function/parameter/enum/define/error descriptions into full and
  clear sentences.
- Make sure to adhering to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.
- Fix iv_len values per the standard.

GitHub PR: #1305
2018-01-30 16:22:04 +00:00
Rose Zadik
7f44127c71 Improve AES documentation
- Separate "\file" blocks from copyright, so that Doxygen doesn't repeat
  the copyright information in all the Detailed Descriptions.
- Improve phrasing and clarity of functions, parameters, defines and enums.

GitHub PR: #1292
2018-01-30 16:22:04 +00:00
Jaeden Amero
2acbf17b97 Merge branch 'development' into development-restricted 2018-01-26 20:57:38 +00:00
Jaeden Amero
751aa510c0 Merge remote-tracking branch 'upstream-public/pr/1303' into development 2018-01-26 20:48:55 +00:00
Jaeden Amero
784de59ccd Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted
- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
2018-01-26 18:43:04 +00:00
Gilles Peskine
7ecab3df4c Error codes for hardware accelerator failures
Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography
modules where the software implementation can be replaced by a hardware
implementation.

This does not include the individual message digest modules since they
currently have no way to return error codes.

This does include the higher-level md, cipher and pk modules since
alternative implementations and even algorithms can be plugged in at
runtime.
2018-01-26 17:56:38 +01:00
Gilles Peskine
a381fe84ce Add HW_FAILED error codes for message digest modules
New error codes to report failures from alternative implementations of
MD2, MD4, MD5, RIPEMD160, SHA-1, SHA-256, SHA-512.
2018-01-23 18:16:11 +01:00
Gilles Peskine
17196cd3be Merge remote-tracking branch 'upstream-public/pr/964' into development 2018-01-02 16:24:29 +01:00
Hanno Becker
1434a365a6 Don't split error code description across multiple lines 2017-12-13 11:24:49 +00:00
Hanno Becker
8ec8102c9a Split WANT_READ in two error codes
This commit restricts WANT_READ to indicate that no data is available on the
underlying transport. To signal the need for further processing - which was
previously also handled through this error code - a new internal error code
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING is introduced.
2017-10-10 16:04:48 +01:00
Hanno Becker
e09ca3d9b6 Add polling function for network contexts
This commit adds a function `mbedtls_net_poll` to the network module
allowing to check if a network context is available for read or write.
2017-10-10 16:03:18 +01:00
Hanno Becker
bc389d1d3c Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code 2017-10-05 11:49:53 +01:00
Hanno Becker
3cdc711972 Deprecate usage of RSA primitives with wrong key type
Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those
may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
2017-10-05 10:28:21 +01:00
Hanno Becker
a6dd90de30 Add error string for failure code in mbedtls_dhm_set_group 2017-10-04 13:17:52 +01:00
Manuel Pégourié-Gonnard
31458a1878 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Andres Amaya Garcia
fd48739461 Add AES feature unavailable error code 2017-06-14 16:19:12 +01:00
Simon Butcher
99000142cb Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
Simon Butcher
8a1a68cb2b Regenerate error.c file to remove CMAC 2016-10-13 13:51:12 +01:00
Simon Butcher
0c79073a8b Refactor and change CMAC interface
Change the CMAC interface to match the mbedtls_md_hmac_xxxx() interface. This
changes the overall design of the CMAC interface to make it more consistent with
the existing HMAC interface, and will allow incremental updates of input data
rather than requiring all data to be presented at once, which is what the
current interface requires.
2016-10-13 13:51:11 +01:00
Brian Murray
86ff986884 selftest supports cmac if only MBEDTLS_DES_C is defined
Other minor typo fixes
2016-10-13 13:51:10 +01:00
Robert Cragie
2fa11cd197 Added CMAC as proper low-level module and changed error returns 2016-10-13 13:51:07 +01:00
Andres AG
3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Janos Follath
98e28a74e3 Address user reported coverity issues. 2016-06-09 13:41:28 +01:00
-~- redtangent ~-~
9fa2e86d93 Add missing mbedtls_time_t definitions (#493)
Add missing mbedtls_time_t definitions to sample applications and the error.c
generation script.

Fixes #490.
2016-05-26 10:07:49 +01:00
Manuel Pégourié-Gonnard
e2e25e7427 DTLS: avoid dropping too many records
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
2015-12-03 16:13:17 +01:00
Manuel Pégourié-Gonnard
be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
9bd0afdb22 Add guards for closed socket in net.c
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard
9dbaf400ef Rationalize other snprintf() uses 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
f9cbd73191 Update generated files 2015-06-22 14:40:56 +02:00