Simon Butcher
0bbb4fc132
Merge branch 'development' into development
2018-08-30 01:11:35 +01:00
Simon Butcher
552754a6ee
Merge remote-tracking branch 'public/pr/1988' into development
2018-08-30 00:57:28 +01:00
Simon Butcher
68dbc94720
Merge remote-tracking branch 'public/pr/1951' into development
2018-08-30 00:56:56 +01:00
Simon Butcher
07de4c0035
Merge remote-tracking branch 'public/pr/1920' into development
2018-08-30 00:56:08 +01:00
Simon Butcher
8a552cf9d6
Merge remote-tracking branch 'public/pr/1920' into development-restricted
2018-08-28 15:39:38 +01:00
Simon Butcher
129fa82908
Merge remote-tracking branch 'restricted/pr/470' into development-restricted
2018-08-28 15:26:11 +01:00
Simon Butcher
7f85563f9b
Merge remote-tracking branch 'restricted/pr/491' into development-restricted
2018-08-28 15:22:40 +01:00
Hanno Becker
02f6f5af26
Adapt ChangeLog
...
Make explicit that buffering support is about DTLS.
2018-08-28 12:54:27 +01:00
Simon Butcher
9ce5160fea
Merge remote-tracking branch 'public/pr/1965' into development
2018-08-28 12:34:14 +01:00
Simon Butcher
676d3fd116
Merge remote-tracking branch 'public/pr/1129' into development
2018-08-28 12:31:23 +01:00
Simon Butcher
9d5a9e1213
Merge remote-tracking branch 'public/pr/1625' into development
2018-08-28 12:23:40 +01:00
Simon Butcher
14dac0953e
Merge remote-tracking branch 'public/pr/1918' into development
2018-08-28 12:21:41 +01:00
Simon Butcher
1846e406c8
Merge remote-tracking branch 'public/pr/1939' into development
2018-08-28 12:19:56 +01:00
Simon Butcher
9598845d11
Merge remote-tracking branch 'public/pr/1955' into development
2018-08-28 12:00:18 +01:00
Simon Butcher
4613772dea
Merge remote-tracking branch 'public/pr/1915' into development
2018-08-28 11:45:44 +01:00
Hanno Becker
0e96585bdd
Merge branch 'datagram_packing' into message_reordering
2018-08-24 12:16:41 +01:00
Hanno Becker
1841b0a11c
Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
...
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00
Hanno Becker
a70fb95c82
Adapt ChangeLog
2018-08-23 14:36:50 +01:00
Hanno Becker
aa24937853
Adapt ChangeLog
2018-08-22 10:27:13 +01:00
Hanno Becker
3546201dbc
Merge branch 'datagram_packing' into message_reordering
2018-08-22 10:25:40 +01:00
Hanno Becker
a67dee256d
Merge branch 'iotssl-2402-basic-pmtu-adaptation' into datagram_packing
2018-08-22 10:06:38 +01:00
Manuel Pégourié-Gonnard
b8eec192f6
Implement PMTU auto-reduction in handshake
2018-08-22 10:50:30 +02:00
Hanno Becker
170e2d89da
Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing
2018-08-22 09:44:54 +01:00
Hanno Becker
903ee3d363
Merge branch 'datagram_packing' into message_reordering
2018-08-21 17:24:17 +01:00
Manuel Pégourié-Gonnard
f2f1d40d6d
Improve wording in ChangeLog and documentation
2018-08-21 09:53:22 +02:00
Hanno Becker
6aeaa05a95
Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing
2018-08-20 12:53:37 +01:00
Manuel Pégourié-Gonnard
6e7aaca146
Move MTU setting to SSL context, not config
...
This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)
There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 10:37:23 +02:00
Ron Eldor
34b03ef78f
Remove redundant else
statement
...
Remove `else` statement, as it is redundant. resolves #1776
2018-08-20 10:39:27 +03:00
Hanno Becker
f103542c3d
Adapt ChangeLog
2018-08-17 16:52:08 +01:00
Hanno Becker
d87a59cc36
Adapt ChangeLog
2018-08-17 15:51:24 +01:00
Jaeden Amero
141e767fa9
Merge remote-tracking branch 'upstream-public/pr/1942' into development
...
Resolve conflicts in ChangeLog
2018-08-17 14:26:51 +01:00
Manuel Pégourié-Gonnard
3879fdfece
Merge remote-tracking branch 'public/pr/1955' into iotssl-165-dtls-hs-fragmentation-new
...
* public/pr/1955:
Adapt ChangeLog
Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-17 10:49:47 +02:00
Hanno Becker
eb2b15accd
Improve ChangeLog wording for the commmit that Fixes #1954 .
2018-08-17 09:47:22 +01:00
Hanno Becker
ad0fe92fb6
Adapt ChangeLog
2018-08-16 15:52:22 +01:00
Manuel Pégourié-Gonnard
637e234d9f
Merge remote-tracking branch 'public/pr/1915' into iotssl-165-dtls-hs-fragmentation-new
...
* public/pr/1915:
Adapt ChangeLog
Fix mbedtls_ssl_get_record_expansion() for ChaChaPoly and CBC
2018-08-16 10:01:21 +02:00
Manuel Pégourié-Gonnard
0b1d9b2c75
Declare ssl_conf_mtu()
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
01ec4af023
Add ChangeLog entry
2018-08-16 10:01:10 +02:00
Janos Follath
08a4aebc46
HKDF: Add warning to partial functions
...
The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is
used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are
called in succession carefully and an equivalent way.
Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would
prevent any misuse, but doing so would require the TLS 1.3 stack to
break abstraction and bypass the module API.
To reduce the risk of misuse we add warnings to the function
descriptions.
2018-08-14 16:08:38 +01:00
Hanno Becker
9dc3be7601
Improve wording in ChangeLog
2018-08-14 15:22:05 +01:00
Hanno Becker
361f254eab
Adapt ChangeLog
2018-08-13 16:36:58 +01:00
Ron Eldor
d1a4762adb
Use mbedtls_printf instead of printf
...
Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes #1908
2018-08-13 13:49:52 +03:00
Jaeden Amero
d8f41698d2
Merge remote-tracking branch 'upstream-public/pr/1598' into development
...
Add a Changelog entry
2018-08-10 11:23:15 +01:00
Jaeden Amero
03bd4847b3
Merge remote-tracking branch 'upstream-public/pr/1861' into development
...
Add Changelog entry
2018-08-10 11:17:14 +01:00
Jaeden Amero
cac0c1a250
Merge remote-tracking branch 'upstream-public/pr/1378' into development
2018-08-10 10:59:53 +01:00
Jaeden Amero
372b50b252
Add a ChangeLog entry for #1816
2018-08-10 10:56:31 +01:00
Jaeden Amero
f48163a960
Merge remote-tracking branch 'upstream-public/pr/1834' into development
2018-08-10 10:49:10 +01:00
Hanno Becker
448146407f
Adapt ChangeLog
2018-08-03 10:07:39 +01:00
Simon Butcher
b363382ba4
Add ChangeLog entry for bug #1890
2018-07-30 22:10:48 +01:00
Angus Gratton
608a487b9c
Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
...
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-27 09:15:34 +10:00
Simon Butcher
6c34268e20
Merge remote-tracking branch 'restricted/pr/501' into development-restricted
2018-07-26 14:24:56 +01:00