Brian J Murray
98844ff59f
Fix minor typo in comments ( #531 )
2016-08-30 09:50:12 +01:00
Paul Bakker
c7d6bd4b5f
Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths
...
As a consequence also adds coverage for reading 3 and 4 byte lengths
(which were not covered before)
2016-08-25 15:42:27 +01:00
Paul Bakker
7eb1243fb4
Add check for lengths over 65535 in mbedtls_asn1_write_len()
2016-08-25 15:42:27 +01:00
Andres Amaya Garcia
1e4ec667a4
Check time platform abstraction macro definitions ( #534 )
...
* Check time platform abstraction macro definitions
This patch adds some checks to check_config.h to ensure that macro
definitions for the time platform abstraction are acceptable. In this
case the requirements are:
- MBEDTLS_PLATFORM_C and MBEDTLS_HAVE_TIME must be defined whenever
MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_TYPE_MACRO or
MBEDTLS_PLATFORM_TIME_MACRO is defined.
- MBEDTLS_PLATFORM_STD_TIME and MBEDTLS_PLATFORM_TIME_ALT cannot be
defined simultaneously with MBEDTLS_PLATFORM_TIME_TYPE_MACRO or
MBEDTLS_PLATFORM_TIME_MACRO.
- MBEDTLS_HAVE_TIME and MBEDTLS_PLATFORM_TIME_ALT must be defined
whenever MBEDTLS_PLATFORM_STD_TIME is defined.
* Document requirements for time abstraction macros
Document that time platform abstraction macros
MBEDTLS_PLATFORM_TIME_ALT, MBEDTLS_PLATFORM_TIME_MACRO,
MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME require
MBEDTLS_HAVE_TIME to be defined in config.h.
* Fix requires comment in config.h
* Split preprocessor condition for simplicity
2016-07-20 10:16:25 +01:00
Simon Butcher
b5b6af2663
Puts platform time abstraction into its own header
...
Separates platform time abstraction into it's own header from the
general platform abstraction as both depend on different build options.
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
2016-07-13 14:46:18 +01:00
James Cowgill
7247f99b3e
Fixes missing dependency in ss.h on platform.h
...
Fixes #522 - 'mbedtls_time_t does not name a type in ssl.h'
2016-07-11 13:57:05 +01:00
Simon Butcher
1d46a2d5aa
Fix issue with reuse of custom yotta configs for target_config.h ( #530 )
2016-07-11 10:17:03 +01:00
Simon Butcher
905cef6c2c
Changed library version number to 2.3.0
2016-06-27 19:36:45 +01:00
Simon Butcher
ab069c6b46
Merge branch 'development' into development-restricted
2016-06-23 21:42:26 +01:00
Simon Butcher
b2c81b12bb
Added target_config.h as a custom header for yotta use
2016-06-23 13:56:06 +01:00
Janos Follath
efc665f80f
Fix mbedtls_ssl_set_hostname documentation
2016-06-22 00:21:32 +01:00
Janos Follath
1b8571cd25
Merge branch 'development' into development-restricted
2016-06-21 13:51:17 +01:00
Aaron Jones
d96e526093
ssl.h: tidy up the documentation comments ( #505 )
...
ssl.h: Tidy up and correct documentation errors.
2016-06-17 15:40:41 +01:00
Janos Follath
15ab7ed0f3
Merge branch 'development' into development-restricted
...
Conflicts:
programs/pkey/rsa_decrypt.c
programs/pkey/rsa_encrypt.c
programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Simon Butcher
4157b6004d
Renames null entropy source function for clarity
2016-06-12 00:31:33 +01:00
Simon Butcher
ab5df40054
Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY
...
Following review and for clarity, changed the name of the feature to 'null
entropy'.
2016-06-11 02:31:21 +01:00
Simon Butcher
30b5f978eb
Removes target_config.h file from default and thread configs
...
target_config.h is no longer needed for target/platform configurations so
this change removes it from the default and platform configurations for mbed
builds.
2016-06-10 19:42:15 +01:00
Paul Bakker
71a597a2ba
Update documentation for MBEDTLS_ENTROPY_NV_SEED
2016-06-10 19:42:15 +01:00
Paul Bakker
fc9c7c8bf4
Initial entropy run should be context specific
...
Otherwise test influence each other.
Is a change to the context but only if the NV seed feature is enabled
2016-06-10 19:42:15 +01:00
Paul Bakker
66fdf34e81
Add MBEDTLS_FS_IO guard on default NV seed defines in platform.h
...
The default implementation won't work without MBEDTLS_FS_IO, so
leave undefined otherwise.
2016-06-10 19:42:15 +01:00
Paul Bakker
d5c9f6d226
Automatically update NV seed on initial entropy run
...
Update the NV entropy seed before generating any entropy for outside
use. The reason this is triggered here and not in mbedtls_entropy_init(),
is that not all entropy sources mights have been added at that time.
2016-06-10 19:42:14 +01:00
Paul Bakker
9988d6bbd9
Introduce mbedtls_nv_seed_poll() entropy polling function
2016-06-10 19:42:14 +01:00
Paul Bakker
cf0a9f96c5
Introduce platform-layer functions for reading/writing seed from NV
...
Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write().
The platform-layer functions are only available when
MBEDTLS_ENTROPY_NV_SEED is enabled.
2016-06-10 19:42:14 +01:00
Janos Follath
f93b8bc2e0
Add requirements for the entropy safety switch in documentation.
2016-06-09 13:54:15 +01:00
Janos Follath
53de78444c
Add entropy safety switch.
...
Add a switch that turns entropy collecting off entirely, but enables
mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS
on platforms that don't have their entropy sources integrated yet.
2016-06-09 11:54:54 +01:00
Janos Follath
ce52d7823c
Address user reported coverity issues.
2016-06-07 14:52:35 +01:00
Janos Follath
04b591ee79
Merge branch 'development' for weekly test report.
2016-05-31 10:18:41 +01:00
Simon Butcher
2917b9e5de
Clarified function param in dhm.h
2016-05-25 00:59:37 +01:00
Simon Butcher
9c22e7311c
Merge branch 'development'
2016-05-24 13:25:46 +01:00
Paul Bakker
cfe392bdd4
Add end guard comment
2016-05-23 14:29:31 +01:00
Embedthis Software
c0715cb39f
Fix single threaded builds
2016-05-23 14:29:31 +01:00
Simon Butcher
80119c5d28
Fixes minor typos in comments in pk.h and ctr_drbg.c
...
Fixes typos in PRs #475 and #437
2016-05-23 14:29:30 +01:00
Paul Bakker
4fde40f656
Fix logic to allow at least one PKCS version enabled
2016-05-23 14:29:30 +01:00
Paul Bakker
37068a79fe
Add check to prevent enabling of RSA without selecting PKCS version(s)
2016-05-23 14:29:30 +01:00
SimonB
295dfa24e7
Clarifies documentation on reported memory statistics
2016-05-23 14:29:29 +01:00
James Cowgill
c788b4cb5a
Fix segfault on x32 by using better register constraints in bn_mul.h
...
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.
The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2016-05-23 14:29:28 +01:00
Simon Butcher
db0feca55c
Fixes platform time_t abstraction
...
Fixes platform abstraction in error.c and the file that it's generated
from as well as DTLS samples.
2016-05-17 00:03:14 +01:00
Paul Bakker
9edf1eb062
Merge pull request #376 from jcowgill/x32
...
Support for x32
2016-05-11 20:40:08 +02:00
Paul Bakker
e049ccd405
Add end guard comment
2016-05-11 14:13:02 +01:00
Embedthis Software
17ddff5eaf
Fix single threaded builds
2016-05-11 14:13:02 +01:00
Simon Butcher
295639bfa1
Fixes minor typos in comments in pk.h and ctr_drbg.c
...
Fixes typos in PRs #475 and #437
2016-05-10 19:39:36 +01:00
Attila Molnar
7e8a6fb78c
Fix minor doc issue
2016-05-05 14:28:28 +01:00
SimonB
5be3a25691
Clarifies documentation on reported memory statistics
2016-05-05 14:25:03 +01:00
Attila Molnar
0b98d2f086
Fix minor doc issue
2016-05-02 11:06:47 +02:00
Simon Butcher
80aea30aa5
Fixes syntax and naming for check-names.sh
...
Some macros were failing checks by check-names.sh
2016-04-27 00:28:14 +01:00
Simon Butcher
3fe6cd3a2d
Fixes time() abstraction for custom configs
...
Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.
2016-04-26 19:51:29 +01:00
SimonB
d5800b7761
Abstracts away time()/stdlib.h into platform
...
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
Janos Follath
c351d18c0e
Restore a change in the documentation.
...
Using the wildcard name MBEDTLS_PLATFORM_XXX_ALT made the Travis build
fail.
2016-03-21 08:43:59 +00:00
Janos Follath
d75b782d0d
Fix a typo that confuses check-names.sh
2016-03-18 16:47:10 +00:00
Janos Follath
9194744595
Add exit value macros to platform abstraction layer.
2016-03-18 14:05:28 +00:00
Simon Butcher
68c0bd72bc
Clarified current status of RC4 usage
...
Made clear RC4 has been deprecated by IETF standard, and disabled
by default in the library.
2016-03-17 21:08:46 +00:00
Simon Butcher
7ef5cf3c54
Provided doxygen function definitions for debug.h
...
Documented each function definition.
2016-03-17 21:08:29 +00:00
Simon Butcher
d567a23c59
Fix typos, grammar in the comments and clarify them
2016-03-09 20:19:21 +00:00
Janos Follath
e2681a448b
Update default configuration
...
Change the default settings for SSL and modify the tests accordingly.
2016-03-09 19:32:11 +00:00
Simon Butcher
e846b5128f
Use the SSL IO and time callback typedefs consistently
...
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-09 19:32:09 +00:00
Simon Butcher
c0957bdc13
Fix some minor typos in comments
...
Fix spelling mistakes and typos.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
986bbf24ce
x509:
...
-
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
d1b7f2b8cf
ssl: ignore CertificateRequest's content for real
...
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
eeef947040
Clarify documentation about missing CRLs
...
Also tune up some working while at it.
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
9d6241269a
Add note about not implementing PSK id_hint
2016-03-09 19:32:08 +00:00
Simon Butcher
157cb656a9
Clarified mbedtls_ssl_conf_alpn_protocols() doc
...
Clarified the lifetime of the protos parameter passed in the
function mbedtls_ssl_conf_alpn_protocols().
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
02049dcbd1
Add links to KB articles
2016-02-22 16:46:34 +00:00
Manuel Pégourié-Gonnard
325ce093f9
Give better error messages for semi-portable parts
...
Previously it was failing with errors about headers not found, which is
suboptimal in terms of clarity. Now give a clean error with pointer to the
documentation.
Do the checks in the .c files rather than check_config.h as it keeps them
closer to the platform-specific implementations.
2016-02-22 10:47:32 +01:00
Manuel Pégourié-Gonnard
d13b9507b3
Improve documentation of some SSL callbacks
...
The previous documentation was not explicit about what was expected of the
callbacks - the user had to infer that from the descriptions in net.h or
timing.h, and it was not clear what was part of the calling convention and
what was specific to our implementation.
2016-02-22 10:13:22 +01:00
Manuel Pégourié-Gonnard
edb1a48397
dtls: improve doc about handshake timeouts
2016-01-29 16:05:55 +01:00
Manuel Pégourié-Gonnard
365f325e03
Make check-names.sh happy
2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
25caaf36a6
Avoid build errors with -O0 due to assembly
2016-01-08 14:29:11 +01:00
Simon Butcher
bfafadb45d
Change version number to 2.2.1
...
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
76da60c56e
Fix doxygen warnings for generic names in config.h
...
When we use the same documentation for a list of #defines, we used to use a
generic name in the \def command. Use the first name of the list instead so
that doxygen stops complaining, and mention the generic name in the longer
description.
This is not entirely satisfactory as the full list of macros will not be
included in the generated doc, but it's still an improvement as at least the
first macro is documented now, with a hint that there are others.
2016-01-04 13:51:01 +01:00
Manuel Pégourié-Gonnard
ddbb166041
Reintroduce line deleted by accident
2016-01-04 12:40:15 +01:00
Simon Butcher
5b331b9d48
Various fixes to doxygen API generation
...
* Fixed incorrect file definitions
* Fixed accidental tag problems in ecjpake.h
* Corrected function naming in X.509 module definition
2016-01-03 16:14:14 +00:00
Simon Butcher
9803d07a63
Fix for MPI divide on MSVC
...
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 00:24:34 +00:00
Simon Butcher
4c2bfdbff6
Merge 'iotssl-558-md5-tls-sigs-restricted'
2015-12-23 18:33:54 +00:00
Simon Butcher
fabce5e137
Merge branch 'misc' into development
...
Fixes github #358 , #362 and IOTSSL-536
2015-12-22 18:56:56 +00:00
James Cowgill
21e402a3ae
Fix segfault on x32 by using better register constraints in bn_mul.h
...
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.
The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2015-12-17 13:08:47 +00:00
Manuel Pégourié-Gonnard
acbb050118
Make documentation more explicit on TLS errors
...
fixes #358
2015-12-10 13:57:27 +01:00
Manuel Pégourié-Gonnard
47229c7cbb
Disable MD5 in handshake signatures by default
2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard
e2e25e7427
DTLS: avoid dropping too many records
...
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).
So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.
This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()
fixes #345
2015-12-03 16:13:17 +01:00
Simon Butcher
8254ed2a9f
Change version number to 2.2.0
...
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard
ba1d897987
Merge branch 'bugfixes' into development
...
* bugfixes:
Fix typo in an OID name
Disable reportedly broken assembly of Sparc(64)
2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard
fb84d38b45
Try to prevent some misuse of RSA functions
...
fixes #331
2015-10-30 10:56:25 +01:00
Simon Butcher
204606238c
Merge branch 'development' into misc
2015-10-27 16:57:34 +00:00
Simon Butcher
5f7c34b8b0
Merge branch iotssl-521-keylen-check
2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard
65eefc8707
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
e5f3072aed
Fix #ifdef inconsistency
...
fixes #310
Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a
Disable reportedly broken assembly of Sparc(64)
...
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b
Merge branch 'development' into iotssl-461-ecjpake-finalization
...
* development: (73 commits)
Bump yotta dependencies version
Fix typo in documentation
Corrected misleading fn description in ssl_cache.h
Corrected URL/reference to MPI library
Fix yotta dependencies
Fix minor spelling mistake in programs/pkey/gen_key.c
Bump version to 2.1.2
Fix CVE number in ChangeLog
Add 'inline' workaround where needed
Fix references to non-standard SIZE_T_MAX
Fix yotta version dependencies again
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
Remove inline workaround when not useful
Fix macroization of inline in C++
Changed attribution for Guido Vranken
Merge of IOTSSL-476 - Random malloc in pem_read()
Fix for IOTSSL-473 Double free error
Fix potential overflow in CertificateRequest
...
Conflicts:
include/mbedtls/ssl_internal.h
library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard
cf82893411
Disable EC J-PAKE by default (experimental)
2015-10-20 14:57:00 +02:00
Manuel Pégourié-Gonnard
db90c82eb7
Fix typo in documentation
2015-10-20 09:36:39 +02:00
Simon Butcher
e3132a9e5a
Corrected misleading fn description in ssl_cache.h
...
Mistake in comments spotted by Andris Mednis
2015-10-19 19:28:41 +01:00
Manuel Pégourié-Gonnard
024b6df3b1
Improve key export API and documentation
...
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths
Also fix some trailing whitespace while at it
2015-10-19 13:52:53 +02:00
Manuel Pégourié-Gonnard
4104864e54
ECHDE-PSK does not use a certificate
...
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
adeb7d8ec9
Move all KEY_EXCHANGE__ definitions in one place
2015-10-09 14:44:47 +01:00
Robert Cragie
4289c0d1fa
Typo in parameter name
2015-10-06 17:20:41 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
c80a74f734
Merge branch 'development' into development-restricted
...
* development:
Add 'inline' workaround where needed
2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard
2ac9c60838
Add 'inline' workaround where needed
...
Was previously using the workaround from md.h
2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6
Merge branch 'development' into development-restricted
...
* development:
Remove inline workaround when not useful
Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3
Fix for #279 macroisation of 'inline' keyword
2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
2d7083435d
Fix references to non-standard SIZE_T_MAX
...
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard
899ac849d0
Merge branch 'development' into development-restricted
...
* development:
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
cb6af00e2a
Add missing warning in doc
...
Found by Nicholas Wilson
fixes #288
2015-10-05 12:12:39 +01:00
Manuel Pégourié-Gonnard
5a2e389811
Remove inline workaround when not useful
...
This header doesn't have nay inline function any more
2015-10-05 11:55:39 +01:00
Manuel Pégourié-Gonnard
0223ab9d38
Fix macroization of inline in C++
...
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher
6418ffaadb
Merge fix for IOTSSL-480 - base64 overflow issue
2015-10-05 09:54:11 +01:00
Robert Cragie
4feb7ae8c2
Added key export API
2015-10-02 13:33:37 +01:00
Robert Cragie
7cdad7708e
Add point format handling
2015-10-02 13:31:41 +01:00
Manuel Pégourié-Gonnard
ef388f168d
Merge branch 'development' into development-restricted
...
* development:
Updated ChangeLog with credit
Fix a fairly common typo in comments
Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
0aa45c209a
Fix potential overflow in base64_encode
2015-09-30 16:37:49 +02:00
Simon Butcher
9f81231fb8
Revised hostname length check from review
2015-09-28 19:22:33 +01:00
Simon Butcher
89f77623b8
Added max length checking of hostname
2015-09-27 22:50:49 +01:00
Tillmann Karras
588ad50c5a
Fix a fairly common typo in comments
2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard
77c0646ef2
Add cache for EC J-PAKE client extension
...
Not used yet, just add the variables and cleanup code.
2015-09-17 13:59:49 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8
Bump version to 2.1.1
2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard
75df902740
Add warning on config options
...
Note to self: actually disable before merging that branch!
2015-09-16 23:21:01 +02:00
Manuel Pégourié-Gonnard
bf57be690e
Add server extension parsing
...
Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag
for both), and ignore extension if we have no password.
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
eef142d753
Depend on ECJPAKE key exchange, not module
...
This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.
Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.)
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
538cb7b0b4
Add the ECJPAKE ciphersuite
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
557535d8c4
Add ECJPAKE key exchange
2015-09-16 22:58:29 +02:00
Simon Butcher
5793e7ef01
Merge 'development' into iotssl-411-port-reuse
...
Conflicts:
ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
294139b57a
Add client extension writing
2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
b813accf84
Add mbedtls_ecjpake_check(), tells if set up
...
This will be used in SSL to avoid the computation-heavy processing of EC
J-PAKE hello extensions in case we don't have an EC J-PAKE password
2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
7002f4a560
Add mbedtls_ssl_set_hs_ecjpake_password()
2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
76cfd3f97f
Add EC J-PAKE context in handshake structure
2015-09-15 18:24:08 +02:00
Manuel Pégourié-Gonnard
f472179d44
Adjust dependencies for EC extensions
...
The Thread spec says we need those for EC J-PAKE too.
However, we won't be using the information, so we can skip the parsing
functions in an EC J-PAKE only config; keep the writing functions in order to
comply with the spec.
2015-09-15 18:22:00 +02:00
Simon Butcher
1a57af1607
Update ssl.h
...
Typo
2015-09-11 17:14:16 +01:00
Simon Butcher
4f6882a8a3
Update config.h
...
Typo in RFC x-ref comment.
2015-09-11 17:12:46 +01:00
Manuel Pégourié-Gonnard
ddfe5d20d1
Tune dependencies
...
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
62c74bb78a
Stop wasting resources
...
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.
Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
Nicholas Wilson
2088e2ebd9
fix const-ness of argument to mbedtls_ssl_conf_cert_profile
...
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard
222cb8db22
Tune related documentation while at it
2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard
3a2a4485d4
Update documentation
2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard
be619c1264
Clean up error codes
2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
26d227ddfc
Add config flag for support of client port reuse
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
55f3d84faa
fixup-include
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
f7368c983a
Polish API and documentation
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
e1927101fb
Unify round two
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d8204a7bea
Provide symmetric API for the first round
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
ce4567614b
Rename variable to prepare for cli/srv unification
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6b798b9dae
Tune up some comments
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
e0ad57b0b3
Replace explicit IDs with table look-ups
...
That's a first step towards merging symmetric version of different functions
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
5f18829609
Add derive_pms, completing first working version
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6449391852
Store our role in the context
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
614bd5e919
Add write_client_params
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
ec0eece2ba
Add read_client_params
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
cb7cd03412
Add first draft or read_server_params
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
23dcbe3f16
Add support for passphrase in the context
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
4e8bc78ad9
Add context-using functions for Hello extensions
...
Also re-order functions in the header so that they appear in the order they're
use, ie free() last.
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
7af8bc1007
Start introducing mbedtls_ecjpake_context
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6029a85572
Add ecjpake_zpk_read()
...
Not really tested yet
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
d9a3f47ecd
Add mbedtls_ecp_gen_keypair_base()
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff
Add skeleton for EC J-PAKE module
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
aac5502553
Bump version to 2.1.0
2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
5f5e0ec3f1
Improve mbedtls_ssl_write() documentation
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
a2cda6bfaf
Add mbedtls_ssl_get_max_frag_len()
...
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
bb83844a1d
Clarify that there are two SSL I/O buffers
2015-08-31 12:46:01 +02:00
Manuel Pégourié-Gonnard
46c4fa16ab
Fix missing casts on return
...
closes #236
2015-08-12 09:27:55 +02:00
Manuel Pégourié-Gonnard
e2b0efe24b
Separate license from comments in config.h
2015-08-11 10:38:37 +02:00
Manuel Pégourié-Gonnard
ac50fc5e2f
Fix typo in doc
2015-08-10 13:07:09 +02:00
Manuel Pégourié-Gonnard
854dab96fe
Fix the fix for armcc5 --gnu
...
Only exclude armcc5, not armcc6.
2015-08-10 12:11:31 +02:00
Manuel Pégourié-Gonnard
32da9f66a8
Add support for MBEDTLS_USER_CONFIG_FILE
2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
43569a93cc
Use #ifdef rather than patch for target_config.h
2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
63e7ebaaa1
Add material for generating yotta module
2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard
e14dec68ea
Fix stupid typo in previous commit
2015-08-04 22:49:33 +02:00
Manuel Pégourié-Gonnard
f659f0c214
Disable Padlock code with ASan
...
We're getting build errors with Clang 3.5.0 on our Debian Jessie buildslave:
library/padlock.c:99:10: error: inline assembly requires more registers than available
2015-08-04 22:19:05 +02:00
Manuel Pégourié-Gonnard
e96ce08a21
Fix compile error with armcc5 --gnu
2015-07-31 10:58:06 +02:00
Manuel Pégourié-Gonnard
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
10c767488b
Adjust rename/compat list
2015-07-15 11:07:26 +02:00
Paul Bakker
4cb87f409d
Prepare for 2.0.0 release
2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
1409616d9c
Fix one renaming in the list
...
Found by Simon while testing the upgrade guide
2015-07-09 09:17:18 +01:00
Manuel Pégourié-Gonnard
20af64dc2c
Still need to #define inline for MSVC
...
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard
052a6c9cfe
Add mbedtls_md_clone()
2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard
16d412f465
Add md/shaXXX_clone() API
...
Will be used in the SSL/TLS modules
2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard
7893103154
Remove 1024 bits DHM params and add one 4096 bit
2015-07-03 17:06:39 +02:00
Manuel Pégourié-Gonnard
7c3b4ab6f2
Fix typos in comments
2015-07-02 17:59:52 +02:00
Manuel Pégourié-Gonnard
5791109707
Make the hardclock test optional
...
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard
9bd0afdb22
Add guards for closed socket in net.c
...
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.
This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard
2505528be4
Rm obsolete defines for inline wiht MSVC
...
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard
abc729e664
Simplify net_accept() with UDP sockets
...
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
3d7d00ad23
Rename mbedtls_net_close() to mbedtls_net_free()
...
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard
91895853ac
Move from naked int to a structure in net.c
...
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard
a16e7c468c
Rename a debug function
2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard
b74c245a20
Rework debug to not need dynamic alloc
...
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard
9db2887672
Actually enable fixed snprintf on windows
2015-06-26 11:04:08 +02:00
Manuel Pégourié-Gonnard
dc54ff8578
Improve documentation about SSL ticket encryption
2015-06-25 12:44:46 +02:00
Manuel Pégourié-Gonnard
216a1831de
Fix whitespace in CMakeLists.txt
...
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
53585eeb17
Remove test DHM params from certs.c
...
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
0761733c1b
Fix potential NULL dereference
...
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)
Also made me notice net_recv_timeout didn't do its job properly.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
fd474233c8
Change SSL debug API in the library
2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
e244f9ffc0
Improve doc about length of strings written
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
d23f593737
Avoid static buffer in debug module
...
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
1cd10adc7c
Update prototype of x509write_set_key_usage()
...
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
655a964539
Adapt check_key_usage to new weird bits
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9a702255f4
Add parsing/printing for new X.509 keyUsage flags
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
07894338a0
Rename M255 to Curve25519
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
7320eb46d4
Remove references to some Montgomery curves
...
After all it looks like those won't become standard.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
e7e89844d6
Fix and document corner-cases of time checking
2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard
cdc26ae099
Add mbedtls_ssl_set_hs_authmode
...
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard
1685368408
Rationalize snprintf() usage in X.509 modules
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
6c0c8e0d3d
Include fixed snprintf for Windows in platform.c
...
Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too.
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
8ba88f0460
Fix stupid typo in documentation
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
7580ba475d
Add a concept of entropy source strength.
...
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
3f77dfbd52
Add MBEDTLS_ENTROPY_HARDWARE_ALT
...
Makes it easier for an external module to plug its hardware entropy collector.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
bf82ff0209
Fix entropy thresholds
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
60c793bdc9
Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
...
First one means we have time() but it may not return the actual wall clock
time, second means it does.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
c0696c216b
Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen
2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
097c7bb05b
Rename relevant global symbols from size to bitlen
...
Just applying rename.pl with this file:
mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard
fb317c5221
Rename parameter in a x509 helper
2015-06-18 16:41:13 +02:00
Manuel Pégourié-Gonnard
39a48f4934
Internal renamings in PK
...
+ an unrelated comment in SSL
2015-06-18 16:06:55 +02:00
Manuel Pégourié-Gonnard
12ad798c87
Rename ssl_session.length to id_len
2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard
797f48ace6
Rename ecp_curve_info.size to bit_size
2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210
Rename key_length in cipher_info
2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
b8186a5e54
Rename len to bitlen in function parameters
...
Clarify a few comments too.
2015-06-18 14:58:58 +02:00
Manuel Pégourié-Gonnard
b31c5f68b1
Add SSL presets.
...
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
7bfc122703
Implement sig_hashes
2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard
36a8b575a9
Create API for mbedtls_ssl_conf_sig_hashes().
...
Not implemented yet.
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
9d412d872c
Small internal changes in curve checking
...
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
27716cc1da
Clarify a point in the documentation
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
b541da6ef3
Fix define for ssl_conf_curves()
...
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
6e3ee3ad43
Add mbedtls_ssl_conf_cert_profile()
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
f8ea856296
Change data structure of profiles to bitfields
...
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too
Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
88db5da117
Add pre-defined profiles for cert verification
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4
Create cert profile API (unimplemented yet)
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bd990d6629
Add ssl_conf_dhm_min_bitlen()
2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
1b1e65f541
Fix typos and other small issues in doc
2015-06-11 13:38:03 +02:00
Manuel Pégourié-Gonnard
7ee5ddd798
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix compile errors with NO_STD_FUNCTIONS
Expand config.pl's notion of "full"
Ack external bugfix in Changelog
FIx misplaced Changelog entry (oops)
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5
Fix compile errors with NO_STD_FUNCTIONS
2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21
Avoid in-out length in dhm_calc_secret()
2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
f79b425226
Avoid in-out length parameter in bignum
2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard
77cfe177e1
Remove now-useless typedef in ssl.h
2015-06-02 11:18:35 +01:00
Manuel Pégourié-Gonnard
c730ed3f2d
Rename boolean functions to be clearer
2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard
3eb50fa591
Cosmetics in doxygen doc
2015-06-02 10:28:09 +01:00
Manuel Pégourié-Gonnard
6ca7624952
Mark unused constant as such
2015-06-02 09:55:32 +01:00
Manuel Pégourié-Gonnard
81abefd46c
Fix typos/style in doxygen documentation
2015-05-29 12:53:47 +02:00
Manuel Pégourié-Gonnard
d14acbc31a
Test assumptions we make about the platform
...
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
f78e4de6f4
Fix warnings from -pedantic
2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard
864108daab
Move from gmtime_r to gmtime + mutexes
...
* gmtime_r is not standard so -std=c99 warns about it
* Anyway we need global mutexes in the threading layer, so better depend only
on that, rather that global mutexes + some _r functions
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
ba19432d2e
Move from asm to __asm by default
...
- GCC with -std=c99 warns about asm but likes __asm
_ armcc5 has __asm but not asm
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
2a84dfd747
Make ssl_cookie.c thread-safe
2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard
b48ef9cce9
Improve documentation about HelloVerifyRequest
2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard
398b206ff0
Update doc for ssl_conf_renegotiation
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
41b9c2b418
Remove individual mdX_file() and shaX_file()
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
bfffa908a6
Implement md_file in the MD layer
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
eb0d8706ce
Add option for even smaller SHA-256
2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard
6a8ca33fa5
Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED
2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
160e384360
Fix bad name choice
2015-05-27 20:27:06 +02:00
Manuel Pégourié-Gonnard
a7f8033fa4
Fix oversights in s/malloc/calloc/
2015-05-27 20:26:40 +02:00