Manuel Pégourié-Gonnard
e0b2feae34
Mention performance fix in ChangeLog
2015-10-27 10:24:54 +01:00
Simon Butcher
e357a64355
Merge pull request #328 from ARMmbed/iotssl-461-ecjpake-finalization
...
Iotssl 461 ecjpake finalization
2015-10-27 00:08:31 +00:00
Manuel Pégourié-Gonnard
231a065909
yotta Readme: edited by Irit
2015-10-26 17:50:04 +01:00
Janos Follath
3fc644f246
Removed recursion from fix #309 .
2015-10-25 14:24:10 +01:00
Janos Follath
8483e28e21
Merge remote-tracking branch 'upstream/development' into iss309
2015-10-25 12:36:03 +01:00
Janos Follath
6cbacec3b3
Improved on the fix of #309 and extended the test to cover subroutines.
2015-10-25 12:31:27 +01:00
Janos Follath
044a86bde8
Tests and fix added for #309 (inplace mpi doubling).
2015-10-25 10:58:03 +01:00
Manuel Pégourié-Gonnard
65eefc8707
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
ac8673cb3f
Add quick script to estimate ROM footprint
2015-10-23 15:51:02 +02:00
Manuel Pégourié-Gonnard
de9f953b9f
Optimize more common cases in ecp_muladd()
2015-10-23 15:50:37 +02:00
Manuel Pégourié-Gonnard
d21eb2ae81
Fix attribution in ChangeLog
2015-10-23 15:35:02 +02:00
Manuel Pégourié-Gonnard
fbdf06c1a4
Fix handling of non-fatal alerts
...
fixes #308
2015-10-23 13:11:31 +02:00
Manuel Pégourié-Gonnard
503a5efef1
Add key-exchanges.pl to test list
2015-10-23 09:04:45 +02:00
Manuel Pégourié-Gonnard
50bd2607b8
Add -Werror to reduced configs test scripts
2015-10-23 08:53:34 +02:00
Manuel Pégourié-Gonnard
5c2a7ca989
Fix warning in some reduced configs
2015-10-23 08:48:41 +02:00
Manuel Pégourié-Gonnard
e5f3072aed
Fix #ifdef inconsistency
...
fixes #310
Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
5df9216c9e
Add script to test configs with single key exchanges
2015-10-22 16:11:39 +02:00
Manuel Pégourié-Gonnard
7980096899
Further update Redmes regarding the two editions
2015-10-22 10:48:47 +02:00
Manuel Pégourié-Gonnard
87173fa6d5
yotta Readme: mention all examples
2015-10-21 18:38:02 +02:00
Manuel Pégourié-Gonnard
ac121731eb
yotta Readme: expand configuration example
2015-10-21 18:33:07 +02:00
Manuel Pégourié-Gonnard
f13139ab63
yotta readme: mention supported platforms
2015-10-21 18:32:34 +02:00
Manuel Pégourié-Gonnard
71956c9db9
Fix warnings about locations of header files
2015-10-21 17:59:05 +02:00
Manuel Pégourié-Gonnard
f45fd73d65
Remove TLS Client example, see mbed-tls-sockets
2015-10-21 17:54:11 +02:00
Manuel Pégourié-Gonnard
66fc07362e
Fix typo in an OID name
...
fixes #314
2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a
Disable reportedly broken assembly of Sparc(64)
...
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
bc5e508855
Fix other int casts in bounds checking
...
Not a security issue as here we know the buffer is large enough (unless
something else if badly wrong in the code), and the value cast to int is less
than 2^16 (again, unless issues elsewhere).
Still changing to a more correct check as a matter of principle
2015-10-21 12:51:16 +02:00
Manuel Pégourié-Gonnard
4dc9b394d3
Fix other occurrences of same bounds check issue
...
Security impact is the same: not triggerrable remotely except in very specific
use cases
2015-10-21 12:50:45 +02:00
Manuel Pégourié-Gonnard
22c3b7b9da
Fix potential buffer overflow in asn1write
2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard
261faed725
Fix potential heap corruption on Windows
...
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard
cdea97c1c3
Remove useless code
...
closes #321
2015-10-20 20:06:36 +02:00
Manuel Pégourié-Gonnard
173c790722
Fix potential double-free in ssl_conf_psk()
2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard
c8cd2c6577
Small fix to 'make test' script
...
When the tests fail they don't display the number of skipped and run test
2015-10-20 17:01:10 +02:00
Manuel Pégourié-Gonnard
8a7a189220
Fix curves.pl for ECJPAKE disabled by default
2015-10-20 16:56:12 +02:00
Manuel Pégourié-Gonnard
4b20c0ee53
Fix potential stack buffer overflow in ecjpake
...
Two causes:
- the buffer is too short (missing 4 bytes for encoding id_len)
- the test was wrong
Would only happen when MBEDTLS_ECP_MAX_BITS == the bitsize of the curve
actually used (does not happen in the default config).
Could not be triggered remotely.
2015-10-20 16:20:56 +02:00
Manuel Pégourié-Gonnard
12ca6f5b9c
Update ssl-opt.sh for EC J-PAKE disabled by default
2015-10-20 15:24:51 +02:00
Manuel Pégourié-Gonnard
1ef96c2231
Update ChangeLog for the EC J-PAKE branch
2015-10-20 15:04:57 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b
Merge branch 'development' into iotssl-461-ecjpake-finalization
...
* development: (73 commits)
Bump yotta dependencies version
Fix typo in documentation
Corrected misleading fn description in ssl_cache.h
Corrected URL/reference to MPI library
Fix yotta dependencies
Fix minor spelling mistake in programs/pkey/gen_key.c
Bump version to 2.1.2
Fix CVE number in ChangeLog
Add 'inline' workaround where needed
Fix references to non-standard SIZE_T_MAX
Fix yotta version dependencies again
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
Remove inline workaround when not useful
Fix macroization of inline in C++
Changed attribution for Guido Vranken
Merge of IOTSSL-476 - Random malloc in pem_read()
Fix for IOTSSL-473 Double free error
Fix potential overflow in CertificateRequest
...
Conflicts:
include/mbedtls/ssl_internal.h
library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard
cf82893411
Disable EC J-PAKE by default (experimental)
2015-10-20 14:57:00 +02:00
Manuel Pégourié-Gonnard
3e5b5f192e
Tune up config-thread.h a bit more
2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
ca700b2371
Add config-thread.h to test-ref-configs.pl
2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
eb47b870b1
Rework test-ref-configs.pl to also use ssl-opt.sh
2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
b6fe70b928
Tune up the Thread mini config
2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
b4d9d360e0
Bump yotta dependencies version
2015-10-20 09:56:34 +02:00
Manuel Pégourié-Gonnard
db90c82eb7
Fix typo in documentation
2015-10-20 09:36:39 +02:00
Simon Butcher
e3132a9e5a
Corrected misleading fn description in ssl_cache.h
...
Mistake in comments spotted by Andris Mednis
2015-10-19 19:28:41 +01:00
Manuel Pégourié-Gonnard
5674a9797a
Fix compilers warnings in reduced configs
2015-10-19 15:14:03 +02:00
Manuel Pégourié-Gonnard
9f52cac4bc
Rename config-ecjpake to thread and minify it
...
- in the future thread might need more than just EC J-PAKE
- use the same format as the other mini configurations (no doxygen doc, only
showing what is enabled)
2015-10-19 14:06:07 +02:00
Manuel Pégourié-Gonnard
024b6df3b1
Improve key export API and documentation
...
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths
Also fix some trailing whitespace while at it
2015-10-19 13:52:53 +02:00
Manuel Pégourié-Gonnard
b7da194939
ecjpake: fix uninitialize member
2015-10-19 13:35:22 +02:00
Simon Butcher
334a87be0b
Corrected URL/reference to MPI library
2015-10-14 22:56:44 +01:00