Manuel Pégourié-Gonnard
36a8b575a9
Create API for mbedtls_ssl_conf_sig_hashes().
...
Not implemented yet.
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
9d412d872c
Small internal changes in curve checking
...
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
a83e4e2bf5
Extra check in verify_with_profile()
...
This could happen if someone doesn't set the SSL configuration properly. In
that case we don't want to segfault...
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
b541da6ef3
Fix define for ssl_conf_curves()
...
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
6e3ee3ad43
Add mbedtls_ssl_conf_cert_profile()
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
cbb1f6e5cb
Implement cert profile checking
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
f8ea856296
Change data structure of profiles to bitfields
...
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too
Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
88db5da117
Add pre-defined profiles for cert verification
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4
Create cert profile API (unimplemented yet)
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bd990d6629
Add ssl_conf_dhm_min_bitlen()
2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
7ee5ddd798
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix compile errors with NO_STD_FUNCTIONS
Expand config.pl's notion of "full"
Ack external bugfix in Changelog
FIx misplaced Changelog entry (oops)
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5
Fix compile errors with NO_STD_FUNCTIONS
2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21
Avoid in-out length in dhm_calc_secret()
2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
f79b425226
Avoid in-out length parameter in bignum
2015-06-02 15:41:48 +01:00
ptahpeteh
249bece013
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
...
This causes a compile-time error:
platform.c(157): error: #147 : declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h")
2015-06-02 15:26:09 +02:00
Manuel Pégourié-Gonnard
c730ed3f2d
Rename boolean functions to be clearer
2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard
9d51583772
Fix cipher identifier in des_ede3_info
2015-06-02 10:00:04 +01:00
Manuel Pégourié-Gonnard
0574bb0bdb
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Mark unused constant as such
Update ChangeLog for recent external bugfix
Serious bug fix in entropy.c
Fix memleak with repeated [gc]cm_setkey()
fix minor bug in path_cnt checks
Conflicts:
include/mbedtls/cipher.h
library/ccm.c
library/entropy.c
library/gcm.c
library/x509_crt.c
2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard
468b06dab0
Merge remote-tracking branch 'ptahpeteh/patch-1' into mbedtls-1.3
...
* ptahpeteh/patch-1:
Serious bug fix in entropy.c
2015-06-02 09:03:06 +01:00
ptahpeteh
638fa0bb0f
Serious bug fix in entropy.c
...
Bug: mutex access within entropy_contex after it has been zeroed leads to app crash.
2015-06-01 12:28:29 +02:00
Manuel Pégourié-Gonnard
f78e4de6f4
Fix warnings from -pedantic
2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard
f8b6fdedd9
Remove include that is no longer needed
2015-05-29 10:23:32 +02:00
Manuel Pégourié-Gonnard
864108daab
Move from gmtime_r to gmtime + mutexes
...
* gmtime_r is not standard so -std=c99 warns about it
* Anyway we need global mutexes in the threading layer, so better depend only
on that, rather that global mutexes + some _r functions
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
ba19432d2e
Move from asm to __asm by default
...
- GCC with -std=c99 warns about asm but likes __asm
_ armcc5 has __asm but not asm
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
cb46fd8216
Avoid non-standard strcasecmp()
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
2a84dfd747
Make ssl_cookie.c thread-safe
2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard
41b9c2b418
Remove individual mdX_file() and shaX_file()
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
bfffa908a6
Implement md_file in the MD layer
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
eb0d8706ce
Add option for even smaller SHA-256
2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard
a7a3a5fe37
Make SHA-2 implementation smaller
...
Adjust the size/performance trade-off:
* Reduces size of sha256_process() from 7.4KB to 2KB on ARMv7-M
* Reduces performance by less than 14% on Cortex-M4
* Seems to even improve performance on my Core i7
2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
6a8ca33fa5
Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED
2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
6c967b95ff
Fix typo in memory_buffer_alloc
2015-05-27 20:18:39 +02:00
Manuel Pégourié-Gonnard
944cfe8899
Allow use of global mutexes with threading_alt
2015-05-27 20:12:05 +02:00
Manuel Pégourié-Gonnard
61977614d8
Fix memleak with repeated [gc]cm_setkey()
2015-05-27 17:40:16 +02:00
Manuel Pégourié-Gonnard
43b08574a6
Avoid memory leak with repeated [gc]ccm_setkey()
2015-05-27 17:23:30 +02:00
Manuel Pégourié-Gonnard
3a89559d71
Fix compile errors in pkcs11.c
2015-05-27 17:09:21 +02:00
Manuel Pégourié-Gonnard
1b8de57827
Remove a few redundant memset after calloc.
...
Using the following semantic patch provided by Mansour Moufid:
@@
expression x;
@@
x = mbedtls_calloc(...)
...
- memset(x, 0, ...);
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98
Remove references to malloc in strings/names
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
200e73179e
Adapt memory_buffer_alloc to calloc
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
b9ef1182f3
Adapt the platform layer from malloc to calloc
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9
Replace malloc with calloc
...
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc
Create ssl_internal.h and move some functions
2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
50518f4195
Rename _wrap headers to _internal
...
Makes it clearer that the user is not supposed to include them
2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard
1e9c4db524
Implement key rotation
2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard
887674a33b
Internal changes in preparation for key rotation
...
- two sets of keys
- separate function for key generation/update
2015-05-25 12:19:00 +02:00
Manuel Pégourié-Gonnard
a0adc1bbe4
Make cipher used in ssl tickets configurable
2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard
1041a39338
Use AES-GCM-256 for session ticket protection
2015-05-20 20:19:42 +02:00
Manuel Pégourié-Gonnard
8eff512274
Fix possible signedness issue in time comparison
2015-05-20 11:41:36 +02:00
Manuel Pégourié-Gonnard
0849a0a910
Make ssl ticket functions thread-safe
2015-05-20 11:34:54 +02:00