yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4536 commits 1 branch 0 tags 94 MiB
Commit graph

1517 commits

Author SHA1 Message Date
Simon Butcher
fabce5e137 Merge branch 'misc' into development 
Fixes github #358, #362 and IOTSSL-536
 2015-12-22 18:56:56 +00:00
Manuel Pégourié-Gonnard
acbb050118 Make documentation more explicit on TLS errors 
fixes #358
 2015-12-10 13:57:27 +01:00
Manuel Pégourié-Gonnard
47229c7cbb Disable MD5 in handshake signatures by default 2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard
e2e25e7427 DTLS: avoid dropping too many records 
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
 2015-12-03 16:13:17 +01:00
Simon Butcher
8254ed2a9f Change version number to 2.2.0 
Changed for library and yotta module
 2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard
ba1d897987 Merge branch 'bugfixes' into development 
* bugfixes:
  Fix typo in an OID name
  Disable reportedly broken assembly of Sparc(64)
 2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard
fb84d38b45 Try to prevent some misuse of RSA functions 
fixes #331
 2015-10-30 10:56:25 +01:00
Simon Butcher
204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
Simon Butcher
5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard
65eefc8707 Fix missing check for RSA key length on EE certs 
- also adapt tests to use lesser requirement for compatibility with old
  testing material
 2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
e5f3072aed Fix #ifdef inconsistency 
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
 2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a Disable reportedly broken assembly of Sparc(64) 
fixes #292
 2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization 
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
 2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard
cf82893411 Disable EC J-PAKE by default (experimental) 2015-10-20 14:57:00 +02:00
Manuel Pégourié-Gonnard
db90c82eb7 Fix typo in documentation 2015-10-20 09:36:39 +02:00
Simon Butcher
e3132a9e5a Corrected misleading fn description in ssl_cache.h 
Mistake in comments spotted by Andris Mednis
 2015-10-19 19:28:41 +01:00
Manuel Pégourié-Gonnard
024b6df3b1 Improve key export API and documentation 
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths

Also fix some trailing whitespace while at it
 2015-10-19 13:52:53 +02:00
Manuel Pégourié-Gonnard
4104864e54 ECHDE-PSK does not use a certificate 
fixes #270
 2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
adeb7d8ec9 Move all KEY_EXCHANGE__ definitions in one place 2015-10-09 14:44:47 +01:00
Robert Cragie
4289c0d1fa Typo in parameter name 2015-10-06 17:20:41 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2 
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
 2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
c80a74f734 Merge branch 'development' into development-restricted 
* development:
  Add 'inline' workaround where needed
 2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard
2ac9c60838 Add 'inline' workaround where needed 
Was previously using the workaround from md.h
 2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted 
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
 2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
2d7083435d Fix references to non-standard SIZE_T_MAX 
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
 2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard
899ac849d0 Merge branch 'development' into development-restricted 
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
 2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
cb6af00e2a Add missing warning in doc 
Found by Nicholas Wilson

fixes #288
 2015-10-05 12:12:39 +01:00
Manuel Pégourié-Gonnard
5a2e389811 Remove inline workaround when not useful 
This header doesn't have nay inline function any more
 2015-10-05 11:55:39 +01:00
Manuel Pégourié-Gonnard
0223ab9d38 Fix macroization of inline in C++ 
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
 2015-10-05 11:41:36 +01:00
Simon Butcher
6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Robert Cragie
4feb7ae8c2 Added key export API 2015-10-02 13:33:37 +01:00
Robert Cragie
7cdad7708e Add point format handling 2015-10-02 13:31:41 +01:00
Manuel Pégourié-Gonnard
ef388f168d Merge branch 'development' into development-restricted 
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
 2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher
9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Simon Butcher
89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras
588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard
77c0646ef2 Add cache for EC J-PAKE client extension 
Not used yet, just add the variables and cleanup code.
 2015-09-17 13:59:49 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard
75df902740 Add warning on config options 
Note to self: actually disable before merging that branch!
 2015-09-16 23:21:01 +02:00
Manuel Pégourié-Gonnard
bf57be690e Add server extension parsing 
Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag
for both), and ignore extension if we have no password.
 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
eef142d753 Depend on ECJPAKE key exchange, not module 
This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.

Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.)
 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
538cb7b0b4 Add the ECJPAKE ciphersuite 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
557535d8c4 Add ECJPAKE key exchange 2015-09-16 22:58:29 +02:00
Simon Butcher
5793e7ef01 Merge 'development' into iotssl-411-port-reuse 
Conflicts:
	ChangeLog
 2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
294139b57a Add client extension writing 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
b813accf84 Add mbedtls_ecjpake_check(), tells if set up 
This will be used in SSL to avoid the computation-heavy processing of EC
J-PAKE hello extensions in case we don't have an EC J-PAKE password
 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
7002f4a560 Add mbedtls_ssl_set_hs_ecjpake_password() 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
76cfd3f97f Add EC J-PAKE context in handshake structure 2015-09-15 18:24:08 +02:00
Manuel Pégourié-Gonnard
f472179d44 Adjust dependencies for EC extensions 
The Thread spec says we need those for EC J-PAKE too.
However, we won't be using the information, so we can skip the parsing
functions in an EC J-PAKE only config; keep the writing functions in order to
comply with the spec.
 2015-09-15 18:22:00 +02:00
Simon Butcher
1a57af1607 Update ssl.h 
Typo
 2015-09-11 17:14:16 +01:00
Simon Butcher
4f6882a8a3 Update config.h 
Typo in RFC x-ref comment.
 2015-09-11 17:12:46 +01:00
Manuel Pégourié-Gonnard
ddfe5d20d1 Tune dependencies 
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
 2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
62c74bb78a Stop wasting resources 
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
 2015-09-09 11:22:52 +02:00
Nicholas Wilson
2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile 
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
 2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard
222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard
3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard
be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
26d227ddfc Add config flag for support of client port reuse 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
55f3d84faa fixup-include 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
f7368c983a Polish API and documentation 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
e1927101fb Unify round two 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d8204a7bea Provide symmetric API for the first round 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
ce4567614b Rename variable to prepare for cli/srv unification 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6b798b9dae Tune up some comments 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
e0ad57b0b3 Replace explicit IDs with table look-ups 
That's a first step towards merging symmetric version of different functions
 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
5f18829609 Add derive_pms, completing first working version 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6449391852 Store our role in the context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
614bd5e919 Add write_client_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
ec0eece2ba Add read_client_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
cb7cd03412 Add first draft or read_server_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
23dcbe3f16 Add support for passphrase in the context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
4e8bc78ad9 Add context-using functions for Hello extensions 
Also re-order functions in the header so that they appear in the order they're
use, ie free() last.
 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
7af8bc1007 Start introducing mbedtls_ecjpake_context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6029a85572 Add ecjpake_zpk_read() 
Not really tested yet
 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
d9a3f47ecd Add mbedtls_ecp_gen_keypair_base() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
5f5e0ec3f1 Improve mbedtls_ssl_write() documentation 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
a2cda6bfaf Add mbedtls_ssl_get_max_frag_len() 
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
bb83844a1d Clarify that there are two SSL I/O buffers 2015-08-31 12:46:01 +02:00
Manuel Pégourié-Gonnard
46c4fa16ab Fix missing casts on return 
closes #236
 2015-08-12 09:27:55 +02:00
Manuel Pégourié-Gonnard
e2b0efe24b Separate license from comments in config.h 2015-08-11 10:38:37 +02:00
Manuel Pégourié-Gonnard
ac50fc5e2f Fix typo in doc 2015-08-10 13:07:09 +02:00
Manuel Pégourié-Gonnard
854dab96fe Fix the fix for armcc5 --gnu 
Only exclude armcc5, not armcc6.
 2015-08-10 12:11:31 +02:00
Manuel Pégourié-Gonnard
32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
43569a93cc Use #ifdef rather than patch for target_config.h 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
63e7ebaaa1 Add material for generating yotta module 2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard
e14dec68ea Fix stupid typo in previous commit 2015-08-04 22:49:33 +02:00
Manuel Pégourié-Gonnard
f659f0c214 Disable Padlock code with ASan 
We're getting build errors with Clang 3.5.0 on our Debian Jessie buildslave:

library/padlock.c:99:10: error: inline assembly requires more registers than available
 2015-08-04 22:19:05 +02:00
Manuel Pégourié-Gonnard
e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
10c767488b Adjust rename/compat list 2015-07-15 11:07:26 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
1409616d9c Fix one renaming in the list 
Found by Simon while testing the upgrade guide
 2015-07-09 09:17:18 +01:00
Manuel Pégourié-Gonnard
20af64dc2c Still need to #define inline for MSVC 
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
 2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard
052a6c9cfe Add mbedtls_md_clone() 2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard
16d412f465 Add md/shaXXX_clone() API 
Will be used in the SSL/TLS modules
 2015-07-06 15:48:34 +02:00