Commit graph

2214 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
6029a85572 Add ecjpake_zpk_read()
Not really tested yet
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
c618195bc4 Fix base point in ecjpake_write_zkp() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
d9a3f47ecd Add mbedtls_ecp_gen_keypair_base() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
8489f17277 First draft of ecjpake_write_zkp() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
3dbf2fbb89 Implement hashing function for ZKP 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12 Fix RSA mutex fix
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
1385a289f4 Fix possible mutex lock/unlock mismatch
fixes #257
2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard
e578b1c79a Relax timing_self_test for windows idiosyncrasies 2015-08-18 20:11:48 +02:00
Manuel Pégourié-Gonnard
c98204e68f Fix missing break in switch for SSL presets
closes #235
2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard
91bbfb6fb7 Make timing selftest less sensitive
- allow up to 12.5% security/error margin
- use larger delays
- this avoid the security/error margin being too low

The test used to fail about 1 out of 6 times on some buildbots VMs, but never
failed on the physical machines used for development.
2015-08-10 14:33:12 +02:00
Manuel Pégourié-Gonnard
ed46c436c0 Fix error when loading libmbedtls.so 2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard
111ce9f735 Fix build error with shared libraries for windows 2015-08-07 12:07:16 +02:00
Manuel Pégourié-Gonnard
8018c28600 Add -static-libgcc for Windows dll builds 2015-08-07 11:55:56 +02:00
Manuel Pégourié-Gonnard
620ee19823 Fix return of x509_self_test without SHA-1
No being able to run the test is not a failure
2015-08-07 10:57:47 +02:00
Manuel Pégourié-Gonnard
d1004f02e6 Fix printed output of some selftests 2015-08-07 10:57:41 +02:00
Manuel Pégourié-Gonnard
0a8857435c DTLS: treat bad MAC on Finished as an error
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Simon Butcher
10a6f02f83 Merge branch 'development' into IOTSSL-442-hello-noext
Conflicts:
	ChangeLog
2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard
6f42417ba8 Fix typo in that broke installation in cmake
closes #221
2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard
4cc8c63226 Add test for extensionless ClientHello 2015-07-23 12:24:03 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654 Fix bug with extension-less ServerHello
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
cb0d212c97 Fix level of some debug messages 2015-07-22 11:52:11 +02:00
Manuel Pégourié-Gonnard
b076116e14 Fix one debug message 2015-07-22 11:39:23 +02:00
Manuel Pégourié-Gonnard
1bab7d7064 Fix blank line in comments 2015-07-13 09:06:18 +01:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
fc2ccfe72c Fix missing comma with ENTROPY_HARDWARE_ALT 2015-07-10 11:15:50 +01:00
Manuel Pégourié-Gonnard
a4f055fe0c Some windows environments don't have _snprint_s
Do an alternative version for them.
That happens for example with our windows buildbot with mingw32-make.
2015-07-08 17:35:37 +02:00
Manuel Pégourié-Gonnard
20af64dc2c Still need to #define inline for MSVC
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard
e540b49a3f Add one more debug message 2015-07-07 12:44:38 +02:00
Manuel Pégourié-Gonnard
b4b19f395f Add a debug message 2015-07-07 11:41:21 +02:00
Manuel Pégourié-Gonnard
001f2b6246 Use xxx_clone() instead of memcpy() in SSL 2015-07-06 16:54:51 +02:00
Manuel Pégourié-Gonnard
c0bf01e8d2 Undo overzealous renaming of internal variables
The rename script couldn't know it was a local variable with the same name as
on of the global functions
2015-07-06 16:26:23 +02:00
Manuel Pégourié-Gonnard
052a6c9cfe Add mbedtls_md_clone() 2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard
16d412f465 Add md/shaXXX_clone() API
Will be used in the SSL/TLS modules
2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard
b9d64e5bbe Fix missing calls to md/shaxxx_free() 2015-07-06 14:18:56 +02:00
Manuel Pégourié-Gonnard
71d296a15d Add missing calls to _free() in md_wrap
We can't just assume xxx_free() will only zeroize, because of alternative
implementations
2015-07-06 11:36:25 +02:00
Manuel Pégourié-Gonnard
5791109707 Make the hardclock test optional
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard
9bd0afdb22 Add guards for closed socket in net.c
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard
2505528be4 Rm obsolete defines for inline wiht MSVC
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard
636741b176 Remove obsolete hacks for uin32_t
We now require support for stdint.h from the compiler.
2015-07-01 17:13:05 +02:00
Manuel Pégourié-Gonnard
9de64f5af1 Fix MSVC warnings in library and programs 2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard
acecb653d5 Fix mbedtls_net_usleep() on Windows
For some reason select() doesn't seem to work.
2015-07-01 12:00:56 +02:00
Manuel Pégourié-Gonnard
abc729e664 Simplify net_accept() with UDP sockets
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
db2468d7aa Update old comment 2015-06-30 17:19:48 +02:00