Commit graph

1587 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 5f5e0ec3f1 Improve mbedtls_ssl_write() documentation 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len()
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard bb83844a1d Clarify that there are two SSL I/O buffers 2015-08-31 12:46:01 +02:00
Manuel Pégourié-Gonnard 46c4fa16ab Fix missing casts on return
closes #236
2015-08-12 09:27:55 +02:00
Manuel Pégourié-Gonnard e2b0efe24b Separate license from comments in config.h 2015-08-11 10:38:37 +02:00
Manuel Pégourié-Gonnard ac50fc5e2f Fix typo in doc 2015-08-10 13:07:09 +02:00
Manuel Pégourié-Gonnard 854dab96fe Fix the fix for armcc5 --gnu
Only exclude armcc5, not armcc6.
2015-08-10 12:11:31 +02:00
Manuel Pégourié-Gonnard 32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard 43569a93cc Use #ifdef rather than patch for target_config.h 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard 63e7ebaaa1 Add material for generating yotta module 2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard e14dec68ea Fix stupid typo in previous commit 2015-08-04 22:49:33 +02:00
Manuel Pégourié-Gonnard f659f0c214 Disable Padlock code with ASan
We're getting build errors with Clang 3.5.0 on our Debian Jessie buildslave:

library/padlock.c:99:10: error: inline assembly requires more registers than available
2015-08-04 22:19:05 +02:00
Manuel Pégourié-Gonnard e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard 10c767488b Adjust rename/compat list 2015-07-15 11:07:26 +02:00
Paul Bakker 4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard 1409616d9c Fix one renaming in the list
Found by Simon while testing the upgrade guide
2015-07-09 09:17:18 +01:00
Manuel Pégourié-Gonnard 20af64dc2c Still need to #define inline for MSVC
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard 052a6c9cfe Add mbedtls_md_clone() 2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard 16d412f465 Add md/shaXXX_clone() API
Will be used in the SSL/TLS modules
2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard 7893103154 Remove 1024 bits DHM params and add one 4096 bit 2015-07-03 17:06:39 +02:00
Manuel Pégourié-Gonnard 7c3b4ab6f2 Fix typos in comments 2015-07-02 17:59:52 +02:00
Manuel Pégourié-Gonnard 5791109707 Make the hardclock test optional
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard 9bd0afdb22 Add guards for closed socket in net.c
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard 2505528be4 Rm obsolete defines for inline wiht MSVC
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard abc729e664 Simplify net_accept() with UDP sockets
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard 3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free()
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard 91895853ac Move from naked int to a structure in net.c
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard b74c245a20 Rework debug to not need dynamic alloc
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard 9db2887672 Actually enable fixed snprintf on windows 2015-06-26 11:04:08 +02:00
Manuel Pégourié-Gonnard dc54ff8578 Improve documentation about SSL ticket encryption 2015-06-25 12:44:46 +02:00
Manuel Pégourié-Gonnard 216a1831de Fix whitespace in CMakeLists.txt
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 53585eeb17 Remove test DHM params from certs.c
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 0761733c1b Fix potential NULL dereference
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard c0d749418b Make 'port' a string in NET module
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard e244f9ffc0 Improve doc about length of strings written 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard d23f593737 Avoid static buffer in debug module
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 1cd10adc7c Update prototype of x509write_set_key_usage()
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 7320eb46d4 Remove references to some Montgomery curves
After all it looks like those won't become standard.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard e7e89844d6 Fix and document corner-cases of time checking 2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard cdc26ae099 Add mbedtls_ssl_set_hs_authmode
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 1685368408 Rationalize snprintf() usage in X.509 modules 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 6c0c8e0d3d Include fixed snprintf for Windows in platform.c
Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too.
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 8ba88f0460 Fix stupid typo in documentation 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 7580ba475d Add a concept of entropy source strength.
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 3f77dfbd52 Add MBEDTLS_ENTROPY_HARDWARE_ALT
Makes it easier for an external module to plug its hardware entropy collector.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard bf82ff0209 Fix entropy thresholds 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
First one means we have time() but it may not return the actual wall clock
time, second means it does.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard 097c7bb05b Rename relevant global symbols from size to bitlen
Just applying rename.pl with this file:

mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard fb317c5221 Rename parameter in a x509 helper 2015-06-18 16:41:13 +02:00
Manuel Pégourié-Gonnard 39a48f4934 Internal renamings in PK
+ an unrelated comment in SSL
2015-06-18 16:06:55 +02:00
Manuel Pégourié-Gonnard 12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard 797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard 898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard b8186a5e54 Rename len to bitlen in function parameters
Clarify a few comments too.
2015-06-18 14:58:58 +02:00
Manuel Pégourié-Gonnard b31c5f68b1 Add SSL presets.
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard 7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard 36a8b575a9 Create API for mbedtls_ssl_conf_sig_hashes().
Not implemented yet.
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard 9d412d872c Small internal changes in curve checking
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard 27716cc1da Clarify a point in the documentation 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard b541da6ef3 Fix define for ssl_conf_curves()
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 6e3ee3ad43 Add mbedtls_ssl_conf_cert_profile() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard f8ea856296 Change data structure of profiles to bitfields
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too

Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 88db5da117 Add pre-defined profiles for cert verification 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 9505164ef4 Create cert profile API (unimplemented yet) 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard bd990d6629 Add ssl_conf_dhm_min_bitlen() 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard 1b1e65f541 Fix typos and other small issues in doc 2015-06-11 13:38:03 +02:00
Manuel Pégourié-Gonnard 7ee5ddd798 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard ba56136b5c Avoid in-out length in base64 2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard 3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard f79b425226 Avoid in-out length parameter in bignum 2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard 77cfe177e1 Remove now-useless typedef in ssl.h 2015-06-02 11:18:35 +01:00
Manuel Pégourié-Gonnard c730ed3f2d Rename boolean functions to be clearer 2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard 3eb50fa591 Cosmetics in doxygen doc 2015-06-02 10:28:09 +01:00
Manuel Pégourié-Gonnard 6ca7624952 Mark unused constant as such 2015-06-02 09:55:32 +01:00
Manuel Pégourié-Gonnard 81abefd46c Fix typos/style in doxygen documentation 2015-05-29 12:53:47 +02:00
Manuel Pégourié-Gonnard d14acbc31a Test assumptions we make about the platform
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard f78e4de6f4 Fix warnings from -pedantic 2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard 864108daab Move from gmtime_r to gmtime + mutexes
* gmtime_r is not standard so -std=c99 warns about it
* Anyway we need global mutexes in the threading layer, so better depend only
  on that, rather that global mutexes + some _r functions
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard ba19432d2e Move from asm to __asm by default
- GCC with -std=c99 warns about asm but likes __asm
_ armcc5 has __asm but not asm
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard 2a84dfd747 Make ssl_cookie.c thread-safe 2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard b48ef9cce9 Improve documentation about HelloVerifyRequest 2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard 398b206ff0 Update doc for ssl_conf_renegotiation 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard 41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard bfffa908a6 Implement md_file in the MD layer 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard eb0d8706ce Add option for even smaller SHA-256 2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard 6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard 160e384360 Fix bad name choice 2015-05-27 20:27:06 +02:00
Manuel Pégourié-Gonnard a7f8033fa4 Fix oversights in s/malloc/calloc/ 2015-05-27 20:26:40 +02:00
Manuel Pégourié-Gonnard 944cfe8899 Allow use of global mutexes with threading_alt 2015-05-27 20:12:05 +02:00
Manuel Pégourié-Gonnard f7c2eebfcf Remove unused struct member in ssl_context
Actually belongs to ssl_session
2015-05-27 18:06:02 +02:00
Manuel Pégourié-Gonnard 200e73179e Adapt memory_buffer_alloc to calloc 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard b9ef1182f3 Adapt the platform layer from malloc to calloc 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard 7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard 065122cfe9 Move some defines to ssl_internal.h 2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard 56273daea0 Move some includes to ssl_internal.h
Also removed one from ssl.h and add it in programs where it belongs
2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard cd4fcc6c8b Move some structures to ssl_internal.h 2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard 5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard 50518f4195 Rename _wrap headers to _internal
Makes it clearer that the user is not supposed to include them
2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard 4214e3a0eb Update dependencies and documentation 2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard 1e9c4db524 Implement key rotation 2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard 887674a33b Internal changes in preparation for key rotation
- two sets of keys
- separate function for key generation/update
2015-05-25 12:19:00 +02:00
Manuel Pégourié-Gonnard a0adc1bbe4 Make cipher used in ssl tickets configurable 2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard 1041a39338 Use AES-GCM-256 for session ticket protection 2015-05-20 20:19:42 +02:00
Manuel Pégourié-Gonnard 0849a0a910 Make ssl ticket functions thread-safe 2015-05-20 11:34:54 +02:00
Manuel Pégourié-Gonnard e057d3bf6b Relax some dependencies
- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY

Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b596abfdc0 Refine cli/srv ifdefs for session tickets
- Only the server needs to generate/parse tickets
- Only the client needs to store them

Also adjust prototype of ssl_conf_session_tickets() while at it.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard cf141ca7e7 Fix #ifdefs on ssl_cli.c or ssl_srv.c
Nothing to do with the current branch except I'm going to refine such #ifdefs
for tickets next and I want to start from a clean state
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 0c0f11f4b3 Update dependencies & includes for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard d59675d92c Move to callback for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 2ff873c0fa Fix SSL_DEBUG macros
Avoid doubled semicolon on usage, which would be bad in non-braced "if"
branches for example.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b0394bebdb Further adapt prototypes of ticket functions
Moving everything in ticket_keys structure, that will soon become
ticket_context.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 69f17280d3 Adapt prototypes of ticket handling functions
This is an intermediate step. The ssl_config argument will be replace by a
ticket context next.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard a4a473516e Rename & move ticket functions to ticket module 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard fd6d8978f9 Add new submodule ssl_ticket 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 53ebe138c6 Fix copyright lines still mentioning Brainspark 2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard dad1ad739d Doc tune-ups 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 0b104b056b Adapt prototype of net_accept() for explicit size 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d9e6a3ac10 Rename pk_init_ctx() -> pk_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d4f04dba42 net.c now depends on select() unconditionally 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard a63bc94a2d Remove timing_m_sleep() -> net_usleep() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 151dc77732 Fix some old names that remained
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 8473f87984 Rename cipher_init_ctx() to cipher_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 66dc5555f0 mbedtls_ssl_conf_arc4_support() depends on ARC4_C 2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard e391c8deda Doc tune-up 2015-05-13 20:34:24 +02:00
Manuel Pégourié-Gonnard 70860adccc SSL timers are no longer just for DTLS
Also, clean up leftover temporary stuff... embarassing
2015-05-13 10:25:28 +02:00
Manuel Pégourié-Gonnard bbd28f7bcc Improve SSL doc about I/O and timeouts 2015-05-13 10:21:42 +02:00
Manuel Pégourié-Gonnard 5a8d56d3a3 Rm hard dependency of DTLS on TIMING_C 2015-05-13 10:10:00 +02:00
Manuel Pégourié-Gonnard 2e01291739 Prepare the SSL modules for using timer callbacks 2015-05-13 09:43:39 +02:00
Manuel Pégourié-Gonnard ca3bdc5632 Add mbedtls_timing_set/get_delay() 2015-05-12 20:45:34 +02:00
Manuel Pégourié-Gonnard 8903fe0fd3 Define timing_selftest() even with TIMING_ALT 2015-05-12 19:30:45 +02:00
Manuel Pégourié-Gonnard 31993f271d Add per-function override for AES 2015-05-12 15:41:08 +02:00
Manuel Pégourié-Gonnard 70a5010783 Create function-level MBETLS_DES_xxx_ALT 2015-05-12 15:17:15 +02:00
Manuel Pégourié-Gonnard e45dba47b5 Remove unused member in des_context 2015-05-12 14:54:15 +02:00
Manuel Pégourié-Gonnard d1a82603ad Tune comments in config.h 2015-05-12 14:20:23 +02:00
Manuel Pégourié-Gonnard eecb43cf0b Manually merge doc fixes from 1.3 2015-05-12 12:56:41 +02:00
Manuel Pégourié-Gonnard 48647b9255 Merge remote-tracking branch 'nw/misc' into mbedtls-1.3
* nw/misc:
  Typos and doc additions
2015-05-12 12:48:12 +02:00
Manuel Pégourié-Gonnard 43b37cbc92 Fix use of pem_read_buffer() in PK, DHM and X509 2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard e3a062ba1f Rename ecp_use_known_dp -> mbedtls_ecp_group_load() 2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard 56cc88a796 Rm ecp_add() and add ecp_muladd() 2015-05-11 18:40:45 +02:00
Manuel Pégourié-Gonnard 6dde596a03 Remove ecp_sub() 2015-05-11 18:18:32 +02:00
Manuel Pégourié-Gonnard aff37e5aa1 Remove ecp_group_read_string() 2015-05-11 18:11:57 +02:00
Manuel Pégourié-Gonnard 06939cebef Fix order of ssl_conf vs ssl_setup in programs
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard 01e5e8c1f8 Change a few ssl_conf return types to void 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 6729e79482 Rename ssl_set_xxx() to ssl_conf_xxx() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 22bfa4bb53 Add ssl_set_hs_ca_chain() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 1897af9e93 Make conf const inside ssl_context (finally) 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 17a40cd255 Change ssl_own_cert to work on ssl_config 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 1af6c8500b Add ssl_set_hs_own_cert() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 8f618a8e65 Rework ssl_set_own_cert() internals 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 120fdbdb3d Change ssl_set_psk() to act on ssl_config 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 4b68296626 Use a specific function in the PSK callback 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 0a4fb09534 Make xxx_drbg_random() thread-safe 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 750e4d7769 Move ssl_set_rng() to act on config 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 5cb3308e5f Merge contexts for session cache 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard ae31914990 Rename ssl_legacy_renegotiation() to ssl_set_... 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 662c6e8cdd Disable truncated HMAC by default 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 1028b74cff Upgrade default DHM params size 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 8836994f6b Move WANT_READ/WANT_WRITE codes to SSL 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard 1b511f93c6 Rename ssl_set_bio_timeout() to set_bio()
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard 97fd52c529 Split ssl_set_read_timeout() out of bio_timeout() 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard cc3195e81f Fix misplaced #ifdef 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard 8620f73cdc Documentation tune-ups 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard bc2b771af4 Move ssl_set_ca_chain() to work on config 2015-05-11 12:33:26 +02:00
Nicholas Wilson d0fa5ccbb0 Typos and doc additions 2015-05-11 10:44:11 +01:00
Manuel Pégourié-Gonnard ba26c24769 Change how hostname is stored internally 2015-05-07 10:19:14 +01:00
Manuel Pégourié-Gonnard 2b49445876 Move session ticket keys to conf
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard e51bba05cf Make mfl_code a bitfield member 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 684b0592cb Move ssl_set_fallback() to work on conf
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 6bf89d6ad9 Move ssl_set_max_fragment_len to work on conf 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 17eab2b65c Move set_cbc_record_splitting() to conf 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard d36e33fc07 Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 419d5ae419 Make endpoint+transport args of config_defaults() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard def0bbe3ab Allocate ssl_config out of ssl_setup() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard cd523e2a5e Introduce mbedtls_ssl_config_{init,defaults,free}() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 7ca4e4dc79 Move things to conf substructure
A simple series of sed invocations.

This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard fa6473d79b Create structure ssl_config 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 5a74e8bf19 Make struct cipher_base_t opaque 2015-05-06 17:10:55 +01:00
Manuel Pégourié-Gonnard da61ed3346 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard e16b62c3a9 Make results of (ext)KeyUsage accessible 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard 770b5e1e9e Fix missing NULL check in MPI 2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard 1e2eae02cb Adapt pthread implementation to recent changes 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard eab147c4d0 Rename pkcs11_xxx_init() to bind() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard 69a69cc5ae memory_buffer_alloc_init() now returns void 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard 41d479e7df Split ssl_init() -> ssl_setup() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard 8d128efd48 Split mbedtls_ctr_drbg_init() -> seed() 2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard f9e9481bc5 Split mbedtls_hmac_drbg_init() -> seed{,_buf}() 2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard c34e8dd265 Split mbedtls_gcm_init() -> gcm_setkey() 2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard 6963ff0969 Split mbedtls_ccm_init() -> setkey() 2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard 8f5fd31212 Change mutex_init/free to return void 2015-04-24 14:42:34 +02:00
Manuel Pégourié-Gonnard 331ba5778a Fix some additional renaming issues 2015-04-20 12:33:57 +01:00
Manuel Pégourié-Gonnard e6028c93f5 Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard e75fa70b36 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Make results of (ext)KeyUsage accessible
  Use x509_crt_verify_info() in programs
  Add x509_crt_verify_info()

Conflicts:
	ChangeLog
	include/mbedtls/x509_crt.h
	include/polarssl/ssl.h
	include/polarssl/x509.h
	library/ssl_srv.c
	library/ssl_tls.c
	library/x509_crt.c
	programs/ssl/ssl_client1.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_mail_client.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
	tests/ssl-opt.sh
	tests/suites/test_suite_x509parse.function
2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard e6efa6f54e manually merge 9f98251 make extKeyUsage accessible 2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard b5f48ad82f manually merge 39a183a add x509_crt_verify_info() 2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard 9f98251e72 Make results of (ext)KeyUsage accessible 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard 39a183a629 Add x509_crt_verify_info() 2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard ab22910191 Just use stdint.h even with MSVC 2015-04-15 11:58:31 +02:00
Manuel Pégourié-Gonnard 862d503c01 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix typos in Changelog
  Fix macro name from wrong branch
  Fix bug in pk_parse_key()
  Fixed typos
  Updated Travis CI config for mbedtls project

Conflicts:
	include/mbedtls/ecp.h
	include/polarssl/compat-1.2.h
	include/polarssl/openssl.h
	include/polarssl/platform.h
	library/pkparse.c
	programs/pkey/mpi_demo.c
2015-04-15 11:30:46 +02:00
Manuel Pégourié-Gonnard a1e32415d5 Fix macro name from wrong branch 2015-04-15 11:21:24 +02:00
Paul Bakker 6152b0267c Fixed typos 2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard eed55a4d51 Changed values of PK and PKCS5 error codes 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard 975d5fa206 Remove option HAVE_LONGLONG 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard 7b53889f05 Remove support for HAVE_INT8 and HAVE_INT16 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard b31424c86a Make HAVE_IPV6 non-optional 2015-04-09 16:42:38 +02:00
Manuel Pégourié-Gonnard 23ce09b18f Deprecate HAVE_INT8 and HAVE_INT16 2015-04-09 14:51:51 +02:00
Manuel Pégourié-Gonnard a98af5e2b2 Deprecate using NET_C without HAVE_IPV6 2015-04-09 14:40:46 +02:00
Manuel Pégourié-Gonnard 8c3f0f4c16 Official deprecate compat-1.2.h and openssl.h 2015-04-09 14:10:26 +02:00
Manuel Pégourié-Gonnard a79efde184 Move a pair of macros to inline functions 2015-04-09 11:02:09 +02:00
Manuel Pégourié-Gonnard f2c8711088 Add compat-1.3.h for new names 2015-04-08 20:13:33 +02:00
Manuel Pégourié-Gonnard 2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard f5fc64997c Cosmetic change
Make one of the name listing scripts happier
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 8a89fcd13f Rm references to removed config options
POLARSSL_MEMORY_C POLARSSL_PBKDF2_C DISABLE_RENEGO
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 932e3934bd Fix typos & Co 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 62edcc8176 Document POLARSSL_CAMELLIA_SMALL_MEMORY 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard a82135c5cf Document POLARSSL_CAMELLIA_SMALL_MEMORY 2015-04-03 17:58:26 +02:00
Manuel Pégourié-Gonnard fbbbc933fc Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix ifdef issue
2015-04-02 14:17:42 +01:00
Manuel Pégourié-Gonnard 2a73a901d6 Fix ifdef issue 2015-04-02 14:16:45 +01:00
Manuel Pégourié-Gonnard 427b672551 Add XXX_PROCESS_ALT mecchanism 2015-03-31 18:32:50 +02:00
Manuel Pégourié-Gonnard 26c9f90cae Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Add missing depends in x509 programs
  Simplify ifdef checks in programs/x509
  Fix thread safety issue in RSA operations
  Add test certificate for bitstring in DN
  Add support for X.520 uniqueIdentifier
  Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard c89d6cf77c Make pk_info_t opaque 2015-03-31 14:43:19 +02:00
Manuel Pégourié-Gonnard 8c8be1ebbb Change default min TLS version to TLS 1.0 2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard d16df8f60a Cleanup unused bit in ssl
Became unused when removing deprecated ssl_set_own_cert_xxx() functions
2015-03-31 14:04:51 +02:00
Manuel Pégourié-Gonnard 348bcb3694 Make RSA_ALT support optionnal 2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard 8fce937a1a Simplify ecdsa_context 2015-03-31 13:06:41 +02:00
Manuel Pégourié-Gonnard 49ce6f0973 Fix constness of asn1_write_mpi() 2015-03-31 13:05:39 +02:00
Manuel Pégourié-Gonnard 5bf262d710 Doc fixes 2015-03-31 11:46:01 +02:00
Manuel Pégourié-Gonnard dfdcac9d51 Merge ecdsa_write_signature{,_det}() together 2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard 63e931902b Make a helpful constant public 2015-03-31 11:15:48 +02:00
Manuel Pégourié-Gonnard b8cfe3f0d9 pk_sign() now requires non-NONE md_alg for ECDSA 2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard fa44f20b9f Change authmode default to Required on client 2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard 1d0ca1a336 Move key_usage to more that 8 bits 2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard 1022fed36e Remove redundant sig_oid2 in x509 structures 2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard 9409e0cea2 Add support for X.520 uniqueIdentifier 2015-03-27 13:03:54 +01:00
Manuel Pégourié-Gonnard da1619d345 CERTS_C no longer depends on PEM_PARSE_C 2015-03-27 10:58:20 +01:00
Manuel Pégourié-Gonnard a958d69a70 Rename test_ca_list to test_cas_pem 2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard 2f165060f0 Start introducing test_cas NULL-terminated list 2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard 75f901006b Add len constants to certs.c 2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard eca510fac2 Rework documentation of MD layer
- avoid overuse of generic terms such as "initialize"
- spell out the succession of functions
2015-03-26 12:26:34 +01:00
Manuel Pégourié-Gonnard 147fa097e2 Reintroduce md_init_ctx compatibility wrapper 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard a77edade0c Clean up unneeded things 2015-03-25 21:55:56 +01:00