Commit graph

4285 commits

Author SHA1 Message Date
Simon Butcher e3132a9e5a Corrected misleading fn description in ssl_cache.h
Mistake in comments spotted by Andris Mednis
2015-10-19 19:28:41 +01:00
Manuel Pégourié-Gonnard 5674a9797a Fix compilers warnings in reduced configs 2015-10-19 15:14:03 +02:00
Manuel Pégourié-Gonnard 9f52cac4bc Rename config-ecjpake to thread and minify it
- in the future thread might need more than just EC J-PAKE
- use the same format as the other mini configurations (no doxygen doc, only
  showing what is enabled)
2015-10-19 14:06:07 +02:00
Manuel Pégourié-Gonnard 024b6df3b1 Improve key export API and documentation
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths

Also fix some trailing whitespace while at it
2015-10-19 13:52:53 +02:00
Manuel Pégourié-Gonnard b7da194939 ecjpake: fix uninitialize member 2015-10-19 13:35:22 +02:00
Simon Butcher 334a87be0b Corrected URL/reference to MPI library 2015-10-14 22:56:44 +01:00
Jonathan Leroy 00ee6eee54
Test certificate "Server1 SHA1, key_usage" reissued. 2015-10-14 13:15:22 +02:00
Jonathan Leroy 87c96c2e53
Fix boolean values according to DER specs
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.

This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.

With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).

Fixes #318.
2015-10-14 09:41:56 +02:00
Janos Follath 5dd4fe1b30 Fixed pathlen contraint enforcement. 2015-10-12 09:02:20 +02:00
Janos Follath ef4f2588f3 Additional corner cases for testing pathlen constrains. Just in case. 2015-10-11 16:17:27 +02:00
Janos Follath 822b2c33b9 Added test case for pathlen constrains in intermediate certificates 2015-10-11 10:39:15 +02:00
Jonathan Leroy bbc75d9791
cert_write : fix "Destination buffer is too small" error
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.

I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...

Fixes #315.
2015-10-10 21:58:07 +02:00
Jonathan Leroy 81962c36e3
Fix help message for cert_req/cert_write programs
In cert_req and cert_write programs, "key_certificate_sign" is not an
allowed velue for "key_usage" parameter. The correct value is
"key_cert_sign".

See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208
and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323.
2015-10-10 21:42:29 +02:00
Manuel Pégourié-Gonnard d97f899f99 Merge pull request #313 from bogdanm/development
Fix yotta dependencies
2015-10-09 15:27:36 +01:00
Bogdan Marinescu 63666ef1b7 Fix yotta dependencies
Recent changes in various repositories broke the build of the yotta
module again :( This change fixes the build. Build tested with
frdm-k64f-gcc. I didn't update the yotta version number because I
don't know what is your policy with regards to version changes.
2015-10-09 17:07:00 +03:00
Manuel Pégourié-Gonnard 4104864e54 ECHDE-PSK does not use a certificate
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard adeb7d8ec9 Move all KEY_EXCHANGE__ definitions in one place 2015-10-09 14:44:47 +01:00
Manuel Pégourié-Gonnard 3eb8c34e6a Add example program for Curve25519
Getting a lot of questions about how to use it. This will hopefully get people
started.
2015-10-09 12:13:29 +01:00
Manuel Pégourié-Gonnard 262c137d8c Merge pull request #311 from jcowgill/spelling-fix
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-09 09:38:52 +01:00
James Cowgill 07a92d720a Fix minor spelling mistake in programs/pkey/gen_key.c 2015-10-09 00:28:14 +01:00
Robert Cragie dd0e9a8456 Minimal config file for ECJPAKE 2015-10-08 17:24:08 +01:00
Robert Cragie 4d284d271b Added feature MBEDTLS_SSL_EXPORT_KEYS 2015-10-08 16:56:26 +01:00
Robert Cragie 4289c0d1fa Typo in parameter name 2015-10-06 17:20:41 +01:00
Robert Cragie ae8535db38 Changed defs. back to MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 2015-10-06 17:11:18 +01:00
Manuel Pégourié-Gonnard c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard ca056c7748 Fix CVE number in ChangeLog 2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard c80a74f734 Merge branch 'development' into development-restricted
* development:
  Add 'inline' workaround where needed
2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard 2ac9c60838 Add 'inline' workaround where needed
Was previously using the workaround from md.h
2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard a97ab2c8a6 Merge branch 'development' into development-restricted
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher 9c6762621d Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls into development 2015-10-05 15:45:53 +01:00
Simon Butcher 7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard 2d7083435d Fix references to non-standard SIZE_T_MAX
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard 86ff4874a4 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix yotta version dependencies again
2015-10-05 14:59:40 +01:00
Manuel Pégourié-Gonnard 0ccd4537bd Fix yotta version dependencies again 2015-10-05 14:50:41 +01:00
Manuel Pégourié-Gonnard 899ac849d0 Merge branch 'development' into development-restricted
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard 2347bdd7b5 Upgrade yotta dependency versions 2015-10-05 14:39:01 +01:00
Simon Butcher 5ae7984dc2 Merge pull request #306 from ARMmbed/gh-288-missing-warning
Add missing warning in doc
2015-10-05 13:51:10 +01:00
Simon Butcher 281bd6d98e Merge pull request #307 from ARMmbed/gh-278-musl-socklen
Fix compile error in net.c with musl libc
2015-10-05 13:49:26 +01:00
Manuel Pégourié-Gonnard 0431735299 Fix compile error in net.c with musl libc
fixes #278
2015-10-05 12:17:49 +01:00
Manuel Pégourié-Gonnard cb6af00e2a Add missing warning in doc
Found by Nicholas Wilson

fixes #288
2015-10-05 12:12:39 +01:00
Simon Butcher 475cf0a98a Merge fix of IOTSSL-496 - Potential heap overflow
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard 5a2e389811 Remove inline workaround when not useful
This header doesn't have nay inline function any more
2015-10-05 11:55:39 +01:00
Manuel Pégourié-Gonnard 0223ab9d38 Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher fec73a8eec Merge of fix for IOTSSL-481 - Double free
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher c48b66bfb6 Changed attribution for Guido Vranken 2015-10-05 10:18:17 +01:00
Simon Butcher 6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Simon Butcher a45aa1399b Merge of IOTSSL-476 - Random malloc in pem_read() 2015-10-05 00:26:36 +01:00
Simon Butcher e7f96f22ee Merge fix IOTSSL-475 Potential buffer overflow
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
Simon Butcher d5ba4672b2 Merge fix for IOTSSL-474 PKCS12 Overflow
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
Simon Butcher 5b8d1d65f7 Fix for IOTSSL-473 Double free error
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00