Commit graph

1163 commits

Author SHA1 Message Date
Andres Amaya Garcia 420f0ccdfd Make DLEXT var configurable in programs and tests makefiles 2018-03-27 19:17:21 +01:00
Kevin Luty d9d5c55438
Assign error return value for failed write 2018-03-22 09:59:16 -05:00
Kevin Luty 1e7059fedd
Adding requested changes 2018-03-21 10:01:38 -05:00
Hanno Becker ef52796537 Fix missing return statement ssl_server2 idling
Also, introduce MBEDTLS_EINTR locally in net_sockets.c
for the platform-dependent return code macro used by
the `select` call to indicate that the poll was interrupted
by a signal handler: On Unix, the corresponding macro is EINTR,
while on Windows, it's WSAEINTR.
2018-03-15 15:52:31 +00:00
Hanno Becker 9b2b66ebd2 Minor style corrections
Move function block brace outside conditional compilation
to not confuse some editors, and correct indentation.
2018-03-15 12:21:15 +00:00
Hanno Becker adfa64f0c4 Abort idle-loop in ssl_server2 if sockets gets invalid
Previously, the idling loop in ssl_server2 didn't check whether
the underlying call to mbedtls_net_poll signalled that the socket
became invalid. This had the consequence that during idling, the
server couldn't be terminated through a SIGTERM, as the corresponding
handler would only close the sockets and expect the remainder of
the program to shutdown gracefully as a consequence of this.
This was subsequently attempted to be fixed through a change
in ssl-opt.sh by terminating the server through a KILL signal,
which however lead to other problems when the latter was run
under valgrind.

This commit changes the idling loop in ssl_server2 and ssl_client2
to obey the return code of mbedtls_net_poll and gracefully shutdown
if an error occurs, e.g. because the socket was closed.

As a consequence, the server termination via a KILL signal in
ssl-opt.sh is no longer necessary, with the previous `kill; wait`
pattern being sufficient. The commit reverts the corresponding
change.
2018-03-15 11:43:41 +00:00
Hanno Becker b6f880b63b Revert whitespace change to ease merging 2018-03-13 12:48:50 +00:00
Hanno Becker ddc3ebbc3f Exemplify use of mbedtls_ssl_check_pending in ssl_server2.c 2018-03-13 11:48:32 +00:00
Brendan Shanks e61514d70d benchmark: Fix incompatibility with C89 compilers
Initializing arrays using non-constant expressions is not permitted in
C89, and was causing errors when compiling with Metrowerks CodeWarrior
(for classic MacOS) in C89 mode. Clang also produces a warning when
compiling with '-Wc99-extensions':

test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
                                         ^~~~~~~~~~
test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
                                         ^~~~~~~~~~

Declaring the arrays as 'static' makes them constant expressions.

fixes #1353
2018-03-08 17:41:40 -08:00
Manuel Pégourié-Gonnard 62e813ca62 Add aria to benchmark program 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen 3c0b53b2b0 ARIA build integration 2018-02-27 12:39:12 +01:00
Jaeden Amero bec9a9b57a Merge branch 'development' into development-restricted 2018-01-29 12:49:23 +00:00
Jaeden Amero 4d3e1582b0 Merge remote-tracking branch 'upstream-public/pr/1287' into development 2018-01-29 12:49:20 +00:00
Jaeden Amero 784de59ccd Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted
- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
2018-01-26 18:43:04 +00:00
Jaeden Amero 934fb55aa3 Merge remote-tracking branch 'upstream-public/pr/1036' into development 2018-01-26 15:12:43 +00:00
Jaeden Amero 005239e3ed Merge remote-tracking branch 'upstream-public/pr/1294' into development 2018-01-25 14:47:39 +00:00
Manuel Pégourié-Gonnard 4fa619fe56 Fix race condition in error printing in ssl_server2.c
The race goes this way:
1. ssl_recv() succeeds (ie no signal received yet)
2. processing the message leads to aborting handshake with ret != 0
3. reset ret if we were signaled
4. print error if ret is still non-zero
5. go back to net_accept() which can be interrupted by a signal
We print the error message only if the signal is received between steps 3 and
5, not when it arrives between steps 1 and 3.

This can cause failures in ssl-opt.sh where we check for the presence of "Last
error was..." in the server's output: if we perform step 2, the client will be
notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it
didn't get a chance to run and pass step 3 in the meantime, we're in trouble.

The purpose of step 3 was to avoid spurious "Last error" messages in the
output so that ssl-opt.sh can check for a successful run by the absence of
that message. However, it is enough to suppress that message when the last
error we get is the one we expect from being interrupted by a signal - doing
more could hide real errors.

Also, improve the messages printed when interrupted to make it easier to
distinguish the two cases - this could be used in a testing script wanted to
check that the server doesn't see the client as disconnecting unexpectedly.
2018-01-25 11:27:24 +01:00
Gilles Peskine cb1e5eb326 Merge branch 'pr_1000' into development-proposed 2018-01-23 00:57:34 +01:00
Gilles Peskine 550a2b036b Merge branch 'pr_1163' into development-proposed 2018-01-23 00:57:26 +01:00
Gilles Peskine 9e4f77c606 New MD API: rename functions from _ext to _ret
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Gilles Peskine ceb7b1209c Readme with a short description of each sample program 2018-01-18 23:27:47 +01:00
Hanno Becker d4d60579e4 Address issues found by coverity
1) `mbedtls_rsa_import_raw` used an uninitialized return
   value when it was called without any input parameters.
   While not sensible, this is allowed and should be a
   succeeding no-op.

2) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

3) Both the RSA keygeneration example program and the
   RSA test suites contained code initializing an RSA context
   after a potentially failing call to CTR DRBG initialization,
   leaving the corresponding RSA context free call in the
   cleanup section of the respective function orphaned.
   While this defect existed before, Coverity picked up on
   it again because of newly introduced MPI's that were
   also wrongly initialized only after the call to CTR DRBG
   init. The commit fixes both the old and the new issue
   by moving the initializtion of both the RSA context and
   all MPI's prior to the first potentially failing call.
2018-01-10 07:30:47 +00:00
Ron Eldor bb51cb3e14 remove additional zero byte when writing pub der
Remove `- 1` for setting location of output buffer,
which added a leading zero which cause failure in ASN1 parsing.
Fixes #1257
2018-01-07 18:10:43 +02:00
Hanno Becker 8bc74d6f2f Merge branch 'development' into iotssl-1619 2018-01-03 10:24:02 +00:00
Manuel Pégourié-Gonnard ae3925c774 Merge remote-tracking branch 'public/pr/1136' into development
* public/pr/1136:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:20 +01:00
Hanno Becker 32297e8314 Merge branch 'development' into iotssl-1619 2017-12-22 10:24:32 +00:00
Gilles Peskine ff79d27f5c selftest: allow excluding a subset of the tests
E.g. "selftest -x timing" runs all the self-tests except timing.
2017-12-20 21:57:48 +01:00
Gilles Peskine c82fbb4e14 selftest: allow running a subset of the tests
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:23:13 +01:00
Gilles Peskine 319ac801a8 selftest: refactor to separate the list of tests from the logic
No behavior change.
2017-12-20 20:19:27 +01:00
Hanno Becker a5e68979ca Resolve integer type conversion problem on MSVC
MSVC rightfully complained that there was some conversion from `size_t`
to `unsigned int` that could come with a loss of data. This commit
re-types the corresponding struct field `ctx_buffer::len` to `size_t`.
Also, the function `ctx_buffer_append` has an integer return value
which is supposed to be the (positive) length of the appended data
on success, and a check is inserted that the data to be appended does
not exceed MAX_INT in length.
2017-12-06 08:37:39 +00:00
Gilles Peskine d629411212 Merge branch 'pr_920' into development 2017-12-01 23:46:58 +01:00
Ron Eldor 0728d69d6d Change kB to KiB
Change the style of the units to KiB, according to
https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/
2017-11-29 12:08:35 +02:00
Gilles Peskine ea8d697fa2 Merge remote-tracking branch 'upstream-public/pr/1089' into development
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
2017-11-28 17:32:32 +01:00
Ron Eldor a0748019f1 Change KB to kB
Change KB to kB, as this is the proper way to write kilo bytes
2017-11-28 16:48:51 +02:00
Gilles Peskine 68306ed31f Merge remote-tracking branch 'upstream-public/pr/1094' into development 2017-11-23 20:02:46 +01:00
Chris Xue 9a51c032ee Fix copy paste error in the error message of mbedtls_ecp_gen_key in gen_key.c 2017-11-05 19:10:51 +00:00
Hanno Becker 77abef5cba Don't use busy-waiting in udp_proxy
Also, correct inconsistent use of unsigned integer types in udp_proxy.
2017-11-02 14:03:18 +00:00
Hanno Becker 0cc7774dab Only add pack option to UDP proxy if MBEDTLS_TIMING_C is enabled 2017-10-31 14:14:10 +00:00
Hanno Becker 92474da0a2 Use Mbed TLS timing module to obtain ellapsed time in udp_proxy 2017-10-31 14:14:08 +00:00
Hanno Becker 211f44c928 Rename merge option in UDP proxy to pack 2017-10-31 14:08:10 +00:00
Hanno Becker 197a91cd82 Clean up idle() function in ssl_client2 and ssl_server2 2017-10-31 13:07:38 +00:00
Hanno Becker df4180a235 Don't break debug messages 2017-10-27 15:04:14 +01:00
Gilles Peskine 8149321fed udp_proxy_wrapper.sh: fix cleanup not cleaning up
Fixed cleanup leaving the actual udp_proxy behind and only killing an
intermediate shell process.

Fixed trap handler cleaning up but then not dying.
2017-10-24 11:25:19 +01:00
Gilles Peskine afc4f892d1 udp_proxy_wrapper.sh: more robust
Don't mangle arguments containing spaces and other special characters,
pass them unchanged to the proxy or server as applicable.

More robust parsing of server parameters: don't hit on partial words;
use ssl_server2's default values.

Minor style improvements.
2017-10-24 10:05:55 +01:00
Hanno Becker a677cdd459 Detect IPv6 in udp_proxy_wrapper.sh grepping for server_addr=::1 2017-10-23 15:29:31 +01:00
Hanno Becker 22829e9860 Don't use sed -r in udp_proxy_wrapper.sh 2017-10-23 15:29:24 +01:00
Kevin Luty da44de60b1
Fix for returning correct error code 2017-10-13 13:18:28 -05:00
Hanno Becker 7f25f850ac Adapt uses of mbedtls_rsa_complete to removed PRNG argument 2017-10-10 16:56:22 +01:00
Hanno Becker 4cb1f4d49c Style corrections 2017-10-10 16:04:48 +01:00
Hanno Becker 16970d2912 Add support for event-driven IO in ssl_client2 and ssl_server2 2017-10-10 16:03:26 +01:00
Hanno Becker fbb0b701e4 Corrupt application data in the beginning instead of the end in UDP proxy
The UDP proxy corrupts application data at the end of the datagram. If
there are multiple DTLS records within the same datagram, this leads
to the wrong message being corrupted. This commit always corrupts the
beginning of the message to prevent this.

Overall, the UDP proxy needs reworking if it is supposed to reliably
support multiple records within a single datagram, because it
determines its actions from the type of the first record in the
current datagram only.
2017-10-10 16:02:36 +01:00
Hanno Becker 1dd62ea811 Add packing option to UDP proxy
This commit provides the new option pack=TIME for the udp proxy
./programs/test/udp_proxy. If used, udp packets with the same
destination will be queued and concatenated for up to TIME
milliseconds before being delivered.

This is useful to test how mbed TLS's deals with multiple DTLS records
within a single datagram.
2017-10-10 16:01:15 +01:00
Hanno Becker f65ca329b6 Introduce UDP proxy wrapper script
This commit introduces the script `programs/test/udp_proxy_wrapper.sh` which can
be used to wrap the SSL server binary `programs/ssl/ssl_server2` by the UDP
proxy application `programs/test/udp_proxy` while maintaining the same
interface from the command line.

Specifically, given UDP proxy arguments ARGS_UDP and SSL server arguments
ARGS_SSL, the command line

> ./udp_proxy_wrapper.sh ARGS_UDP -- ARGS_SSL

behaves like

> ./ssl_server2 ARGS_SSL

wrapped by

> ./udp_proxy ARGS_UDP

The motivation and benefit of this is that scripts like `ssl-opt.sh` can be used
with the server command line `P_SRV` modified to `./udp_proxy_wrapper.sh
ARGS_UDP -- DEFAULT_ARGS_SSL` which will result in all tests being executed for
an SSL server behind a UDP proxy.
2017-10-10 16:01:15 +01:00
Ron Eldor 71f68c4043 Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-06 11:59:13 +01:00
Xinyu Chen e1a94a6404 Correct the printf message of the DTLS handshake.
Make it consistent with dtls_server.c
2017-10-06 11:58:50 +01:00
Hanno Becker b953921a4e Adapt benchmark application to naming and binary format 2017-10-04 13:13:34 +01:00
Hanno Becker 17c3276a2e Improve output on bad cmd line args in programs/x509/cert_write 2017-10-03 14:56:04 +01:00
Ron Eldor 7da7cb399e Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-02 19:14:58 +01:00
Hanno Becker d4d856265e Don't use deprecated macro form of DHM moduli in benchmark program 2017-10-02 15:06:27 +01:00
Hanno Becker c6fc878eda Remove mbedtls_rsa_check_crt
This is no longer needed after the decision to not exhaustively validate private key material.
2017-10-02 13:20:15 +01:00
Xinyu Chen 00afe1c046 Correct the printf message of the DTLS handshake.
Make it consistent with dtls_server.c
2017-09-30 09:52:38 +01:00
Hanno Becker 7f3652ddf1 Fix error code printing in cert_write
Error codes can consume up to two bytes, but only one was printed so far.
2017-09-22 15:39:02 +01:00
Hanno Becker 38eff43791 Use X509 CRT version macros in cert_write program 2017-09-22 15:38:20 +01:00
Hanno Becker e1b1d0af8e Fix senseless comment 2017-09-22 15:35:16 +01:00
Hanno Becker e4ad3e8803 Allow requests of size larger than 16384 in ssl_client2 2017-09-18 16:11:42 +01:00
Hanno Becker 81535d0011 Minor style and typo corrections 2017-09-14 07:51:54 +01:00
Hanno Becker 6c13d37961 Extend cert_write example program by multiple cmd line options
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
2017-09-13 15:42:16 +01:00
Hanno Becker f073de0c25 Adapt rsa_genkey example program to use new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker 0c2639386e Adapt rsa_encrypt example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker d6ba5e3d8b Adapt rsa_sign example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker ccef18c2ff Adapt rsa_decrypt example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker 40371ec783 Adapt key_app_writer example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker 54ebf9971d Adapt key_app example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker 83aad1fa86 Adapt gen_key example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker c95fad3566 Adapt dh_server example program to new RSA interface 2017-08-23 16:17:27 +01:00
Manuel Pégourié-Gonnard b3c8307960 Adapt ssl_client2 to restartable EC 2017-08-09 11:44:53 +02:00
Peter Huewe 38fc3a0548 Remove duplicated defintion of PRINT_ERROR
The PRINT_ERROR macros are already defined exactly the same in line
101ff, so we can remove them here.
2017-07-29 02:01:22 +02:00
Hanno Becker 840bace417 Correct comment 2017-07-28 22:28:08 +01:00
Hanno Becker ce37e6269e Reliably zeroize sensitive data in AES sample application
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Hanno Becker f601ec5f34 Reliably zeroize sensitive data in Crypt-and-Hash sample application
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Ron Eldor 2a47be5012 Minor: Fix typos in program comments
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-27 21:44:33 +01:00
Ron Eldor 53c2e47a1b Minor: Fix typos in program comments
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-27 15:08:01 +01:00
Ron Eldor ee5a0ca3bb Minor: Fix typos in program comments
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-19 23:33:24 +02:00
Martijn de Milliano b194a283a9 dh_server: Fixed expected number of bytes received from client when receiving public value. 2017-07-06 23:55:59 +02:00
Andres Amaya Garcia 276ebb650e Add stdlib.h include to hello.c sample 2017-07-03 11:16:57 +01:00
Andres Amaya Garcia 1ff60f437f Change examples to use the new MD API and check ret code 2017-06-28 13:26:36 +01:00
Hanno Becker 8651a43e95 Remove %zu format string from ssl_client2 and ssl_server2 2017-06-09 16:13:22 +01:00
Manuel Pégourié-Gonnard c44c3c288d Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development
* janos/iotssl-1156-ecdsa-sample-and-doc-clarification:
  Clarify the use of ECDSA API
2017-06-08 10:16:54 +02:00
Hanno Becker e6706e62d8 Add tests for missing CA chains and bad curves.
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:26:59 +01:00
Gilles Peskine 682df09159 Allow SHA-1 in server tests, when the signature_algorithm extension is not used 2017-06-06 18:44:14 +02:00
Gilles Peskine bc70a1836b Test that SHA-1 defaults off
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 18:44:14 +02:00
Gilles Peskine cd3c845157 Allow SHA-1 in SSL renegotiation tests
In the TLS test client, allow SHA-1 as a signature hash algorithm.
Without this, the renegotation tests failed.

A previous commit had allowed SHA-1 via the certificate profile but
that only applied before the initial negotiation which includes the
signature_algorithms extension.
2017-06-06 18:44:13 +02:00
Gilles Peskine ef86ab238f Allow SHA-1 in X.509 and TLS tests
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 18:44:13 +02:00
Janos Follath 4817e27d4d Add the CA list suppression option to ssl_server2
Adding the CA suppression list option to the 'ssl_server2' sample
program is a prerequisite for adding tests for this feature to the
integration test suite (ssl-opt.sh).
2017-05-16 10:22:37 +01:00
Ron Eldor 46cf773f2f Fix wrong output in the benchmark application
The benchmark application prints the performance in Kb/s,
While it actually calculates KB/s.
Resolves issue #850
2017-05-14 15:55:06 +03:00
Janos Follath 0a5154b8a1 Clarify the use of ECDSA API
In the ecdsa.c sample application we don't use hashing, we use ecdsa
directly on a buffer containing plain text. Although the text explains
that it should be the message hash it still can be confusing.

Any misunderstandings here are potentially very dangerous, because ECDSA
truncates the message hash if necessary and this can lead to trivial
signature forgeries if the API is misused and the message is passed
directly to the function without hashing.

This commit adds a hash computation step to the ecdsa.c sample
application and clarification to the doxygen documentation of the
ECDSA functions involved.
2017-03-10 11:31:41 +00:00
Andres AG 0b736db0f3 Remove use of inttypes.h in MSVC from ssl_server2
The sample application programs/ssl/ssl_server2.c was previously
modifies to use inttypes.h to parse a string to a 64-bit integer.
However, MSVC does not support C99, so compilation fails. This
patch modifies the sample app to use the MSVC specific parsing
functions instead of inttypes.h.
2017-03-01 23:24:35 +00:00
Ron Eldor dbe8316e23 fix for issue 1101: missing rsa context initialization
added mbedtls_rsa_init in rsa_decrypt sample application
2017-03-01 07:56:40 +00:00
Paul Bakker 2382816a84 Fix default hostname for verification used in ssl_client1 2017-02-28 22:23:41 +00:00
Ron Eldor 0049f7857d check matching issuer crt and key for all algs
use mbedtls_pk_check_pair to verify if issuer certificate and issuer key match,
instad of explicitely comparing RSA public component.
Raised and fix suggested by dbedev in #777
2017-02-07 19:14:58 +02:00
Andres AG cef21e4cd9 Fix examples that failed to compile without PEM 2017-02-04 22:59:46 +00:00
Andres AG 692ad84e5c Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-01-19 16:30:57 +00:00
Simon Butcher c58d7b4074 Merge fix for X.509 compatibility issues 2016-10-13 15:54:03 +01:00
Simon Butcher e19acd5e79 Add extra compilation conditions to X.509 samples
The sample applications programs/pkey/cert_req.c and
programs/pkey/cert_write.c use the library functions
mbedtls_pk_write_csr_pem() and mbedtls_pk_write_crt_pem() respectively which
are dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option
isn't defined the build breaks.

This change adds the compilation condition MBEDTLS_PEM_WRITE_C to these
sample application.
2016-10-13 13:52:00 +01:00
Simon Butcher 41dba28a2a Add extra compilation conditions to gen_key.c #559
The sample application programs/pkey/gen_key.c uses the library function
mbedtls_pk_write_key_pem() which is dependent on the configuration option
MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks.

This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c
sample application.
2016-10-13 13:51:13 +01:00
Andres AG 8254b6c9f3 Clean up of formatting, and potential integer overflow fix 2016-10-13 13:51:13 +01:00
Simon Butcher ea680197f8 Minor fixes to formatting and compilation conditions 2016-10-13 13:51:12 +01:00
Simon Butcher 32bb5af7e1 Add CMAC functions to the benchmark sample application 2016-10-13 13:51:11 +01:00
Brian Murray 7b07e0e4b4 Fix build failure for thread config 2016-10-13 13:51:11 +01:00
Brian Murray 86ff986884 selftest supports cmac if only MBEDTLS_DES_C is defined
Other minor typo fixes
2016-10-13 13:51:10 +01:00
Robert Cragie 45feb6ef20 Add support for AES-128-CMAC and AES-CMAC-PRF-128 2016-10-13 13:51:07 +01:00
Andres AG 3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Paul Bakker 2d6599284f Do not add empty cert / key in cert_app 2016-10-13 13:46:04 +01:00
Paul Bakker e9bdaa251f Actually apply debug_level settings in cert_app 2016-10-13 13:46:04 +01:00
Janos Follath 9fe6f92561 Add SHA1 guards in dh_client.c and dh_server.c
The build breaked for configurations not having MBEDTLS_SHA1_C.
2016-10-07 14:17:56 +01:00
Simon Butcher 604d399a5c Add extra compilation conditions to gen_key.c #559
The sample application programs/pkey/gen_key.c uses the library function
mbedtls_pk_write_key_pem() which is dependent on the configuration option
MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks.

This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c
sample application.
2016-10-07 08:48:47 +01:00
Andres AG a592dcc1c6 Clean up of formatting, and potential integer overflow fix 2016-10-06 15:23:39 +01:00
Simon Butcher b981b16379 Minor fixes to formatting and compilation conditions 2016-10-06 12:51:24 +01:00
Simon Butcher 549dc3d75e Add CMAC functions to the benchmark sample application 2016-10-05 14:19:18 +01:00
Brian Murray 8b4111c516 Fix build failure for thread config 2016-10-05 14:19:17 +01:00
Brian Murray 57863ad7ed selftest supports cmac if only MBEDTLS_DES_C is defined
Other minor typo fixes
2016-10-05 14:19:16 +01:00
Robert Cragie dc5c7b98ac Add support for AES-128-CMAC and AES-CMAC-PRF-128 2016-10-05 14:19:13 +01:00
Andres AG 788aa4a812 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Paul Bakker 5e8c62f53d Do not add empty cert / key in cert_app 2016-09-26 20:30:13 +01:00
Paul Bakker f2b92bb25b Actually apply debug_level settings in cert_app 2016-09-26 20:30:13 +01:00
Paul Bakker 243f48e1e2 Fix for #441 - crypt and hash gcm (#546)
* Fix crypt_and_hash to support decrypting GCM encrypted files

* Fix documentation in crypt_and_hash for the generic case

* Remove unused lastn from crypt_and_hash

lastn is not used with the cipher layer as it already provides padding
and understanding of length of the original data.
2016-09-02 23:44:09 +03:00
Andres AG e7723ec284 Make entropy bias self test poll multiple times
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG b34e42e69e Add a new self test to entropy module
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:

- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
  at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Simon Butcher 0e7d38739f Fix warning on implicit casting in aescrypt.c (#584) 2016-08-30 14:25:24 +01:00
Paul Bakker 70940caeeb Allow compilation without MBEDTLS_SELF_TEST enabled 2016-08-25 15:42:28 +01:00
Simon Butcher 4982e527c6 Adds stdlib.h header to dh_genprime sample app
Use of the atoi() function requires stdlib.h to be included when
MBEDTLS_PLATFORM_C is not defined.
2016-08-24 20:24:21 +03:00
Simon Butcher cdb3ad03ed Remove redundant definitions of exit codes
In the ssl/mini_client.c sample application the exit codes were redundantly
being redefined, causing compiler warnings.
2016-08-24 20:24:20 +03:00
Simon Butcher b5b6af2663 Puts platform time abstraction into its own header
Separates platform time abstraction into it's own header from the
general platform abstraction as both depend on different build options.
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
2016-07-13 14:46:18 +01:00
Simon Butcher ab069c6b46 Merge branch 'development' into development-restricted 2016-06-23 21:42:26 +01:00
Simon Butcher b6a73c9b76 Add provision to create the entropy seedfile for selftest sample
In the selftest sample application, if no seedfile is present, one will be
created so the test can execute.
2016-06-23 11:46:41 +01:00
Janos Follath 15ab7ed0f3 Merge branch 'development' into development-restricted
Conflicts:
	programs/pkey/rsa_decrypt.c
	programs/pkey/rsa_encrypt.c
	programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Janos Follath 352dbe2334 Make error messages in crypt_and_hash better. 2016-06-09 13:41:28 +01:00
Janos Follath 98e28a74e3 Address user reported coverity issues. 2016-06-09 13:41:28 +01:00
Janos Follath 8eb64132da Address issues find by manual coverity scan. 2016-06-09 13:41:28 +01:00
Janos Follath 04b591ee79 Merge branch 'development' for weekly test report. 2016-05-31 10:18:41 +01:00
-~- redtangent ~-~ 9fa2e86d93 Add missing mbedtls_time_t definitions (#493)
Add missing mbedtls_time_t definitions to sample applications and the error.c
generation script.

Fixes #490.
2016-05-26 10:07:49 +01:00
Paul Bakker 440ce420bd Put clang analyzer fix inside __clang_analyzer__ guard 2016-05-23 14:29:31 +01:00
Nicholas Wilson e735303026 Shut up a few clang-analyze warnings about use of uninitialized variables
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-05-23 14:29:28 +01:00
Simon Butcher 94bafdf834 Merge branch 'development' 2016-05-18 18:40:46 +01:00
Simon Butcher db0feca55c Fixes platform time_t abstraction
Fixes platform abstraction in error.c and the file that it's generated
from as well as DTLS samples.
2016-05-17 00:03:14 +01:00
Simon Butcher c21bec8af4 Merge branch 'development' 2016-05-16 16:15:20 +01:00
Paul Bakker d1fe7aabc9 Put clang analyzer fix inside __clang_analyzer__ guard 2016-05-12 12:46:02 +01:00
Paul Bakker f4743a6f5e Merge pull request #457 from NWilson/clang-analyze-fixes
Clang analyze fixes
2016-05-11 20:20:42 +02:00
Janos Follath 98c2b0ea7d Improves and makes pretty the ssl_fork_server output 2016-05-03 15:43:42 +01:00
Janos Follath e609a08c2f Fix issue #429 in ssl_fork_server.c 2016-05-03 15:43:31 +01:00
Janos Follath 582a461a49 Improves and makes pretty the ssl_fork_server output 2016-04-29 00:12:35 +01:00
Janos Follath fe049db8ef Fix issue #429 in ssl_fork_server.c 2016-04-29 00:12:19 +01:00
Simon Butcher e4a46f696f Merge branch 'development' 2016-04-27 18:44:37 +01:00
Simon Butcher b2d5dd105d Fixes X509 sample app and SSL test suite
Fixes the X.509 cert_app and the SSL test suite for the non-default
configs which don't build with if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 13:35:37 +01:00
Simon Butcher d3138c35c6 Fixes SSL sample apps for non-default configs
Fixes the SSL sample applications to build for the non-default configs
which don't build if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 01:26:50 +01:00
SimonB d5800b7761 Abstracts away time()/stdlib.h into platform
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
Janos Follath 0c539447c1 Fixes no return value warning in selftest.c 2016-04-18 09:59:16 +01:00
Simon Butcher 1ef918ddca Add missing stdlib.h header to rsa sample programs 2016-04-13 11:56:27 +01:00
Nicholas Wilson 409401c044 Shut up a few clang-analyze warnings about use of uninitialized variables
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-04-13 11:56:22 +01:00
Simon Butcher 6b46c62d77 Fixes error and exit paths in rsa sample programs 2016-04-12 13:25:08 +01:00
Janos Follath f713b0a6ce Fix memory leaks in example programs. 2016-04-11 23:32:39 +01:00
Simon Butcher cd0ee5e499 Fixes following review of 'iotssl-682-selftest-ci-break' 2016-03-21 22:54:37 +00:00
Janos Follath 2e3aca2c9e Fix test break in 'test-ref-configs.pl' 2016-03-18 16:25:52 +00:00
Simon Butcher f1547632dc Fixes to style following review
Made code spacing consistent with guidelines, and corrected the misnamed test
steps in basic-build-test.sh
2016-03-14 23:12:32 +00:00
SimonB 5a8afb848a Fix exit code and add a count of the test suites
Now counts and displays the number of test suites executed, which can vary
depending on build configurations.
All tests are now executed as this is a sample and test program, rather than
exit on first failure.
Exit code now restricted to SUCCESS or FAILURE.
2016-03-14 23:12:29 +00:00
Manuel Pégourié-Gonnard 90ab4a45b5 Fix Unix detection in mini_client
fixes #398
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard 644c2e0fdb Add new program to gitignore 2015-11-02 06:34:29 +09:00
Manuel Pégourié-Gonnard 1c6f19aa47 Merge pull request #317 from Inikup/fix-issue-315
cert_write : fix "Destination buffer is too small" error
2015-11-02 05:52:26 +09:00
Manuel Pégourié-Gonnard 54eeecfff3 Merge pull request #316 from Inikup/help-key_cert_sign-fix
Fix help message for cert_req/cert_write programs
2015-10-30 14:50:42 +01:00
Simon Butcher 204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
Manuel Pégourié-Gonnard fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Jonathan Leroy bbc75d9791
cert_write : fix "Destination buffer is too small" error
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.

I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...

Fixes #315.
2015-10-10 21:58:07 +02:00
Jonathan Leroy 81962c36e3
Fix help message for cert_req/cert_write programs
In cert_req and cert_write programs, "key_certificate_sign" is not an
allowed velue for "key_usage" parameter. The correct value is
"key_cert_sign".

See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208
and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323.
2015-10-10 21:42:29 +02:00
Manuel Pégourié-Gonnard 3eb8c34e6a Add example program for Curve25519
Getting a lot of questions about how to use it. This will hopefully get people
started.
2015-10-09 12:13:29 +01:00
Manuel Pégourié-Gonnard 262c137d8c Merge pull request #311 from jcowgill/spelling-fix
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-09 09:38:52 +01:00
James Cowgill 07a92d720a Fix minor spelling mistake in programs/pkey/gen_key.c 2015-10-09 00:28:14 +01:00
Manuel Pégourié-Gonnard 70905a7855 Add ecjpake_pw option to ssl_client2/server2 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard 2ed05a049a Fix typos 2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard 22311ae62e Improve help message of ssl_*2.c 2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard 3f09b6d4c2 Fix API 2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard dbd23079d0 Add option reconnect_hard to ssl_client2
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
  this port.

Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Simon Butcher ed51594337 Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len()
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard cf9ab63863 Fix error reporting in pkey/pk_* programs 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard ce7a08ba49 Fix more comments/outputs in verify programs 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard 102a620c9a Fix hash buffer size in pkey programs 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard d224ff1f63 Change default RSA key size in rsa_genkey 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard 1d8f2da7df Fix comments about filenames in some programs 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard d74c697035 Fix memory corruption in rsa sign/verify programs
We have no guarantee there is enough room in the argv strings.

Fixes #210
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard ea35666f50 Fix -Wshadow warnings
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).

fixes #240
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard fa1304a51d Use Unix line endings in wince_main.c too
The compiler needs to accept Unix line endings anyway, as this is what we use
everywhere, and it makes things more consistent.
2015-08-06 19:03:31 +02:00
Manuel Pégourié-Gonnard d73896581b Fix typos (found by Francesco Pompò)
Manually merging as the pull requests are based on an old branch.

closes #215
closes #216
2015-08-06 18:22:26 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard 4f3368e31e Fix bug in benchmark.c with DHM params 2015-07-19 15:01:28 +02:00
Manuel Pégourié-Gonnard 78ec2b049c Cosmetics in Makefiles 2015-07-08 22:12:06 +01:00
Manuel Pégourié-Gonnard a6dbddce0c Fix benchmark.c for removal of small DH params 2015-07-06 11:20:33 +02:00
Manuel Pégourié-Gonnard 77c656217b Update dh_genprime program
- default size 2048 bits
- make size a command-line argument
- remove warning about using own params
2015-07-03 16:57:52 +02:00
Manuel Pégourié-Gonnard 6755717f18 Fix stupid typo in ssl_server2.c 2015-07-02 11:15:48 +02:00
Manuel Pégourié-Gonnard 046589e424 Rm obsolete defines for snprintf in programs
Now centralized in the platform layer
2015-07-01 17:26:20 +02:00
Manuel Pégourié-Gonnard 9de64f5af1 Fix MSVC warnings in library and programs 2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard 052f28853b Cosmetics in debug in ssl_{client,server}2.c
Print only the basename from the file, and print level too.
2015-07-01 12:01:13 +02:00
Manuel Pégourié-Gonnard abc729e664 Simplify net_accept() with UDP sockets
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard 3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free()
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard 5db64328ab Adapt programs to the new NET API 2015-06-30 16:48:17 +02:00
Manuel Pégourié-Gonnard a7c8903ca6 Add missing programs to Makefile 2015-06-29 19:14:04 +02:00
Manuel Pégourié-Gonnard 1c5b9fc19f Avoid truncating peer cert info in ssl_server2 2015-06-27 14:38:51 +02:00
Manuel Pégourié-Gonnard fc36708697 Use $(MAKE), not make
For the sake of systems where we want gmake.
2015-06-26 16:50:24 +02:00
Manuel Pégourié-Gonnard 633c6b6485 Run timing selftest on all platforms
Used to fail on our FreeBSD and Windows buildbots. Seems to be working at
least on my Darwin physical machine and on my Windows VM with MSYS2 now.
2015-06-26 16:17:30 +02:00
Manuel Pégourié-Gonnard 4b00f08e20 Fix snprintf test
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard ea9556a76e Fix mistaken changes in Makefile's clean target
I was a bit too trigger-happy with copy-pasting in a previous commit...
2015-06-25 14:19:25 +02:00
Manuel Pégourié-Gonnard 216a1831de Fix whitespace in CMakeLists.txt
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 21e1ac205e Fix linking order with make
GNU ld cares about the order in which static libs are mentioned on the command
line: if A depends on B then A must com first.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 5c59a4fea5 Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard 8d4a613cc5 Small Makefile improvements
- fix old build commands still using OFLAGS
- make everything work with --warn-undefined-variables, which can be useful
  for debugging typos
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard 61ee351af4 Adapt programs to the new debug API 2015-06-23 23:30:16 +02:00
Manuel Pégourié-Gonnard c0d749418b Make 'port' a string in NET module
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 6ea831dcf4 Add tests for mbedtls_set_hs_ca_chain() 2015-06-22 17:30:18 +02:00
Manuel Pégourié-Gonnard 4d6f178376 Add support for SNI CA and authmode in ssl_server2 2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 7b6dcbe993 Add tests for snprintf
- Added in each tests program to be sure they are run (putting them in a test
  suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
  past [1], so make sure to catch that if it ever happens again.

[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 7580ba475d Add a concept of entropy source strength.
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard 797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard 898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard b31c5f68b1 Add SSL presets.
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard 9096682352 Add dhmlen option in ssl_client2.c 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard bf27eaac79 Fix help string in ssl_client2.c 2015-06-12 11:22:02 +02:00
Manuel Pégourié-Gonnard ba56136b5c Avoid in-out length in base64 2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard 3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard d14acbc31a Test assumptions we make about the platform
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard 06d5d61302 Adapt programs to generic md_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard b327168e22 Remove non-generic md_file() programs 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard b2a18a2a98 Remove references to malloc in strings/names 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard 7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard 56273daea0 Move some includes to ssl_internal.h
Also removed one from ssl.h and add it in programs where it belongs
2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard a0adc1bbe4 Make cipher used in ssl tickets configurable 2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard b596abfdc0 Refine cli/srv ifdefs for session tickets
- Only the server needs to generate/parse tickets
- Only the client needs to store them

Also adjust prototype of ssl_conf_session_tickets() while at it.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard d59675d92c Move to callback for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 53ebe138c6 Fix copyright lines still mentioning Brainspark 2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard 0b104b056b Adapt prototype of net_accept() for explicit size 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d9e6a3ac10 Rename pk_init_ctx() -> pk_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d4f04dba42 net.c now depends on select() unconditionally 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard a63bc94a2d Remove timing_m_sleep() -> net_usleep() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 151dc77732 Fix some old names that remained
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 8473f87984 Rename cipher_init_ctx() to cipher_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 66dc5555f0 mbedtls_ssl_conf_arc4_support() depends on ARC4_C 2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard d2377e7e78 ssl_client/server2 shouln't depend on timing.c
Would break test-ref-configs.pl.
2015-05-13 13:58:56 +02:00