yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 22:01:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
5114 commits 88 branches 205 tags 69 MiB
Commit graph

1600 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 4104864e54 ECHDE-PSK does not use a certificate 
fixes #270
 2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard adeb7d8ec9 Move all KEY_EXCHANGE__ definitions in one place 2015-10-09 14:44:47 +01:00
Robert Cragie 4289c0d1fa Typo in parameter name 2015-10-06 17:20:41 +01:00
Manuel Pégourié-Gonnard c4e7d8a381 Bump version to 2.1.2 
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
 2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard c80a74f734 Merge branch 'development' into development-restricted 
* development:
  Add 'inline' workaround where needed
 2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard 2ac9c60838 Add 'inline' workaround where needed 
Was previously using the workaround from md.h
 2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard a97ab2c8a6 Merge branch 'development' into development-restricted 
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
 2015-10-05 15:48:09 +01:00
Simon Butcher 7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard 2d7083435d Fix references to non-standard SIZE_T_MAX 
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
 2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard 899ac849d0 Merge branch 'development' into development-restricted 
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
 2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard cb6af00e2a Add missing warning in doc 
Found by Nicholas Wilson

fixes #288
 2015-10-05 12:12:39 +01:00
Manuel Pégourié-Gonnard 5a2e389811 Remove inline workaround when not useful 
This header doesn't have nay inline function any more
 2015-10-05 11:55:39 +01:00
Manuel Pégourié-Gonnard 0223ab9d38 Fix macroization of inline in C++ 
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
 2015-10-05 11:41:36 +01:00
Simon Butcher 6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Robert Cragie 4feb7ae8c2 Added key export API 2015-10-02 13:33:37 +01:00
Robert Cragie 7cdad7708e Add point format handling 2015-10-02 13:31:41 +01:00
Manuel Pégourié-Gonnard ef388f168d Merge branch 'development' into development-restricted 
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
 2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard 0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher 9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Simon Butcher 89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras 588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard 77c0646ef2 Add cache for EC J-PAKE client extension 
Not used yet, just add the variables and cleanup code.
 2015-09-17 13:59:49 +02:00
Manuel Pégourié-Gonnard 8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard 75df902740 Add warning on config options 
Note to self: actually disable before merging that branch!
 2015-09-16 23:21:01 +02:00
Manuel Pégourié-Gonnard bf57be690e Add server extension parsing 
Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag
for both), and ignore extension if we have no password.
 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard eef142d753 Depend on ECJPAKE key exchange, not module 
This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.

Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.)
 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard 538cb7b0b4 Add the ECJPAKE ciphersuite 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard 557535d8c4 Add ECJPAKE key exchange 2015-09-16 22:58:29 +02:00
Simon Butcher 5793e7ef01 Merge 'development' into iotssl-411-port-reuse 
Conflicts:
	ChangeLog
 2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard 294139b57a Add client extension writing 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard b813accf84 Add mbedtls_ecjpake_check(), tells if set up 
This will be used in SSL to avoid the computation-heavy processing of EC
J-PAKE hello extensions in case we don't have an EC J-PAKE password
 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard 7002f4a560 Add mbedtls_ssl_set_hs_ecjpake_password() 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard 76cfd3f97f Add EC J-PAKE context in handshake structure 2015-09-15 18:24:08 +02:00
Manuel Pégourié-Gonnard f472179d44 Adjust dependencies for EC extensions 
The Thread spec says we need those for EC J-PAKE too.
However, we won't be using the information, so we can skip the parsing
functions in an EC J-PAKE only config; keep the writing functions in order to
comply with the spec.
 2015-09-15 18:22:00 +02:00
Simon Butcher 1a57af1607 Update ssl.h 
Typo
 2015-09-11 17:14:16 +01:00
Simon Butcher 4f6882a8a3 Update config.h 
Typo in RFC x-ref comment.
 2015-09-11 17:12:46 +01:00
Manuel Pégourié-Gonnard ddfe5d20d1 Tune dependencies 
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
 2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard 62c74bb78a Stop wasting resources 
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
 2015-09-09 11:22:52 +02:00
Nicholas Wilson 2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile 
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
 2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard 222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard 3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard 26d227ddfc Add config flag for support of client port reuse 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 55f3d84faa fixup-include 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard f7368c983a Polish API and documentation 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard e1927101fb Unify round two 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard d8204a7bea Provide symmetric API for the first round 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard ce4567614b Rename variable to prepare for cli/srv unification 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 6b798b9dae Tune up some comments 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard e0ad57b0b3 Replace explicit IDs with table look-ups 
That's a first step towards merging symmetric version of different functions
 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 5f18829609 Add derive_pms, completing first working version 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 6449391852 Store our role in the context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 614bd5e919 Add write_client_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard ec0eece2ba Add read_client_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard cb7cd03412 Add first draft or read_server_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 23dcbe3f16 Add support for passphrase in the context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 4e8bc78ad9 Add context-using functions for Hello extensions 
Also re-order functions in the header so that they appear in the order they're
use, ie free() last.
 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 7af8bc1007 Start introducing mbedtls_ecjpake_context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 6029a85572 Add ecjpake_zpk_read() 
Not really tested yet
 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard d9a3f47ecd Add mbedtls_ecp_gen_keypair_base() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard 5f5e0ec3f1 Improve mbedtls_ssl_write() documentation 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len() 
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard bb83844a1d Clarify that there are two SSL I/O buffers 2015-08-31 12:46:01 +02:00
Manuel Pégourié-Gonnard 46c4fa16ab Fix missing casts on return 
closes #236
 2015-08-12 09:27:55 +02:00
Manuel Pégourié-Gonnard e2b0efe24b Separate license from comments in config.h 2015-08-11 10:38:37 +02:00
Manuel Pégourié-Gonnard ac50fc5e2f Fix typo in doc 2015-08-10 13:07:09 +02:00
Manuel Pégourié-Gonnard 854dab96fe Fix the fix for armcc5 --gnu 
Only exclude armcc5, not armcc6.
 2015-08-10 12:11:31 +02:00
Manuel Pégourié-Gonnard 32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard 43569a93cc Use #ifdef rather than patch for target_config.h 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard 63e7ebaaa1 Add material for generating yotta module 2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard e14dec68ea Fix stupid typo in previous commit 2015-08-04 22:49:33 +02:00
Manuel Pégourié-Gonnard f659f0c214 Disable Padlock code with ASan 
We're getting build errors with Clang 3.5.0 on our Debian Jessie buildslave:

library/padlock.c:99:10: error: inline assembly requires more registers than available
 2015-08-04 22:19:05 +02:00
Manuel Pégourié-Gonnard e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard 10c767488b Adjust rename/compat list 2015-07-15 11:07:26 +02:00
Paul Bakker 4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard 1409616d9c Fix one renaming in the list 
Found by Simon while testing the upgrade guide
 2015-07-09 09:17:18 +01:00
Manuel Pégourié-Gonnard 20af64dc2c Still need to #define inline for MSVC 
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
 2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard 052a6c9cfe Add mbedtls_md_clone() 2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard 16d412f465 Add md/shaXXX_clone() API 
Will be used in the SSL/TLS modules
 2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard 7893103154 Remove 1024 bits DHM params and add one 4096 bit 2015-07-03 17:06:39 +02:00
Manuel Pégourié-Gonnard 7c3b4ab6f2 Fix typos in comments 2015-07-02 17:59:52 +02:00
Manuel Pégourié-Gonnard 5791109707 Make the hardclock test optional 
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
 2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard 9bd0afdb22 Add guards for closed socket in net.c 
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
 2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard 2505528be4 Rm obsolete defines for inline wiht MSVC 
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
 2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard abc729e664 Simplify net_accept() with UDP sockets 
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
 2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard 3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free() 
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
 2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard 91895853ac Move from naked int to a structure in net.c 
Provides more flexibility for future changes/extensions.
 2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard b74c245a20 Rework debug to not need dynamic alloc 
But introduces dependency on variadic macros
 2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard 9db2887672 Actually enable fixed snprintf on windows 2015-06-26 11:04:08 +02:00
Manuel Pégourié-Gonnard dc54ff8578 Improve documentation about SSL ticket encryption 2015-06-25 12:44:46 +02:00
Manuel Pégourié-Gonnard 216a1831de Fix whitespace in CMakeLists.txt 
- all spaces no tabs
- indent with 4 spaces everywhere
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 53585eeb17 Remove test DHM params from certs.c 
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 0761733c1b Fix potential NULL dereference 
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard c0d749418b Make 'port' a string in NET module 
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard e244f9ffc0 Improve doc about length of strings written 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard d23f593737 Avoid static buffer in debug module 
Caused issues in threading situations
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 1cd10adc7c Update prototype of x509write_set_key_usage() 
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 7320eb46d4 Remove references to some Montgomery curves 
After all it looks like those won't become standard.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard e7e89844d6 Fix and document corner-cases of time checking 2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard cdc26ae099 Add mbedtls_ssl_set_hs_authmode 
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
 2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 1685368408 Rationalize snprintf() usage in X.509 modules 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 6c0c8e0d3d Include fixed snprintf for Windows in platform.c 
Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too.
 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 8ba88f0460 Fix stupid typo in documentation 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 7580ba475d Add a concept of entropy source strength. 
The main goal is, we want and error if cycle counter is the only source.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 3f77dfbd52 Add MBEDTLS_ENTROPY_HARDWARE_ALT 
Makes it easier for an external module to plug its hardware entropy collector.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard bf82ff0209 Fix entropy thresholds 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE 
First one means we have time() but it may not return the actual wall clock
time, second means it does.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard 097c7bb05b Rename relevant global symbols from size to bitlen 
Just applying rename.pl with this file:

mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
 2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard fb317c5221 Rename parameter in a x509 helper 2015-06-18 16:41:13 +02:00
Manuel Pégourié-Gonnard 39a48f4934 Internal renamings in PK 
+ an unrelated comment in SSL
 2015-06-18 16:06:55 +02:00
Manuel Pégourié-Gonnard 12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard 797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard 898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard b8186a5e54 Rename len to bitlen in function parameters 
Clarify a few comments too.
 2015-06-18 14:58:58 +02:00
Manuel Pégourié-Gonnard b31c5f68b1 Add SSL presets. 
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
 2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard 7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard 36a8b575a9 Create API for mbedtls_ssl_conf_sig_hashes(). 
Not implemented yet.
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard 9d412d872c Small internal changes in curve checking 
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard 27716cc1da Clarify a point in the documentation 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard b541da6ef3 Fix define for ssl_conf_curves() 
This is a security feature, it shouldn't be optional.
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 6e3ee3ad43 Add mbedtls_ssl_conf_cert_profile() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard f8ea856296 Change data structure of profiles to bitfields 
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too

Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 88db5da117 Add pre-defined profiles for cert verification 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 9505164ef4 Create cert profile API (unimplemented yet) 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard bd990d6629 Add ssl_conf_dhm_min_bitlen() 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard 1b1e65f541 Fix typos and other small issues in doc 2015-06-11 13:38:03 +02:00
Manuel Pégourié-Gonnard 7ee5ddd798 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
 2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard ba56136b5c Avoid in-out length in base64 2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard 3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard f79b425226 Avoid in-out length parameter in bignum 2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard 77cfe177e1 Remove now-useless typedef in ssl.h 2015-06-02 11:18:35 +01:00
Manuel Pégourié-Gonnard c730ed3f2d Rename boolean functions to be clearer 2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard 3eb50fa591 Cosmetics in doxygen doc 2015-06-02 10:28:09 +01:00
Manuel Pégourié-Gonnard 6ca7624952 Mark unused constant as such 2015-06-02 09:55:32 +01:00
Manuel Pégourié-Gonnard 81abefd46c Fix typos/style in doxygen documentation 2015-05-29 12:53:47 +02:00
Manuel Pégourié-Gonnard d14acbc31a Test assumptions we make about the platform 
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
 2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard f78e4de6f4 Fix warnings from -pedantic 2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard 864108daab Move from gmtime_r to gmtime + mutexes 
* gmtime_r is not standard so -std=c99 warns about it
* Anyway we need global mutexes in the threading layer, so better depend only
  on that, rather that global mutexes + some _r functions
 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard ba19432d2e Move from asm to __asm by default 
- GCC with -std=c99 warns about asm but likes __asm
_ armcc5 has __asm but not asm
 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard 2a84dfd747 Make ssl_cookie.c thread-safe 2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard b48ef9cce9 Improve documentation about HelloVerifyRequest 2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard 398b206ff0 Update doc for ssl_conf_renegotiation 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard 41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard bfffa908a6 Implement md_file in the MD layer 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard eb0d8706ce Add option for even smaller SHA-256 2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard 6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard 160e384360 Fix bad name choice 2015-05-27 20:27:06 +02:00
Manuel Pégourié-Gonnard a7f8033fa4 Fix oversights in s/malloc/calloc/ 2015-05-27 20:26:40 +02:00
Manuel Pégourié-Gonnard 944cfe8899 Allow use of global mutexes with threading_alt 2015-05-27 20:12:05 +02:00
Manuel Pégourié-Gonnard f7c2eebfcf Remove unused struct member in ssl_context 
Actually belongs to ssl_session
 2015-05-27 18:06:02 +02:00
Manuel Pégourié-Gonnard 200e73179e Adapt memory_buffer_alloc to calloc 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard b9ef1182f3 Adapt the platform layer from malloc to calloc 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard 7551cb9ee9 Replace malloc with calloc 
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
 2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard 065122cfe9 Move some defines to ssl_internal.h 2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard 56273daea0 Move some includes to ssl_internal.h 
Also removed one from ssl.h and add it in programs where it belongs
 2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard cd4fcc6c8b Move some structures to ssl_internal.h 2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard 5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard 50518f4195 Rename _wrap headers to _internal 
Makes it clearer that the user is not supposed to include them
 2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard 4214e3a0eb Update dependencies and documentation 2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard 1e9c4db524 Implement key rotation 2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard 887674a33b Internal changes in preparation for key rotation 
- two sets of keys
- separate function for key generation/update
 2015-05-25 12:19:00 +02:00
Manuel Pégourié-Gonnard a0adc1bbe4 Make cipher used in ssl tickets configurable 2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard 1041a39338 Use AES-GCM-256 for session ticket protection 2015-05-20 20:19:42 +02:00
Manuel Pégourié-Gonnard 0849a0a910 Make ssl ticket functions thread-safe 2015-05-20 11:34:54 +02:00
Manuel Pégourié-Gonnard e057d3bf6b Relax some dependencies 
- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY

Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b596abfdc0 Refine cli/srv ifdefs for session tickets 
- Only the server needs to generate/parse tickets
- Only the client needs to store them

Also adjust prototype of ssl_conf_session_tickets() while at it.
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard cf141ca7e7 Fix #ifdefs on ssl_cli.c or ssl_srv.c 
Nothing to do with the current branch except I'm going to refine such #ifdefs
for tickets next and I want to start from a clean state
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 0c0f11f4b3 Update dependencies & includes for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard d59675d92c Move to callback for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 2ff873c0fa Fix SSL_DEBUG macros 
Avoid doubled semicolon on usage, which would be bad in non-braced "if"
branches for example.
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b0394bebdb Further adapt prototypes of ticket functions 
Moving everything in ticket_keys structure, that will soon become
ticket_context.
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 69f17280d3 Adapt prototypes of ticket handling functions 
This is an intermediate step. The ssl_config argument will be replace by a
ticket context next.
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard a4a473516e Rename & move ticket functions to ticket module 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard fd6d8978f9 Add new submodule ssl_ticket 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 53ebe138c6 Fix copyright lines still mentioning Brainspark 2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard dad1ad739d Doc tune-ups 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 0b104b056b Adapt prototype of net_accept() for explicit size 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d9e6a3ac10 Rename pk_init_ctx() -> pk_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d4f04dba42 net.c now depends on select() unconditionally 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard a63bc94a2d Remove timing_m_sleep() -> net_usleep() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 151dc77732 Fix some old names that remained 
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 8473f87984 Rename cipher_init_ctx() to cipher_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 66dc5555f0 mbedtls_ssl_conf_arc4_support() depends on ARC4_C 2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard e391c8deda Doc tune-up 2015-05-13 20:34:24 +02:00
Manuel Pégourié-Gonnard 70860adccc SSL timers are no longer just for DTLS 
Also, clean up leftover temporary stuff... embarassing
 2015-05-13 10:25:28 +02:00
Manuel Pégourié-Gonnard bbd28f7bcc Improve SSL doc about I/O and timeouts 2015-05-13 10:21:42 +02:00
Manuel Pégourié-Gonnard 5a8d56d3a3 Rm hard dependency of DTLS on TIMING_C 2015-05-13 10:10:00 +02:00
Manuel Pégourié-Gonnard 2e01291739 Prepare the SSL modules for using timer callbacks 2015-05-13 09:43:39 +02:00
Manuel Pégourié-Gonnard ca3bdc5632 Add mbedtls_timing_set/get_delay() 2015-05-12 20:45:34 +02:00