yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 03:51:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
4022 commits 88 branches 205 tags 69 MiB
Commit graph

4022 commits

This branch
This branch
All branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard ddfe5d20d1 Tune dependencies 
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
 2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard c2ed8029ff Fix ChangeLog - misplaced entries 2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard 2ed05a049a Fix typos 2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard ab05d23b29 Update generated file 2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard 259db91023 Add test without cookies 
Tune existing tests while at it
 2015-09-09 11:48:45 +02:00
Manuel Pégourié-Gonnard 22311ae62e Improve help message of ssl_*2.c 2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard 62c74bb78a Stop wasting resources 
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
 2015-09-09 11:22:52 +02:00
Nicholas Wilson 2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile 
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
 2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard 222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard 3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard 14c2574a9d Update Changelog 2015-09-08 15:12:45 +02:00
Simon Butcher e5a21b4493 Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted 
Add counter-measure against RSA-CRT attack
 2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard 5f50104c52 Add counter-measure against RSA-CRT attack 
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
 2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard d745a1a9b7 Add tests for hard reconnect 2015-09-08 12:40:43 +02:00
Manuel Pégourié-Gonnard 3f09b6d4c2 Fix API 2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard 11331fc25b First working dirty version 
- uses too much resources
- wrong API
 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 9650205df7 Start detecting epoch 0 ClientHellos 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 26d227ddfc Add config flag for support of client port reuse 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard dbd23079d0 Add option reconnect_hard to ssl_client2 
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
  this port.

Some real-world clients do that, see section 4.2.8 of RFC 6347.
 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 7f2f062a5d Fix possible client crash on API misuse 2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard 14d800507a Remove "private" setting from module.json 2015-09-04 15:35:47 +02:00
Manuel Pégourié-Gonnard 0a0c22e0ef Add ChangeLog entry about license change 2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard 67e4652bfc Fix bug in bump_version.sh 
Missing quotes around "version" in module.json
 2015-09-04 14:31:16 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard f9c599cd8a Bump yotta patch version 2015-09-03 16:45:26 +02:00
Simon Butcher 2d43479ac5 Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls into development 2015-09-03 13:08:55 +01:00
Simon Butcher 1a66081d7f Merge branch 'iotssl-457-badtail' into development 2015-09-03 13:08:09 +01:00
Simon Butcher 52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard f851f14214 Moe top-level Readme to markdown 
For consistency
 2015-09-03 13:29:45 +02:00
Simon Butcher ed51594337 Merge pull request #265 from ARMmbed/iotssl-460-bugfixes 
Iotssl 460 bugfixes
 2015-09-02 23:36:36 +01:00
Simon Butcher 1662c4a338 Merge pull request #264 from ARMmbed/misc 
Misc improvements
 2015-09-02 17:51:23 +01:00
Manuel Pégourié-Gonnard f459a0f5f2 Bump yotta patch version 2015-09-02 10:24:46 +02:00
Manuel Pégourié-Gonnard b2beb84be6 Changelog entry fro the previous commit 2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard f81ee2eba8 Add NULL checks to top-level SSL functions 
On normal use these should never be useful, but if the application has issues,
it's best for us to return an error than to crash.
 2015-09-01 17:43:40 +02:00
Manuel Pégourié-Gonnard fdbdd72b8b Skip to trusted certs early in the chain 
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
 2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard 560fea3767 Add tests for verify callback 
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
 2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard 4f202badec Document the three libraries in Readme 
see #266
 2015-09-01 10:27:16 +02:00
Manuel Pégourié-Gonnard c881ca8502 Document how to build shared libs with CMake 
Also updated
https://tls.mbed.org/kb/compiling-and-building/how-do-i-build-compile-mbedtls

closes #267
 2015-09-01 10:08:28 +02:00
Manuel Pégourié-Gonnard 5f5e0ec3f1 Improve mbedtls_ssl_write() documentation 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len() 
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard 7b23c51595 Print "thread ID" in debug messages 
closes #218
 2015-08-31 16:17:33 +02:00
Manuel Pégourié-Gonnard d68434efba Disable some tests with valgrind 
Tends to cause spurious failures on buildbots due to peer timing out.
Anyway, those tests are mainly for interop, any memory error is most likely
catched by some earlier self-op test. (Also, we'll run these tests with ASan
anyway.)
 2015-08-31 12:48:22 +02:00
Manuel Pégourié-Gonnard bb83844a1d Clarify that there are two SSL I/O buffers 2015-08-31 12:46:01 +02:00
Manuel Pégourié-Gonnard 824ba72442 Only use -Wshadow with GCC 4.8 or higher 
Before that, we get useless warnings about local variables shadowing extern
functions, which means we can't have a local variable called index when we
include string.h.

https://lkml.org/lkml/2006/11/28/239
https://gcc.gnu.org/gcc-4.8/changes.html
 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard cf9ab63863 Fix error reporting in pkey/pk_* programs 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard ce7a08ba49 Fix more comments/outputs in verify programs 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard 102a620c9a Fix hash buffer size in pkey programs 2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard d224ff1f63 Change default RSA key size in rsa_genkey 2015-08-31 10:34:27 +02:00