Commit graph

1922 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard df791a51f6 Simplify net_htonx() 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 932e3934bd Fix typos & Co 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 62edcc8176 Document POLARSSL_CAMELLIA_SMALL_MEMORY 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 07ec1ddd10 Fix bug with ssl_set_curves() check on client 2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard a5cc2aa769 Fix bug in POLARSSL_PLATFORM_STD_EXIT support 2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard 998930ae0d Replace non-ascii characters in source files 2015-04-03 13:48:06 +02:00
Manuel Pégourié-Gonnard eadda3f3ad Add missing #ifdef in ecdsa.c 2015-04-03 13:15:34 +02:00
Manuel Pégourié-Gonnard 2bc16df2f4 Update generated file 2015-04-03 13:04:56 +02:00
Manuel Pégourié-Gonnard f1d2f7c456 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix bug in Via Padlock support
  Fix portability issue in Makefile
2015-04-02 12:44:00 +01:00
Manuel Pégourié-Gonnard cf201201e6 Fix bug in Via Padlock support 2015-04-02 10:53:59 +01:00
Manuel Pégourié-Gonnard 427b672551 Add XXX_PROCESS_ALT mecchanism 2015-03-31 18:32:50 +02:00
Manuel Pégourié-Gonnard 26c9f90cae Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Add missing depends in x509 programs
  Simplify ifdef checks in programs/x509
  Fix thread safety issue in RSA operations
  Add test certificate for bitstring in DN
  Add support for X.520 uniqueIdentifier
  Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard 8c8be1ebbb Change default min TLS version to TLS 1.0 2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard d16df8f60a Cleanup unused bit in ssl
Became unused when removing deprecated ssl_set_own_cert_xxx() functions
2015-03-31 14:04:51 +02:00
Manuel Pégourié-Gonnard 348bcb3694 Make RSA_ALT support optionnal 2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard 8fce937a1a Simplify ecdsa_context 2015-03-31 13:06:41 +02:00
Manuel Pégourié-Gonnard 49ce6f0973 Fix constness of asn1_write_mpi() 2015-03-31 13:05:39 +02:00
Manuel Pégourié-Gonnard dfdcac9d51 Merge ecdsa_write_signature{,_det}() together 2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard 63e931902b Make a helpful constant public 2015-03-31 11:15:48 +02:00
Manuel Pégourié-Gonnard b8cfe3f0d9 pk_sign() now requires non-NONE md_alg for ECDSA 2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard fa44f20b9f Change authmode default to Required on client 2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard 1d0ca1a336 Move key_usage to more that 8 bits 2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard 1022fed36e Remove redundant sig_oid2 in x509 structures 2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard a252af760f Minor source simplification 2015-03-27 16:15:55 +01:00
Manuel Pégourié-Gonnard 88fca3ef0e Fix thread safety issue in RSA operations
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).

The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.

A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
2015-03-27 15:12:05 +01:00
Manuel Pégourié-Gonnard 9409e0cea2 Add support for X.520 uniqueIdentifier 2015-03-27 13:03:54 +01:00
Manuel Pégourié-Gonnard dd5dbcae90 Accept bitstrings in X.509 names 2015-03-27 13:03:09 +01:00
Manuel Pégourié-Gonnard 957b1ee96e Fix per-C99 initializer issues 2015-03-27 11:56:40 +01:00
Manuel Pégourié-Gonnard a958d69a70 Rename test_ca_list to test_cas_pem 2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard 2f165060f0 Start introducing test_cas NULL-terminated list 2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard 75f901006b Add len constants to certs.c 2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard e960818735 Check return value of the TLS PRF 2015-03-26 11:47:47 +01:00
Manuel Pégourié-Gonnard b7fcca33b9 Make tls1_prf and tls12_prf more efficient
Repeatedly allocating a context and setting the key was a waste
2015-03-26 11:41:28 +01:00
Manuel Pégourié-Gonnard 6890c6b64e Factor tls_prf_sha{256,384} together 2015-03-26 11:11:49 +01:00
Manuel Pégourié-Gonnard 147fa097e2 Reintroduce md_init_ctx compatibility wrapper 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard a77edade0c Clean up unneeded things 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard 4063ceb281 Make hmac_ctx optional
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard dfb3dc8b53 Make ipad/opad dynamic and more opaque 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard 4da88c50c1 Remove specific xxx_hmac functions 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard 7da726bb53 Remove calls to xxx_hmac() from SSL modules 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard 0a8896ad6f Remove references to xxx_hmac() from MD layer 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard 8379a82a76 Implement hmac in the MD layer 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard ca878dbaa5 Make md_info_t an opaque structure
- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
  negligible
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard 9325b26b42 Fix warning with mingw32
Apparently it thinks getsockopt()'s should be a char *, while it's a void *
according to POSIX. Casting to void * avoids the warning.
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard 9a65e80e4f Properly mark ssl_set_bio() as deprecated 2015-03-25 18:09:46 +01:00
Manuel Pégourié-Gonnard e424d0814d Refresh generated file after merge 2015-03-23 14:31:50 +01:00
Manuel Pégourié-Gonnard 8a80318df2 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Update generated file
  Update Changelog for deprecation config flags
  Fix tests to work with DEPRECATED_REMOVED
  Add POLARSSL_DEPRECATED_{WARNING,REMOVED}
  Suppress clang warning we don't want
2015-03-23 14:31:25 +01:00
Manuel Pégourié-Gonnard bf8f7febd8 Update generated file 2015-03-23 14:24:06 +01:00
Manuel Pégourié-Gonnard c70581c272 Add POLARSSL_DEPRECATED_{WARNING,REMOVED} 2015-03-23 14:11:11 +01:00