Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								96fb685e31 
								
							 
						 
						
							
							
								
								Some more init calls  
							
							
							
						 
						
							2015-06-23 13:09:11 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								496f24e949 
								
							 
						 
						
							
							
								
								Deduplicate SHA-2 wrappers  
							
							
							
						 
						
							2015-06-23 13:09:11 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								ab5932192a 
								
							 
						 
						
							
							
								
								Call init functions in MD alloc wrappers  
							
							... 
							
							
							
							When someone defines MBEDTLS_MD5_ALT for example, the init function may need
to do more that just zeroizing the context 
							
						 
						
							2015-06-23 13:09:11 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								1cd10adc7c 
								
							 
						 
						
							
							
								
								Update prototype of x509write_set_key_usage()  
							
							... 
							
							
							
							Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed. 
							
						 
						
							2015-06-23 13:09:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								655a964539 
								
							 
						 
						
							
							
								
								Adapt check_key_usage to new weird bits  
							
							
							
						 
						
							2015-06-23 13:09:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9a702255f4 
								
							 
						 
						
							
							
								
								Add parsing/printing for new X.509 keyUsage flags  
							
							
							
						 
						
							2015-06-23 13:09:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b80d16d171 
								
							 
						 
						
							
							
								
								Fix return convention of x509_wildcard_verify()  
							
							
							
						 
						
							2015-06-23 13:09:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								07894338a0 
								
							 
						 
						
							
							
								
								Rename M255 to Curve25519  
							
							
							
						 
						
							2015-06-23 13:09:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								7320eb46d4 
								
							 
						 
						
							
							
								
								Remove references to some Montgomery curves  
							
							... 
							
							
							
							After all it looks like those won't become standard. 
							
						 
						
							2015-06-23 13:09:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9386664543 
								
							 
						 
						
							
							
								
								Move from inttypes.h to stdint.h  
							
							... 
							
							
							
							Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it. 
							
						 
						
							2015-06-22 23:41:26 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								e7e89844d6 
								
							 
						 
						
							
							
								
								Fix and document corner-cases of time checking  
							
							
							
						 
						
							2015-06-22 23:41:24 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								57e10d71be 
								
							 
						 
						
							
							
								
								Fix potential NULL dereference.  
							
							... 
							
							
							
							Introduced when moving from gmtime_r() to gmtime().
Found with fbinfer. 
							
						 
						
							2015-06-22 23:40:44 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f9b85d96a9 
								
							 
						 
						
							
							
								
								Fix potential resource leak in X.509 parse dir  
							
							... 
							
							
							
							Found with fbinfer. 
							
						 
						
							2015-06-22 18:39:57 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								bcf13bab5d 
								
							 
						 
						
							
							
								
								Fix issue with MemSan and entropy  
							
							... 
							
							
							
							Due to the recent change about entropy sources strength, it is no longer
acceptable to just disable the platform source. So, instead "fix" it so that
it is clear to MemSan that memory is initialized.
I tried __attribute__((no_sanitize_memory)) and MemSan's blacklist file, but
couldn't seem to get them to work. 
							
						 
						
							2015-06-22 18:25:41 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								cdc26ae099 
								
							 
						 
						
							
							
								
								Add mbedtls_ssl_set_hs_authmode  
							
							... 
							
							
							
							While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED) 
							
						 
						
							2015-06-22 14:52:40 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9dbaf400ef 
								
							 
						 
						
							
							
								
								Rationalize other snprintf() uses  
							
							
							
						 
						
							2015-06-22 14:42:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								1685368408 
								
							 
						 
						
							
							
								
								Rationalize snprintf() usage in X.509 modules  
							
							
							
						 
						
							2015-06-22 14:42:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6c0c8e0d3d 
								
							 
						 
						
							
							
								
								Include fixed snprintf for Windows in platform.c  
							
							... 
							
							
							
							Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too. 
							
						 
						
							2015-06-22 14:42:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f9cbd73191 
								
							 
						 
						
							
							
								
								Update generated files  
							
							
							
						 
						
							2015-06-22 14:40:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								7580ba475d 
								
							 
						 
						
							
							
								
								Add a concept of entropy source strength.  
							
							... 
							
							
							
							The main goal is, we want and error if cycle counter is the only source. 
							
						 
						
							2015-06-22 14:40:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								3f77dfbd52 
								
							 
						 
						
							
							
								
								Add MBEDTLS_ENTROPY_HARDWARE_ALT  
							
							... 
							
							
							
							Makes it easier for an external module to plug its hardware entropy collector. 
							
						 
						
							2015-06-22 14:40:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								bf82ff0209 
								
							 
						 
						
							
							
								
								Fix entropy thresholds  
							
							
							
						 
						
							2015-06-22 14:40:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								60c793bdc9 
								
							 
						 
						
							
							
								
								Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE  
							
							... 
							
							
							
							First one means we have time() but it may not return the actual wall clock
time, second means it does. 
							
						 
						
							2015-06-22 14:40:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								c0696c216b 
								
							 
						 
						
							
							
								
								Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen  
							
							
							
						 
						
							2015-06-18 16:49:37 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								097c7bb05b 
								
							 
						 
						
							
							
								
								Rename relevant global symbols from size to bitlen  
							
							... 
							
							
							
							Just applying rename.pl with this file:
mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS 
							
						 
						
							2015-06-18 16:43:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								fb317c5221 
								
							 
						 
						
							
							
								
								Rename parameter in a x509 helper  
							
							
							
						 
						
							2015-06-18 16:41:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								39a48f4934 
								
							 
						 
						
							
							
								
								Internal renamings in PK  
							
							... 
							
							
							
							+ an unrelated comment in SSL 
							
						 
						
							2015-06-18 16:06:55 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								12ad798c87 
								
							 
						 
						
							
							
								
								Rename ssl_session.length to id_len  
							
							
							
						 
						
							2015-06-18 15:50:37 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								898e0aa210 
								
							 
						 
						
							
							
								
								Rename key_length in cipher_info  
							
							
							
						 
						
							2015-06-18 15:31:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b8186a5e54 
								
							 
						 
						
							
							
								
								Rename len to bitlen in function parameters  
							
							... 
							
							
							
							Clarify a few comments too. 
							
						 
						
							2015-06-18 14:58:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b31c5f68b1 
								
							 
						 
						
							
							
								
								Add SSL presets.  
							
							... 
							
							
							
							No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values. 
							
						 
						
							2015-06-17 14:59:27 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								7bfc122703 
								
							 
						 
						
							
							
								
								Implement sig_hashes  
							
							
							
						 
						
							2015-06-17 14:34:48 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								36a8b575a9 
								
							 
						 
						
							
							
								
								Create API for mbedtls_ssl_conf_sig_hashes().  
							
							... 
							
							
							
							Not implemented yet. 
							
						 
						
							2015-06-17 14:27:39 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9d412d872c 
								
							 
						 
						
							
							
								
								Small internal changes in curve checking  
							
							... 
							
							
							
							- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config 
							
						 
						
							2015-06-17 14:27:39 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a83e4e2bf5 
								
							 
						 
						
							
							
								
								Extra check in verify_with_profile()  
							
							... 
							
							
							
							This could happen if someone doesn't set the SSL configuration properly. In
that case we don't want to segfault... 
							
						 
						
							2015-06-17 14:27:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								b541da6ef3 
								
							 
						 
						
							
							
								
								Fix define for ssl_conf_curves()  
							
							... 
							
							
							
							This is a security feature, it shouldn't be optional. 
							
						 
						
							2015-06-17 14:27:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6e3ee3ad43 
								
							 
						 
						
							
							
								
								Add mbedtls_ssl_conf_cert_profile()  
							
							
							
						 
						
							2015-06-17 14:27:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								cbb1f6e5cb 
								
							 
						 
						
							
							
								
								Implement cert profile checking  
							
							
							
						 
						
							2015-06-17 14:27:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f8ea856296 
								
							 
						 
						
							
							
								
								Change data structure of profiles to bitfields  
							
							... 
							
							
							
							- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too
Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t. 
							
						 
						
							2015-06-17 14:27:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								88db5da117 
								
							 
						 
						
							
							
								
								Add pre-defined profiles for cert verification  
							
							
							
						 
						
							2015-06-17 14:27:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9505164ef4 
								
							 
						 
						
							
							
								
								Create cert profile API (unimplemented yet)  
							
							
							
						 
						
							2015-06-17 14:27:38 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								bd990d6629 
								
							 
						 
						
							
							
								
								Add ssl_conf_dhm_min_bitlen()  
							
							
							
						 
						
							2015-06-17 11:37:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								7ee5ddd798 
								
							 
						 
						
							
							
								
								Merge branch 'mbedtls-1.3' into development  
							
							... 
							
							
							
							* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog 
							
						 
						
							2015-06-03 10:33:55 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								dccb80b7e5 
								
							 
						 
						
							
							
								
								Fix compile errors with NO_STD_FUNCTIONS  
							
							
							
						 
						
							2015-06-03 10:20:33 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								ba56136b5c 
								
							 
						 
						
							
							
								
								Avoid in-out length in base64  
							
							
							
						 
						
							2015-06-02 16:30:35 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								3335205a21 
								
							 
						 
						
							
							
								
								Avoid in-out length in dhm_calc_secret()  
							
							
							
						 
						
							2015-06-02 16:17:08 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f79b425226 
								
							 
						 
						
							
							
								
								Avoid in-out length parameter in bignum  
							
							
							
						 
						
							2015-06-02 15:41:48 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								ptahpeteh 
							
						 
						
							
							
							
							
								
							
							
								249bece013 
								
							 
						 
						
							
							
								
								Fix compile bug: incompatible declaration of polarssl_exit in platform.c  
							
							... 
							
							
							
							This causes a compile-time error: 
platform.c(157): error:  #147 : declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h") 
							
						 
						
							2015-06-02 15:26:09 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								c730ed3f2d 
								
							 
						 
						
							
							
								
								Rename boolean functions to be clearer  
							
							
							
						 
						
							2015-06-02 10:38:50 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9d51583772 
								
							 
						 
						
							
							
								
								Fix cipher identifier in des_ede3_info  
							
							
							
						 
						
							2015-06-02 10:00:04 +01:00