Hanno Becker
8bc74d6f2f
Merge branch 'development' into iotssl-1619
2018-01-03 10:24:02 +00:00
Manuel Pégourié-Gonnard
ae3925c774
Merge remote-tracking branch 'public/pr/1136' into development
...
* public/pr/1136:
Timing self test: shorten redundant tests
Timing self test: increased duration
Timing self test: increased tolerance
Timing unit tests: more protection against infinite loops
Unit test for mbedtls_timing_hardclock
New timing unit tests
selftest: allow excluding a subset of the tests
selftest: allow running a subset of the tests
selftest: refactor to separate the list of tests from the logic
Timing self test: print some diagnosis information
mbedtls_timing_get_timer: don't use uninitialized memory
timing interface documentation: minor clarifications
Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:20 +01:00
Hanno Becker
32297e8314
Merge branch 'development' into iotssl-1619
2017-12-22 10:24:32 +00:00
Gilles Peskine
ff79d27f5c
selftest: allow excluding a subset of the tests
...
E.g. "selftest -x timing" runs all the self-tests except timing.
2017-12-20 21:57:48 +01:00
Gilles Peskine
c82fbb4e14
selftest: allow running a subset of the tests
...
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:23:13 +01:00
Gilles Peskine
319ac801a8
selftest: refactor to separate the list of tests from the logic
...
No behavior change.
2017-12-20 20:19:27 +01:00
Hanno Becker
a5e68979ca
Resolve integer type conversion problem on MSVC
...
MSVC rightfully complained that there was some conversion from `size_t`
to `unsigned int` that could come with a loss of data. This commit
re-types the corresponding struct field `ctx_buffer::len` to `size_t`.
Also, the function `ctx_buffer_append` has an integer return value
which is supposed to be the (positive) length of the appended data
on success, and a check is inserted that the data to be appended does
not exceed MAX_INT in length.
2017-12-06 08:37:39 +00:00
Gilles Peskine
d629411212
Merge branch 'pr_920' into development
2017-12-01 23:46:58 +01:00
Ron Eldor
0728d69d6d
Change kB to KiB
...
Change the style of the units to KiB, according to
https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/
2017-11-29 12:08:35 +02:00
Gilles Peskine
ea8d697fa2
Merge remote-tracking branch 'upstream-public/pr/1089' into development
...
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
2017-11-28 17:32:32 +01:00
Ron Eldor
a0748019f1
Change KB to kB
...
Change KB to kB, as this is the proper way to write kilo bytes
2017-11-28 16:48:51 +02:00
Gilles Peskine
68306ed31f
Merge remote-tracking branch 'upstream-public/pr/1094' into development
2017-11-23 20:02:46 +01:00
Chris Xue
9a51c032ee
Fix copy paste error in the error message of mbedtls_ecp_gen_key in gen_key.c
2017-11-05 19:10:51 +00:00
Hanno Becker
77abef5cba
Don't use busy-waiting in udp_proxy
...
Also, correct inconsistent use of unsigned integer types in udp_proxy.
2017-11-02 14:03:18 +00:00
Hanno Becker
0cc7774dab
Only add pack option to UDP proxy if MBEDTLS_TIMING_C is enabled
2017-10-31 14:14:10 +00:00
Hanno Becker
92474da0a2
Use Mbed TLS timing module to obtain ellapsed time in udp_proxy
2017-10-31 14:14:08 +00:00
Hanno Becker
211f44c928
Rename merge
option in UDP proxy to pack
2017-10-31 14:08:10 +00:00
Hanno Becker
197a91cd82
Clean up idle() function in ssl_client2 and ssl_server2
2017-10-31 13:07:38 +00:00
Hanno Becker
df4180a235
Don't break debug messages
2017-10-27 15:04:14 +01:00
Gilles Peskine
8149321fed
udp_proxy_wrapper.sh: fix cleanup not cleaning up
...
Fixed cleanup leaving the actual udp_proxy behind and only killing an
intermediate shell process.
Fixed trap handler cleaning up but then not dying.
2017-10-24 11:25:19 +01:00
Gilles Peskine
afc4f892d1
udp_proxy_wrapper.sh: more robust
...
Don't mangle arguments containing spaces and other special characters,
pass them unchanged to the proxy or server as applicable.
More robust parsing of server parameters: don't hit on partial words;
use ssl_server2's default values.
Minor style improvements.
2017-10-24 10:05:55 +01:00
Hanno Becker
a677cdd459
Detect IPv6 in udp_proxy_wrapper.sh grepping for server_addr=::1
2017-10-23 15:29:31 +01:00
Hanno Becker
22829e9860
Don't use sed -r in udp_proxy_wrapper.sh
2017-10-23 15:29:24 +01:00
Kevin Luty
da44de60b1
Fix for returning correct error code
2017-10-13 13:18:28 -05:00
Hanno Becker
7f25f850ac
Adapt uses of mbedtls_rsa_complete
to removed PRNG argument
2017-10-10 16:56:22 +01:00
Hanno Becker
4cb1f4d49c
Style corrections
2017-10-10 16:04:48 +01:00
Hanno Becker
16970d2912
Add support for event-driven IO in ssl_client2 and ssl_server2
2017-10-10 16:03:26 +01:00
Hanno Becker
fbb0b701e4
Corrupt application data in the beginning instead of the end in UDP proxy
...
The UDP proxy corrupts application data at the end of the datagram. If
there are multiple DTLS records within the same datagram, this leads
to the wrong message being corrupted. This commit always corrupts the
beginning of the message to prevent this.
Overall, the UDP proxy needs reworking if it is supposed to reliably
support multiple records within a single datagram, because it
determines its actions from the type of the first record in the
current datagram only.
2017-10-10 16:02:36 +01:00
Hanno Becker
1dd62ea811
Add packing option to UDP proxy
...
This commit provides the new option pack=TIME for the udp proxy
./programs/test/udp_proxy. If used, udp packets with the same
destination will be queued and concatenated for up to TIME
milliseconds before being delivered.
This is useful to test how mbed TLS's deals with multiple DTLS records
within a single datagram.
2017-10-10 16:01:15 +01:00
Hanno Becker
f65ca329b6
Introduce UDP proxy wrapper script
...
This commit introduces the script `programs/test/udp_proxy_wrapper.sh` which can
be used to wrap the SSL server binary `programs/ssl/ssl_server2` by the UDP
proxy application `programs/test/udp_proxy` while maintaining the same
interface from the command line.
Specifically, given UDP proxy arguments ARGS_UDP and SSL server arguments
ARGS_SSL, the command line
> ./udp_proxy_wrapper.sh ARGS_UDP -- ARGS_SSL
behaves like
> ./ssl_server2 ARGS_SSL
wrapped by
> ./udp_proxy ARGS_UDP
The motivation and benefit of this is that scripts like `ssl-opt.sh` can be used
with the server command line `P_SRV` modified to `./udp_proxy_wrapper.sh
ARGS_UDP -- DEFAULT_ARGS_SSL` which will result in all tests being executed for
an SSL server behind a UDP proxy.
2017-10-10 16:01:15 +01:00
Ron Eldor
71f68c4043
Fix ssl_server2 sample application prompt
...
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-06 11:59:13 +01:00
Xinyu Chen
e1a94a6404
Correct the printf message of the DTLS handshake.
...
Make it consistent with dtls_server.c
2017-10-06 11:58:50 +01:00
Hanno Becker
b953921a4e
Adapt benchmark application to naming and binary format
2017-10-04 13:13:34 +01:00
Hanno Becker
17c3276a2e
Improve output on bad cmd line args in programs/x509/cert_write
2017-10-03 14:56:04 +01:00
Ron Eldor
7da7cb399e
Fix ssl_server2 sample application prompt
...
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-02 19:14:58 +01:00
Hanno Becker
d4d856265e
Don't use deprecated macro form of DHM moduli in benchmark program
2017-10-02 15:06:27 +01:00
Hanno Becker
c6fc878eda
Remove mbedtls_rsa_check_crt
...
This is no longer needed after the decision to not exhaustively validate private key material.
2017-10-02 13:20:15 +01:00
Xinyu Chen
00afe1c046
Correct the printf message of the DTLS handshake.
...
Make it consistent with dtls_server.c
2017-09-30 09:52:38 +01:00
Hanno Becker
7f3652ddf1
Fix error code printing in cert_write
...
Error codes can consume up to two bytes, but only one was printed so far.
2017-09-22 15:39:02 +01:00
Hanno Becker
38eff43791
Use X509 CRT version macros in cert_write program
2017-09-22 15:38:20 +01:00
Hanno Becker
e1b1d0af8e
Fix senseless comment
2017-09-22 15:35:16 +01:00
Hanno Becker
e4ad3e8803
Allow requests of size larger than 16384 in ssl_client2
2017-09-18 16:11:42 +01:00
Hanno Becker
81535d0011
Minor style and typo corrections
2017-09-14 07:51:54 +01:00
Hanno Becker
6c13d37961
Extend cert_write example program by multiple cmd line options
...
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
when creating the CRT.
2017-09-13 15:42:16 +01:00
Hanno Becker
f073de0c25
Adapt rsa_genkey example program to use new RSA interface
2017-08-23 16:17:28 +01:00
Hanno Becker
0c2639386e
Adapt rsa_encrypt example program to new RSA interface
2017-08-23 16:17:28 +01:00
Hanno Becker
d6ba5e3d8b
Adapt rsa_sign example program to new RSA interface
2017-08-23 16:17:28 +01:00
Hanno Becker
ccef18c2ff
Adapt rsa_decrypt example program to new RSA interface
2017-08-23 16:17:27 +01:00
Hanno Becker
40371ec783
Adapt key_app_writer example program to new RSA interface
2017-08-23 16:17:27 +01:00
Hanno Becker
54ebf9971d
Adapt key_app example program to new RSA interface
2017-08-23 16:17:27 +01:00
Hanno Becker
83aad1fa86
Adapt gen_key example program to new RSA interface
2017-08-23 16:17:27 +01:00
Hanno Becker
c95fad3566
Adapt dh_server example program to new RSA interface
2017-08-23 16:17:27 +01:00
Manuel Pégourié-Gonnard
b3c8307960
Adapt ssl_client2 to restartable EC
2017-08-09 11:44:53 +02:00
Peter Huewe
38fc3a0548
Remove duplicated defintion of PRINT_ERROR
...
The PRINT_ERROR macros are already defined exactly the same in line
101ff, so we can remove them here.
2017-07-29 02:01:22 +02:00
Hanno Becker
840bace417
Correct comment
2017-07-28 22:28:08 +01:00
Hanno Becker
ce37e6269e
Reliably zeroize sensitive data in AES sample application
...
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Hanno Becker
f601ec5f34
Reliably zeroize sensitive data in Crypt-and-Hash sample application
...
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Ron Eldor
2a47be5012
Minor: Fix typos in program comments
...
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-27 21:44:33 +01:00
Ron Eldor
53c2e47a1b
Minor: Fix typos in program comments
...
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-27 15:08:01 +01:00
Ron Eldor
ee5a0ca3bb
Minor: Fix typos in program comments
...
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-19 23:33:24 +02:00
Martijn de Milliano
b194a283a9
dh_server: Fixed expected number of bytes received from client when receiving public value.
2017-07-06 23:55:59 +02:00
Andres Amaya Garcia
276ebb650e
Add stdlib.h include to hello.c sample
2017-07-03 11:16:57 +01:00
Andres Amaya Garcia
1ff60f437f
Change examples to use the new MD API and check ret code
2017-06-28 13:26:36 +01:00
Hanno Becker
8651a43e95
Remove %zu format string from ssl_client2 and ssl_server2
2017-06-09 16:13:22 +01:00
Manuel Pégourié-Gonnard
c44c3c288d
Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development
...
* janos/iotssl-1156-ecdsa-sample-and-doc-clarification:
Clarify the use of ECDSA API
2017-06-08 10:16:54 +02:00
Hanno Becker
e6706e62d8
Add tests for missing CA chains and bad curves.
...
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:26:59 +01:00
Gilles Peskine
682df09159
Allow SHA-1 in server tests, when the signature_algorithm extension is not used
2017-06-06 18:44:14 +02:00
Gilles Peskine
bc70a1836b
Test that SHA-1 defaults off
...
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 18:44:14 +02:00
Gilles Peskine
cd3c845157
Allow SHA-1 in SSL renegotiation tests
...
In the TLS test client, allow SHA-1 as a signature hash algorithm.
Without this, the renegotation tests failed.
A previous commit had allowed SHA-1 via the certificate profile but
that only applied before the initial negotiation which includes the
signature_algorithms extension.
2017-06-06 18:44:13 +02:00
Gilles Peskine
ef86ab238f
Allow SHA-1 in X.509 and TLS tests
...
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 18:44:13 +02:00
Janos Follath
4817e27d4d
Add the CA list suppression option to ssl_server2
...
Adding the CA suppression list option to the 'ssl_server2' sample
program is a prerequisite for adding tests for this feature to the
integration test suite (ssl-opt.sh).
2017-05-16 10:22:37 +01:00
Ron Eldor
46cf773f2f
Fix wrong output in the benchmark application
...
The benchmark application prints the performance in Kb/s,
While it actually calculates KB/s.
Resolves issue #850
2017-05-14 15:55:06 +03:00
Janos Follath
0a5154b8a1
Clarify the use of ECDSA API
...
In the ecdsa.c sample application we don't use hashing, we use ecdsa
directly on a buffer containing plain text. Although the text explains
that it should be the message hash it still can be confusing.
Any misunderstandings here are potentially very dangerous, because ECDSA
truncates the message hash if necessary and this can lead to trivial
signature forgeries if the API is misused and the message is passed
directly to the function without hashing.
This commit adds a hash computation step to the ecdsa.c sample
application and clarification to the doxygen documentation of the
ECDSA functions involved.
2017-03-10 11:31:41 +00:00
Andres AG
0b736db0f3
Remove use of inttypes.h in MSVC from ssl_server2
...
The sample application programs/ssl/ssl_server2.c was previously
modifies to use inttypes.h to parse a string to a 64-bit integer.
However, MSVC does not support C99, so compilation fails. This
patch modifies the sample app to use the MSVC specific parsing
functions instead of inttypes.h.
2017-03-01 23:24:35 +00:00
Ron Eldor
dbe8316e23
fix for issue 1101: missing rsa context initialization
...
added mbedtls_rsa_init in rsa_decrypt sample application
2017-03-01 07:56:40 +00:00
Paul Bakker
2382816a84
Fix default hostname for verification used in ssl_client1
2017-02-28 22:23:41 +00:00
Ron Eldor
0049f7857d
check matching issuer crt and key for all algs
...
use mbedtls_pk_check_pair to verify if issuer certificate and issuer key match,
instad of explicitely comparing RSA public component.
Raised and fix suggested by dbedev in #777
2017-02-07 19:14:58 +02:00
Andres AG
cef21e4cd9
Fix examples that failed to compile without PEM
2017-02-04 22:59:46 +00:00
Andres AG
692ad84e5c
Add DTLS test to check 6 byte record ctr is cmp
...
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-01-19 16:30:57 +00:00
Simon Butcher
c58d7b4074
Merge fix for X.509 compatibility issues
2016-10-13 15:54:03 +01:00
Simon Butcher
e19acd5e79
Add extra compilation conditions to X.509 samples
...
The sample applications programs/pkey/cert_req.c and
programs/pkey/cert_write.c use the library functions
mbedtls_pk_write_csr_pem() and mbedtls_pk_write_crt_pem() respectively which
are dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option
isn't defined the build breaks.
This change adds the compilation condition MBEDTLS_PEM_WRITE_C to these
sample application.
2016-10-13 13:52:00 +01:00
Simon Butcher
41dba28a2a
Add extra compilation conditions to gen_key.c #559
...
The sample application programs/pkey/gen_key.c uses the library function
mbedtls_pk_write_key_pem() which is dependent on the configuration option
MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks.
This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c
sample application.
2016-10-13 13:51:13 +01:00
Andres AG
8254b6c9f3
Clean up of formatting, and potential integer overflow fix
2016-10-13 13:51:13 +01:00
Simon Butcher
ea680197f8
Minor fixes to formatting and compilation conditions
2016-10-13 13:51:12 +01:00
Simon Butcher
32bb5af7e1
Add CMAC functions to the benchmark sample application
2016-10-13 13:51:11 +01:00
Brian Murray
7b07e0e4b4
Fix build failure for thread config
2016-10-13 13:51:11 +01:00
Brian Murray
86ff986884
selftest supports cmac if only MBEDTLS_DES_C is defined
...
Other minor typo fixes
2016-10-13 13:51:10 +01:00
Robert Cragie
45feb6ef20
Add support for AES-128-CMAC and AES-CMAC-PRF-128
2016-10-13 13:51:07 +01:00
Andres AG
3616f6f261
Rename net.{c,h} to net_sockets.{c,h}
...
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Paul Bakker
2d6599284f
Do not add empty cert / key in cert_app
2016-10-13 13:46:04 +01:00
Paul Bakker
e9bdaa251f
Actually apply debug_level settings in cert_app
2016-10-13 13:46:04 +01:00
Janos Follath
9fe6f92561
Add SHA1 guards in dh_client.c and dh_server.c
...
The build breaked for configurations not having MBEDTLS_SHA1_C.
2016-10-07 14:17:56 +01:00
Simon Butcher
604d399a5c
Add extra compilation conditions to gen_key.c #559
...
The sample application programs/pkey/gen_key.c uses the library function
mbedtls_pk_write_key_pem() which is dependent on the configuration option
MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks.
This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c
sample application.
2016-10-07 08:48:47 +01:00
Andres AG
a592dcc1c6
Clean up of formatting, and potential integer overflow fix
2016-10-06 15:23:39 +01:00
Simon Butcher
b981b16379
Minor fixes to formatting and compilation conditions
2016-10-06 12:51:24 +01:00
Simon Butcher
549dc3d75e
Add CMAC functions to the benchmark sample application
2016-10-05 14:19:18 +01:00
Brian Murray
8b4111c516
Fix build failure for thread config
2016-10-05 14:19:17 +01:00
Brian Murray
57863ad7ed
selftest supports cmac if only MBEDTLS_DES_C is defined
...
Other minor typo fixes
2016-10-05 14:19:16 +01:00
Robert Cragie
dc5c7b98ac
Add support for AES-128-CMAC and AES-CMAC-PRF-128
2016-10-05 14:19:13 +01:00
Andres AG
788aa4a812
Rename net.{c,h} to net_sockets.{c,h}
...
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Paul Bakker
5e8c62f53d
Do not add empty cert / key in cert_app
2016-09-26 20:30:13 +01:00
Paul Bakker
f2b92bb25b
Actually apply debug_level settings in cert_app
2016-09-26 20:30:13 +01:00
Paul Bakker
243f48e1e2
Fix for #441 - crypt and hash gcm ( #546 )
...
* Fix crypt_and_hash to support decrypting GCM encrypted files
* Fix documentation in crypt_and_hash for the generic case
* Remove unused lastn from crypt_and_hash
lastn is not used with the cipher layer as it already provides padding
and understanding of length of the original data.
2016-09-02 23:44:09 +03:00
Andres AG
e7723ec284
Make entropy bias self test poll multiple times
...
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG
b34e42e69e
Add a new self test to entropy module
...
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:
- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Simon Butcher
0e7d38739f
Fix warning on implicit casting in aescrypt.c ( #584 )
2016-08-30 14:25:24 +01:00
Paul Bakker
70940caeeb
Allow compilation without MBEDTLS_SELF_TEST enabled
2016-08-25 15:42:28 +01:00
Simon Butcher
4982e527c6
Adds stdlib.h header to dh_genprime sample app
...
Use of the atoi() function requires stdlib.h to be included when
MBEDTLS_PLATFORM_C is not defined.
2016-08-24 20:24:21 +03:00
Simon Butcher
cdb3ad03ed
Remove redundant definitions of exit codes
...
In the ssl/mini_client.c sample application the exit codes were redundantly
being redefined, causing compiler warnings.
2016-08-24 20:24:20 +03:00
Simon Butcher
b5b6af2663
Puts platform time abstraction into its own header
...
Separates platform time abstraction into it's own header from the
general platform abstraction as both depend on different build options.
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
2016-07-13 14:46:18 +01:00
Simon Butcher
ab069c6b46
Merge branch 'development' into development-restricted
2016-06-23 21:42:26 +01:00
Simon Butcher
b6a73c9b76
Add provision to create the entropy seedfile for selftest sample
...
In the selftest sample application, if no seedfile is present, one will be
created so the test can execute.
2016-06-23 11:46:41 +01:00
Janos Follath
15ab7ed0f3
Merge branch 'development' into development-restricted
...
Conflicts:
programs/pkey/rsa_decrypt.c
programs/pkey/rsa_encrypt.c
programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Janos Follath
352dbe2334
Make error messages in crypt_and_hash better.
2016-06-09 13:41:28 +01:00
Janos Follath
98e28a74e3
Address user reported coverity issues.
2016-06-09 13:41:28 +01:00
Janos Follath
8eb64132da
Address issues find by manual coverity scan.
2016-06-09 13:41:28 +01:00
Janos Follath
04b591ee79
Merge branch 'development' for weekly test report.
2016-05-31 10:18:41 +01:00
-~- redtangent ~-~
9fa2e86d93
Add missing mbedtls_time_t definitions ( #493 )
...
Add missing mbedtls_time_t definitions to sample applications and the error.c
generation script.
Fixes #490 .
2016-05-26 10:07:49 +01:00
Paul Bakker
440ce420bd
Put clang analyzer fix inside __clang_analyzer__ guard
2016-05-23 14:29:31 +01:00
Nicholas Wilson
e735303026
Shut up a few clang-analyze warnings about use of uninitialized variables
...
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-05-23 14:29:28 +01:00
Simon Butcher
94bafdf834
Merge branch 'development'
2016-05-18 18:40:46 +01:00
Simon Butcher
db0feca55c
Fixes platform time_t abstraction
...
Fixes platform abstraction in error.c and the file that it's generated
from as well as DTLS samples.
2016-05-17 00:03:14 +01:00
Simon Butcher
c21bec8af4
Merge branch 'development'
2016-05-16 16:15:20 +01:00
Paul Bakker
d1fe7aabc9
Put clang analyzer fix inside __clang_analyzer__ guard
2016-05-12 12:46:02 +01:00
Paul Bakker
f4743a6f5e
Merge pull request #457 from NWilson/clang-analyze-fixes
...
Clang analyze fixes
2016-05-11 20:20:42 +02:00
Janos Follath
98c2b0ea7d
Improves and makes pretty the ssl_fork_server output
2016-05-03 15:43:42 +01:00
Janos Follath
e609a08c2f
Fix issue #429 in ssl_fork_server.c
2016-05-03 15:43:31 +01:00
Janos Follath
582a461a49
Improves and makes pretty the ssl_fork_server output
2016-04-29 00:12:35 +01:00
Janos Follath
fe049db8ef
Fix issue #429 in ssl_fork_server.c
2016-04-29 00:12:19 +01:00
Simon Butcher
e4a46f696f
Merge branch 'development'
2016-04-27 18:44:37 +01:00
Simon Butcher
b2d5dd105d
Fixes X509 sample app and SSL test suite
...
Fixes the X.509 cert_app and the SSL test suite for the non-default
configs which don't build with if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 13:35:37 +01:00
Simon Butcher
d3138c35c6
Fixes SSL sample apps for non-default configs
...
Fixes the SSL sample applications to build for the non-default configs
which don't build if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 01:26:50 +01:00
SimonB
d5800b7761
Abstracts away time()/stdlib.h into platform
...
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
Janos Follath
0c539447c1
Fixes no return value warning in selftest.c
2016-04-18 09:59:16 +01:00
Simon Butcher
1ef918ddca
Add missing stdlib.h header to rsa sample programs
2016-04-13 11:56:27 +01:00
Nicholas Wilson
409401c044
Shut up a few clang-analyze warnings about use of uninitialized variables
...
The functions are all safe, Clang just isn't clever enough to realise
it.
2016-04-13 11:56:22 +01:00
Simon Butcher
6b46c62d77
Fixes error and exit paths in rsa sample programs
2016-04-12 13:25:08 +01:00
Janos Follath
f713b0a6ce
Fix memory leaks in example programs.
2016-04-11 23:32:39 +01:00
Simon Butcher
cd0ee5e499
Fixes following review of 'iotssl-682-selftest-ci-break'
2016-03-21 22:54:37 +00:00
Janos Follath
2e3aca2c9e
Fix test break in 'test-ref-configs.pl'
2016-03-18 16:25:52 +00:00
Simon Butcher
f1547632dc
Fixes to style following review
...
Made code spacing consistent with guidelines, and corrected the misnamed test
steps in basic-build-test.sh
2016-03-14 23:12:32 +00:00
SimonB
5a8afb848a
Fix exit code and add a count of the test suites
...
Now counts and displays the number of test suites executed, which can vary
depending on build configurations.
All tests are now executed as this is a sample and test program, rather than
exit on first failure.
Exit code now restricted to SUCCESS or FAILURE.
2016-03-14 23:12:29 +00:00
Manuel Pégourié-Gonnard
90ab4a45b5
Fix Unix detection in mini_client
...
fixes #398
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
644c2e0fdb
Add new program to gitignore
2015-11-02 06:34:29 +09:00
Manuel Pégourié-Gonnard
1c6f19aa47
Merge pull request #317 from Inikup/fix-issue-315
...
cert_write : fix "Destination buffer is too small" error
2015-11-02 05:52:26 +09:00
Manuel Pégourié-Gonnard
54eeecfff3
Merge pull request #316 from Inikup/help-key_cert_sign-fix
...
Fix help message for cert_req/cert_write programs
2015-10-30 14:50:42 +01:00
Simon Butcher
204606238c
Merge branch 'development' into misc
2015-10-27 16:57:34 +00:00
Manuel Pégourié-Gonnard
fadacb9d0b
Merge branch 'development' into iotssl-461-ecjpake-finalization
...
* development: (73 commits)
Bump yotta dependencies version
Fix typo in documentation
Corrected misleading fn description in ssl_cache.h
Corrected URL/reference to MPI library
Fix yotta dependencies
Fix minor spelling mistake in programs/pkey/gen_key.c
Bump version to 2.1.2
Fix CVE number in ChangeLog
Add 'inline' workaround where needed
Fix references to non-standard SIZE_T_MAX
Fix yotta version dependencies again
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
Remove inline workaround when not useful
Fix macroization of inline in C++
Changed attribution for Guido Vranken
Merge of IOTSSL-476 - Random malloc in pem_read()
Fix for IOTSSL-473 Double free error
Fix potential overflow in CertificateRequest
...
Conflicts:
include/mbedtls/ssl_internal.h
library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Jonathan Leroy
bbc75d9791
cert_write : fix "Destination buffer is too small" error
...
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.
I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...
Fixes #315 .
2015-10-10 21:58:07 +02:00
Jonathan Leroy
81962c36e3
Fix help message for cert_req/cert_write programs
...
In cert_req and cert_write programs, "key_certificate_sign" is not an
allowed velue for "key_usage" parameter. The correct value is
"key_cert_sign".
See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208
and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323 .
2015-10-10 21:42:29 +02:00
Manuel Pégourié-Gonnard
3eb8c34e6a
Add example program for Curve25519
...
Getting a lot of questions about how to use it. This will hopefully get people
started.
2015-10-09 12:13:29 +01:00
Manuel Pégourié-Gonnard
262c137d8c
Merge pull request #311 from jcowgill/spelling-fix
...
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-09 09:38:52 +01:00
James Cowgill
07a92d720a
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-09 00:28:14 +01:00
Manuel Pégourié-Gonnard
70905a7855
Add ecjpake_pw option to ssl_client2/server2
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
2ed05a049a
Fix typos
2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard
22311ae62e
Improve help message of ssl_*2.c
2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard
3f09b6d4c2
Fix API
2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard
dbd23079d0
Add option reconnect_hard to ssl_client2
...
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
this port.
Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff
Add skeleton for EC J-PAKE module
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
Simon Butcher
ed51594337
Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
...
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
Manuel Pégourié-Gonnard
a2cda6bfaf
Add mbedtls_ssl_get_max_frag_len()
...
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
cf9ab63863
Fix error reporting in pkey/pk_* programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
ce7a08ba49
Fix more comments/outputs in verify programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
102a620c9a
Fix hash buffer size in pkey programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
d224ff1f63
Change default RSA key size in rsa_genkey
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
1d8f2da7df
Fix comments about filenames in some programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
d74c697035
Fix memory corruption in rsa sign/verify programs
...
We have no guarantee there is enough room in the argv strings.
Fixes #210
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
ea35666f50
Fix -Wshadow warnings
...
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).
fixes #240
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard
fa1304a51d
Use Unix line endings in wince_main.c too
...
The compiler needs to accept Unix line endings anyway, as this is what we use
everywhere, and it makes things more consistent.
2015-08-06 19:03:31 +02:00
Manuel Pégourié-Gonnard
d73896581b
Fix typos (found by Francesco Pompò)
...
Manually merging as the pull requests are based on an old branch.
closes #215
closes #216
2015-08-06 18:22:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
4f3368e31e
Fix bug in benchmark.c with DHM params
2015-07-19 15:01:28 +02:00
Manuel Pégourié-Gonnard
78ec2b049c
Cosmetics in Makefiles
2015-07-08 22:12:06 +01:00
Manuel Pégourié-Gonnard
a6dbddce0c
Fix benchmark.c for removal of small DH params
2015-07-06 11:20:33 +02:00
Manuel Pégourié-Gonnard
77c656217b
Update dh_genprime program
...
- default size 2048 bits
- make size a command-line argument
- remove warning about using own params
2015-07-03 16:57:52 +02:00
Manuel Pégourié-Gonnard
6755717f18
Fix stupid typo in ssl_server2.c
2015-07-02 11:15:48 +02:00
Manuel Pégourié-Gonnard
046589e424
Rm obsolete defines for snprintf in programs
...
Now centralized in the platform layer
2015-07-01 17:26:20 +02:00
Manuel Pégourié-Gonnard
9de64f5af1
Fix MSVC warnings in library and programs
2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard
052f28853b
Cosmetics in debug in ssl_{client,server}2.c
...
Print only the basename from the file, and print level too.
2015-07-01 12:01:13 +02:00
Manuel Pégourié-Gonnard
abc729e664
Simplify net_accept() with UDP sockets
...
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
3d7d00ad23
Rename mbedtls_net_close() to mbedtls_net_free()
...
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard
5db64328ab
Adapt programs to the new NET API
2015-06-30 16:48:17 +02:00
Manuel Pégourié-Gonnard
a7c8903ca6
Add missing programs to Makefile
2015-06-29 19:14:04 +02:00
Manuel Pégourié-Gonnard
1c5b9fc19f
Avoid truncating peer cert info in ssl_server2
2015-06-27 14:38:51 +02:00
Manuel Pégourié-Gonnard
fc36708697
Use $(MAKE), not make
...
For the sake of systems where we want gmake.
2015-06-26 16:50:24 +02:00
Manuel Pégourié-Gonnard
633c6b6485
Run timing selftest on all platforms
...
Used to fail on our FreeBSD and Windows buildbots. Seems to be working at
least on my Darwin physical machine and on my Windows VM with MSYS2 now.
2015-06-26 16:17:30 +02:00
Manuel Pégourié-Gonnard
4b00f08e20
Fix snprintf test
...
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
ea9556a76e
Fix mistaken changes in Makefile's clean target
...
I was a bit too trigger-happy with copy-pasting in a previous commit...
2015-06-25 14:19:25 +02:00
Manuel Pégourié-Gonnard
216a1831de
Fix whitespace in CMakeLists.txt
...
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
21e1ac205e
Fix linking order with make
...
GNU ld cares about the order in which static libs are mentioned on the command
line: if A depends on B then A must com first.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
5c59a4fea5
Split libs with make + general make cleanups
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
8d4a613cc5
Small Makefile improvements
...
- fix old build commands still using OFLAGS
- make everything work with --warn-undefined-variables, which can be useful
for debugging typos
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
61ee351af4
Adapt programs to the new debug API
2015-06-23 23:30:16 +02:00
Manuel Pégourié-Gonnard
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
07894338a0
Rename M255 to Curve25519
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
6ea831dcf4
Add tests for mbedtls_set_hs_ca_chain()
2015-06-22 17:30:18 +02:00
Manuel Pégourié-Gonnard
4d6f178376
Add support for SNI CA and authmode in ssl_server2
2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard
7b6dcbe993
Add tests for snprintf
...
- Added in each tests program to be sure they are run (putting them in a test
suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
past [1], so make sure to catch that if it ever happens again.
[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
7580ba475d
Add a concept of entropy source strength.
...
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
c0696c216b
Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen
2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
797f48ace6
Rename ecp_curve_info.size to bit_size
2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210
Rename key_length in cipher_info
2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
b31c5f68b1
Add SSL presets.
...
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
9096682352
Add dhmlen option in ssl_client2.c
2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
bf27eaac79
Fix help string in ssl_client2.c
2015-06-12 11:22:02 +02:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21
Avoid in-out length in dhm_calc_secret()
2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
d14acbc31a
Test assumptions we make about the platform
...
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
06d5d61302
Adapt programs to generic md_file()
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
b327168e22
Remove non-generic md_file() programs
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98
Remove references to malloc in strings/names
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9
Replace malloc with calloc
...
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
56273daea0
Move some includes to ssl_internal.h
...
Also removed one from ssl.h and add it in programs where it belongs
2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard
a0adc1bbe4
Make cipher used in ssl tickets configurable
2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard
b596abfdc0
Refine cli/srv ifdefs for session tickets
...
- Only the server needs to generate/parse tickets
- Only the client needs to store them
Also adjust prototype of ssl_conf_session_tickets() while at it.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
d59675d92c
Move to callback for session tickets
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
53ebe138c6
Fix copyright lines still mentioning Brainspark
2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard
0b104b056b
Adapt prototype of net_accept() for explicit size
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d9e6a3ac10
Rename pk_init_ctx() -> pk_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d4f04dba42
net.c now depends on select() unconditionally
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
a63bc94a2d
Remove timing_m_sleep() -> net_usleep()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
151dc77732
Fix some old names that remained
...
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
8473f87984
Rename cipher_init_ctx() to cipher_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
66dc5555f0
mbedtls_ssl_conf_arc4_support() depends on ARC4_C
2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard
d2377e7e78
ssl_client/server2 shouln't depend on timing.c
...
Would break test-ref-configs.pl.
2015-05-13 13:58:56 +02:00
Manuel Pégourié-Gonnard
e3c41ad8a4
Use the new timer callback API in programs
2015-05-13 10:04:32 +02:00
Manuel Pégourié-Gonnard
db1cc76091
Fix depend issue in program/ssl/ssl_*2.c
2015-05-12 11:27:25 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c
Change X.509 verify flags to uint32_t
2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e85fef10b5
Fix option names in benchmark.c
2015-05-11 19:38:25 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f
Rename ecp_use_known_dp -> mbedtls_ecp_group_load()
2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
159c82ecc6
Fix ssl_set_hostname usage (duplication, ifdef)
2015-05-11 17:59:14 +02:00
Manuel Pégourié-Gonnard
55fab2de5d
Fix a few more #ifdef's
2015-05-11 17:54:38 +02:00
Manuel Pégourié-Gonnard
30eceb766a
Fix warning in ssl_pthread_server
...
GCC 4.9 with ASan + UBSan on OS X complains that we were casting to int from a
wider integer type. Anyway, this cast is totally non-portable (pthread_t could
even be structure), switching to long gets rid of the warning...
2015-05-11 14:42:56 +02:00
Manuel Pégourié-Gonnard
fd862b14c5
Fix typos in mini_client.c
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
0af00e865b
Optimize config usage in concurrent server examples
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
06939cebef
Fix order of ssl_conf vs ssl_setup in programs
...
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
01e5e8c1f8
Change a few ssl_conf return types to void
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
6729e79482
Rename ssl_set_xxx() to ssl_conf_xxx()
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
17a40cd255
Change ssl_own_cert to work on ssl_config
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
1af6c8500b
Add ssl_set_hs_own_cert()
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
120fdbdb3d
Change ssl_set_psk() to act on ssl_config
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
4b68296626
Use a specific function in the PSK callback
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
750e4d7769
Move ssl_set_rng() to act on config
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
5cb3308e5f
Merge contexts for session cache
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
ae31914990
Rename ssl_legacy_renegotiation() to ssl_set_...
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
1028b74cff
Upgrade default DHM params size
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
8836994f6b
Move WANT_READ/WANT_WRITE codes to SSL
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
1b511f93c6
Rename ssl_set_bio_timeout() to set_bio()
...
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
97fd52c529
Split ssl_set_read_timeout() out of bio_timeout()
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
bc2b771af4
Move ssl_set_ca_chain() to work on config
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
2b49445876
Move session ticket keys to conf
...
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
684b0592cb
Move ssl_set_fallback() to work on conf
...
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
6bf89d6ad9
Move ssl_set_max_fragment_len to work on conf
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
17eab2b65c
Move set_cbc_record_splitting() to conf
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
d36e33fc07
Move easy ssl_set_xxx() functions to work on conf
...
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
419d5ae419
Make endpoint+transport args of config_defaults()
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
def0bbe3ab
Allocate ssl_config out of ssl_setup()
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
ee6139caea
Fix doc issue in ssl_server2
2015-05-07 10:18:26 +01:00
Manuel Pégourié-Gonnard
e36d56419e
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
fix bug in ssl_mail_client
Adapt compat.sh to GnuTLS 3.4
Fix undefined behaviour in x509
Conflicts:
programs/ssl/ssl_mail_client.c
tests/compat.sh
2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard
fa950c9480
fix bug in ssl_mail_client
2015-04-30 12:50:22 +02:00
Manuel Pégourié-Gonnard
da61ed3346
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Include changes from the 1.2 branch
Remove unused headers in o_p_test
Add countermeasure against cache-based lucky 13
Make results of (ext)KeyUsage accessible
Fix missing NULL check in MPI
Fix detection of getrandom()
Fix "make install" handling of symlinks
Fix bugs in programs displaying verify flags
Conflicts:
Makefile
include/polarssl/ssl.h
library/entropy_poll.c
library/ssl_srv.c
library/ssl_tls.c
programs/test/o_p_test.c
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
ac90673345
Remove unused headers in o_p_test
2015-04-30 10:09:50 +02:00
Manuel Pégourié-Gonnard
637376c2fe
Fix bugs in programs displaying verify flags
2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
41d479e7df
Split ssl_init() -> ssl_setup()
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
ec160c0f53
Update ctr_drbg_init() usage in programs
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
8d128efd48
Split mbedtls_ctr_drbg_init() -> seed()
2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5
Split mbedtls_hmac_drbg_init() -> seed{,_buf}()
2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265
Split mbedtls_gcm_init() -> gcm_setkey()
2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969
Split mbedtls_ccm_init() -> setkey()
2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
7cfbaf05b3
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix bugs in programs displaying verify flags
Conflicts:
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
2015-04-24 14:10:04 +02:00
Manuel Pégourié-Gonnard
9ce1bdc151
Fix bugs in programs displaying verify flags
2015-04-24 14:07:07 +02:00
Manuel Pégourié-Gonnard
e6028c93f5
Fix some X509 macro names
...
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
89addc43db
manually merge 0c6ce2f
use x509_crt_verify_info()
2015-04-20 11:23:11 +01:00
Manuel Pégourié-Gonnard
0c6ce2f536
Use x509_crt_verify_info() in programs
2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
b85725c958
Fix merge issue
2015-04-15 11:58:31 +02:00
Manuel Pégourié-Gonnard
862d503c01
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix typos in Changelog
Fix macro name from wrong branch
Fix bug in pk_parse_key()
Fixed typos
Updated Travis CI config for mbedtls project
Conflicts:
include/mbedtls/ecp.h
include/polarssl/compat-1.2.h
include/polarssl/openssl.h
include/polarssl/platform.h
library/pkparse.c
programs/pkey/mpi_demo.c
2015-04-15 11:30:46 +02:00
Paul Bakker
6152b0267c
Fixed typos
2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e
The Great Renaming
...
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
6c7af4c200
Fix a few internal name choices
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
932e3934bd
Fix typos & Co
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
26c9f90cae
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Add missing depends in x509 programs
Simplify ifdef checks in programs/x509
Fix thread safety issue in RSA operations
Add test certificate for bitstring in DN
Add support for X.520 uniqueIdentifier
Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
0878a0d884
Add missing depends in x509 programs
2015-03-31 15:14:37 +02:00
Manuel Pégourié-Gonnard
8d649c66b3
Simplify ifdef checks in programs/x509
2015-03-31 15:10:03 +02:00
Manuel Pégourié-Gonnard
8c8be1ebbb
Change default min TLS version to TLS 1.0
2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard
32076e66be
Fix programs for recent ECDSA changes
2015-03-31 13:32:39 +02:00
Manuel Pégourié-Gonnard
fa44f20b9f
Change authmode default to Required on client
2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard
4b3e5ef59a
Avoid duplicate #ifdefs in programs/ssl
2015-03-27 11:24:27 +01:00
Manuel Pégourié-Gonnard
b5410dbd96
Depend on PEM_PARsE_C when using test_cas_pem
2015-03-27 11:08:49 +01:00
Manuel Pégourié-Gonnard
a958d69a70
Rename test_ca_list to test_cas_pem
2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard
2f165060f0
Start introducing test_cas NULL-terminated list
2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard
75f901006b
Add len constants to certs.c
2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard
abb674467b
Rename md_init_ctx() to md_setup()
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281
Make hmac_ctx optional
...
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
003b3b132e
Remove use of xxx_hmac() in program
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
a115def330
Fix tests and programs to use md_get_xxx()
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
aeab252fef
Quit using deprecated ssl_set_bio() in programs
2015-03-25 20:21:29 +01:00
Manuel Pégourié-Gonnard
e46c6c38c9
Fix tests to work with DEPRECATED_REMOVED
2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
d42b7c82ef
Adapt programs to new RC4 default
2015-03-20 19:44:04 +00:00
Manuel Pégourié-Gonnard
7f7aebca02
Fix incomplete changes from merge
2015-03-13 17:19:39 +00:00