Hanno Becker
93de2965d0
Fix rebase slip
2019-07-30 16:56:25 +02:00
Hanno Becker
b7769e4fc0
Remove wrong reference to ARMCC in all.sh test name
2019-07-30 16:56:25 +02:00
Hanno Becker
c4296a3bbb
Modify all.sh test names to reflect use of ARMCC
2019-07-30 16:56:25 +02:00
Hanno Becker
28d2a88173
Fix indentation in three example programs
2019-07-30 16:56:25 +02:00
Hanno Becker
e7895aae2c
Add all.sh test for baremetal.h runtime test
2019-07-30 16:56:25 +02:00
Hanno Becker
a1f3c521e7
Add --build-only option to baremetal.sh --ram
...
This option builds the library, tests and example programs
in a minimally modified baremetal.h configuration (modifications
from baremetal_test.h) but doesn't execute any tests.
2019-07-30 16:56:25 +02:00
Hanno Becker
fe1bd781de
Add all.sh test for hardcoded elliptic curve
2019-07-30 16:56:25 +02:00
Hanno Becker
7cedd8bed2
Remove overly strict guard in ssl_server2
...
get_auth_mode() is needed for a change of authmode through SNI,
which is possible even if the original authmode is hardcoded.
2019-07-30 16:56:18 +02:00
Hanno Becker
6dd8e1c54d
Add all.sh test for hardcoded miscellaneous SSL config options
2019-07-30 16:50:27 +02:00
Hanno Becker
41e5a6871d
Example apps: Don't use runtime IO config API if CBs are hardcoded
...
Multiple example applications still use mbedtls_ssl_set_bio() even
if the I/O callbacks are hardcoded. This commit fixes this.
2019-07-30 16:50:27 +02:00
Hanno Becker
2a0cd5a031
Add all.sh test for hardcoded IO callbacks
2019-07-30 16:48:20 +02:00
Hanno Becker
9fb3f1eaf2
Add all.sh test for hardcoded SSL version
2019-07-30 16:48:20 +02:00
Hanno Becker
32bbe4a66b
Remove unused label in ssl_client2/ssl_server2
2019-07-30 16:33:40 +03:00
Hanno Becker
e29dfb2157
Add missing word in documentation of mbedtls_ssl_check_record()
2019-07-30 16:33:40 +03:00
Hanno Becker
83b8c3b8eb
cli/srv ex: Add dbg msg if record checking gives inconsistent result
2019-07-30 16:33:40 +03:00
Hanno Becker
c2b08d1251
Fix minor issues in documentation of mbedtls_ssl_check_record()
2019-07-30 16:33:40 +03:00
Hanno Becker
bec8885b7d
State that record checking is DTLS only and doesn't check content type
2019-07-30 16:33:40 +03:00
Hanno Becker
82ff6f1e17
Update version_features.c
2019-07-30 16:33:40 +03:00
Hanno Becker
de9e36e6b3
Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2
2019-07-30 16:33:40 +03:00
Hanno Becker
fe24b3b269
Add IO wrappers to ssl_server2 as interm's between NET and SSL layer
2019-07-30 16:33:40 +03:00
Hanno Becker
14219feb27
Add IO wrappers to ssl_client2 as interm's between NET and SSL layer
2019-07-30 15:44:43 +03:00
Hanno Becker
02f2609551
Introduce configuration option and API for SSL record checking
2019-07-30 15:38:40 +03:00
Manuel Pégourié-Gonnard
f010eba833
Merge pull request #632 from hanno-arm/baremetal_sh_debug-baremetal
...
[Baremetal] Add `--debug` option to `baremetal.sh`
2019-07-30 00:07:45 +02:00
Manuel Pégourié-Gonnard
cdb83e7c88
Merge pull request #616 from mpg/context-s11n
...
[baremetal] Implement context serialization
2019-07-30 00:07:23 +02:00
Manuel Pégourié-Gonnard
69a3e417d8
Improve reability and debugability of large if
...
Breaking into a series of statements makes things easier when stepping through
the code in a debugger.
Previous comments we stating the opposite or what the code tested for (what we
want vs what we're erroring out on) which was confusing.
Also expand a bit on the reasons for these restrictions.
2019-07-29 12:32:02 +02:00
Manuel Pégourié-Gonnard
18332c5c6c
Improve getter for renegotiation enabled
2019-07-29 12:17:52 +02:00
Manuel Pégourié-Gonnard
d04850507d
Merge pull request #634 from hanno-arm/single_ec_doc-baremetal
...
[Baremetal] Fix single-EC documentation
2019-07-29 11:59:12 +02:00
Manuel Pégourié-Gonnard
7c575d29dc
Merge pull request #605 from ARMmbed/x509_ondemand_remove_unneeded_fields
...
[Baremetal] Allow removal of unneeded fields in X.509 CRT structures
2019-07-29 11:58:58 +02:00
Manuel Pégourié-Gonnard
7d33b7e2b9
Merge pull request #610 from ARMmbed/delay_alerts-baremetal
...
[Baremetal] Delay sending alerts
2019-07-29 11:58:44 +02:00
Manuel Pégourié-Gonnard
b3bb31bd90
Introduce getter function for disable_renego
2019-07-26 16:37:45 +02:00
Manuel Pégourié-Gonnard
14e2a8ac06
Fix a typo in a comment
2019-07-26 16:31:53 +02:00
Hanno Becker
fcb721d733
Correct documentation on use of alert pending
2019-07-26 12:47:16 +01:00
Hanno Becker
dd69119b32
Update include/mbedtls/ssl_internal.h
...
Mention where an internal function is defined instead of just saying that it's internal.
Co-Authored-By: Gilles Peskine <gilles.peskine@arm.com>
2019-07-26 09:59:18 +01:00
Hanno Becker
2736d1983c
Fix and improve documentation of MBEDTLS_SSL_CONF_SINGLE_EC
2019-07-26 07:53:39 +01:00
Hanno Becker
42a6b04c4a
Don't forget about pending alerts after ssl_get_next_record()
...
ssl_get_next_record() may pend fatal alerts in response to receiving
invalid records. Previously, however, those were never actually sent
because there was no code-path checking for pending alerts.
This commit adds a call to ssl_send_pending_fatal_alert() after
the invocation of ssl_get_next_record() to fix this.
2019-07-26 07:25:20 +01:00
Hanno Becker
b82350b25f
Introduce helper function to send pending fatal alerts
2019-07-26 07:25:02 +01:00
Hanno Becker
0a4c78f7c2
Add --debug option to baremetal.sh
2019-07-25 15:49:17 +01:00
Darryl Green
64b4b6e35e
Change worktree_rev to HEAD for rev-parse
...
Due to how the checking script is run in docker, worktree_rev is
ambiguous when running rev-parse. We're running it in the checked
out worktree, so we can use HEAD instead, which is unambiguous.
2019-07-25 14:38:55 +01:00
Hanno Becker
50d53212ef
Document mbedtls_ssl_context::pending_fatal_alert_msg
2019-07-25 12:59:24 +01:00
Hanno Becker
c8f529995f
Rename pend_alert_msg -> pending_fatal_alert_msg
2019-07-25 12:59:24 +01:00
Hanno Becker
d829d0fbd0
Remove return value from mbedtls_ssl_pend_fatal_alert()
...
This function is often called when there's already an error code to handle,
and one of the reasons to introduce the pending of alerts was to _not_ have
another potential error code to take care of. Reflect this by making `void`
the return type of `mbedtls_ssl_pend_fatal_alert()`.
2019-07-25 12:59:24 +01:00
Hanno Becker
eeabfa460c
Note that mbedtls_ssl_pend_fatal_alert() must only be called once
2019-07-25 12:59:17 +01:00
Hanno Becker
2e8d133ebf
Reintroduce return code checking when sending NoRenego alert
2019-07-25 12:58:48 +01:00
Hanno Becker
3caf7189f9
Remove field to store level of pending alert
...
Pending alerts is so far only used for fatal alerts.
2019-07-25 12:58:44 +01:00
Hanno Becker
de62da9d3c
Use separate functions to pend fatal and non-fatal alerts
2019-07-24 13:45:35 +01:00
Hanno Becker
1f5a793124
Use attribute always_inline only for GCC and ARM compiler
2019-07-24 13:20:42 +01:00
Hanno Becker
1facd552fc
Replace xxx_send_alert by xxx_pend_alert to save code
2019-07-24 13:20:27 +01:00
Hanno Becker
f46e1ce812
Introduce SSL helper function to mark pending alerts
2019-07-24 13:20:27 +01:00
Manuel Pégourié-Gonnard
7af7375473
Fix MSVC warning
...
We know the length of the ALPN string is always less than 255, so the cast to
uint8_t is safe.
2019-07-24 00:58:27 +02:00
Manuel Pégourié-Gonnard
2cc9223a3b
Fix compile error in reduced configurations
...
Found by running scripts/baremetal.h --rom --gcc --check after adding
MBEDTLS_SSL_CONTEXT_SERIALIZATION to baremetal.h
2019-07-23 17:22:39 +02:00