Manuel Pégourié-Gonnard
d5f38b045d
Fix dependencies on time on x509 test suite
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
7580ba475d
Add a concept of entropy source strength.
...
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
3f77dfbd52
Add MBEDTLS_ENTROPY_HARDWARE_ALT
...
Makes it easier for an external module to plug its hardware entropy collector.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
bf82ff0209
Fix entropy thresholds
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
60c793bdc9
Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
...
First one means we have time() but it may not return the actual wall clock
time, second means it does.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
6195767554
Fix default of openssl s_server
...
openssl s_server up to 1.0.2.a included uses a 512-bit prime for DH by
default. Since we now require 1024 bit at least, make s_server use decent
params. (1.0.2b and up use acceptable params by default.)
2015-06-22 14:40:55 +02:00
Manuel Pégourié-Gonnard
c0696c216b
Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen
2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
097c7bb05b
Rename relevant global symbols from size to bitlen
...
Just applying rename.pl with this file:
mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard
fb317c5221
Rename parameter in a x509 helper
2015-06-18 16:41:13 +02:00
Manuel Pégourié-Gonnard
39a48f4934
Internal renamings in PK
...
+ an unrelated comment in SSL
2015-06-18 16:06:55 +02:00
Manuel Pégourié-Gonnard
12ad798c87
Rename ssl_session.length to id_len
2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard
797f48ace6
Rename ecp_curve_info.size to bit_size
2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210
Rename key_length in cipher_info
2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
b8186a5e54
Rename len to bitlen in function parameters
...
Clarify a few comments too.
2015-06-18 14:58:58 +02:00
Manuel Pégourié-Gonnard
6934afa234
Merge branch 'profiles' into development
...
* profiles:
Update Changelog for the profiles branch
Add SSL presets.
Implement sig_hashes
Create API for mbedtls_ssl_conf_sig_hashes().
Small internal changes in curve checking
Extra check in verify_with_profile()
Clarify a point in the documentation
Fix define for ssl_conf_curves()
Add mbedtls_ssl_conf_cert_profile()
Implement cert profile checking
Change data structure of profiles to bitfields
Add pre-defined profiles for cert verification
Create cert profile API (unimplemented yet)
Remove duplicated tests for x509_verify_info()
Add tests for dhm_min_bitlen
Add dhmlen option in ssl_client2.c
Add ssl_conf_dhm_min_bitlen()
2015-06-17 15:49:36 +02:00
Manuel Pégourié-Gonnard
88d37859b6
Update Changelog for the profiles branch
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
b31c5f68b1
Add SSL presets.
...
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
7bfc122703
Implement sig_hashes
2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard
36a8b575a9
Create API for mbedtls_ssl_conf_sig_hashes().
...
Not implemented yet.
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
9d412d872c
Small internal changes in curve checking
...
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
a83e4e2bf5
Extra check in verify_with_profile()
...
This could happen if someone doesn't set the SSL configuration properly. In
that case we don't want to segfault...
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
27716cc1da
Clarify a point in the documentation
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
b541da6ef3
Fix define for ssl_conf_curves()
...
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
6e3ee3ad43
Add mbedtls_ssl_conf_cert_profile()
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
cbb1f6e5cb
Implement cert profile checking
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
f8ea856296
Change data structure of profiles to bitfields
...
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too
Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
88db5da117
Add pre-defined profiles for cert verification
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4
Create cert profile API (unimplemented yet)
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bc7bbbc85a
Remove duplicated tests for x509_verify_info()
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
7a010aabde
Add tests for dhm_min_bitlen
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9096682352
Add dhmlen option in ssl_client2.c
2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
bd990d6629
Add ssl_conf_dhm_min_bitlen()
2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
bf27eaac79
Fix help string in ssl_client2.c
2015-06-12 11:22:02 +02:00
Manuel Pégourié-Gonnard
1b1e65f541
Fix typos and other small issues in doc
2015-06-11 13:38:03 +02:00
Manuel Pégourié-Gonnard
3d4755bec4
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix all.sh for recent config.pl change
Conflicts:
tests/scripts/all.sh
2015-06-03 14:03:17 +01:00
Manuel Pégourié-Gonnard
721e6bbf71
Fix all.sh for recent config.pl change
2015-06-03 13:38:20 +01:00
Manuel Pégourié-Gonnard
a14cbb6141
Have config.pl return non-zero rather than warn
2015-06-03 10:49:38 +01:00
Manuel Pégourié-Gonnard
7ee5ddd798
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix compile errors with NO_STD_FUNCTIONS
Expand config.pl's notion of "full"
Ack external bugfix in Changelog
FIx misplaced Changelog entry (oops)
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5
Fix compile errors with NO_STD_FUNCTIONS
2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
b752715893
Expand config.pl's notion of "full"
...
Make sure bugs in PLATFORM_xxx_ALT are catched
2015-06-03 10:00:02 +01:00
Manuel Pégourié-Gonnard
f2ec505c34
Ack external bugfix in Changelog
2015-06-03 09:50:07 +01:00
Manuel Pégourié-Gonnard
3e87a9f57f
FIx misplaced Changelog entry (oops)
2015-06-03 09:48:26 +01:00
Manuel Pégourié-Gonnard
718593681e
Use -std=c99 only for library
2015-06-02 16:39:22 +01:00
Manuel Pégourié-Gonnard
bc6ff23dc6
Update changelog for i/o lengths
2015-06-02 16:33:08 +01:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21
Avoid in-out length in dhm_calc_secret()
2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
f79b425226
Avoid in-out length parameter in bignum
2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard
9693668c23
Tune Changelog (typos, ordering)
2015-06-02 15:14:15 +01:00
ptahpeteh
249bece013
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
...
This causes a compile-time error:
platform.c(157): error: #147 : declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h")
2015-06-02 15:26:09 +02:00
Manuel Pégourié-Gonnard
0469e41342
Add MBEDTLS_CONFIG_FILE to the rename list
2015-06-02 13:52:02 +01:00