Manuel Pégourié-Gonnard
a83e4e2bf5
Extra check in verify_with_profile()
...
This could happen if someone doesn't set the SSL configuration properly. In
that case we don't want to segfault...
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
b541da6ef3
Fix define for ssl_conf_curves()
...
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
6e3ee3ad43
Add mbedtls_ssl_conf_cert_profile()
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
cbb1f6e5cb
Implement cert profile checking
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
f8ea856296
Change data structure of profiles to bitfields
...
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too
Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
88db5da117
Add pre-defined profiles for cert verification
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4
Create cert profile API (unimplemented yet)
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bd990d6629
Add ssl_conf_dhm_min_bitlen()
2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
7ee5ddd798
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix compile errors with NO_STD_FUNCTIONS
Expand config.pl's notion of "full"
Ack external bugfix in Changelog
FIx misplaced Changelog entry (oops)
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5
Fix compile errors with NO_STD_FUNCTIONS
2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21
Avoid in-out length in dhm_calc_secret()
2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
f79b425226
Avoid in-out length parameter in bignum
2015-06-02 15:41:48 +01:00
ptahpeteh
249bece013
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
...
This causes a compile-time error:
platform.c(157): error: #147 : declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h")
2015-06-02 15:26:09 +02:00
Manuel Pégourié-Gonnard
c730ed3f2d
Rename boolean functions to be clearer
2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard
9d51583772
Fix cipher identifier in des_ede3_info
2015-06-02 10:00:04 +01:00
Manuel Pégourié-Gonnard
0574bb0bdb
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Mark unused constant as such
Update ChangeLog for recent external bugfix
Serious bug fix in entropy.c
Fix memleak with repeated [gc]cm_setkey()
fix minor bug in path_cnt checks
Conflicts:
include/mbedtls/cipher.h
library/ccm.c
library/entropy.c
library/gcm.c
library/x509_crt.c
2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard
468b06dab0
Merge remote-tracking branch 'ptahpeteh/patch-1' into mbedtls-1.3
...
* ptahpeteh/patch-1:
Serious bug fix in entropy.c
2015-06-02 09:03:06 +01:00
ptahpeteh
638fa0bb0f
Serious bug fix in entropy.c
...
Bug: mutex access within entropy_contex after it has been zeroed leads to app crash.
2015-06-01 12:28:29 +02:00
Manuel Pégourié-Gonnard
f78e4de6f4
Fix warnings from -pedantic
2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard
f8b6fdedd9
Remove include that is no longer needed
2015-05-29 10:23:32 +02:00
Manuel Pégourié-Gonnard
864108daab
Move from gmtime_r to gmtime + mutexes
...
* gmtime_r is not standard so -std=c99 warns about it
* Anyway we need global mutexes in the threading layer, so better depend only
on that, rather that global mutexes + some _r functions
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
ba19432d2e
Move from asm to __asm by default
...
- GCC with -std=c99 warns about asm but likes __asm
_ armcc5 has __asm but not asm
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
cb46fd8216
Avoid non-standard strcasecmp()
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
2a84dfd747
Make ssl_cookie.c thread-safe
2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard
41b9c2b418
Remove individual mdX_file() and shaX_file()
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
bfffa908a6
Implement md_file in the MD layer
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
eb0d8706ce
Add option for even smaller SHA-256
2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard
a7a3a5fe37
Make SHA-2 implementation smaller
...
Adjust the size/performance trade-off:
* Reduces size of sha256_process() from 7.4KB to 2KB on ARMv7-M
* Reduces performance by less than 14% on Cortex-M4
* Seems to even improve performance on my Core i7
2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
6a8ca33fa5
Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED
2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
6c967b95ff
Fix typo in memory_buffer_alloc
2015-05-27 20:18:39 +02:00
Manuel Pégourié-Gonnard
944cfe8899
Allow use of global mutexes with threading_alt
2015-05-27 20:12:05 +02:00
Manuel Pégourié-Gonnard
61977614d8
Fix memleak with repeated [gc]cm_setkey()
2015-05-27 17:40:16 +02:00
Manuel Pégourié-Gonnard
43b08574a6
Avoid memory leak with repeated [gc]ccm_setkey()
2015-05-27 17:23:30 +02:00
Manuel Pégourié-Gonnard
3a89559d71
Fix compile errors in pkcs11.c
2015-05-27 17:09:21 +02:00
Manuel Pégourié-Gonnard
1b8de57827
Remove a few redundant memset after calloc.
...
Using the following semantic patch provided by Mansour Moufid:
@@
expression x;
@@
x = mbedtls_calloc(...)
...
- memset(x, 0, ...);
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98
Remove references to malloc in strings/names
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
200e73179e
Adapt memory_buffer_alloc to calloc
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
b9ef1182f3
Adapt the platform layer from malloc to calloc
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9
Replace malloc with calloc
...
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc
Create ssl_internal.h and move some functions
2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
50518f4195
Rename _wrap headers to _internal
...
Makes it clearer that the user is not supposed to include them
2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard
1e9c4db524
Implement key rotation
2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard
887674a33b
Internal changes in preparation for key rotation
...
- two sets of keys
- separate function for key generation/update
2015-05-25 12:19:00 +02:00
Manuel Pégourié-Gonnard
a0adc1bbe4
Make cipher used in ssl tickets configurable
2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard
1041a39338
Use AES-GCM-256 for session ticket protection
2015-05-20 20:19:42 +02:00
Manuel Pégourié-Gonnard
8eff512274
Fix possible signedness issue in time comparison
2015-05-20 11:41:36 +02:00
Manuel Pégourié-Gonnard
0849a0a910
Make ssl ticket functions thread-safe
2015-05-20 11:34:54 +02:00
Manuel Pégourié-Gonnard
e057d3bf6b
Relax some dependencies
...
- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY
Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
b596abfdc0
Refine cli/srv ifdefs for session tickets
...
- Only the server needs to generate/parse tickets
- Only the client needs to store them
Also adjust prototype of ssl_conf_session_tickets() while at it.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
cf141ca7e7
Fix #ifdefs on ssl_cli.c or ssl_srv.c
...
Nothing to do with the current branch except I'm going to refine such #ifdefs
for tickets next and I want to start from a clean state
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
0c0f11f4b3
Update dependencies & includes for session tickets
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
d59675d92c
Move to callback for session tickets
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
b0394bebdb
Further adapt prototypes of ticket functions
...
Moving everything in ticket_keys structure, that will soon become
ticket_context.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
69f17280d3
Adapt prototypes of ticket handling functions
...
This is an intermediate step. The ssl_config argument will be replace by a
ticket context next.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
a4a473516e
Rename & move ticket functions to ticket module
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
fd6d8978f9
Add new submodule ssl_ticket
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
53ebe138c6
Fix copyright lines still mentioning Brainspark
2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard
0b104b056b
Adapt prototype of net_accept() for explicit size
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d9e6a3ac10
Rename pk_init_ctx() -> pk_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d4f04dba42
net.c now depends on select() unconditionally
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
a63bc94a2d
Remove timing_m_sleep() -> net_usleep()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
e94bfe6cd6
Improve entropy selftest: check default sources
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
151dc77732
Fix some old names that remained
...
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
8473f87984
Rename cipher_init_ctx() to cipher_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
0de074fbc1
Use rarely used conf function to cover them
2015-05-14 12:58:01 +02:00
Manuel Pégourié-Gonnard
66dc5555f0
mbedtls_ssl_conf_arc4_support() depends on ARC4_C
2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard
6ab9b009cd
Fix warnings from armcc
2015-05-14 11:37:52 +02:00
Manuel Pégourié-Gonnard
545102ef1d
No timer -> to timeout (optional for TLS)
2015-05-13 17:31:48 +02:00
Manuel Pégourié-Gonnard
286a136e63
SSL timer fixes: not DTLS only, start cancelled
2015-05-13 17:18:59 +02:00
Nicholas Wilson
bc07c3a1f0
fix minor bug in path_cnt checks
...
If the top certificate occurs twice in trust_ca (for example) it would
not be good for the second instance to be checked with check_path_cnt
reduced twice!
2015-05-13 10:40:30 +01:00
Manuel Pégourié-Gonnard
e3c41ad8a4
Use the new timer callback API in programs
2015-05-13 10:04:32 +02:00
Manuel Pégourié-Gonnard
2e01291739
Prepare the SSL modules for using timer callbacks
2015-05-13 09:43:39 +02:00
Manuel Pégourié-Gonnard
ca3bdc5632
Add mbedtls_timing_set/get_delay()
2015-05-12 20:45:34 +02:00
Manuel Pégourié-Gonnard
8903fe0fd3
Define timing_selftest() even with TIMING_ALT
2015-05-12 19:30:45 +02:00
Manuel Pégourié-Gonnard
a27b1979dc
Update generated file
2015-05-12 16:09:34 +02:00
Manuel Pégourié-Gonnard
31993f271d
Add per-function override for AES
2015-05-12 15:41:08 +02:00
Manuel Pégourié-Gonnard
70a5010783
Create function-level MBETLS_DES_xxx_ALT
2015-05-12 15:17:15 +02:00
Manuel Pégourié-Gonnard
0fe1f6d97e
Remove debug line from selftest
...
Happened to cause a warning about %x vs uint32_t with arm-none-eabi-gcc 4.9
in addition to being useless
2015-05-12 13:22:02 +02:00
Manuel Pégourié-Gonnard
eecb43cf0b
Manually merge doc fixes from 1.3
2015-05-12 12:56:41 +02:00
Manuel Pégourié-Gonnard
48647b9255
Merge remote-tracking branch 'nw/misc' into mbedtls-1.3
...
* nw/misc:
Typos and doc additions
2015-05-12 12:48:12 +02:00
Manuel Pégourié-Gonnard
0ece0f94f2
Fix checks for nul-termination
2015-05-12 12:43:54 +02:00
Manuel Pégourié-Gonnard
24083d61a0
Fix bug in certs.c
...
Revealed by the recent PEM changes
2015-05-12 12:26:14 +02:00
Manuel Pégourié-Gonnard
ec4b08957f
Fix issue in ssl_free() vs ssl_config_free()
...
Just an overlook from moving things recently
2015-05-12 12:22:36 +02:00
Manuel Pégourié-Gonnard
49f5eb9b41
Better NULL checks in debug
...
In case we exit early, like before ssl_setup() was called
2015-05-12 12:19:09 +02:00
Manuel Pégourié-Gonnard
43b37cbc92
Fix use of pem_read_buffer() in PK, DHM and X509
2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard
2088ba6d30
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Update Changelog for recent contribution
Perf: rewrite of ecp_double_jac
Conflicts:
library/ecp.c
2015-05-12 10:36:26 +02:00
Manuel Pégourié-Gonnard
7010e4688f
Merge remote-tracking branch 'peterdettman/perf-ecp-double-jac' into mbedtls-1.3
...
* peterdettman/perf-ecp-double-jac:
Perf: rewrite of ecp_double_jac
2015-05-11 20:26:47 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c
Change X.509 verify flags to uint32_t
2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
4cba1a737d
Avoid debug flooding with non-blocking reads
2015-05-11 18:52:25 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f
Rename ecp_use_known_dp -> mbedtls_ecp_group_load()
2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
56cc88a796
Rm ecp_add() and add ecp_muladd()
2015-05-11 18:40:45 +02:00
Manuel Pégourié-Gonnard
6dde596a03
Remove ecp_sub()
2015-05-11 18:18:32 +02:00
Manuel Pégourié-Gonnard
aff37e5aa1
Remove ecp_group_read_string()
2015-05-11 18:11:57 +02:00
Manuel Pégourié-Gonnard
55fab2de5d
Fix a few more #ifdef's
2015-05-11 17:54:38 +02:00
Manuel Pégourié-Gonnard
8b431fbbec
Fix dependency issues
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
ccc302692a
Fix bug introduced when splitting init functions
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
06939cebef
Fix order of ssl_conf vs ssl_setup in programs
...
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
01e5e8c1f8
Change a few ssl_conf return types to void
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
6729e79482
Rename ssl_set_xxx() to ssl_conf_xxx()
2015-05-11 14:35:41 +02:00