Commit Graph

1448 Commits

Author SHA1 Message Date
Simon Butcher
ebb855518d Fix multiple erroneously named source files in comments
This fixes many incorrect references to filenames in the comments in config.h.
2017-02-20 21:47:29 +00:00
Simon Butcher
016a0d3b6f Update library version number to 2.1.6 2016-10-17 15:44:26 +01:00
Simon Butcher
d9d0cda9fe Merge branch 'mbedtls-2.1' 2016-10-13 10:35:52 +01:00
Janos Follath
0be55a0549 Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 10:35:34 +01:00
Andres AG
6c05208f96 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:54:07 +01:00
Andres AG
865c899681 Fix typo in docs for mbedtls_x509write_csr_der() 2016-10-12 17:37:25 +01:00
Simon Butcher
64f5df5545 Changed version number to version 2.1.5 2016-06-27 19:37:08 +01:00
Simon Butcher
e87e7064cb Fixes typo in platform.h 2016-05-18 19:36:04 +01:00
SimonB
493abdf692 Clarifies documentation on reported memory statistics 2016-05-05 17:55:19 +01:00
Attila Molnar
c7b8e3af53 Fix minor doc issue 2016-05-05 17:50:17 +01:00
Janos Follath
542ee5d8f3 Update default configuration
Change the default settings for SSL and modify the tests accordingly.
2016-03-07 16:34:25 +00:00
Manuel Pégourié-Gonnard
5ae028550f Make check-names.sh happy 2016-01-08 15:08:49 +01:00
Manuel Pégourié-Gonnard
7715e669f1 Avoid build errors with -O0 due to assembly 2016-01-08 14:52:55 +01:00
Simon Butcher
543e4366bc Change version number to 2.1.4
Changed version for library files and yotta module
2016-01-04 22:41:11 +00:00
Manuel Pégourié-Gonnard
4c9916b094 Fix doxygen warnings for generic names in config.h
When we use the same documentation for a list of #defines, we used to use a
generic name in the \def command. Use the first name of the list instead so
that doxygen stops complaining, and mention the generic name in the longer
description.

This is not entirely satisfactory as the full list of macros will not be
included in the generated doc, but it's still an improvement as at least the
first macro is documented now, with a hint that there are others.
2016-01-04 15:49:47 +00:00
Manuel Pégourié-Gonnard
3bd5eb7567 Reintroduce line deleted by accident 2016-01-04 15:48:43 +00:00
Simon Butcher
a02fe7c2cc Various fixes to doxygen API generation
* Fixed incorrect file definitions
 * Corrected function naming in X.509 module definition
2016-01-04 15:48:12 +00:00
Simon Butcher
6189175900 Fix for MPI divide on MSVC
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 20:32:46 +00:00
Simon Butcher
aa4114910a Merge 'iotssl-558-2.1-md5-tls-sigs-restricted' 2015-12-23 18:52:18 +00:00
Simon Butcher
e82ac57ef6 Merge remote-tracking branch 'origin/misc-2.1' into mbedtls-2.1 2015-12-22 19:36:17 +00:00
Manuel Pégourié-Gonnard
7da96958a6 Make documentation more explicit on TLS errors
fixes #358
2015-12-10 15:07:46 +01:00
Manuel Pégourié-Gonnard
b39528e2e8 Disable MD5 in handshake signatures by default 2015-12-04 15:13:36 +01:00
Manuel Pégourié-Gonnard
013198f30f DTLS: avoid dropping too many records
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
2015-12-03 19:22:55 +01:00
Simon Butcher
ef43d41f67 Changed version number to 2.1.3
Changed for library
2015-11-04 22:08:33 +00:00
Manuel Pégourié-Gonnard
7a40dc686f Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-11-02 05:57:49 +09:00
Manuel Pégourié-Gonnard
9f44a80ea3 Try to prevent some misuse of RSA functions
fixes #331
2015-10-30 10:57:43 +01:00
Manuel Pégourié-Gonnard
93080dfacf Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard
f9945bc283 Fix #ifdef inconsistency
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.

Conflicts:
	ChangeLog
2015-10-28 13:16:33 +01:00
Manuel Pégourié-Gonnard
1cb668cf0f ECHDE-PSK does not use a certificate
fixes #270
2015-10-28 13:15:12 +01:00
Manuel Pégourié-Gonnard
d113b8e89d Move all KEY_EXCHANGE__ definitions in one place 2015-10-28 13:15:01 +01:00
Manuel Pégourié-Gonnard
a6925c502d Fix typo in documentation 2015-10-27 10:28:49 +01:00
Simon Butcher
759b6d9df6 Corrected misleading fn description in ssl_cache.h
Mistake in comments spotted by Andris Mednis
2015-10-27 10:28:24 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
c80a74f734 Merge branch 'development' into development-restricted
* development:
  Add 'inline' workaround where needed
2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard
2ac9c60838 Add 'inline' workaround where needed
Was previously using the workaround from md.h
2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
2d7083435d Fix references to non-standard SIZE_T_MAX
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard
899ac849d0 Merge branch 'development' into development-restricted
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
cb6af00e2a Add missing warning in doc
Found by Nicholas Wilson

fixes #288
2015-10-05 12:12:39 +01:00
Manuel Pégourié-Gonnard
5a2e389811 Remove inline workaround when not useful
This header doesn't have nay inline function any more
2015-10-05 11:55:39 +01:00
Manuel Pégourié-Gonnard
0223ab9d38 Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher
6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Manuel Pégourié-Gonnard
ef388f168d Merge branch 'development' into development-restricted
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher
9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Simon Butcher
89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras
588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher
5793e7ef01 Merge 'development' into iotssl-411-port-reuse
Conflicts:
	ChangeLog
2015-09-16 15:25:53 +01:00