Commit Graph

1510 Commits

Author SHA1 Message Date
Paul Bakker
9988d6bbd9 Introduce mbedtls_nv_seed_poll() entropy polling function 2016-06-10 19:42:14 +01:00
Paul Bakker
cf0a9f96c5 Introduce platform-layer functions for reading/writing seed from NV
Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write().

The platform-layer functions are only available when
MBEDTLS_ENTROPY_NV_SEED is enabled.
2016-06-10 19:42:14 +01:00
Janos Follath
f93b8bc2e0 Add requirements for the entropy safety switch in documentation. 2016-06-09 13:54:15 +01:00
Janos Follath
53de78444c Add entropy safety switch.
Add a switch that turns entropy collecting off entirely, but enables
mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS
on platforms that don't have their entropy sources integrated yet.
2016-06-09 11:54:54 +01:00
Janos Follath
ce52d7823c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
Simon Butcher
2917b9e5de Clarified function param in dhm.h 2016-05-25 00:59:37 +01:00
Paul Bakker
cfe392bdd4 Add end guard comment 2016-05-23 14:29:31 +01:00
Embedthis Software
c0715cb39f Fix single threaded builds 2016-05-23 14:29:31 +01:00
Simon Butcher
80119c5d28 Fixes minor typos in comments in pk.h and ctr_drbg.c
Fixes typos in PRs #475 and #437
2016-05-23 14:29:30 +01:00
Paul Bakker
4fde40f656 Fix logic to allow at least one PKCS version enabled 2016-05-23 14:29:30 +01:00
Paul Bakker
37068a79fe Add check to prevent enabling of RSA without selecting PKCS version(s) 2016-05-23 14:29:30 +01:00
SimonB
295dfa24e7 Clarifies documentation on reported memory statistics 2016-05-23 14:29:29 +01:00
James Cowgill
c788b4cb5a Fix segfault on x32 by using better register constraints in bn_mul.h
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.

The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2016-05-23 14:29:28 +01:00
Attila Molnar
0b98d2f086 Fix minor doc issue 2016-05-02 11:06:47 +02:00
Simon Butcher
80aea30aa5 Fixes syntax and naming for check-names.sh
Some macros were failing checks by check-names.sh
2016-04-27 00:28:14 +01:00
Simon Butcher
3fe6cd3a2d Fixes time() abstraction for custom configs
Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.
2016-04-26 19:51:29 +01:00
SimonB
d5800b7761 Abstracts away time()/stdlib.h into platform
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
Janos Follath
c351d18c0e Restore a change in the documentation.
Using the wildcard name MBEDTLS_PLATFORM_XXX_ALT made the Travis build
fail.
2016-03-21 08:43:59 +00:00
Janos Follath
d75b782d0d Fix a typo that confuses check-names.sh 2016-03-18 16:47:10 +00:00
Janos Follath
9194744595 Add exit value macros to platform abstraction layer. 2016-03-18 14:05:28 +00:00
Simon Butcher
68c0bd72bc Clarified current status of RC4 usage
Made clear RC4 has been deprecated by IETF standard, and disabled
by default in the library.
2016-03-17 21:08:46 +00:00
Simon Butcher
7ef5cf3c54 Provided doxygen function definitions for debug.h
Documented each function definition.
2016-03-17 21:08:29 +00:00
Simon Butcher
d567a23c59 Fix typos, grammar in the comments and clarify them 2016-03-09 20:19:21 +00:00
Janos Follath
e2681a448b Update default configuration
Change the default settings for SSL and modify the tests accordingly.
2016-03-09 19:32:11 +00:00
Simon Butcher
e846b5128f Use the SSL IO and time callback typedefs consistently
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-09 19:32:09 +00:00
Simon Butcher
c0957bdc13 Fix some minor typos in comments
Fix spelling mistakes and typos.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
986bbf24ce x509:
-
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
d1b7f2b8cf ssl: ignore CertificateRequest's content for real
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
  the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard
eeef947040 Clarify documentation about missing CRLs
Also tune up some working while at it.
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
9d6241269a Add note about not implementing PSK id_hint 2016-03-09 19:32:08 +00:00
Simon Butcher
157cb656a9 Clarified mbedtls_ssl_conf_alpn_protocols() doc
Clarified the lifetime of the protos parameter passed in the
function mbedtls_ssl_conf_alpn_protocols().
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard
02049dcbd1 Add links to KB articles 2016-02-22 16:46:34 +00:00
Manuel Pégourié-Gonnard
325ce093f9 Give better error messages for semi-portable parts
Previously it was failing with errors about headers not found, which is
suboptimal in terms of clarity. Now give a clean error with pointer to the
documentation.

Do the checks in the .c files rather than check_config.h as it keeps them
closer to the platform-specific implementations.
2016-02-22 10:47:32 +01:00
Manuel Pégourié-Gonnard
d13b9507b3 Improve documentation of some SSL callbacks
The previous documentation was not explicit about what was expected of the
callbacks - the user had to infer that from the descriptions in net.h or
timing.h, and it was not clear what was part of the calling convention and
what was specific to our implementation.
2016-02-22 10:13:22 +01:00
Manuel Pégourié-Gonnard
edb1a48397 dtls: improve doc about handshake timeouts 2016-01-29 16:05:55 +01:00
Manuel Pégourié-Gonnard
365f325e03 Make check-names.sh happy 2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
25caaf36a6 Avoid build errors with -O0 due to assembly 2016-01-08 14:29:11 +01:00
Simon Butcher
bfafadb45d Change version number to 2.2.1
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
76da60c56e Fix doxygen warnings for generic names in config.h
When we use the same documentation for a list of #defines, we used to use a
generic name in the \def command. Use the first name of the list instead so
that doxygen stops complaining, and mention the generic name in the longer
description.

This is not entirely satisfactory as the full list of macros will not be
included in the generated doc, but it's still an improvement as at least the
first macro is documented now, with a hint that there are others.
2016-01-04 13:51:01 +01:00
Manuel Pégourié-Gonnard
ddbb166041 Reintroduce line deleted by accident 2016-01-04 12:40:15 +01:00
Simon Butcher
5b331b9d48 Various fixes to doxygen API generation
* Fixed incorrect file definitions
 * Fixed accidental tag problems in ecjpake.h
 * Corrected function naming in X.509 module definition
2016-01-03 16:14:14 +00:00
Simon Butcher
9803d07a63 Fix for MPI divide on MSVC
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 00:24:34 +00:00
Simon Butcher
4c2bfdbff6 Merge 'iotssl-558-md5-tls-sigs-restricted' 2015-12-23 18:33:54 +00:00
Simon Butcher
fabce5e137 Merge branch 'misc' into development
Fixes github #358, #362 and IOTSSL-536
2015-12-22 18:56:56 +00:00
Manuel Pégourié-Gonnard
acbb050118 Make documentation more explicit on TLS errors
fixes #358
2015-12-10 13:57:27 +01:00
Manuel Pégourié-Gonnard
47229c7cbb Disable MD5 in handshake signatures by default 2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard
e2e25e7427 DTLS: avoid dropping too many records
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
2015-12-03 16:13:17 +01:00
Simon Butcher
8254ed2a9f Change version number to 2.2.0
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard
ba1d897987 Merge branch 'bugfixes' into development
* bugfixes:
  Fix typo in an OID name
  Disable reportedly broken assembly of Sparc(64)
2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard
fb84d38b45 Try to prevent some misuse of RSA functions
fixes #331
2015-10-30 10:56:25 +01:00