Simon Butcher
74ca8d07ad
Update ssl_tls.c
...
Clarification in comments to ssl_handle_possible_reconnect()
2015-09-11 17:22:40 +01:00
Simon Butcher
0789aed39d
Update ssl_tls.c
...
Typo
2015-09-11 17:15:17 +01:00
Simon Butcher
1a57af1607
Update ssl.h
...
Typo
2015-09-11 17:14:16 +01:00
Simon Butcher
4f6882a8a3
Update config.h
...
Typo in RFC x-ref comment.
2015-09-11 17:12:46 +01:00
Embedthis Software
a25cab8bea
FIX: compiler warning with recvfrom on 64-bit
2015-09-09 08:49:48 -07:00
Manuel Pégourié-Gonnard
a6b95f01cc
Print I/O buffer size in memory.sh
2015-09-09 13:51:05 +02:00
Manuel Pégourié-Gonnard
ddfe5d20d1
Tune dependencies
...
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
c2ed8029ff
Fix ChangeLog - misplaced entries
2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard
2ed05a049a
Fix typos
2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard
ab05d23b29
Update generated file
2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard
259db91023
Add test without cookies
...
Tune existing tests while at it
2015-09-09 11:48:45 +02:00
Manuel Pégourié-Gonnard
22311ae62e
Improve help message of ssl_*2.c
2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard
62c74bb78a
Stop wasting resources
...
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.
Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
Nicholas Wilson
2088e2ebd9
fix const-ness of argument to mbedtls_ssl_conf_cert_profile
...
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard
222cb8db22
Tune related documentation while at it
2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard
3a2a4485d4
Update documentation
2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard
14c2574a9d
Update Changelog
2015-09-08 15:12:45 +02:00
Simon Butcher
e5a21b4493
Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
...
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard
5f50104c52
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard
d745a1a9b7
Add tests for hard reconnect
2015-09-08 12:40:43 +02:00
Manuel Pégourié-Gonnard
3f09b6d4c2
Fix API
2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard
be619c1264
Clean up error codes
2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
11331fc25b
First working dirty version
...
- uses too much resources
- wrong API
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
9650205df7
Start detecting epoch 0 ClientHellos
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
26d227ddfc
Add config flag for support of client port reuse
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
dbd23079d0
Add option reconnect_hard to ssl_client2
...
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
this port.
Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
cd345898a0
Fix #ifdef in test suite
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d9802af1d0
Add tests for round 2
...
Also move one check earlier as it makes more sense
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
3059095e86
Complete tests for reading round one
...
Also change the code to forbid public keys being 0
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
bbe4e52c3b
Start adding tests for EC J-PAKE round one
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d0d8a935b2
Blind operations on the secret
...
I'm not sure this is necessary, because it is only multiplied by xm2 which is
already random and secret, but OTOH, xm2 is related to a public value, so
let's add blinding with a random value that's only use for blinding, just to
be extra sure.
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
55f3d84faa
fixup-include
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
c907081a20
Polish the source
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
f7368c983a
Polish API and documentation
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
e1927101fb
Unify round two
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d8204a7bea
Provide symmetric API for the first round
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
e2d3a4e1b4
Unify loading of test vectors in tests
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
ce4567614b
Rename variable to prepare for cli/srv unification
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6b798b9dae
Tune up some comments
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
e0ad57b0b3
Replace explicit IDs with table look-ups
...
That's a first step towards merging symmetric version of different functions
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
5f18829609
Add derive_pms, completing first working version
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
6449391852
Store our role in the context
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
614bd5e919
Add write_client_params
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
ec0eece2ba
Add read_client_params
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
bed9e41761
Add writing of server params
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
8d31e80da4
Improve testing strategy
...
- reference handshake tests that we get the right values (not much now, but
much more later when we get to deriving the PMS)
- random handshake in addition tests our generate/write functions against our
read functions, that are tested by the reference handshake, and will be
further tested in the test suite later against invalid inputs
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
1a7c5ef42b
Optimize some case of mbedtls_ecp_muladd()
...
Those are used by EC-JPAKE
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
cb7cd03412
Add first draft or read_server_params
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
23dcbe3f16
Add support for passphrase in the context
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard
4e8bc78ad9
Add context-using functions for Hello extensions
...
Also re-order functions in the header so that they appear in the order they're
use, ie free() last.
2015-09-07 12:43:10 +02:00