AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,971 Commits 1 Branch 0 Tags 61 MiB
74ca8d07ad
Commit Graph

2218 Commits

Author SHA1 Message Date
Simon Butcher
74ca8d07ad Update ssl_tls.c 
Clarification in comments to ssl_handle_possible_reconnect()
 2015-09-11 17:22:40 +01:00
Simon Butcher
0789aed39d Update ssl_tls.c 
Typo
 2015-09-11 17:15:17 +01:00
Manuel Pégourié-Gonnard
ddfe5d20d1 Tune dependencies 
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
 2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
2ed05a049a Fix typos 2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard
ab05d23b29 Update generated file 2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard
62c74bb78a Stop wasting resources 
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
 2015-09-09 11:22:52 +02:00
Manuel Pégourié-Gonnard
3f09b6d4c2 Fix API 2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard
be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
11331fc25b First working dirty version 
- uses too much resources
- wrong API
 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
9650205df7 Start detecting epoch 0 ClientHellos 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain 
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
 2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12 Fix RSA mutex fix 
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
 2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
1385a289f4 Fix possible mutex lock/unlock mismatch 
fixes #257
 2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard
e578b1c79a Relax timing_self_test for windows idiosyncrasies 2015-08-18 20:11:48 +02:00
Manuel Pégourié-Gonnard
c98204e68f Fix missing break in switch for SSL presets 
closes #235
 2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard
91bbfb6fb7 Make timing selftest less sensitive 
- allow up to 12.5% security/error margin
- use larger delays
- this avoid the security/error margin being too low

The test used to fail about 1 out of 6 times on some buildbots VMs, but never
failed on the physical machines used for development.
 2015-08-10 14:33:12 +02:00
Manuel Pégourié-Gonnard
ed46c436c0 Fix error when loading libmbedtls.so 2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard
111ce9f735 Fix build error with shared libraries for windows 2015-08-07 12:07:16 +02:00
Manuel Pégourié-Gonnard
8018c28600 Add -static-libgcc for Windows dll builds 2015-08-07 11:55:56 +02:00
Manuel Pégourié-Gonnard
620ee19823 Fix return of x509_self_test without SHA-1 
No being able to run the test is not a failure
 2015-08-07 10:57:47 +02:00
Manuel Pégourié-Gonnard
d1004f02e6 Fix printed output of some selftests 2015-08-07 10:57:41 +02:00
Manuel Pégourié-Gonnard
0a8857435c DTLS: treat bad MAC on Finished as an error 
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
 2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines 
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
 2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Simon Butcher
10a6f02f83 Merge branch 'development' into IOTSSL-442-hello-noext 
Conflicts:
	ChangeLog
 2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard
6f42417ba8 Fix typo in that broke installation in cmake 
closes #221
 2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard
4cc8c63226 Add test for extensionless ClientHello 2015-07-23 12:24:03 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654 Fix bug with extension-less ServerHello 
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
 2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
cb0d212c97 Fix level of some debug messages 2015-07-22 11:52:11 +02:00
Manuel Pégourié-Gonnard
b076116e14 Fix one debug message 2015-07-22 11:39:23 +02:00
Manuel Pégourié-Gonnard
1bab7d7064 Fix blank line in comments 2015-07-13 09:06:18 +01:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
fc2ccfe72c Fix missing comma with ENTROPY_HARDWARE_ALT 2015-07-10 11:15:50 +01:00
Manuel Pégourié-Gonnard
a4f055fe0c Some windows environments don't have _snprint_s 
Do an alternative version for them.
That happens for example with our windows buildbot with mingw32-make.
 2015-07-08 17:35:37 +02:00
Manuel Pégourié-Gonnard
20af64dc2c Still need to #define inline for MSVC 
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
 2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard
e540b49a3f Add one more debug message 2015-07-07 12:44:38 +02:00
Manuel Pégourié-Gonnard
b4b19f395f Add a debug message 2015-07-07 11:41:21 +02:00
Manuel Pégourié-Gonnard
001f2b6246 Use xxx_clone() instead of memcpy() in SSL 2015-07-06 16:54:51 +02:00
Manuel Pégourié-Gonnard
c0bf01e8d2 Undo overzealous renaming of internal variables 
The rename script couldn't know it was a local variable with the same name as
on of the global functions
 2015-07-06 16:26:23 +02:00
Manuel Pégourié-Gonnard
052a6c9cfe Add mbedtls_md_clone() 2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard
16d412f465 Add md/shaXXX_clone() API 
Will be used in the SSL/TLS modules
 2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard
b9d64e5bbe Fix missing calls to md/shaxxx_free() 2015-07-06 14:18:56 +02:00
Manuel Pégourié-Gonnard
71d296a15d Add missing calls to _free() in md_wrap 
We can't just assume xxx_free() will only zeroize, because of alternative
implementations
 2015-07-06 11:36:25 +02:00
Manuel Pégourié-Gonnard
5791109707 Make the hardclock test optional 
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
 2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard
9bd0afdb22 Add guards for closed socket in net.c 
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
 2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard
2505528be4 Rm obsolete defines for inline wiht MSVC 
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
 2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard
636741b176 Remove obsolete hacks for uin32_t 
We now require support for stdint.h from the compiler.
 2015-07-01 17:13:05 +02:00