lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
13,029 Commits 176 Branches 276 Tags
3669208c8ef9689a864f31df4740d0a195514216
Commit Graph

426 Commits

Author SHA1 Message Date
Simon Butcher
0fc94e9f83 Revised bounds checking on TLS extensions 
Revisions following review feedback
 2015-09-28 20:52:04 +01:00
Simon Butcher
ed9976634f Added bounds checking for TLS extensions 
IOTSSL-478 - Added checks to prevent buffer overflows.
 2015-09-28 02:14:30 +01:00
Manuel Pégourié-Gonnard
faee44ded1 Avoid false positives in bounds check 
The size of the buffer already accounts for the extra data before the actual
message, so the allowed length is SSL_MAX_CONTENT_LEN starting from _msg
 2015-09-24 22:19:58 +02:00
Manuel Pégourié-Gonnard
d0d8cb36a4 Cache ClientHello extension 
This extension is quite costly to generate, and we don't want to re-do it
again when the server performs a DTLS HelloVerify. So, cache the result the
first time and re-use if/when we build a new ClientHello.

Note: re-send due to timeouts are different, as the whole message is cached
already, so they don't need any special support.
 2015-09-17 14:16:30 +02:00
Manuel Pégourié-Gonnard
0f1660ab4f Implement key exchange messages and PMS derivation 
This completes the first working version. No interop testing done yet.
 2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard
25dbeb002d Skip certificate-related messages with ECJPAKE 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
0a1324aaa1 Add client-side extension parsing 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
60884a1597 Improve debug formatting of ciphersuites 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
eef142d753 Depend on ECJPAKE key exchange, not module 
This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.

Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.)
 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
ddf97a6c92 Skip ECJPAKE suite in ClientHello if no pw set up 
When we don't have a password, we want to skip the costly process of
generating the extension. So for consistency don't offer the ciphersuite
without the extension.
 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
557535d8c4 Add ECJPAKE key exchange 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
294139b57a Add client extension writing 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
f472179d44 Adjust dependencies for EC extensions 
The Thread spec says we need those for EC J-PAKE too.
However, we won't be using the information, so we can skip the parsing
functions in an EC J-PAKE only config; keep the writing functions in order to
comply with the spec.
 2015-09-15 18:22:00 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d Fix possible client crash on API misuse 2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
c6b5d833ec Fix handling of long PSK identities 
fixes #238
 2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654 Fix bug with extension-less ServerHello 
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
 2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
b4b19f395f Add a debug message 2015-07-07 11:41:21 +02:00
Manuel Pégourié-Gonnard
636741b176 Remove obsolete hacks for uin32_t 
We now require support for stdint.h from the compiler.
 2015-07-01 17:13:05 +02:00
Manuel Pégourié-Gonnard
dba460f2f3 Add SSL "assertion" to help static analysis 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
1cf7b30dc8 Rewrite test to make Coverity happier 
With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code.
 2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
19389753c8 Avoid dead stores (makes scan-build happier) 2015-06-23 13:46:44 +02:00
Manuel Pégourié-Gonnard
9386664543 Move from inttypes.h to stdint.h 
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
 2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard
12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard
7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard
36a8b575a9 Create API for mbedtls_ssl_conf_sig_hashes(). 
Not implemented yet.
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
9d412d872c Small internal changes in curve checking 
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
b541da6ef3 Fix define for ssl_conf_curves() 
This is a security feature, it shouldn't be optional.
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bd990d6629 Add ssl_conf_dhm_min_bitlen() 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98 Remove references to malloc in strings/names 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc 
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
 2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
66dc5555f0 mbedtls_ssl_conf_arc4_support() depends on ARC4_C 2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard
1897af9e93 Make conf const inside ssl_context (finally) 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
750e4d7769 Move ssl_set_rng() to act on config 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
ba26c24769 Change how hostname is stored internally 2015-05-07 10:19:14 +01:00
Manuel Pégourié-Gonnard
684b0592cb Move ssl_set_fallback() to work on conf 
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
7ca4e4dc79 Move things to conf substructure 
A simple series of sed invocations.

This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
07ec1ddd10 Fix bug with ssl_set_curves() check on client 2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard
abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281 Make hmac_ctx optional 
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
ca878dbaa5 Make md_info_t an opaque structure 
- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
  negligible
 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
a78b218042 Fix contness of debug_print_buf() 2015-03-19 17:16:11 +00:00
Manuel Pégourié-Gonnard
852a6d3d8f Rename ssl.renegotiation to ssl.renego_status 2015-03-19 16:15:20 +00:00
Manuel Pégourié-Gonnard
d2b35ec3d3 Fix bug in no-renego option 2015-03-10 11:40:43 +00:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00