e3132a9e5a
Corrected misleading fn description in ssl_cache.h
...
Mistake in comments spotted by Andris Mednis
2015-10-19 19:28:41 +01:00
5674a9797a
Fix compilers warnings in reduced configs
2015-10-19 15:14:03 +02:00
9f52cac4bc
Rename config-ecjpake to thread and minify it
...
- in the future thread might need more than just EC J-PAKE
- use the same format as the other mini configurations (no doxygen doc, only
showing what is enabled)
2015-10-19 14:06:07 +02:00
024b6df3b1
Improve key export API and documentation
...
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths
Also fix some trailing whitespace while at it
2015-10-19 13:52:53 +02:00
b7da194939
ecjpake: fix uninitialize member
2015-10-19 13:35:22 +02:00
334a87be0b
Corrected URL/reference to MPI library
2015-10-14 22:56:44 +01:00
00ee6eee54
Test certificate "Server1 SHA1, key_usage" reissued.
2015-10-14 13:15:22 +02:00
87c96c2e53
Fix boolean values according to DER specs
...
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.
This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.
With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).
Fixes #318 .
2015-10-14 09:41:56 +02:00
5dd4fe1b30
Fixed pathlen contraint enforcement.
2015-10-12 09:02:20 +02:00
ef4f2588f3
Additional corner cases for testing pathlen constrains. Just in case.
2015-10-11 16:17:27 +02:00
822b2c33b9
Added test case for pathlen constrains in intermediate certificates
2015-10-11 10:39:15 +02:00
bbc75d9791
cert_write : fix "Destination buffer is too small" error
...
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.
I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...
Fixes #315 .
2015-10-10 21:58:07 +02:00
81962c36e3
Fix help message for cert_req/cert_write programs
...
In cert_req and cert_write programs, "key_certificate_sign" is not an
allowed velue for "key_usage" parameter. The correct value is
"key_cert_sign".
See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208
and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323 .
2015-10-10 21:42:29 +02:00
d97f899f99
Merge pull request #313 from bogdanm/development
...
Fix yotta dependencies
2015-10-09 15:27:36 +01:00
63666ef1b7
Fix yotta dependencies
...
Recent changes in various repositories broke the build of the yotta
module again :( This change fixes the build. Build tested with
frdm-k64f-gcc. I didn't update the yotta version number because I
don't know what is your policy with regards to version changes.
2015-10-09 17:07:00 +03:00
4104864e54
ECHDE-PSK does not use a certificate
...
fixes #270
2015-10-09 14:50:43 +01:00
adeb7d8ec9
Move all KEY_EXCHANGE__ definitions in one place
2015-10-09 14:44:47 +01:00
3eb8c34e6a
Add example program for Curve25519
...
Getting a lot of questions about how to use it. This will hopefully get people
started.
2015-10-09 12:13:29 +01:00
262c137d8c
Merge pull request #311 from jcowgill/spelling-fix
...
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-09 09:38:52 +01:00
07a92d720a
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-09 00:28:14 +01:00
dd0e9a8456
Minimal config file for ECJPAKE
2015-10-08 17:24:08 +01:00
4d284d271b
Added feature MBEDTLS_SSL_EXPORT_KEYS
2015-10-08 16:56:26 +01:00
4289c0d1fa
Typo in parameter name
2015-10-06 17:20:41 +01:00
ae8535db38
Changed defs. back to MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
2015-10-06 17:11:18 +01:00
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
ca056c7748
Fix CVE number in ChangeLog
2015-10-05 18:21:34 +01:00
c80a74f734
Merge branch 'development' into development-restricted
...
* development:
Add 'inline' workaround where needed
2015-10-05 16:30:53 +01:00
2ac9c60838
Add 'inline' workaround where needed
...
Was previously using the workaround from md.h
2015-10-05 16:18:23 +01:00
a97ab2c8a6
Merge branch 'development' into development-restricted
...
* development:
Remove inline workaround when not useful
Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
9c6762621d
Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls into development
2015-10-05 15:45:53 +01:00
7776fc36d3
Fix for #279 macroisation of 'inline' keyword
2015-10-05 15:44:18 +01:00
2d7083435d
Fix references to non-standard SIZE_T_MAX
...
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:23:11 +01:00
86ff4874a4
Merge remote-tracking branch 'origin/development' into development-restricted
...
* origin/development:
Fix yotta version dependencies again
2015-10-05 14:59:40 +01:00
0ccd4537bd
Fix yotta version dependencies again
2015-10-05 14:50:41 +01:00
899ac849d0
Merge branch 'development' into development-restricted
...
* development:
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
2015-10-05 14:47:43 +01:00
2347bdd7b5
Upgrade yotta dependency versions
2015-10-05 14:39:01 +01:00
5ae7984dc2
Merge pull request #306 from ARMmbed/gh-288-missing-warning
...
Add missing warning in doc
2015-10-05 13:51:10 +01:00
281bd6d98e
Merge pull request #307 from ARMmbed/gh-278-musl-socklen
...
Fix compile error in net.c with musl libc
2015-10-05 13:49:26 +01:00
0431735299
Fix compile error in net.c with musl libc
...
fixes #278
2015-10-05 12:17:49 +01:00
cb6af00e2a
Add missing warning in doc
...
Found by Nicholas Wilson
fixes #288
2015-10-05 12:12:39 +01:00
475cf0a98a
Merge fix of IOTSSL-496 - Potential heap overflow
...
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
5a2e389811
Remove inline workaround when not useful
...
This header doesn't have nay inline function any more
2015-10-05 11:55:39 +01:00
0223ab9d38
Fix macroization of inline in C++
...
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
fec73a8eec
Merge of fix for IOTSSL-481 - Double free
...
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
c48b66bfb6
Changed attribution for Guido Vranken
2015-10-05 10:18:17 +01:00
6418ffaadb
Merge fix for IOTSSL-480 - base64 overflow issue
2015-10-05 09:54:11 +01:00
a45aa1399b
Merge of IOTSSL-476 - Random malloc in pem_read()
2015-10-05 00:26:36 +01:00
e7f96f22ee
Merge fix IOTSSL-475 Potential buffer overflow
...
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
d5ba4672b2
Merge fix for IOTSSL-474 PKCS12 Overflow
...
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
5b8d1d65f7
Fix for IOTSSL-473 Double free error
...
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
