c57556e52a
tiny spelling fixes
2015-09-12 09:57:23 -06:00
d69f14bed8
Updated Changelog for new version
2015-09-11 20:00:20 +01:00
8a52a7468d
Added PR to Changelog for NWilson
2015-09-11 19:44:34 +01:00
835faec899
Merge branch 'NWilson-const_profile'
2015-09-11 19:27:08 +01:00
d0bf6a3891
Update ssl_tls.c
...
Clarification in comments
2015-09-11 17:34:49 +01:00
74ca8d07ad
Update ssl_tls.c
...
Clarification in comments to ssl_handle_possible_reconnect()
2015-09-11 17:22:40 +01:00
0789aed39d
Update ssl_tls.c
...
Typo
2015-09-11 17:15:17 +01:00
1a57af1607
Update ssl.h
...
Typo
2015-09-11 17:14:16 +01:00
4f6882a8a3
Update config.h
...
Typo in RFC x-ref comment.
2015-09-11 17:12:46 +01:00
a25cab8bea
FIX: compiler warning with recvfrom on 64-bit
2015-09-09 08:49:48 -07:00
a6b95f01cc
Print I/O buffer size in memory.sh
2015-09-09 13:51:05 +02:00
ddfe5d20d1
Tune dependencies
...
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
c2ed8029ff
Fix ChangeLog - misplaced entries
2015-09-09 12:15:13 +02:00
2ed05a049a
Fix typos
2015-09-09 11:52:28 +02:00
ab05d23b29
Update generated file
2015-09-09 11:50:00 +02:00
259db91023
Add test without cookies
...
Tune existing tests while at it
2015-09-09 11:48:45 +02:00
22311ae62e
Improve help message of ssl_*2.c
2015-09-09 11:22:58 +02:00
62c74bb78a
Stop wasting resources
...
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.
Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
2088e2ebd9
fix const-ness of argument to mbedtls_ssl_conf_cert_profile
...
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
222cb8db22
Tune related documentation while at it
2015-09-08 15:43:59 +02:00
3a2a4485d4
Update documentation
2015-09-08 15:36:09 +02:00
14c2574a9d
Update Changelog
2015-09-08 15:12:45 +02:00
e5a21b4493
Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
...
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
5f50104c52
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
d745a1a9b7
Add tests for hard reconnect
2015-09-08 12:40:43 +02:00
3f09b6d4c2
Fix API
2015-09-08 11:58:14 +02:00
be619c1264
Clean up error codes
2015-09-08 11:21:21 +02:00
11331fc25b
First working dirty version
...
- uses too much resources
- wrong API
2015-09-08 10:39:06 +02:00
9650205df7
Start detecting epoch 0 ClientHellos
2015-09-08 10:39:06 +02:00
26d227ddfc
Add config flag for support of client port reuse
2015-09-08 10:39:06 +02:00
dbd23079d0
Add option reconnect_hard to ssl_client2
...
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
this port.
Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
cd345898a0
Fix #ifdef in test suite
2015-09-07 12:43:11 +02:00
d9802af1d0
Add tests for round 2
...
Also move one check earlier as it makes more sense
2015-09-07 12:43:11 +02:00
3059095e86
Complete tests for reading round one
...
Also change the code to forbid public keys being 0
2015-09-07 12:43:11 +02:00
bbe4e52c3b
Start adding tests for EC J-PAKE round one
2015-09-07 12:43:11 +02:00
d0d8a935b2
Blind operations on the secret
...
I'm not sure this is necessary, because it is only multiplied by xm2 which is
already random and secret, but OTOH, xm2 is related to a public value, so
let's add blinding with a random value that's only use for blinding, just to
be extra sure.
2015-09-07 12:43:11 +02:00
55f3d84faa
fixup-include
2015-09-07 12:43:11 +02:00
c907081a20
Polish the source
2015-09-07 12:43:11 +02:00
f7368c983a
Polish API and documentation
2015-09-07 12:43:11 +02:00
e1927101fb
Unify round two
2015-09-07 12:43:11 +02:00
d8204a7bea
Provide symmetric API for the first round
2015-09-07 12:43:11 +02:00
e2d3a4e1b4
Unify loading of test vectors in tests
2015-09-07 12:43:11 +02:00
ce4567614b
Rename variable to prepare for cli/srv unification
2015-09-07 12:43:10 +02:00
6b798b9dae
Tune up some comments
2015-09-07 12:43:10 +02:00
e0ad57b0b3
Replace explicit IDs with table look-ups
...
That's a first step towards merging symmetric version of different functions
2015-09-07 12:43:10 +02:00
5f18829609
Add derive_pms, completing first working version
2015-09-07 12:43:10 +02:00
6449391852
Store our role in the context
2015-09-07 12:43:10 +02:00
614bd5e919
Add write_client_params
2015-09-07 12:43:10 +02:00
ec0eece2ba
Add read_client_params
2015-09-07 12:43:10 +02:00
bed9e41761
Add writing of server params
2015-09-07 12:43:10 +02:00
