1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

314 Commits

Author SHA1 Message Date
eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
3a173f497b Merge branch 'development' into dtls
* development:
  Fix error code description.
  generate_errors.pl now errors on duplicate codes
  Avoid nested if's without braces.
  Move renego SCSV after actual ciphersuites
  Fix send_close_notify usage.
  Rename variable for clarity
  Improve script portability

Conflicts:
	library/ssl_srv.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
59c6f2ef21 Avoid nested if's without braces.
Creates a potential for confusing code if we later want to add an else clause.
2015-01-22 11:06:40 +00:00
5d9cde25da Move renego SCSV after actual ciphersuites 2015-01-22 10:49:41 +00:00
67505bf9e8 Merge branch 'development' into dtls
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
2015-01-21 13:57:33 +00:00
0af1ba3521 Merge commit 'f6080b8' into dtls
* commit 'f6080b8':
  Fix warning in reduced configs
  Adapt to "negative" switch for renego
  Add tests for periodic renegotiation
  Make renego period configurable
  Auto-renegotiate before sequence number wrapping
  Update Changelog for compile-option renegotiation
  Switch from an enable to a disable flag
  Save 48 bytes if SSLv3 is not defined
  Make renegotiation a compile-time option
  Add tests for renego security enforcement

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
eaecbd3ba8 Fix warning in reduced configs 2014-12-02 10:40:55 +01:00
615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
ada3030485 Implement extended master secret 2014-11-05 16:00:49 +01:00
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
cd32a50d67 Fix NewSesssionTicket vs ChangeCipherSpec bug
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
d92d6a1b5b ssl_parse_server_key_exchange() cleanups 2014-10-21 16:30:32 +02:00
000d5aec13 No memmove: parse_new_session_ticket() 2014-10-21 16:30:31 +02:00
0b3400dafa No memmove: ssl_parse_server_hello() 2014-10-21 16:30:31 +02:00
069eb79043 No memmove: ssl_parse_hello_verify_request() 2014-10-21 16:30:30 +02:00
04c1b4ece1 No memmove: certificate_request + server_hello_done 2014-10-21 16:30:30 +02:00
f4830b5092 No memmove: ssl_parse_server_key_exchange() 2014-10-21 16:30:30 +02:00
f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
b35fe5638a Fix HelloVerifyRequest version handling 2014-10-21 16:30:20 +02:00
fb2d22371f Reuse random when responding to a verify request 2014-10-21 16:30:14 +02:00
b760f001d7 Extract generate client random to a function 2014-10-21 16:30:14 +02:00
a0e1632b79 Do not use compression with DTLS 2014-10-21 16:30:13 +02:00
67427c07b2 Fix checksum computation with HelloVerifyRequest 2014-10-21 16:30:11 +02:00
74848811b4 Implement HelloVerifyRequest on client 2014-10-21 16:30:11 +02:00
4128aa71ee Add the 'cookie' field of DTLS ClientHello 2014-10-21 16:30:08 +02:00
abc7e3b4ba Handle DTLS version encoding and fix some checks 2014-10-21 16:30:05 +02:00
d66645130c Add a ciphersuite NODTLS flag 2014-10-21 16:30:03 +02:00
f7cdbc0e87 Fix potential bad read of length 2014-10-17 17:02:10 +02:00
44ade654c5 Implement (partial) renego delay on client 2014-08-19 13:58:40 +02:00
6591962f06 Allow delay on renego on client
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
84bbeb58df Adapt cipher and MD layer with _init() and _free() 2014-07-09 10:19:24 +02:00
5b4af39a36 Add _init() and _free() for hash modules 2014-07-09 10:19:23 +02:00
2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
dd0c0f33c0 Better usage of dhm_calc_secret in SSL 2014-06-25 11:26:14 +02:00