Robert Cragie 
							
						 
					 
					
						
						
						
						
							
						
						
							ae8535db38 
							
						 
					 
					
						
						
							
							Changed defs. back to MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED  
						
						
						
						
					 
					
						2015-10-06 17:11:18 +01:00 
						 
				 
			
				
					
						
							
							
								Robert Cragie 
							
						 
					 
					
						
						
						
						
							
						
						
							39a60de410 
							
						 
					 
					
						
						
							
							Correct overwritten fixes  
						
						
						
						
					 
					
						2015-10-02 13:57:59 +01:00 
						 
				 
			
				
					
						
							
							
								Robert Cragie 
							
						 
					 
					
						
						
						
						
							
						
						
							136884c29b 
							
						 
					 
					
						
						
							
							Use MBEDTLS_ECJPAKE_C def. for correct conditional compilation  
						
						
						
						
					 
					
						2015-10-02 13:34:31 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							5624ec824e 
							
						 
					 
					
						
						
							
							Reordered TLS extension fields in client  
						
						... 
						
						
						
						Session ticket placed at end 
						
						
					 
					
						2015-09-29 01:06:06 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							04799a4274 
							
						 
					 
					
						
						
							
							Fixed copy and paste error  
						
						... 
						
						
						
						Accidental additional assignment in ssl_write_alpn_ext() 
						
						
					 
					
						2015-09-29 00:31:09 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc94e9f83 
							
						 
					 
					
						
						
							
							Revised bounds checking on TLS extensions  
						
						... 
						
						
						
						Revisions following review feedback 
						
						
					 
					
						2015-09-28 20:52:04 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							ed9976634f 
							
						 
					 
					
						
						
							
							Added bounds checking for TLS extensions  
						
						... 
						
						
						
						IOTSSL-478 - Added checks to prevent buffer overflows. 
						
						
					 
					
						2015-09-28 02:14:30 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							faee44ded1 
							
						 
					 
					
						
						
							
							Avoid false positives in bounds check  
						
						... 
						
						
						
						The size of the buffer already accounts for the extra data before the actual
message, so the allowed length is SSL_MAX_CONTENT_LEN starting from _msg 
						
						
					 
					
						2015-09-24 22:19:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d0d8cb36a4 
							
						 
					 
					
						
						
							
							Cache ClientHello extension  
						
						... 
						
						
						
						This extension is quite costly to generate, and we don't want to re-do it
again when the server performs a DTLS HelloVerify. So, cache the result the
first time and re-use if/when we build a new ClientHello.
Note: re-send due to timeouts are different, as the whole message is cached
already, so they don't need any special support. 
						
						
					 
					
						2015-09-17 14:16:30 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0f1660ab4f 
							
						 
					 
					
						
						
							
							Implement key exchange messages and PMS derivation  
						
						... 
						
						
						
						This completes the first working version. No interop testing done yet. 
						
						
					 
					
						2015-09-16 22:58:30 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							25dbeb002d 
							
						 
					 
					
						
						
							
							Skip certificate-related messages with ECJPAKE  
						
						
						
						
					 
					
						2015-09-16 22:58:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0a1324aaa1 
							
						 
					 
					
						
						
							
							Add client-side extension parsing  
						
						
						
						
					 
					
						2015-09-16 22:58:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							60884a1597 
							
						 
					 
					
						
						
							
							Improve debug formatting of ciphersuites  
						
						
						
						
					 
					
						2015-09-16 22:58:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							eef142d753 
							
						 
					 
					
						
						
							
							Depend on ECJPAKE key exchange, not module  
						
						... 
						
						
						
						This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.
Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.) 
						
						
					 
					
						2015-09-16 22:58:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf97a6c92 
							
						 
					 
					
						
						
							
							Skip ECJPAKE suite in ClientHello if no pw set up  
						
						... 
						
						
						
						When we don't have a password, we want to skip the costly process of
generating the extension. So for consistency don't offer the ciphersuite
without the extension. 
						
						
					 
					
						2015-09-16 22:58:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							557535d8c4 
							
						 
					 
					
						
						
							
							Add ECJPAKE key exchange  
						
						
						
						
					 
					
						2015-09-16 22:58:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							294139b57a 
							
						 
					 
					
						
						
							
							Add client extension writing  
						
						
						
						
					 
					
						2015-09-16 16:10:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f472179d44 
							
						 
					 
					
						
						
							
							Adjust dependencies for EC extensions  
						
						... 
						
						
						
						The Thread spec says we need those for EC J-PAKE too.
However, we won't be using the information, so we can skip the parsing
functions in an EC J-PAKE only config; keep the writing functions in order to
comply with the spec. 
						
						
					 
					
						2015-09-15 18:22:00 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7f2f062a5d 
							
						 
					 
					
						
						
							
							Fix possible client crash on API misuse  
						
						
						
						
					 
					
						2015-09-07 12:27:24 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							37ff14062e 
							
						 
					 
					
						
						
							
							Change main license to Apache 2.0  
						
						
						
						
					 
					
						2015-09-04 14:21:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							c6b5d833ec 
							
						 
					 
					
						
						
							
							Fix handling of long PSK identities  
						
						... 
						
						
						
						fixes  #238  
					
						2015-08-31 10:34:26 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6fb8187279 
							
						 
					 
					
						
						
							
							Update date in copyright line  
						
						
						
						
					 
					
						2015-07-28 17:11:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a6e5bd5654 
							
						 
					 
					
						
						
							
							Fix bug with extension-less ServerHello  
						
						... 
						
						
						
						https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug 
in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.) 
					
						2015-07-23 12:23:19 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b4b19f395f 
							
						 
					 
					
						
						
							
							Add a debug message  
						
						
						
						
					 
					
						2015-07-07 11:41:21 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							636741b176 
							
						 
					 
					
						
						
							
							Remove obsolete hacks for uin32_t  
						
						... 
						
						
						
						We now require support for stdint.h from the compiler. 
						
						
					 
					
						2015-07-01 17:13:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							dba460f2f3 
							
						 
					 
					
						
						
							
							Add SSL "assertion" to help static analysis  
						
						
						
						
					 
					
						2015-06-25 10:59:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							1cf7b30dc8 
							
						 
					 
					
						
						
							
							Rewrite test to make Coverity happier  
						
						... 
						
						
						
						With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code. 
						
						
					 
					
						2015-06-25 10:59:56 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							19389753c8 
							
						 
					 
					
						
						
							
							Avoid dead stores (makes scan-build happier)  
						
						
						
						
					 
					
						2015-06-23 13:46:44 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							9386664543 
							
						 
					 
					
						
						
							
							Move from inttypes.h to stdint.h  
						
						... 
						
						
						
						Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it. 
						
						
					 
					
						2015-06-22 23:41:26 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							12ad798c87 
							
						 
					 
					
						
						
							
							Rename ssl_session.length to id_len  
						
						
						
						
					 
					
						2015-06-18 15:50:37 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7bfc122703 
							
						 
					 
					
						
						
							
							Implement sig_hashes  
						
						
						
						
					 
					
						2015-06-17 14:34:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							36a8b575a9 
							
						 
					 
					
						
						
							
							Create API for mbedtls_ssl_conf_sig_hashes().  
						
						... 
						
						
						
						Not implemented yet. 
						
						
					 
					
						2015-06-17 14:27:39 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							9d412d872c 
							
						 
					 
					
						
						
							
							Small internal changes in curve checking  
						
						... 
						
						
						
						- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config 
						
						
					 
					
						2015-06-17 14:27:39 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b541da6ef3 
							
						 
					 
					
						
						
							
							Fix define for ssl_conf_curves()  
						
						... 
						
						
						
						This is a security feature, it shouldn't be optional. 
						
						
					 
					
						2015-06-17 14:27:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							bd990d6629 
							
						 
					 
					
						
						
							
							Add ssl_conf_dhm_min_bitlen()  
						
						
						
						
					 
					
						2015-06-17 11:37:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							3335205a21 
							
						 
					 
					
						
						
							
							Avoid in-out length in dhm_calc_secret()  
						
						
						
						
					 
					
						2015-06-02 16:17:08 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6a8ca33fa5 
							
						 
					 
					
						
						
							
							Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED  
						
						
						
						
					 
					
						2015-05-28 16:25:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b2a18a2a98 
							
						 
					 
					
						
						
							
							Remove references to malloc in strings/names  
						
						
						
						
					 
					
						2015-05-27 16:58:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7551cb9ee9 
							
						 
					 
					
						
						
							
							Replace malloc with calloc  
						
						... 
						
						
						
						- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too 
						
						
					 
					
						2015-05-26 16:04:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5e94ddebbc 
							
						 
					 
					
						
						
							
							Create ssl_internal.h and move some functions  
						
						
						
						
					 
					
						2015-05-26 11:57:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							66dc5555f0 
							
						 
					 
					
						
						
							
							mbedtls_ssl_conf_arc4_support() depends on ARC4_C  
						
						
						
						
					 
					
						2015-05-14 12:31:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							1897af9e93 
							
						 
					 
					
						
						
							
							Make conf const inside ssl_context (finally)  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							750e4d7769 
							
						 
					 
					
						
						
							
							Move ssl_set_rng() to act on config  
						
						
						
						
					 
					
						2015-05-11 12:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ba26c24769 
							
						 
					 
					
						
						
							
							Change how hostname is stored internally  
						
						
						
						
					 
					
						2015-05-07 10:19:14 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							684b0592cb 
							
						 
					 
					
						
						
							
							Move ssl_set_fallback() to work on conf  
						
						... 
						
						
						
						Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place 
						
						
					 
					
						2015-05-07 10:19:13 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7ca4e4dc79 
							
						 
					 
					
						
						
							
							Move things to conf substructure  
						
						... 
						
						
						
						A simple series of sed invocations.
This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet. 
						
						
					 
					
						2015-05-07 10:19:13 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							2cf5a7c98e 
							
						 
					 
					
						
						
							
							The Great Renaming  
						
						... 
						
						
						
						A simple execution of tmp/invoke-rename.pl 
						
						
					 
					
						2015-04-08 13:25:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							07ec1ddd10 
							
						 
					 
					
						
						
							
							Fix bug with ssl_set_curves() check on client  
						
						
						
						
					 
					
						2015-04-03 18:17:37 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							abb674467b 
							
						 
					 
					
						
						
							
							Rename md_init_ctx() to md_setup()  
						
						
						
						
					 
					
						2015-03-25 21:55:56 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							4063ceb281 
							
						 
					 
					
						
						
							
							Make hmac_ctx optional  
						
						... 
						
						
						
						Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added. 
						
						
					 
					
						2015-03-25 21:55:56 +01:00