TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-12 14:54:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,355 Commits 179 Branches 280 Tags
141b4f4526cb8600a2152c8749987029a1528fd2
Commit Graph

969 Commits

Author SHA1 Message Date
Hanno Becker
8bc74d6f2f Merge branch 'development' into iotssl-1619 2018-01-03 10:24:02 +00:00
Manuel Pégourié-Gonnard
ae3925c774 Merge remote-tracking branch 'public/pr/1136' into development 
* public/pr/1136:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
 2017-12-26 10:42:20 +01:00
Hanno Becker
32297e8314 Merge branch 'development' into iotssl-1619 2017-12-22 10:24:32 +00:00
Gilles Peskine
ff79d27f5c selftest: allow excluding a subset of the tests 
E.g. "selftest -x timing" runs all the self-tests except timing.
 2017-12-20 21:57:48 +01:00
Gilles Peskine
c82fbb4e14 selftest: allow running a subset of the tests 
If given command line arguments, interpret them as test names and only
run those tests.
 2017-12-20 20:23:13 +01:00
Gilles Peskine
319ac801a8 selftest: refactor to separate the list of tests from the logic 
No behavior change.
 2017-12-20 20:19:27 +01:00
Gilles Peskine
d629411212 Merge branch 'pr_920' into development 2017-12-01 23:46:58 +01:00
Ron Eldor
0728d69d6d Change kB to KiB 
Change the style of the units to KiB, according to
https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/
 2017-11-29 12:08:35 +02:00
Gilles Peskine
ea8d697fa2 Merge remote-tracking branch 'upstream-public/pr/1089' into development 
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
 2017-11-28 17:32:32 +01:00
Ron Eldor
a0748019f1 Change KB to kB 
Change KB to kB, as this is the proper way to write kilo bytes
 2017-11-28 16:48:51 +02:00
Gilles Peskine
68306ed31f Merge remote-tracking branch 'upstream-public/pr/1094' into development 2017-11-23 20:02:46 +01:00
Chris Xue
9a51c032ee Fix copy paste error in the error message of mbedtls_ecp_gen_key in gen_key.c 2017-11-05 19:10:51 +00:00
Hanno Becker
7f25f850ac Adapt uses of mbedtls_rsa_complete to removed PRNG argument 2017-10-10 16:56:22 +01:00
Ron Eldor
71f68c4043 Fix ssl_server2 sample application prompt 
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
 2017-10-06 11:59:13 +01:00
Xinyu Chen
e1a94a6404 Correct the printf message of the DTLS handshake. 
Make it consistent with dtls_server.c
 2017-10-06 11:58:50 +01:00
Hanno Becker
b953921a4e Adapt benchmark application to naming and binary format 2017-10-04 13:13:34 +01:00
Hanno Becker
17c3276a2e Improve output on bad cmd line args in programs/x509/cert_write 2017-10-03 14:56:04 +01:00
Ron Eldor
7da7cb399e Fix ssl_server2 sample application prompt 
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
 2017-10-02 19:14:58 +01:00
Hanno Becker
d4d856265e Don't use deprecated macro form of DHM moduli in benchmark program 2017-10-02 15:06:27 +01:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt 
This is no longer needed after the decision to not exhaustively validate private key material.
 2017-10-02 13:20:15 +01:00
Xinyu Chen
00afe1c046 Correct the printf message of the DTLS handshake. 
Make it consistent with dtls_server.c
 2017-09-30 09:52:38 +01:00
Hanno Becker
7f3652ddf1 Fix error code printing in cert_write 
Error codes can consume up to two bytes, but only one was printed so far.
 2017-09-22 15:39:02 +01:00
Hanno Becker
38eff43791 Use X509 CRT version macros in cert_write program 2017-09-22 15:38:20 +01:00
Hanno Becker
e1b1d0af8e Fix senseless comment 2017-09-22 15:35:16 +01:00
Hanno Becker
e4ad3e8803 Allow requests of size larger than 16384 in ssl_client2 2017-09-18 16:11:42 +01:00
Hanno Becker
81535d0011 Minor style and typo corrections 2017-09-14 07:51:54 +01:00
Hanno Becker
6c13d37961 Extend cert_write example program by multiple cmd line options 
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
 2017-09-13 15:42:16 +01:00
Hanno Becker
f073de0c25 Adapt rsa_genkey example program to use new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker
0c2639386e Adapt rsa_encrypt example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker
d6ba5e3d8b Adapt rsa_sign example program to new RSA interface 2017-08-23 16:17:28 +01:00
Hanno Becker
ccef18c2ff Adapt rsa_decrypt example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
40371ec783 Adapt key_app_writer example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
54ebf9971d Adapt key_app example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
83aad1fa86 Adapt gen_key example program to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
c95fad3566 Adapt dh_server example program to new RSA interface 2017-08-23 16:17:27 +01:00
Peter Huewe
38fc3a0548 Remove duplicated defintion of PRINT_ERROR 
The PRINT_ERROR macros are already defined exactly the same in line
101ff, so we can remove them here.
 2017-07-29 02:01:22 +02:00
Hanno Becker
840bace417 Correct comment 2017-07-28 22:28:08 +01:00
Hanno Becker
ce37e6269e Reliably zeroize sensitive data in AES sample application 
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
 2017-07-28 22:28:08 +01:00
Hanno Becker
f601ec5f34 Reliably zeroize sensitive data in Crypt-and-Hash sample application 
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
 2017-07-28 22:28:08 +01:00
Ron Eldor
2a47be5012 Minor: Fix typos in program comments 
Fix a couple of typos and writer's mistakes,
in some reference program applications
 2017-07-27 21:44:33 +01:00
Ron Eldor
ee5a0ca3bb Minor: Fix typos in program comments 
Fix a couple of typos and writer's mistakes,
in some reference program applications
 2017-07-19 23:33:24 +02:00
Martijn de Milliano
b194a283a9 dh_server: Fixed expected number of bytes received from client when receiving public value. 2017-07-06 23:55:59 +02:00
Andres Amaya Garcia
276ebb650e Add stdlib.h include to hello.c sample 2017-07-03 11:16:57 +01:00
Andres Amaya Garcia
1ff60f437f Change examples to use the new MD API and check ret code 2017-06-28 13:26:36 +01:00
Hanno Becker
8651a43e95 Remove %zu format string from ssl_client2 and ssl_server2 2017-06-09 16:13:22 +01:00
Manuel Pégourié-Gonnard
c44c3c288d Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development 
* janos/iotssl-1156-ecdsa-sample-and-doc-clarification:
  Clarify the use of ECDSA API
 2017-06-08 10:16:54 +02:00
Hanno Becker
e6706e62d8 Add tests for missing CA chains and bad curves. 
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
 2017-06-07 11:26:59 +01:00
Gilles Peskine
682df09159 Allow SHA-1 in server tests, when the signature_algorithm extension is not used 2017-06-06 18:44:14 +02:00
Gilles Peskine
bc70a1836b Test that SHA-1 defaults off 
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
 2017-06-06 18:44:14 +02:00
Gilles Peskine
cd3c845157 Allow SHA-1 in SSL renegotiation tests 
In the TLS test client, allow SHA-1 as a signature hash algorithm.
Without this, the renegotation tests failed.

A previous commit had allowed SHA-1 via the certificate profile but
that only applied before the initial negotiation which includes the
signature_algorithms extension.
 2017-06-06 18:44:13 +02:00