Gilles Peskine
11cb578fda
Note in README that GNU make is required
...
Our README claims that we only use basic Make functionality, but in
fact GNU make is required for conditional compilation. Document this.
Addresses issue #967
2017-10-06 11:59:13 +01:00
Simon Butcher
16373a5933
Fix changelog for ssl_server2.c usage fix
2017-10-06 11:59:13 +01:00
Ron Eldor
71f68c4043
Fix ssl_server2 sample application prompt
...
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-06 11:59:13 +01:00
Simon Butcher
2c4f9460ea
Update ChangeLog for fix to #836
2017-10-06 11:59:13 +01:00
Hanno Becker
1a9a51c7cf
Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
...
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
Hanno Becker
0446a39744
Enhance documentation of mbedtls_ssl_set_hostname
...
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-10-06 11:58:50 +01:00
Hanno Becker
947194e7cf
Make mbedtls_ssl_set_hostname safe to be called multiple times
...
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-10-06 11:58:50 +01:00
Hanno Becker
b25c0c78cf
Add test case calling ssl_set_hostname twice
...
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-10-06 11:58:50 +01:00
Ron Eldor
cb8d54b22d
Fix typo in configs/README.txt file
...
Fix typo in Readme file: ajust->adjust
2017-10-06 11:58:50 +01:00
Xinyu Chen
e1a94a6404
Correct the printf message of the DTLS handshake.
...
Make it consistent with dtls_server.c
2017-10-06 11:58:50 +01:00
Gilles Peskine
964faeb6c4
Cleaned up get_line for test data files
...
Look, ma, a use for do...while!
Also removed 1-3 calls to strlen.
2017-10-06 11:58:50 +01:00
Gilles Peskine
b04e2c3d81
Allow comments in test data files
2017-10-06 11:58:50 +01:00
Andres Amaya Garcia
01692531c6
Document code silently discarding invalid records
2017-09-14 20:20:31 +01:00
Andres Amaya Garcia
f569f701c2
Fix ChangeLog entry
2017-09-14 20:20:21 +01:00
Andres Amaya Garcia
06fc6650f4
Add ChangeLog entry
2017-09-14 20:20:15 +01:00
Andres Amaya Garcia
2fad94b193
Dont send alert on invalid DTLS record type
...
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-14 20:18:37 +01:00
Simon Butcher
72ea31b026
Update version number to 2.6.0
2017-08-10 11:51:16 +01:00
Simon Butcher
01971d094e
Fix language in Changelog for clarity
2017-08-10 10:48:01 +01:00
Hanno Becker
85b602e5d0
Improve documentation of PKCS1 decryption functions
...
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-08-01 22:48:41 +01:00
Simon Butcher
3f2557e6f1
Fix style and missing item in ChangeLog
2017-08-01 18:06:12 +01:00
Simon Butcher
a418e82a35
Add credit to Changelog to fix for #666
2017-07-28 23:52:10 +01:00
Simon Butcher
a55e084bce
Fix naked call to time() with platform call
...
In ssl_cache.c a call to time() was being made instead of it's platform
equivalent.
2017-07-28 23:46:43 +01:00
Simon Butcher
9fae22269b
Fix ChangeLog for duplication after merge
2017-07-28 22:32:23 +01:00
Hanno Becker
61937d4a83
Rename time and index parameter to avoid name conflict.
...
As noted in #557 , several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.
This commit renames the arguments accordingly.
2017-07-28 22:28:08 +01:00
Hanno Becker
840bace417
Correct comment
2017-07-28 22:28:08 +01:00
Hanno Becker
7ec83df47f
Adapt ChangeLog
2017-07-28 22:28:08 +01:00
Hanno Becker
ce37e6269e
Reliably zeroize sensitive data in AES sample application
...
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Hanno Becker
f601ec5f34
Reliably zeroize sensitive data in Crypt-and-Hash sample application
...
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Andres AG
6b171e4aec
Fix potential integer overflow parsing DER CRT
...
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-28 22:28:04 +01:00
Andres AG
ce49a25033
Fix potential integer overflow parsing DER CRL
...
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-28 22:28:04 +01:00
Ron Eldor
2dfb02151d
Move the git scripts to correct path
...
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-28 22:28:04 +01:00
Ron Eldor
cf61d7d992
Update after @sbutcher-arm comments
...
1. Move the scripts to test/git-scripts folder
2. Support the script to run independant, not only with git
3. modify Readme accordingly
2017-07-28 22:28:04 +01:00
Ron Eldor
13067fca9d
Fix slash direction for linux path
...
Update direction of the slash, for linux path, after @hanno-arm comments
2017-07-28 22:28:04 +01:00
Ron Eldor
e9b3f7ea3f
Add note for the git_hoos README file
...
Add a note to the git_hooks README.md file, to state that currently
they only work on GNU platforms
2017-07-28 22:28:04 +01:00
Ron Eldor
f16ce1cfb7
Pre push hook script
...
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-28 22:28:04 +01:00
Ron Eldor
a207e75089
Check return code of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-28 22:27:30 +01:00
Ron Eldor
7faf92a2fe
Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-28 22:27:30 +01:00
Ron Eldor
368d55c549
Wrong preproccessor condition fix
...
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-28 22:27:30 +01:00
Ron Eldor
d5a75f44a1
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 22:27:29 +01:00
Janos Follath
c08d9ddd55
Remove mutexes from ECP hardware acceleration
...
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.
Fixes #863
2017-07-28 22:27:29 +01:00
Hanno Becker
c6f346b60c
Fix get option in config.pl script
2017-07-28 16:45:55 +01:00
Simon Butcher
bcfa6f42e3
Fix the check for max CA intermediates in ssl-opt.sh
...
The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA
so the check has been changed to confirm the default value, and to show an error
otherwise.
2017-07-28 16:43:33 +01:00
Simon Butcher
efdfeeba6a
Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA
2017-07-28 12:15:13 +01:00
Simon Butcher
85097c7c38
Merge branch 'development'
2017-07-28 01:12:38 +01:00
Simon Butcher
b060cc21b1
Reorder and group sections in the ChangeLog
2017-07-28 01:04:34 +01:00
Simon Butcher
06b786372c
Change a ssl-opt.sh script sanity checks
...
Change the check in ssl-opt.sh for MBEDTLS_X509_MAX_INTERMEDIATE_CA to
check config.h instead of the x509 headers.
2017-07-28 01:00:17 +01:00
Simon Butcher
00d3cc61a6
Fix merge errors in ChangeLog
2017-07-27 21:44:34 +01:00
Andres AG
2e3ddfac5f
Prevent signed integer overflow in CSR parsing
...
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-27 21:44:34 +01:00
Andres AG
80164741e1
Fix potential integer overflow parsing DER CRT
...
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-27 21:44:34 +01:00
Andres AG
7d6ec7bacc
Add CRT DER tests with incorrect version
2017-07-27 21:44:34 +01:00