Commit graph

7018 commits

Author SHA1 Message Date
Hanno Becker dbd3e88479 Fix mbedtls_ssl_get_record_expansion() for CBC modes
`mbedtls_ssl_get_record_expansion()` is supposed to return the maximum
difference between the size of a protected record and the size of the
encapsulated plaintext.

Previously, it did not correctly estimate the maximum record expansion
in case of CBC ciphersuites in (D)TLS versions 1.1 and higher, in which
case the ciphertext is prefixed by an explicit IV.

This commit fixes this bug. Fixes #1914.
2018-08-17 10:12:21 +01:00
Hanno Becker 517e84a0e3 Improve ChangeLog wording for the commmit that Fixes #1954. 2018-08-17 10:04:08 +01:00
Hanno Becker 3a333a58ba Add tests for empty CA list in CertificateRequest, TLS 1.0 & 1.1 2018-08-17 10:04:08 +01:00
Hanno Becker 4a4c04dc9c Adapt ChangeLog 2018-08-16 15:53:02 +01:00
Hanno Becker 78d5d8225e Fix overly strict bounds check in ssl_parse_certificate_request() 2018-08-16 15:53:02 +01:00
Mohammad Azim Khan 7e84affb45 Fix Wformat-overflow warning in ssl_mail_client.c
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-16 14:34:15 +01:00
Hanno Becker 8058800d54 Adapt ChangeLog 2018-08-14 15:48:41 +01:00
Hanno Becker cd6a64a516 Reset session_in/out pointers in ssl_session_reset_int()
Fixes #1941.
2018-08-14 15:48:36 +01:00
Jaeden Amero 9eb78b4dab Merge remote-tracking branch 'upstream-public/pr/1900' into mbedtls-2.7
Add a Changelog entry
2018-08-10 11:26:15 +01:00
Jaeden Amero f37a99e3fc Merge remote-tracking branch 'upstream-public/pr/1814' into mbedtls-2.7 2018-08-10 11:01:29 +01:00
Jaeden Amero 3b69174852 Merge remote-tracking branch 'upstream-public/pr/1886' into mbedtls-2.7 2018-08-10 10:50:34 +01:00
k-stachowiak 2c161144e2 Revert change of a return variable name 2018-07-31 17:02:56 +02:00
Simon Butcher 51a46b9b38 Add ChangeLog entry for bug #1890 2018-07-30 22:15:14 +01:00
Simon Butcher 91ac97e469 Merge remote-tracking branch 'public/pr/1893' into mbedtls-2.7 2018-07-30 22:12:22 +01:00
Ron Eldor 15b0a39322 enforce input and output of ccm selftest on stack
In `mbedtls_ccm_self_test()`, enforce input and output
buffers sent to the ccm API to be contigous and aligned,
by copying the test vectors to buffers on the stack.
2018-07-30 11:43:08 +03:00
Ron Eldor f19a7ab45d Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:13:18 +03:00
Simon Butcher f88aace580 Change test dependencies to RC4 from DES
Some tests were dependent on DES yet actually used RC4. Likely a copy and paste
error. This change fixes them.
2018-07-27 17:33:34 +01:00
Philippe Antoine 84cc74e82b Fix undefined shifts
- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key

and in ssl_cli.c : unsigned char gets promoted to signed integer
2018-07-26 22:49:42 +01:00
Simon Butcher 5ef42fd415 Merge remote-tracking branch 'restricted/pr/500' into mbedtls-2.7-restricted 2018-07-26 14:33:14 +01:00
Angus Gratton cb7a5b0b0c Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:08:06 +03:00
Simon Butcher a64621929f Clarify Changelog entries
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:30:20 +01:00
Jaeden Amero 8385110ae8 Update version to 2.7.5 2018-07-25 15:43:21 +01:00
Simon Butcher 7daacda940 Merge remote-tracking branch 'restricted/pr/494' into mbedtls-2.7 2018-07-24 23:40:53 +01:00
Simon Butcher d7126d7009 Merge remote-tracking branch 'public/pr/779' into mbedtls-2.7 2018-07-24 13:38:44 +01:00
Simon Butcher 1bb41e5d04 Merge remote-tracking branch 'public/pr/1800' into mbedtls-2.7 2018-07-24 13:30:40 +01:00
Simon Butcher b47e0a68ab Merge remote-tracking branch 'public/pr/1805' into mbedtls-2.7 2018-07-24 13:16:25 +01:00
Simon Butcher a8ee41ce80 Revise ChangeLog entry for empty data records fixes 2018-07-24 12:59:21 +01:00
Simon Butcher d5a3ed36b8 Merge remote-tracking branch 'public/pr/1863' into mbedtls-2.7 2018-07-24 12:57:15 +01:00
Simon Butcher bd40916dfa Merge remote-tracking branch 'public/pr/1872' into mbedtls-2.7 2018-07-24 12:12:43 +01:00
k-stachowiak f4a668870f Fix code formatting 2018-07-24 12:54:39 +02:00
Simon Butcher b65d6ce83f Merge remote-tracking branch 'public/pr/1870' into mbedtls-2.7 2018-07-24 10:30:11 +01:00
Simon Butcher c6a0fd8e83 Add ChangeLog entry for #1098 fix. 2018-07-24 10:17:36 +01:00
Simon Butcher 66e2b654a8 Merge remote-tracking branch 'public/pr/1877' into mbedtls-2.7 2018-07-24 08:26:26 +01:00
Simon Butcher e08754762d Correct logic to exclude i386 inline assenbly when -O0
The i386 MPI inline assembly code was being incorrectly included when
all compiler optimisation was disabled.
2018-07-23 13:41:33 +01:00
Simon Butcher 948f264302 Add additional i386 tests to all.sh
Added an additional i386 test to all.sh, to allow one test with -O0 which
compiles out inline assembly, and one to test with -01 which includes the inline
assembly.
2018-07-23 13:41:25 +01:00
Jaeden Amero 5113bdec6e all.sh: Return error on keep-going failure
When calling all.sh from a script and using "--keep-going", errors were
sometimes missed due to all.sh always returning 0 "success" return code.
Return 1 if there is any failure encountered during a "keep-going" run.
2018-07-23 10:24:31 +01:00
Simon Butcher 7c6b84102d Expand i386 all.sh tests to full config ASan builds
The i386 test builds were only building the default configuration and had
no address sanitisation. This commit expands the test configuration to the full
configuration in all.sh and builds with ASan for when the test suites are
executed.
2018-07-20 21:34:04 +01:00
Simon Butcher 48883cd800 Merge remote-tracking branch 'public/pr/1780' into mbedtls-2.7 2018-07-20 14:40:51 +01:00
Dawid Drozd 2ba7d8ed2d Remove unnecessary mark as unused #1098 (backport) 2018-07-20 14:08:02 +02:00
Simon Butcher e9aa8c1d6d Merge remote-tracking branch 'public/pr/1838' into mbedtls-2.7 2018-07-19 20:01:33 +01:00
Simon Butcher 7924d93209 Fix ChangeLog entry for issue #1663
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:54:18 +01:00
Simon Butcher bc5ec41c01 Merge remote-tracking branch 'public/pr/1847' into mbedtls-2.7 2018-07-19 19:48:25 +01:00
Simon Butcher cd9a2c6dd1 Merge remote-tracking branch 'public/pr/1848' into mbedtls-2.7 2018-07-19 16:17:07 +01:00
Simon Butcher be347c6e21 Merge remote-tracking branch 'public/pr/1849' into mbedtls-2.7 2018-07-19 16:13:07 +01:00
Ron Eldor 8839e31fbc Update ChangeLog
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:13:53 +03:00
Ron Eldor a9779f1aff Repharse comments
Rephrase comments to clarify them.
2018-07-17 13:32:31 +03:00
Andres Amaya Garcia 14783c47e7 Add test for empty app data records to ssl-opt.sh 2018-07-16 20:14:54 +01:00
Andres Amaya Garcia 8e346dc793 Add ChangeLog entry for empty app data fix 2018-07-16 20:14:53 +01:00
Andres Amaya Garcia 46a6d5cbe5 Fix ssl_client2 to send 0-length app data 2018-07-16 20:14:45 +01:00
Angus Gratton 8946b0dd30 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:12:56 +01:00