Commit graph

6494 commits

Author SHA1 Message Date
Darryl Green 9e867214c3 Change symlink to hardlink to avoid permission issues 2018-06-11 11:31:40 +01:00
Darryl Green 215a40631f Fix out-of-tree testing symlinks on Windows 2018-06-11 11:31:31 +01:00
Simon Butcher ee3a3d4a72 Merge remote-tracking branch 'public/pr/1470' into mbedtls-2.7 2018-06-11 11:30:33 +01:00
Simon Butcher 4e5edf3184 Add ChangeLog entry for _WIN32_WINNT override fix 2018-06-08 16:23:17 +01:00
Fabio Alessandrelli ec4ce37709 Only redefine _WIN32_WINNT macro when < 0x0501 2018-06-08 12:28:47 +01:00
Simon Butcher bb5e1c3973 Fix multiple quality issues in the source
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
2018-06-08 11:14:43 +01:00
Gilles Peskine db37cb4752 mbedtls_gcm_crypt_and_tag: clarify what each mode does and doesn't do 2018-06-07 15:06:02 +02:00
Gilles Peskine bb07ca0bfb Fix Lucky13 attack protection when using HMAC-SHA-384
As a protection against the Lucky Thirteen attack, the TLS code for
CBC decryption in encrypt-then-MAC mode performs extra MAC
calculations to compensate for variations in message size due to
padding. The amount of extra MAC calculation to perform was based on
the assumption that the bulk of the time is spent in processing
64-byte blocks, which was correct for most supported hashes but not for
SHA-384. Adapt the formula to 128-byte blocks for SHA-384.
2018-06-06 17:23:31 +02:00
Gilles Peskine 282bd24a44 Correct and clarify the documentation of GCM whole-message functions
Clarify the roles of the buffer parameter and their sizes.

Remove a statement about input size restrictions that only applies to
mbedtls_gcm_update, not to the whole-message functions.

Document the possible error codes.

Warn that mbedtls_gcm_crypt_and_tag in decrypt mode does not
authenticate the data and recommend using mbedtls_gcm_auth_decrypt
instead.
2018-06-06 16:57:03 +02:00
Darryl Green 36f6fc542c Add check-files.py to travis.yml 2018-06-05 11:57:35 +01:00
Darryl Green 38e4c68a9e Add check-files.py to pre-push.sh 2018-06-05 11:57:21 +01:00
Darryl Green bd38c3b89f Add check-files.py to all.sh 2018-06-05 11:57:12 +01:00
Darryl Green da02eb310c Add script for source integrity checking 2018-06-05 11:57:01 +01:00
Simon Butcher ad11e65448 Merge remote-tracking branch 'public/pr/1404' into mbedtls-2.7 2018-06-01 19:35:16 +01:00
Simon Butcher e83b1ae201 Merge remote-tracking branch 'public/pr/1606' into mbedtls-2.7 2018-06-01 19:34:44 +01:00
Andres Amaya Garcia f9519bfa60 Add more SNI/DTLS tests
Run the normal SNI/TLS tests over DTLS in ssl-opt.sh for greater
coverage.
2018-05-30 08:21:26 +01:00
Andres Amaya Garcia 914eea44e7 Rename SNI/DTLS tests in ssl-opt.sh script 2018-05-30 08:21:25 +01:00
Andres AG e8b0774392 Add SNI with DTLS tests to ssl-opt.sh script 2018-05-30 08:21:22 +01:00
Azim Khan 826cdab010 Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-05-25 14:58:33 +01:00
Ron Eldor c5333c29da Change the value of fno-sanitize-recover
Change the value of `-fno-sanitize-recover` from `undefined,integer` to `all`
2018-05-24 10:24:11 +03:00
Ron Eldor 23571dc10d Support only new CLang version
Support only new CLang version by enabling only
`-fno-sanitize-recover=undefined,integer`
2018-05-24 10:24:03 +03:00
Ron Eldor c9ccf1f8d5 Address Azim's coments
Fix typo and use new check for clang>3.5m according to azim's comments
2018-05-24 10:23:55 +03:00
Ron Eldor 66c7edd73e Suport clang version 3.8
Check CLANG version, and according to the version,
set the correct paramters. fix for #1072
2018-05-24 10:23:46 +03:00
Moran Peker 9259b3be03 Remove double declaration of mbedtls_ssl_list_ciphersuites
Raised by TrinityTonic. #1359
2018-05-23 18:22:29 +01:00
Darryl Green 68207f868b Fix braces in mbedtls_memory_buffer_alloc_status() 2018-05-23 16:32:33 +01:00
Jaeden Amero 6856c2ebb5 Merge remote-tracking branch 'upstream-public/pr/1586' into mbedtls-2.7-proposed 2018-05-04 11:09:42 +01:00
Jaeden Amero 11d5551d0a Merge remote-tracking branch 'upstream-public/pr/1487' into mbedtls-2.7-proposed 2018-05-04 11:06:21 +01:00
Andres AG b7b420b51c Fix uninitialized var in check-generated-files.sh 2018-05-01 21:01:22 +01:00
Andres AG 108aa0b4bc Remove VS project files from deleted example apps 2018-05-01 21:01:21 +01:00
Andres AG 430e68c4b7 Remove refs to VS6 from generate_visualc_files.pl 2018-05-01 21:01:20 +01:00
Andres Amaya Garcia 7dae108fe8 Check generated-visualc-files in check-generated-files 2018-05-01 21:01:18 +01:00
Andres Amaya Garcia 464b1491c2 genereate_visualc_files.pl deletes old files
Add a function that deletes all the old Visual Studio prokect files
before generating the new ones. This ensure that project files for
delete example applications are removed from the repository.
2018-05-01 21:01:16 +01:00
Jaeden Amero f8887521ef Merge remote-tracking branch 'upstream-restricted/pr/479' into mbedtls-2.7-restricted 2018-04-30 17:38:39 +01:00
Simon Butcher 88cc94168c Fix the ChangeLog for clarity, english and credit 2018-04-30 17:23:00 +01:00
Jaeden Amero e1450a54b1 Merge remote-tracking branch 'upstream-restricted/pr/476' into mbedtls-2.7-restricted 2018-04-30 10:17:50 +01:00
Jaeden Amero 1fc4d33f5f Update version to 2.7.3 2018-04-27 13:15:45 +01:00
Jaeden Amero 07d1d5f270 Merge remote-tracking branch 'upstream-restricted/pr/473' into mbedtls-2.7-restricted-proposed
Remove trailing whitespace in ChangeLog.
2018-04-26 09:07:15 +01:00
Jaeden Amero 402256184a Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
Resolve conflicts in ChangeLog.
2018-04-26 09:03:51 +01:00
Jaeden Amero 6a9af8184c Merge remote-tracking branch 'upstream-public/pr/1595' into mbedtls-2.7-proposed 2018-04-25 14:25:03 +01:00
Andrzej Kurek ef30d96739 Changelog entry 2018-04-25 05:29:00 -04:00
Andrzej Kurek 6608096544 Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:28:08 -04:00
Andrzej Kurek 149f3a4d73 Change variable bytes_written to header_bytes in record decompression
The name is changed to better reflect the input, decompression case
2018-04-24 06:32:44 -04:00
Andrzej Kurek c3a3e2df0e ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-23 08:39:13 -04:00
Mohammad Azim Khan 0acbd7df03 Same ciphersuite validation in server and client hello 2018-04-20 19:58:37 +01:00
Manuel Pégourié-Gonnard 8bce3685f5 Merge remote-tracking branch 'restricted/pr/468' into mbedtls-2.7-restricted-proposed
* restricted/pr/468:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:21:36 +02:00
Manuel Pégourié-Gonnard 4a9236efce Merge remote-tracking branch 'public/pr/1234' into mbedtls-2.7-proposed
* public/pr/1234:
  Doxygen: don't traverse symbolic links
2018-04-18 12:04:51 +02:00
Azim Khan 26838608f8 Use correct version of snprintf on Windows
platform.h defines MBEDTLS_PLATFORM_STD_SNPRINTF based on _WIN32. But while defining macro mbedtls_snprintf it sets it to STD C snprintf that is deprecated on Windows.
2018-04-17 23:35:04 +01:00
Krzysztof Stachowiak affb4f8e90 Improve comments style 2018-04-10 13:43:23 +02:00
Krzysztof Stachowiak 5ca4c5a15d Remove a redundant test 2018-04-10 13:43:17 +02:00
Krzysztof Stachowiak 314f16136f Add buffer size check before cert_type_len read 2018-04-10 13:43:10 +02:00