Commit graph

7127 commits

Author SHA1 Message Date
Gilles Peskine b46c59e2a7 In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-27 10:12:58 +02:00
Gilles Peskine 732826d265 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-27 10:08:31 +02:00
Simon Butcher f73b437fc6 Add ChangeLog entry for PR #1812 2018-09-26 22:59:42 +01:00
Simon Butcher fa5054ffab Fix ChangeLog entry for PR #1972 2018-09-26 22:59:31 +01:00
Andrzej Kurek c895821766 ssl-opt.sh: change expected output for large srv packet test with SSLv3
This test also exercises a protection against BEAST
and should expect message splitting.
2018-09-26 22:53:13 +01:00
Andrzej Kurek 3d5cd4ec0a Remove trailing whitespace 2018-09-26 22:53:13 +01:00
Andrzej Kurek 216b40de9b ssl_server2: add buffer overhead for a termination character
Switch to mbedtls style of memory allocation
2018-09-26 22:53:12 +01:00
Andrzej Kurek d731a6348a Add missing large and small packet tests for ssl_server2 2018-09-26 22:53:12 +01:00
Andrzej Kurek 557335e56d Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-09-26 22:53:12 +01:00
Simon Butcher 651902d062 Merge remote-tracking branch 'public/pr/1972' into mbedtls-2.7 2018-09-26 22:35:51 +01:00
Simon Butcher 9863afc5e2 Merge remote-tracking branch 'public/pr/1899' into mbedtls-2.7 2018-09-26 22:00:02 +01:00
Gilles Peskine 94a779b2c2 Add ChangeLog entry for deprecation of mbedtls_xxx_drbg_update 2018-09-13 22:27:12 +02:00
Gilles Peskine aadc818126 HMAC_DRBG: report all errors from HMAC functions
Make sure that any error from mbedtls_md_hmac_xxx is propagated.
2018-09-13 22:20:58 +02:00
Gilles Peskine 4d23757fad HMAC_DRBG: deprecate mbedtls_hmac_drbg_update because it ignores errors
Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a
new function mbedtls_hmac_drbg_update_ret which reports error. The old
function is not officially marked as deprecated in this branch because
this is a stable maintenance branch.
2018-09-13 22:19:57 +02:00
Gilles Peskine 9ce2972399 CTR_DRBG: add mbedtls_ctr_drbg_update_ret
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error. The old
function is not officially marked as deprecated in this branch because
this is a stable maintenance branch.
2018-09-13 22:19:31 +02:00
Gilles Peskine f249e37e86 Add ChangeLog entry for wiping sensitive buffers 2018-09-13 22:11:23 +02:00
Gilles Peskine 1da7776bd7 HMAC_DRBG: clean stack buffers
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
2018-09-13 22:11:17 +02:00
Gilles Peskine d324c5954a CTR_DRBG: clean stack buffers
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
2018-09-13 22:10:46 +02:00
Simon Butcher d6a63f4ca5 Clarified ChangeLog entry
ChangeLog entry for backport of #1890 was misleading, so corrected it.
2018-09-13 11:59:03 +01:00
Gilles Peskine 938845484c Add ChangeLog entry 2018-09-04 11:22:08 +02:00
Gilles Peskine 98add4fd5a Fix pk_write with an EC key to write a constant-length private value
When writing a private EC key, use a constant size for the private
value, as specified in RFC 5915. Previously, the value was written
as an ASN.1 INTEGER, which caused the size of the key to leak
about 1 bit of information on average, and could cause the value to be
1 byte too large for the output buffer.
2018-09-04 11:22:08 +02:00
Gilles Peskine 313a5c1fec pk_write test cases with short/long private key
Add pk_write test cases where the ASN.1 INTEGER encoding of the
private value does not have the mandatory size for the OCTET STRING
that contains the value.

ec_256_long_prv.pem is a random secp256r1 private key, selected so
that the private value is >= 2^255, i.e. the top bit of the first byte
is set (which would cause the INTEGER encoding to have an extra
leading 0 byte).

ec_521_short_prv.pem is a random secp521r1 private key, selected so
that the private value is < 2^518, i.e. the first byte is zero and the
top bit of the second byte is 0 (which would cause the INTEGER
encoding to have one less 0 byte at the start).
2018-09-04 11:16:42 +02:00
Simon Butcher eee169a082
Merge pull request #506 from sbutcher-arm/mbedtls-version-2.7.6
Update library version number to 2.7.6
2018-08-31 17:29:24 +01:00
Simon Butcher 34997fd291 Update library version number to 2.7.6 2018-08-31 16:07:23 +01:00
Simon Butcher a36fe37429 Revised and clarified ChangeLog
Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
2018-08-31 12:00:58 +01:00
Andrzej Kurek 77798b9f2d ssl-opt.sh: change expected output for large srv packet test with SSLv3
This test also exercises a protection against BEAST
and should expect message splitting.
2018-08-29 07:05:59 -04:00
Andrzej Kurek 0d50aeb4d4 Remove trailing whitespace 2018-08-29 07:05:44 -04:00
Andrzej Kurek fb764931ee ssl_server2: add buffer overhead for a termination character
Switch to mbedtls style of memory allocation
2018-08-29 07:05:44 -04:00
Andrzej Kurek d5ab1883b7 Add missing large and small packet tests for ssl_server2 2018-08-29 07:05:44 -04:00
Andrzej Kurek 6b3ec17463 Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-08-29 07:05:44 -04:00
Simon Butcher 9877efb401 Merge remote-tracking branch 'restricted/pr/437' into mbedtls-2.7-restricted 2018-08-28 15:34:28 +01:00
Simon Butcher 242169bdc3 Merge remote-tracking branch 'restricted/pr/498' into mbedtls-2.7-restricted 2018-08-28 15:29:55 +01:00
Simon Butcher 6910201cd1 Merge remote-tracking branch 'restricted/pr/493' into mbedtls-2.7-restricted 2018-08-28 15:23:39 +01:00
Simon Butcher fbd0ccc0f0 Merge remote-tracking branch 'public/pr/1978' into mbedtls-2.7 2018-08-28 12:32:21 +01:00
Simon Butcher 4102b3d377 Merge remote-tracking branch 'public/pr/1888' into mbedtls-2.7 2018-08-28 12:25:12 +01:00
Simon Butcher cc4f58d08c Merge remote-tracking branch 'public/pr/1956' into mbedtls-2.7 2018-08-28 12:16:11 +01:00
Simon Butcher f7be6b029e Merge remote-tracking branch 'public/pr/1960' into mbedtls-2.7 2018-08-28 11:51:56 +01:00
Simon Butcher 040cff9895 Merge remote-tracking branch 'public/pr/1974' into mbedtls-2.7 2018-08-28 10:20:37 +01:00
Simon Butcher b6cf145b7a Merge remote-tracking branch 'public/pr/1981' into mbedtls-2.7 2018-08-28 10:18:32 +01:00
Hanno Becker 6728d3cfdb Improve documentation of mbedtls_x509_crt_parse() 2018-08-24 10:02:03 +01:00
Hanno Becker b37ca7a4eb Move ChangeLog entry from Bugfix to Changes section 2018-08-23 16:42:32 +01:00
Hanno Becker ca16cf67da Improve wording 2018-08-23 16:15:26 +01:00
Hanno Becker 063c50df8a pk_encrypt: Uniformize debugging output 2018-08-23 15:57:15 +01:00
Hanno Becker ca8c3b434c Improve documentation of mbedtls_x509_crt_parse()
Fixes #1883.
2018-08-23 15:52:01 +01:00
Hanno Becker 45d006a9cc Fix typos in programs/x509/cert_write.c
Fixes #1922.
2018-08-23 15:27:21 +01:00
Hanno Becker 6953ac2dbe Minor formatting improvements in pk_encrypt and pk_decrypt examples 2018-08-23 15:14:52 +01:00
Hanno Becker 20b5d14b28 Adapt ChangeLog 2018-08-23 15:14:51 +01:00
Hanno Becker a82a6e126d Correct memory leak in pk_decrypt example program 2018-08-23 15:14:50 +01:00
Hanno Becker 20fce25f28 Correct memory-leak in pk_encrypt example program 2018-08-23 15:14:50 +01:00
Hanno Becker 8b9d102160 Adapt ChangeLog 2018-08-23 14:58:02 +01:00