Gilles Peskine
9ce2972399
CTR_DRBG: add mbedtls_ctr_drbg_update_ret
...
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error. The old
function is not officially marked as deprecated in this branch because
this is a stable maintenance branch.
2018-09-13 22:19:31 +02:00
Gilles Peskine
f249e37e86
Add ChangeLog entry for wiping sensitive buffers
2018-09-13 22:11:23 +02:00
Gilles Peskine
1da7776bd7
HMAC_DRBG: clean stack buffers
...
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
2018-09-13 22:11:17 +02:00
Gilles Peskine
d324c5954a
CTR_DRBG: clean stack buffers
...
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
2018-09-13 22:10:46 +02:00
Simon Butcher
d6a63f4ca5
Clarified ChangeLog entry
...
ChangeLog entry for backport of #1890 was misleading, so corrected it.
2018-09-13 11:59:03 +01:00
Simon Butcher
eee169a082
Merge pull request #506 from sbutcher-arm/mbedtls-version-2.7.6
...
Update library version number to 2.7.6
2018-08-31 17:29:24 +01:00
Simon Butcher
34997fd291
Update library version number to 2.7.6
2018-08-31 16:07:23 +01:00
Simon Butcher
a36fe37429
Revised and clarified ChangeLog
...
Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
2018-08-31 12:00:58 +01:00
Andrzej Kurek
77798b9f2d
ssl-opt.sh: change expected output for large srv packet test with SSLv3
...
This test also exercises a protection against BEAST
and should expect message splitting.
2018-08-29 07:05:59 -04:00
Andrzej Kurek
0d50aeb4d4
Remove trailing whitespace
2018-08-29 07:05:44 -04:00
Andrzej Kurek
fb764931ee
ssl_server2: add buffer overhead for a termination character
...
Switch to mbedtls style of memory allocation
2018-08-29 07:05:44 -04:00
Andrzej Kurek
d5ab1883b7
Add missing large and small packet tests for ssl_server2
2018-08-29 07:05:44 -04:00
Andrzej Kurek
6b3ec17463
Added buffer_size and response_size options for ssl-server2.
...
Added appropriate tests.
2018-08-29 07:05:44 -04:00
Simon Butcher
9877efb401
Merge remote-tracking branch 'restricted/pr/437' into mbedtls-2.7-restricted
2018-08-28 15:34:28 +01:00
Simon Butcher
242169bdc3
Merge remote-tracking branch 'restricted/pr/498' into mbedtls-2.7-restricted
2018-08-28 15:29:55 +01:00
Simon Butcher
6910201cd1
Merge remote-tracking branch 'restricted/pr/493' into mbedtls-2.7-restricted
2018-08-28 15:23:39 +01:00
Simon Butcher
fbd0ccc0f0
Merge remote-tracking branch 'public/pr/1978' into mbedtls-2.7
2018-08-28 12:32:21 +01:00
Simon Butcher
4102b3d377
Merge remote-tracking branch 'public/pr/1888' into mbedtls-2.7
2018-08-28 12:25:12 +01:00
Simon Butcher
cc4f58d08c
Merge remote-tracking branch 'public/pr/1956' into mbedtls-2.7
2018-08-28 12:16:11 +01:00
Simon Butcher
f7be6b029e
Merge remote-tracking branch 'public/pr/1960' into mbedtls-2.7
2018-08-28 11:51:56 +01:00
Simon Butcher
040cff9895
Merge remote-tracking branch 'public/pr/1974' into mbedtls-2.7
2018-08-28 10:20:37 +01:00
Simon Butcher
b6cf145b7a
Merge remote-tracking branch 'public/pr/1981' into mbedtls-2.7
2018-08-28 10:18:32 +01:00
Hanno Becker
6728d3cfdb
Improve documentation of mbedtls_x509_crt_parse()
2018-08-24 10:02:03 +01:00
Hanno Becker
b37ca7a4eb
Move ChangeLog entry from Bugfix to Changes section
2018-08-23 16:42:32 +01:00
Hanno Becker
ca16cf67da
Improve wording
2018-08-23 16:15:26 +01:00
Hanno Becker
063c50df8a
pk_encrypt: Uniformize debugging output
2018-08-23 15:57:15 +01:00
Hanno Becker
ca8c3b434c
Improve documentation of mbedtls_x509_crt_parse()
...
Fixes #1883 .
2018-08-23 15:52:01 +01:00
Hanno Becker
45d006a9cc
Fix typos in programs/x509/cert_write.c
...
Fixes #1922 .
2018-08-23 15:27:21 +01:00
Hanno Becker
6953ac2dbe
Minor formatting improvements in pk_encrypt and pk_decrypt examples
2018-08-23 15:14:52 +01:00
Hanno Becker
20b5d14b28
Adapt ChangeLog
2018-08-23 15:14:51 +01:00
Hanno Becker
a82a6e126d
Correct memory leak in pk_decrypt example program
2018-08-23 15:14:50 +01:00
Hanno Becker
20fce25f28
Correct memory-leak in pk_encrypt example program
2018-08-23 15:14:50 +01:00
Hanno Becker
8b9d102160
Adapt ChangeLog
2018-08-23 14:58:02 +01:00
Hanno Becker
99f3916e31
Return from debugging functions if SSL context is unset
...
The debugging functions
- mbedtls_debug_print_ret,
- mbedtls_debug_print_buf,
- mbedtls_debug_print_mpi, and
- mbedtls_debug_print_crt
return immediately if the SSL configuration bound to the
passed SSL context is NULL, has no debugging functions
configured, or if the debug threshold is below the debugging
level.
However, they do not check whether the provided SSL context
is not NULL before accessing the SSL configuration bound to it,
therefore leading to a segmentation fault if it is.
In contrast, the debugging function
- mbedtls_debug_print_msg
does check for ssl != NULL before accessing ssl->conf.
This commit unifies the checks by always returning immediately
if ssl == NULL.
2018-08-23 14:57:39 +01:00
Hanno Becker
dc6c0e49ad
ssl-opt.sh: Preserve proxy log, too, if --preserve-logs is specified
2018-08-22 15:24:25 +01:00
Hanno Becker
4d646a60bd
Adapt ChangeLog
2018-08-22 15:11:28 +01:00
Hanno Becker
b554636236
ssl-opt.sh: Add DTLS session resumption tests
...
Fixes #1969 .
2018-08-22 15:07:31 +01:00
Hanno Becker
6c794faa46
Fix bug in SSL ticket implementation removing keys of age < 1s
...
Fixes #1968 .
2018-08-22 14:58:31 +01:00
Jaeden Amero
e4d14208aa
Merge remote-tracking branch 'upstream-public/pr/1953' into mbedtls-2.7
2018-08-17 15:31:58 +01:00
Hanno Becker
12f7ede56e
Compute record expansion in steps to ease readability
2018-08-17 15:30:03 +01:00
Jaeden Amero
ab397dd47c
Merge remote-tracking branch 'upstream-public/pr/1944' into mbedtls-2.7
2018-08-17 14:27:06 +01:00
Hanno Becker
f38db01c42
Adapt ChangeLog
2018-08-17 10:12:23 +01:00
Hanno Becker
dbd3e88479
Fix mbedtls_ssl_get_record_expansion() for CBC modes
...
`mbedtls_ssl_get_record_expansion()` is supposed to return the maximum
difference between the size of a protected record and the size of the
encapsulated plaintext.
Previously, it did not correctly estimate the maximum record expansion
in case of CBC ciphersuites in (D)TLS versions 1.1 and higher, in which
case the ciphertext is prefixed by an explicit IV.
This commit fixes this bug. Fixes #1914 .
2018-08-17 10:12:21 +01:00
Hanno Becker
517e84a0e3
Improve ChangeLog wording for the commmit that Fixes #1954 .
2018-08-17 10:04:08 +01:00
Hanno Becker
3a333a58ba
Add tests for empty CA list in CertificateRequest, TLS 1.0 & 1.1
2018-08-17 10:04:08 +01:00
Hanno Becker
4a4c04dc9c
Adapt ChangeLog
2018-08-16 15:53:02 +01:00
Hanno Becker
78d5d8225e
Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-16 15:53:02 +01:00
Mohammad Azim Khan
7e84affb45
Fix Wformat-overflow warning in ssl_mail_client.c
...
sprintf( (char *) buf, "%s\r\n", base );
Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-16 14:34:15 +01:00
Hanno Becker
8058800d54
Adapt ChangeLog
2018-08-14 15:48:41 +01:00
Hanno Becker
cd6a64a516
Reset session_in/out pointers in ssl_session_reset_int()
...
Fixes #1941 .
2018-08-14 15:48:36 +01:00