As a protection against the Lucky Thirteen attack, the TLS code for
CBC decryption in encrypt-then-MAC mode performs extra MAC
calculations to compensate for variations in message size due to
padding. The amount of extra MAC calculation to perform was based on
the assumption that the bulk of the time is spent in processing
64-byte blocks, which was correct for most supported hashes but not for
SHA-384. Adapt the formula to 128-byte blocks for SHA-384.
Clarify the roles of the buffer parameter and their sizes.
Document the possible error codes.
Warn that mbedtls_gcm_crypt_and_tag in decrypt mode does not
authenticate the data and recommend using mbedtls_gcm_auth_decrypt
instead.
When MBEDTLS_TIMING_C was not defined in config.h, but the MemSan
memory sanitizer was activated, entropy_poll.c used memset without
declaring it. Fix this by including string.h unconditionally.
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
Add a function that deletes all the old Visual Studio prokect files
before generating the new ones. This ensure that project files for
delete example applications are removed from the repository.
When the "same ciphersuite validation" was backported to 2.1, we
introduced the use of irrelevant defines in ssl_cli.c. all.sh catches
these as "Likely typos". Remove the code for ECJPAKE, a feature that doesn't exist in 2.1, from ssl_cli to fix this test failure.
******************************************************************
* test/build: declared and exported names
* Thu Apr 26 08:23:19 UTC 2018
******************************************************************
1175 macros
143 enum-consts
942 identifiers
771 exported-symbols
Exported symbols declared in header: PASS
Names of actual-macros: PASS
Names of enum-consts: PASS
Names of identifiers: PASS
Likely typos: FAIL
MBEDTLS_KEY_EXCHANGE_ECJPAKE
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
FAILED
* restricted/pr/469:
Improve comments style
Remove a redundant test
Add buffer size check before cert_type_len read
Update change log
Adjust 2.1 specific code to match the buffer verification tests
Add a missing buffer size check
Correct buffer size check
platform.h defines MBEDTLS_PLATFORM_STD_SNPRINTF based on _WIN32. But while defining macro mbedtls_snprintf it sets it to STD C snprintf that is deprecated on Windows.
We don't use symbolic links as part of our build process, so tell
Doxygen not to traverse them. In particular, if I have a symbolic link
to a directory outside the build tree, I don't want Doxygen to follow
it.
