Commit Graph

2646 Commits

Author SHA1 Message Date
Angus Gratton
ba25ffef87 Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:09:37 +03:00
Simon Butcher
642ddb555e Merge remote-tracking branch 'public/pr/1864' into mbedtls-2.1 2018-07-24 13:01:02 +01:00
Simon Butcher
eebee76f93 Merge remote-tracking branch 'public/pr/1846' into mbedtls-2.1 2018-07-19 19:48:40 +01:00
Angus Gratton
fd1c5e8453 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:20:51 +01:00
Angus Gratton
485b3930c9 TLSv1.2: Treat zero-length fragments as invalid, unless they are application data
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
2018-07-16 20:20:49 +01:00
Angus Gratton
1226dd7715 CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:20:44 +01:00
Simon Butcher
57e9fe2df4 Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1 2018-07-10 14:59:56 +01:00
Simon Butcher
ec971d7434 Merge remote-tracking branch 'public/pr/1828' into mbedtls-2.1 2018-07-10 12:51:03 +01:00
Philippe Antoine
bbc7918b6b Fixes different off by ones 2018-07-09 10:33:08 +02:00
Brendan Shanks
9e31693f67 x509.c: Remove unused includes
Remove unused includes guarded by MBEDTLS_FS_IO, which doesn't appear
anywhere else in the file.
2018-07-02 12:17:44 +01:00
niisato
8ba6ff578d about a issue Replace "new" variable #1782 2018-06-29 11:30:03 +01:00
Simon Butcher
e5828ce06c Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1 2018-06-28 11:38:18 +01:00
Ron Eldor
3dfbf406e5 Move definition of MBEDTLS_CIPHER_MODE_STREAM
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-06-28 08:49:25 +03:00
Simon Butcher
b1c796ec48 Merge remote-tracking branch 'public/pr/1769' into mbedtls-2.1 2018-06-22 15:05:34 +01:00
Philippe Antoine
2c3c18039b Fix memory leak in mbedtls_x509_csr_parse 2018-06-22 12:19:33 +01:00
Simon Butcher
ad761c45b9 Fix multiple quality issues in the source
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
2018-06-22 11:22:44 +01:00
Andres Amaya Garcia
b999a73eb4 Document ssl_write_real() behaviour in detail 2018-06-21 19:37:27 +01:00
Simon Butcher
6fc9ceece3 Change the library version to 2.1.13 2018-06-18 14:49:02 +01:00
Simon Butcher
0a715b1587 Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1 2018-06-17 18:02:57 +01:00
Simon Butcher
fd436b34eb Merge remote-tracking branch 'public/pr/1673' into mbedtls-2.1 2018-06-17 18:02:21 +01:00
Simon Butcher
577d39b930 Compilation warning fixes on 32b platfrom with IAR
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683

This is based on work by Ron Eldor in PR #750.
2018-06-14 09:10:23 +01:00
Andres Amaya Garcia
b5c87012ec Initialise pointers to avoid IAR compiler warnings 2018-06-14 08:48:49 +01:00
Azim Khan
c57d0e5ed5 Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-06-14 08:48:49 +01:00
Fabio Alessandrelli
789096a71d Only redefine _WIN32_WINNT macro when < 0x0501 2018-06-08 16:26:53 +01:00
Gilles Peskine
8ba12295f8 Fix MSan build without MBEDTLS_TIMING_C
When MBEDTLS_TIMING_C was not defined in config.h, but the MemSan
memory sanitizer was activated, entropy_poll.c used memset without
declaring it. Fix this by including string.h unconditionally.
2018-06-01 18:38:53 +02:00
Simon Butcher
a8002f8f39 Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1 2018-05-23 17:58:10 +01:00
Simon Butcher
e64bf3968e Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1 2018-05-23 17:53:23 +01:00
Andres AG
879e62697e Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2018-05-11 16:38:38 +01:00
Jaeden Amero
6c0fba4350 Update version to 2.1.12 2018-04-27 13:13:54 +01:00
Jaeden Amero
4faad41346 Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed
Remove trailing whitespace from ChangeLog.
2018-04-26 11:09:15 +01:00
Jaeden Amero
32f5cc6dd4 ssl_cli: Fix all.sh test failure for ECJPAKE typo
When the "same ciphersuite validation" was backported to 2.1, we
introduced the use of irrelevant defines in ssl_cli.c. all.sh catches
these as "Likely typos". Remove the code for ECJPAKE, a feature that doesn't exist in 2.1, from ssl_cli to fix this test failure.

    ******************************************************************
    * test/build: declared and exported names
    * Thu Apr 26 08:23:19 UTC 2018
    ******************************************************************
    1175 macros
         143 enum-consts
    942 identifiers
    771 exported-symbols
    Exported symbols declared in header: PASS
    Names of actual-macros: PASS
    Names of enum-consts: PASS
    Names of identifiers: PASS
    Likely typos: FAIL
    MBEDTLS_KEY_EXCHANGE_ECJPAKE
    MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
    FAILED
2018-04-26 10:43:28 +01:00
Jaeden Amero
7db991d56a Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
Resolve conflicts in ChangeLog
2018-04-26 09:03:14 +01:00
Andrzej Kurek
302be2fce4 Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:29:32 -04:00
Andrzej Kurek
078014aebe Change variable bytes_written to header_bytes in record decompression
The name is changed to better reflect the input, decompression case
2018-04-24 06:33:49 -04:00
Andrzej Kurek
bb6661479f ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-23 08:29:36 -04:00
Mohammad Azim Khan
3f1d5cb324 Same ciphersuite validation in server and client hello 2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard
1e2f4da801 Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed
* restricted/pr/469:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Adjust 2.1 specific code to match the buffer verification tests
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:22:24 +02:00
Darryl Green
ce52b58da0 Fix braces in mbedtls_memory_buffer_alloc_status() 2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak
28485d0a01 Improve comments style 2018-04-10 13:36:43 +02:00
Krzysztof Stachowiak
99fb6e9461 Remove a redundant test 2018-04-10 13:36:00 +02:00
Krzysztof Stachowiak
57e1a9fdfc Add buffer size check before cert_type_len read 2018-04-10 13:35:09 +02:00
Krzysztof Stachowiak
0ac812f5ce Adjust 2.1 specific code to match the buffer verification tests 2018-04-05 08:50:20 +02:00
Krzysztof Stachowiak
444678ea8b Add a missing buffer size check 2018-04-04 15:41:07 +02:00
Krzysztof Stachowiak
f8ba5cf8e9 Correct buffer size check
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-04-04 14:36:20 +02:00
Jaeden Amero
ac9939c096 Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed 2018-04-03 18:27:18 +01:00
Jaeden Amero
ee6c822076 Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed 2018-04-03 12:07:19 +01:00
Jaeden Amero
b40dae5c21 Merge remote-tracking branch 'upstream-public/pr/1546' into mbedtls-2.1-proposed 2018-04-03 12:03:12 +01:00
mohammad1603
ad2908c9d6 Fix compatibility problem in the printed message
Replace %zu with %lu and add cast for the printed value.
2018-04-02 07:30:32 -07:00
Gilles Peskine
225684015d Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed 2018-04-01 12:41:33 +02:00
Gilles Peskine
911a432704 Update error.c 2018-03-30 18:51:31 +02:00