1. 01 Mar, 2019 1 commit
  2. 11 Feb, 2019 1 commit
  3. 07 Feb, 2019 14 commits
  4. 15 Jan, 2019 6 commits
    • Ron Eldor's avatar
      Add buffer size in unhexify in client sample · 95775d25
      Ron Eldor authored
      Add the output buffer size in the `unhexify` function, to verify
      `olen` doesn't exceed it.
      95775d25
    • Ron Eldor's avatar
      Style fixes · d3300d8d
      Ron Eldor authored
      1. Fix indentations.
      2. Remove redundant whitespaces.
      3. Keep short lines.
      4. Grammar fixes.
      5. Rephrase function description.
      d3300d8d
    • Ron Eldor's avatar
      Style fixes · de830972
      Ron Eldor authored
      1. Adjust to 80 colums where possible.
      2. Add \ remove spaces where needed.
      3. Fix alignments.
      de830972
    • Ron Eldor's avatar
      Fix compilation errors · 1e3308de
      Ron Eldor authored
      Fix compilation errors when `MBEDTLS_DTLS_SRTP` not set
      1. Add file missed in previous commmit.
      2. In sample applications, set `DFL_FORCE_SRTP_PROFILE` to 0.
      1e3308de
    • Ron Eldor's avatar
      Fix mki issues · d8c7410c
      Ron Eldor authored
      1. Set correct mki from the `use_srtp` extension.
      2. Use mki value received from the client as the mki used by server.
      3. Use `mbedtls_ssl_dtls_srtp_set_mki_value()` as a client API only.
      d8c7410c
    • Ron Eldor's avatar
      Add dtls-srtp to client and server examples · e088cab3
      Ron Eldor authored
      Add dtls-srtp to `ssl_client2` and `ssl_server2` examples,
      for reference and for allowing in tests.
      e088cab3
  5. 03 Jan, 2019 1 commit
  6. 11 Dec, 2018 3 commits
    • Manuel Pégourié-Gonnard's avatar
      Fix const-ness in mbedtls_param_failed() · 3ef6a6dc
      Manuel Pégourié-Gonnard authored
      The previous prototype gave warnings are the strings produced by #cond and
      __FILE__ are const, so we shouldn't implicitly cast them to non-const.
      
      While at it modifying most example programs:
      - include the header that has the function declaration, so that the definition
        can be checked to match by the compiler
      - fix whitespace
      - make it work even if PLATFORM_C is not defined:
          - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
            no reason why it should
          - so, remove the corresponding #if defined in each program...
          - and add missing #defines for mbedtls_exit when needed
      
      The result has been tested (make all test with -Werror) with the following
      configurations:
      
      - full with    CHECK_PARAMS with    PLATFORM_C
      - full with    CHECK_PARAMS without PLATFORM_C
      - full without CHECK_PARAMS without PLATFORM_C
      - full without CHECK_PARAMS with    PLATFORM_C
      
      Additionally, it has been manually tested that adding
      
          mbedtls_aes_init( NULL );
      
      near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
      expected effect when running the program.
      3ef6a6dc
    • Manuel Pégourié-Gonnard's avatar
      Remove leftover from testing · 2c210737
      Manuel Pégourié-Gonnard authored
      2c210737
    • Simon Butcher's avatar
      Add handlers for parameter validation in the sample programs · 63cb97e5
      Simon Butcher authored
      The sample programs require an additional handler function of
      mbedtls_param_failed() to handle any failed parameter validation checks enabled
      by the MBEDTLS_CHECK_PARAMS config.h option.
      63cb97e5
  7. 30 Nov, 2018 1 commit
  8. 05 Nov, 2018 1 commit
  9. 01 Nov, 2018 2 commits
  10. 26 Oct, 2018 1 commit
  11. 25 Oct, 2018 1 commit
  12. 16 Oct, 2018 1 commit
  13. 15 Oct, 2018 1 commit
  14. 12 Oct, 2018 1 commit
    • Hanno Becker's avatar
      Zeroize sensitive data in aescrypt2 and crypt_and_hash examples · 0b44d5cc
      Hanno Becker authored
      This commit replaces multiple `memset()` calls in the example
      programs aes/aescrypt2.c and aes/crypt_and_hash.c by calls to
      the reliable zeroization function `mbedtls_zeroize()`.
      
      While not a security issue because the code is in the example
      programs, it's bad practice and should be fixed.
      0b44d5cc
  15. 09 Oct, 2018 2 commits
    • Janos Follath's avatar
      Bignum: Deprecate mbedtls_mpi_is_prime() · a0b67c2f
      Janos Follath authored
      When using a primality testing function the tolerable error rate depends
      on the scheme in question, the required security strength and wether it
      is used for key generation or parameter validation. To support all use
      cases we need more flexibility than what the old API provides.
      a0b67c2f
    • Hanno Becker's avatar
      Fix ordering of free()ing of internal structures in ssl_server2 · 095d9cf5
      Hanno Becker authored
      If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS'
      custom buffer allocator is used for calloc() and free(), the
      read buffer used by the server example application is allocated
      from the buffer allocator, but freed after the buffer allocator
      has been destroyed. If memory backtracing is enabled, this leaves
      a memory leak in the backtracing structure allocated for the buffer,
      as found by valgrind.
      
      Fixes #2069.
      095d9cf5
  16. 05 Oct, 2018 1 commit
    • Hanno Becker's avatar
      Fix memory leak and freeing without initialization in cert_write · 30a95102
      Hanno Becker authored
      * The variables `csr` and `issuer_crt` are initialized but not freed.
      * The variable `entropy` is unconditionally freed in the cleanup section
        but there's a conditional jump to that section before its initialization.
        This cmmot Moves it to the other initializations happening before the
        first conditional jump to the cleanup section.
      
      Fixes #1422.
      30a95102
  17. 28 Aug, 2018 2 commits