Merge 'development-restricted'

This commit is contained in:
Simon Butcher 2017-02-05 20:13:05 +00:00
commit ac63477e5a
2 changed files with 6 additions and 2 deletions

View File

@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx = mbed TLS 2.x.x branch released xxxx-xx-xx
Security
* Removed MD5 from the allowed hash algorithms for CertificateRequest and
CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
Introduced by interoperability fix for #513.
Bugfix Bugfix
* Fix the redefinition of macro ssl_set_bio to an undefined symbol * Fix the redefinition of macro ssl_set_bio to an undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.

View File

@ -7653,8 +7653,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
#if defined(MBEDTLS_MD5_C) #if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5: case MBEDTLS_SSL_HASH_MD5:
ssl->handshake->calc_verify = ssl_calc_verify_tls; return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
break;
#endif #endif
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
case MBEDTLS_SSL_HASH_SHA1: case MBEDTLS_SSL_HASH_SHA1: