Simon Butcher
04799a4274
Fixed copy and paste error
...
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Simon Butcher
8f98842e38
Refined credits in ChangeLog for fuzzing issue
...
Changed GDS to Gotham Digital Science
2015-09-22 10:10:36 +01:00
Manuel Pégourié-Gonnard
8cea8ad8b8
Bump version to 2.1.1
2015-09-17 11:58:45 +02:00
Simon Butcher
ac58c53ab1
Merge remote-tracking branch 'origin/development'
2015-09-16 23:25:25 +01:00
Simon Butcher
7dd82f8fd5
Merge branch 'development' with bugfix branch
...
Conflicts:
ChangeLog
2015-09-16 16:21:38 +01:00
Simon Butcher
5793e7ef01
Merge 'development' into iotssl-411-port-reuse
...
Conflicts:
ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
f7022d1131
Fix bug in server parsing point formats extension
...
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.
Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
cause us to immediately abort the handshake.
None of these are a security issue.
The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Simon Butcher
a1a1128f7d
Updated ChangeLog for fix #275
2015-09-14 21:30:40 +01:00
Simon Butcher
d69f14bed8
Updated Changelog for new version
2015-09-11 20:00:20 +01:00
Simon Butcher
8a52a7468d
Added PR to Changelog for NWilson
2015-09-11 19:44:34 +01:00
Manuel Pégourié-Gonnard
c2ed8029ff
Fix ChangeLog - misplaced entries
2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard
14c2574a9d
Update Changelog
2015-09-08 15:12:45 +02:00
Simon Butcher
e5a21b4493
Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
...
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard
5f50104c52
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d
Fix possible client crash on API misuse
2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
0a0c22e0ef
Add ChangeLog entry about license change
2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard
aac5502553
Bump version to 2.1.0
2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6
Merging iotssl-457-badtail with development branch
2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
b2beb84be6
Changelog entry fro the previous commit
2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard
1385a289f4
Fix possible mutex lock/unlock mismatch
...
fixes #257
2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard
c98204e68f
Fix missing break in switch for SSL presets
...
closes #235
2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard
ed46c436c0
Fix error when loading libmbedtls.so
2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard
e33316c607
Add test build of shared libs for windows
2015-08-07 13:22:37 +02:00
Manuel Pégourié-Gonnard
32da9f66a8
Add support for MBEDTLS_USER_CONFIG_FILE
2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
9983993e27
Fix bug with make install without tests
...
closes #232
2015-08-03 10:42:10 +02:00
Manuel Pégourié-Gonnard
2006408545
Fix Make bug when installing programs
2015-08-03 10:40:38 +02:00
Manuel Pégourié-Gonnard
052d10c9d5
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
e96ce08a21
Fix compile error with armcc5 --gnu
2015-07-31 10:58:06 +02:00
Simon Butcher
10a6f02f83
Merge branch 'development' into IOTSSL-442-hello-noext
...
Conflicts:
ChangeLog
2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard
52a5079cf2
Fix bug with install target in make
...
closes #223
2015-07-27 10:36:12 +02:00
Manuel Pégourié-Gonnard
6f42417ba8
Fix typo in that broke installation in cmake
...
closes #221
2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654
Fix bug with extension-less ServerHello
...
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug
in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
bcb0460224
Fix bug with cmake and old version of GCC
2015-07-19 16:00:04 +02:00
Manuel Pégourié-Gonnard
4f3368e31e
Fix bug in benchmark.c with DHM params
2015-07-19 15:01:28 +02:00
Paul Bakker
4cb87f409d
Prepare for 2.0.0 release
2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
abc729e664
Simplify net_accept() with UDP sockets
...
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
91895853ac
Move from naked int to a structure in net.c
...
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard
a25ffc3b0f
Update Changelog for target split
2015-06-25 12:01:16 +02:00
Manuel Pégourié-Gonnard
53585eeb17
Remove test DHM params from certs.c
...
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
fd474233c8
Change SSL debug API in the library
2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
1cd10adc7c
Update prototype of x509write_set_key_usage()
...
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
60c793bdc9
Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
...
First one means we have time() but it may not return the actual wall clock
time, second means it does.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
797f48ace6
Rename ecp_curve_info.size to bit_size
2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210
Rename key_length in cipher_info
2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
88d37859b6
Update Changelog for the profiles branch
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
7ee5ddd798
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix compile errors with NO_STD_FUNCTIONS
Expand config.pl's notion of "full"
Ack external bugfix in Changelog
FIx misplaced Changelog entry (oops)
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5
Fix compile errors with NO_STD_FUNCTIONS
2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
f2ec505c34
Ack external bugfix in Changelog
2015-06-03 09:50:07 +01:00
Manuel Pégourié-Gonnard
3e87a9f57f
FIx misplaced Changelog entry (oops)
2015-06-03 09:48:26 +01:00