Simon Butcher
c1d54bb7b2
Update library version to 1.3.18
2016-10-17 23:40:14 +01:00
Janos Follath
441d6f9833
Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
...
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.
The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.
Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.
Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 14:14:16 +01:00
Andres AG
6ad5d9450a
Fix documentation for mbedtls_gcm_finish()
...
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-13 12:54:32 +01:00
Janos Follath
17da9dd829
Add option for relaxed X509 time verification.
...
The certificates are not valid according to the RFC, but are in wide
distribution across the internet. Hence the request to add a
compile-time flag to accept these certificates if wanted by the
application.
If POLARSSL_RELAXED_X509_DATE is enabled it will allow dates without
seconds, and allow dates with timezones (but doesn't actually use
the timezone).
Patch provided by OpenVPN.
2016-09-30 09:04:18 +01:00
Simon Butcher
4f7b13bd79
Changed library version number to 1.3.17
2016-06-27 19:37:31 +01:00
Janos Follath
4dfecabb97
Update default configuration
...
Change the default settings for SSL and modify the tests accordingly.
2016-03-14 13:40:43 +00:00
Manuel Pégourié-Gonnard
54f2c490ed
Avoid build errors with -O0 due to assembly
2016-01-08 15:30:03 +01:00
Simon Butcher
84181adae8
Change version number to 1.3.16
...
Changed version for library files and yotta module
2016-01-04 22:49:30 +00:00
Simon Butcher
d7fe6fbd76
Fix for MPI divide on MSVC
...
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 22:39:18 +00:00
Simon Butcher
14400c8fb0
Merge memory leak fix into branch 'mbedtls-1.3'
...
Merge of fix for memory leak in RSA-SSA signing - #372
2016-01-02 00:28:19 +00:00
Simon Butcher
1f4e08c979
Changed version number to 1.3.15
...
Changed for library
2015-11-05 15:44:46 +00:00
Manuel Pégourié-Gonnard
7bbabeae8f
Disable reportedly broken assembly of Sparc(64)
...
fixes #292
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
c094a97223
ECHDE-PSK does not use a certificate
...
fixes #270
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
ad9c68ab21
Fix typo in documenation
2015-10-20 09:38:10 +02:00
Simon Butcher
9b52b804c7
Corrected misleading fn description in ssl_cache.h
...
Mistake in comments spotted by Andris Mednis
2015-10-19 19:35:04 +01:00
Manuel Pégourié-Gonnard
f093bde91e
Bump version to 1.3.14
2015-10-05 19:06:46 +01:00
Manuel Pégourié-Gonnard
c5934272fc
Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
...
* mbedtls-1.3:
Fix spurious #endif from previous cherry-pick
Fix macroization of inline in C++
Add missing warning in doc
Fix compile error in net.c with musl libc
2015-10-05 17:06:24 +01:00
Simon Butcher
36abef4c5c
Merge multiple backported vulnerability fixes
2015-10-05 16:44:59 +01:00
Manuel Pégourié-Gonnard
fa647a75a1
Fix references to non-standard SIZE_T_MAX
...
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:29:48 +01:00
Manuel Pégourié-Gonnard
cf1db3cf1c
Fix spurious #endif from previous cherry-pick
2015-10-05 14:57:01 +01:00
Manuel Pégourié-Gonnard
20607bb0fa
Fix macroization of inline in C++
...
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 14:28:17 +01:00
Manuel Pégourié-Gonnard
ded3ae500b
Add missing warning in doc
...
Found by Nicholas Wilson
fixes #288
2015-10-05 14:18:16 +01:00
Manuel Pégourié-Gonnard
6d6018383e
Fix typos in ChangeLog and comments
2015-10-01 18:20:55 +02:00
Manuel Pégourié-Gonnard
48ec2c7b5e
Fix potential overflow in base64_encode
2015-10-01 10:07:28 +02:00
Simon Butcher
c988f32add
Added max length checking of hostname
2015-09-29 23:27:20 +01:00
Manuel Pégourié-Gonnard
df048c59cf
Bump version to 1.3.13
2015-09-17 11:53:14 +02:00
Manuel Pégourié-Gonnard
89789be80f
Fix handling of new config option
...
fixes #256
2015-08-27 09:54:16 +02:00
Paul Bakker
3edec6c4ed
Prepare for 1.3.12 release
2015-08-11 13:22:10 +01:00
Manuel Pégourié-Gonnard
027ead91e5
Disable padlock asm with ASan
...
Causes errors with some versions of ASan
2015-08-10 17:44:53 +02:00
Manuel Pégourié-Gonnard
705de2f98d
Revert "Avoid formatting debug message uselessly"
...
This reverts commit 925a72628b
.
Reason: introduced an ABI change in the maintenance branch.
2015-08-10 17:36:47 +02:00
Manuel Pégourié-Gonnard
cc86ac5d56
Fix compile error with armcc5 --gnu
2015-08-10 12:10:39 +02:00
Manuel Pégourié-Gonnard
501084c764
Add warning/errors about deprecated config items
2015-07-15 11:18:40 +02:00
Manuel Pégourié-Gonnard
5574546524
Document thread-safety of the RSA functions
2015-07-03 17:51:10 +02:00
Manuel Pégourié-Gonnard
f0f399d66c
Up default server DHM size to 2048 bits
2015-07-03 17:45:57 +02:00
Manuel Pégourié-Gonnard
925a72628b
Avoid formatting debug message uselessly
2015-06-29 19:47:17 +02:00
Manuel Pégourié-Gonnard
9ea1b23cc4
Up min size of DHM params to 1024 bits on client
2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
6c3ccf5fd0
Fix thread-safety issue in debug.c
...
Closes #203
2015-06-29 18:52:57 +02:00
Paul Bakker
19eef51487
Prepare for 1.3.11 release
2015-06-04 14:49:19 +02:00
Manuel Pégourié-Gonnard
dccb80b7e5
Fix compile errors with NO_STD_FUNCTIONS
2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
6ca7624952
Mark unused constant as such
2015-06-02 09:55:32 +01:00
Manuel Pégourié-Gonnard
48647b9255
Merge remote-tracking branch 'nw/misc' into mbedtls-1.3
...
* nw/misc:
Typos and doc additions
2015-05-12 12:48:12 +02:00
Nicholas Wilson
d0fa5ccbb0
Typos and doc additions
2015-05-11 10:44:11 +01:00
Manuel Pégourié-Gonnard
e16b62c3a9
Make results of (ext)KeyUsage accessible
2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e
Fix missing NULL check in MPI
2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard
39a183a629
Add x509_crt_verify_info()
2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
a1e32415d5
Fix macro name from wrong branch
2015-04-15 11:21:24 +02:00
Paul Bakker
6152b0267c
Fixed typos
2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard
23ce09b18f
Deprecate HAVE_INT8 and HAVE_INT16
2015-04-09 14:51:51 +02:00
Manuel Pégourié-Gonnard
a98af5e2b2
Deprecate using NET_C without HAVE_IPV6
2015-04-09 14:40:46 +02:00
Manuel Pégourié-Gonnard
8c3f0f4c16
Official deprecate compat-1.2.h and openssl.h
2015-04-09 14:10:26 +02:00