Hanno Becker
470a8c4d87
Deprecate mbedtls_ssl_conf_dh_param
2017-10-04 15:28:46 +01:00
Hanno Becker
5e6b8d7d29
Add missing whitespace
2017-10-04 13:41:36 +01:00
Hanno Becker
0482fd597a
Remove reference to utility program for RFC 3526/7919 verification
2017-10-04 13:39:08 +01:00
Hanno Becker
5a7c35d1a8
Correct documentation of mbedtls_ssl_conf_dh_param
2017-10-04 13:32:12 +01:00
Hanno Becker
a6dd90de30
Add error string for failure code in mbedtls_dhm_set_group
2017-10-04 13:17:52 +01:00
Hanno Becker
ab74056037
Make use of mbedtls_dhm_set_group
when generating DHM params
2017-10-04 13:17:52 +01:00
Hanno Becker
8880e75dcb
Add new function mbedtls_dhm_set_group to DHM Group
2017-10-04 13:17:52 +01:00
Hanno Becker
00d0a6834a
Adapt code setting default DHM parameters
2017-10-04 13:17:49 +01:00
Hanno Becker
b953921a4e
Adapt benchmark application to naming and binary format
2017-10-04 13:13:34 +01:00
Hanno Becker
e2fcfa84ea
Stick to the use of constant-macros
...
This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros
providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated.
2017-10-04 13:12:15 +01:00
Hanno Becker
f9734b35b5
Change wording of warnings
2017-10-03 12:09:22 +01:00
Hanno Becker
f240ea0b50
Expand documentation of mbedtls_dhm_read_params
2017-10-02 15:09:14 +01:00
Hanno Becker
d4d856265e
Don't use deprecated macro form of DHM moduli in benchmark program
2017-10-02 15:06:27 +01:00
Hanno Becker
f8258e7d5a
Adapt documentation of mbedtls_ssl_conf_dh_param
to new moduli
2017-10-02 15:04:40 +01:00
Hanno Becker
de6c1644cc
Add brackets around arguments of internal macro DHM_MPI_EXPORT
2017-10-02 15:03:15 +01:00
Hanno Becker
70da2c545b
Improve documentation of mbedtls_dhm_make_params
2017-10-02 15:02:59 +01:00
Hanno Becker
a2f6b72cbb
Add warnings regarding the use of DHM in general
2017-09-28 11:06:31 +01:00
Hanno Becker
e764324d96
Improve documentation in dhm.h
2017-09-28 11:06:31 +01:00
Hanno Becker
e71ad12cd5
Minor code-improvements in dhm.c
2017-09-28 11:06:31 +01:00
Hanno Becker
13be990114
Correct expectation in DHM test in ssl-opt.sh
...
The previous test expected a DHM group generator of size 2048 bits, while with
the change to RFC 7919, the base is 2, so has bit-size 2.
2017-09-28 11:06:31 +01:00
Hanno Becker
4c72b000cb
Add const-qualifiers to prime constants
2017-09-27 16:06:37 +01:00
Hanno Becker
b1d4d1fa6e
Add description of how the primes from RFC 3526/7919 were generated
2017-09-27 12:43:57 +01:00
Hanno Becker
8c8b0ab877
Change default Diffie-Hellman parameters from RFC 5114 to RFC 7919
...
The origin of the primes in RFC 5114 is undocumented and their use therefore
constitutes a security risk.
2017-09-27 12:43:57 +01:00
Hanno Becker
b2bad800e4
Introduce Diffie-Hellman parameters from RFC 7919
2017-09-27 12:43:55 +01:00
Hanno Becker
0e6dc84f3e
Deprecate Diffie-Hellman groups from RFC 5114
...
Also, change the way the standardized Diffie-Hellman groups are provided from
macro-based string-literals to global variables.
2017-09-27 11:48:02 +01:00
Andres Amaya Garcia
01692531c6
Document code silently discarding invalid records
2017-09-14 20:20:31 +01:00
Andres Amaya Garcia
f569f701c2
Fix ChangeLog entry
2017-09-14 20:20:21 +01:00
Andres Amaya Garcia
06fc6650f4
Add ChangeLog entry
2017-09-14 20:20:15 +01:00
Andres Amaya Garcia
2fad94b193
Dont send alert on invalid DTLS record type
...
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-14 20:18:37 +01:00
Simon Butcher
72ea31b026
Update version number to 2.6.0
2017-08-10 11:51:16 +01:00
Simon Butcher
01971d094e
Fix language in Changelog for clarity
2017-08-10 10:48:01 +01:00
Hanno Becker
85b602e5d0
Improve documentation of PKCS1 decryption functions
...
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-08-01 22:48:41 +01:00
Simon Butcher
3f2557e6f1
Fix style and missing item in ChangeLog
2017-08-01 18:06:12 +01:00
Simon Butcher
a418e82a35
Add credit to Changelog to fix for #666
2017-07-28 23:52:10 +01:00
Simon Butcher
a55e084bce
Fix naked call to time() with platform call
...
In ssl_cache.c a call to time() was being made instead of it's platform
equivalent.
2017-07-28 23:46:43 +01:00
Simon Butcher
9fae22269b
Fix ChangeLog for duplication after merge
2017-07-28 22:32:23 +01:00
Hanno Becker
61937d4a83
Rename time and index parameter to avoid name conflict.
...
As noted in #557 , several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.
This commit renames the arguments accordingly.
2017-07-28 22:28:08 +01:00
Hanno Becker
840bace417
Correct comment
2017-07-28 22:28:08 +01:00
Hanno Becker
7ec83df47f
Adapt ChangeLog
2017-07-28 22:28:08 +01:00
Hanno Becker
ce37e6269e
Reliably zeroize sensitive data in AES sample application
...
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Hanno Becker
f601ec5f34
Reliably zeroize sensitive data in Crypt-and-Hash sample application
...
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Andres AG
6b171e4aec
Fix potential integer overflow parsing DER CRT
...
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-28 22:28:04 +01:00
Andres AG
ce49a25033
Fix potential integer overflow parsing DER CRL
...
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-28 22:28:04 +01:00
Ron Eldor
2dfb02151d
Move the git scripts to correct path
...
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-28 22:28:04 +01:00
Ron Eldor
cf61d7d992
Update after @sbutcher-arm comments
...
1. Move the scripts to test/git-scripts folder
2. Support the script to run independant, not only with git
3. modify Readme accordingly
2017-07-28 22:28:04 +01:00
Ron Eldor
13067fca9d
Fix slash direction for linux path
...
Update direction of the slash, for linux path, after @hanno-arm comments
2017-07-28 22:28:04 +01:00
Ron Eldor
e9b3f7ea3f
Add note for the git_hoos README file
...
Add a note to the git_hooks README.md file, to state that currently
they only work on GNU platforms
2017-07-28 22:28:04 +01:00
Ron Eldor
f16ce1cfb7
Pre push hook script
...
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-28 22:28:04 +01:00
Ron Eldor
a207e75089
Check return code of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-28 22:27:30 +01:00
Ron Eldor
7faf92a2fe
Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-28 22:27:30 +01:00