Commit Graph

1546 Commits

Author SHA1 Message Date
Jaeden Amero
3b69174852 Merge remote-tracking branch 'upstream-public/pr/1886' into mbedtls-2.7 2018-08-10 10:50:34 +01:00
Simon Butcher
51a46b9b38 Add ChangeLog entry for bug #1890 2018-07-30 22:15:14 +01:00
Ron Eldor
f19a7ab45d Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:13:18 +03:00
Philippe Antoine
84cc74e82b Fix undefined shifts
- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key

and in ssl_cli.c : unsigned char gets promoted to signed integer
2018-07-26 22:49:42 +01:00
Simon Butcher
5ef42fd415 Merge remote-tracking branch 'restricted/pr/500' into mbedtls-2.7-restricted 2018-07-26 14:33:14 +01:00
Angus Gratton
cb7a5b0b0c Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:08:06 +03:00
Simon Butcher
a64621929f Clarify Changelog entries
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:30:20 +01:00
Jaeden Amero
8385110ae8 Update version to 2.7.5 2018-07-25 15:43:21 +01:00
Simon Butcher
7daacda940 Merge remote-tracking branch 'restricted/pr/494' into mbedtls-2.7 2018-07-24 23:40:53 +01:00
Simon Butcher
b47e0a68ab Merge remote-tracking branch 'public/pr/1805' into mbedtls-2.7 2018-07-24 13:16:25 +01:00
Simon Butcher
a8ee41ce80 Revise ChangeLog entry for empty data records fixes 2018-07-24 12:59:21 +01:00
Simon Butcher
d5a3ed36b8 Merge remote-tracking branch 'public/pr/1863' into mbedtls-2.7 2018-07-24 12:57:15 +01:00
Simon Butcher
b65d6ce83f Merge remote-tracking branch 'public/pr/1870' into mbedtls-2.7 2018-07-24 10:30:11 +01:00
Simon Butcher
c6a0fd8e83 Add ChangeLog entry for #1098 fix. 2018-07-24 10:17:36 +01:00
Simon Butcher
48883cd800 Merge remote-tracking branch 'public/pr/1780' into mbedtls-2.7 2018-07-20 14:40:51 +01:00
Simon Butcher
7924d93209 Fix ChangeLog entry for issue #1663
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:54:18 +01:00
Simon Butcher
bc5ec41c01 Merge remote-tracking branch 'public/pr/1847' into mbedtls-2.7 2018-07-19 19:48:25 +01:00
Simon Butcher
be347c6e21 Merge remote-tracking branch 'public/pr/1849' into mbedtls-2.7 2018-07-19 16:13:07 +01:00
Ron Eldor
8839e31fbc Update ChangeLog
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:13:53 +03:00
Andres Amaya Garcia
8e346dc793 Add ChangeLog entry for empty app data fix 2018-07-16 20:14:53 +01:00
Angus Gratton
8946b0dd30 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:12:56 +01:00
Angus Gratton
1ba8e911ec CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:12:47 +01:00
k-stachowiak
55bea65ca9 Update change log 2018-07-16 12:30:48 +02:00
Manuel Pégourié-Gonnard
aba8c5bb3d Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
aeeaaf271c Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
5fcfd0345d Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:18:37 +02:00
Simon Butcher
a063fff51a Fix Changelog entry for #1533 fix as a Change not a bugfix 2018-07-10 15:20:26 +01:00
Simon Butcher
28f68a3d15 Merge remote-tracking branch 'public/pr/1809' into mbedtls-2.7 2018-07-10 14:58:51 +01:00
Simon Butcher
a159d64e86 Merge remote-tracking branch 'public/pr/1827' into mbedtls-2.7 2018-07-10 12:50:16 +01:00
Gilles Peskine
b2d88404a3 Add ChangeLog entry 2018-07-10 13:05:11 +02:00
k-stachowiak
6cba569e3f Update change log 2018-07-09 14:45:00 +02:00
Philippe Antoine
33e5c32a5b Fixes different off by ones 2018-07-09 10:39:02 +02:00
Ron Eldor
98848f020c Minor fixes
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-05 15:01:51 +03:00
Simon Butcher
318cd2cc93 Add ChangeLog entry for #992 fix 2018-07-02 12:14:30 +01:00
Simon Butcher
c6bf5b4953 Add fix for #1550 and credit to the ChangeLog 2018-07-01 17:10:30 +01:00
niisato
2120ef85c7 Add ChangeLog 2018-06-29 11:25:02 +01:00
Ron Eldor
6a5d6e2295 Update ChangeLog
Update ChangeLog with a less ambigous description.
2018-06-28 15:50:47 +03:00
Ron Eldor
335cf423f9 Add entry in ChangeLog
Add an entry in the ChangeLog, describing the fix.
2018-06-28 15:50:37 +03:00
Simon Butcher
41c23b5a49 Adds referene in ChangeLog for issue #1623 2018-06-28 12:13:57 +01:00
Simon Butcher
a67b20c582 Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1 2018-06-28 11:59:51 +01:00
Ron Eldor
22bc7c17bb Add entry in ChangeLog
Add entry in ChangeLog for compilation error fix of #1719
2018-06-28 08:46:12 +03:00
Ron Eldor
4624030dc4 Documentation error in mbedtls_ssl_get_session
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-06-27 17:49:23 +03:00
Simon Butcher
035d824ad5 Merge remote-tracking branch 'public/pr/1768' into mbedtls-2.7 2018-06-27 11:09:27 +01:00
Simon Butcher
c5edf81065 Merge remote-tracking branch 'public/pr/1772' into mbedtls-2.7 2018-06-27 11:08:33 +01:00
Simon Butcher
f15cfd5d04 Merge remote-tracking branch 'public/pr/1557' into mbedtls-2.7 2018-06-27 11:07:50 +01:00
Ron Eldor
612a600186 Fix typo in ChangeLog
Fix typo in ChangeLog discovered in PR review
2018-06-24 17:23:29 +03:00
Ron Eldor
df9b93e768 Remove unneeded namesapcing in header files
Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue #857
2018-06-24 17:23:16 +03:00
Simon Butcher
9a08e44972 Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse() 2018-06-22 12:02:59 +01:00
Andres Amaya Garcia
294331a315 Add ChangeLog entry for mbedtls_ssl_write() docs 2018-06-21 19:27:44 +01:00
Ron Eldor
cf2305e513 Add tests for mbedtls_cipher_crypt API
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
2018-06-21 14:02:23 +03:00
Simon Butcher
662ae9eaae Change the library version to 2.7.4 2018-06-18 14:42:14 +01:00
Simon Butcher
02582b2804 Add ChangeLog entry for clang version fix. Issue #1072 2018-06-18 11:56:13 +01:00
Simon Butcher
112dfd5bc5 Merge remote-tracking branch 'public/pr/1728' into mbedtls-2.7 2018-06-15 13:02:40 +01:00
Simon Butcher
83c7ecbf5b Merge remote-tracking branch 'public/pr/1732' into mbedtls-2.7 2018-06-15 13:00:30 +01:00
Simon Butcher
d8ea8d41a3 Add ChangeLog entry for Microblaze fix 2018-06-15 09:30:34 +01:00
Simon Butcher
47212c8e2c Merge remote-tracking branch 'public/pr/1581' into mbedtls-2.7 2018-06-14 11:02:43 +01:00
Simon Butcher
da46a40855 Merge remote-tracking branch 'public/pr/1711' into mbedtls-2.7 2018-06-14 11:01:14 +01:00
Simon Butcher
49de6b89c1 Compilation warning fixes on 32b platfrom with IAR
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683

This is based on work by Ron Eldor in PR #750, some of which was independently
fixed by Azim Khan and already merged in PR #1655.
2018-06-14 09:05:55 +01:00
Simon Butcher
a96b9d46f7 Add entry for PR #1646, for IAR Compiler Warnings fix
PR #1655 is a change to the behaviour of the CMake files therefore should be
recorded in the Changelog.
2018-06-12 17:42:02 +01:00
Simon Butcher
856870952a Merge remote-tracking branch 'public/pr/1709' into mbedtls-2.7 2018-06-12 17:25:19 +01:00
Simon Butcher
ee3a3d4a72 Merge remote-tracking branch 'public/pr/1470' into mbedtls-2.7 2018-06-11 11:30:33 +01:00
Simon Butcher
4e5edf3184 Add ChangeLog entry for _WIN32_WINNT override fix 2018-06-08 16:23:17 +01:00
Simon Butcher
bb5e1c3973 Fix multiple quality issues in the source
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
2018-06-08 11:14:43 +01:00
Moran Peker
9259b3be03 Remove double declaration of mbedtls_ssl_list_ciphersuites
Raised by TrinityTonic. #1359
2018-05-23 18:22:29 +01:00
Darryl Green
68207f868b Fix braces in mbedtls_memory_buffer_alloc_status() 2018-05-23 16:32:33 +01:00
Jaeden Amero
f8887521ef Merge remote-tracking branch 'upstream-restricted/pr/479' into mbedtls-2.7-restricted 2018-04-30 17:38:39 +01:00
Simon Butcher
88cc94168c Fix the ChangeLog for clarity, english and credit 2018-04-30 17:23:00 +01:00
Jaeden Amero
1fc4d33f5f Update version to 2.7.3 2018-04-27 13:15:45 +01:00
Jaeden Amero
07d1d5f270 Merge remote-tracking branch 'upstream-restricted/pr/473' into mbedtls-2.7-restricted-proposed
Remove trailing whitespace in ChangeLog.
2018-04-26 09:07:15 +01:00
Jaeden Amero
402256184a Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
Resolve conflicts in ChangeLog.
2018-04-26 09:03:51 +01:00
Andrzej Kurek
ef30d96739 Changelog entry 2018-04-25 05:29:00 -04:00
Andrzej Kurek
c3a3e2df0e ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-23 08:39:13 -04:00
Mohammad Azim Khan
0acbd7df03 Same ciphersuite validation in server and client hello 2018-04-20 19:58:37 +01:00
Manuel Pégourié-Gonnard
8bce3685f5 Merge remote-tracking branch 'restricted/pr/468' into mbedtls-2.7-restricted-proposed
* restricted/pr/468:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:21:36 +02:00
fbrosson
3a7457136e Backport 2.7: Use "#!/usr/bin/env perl" as shebang line. 2018-04-04 22:26:56 +00:00
Krzysztof Stachowiak
7da5088289 Update change log 2018-04-04 13:47:40 +02:00
Gilles Peskine
1852d66a24 Align ChangeLog entry for PR #1401 with development 2018-04-04 10:19:24 +02:00
Jaeden Amero
33be84f679 Merge remote-tracking branch 'upstream-public/pr/1502' into mbedtls-2.7-proposed 2018-04-03 19:16:12 +01:00
Jaeden Amero
d8e0cec63b Merge remote-tracking branch 'upstream-public/pr/1464' into mbedtls-2.7-proposed 2018-04-03 18:27:54 +01:00
Jaeden Amero
b5f53b1039 Merge remote-tracking branch 'upstream-public/pr/1401' into mbedtls-2.7-proposed 2018-04-03 12:09:45 +01:00
Gilles Peskine
595c84a7b1 Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed 2018-04-01 12:41:29 +02:00
Gilles Peskine
27d88212c9 Merge remote-tracking branch 'upstream-public/pr/1541' into mbedtls-2.7-proposed 2018-04-01 12:40:51 +02:00
Gilles Peskine
a0e03a81a7 Merge branch 'pr_1538' into mbedtls-2.7-proposed 2018-04-01 12:35:50 +02:00
Gilles Peskine
ab50464f42 Minor changelog improvement 2018-04-01 12:32:37 +02:00
Gilles Peskine
f3df741d8f Add ChangeLog entry to credit independent contribution
Also: fixes #1437
2018-03-31 23:05:14 +02:00
Darryl Green
28448b267f Improve documentation of mbedtls_ssl_write() 2018-03-29 16:51:16 +01:00
Andrzej Kurek
a6f0957a42 Move changelog entry to bugfix from changes 2018-03-29 08:45:57 -04:00
Andrzej Kurek
a24adde168 Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
Jaeden Amero
0c692cda8b Merge remote-tracking branch 'upstream-public/pr/758' into mbedtls-2.7-proposed 2018-03-29 11:02:52 +01:00
Jaeden Amero
38e37bdd56 Merge remote-tracking branch 'upstream-public/pr/1529' into mbedtls-2.7-proposed 2018-03-29 11:00:09 +01:00
Jaeden Amero
5166a188eb Merge remote-tracking branch 'upstream-public/pr/1468' into mbedtls-2.7-proposed 2018-03-28 15:36:36 +01:00
Jaeden Amero
0d891042d1 Merge remote-tracking branch 'upstream-public/pr/1524' into mbedtls-2.7-proposed 2018-03-28 15:33:45 +01:00
Jaeden Amero
ef59b732c2 Merge remote-tracking branch 'upstream-public/pr/1479' into mbedtls-2.7-proposed 2018-03-28 14:21:19 +01:00
Ivan Krylov
065ecf587f Changelog: use my real name (#758) 2018-03-28 16:19:18 +03:00
Jethro Beekman
004e37117c Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-28 11:29:21 +02:00
Gilles Peskine
1dc8e81f47 Add ChangeLog entry
Fixes #1299. Fixes #1475.
2018-03-27 23:18:52 +02:00
Andres Amaya Garcia
3b4d5c2f7f Add ChangeLog entry for PBES2 when ASN1 disabled 2018-03-27 21:25:57 +01:00
Andres Amaya Garcia
8ee215632c Improve ChangeLog for DLEXT and AR_DASH changes 2018-03-27 20:04:17 +01:00
Jaeden Amero
5f97be6369 Merge remote-tracking branch 'upstream-public/pr/1495' into mbedtls-2.7-proposed 2018-03-27 16:47:24 +01:00
Gilles Peskine
9ff0f052b3 Add ChangeLog entry.
Fixes #1353
2018-03-26 18:29:52 +01:00
Gilles Peskine
e4f2736b42 Add ChangeLog entry 2018-03-26 12:29:30 +02:00
Andrzej Kurek
d959492797 pk_sign: fix overriding and ignoring return values 2018-03-26 04:13:24 -04:00
Andres Amaya Garcia
89320a489b Add ChangeLog entry for library/makefile changes 2018-03-26 00:08:40 +01:00
Gilles Peskine
b2f09c3265 Support out-of-tree testing with CMake: add ChangeLog entry.
Fixes #1193
2018-03-23 14:39:52 +01:00
Jaeden Amero
877c6dcf22 Merge remote-tracking branch 'upstream-restricted/pr/456' into mbedtls-2.7 2018-03-23 11:19:43 +00:00
Gilles Peskine
d4dc1a0266 Add changelog entries for improved testing
Fixes #1040
2018-03-23 02:19:49 +01:00
Gilles Peskine
2cfeb887b4 Merge tag 'mbedtls-2.7.2' into iotssl-1381-x509-verify-refactor-2.7-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:12:44 +01:00
mohammad1603
2ea2d686e2 Verify that f_send and f_recv send and receive the expected length
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
2018-03-22 14:56:28 -07:00
Gilles Peskine
69d1b293fc Merge remote-tracking branch 'myfork/pr_1073' into mbedtls-2.7-proposed 2018-03-22 21:53:22 +01:00
Gilles Peskine
8980da5caf Merge remote-tracking branch 'myfork/pr_726' into mbedtls-2.7-proposed 2018-03-22 21:49:43 +01:00
Gilles Peskine
88c6df1ce8 Add ChangeLog entry 2018-03-22 21:48:28 +01:00
Gilles Peskine
9b9cc616ca Add ChangeLog entry 2018-03-22 17:03:45 +01:00
Andres Amaya Garcia
56c72480ca Add ChangeLog entry for redundant mutex initialization optimizations 2018-03-21 17:39:14 +00:00
Andres Amaya Garcia
d90d0dcaf1 Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:19:47 +00:00
Jaeden Amero
9ae1fba869 Update version to 2.7.2 2018-03-16 16:30:17 +00:00
Jaeden Amero
c9908f010a Merge remote-tracking branch 'upstream-public/pr/1064' into mbedtls-2.7-restricted-proposed 2018-03-15 14:58:24 +00:00
Jaeden Amero
e0b1a73c56 Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:47 +00:00
Jaeden Amero
73923e1575 Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:22 +00:00
Jaeden Amero
8a032e6051 Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed 2018-03-15 14:35:47 +00:00
Jaeden Amero
32ae73b289 Merge remote-tracking branch 'upstream-public/pr/1448' into mbedtls-2.7-proposed 2018-03-15 14:33:29 +00:00
Jaeden Amero
100273ddfb Merge remote-tracking branch 'upstream-public/pr/1449' into mbedtls-2.7-proposed 2018-03-15 14:32:54 +00:00
Jaeden Amero
e1c916ca5e Merge remote-tracking branch 'upstream-public/pr/1451' into mbedtls-2.7-proposed 2018-03-15 08:34:33 +00:00
Krzysztof Stachowiak
4e0141fc00 Update change log 2018-03-14 11:43:00 +01:00
Krzysztof Stachowiak
bcb8149510 Update change log 2018-03-14 11:23:34 +01:00
Manuel Pégourié-Gonnard
5a9f46e57c x509: CRL: reject unsupported critical extensions 2018-03-14 09:24:12 +01:00
Gilles Peskine
6013004fa9 Note in the changelog that this fixes an interoperability issue.
Fixes #1339
2018-03-13 17:27:53 +00:00
Gilles Peskine
64540d9577 Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:46 +01:00
Gilles Peskine
955d70459d Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:33 +01:00
Gilles Peskine
427ff4836c Merge remote-tracking branch 'upstream-public/pr/1219' into mbedtls-2.7-proposed 2018-03-12 23:52:24 +01:00
Gilles Peskine
c5671bdcf4 Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed 2018-03-12 23:44:56 +01:00
Gilles Peskine
8eda5ec8b4 Merge branch 'pr_1408' into mbedtls-2.7-proposed 2018-03-11 00:48:18 +01:00
Gilles Peskine
dd7f5b9a37 Merge remote-tracking branch 'upstream-public/pr/1079' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Gilles Peskine
158fc33368 Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD 2018-03-11 00:47:54 +01:00
Gilles Peskine
3f1b89d251 This fixes #664 2018-03-11 00:35:39 +01:00
Gilles Peskine
0ee482c82c Fix grammar in ChangeLog entry 2018-03-11 00:18:50 +01:00
Gilles Peskine
c0826f1625 Merge remote-tracking branch 'upstream-public/pr/936' into mbedtls-2.7-proposed 2018-03-10 23:48:10 +01:00
Gilles Peskine
9c4f4038dd Add changelog entry 2018-03-10 23:36:30 +01:00
Hanno Becker
70e66395b5 Adapt ChangeLog 2018-03-09 10:46:43 +00:00
Sanne Wouda
cf79312a6d Update changelog entry 2018-03-06 23:31:52 +01:00
Sanne Wouda
52895b2b2e Add Changelog entry 2018-03-06 23:31:52 +01:00
Andres Amaya Garcia
32ec6d4e78 Add ChangeLog entry 2018-03-06 19:26:02 +00:00
Hanno Becker
9a37e0f3be Add ChangeLog entry for previous security fix
Fixes #825
2018-03-05 13:26:28 +01:00
itayzafrir
33d8e3335f Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-03-05 09:46:21 +02:00
Gilles Peskine
f936cb1c1b Add attribution for #1351 report 2018-02-27 10:21:45 +01:00
Jaeden Amero
6a4e22c26c Update version to 2.7.1 2018-02-26 10:53:47 +00:00
mohammad1603
6085c721d2 Backport 2.7:Add guard to out_left to avoid negative values
Add guard to out_left to avoid negative values
2018-02-25 01:18:46 -08:00
Gilles Peskine
3f9cff20d7 Merge branch 'prr_424' into mbedtls-2.7-proposed 2018-02-22 16:07:32 +01:00
Gilles Peskine
30c3433183 Merge remote-tracking branch 'upstream-public/pr/1393' into mbedtls-2.7-proposed 2018-02-22 15:44:24 +01:00
Gilles Peskine
04f9bd028f Note incompatibility of truncated HMAC extension in ChangeLog
The change in the truncated HMAC extension aligns Mbed TLS with the
standard, but breaks interoperability with previous versions. Indicate
this in the ChangeLog, as well as how to restore the old behavior.
2018-02-22 15:41:26 +01:00
Gilles Peskine
4945192099 Add ChangeLog entry for PR #1382 2018-02-22 10:23:13 +00:00
Jaeden Amero
a0d60a4dbc Add ChangeLog entry for PR #1384 2018-02-22 08:28:10 +00:00
Gilles Peskine
8db3efbc76 Add missing MBEDTLS_DEPRECATED_REMOVED guards
Add missing MBEDTLS_DEPRECATED_REMOVED guards around the definitions
of mbedtls_aes_decrypt and mbedtls_aes_encrypt.
This fixes the build under -Wmissing-prototypes -Werror.

Fixes #1388
2018-02-21 19:16:20 +01:00
Gilles Peskine
420386d61d Merge branch 'pr_1352' into mbedtls-2.7-proposed 2018-02-20 16:40:50 +01:00
Gilles Peskine
200b24fdf8 Mention in ChangeLog that this fixes #1351 2018-02-20 16:40:11 +01:00
Gilles Peskine
1e3fd69777 Merge remote-tracking branch 'upstream-public/pr/1333' into development-proposed 2018-02-14 15:12:49 +01:00
Gilles Peskine
49ac5d06ed Merge branch 'pr_1365' into development-proposed 2018-02-14 14:36:44 +01:00
Gilles Peskine
27b0754501 Add ChangeLog entries for PR #1168 and #1362 2018-02-14 14:36:33 +01:00
Gilles Peskine
5daa76537a Add ChangeLog entry for PR #1165 2018-02-14 14:10:24 +01:00
Antonio Quartulli
12ccef2761
pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:15 +08:00
Ron Eldor
099e61df52 Rephrase Changelog
Rephrase Changelog to be more coherent to users
2018-02-06 17:34:27 +02:00
Ron Eldor
85e1dcff6a Fix handshake failure in suite B
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-06 15:59:38 +02:00
Simon Butcher
55fc4e0c5a Update ChangeLog with language and technical corrections
To clarify and correct the ChangeLog.
2018-02-05 08:41:14 +00:00
Jaeden Amero
98b9373849 Merge branch 'development' into development-restricted 2018-01-30 17:32:12 +00:00
Hanno Becker
2a03794d62 Adapt ChangeLog 2018-01-30 14:40:10 +00:00
Gilles Peskine
0edda4236d Added ChangeLog entry for 64-bit ILP32 fix
Fixes #849
2018-01-29 21:31:16 +01:00
Jaeden Amero
26342e54f5 Merge branch 'development' into development-restricted 2018-01-29 12:49:52 +00:00
Jaeden Amero
3b8fbaab87 Merge remote-tracking branch 'upstream-public/pr/1328' into development 2018-01-29 12:49:46 +00:00
Manuel Pégourié-Gonnard
5405962954 Fix alarm(0) failure on mingw32
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 10:24:50 +01:00
Jaeden Amero
2acbf17b97 Merge branch 'development' into development-restricted 2018-01-26 20:57:38 +00:00
Jaeden Amero
751aa510c0 Merge remote-tracking branch 'upstream-public/pr/1303' into development 2018-01-26 20:48:55 +00:00
Jaeden Amero
784de59ccd Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted
- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
2018-01-26 18:43:04 +00:00
Gilles Peskine
7ecab3df4c Error codes for hardware accelerator failures
Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography
modules where the software implementation can be replaced by a hardware
implementation.

This does not include the individual message digest modules since they
currently have no way to return error codes.

This does include the higher-level md, cipher and pk modules since
alternative implementations and even algorithms can be plugged in at
runtime.
2018-01-26 17:56:38 +01:00
Jaeden Amero
a03587b848 Merge branch 'development' into development-restricted 2018-01-26 12:48:04 +00:00
Jaeden Amero
791e08ad8b Add a ChangeLog entry 2018-01-26 12:04:12 +00:00
Jaeden Amero
66954e1c1f Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
Jaeden Amero
005239e3ed Merge remote-tracking branch 'upstream-public/pr/1294' into development 2018-01-25 14:47:39 +00:00
Jaeden Amero
65ba60a975 Merge branch 'development' into development-restricted 2018-01-25 10:09:03 +00:00
Jaeden Amero
cef0c5a2c8 Merge remote-tracking branch 'upstream-public/pr/1304' into development 2018-01-25 10:07:39 +00:00
Hanno Becker
087d5ad593 Minor improvement in ChangeLog 2018-01-24 16:06:25 +00:00
Jaeden Amero
3c082ce293 Merge branch 'development' into development-restricted 2018-01-24 15:17:15 +00:00
Gilles Peskine
9b534666a2 Add ChangeLog entry 2018-01-24 10:47:19 +00:00
Hanno Becker
616d1ca605 Add support for alternative ECJPAKE implementation
This commit allows users to provide alternative implementations of the
ECJPAKE interface through the configuration option MBEDTLS_ECJPAKE_ALT.
When set, the user must add `ecjpake_alt.h` declaring the same
interface as `ecjpake.h`, as well as add some compilation unit which
implements the functionality. This is in line with the preexisting
support for alternative implementations of other modules.
2018-01-24 10:36:22 +00:00
Andres AG
9cf1f96a7b Fix corner case uses of memory_buffer_alloc.c
The corner cases fixed include:
    * Allocating a buffer of size 0. With this change, the allocator now
      returns a NULL pointer in this case. Note that changes in pem.c and
      x509_crl.c were required to fix tests that did not work under this
      assumption.
    * Initialising the allocator with less memory than required for headers.
    * Fix header chain checks for uninitialised allocator.
2018-01-23 19:37:44 +00:00
Gilles Peskine
41b40e6463 Merge remote-tracking branch 'upstream-restricted/pr/441' into development-restricted 2018-01-23 00:59:51 +01:00
Gilles Peskine
aaaa98cd60 Merge branch 'development-proposed' into development-restricted 2018-01-23 00:59:17 +01:00
Gilles Peskine
ff812804fb Merge branch 'pr_1239' into development-proposed 2018-01-23 00:58:13 +01:00
Gilles Peskine
cb1e5eb326 Merge branch 'pr_1000' into development-proposed 2018-01-23 00:57:34 +01:00
Gilles Peskine
550a2b036b Merge branch 'pr_1163' into development-proposed 2018-01-23 00:57:26 +01:00
Gilles Peskine
7a0c6b8e95 Add ChangeLog entry 2018-01-22 23:16:52 +01:00
Gilles Peskine
26faa11630 Add ChangeLog entry 2018-01-22 23:13:22 +01:00
Gilles Peskine
980d203a6b Add ChangeLog entry 2018-01-22 23:10:53 +01:00
Ron Eldor
5e9f14d4d9 Set correct minimal versions in default conf
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:06:44 +01:00
Gilles Peskine
0a96910e55 MD API deprecation: ChangeLog updates
Use the updated names for the new functions (xxx_ret instead of xxx_ext).

List the new deprecations in the appropriate sections.

Credit the independent report of the misuse of zeroizing to reset a
hash context in entropy.c.
2018-01-22 14:55:20 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Gilles Peskine
d40c22ba20 Merge branch 'development' into development-restricted 2018-01-17 08:03:33 +01:00
Gilles Peskine
5098400d71 Add ChangeLog entry 2018-01-17 08:01:37 +01:00
Jaeden Amero
91d49e8b6a ChangeLog: Use Steven Cooreman's correct name 2018-01-12 13:48:55 +00:00
Jaeden Amero
31f3f0b87b Merge branch 'development' into development-restricted 2018-01-10 13:17:02 +00:00
Hanno Becker
997e2184c5 Adapt ChangeLog 2018-01-10 10:41:39 +00:00
Jaeden Amero
f342cb791b Merge branch 'development' into development-restricted 2018-01-09 13:16:37 +00:00