Commit Graph

1172 Commits

Author SHA1 Message Date
Simon Butcher
a8002f8f39 Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1 2018-05-23 17:58:10 +01:00
Simon Butcher
7350ab18df Fix ChangeLog for PR #1582 following merge 2018-05-23 17:55:02 +01:00
Simon Butcher
e64bf3968e Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1 2018-05-23 17:53:23 +01:00
Simon Butcher
13188782a0 Fix up ChangeLog following rebase to mbedtls-2.1.12 2018-05-11 16:41:07 +01:00
Andres AG
879e62697e Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2018-05-11 16:38:38 +01:00
Jaeden Amero
3263f46a0e Merge remote-tracking branch 'upstream-restricted/pr/480' into mbedtls-2.1-restricted 2018-04-30 17:38:15 +01:00
Simon Butcher
50d802172f Fix the ChangeLog for clarity, english and credit 2018-04-30 17:23:10 +01:00
Jaeden Amero
6c0fba4350 Update version to 2.1.12 2018-04-27 13:13:54 +01:00
Jaeden Amero
4faad41346 Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed
Remove trailing whitespace from ChangeLog.
2018-04-26 11:09:15 +01:00
Jaeden Amero
7db991d56a Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
Resolve conflicts in ChangeLog
2018-04-26 09:03:14 +01:00
Andrzej Kurek
128bcbea1a Changelog entry 2018-04-25 05:29:47 -04:00
Andrzej Kurek
bb6661479f ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-23 08:29:36 -04:00
Mohammad Azim Khan
3f1d5cb324 Same ciphersuite validation in server and client hello 2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard
1e2f4da801 Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed
* restricted/pr/469:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Adjust 2.1 specific code to match the buffer verification tests
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:22:24 +02:00
Darryl Green
ce52b58da0 Fix braces in mbedtls_memory_buffer_alloc_status() 2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak
8fc134fcb1 Update change log 2018-04-05 08:51:35 +02:00
fbrosson
0620206db3 Backport 2.1: Use "#!/usr/bin/env perl" as shebang line. 2018-04-04 22:29:59 +00:00
Gilles Peskine
24f4584473 Align ChangeLog entry for PR #1396 with development 2018-04-04 10:18:37 +02:00
Jaeden Amero
23d979bee0 Merge remote-tracking branch 'upstream-public/pr/1554' into mbedtls-2.1-proposed 2018-04-03 19:15:28 +01:00
AndrzejKurek
0de430678e pk_sign: fix overriding and ignoring return values 2018-04-03 19:38:45 +02:00
Jaeden Amero
ac9939c096 Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed 2018-04-03 18:27:18 +01:00
Jaeden Amero
ee6c822076 Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed 2018-04-03 12:07:19 +01:00
Gilles Peskine
225684015d Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed 2018-04-01 12:41:33 +02:00
Gilles Peskine
8b1cddcf26 Merge remote-tracking branch 'upstream-public/pr/1542' into mbedtls-2.1-proposed 2018-04-01 12:41:00 +02:00
Gilles Peskine
419e670702 Minor changelog improvement 2018-04-01 12:33:35 +02:00
Gilles Peskine
04450488ec Add ChangeLog entry to credit independent contribution
Also: fixes #1437
2018-03-31 23:06:09 +02:00
Andrzej Kurek
a1149a70ae Add tests for "return plaintext data faster on unpadded decryption" 2018-03-30 05:00:19 -04:00
Darryl Green
093c170377 Improve documentation of mbedtls_ssl_write() 2018-03-29 16:56:09 +01:00
Jaeden Amero
cbe731c653 Merge remote-tracking branch 'upstream-public/pr/1532' into mbedtls-2.1-proposed 2018-03-29 11:03:17 +01:00
Jaeden Amero
82e288adb6 Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed 2018-03-29 10:59:43 +01:00
Jaeden Amero
616485854e Merge remote-tracking branch 'upstream-public/pr/1469' into mbedtls-2.1-proposed 2018-03-28 15:36:01 +01:00
Jaeden Amero
478baecc06 Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed 2018-03-28 15:34:25 +01:00
Ivan Krylov
1110a6fa63 Add ChangeLog entry 2018-03-28 17:25:12 +03:00
Jaeden Amero
8b4cd26eaf Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed 2018-03-28 13:44:28 +01:00
Gilles Peskine
f362b97415 Add ChangeLog entry
Fixes #1299. Fixes #1475.
2018-03-27 23:22:37 +02:00
Andres Amaya Garcia
47569d7384 Add ChangeLog entry for PBES2 when ASN1 disabled 2018-03-27 21:34:15 +01:00
Andres Amaya Garcia
bc00667a90 Improve ChangeLog for DLEXT and AR_DASH changes 2018-03-27 20:07:52 +01:00
Andres Amaya Garcia
83bffd353e Add ChangeLog entry for library/makefile changes 2018-03-26 00:15:21 +01:00
Gilles Peskine
eea857dc0d Add ChangeLog entry 2018-03-23 14:38:14 +01:00
Gilles Peskine
d888bd2c65 Add changelog entries for improved testing
Fixes #1040
2018-03-23 02:29:49 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
mohammad1603
cee0890b19 Verify that f_send and f_recv send and receive the expected length
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
2018-03-22 15:01:02 -07:00
Andres Amaya Garcia
2a0aee3163 Add ChangeLog entry for redundant mutex initialization optimizations 2018-03-21 17:40:48 +00:00
Andres Amaya Garcia
09d787f2fc Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:24:32 +00:00
Jaeden Amero
1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Jaeden Amero
7f44963f45 Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed 2018-03-15 15:24:47 +00:00
Ron Eldor
82712a9c97 Write correct number of ciphersuites in log
Change location of log, to fit the correct number of used ciphersuites
2018-03-15 15:09:28 +00:00
Jaeden Amero
23f503f12d Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed 2018-03-14 18:32:21 +00:00
Jaeden Amero
5e50ff8f44 Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed 2018-03-14 18:16:29 +00:00
Jaeden Amero
10a1a60966 Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed 2018-03-14 18:03:41 +00:00
Jaeden Amero
0980d9a3ae Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed 2018-03-14 17:53:27 +00:00
Jaeden Amero
4e3629590f Merge remote-tracking branch 'upstream-public/pr/1452' into mbedtls-2.1-proposed 2018-03-14 17:38:21 +00:00
Krzysztof Stachowiak
d3cec99377 Update change log 2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
a7a8332402 Update change log 2018-03-14 14:35:12 +01:00
Manuel Pégourié-Gonnard
b0661769ab x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
Gilles Peskine
df6f3dd9b0 Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed 2018-03-13 17:28:42 +01:00
Gilles Peskine
8c1217984b Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
2018-03-13 17:26:49 +01:00
Hanno Becker
41b6189ef7 Adapt ChangeLog
Add note about fix of memory leak in RSA self test.
2018-03-13 10:42:43 +00:00
Gilles Peskine
5e533f43ee Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed 2018-03-12 23:51:50 +01:00
Gilles Peskine
889de8eedb Merge branch 'pr_1276' into mbedtls-2.1-proposed 2018-03-12 23:51:01 +01:00
Gilles Peskine
681f5aacfe Align ChangeLog entry with 2.7 2018-03-12 23:50:18 +01:00
Gilles Peskine
8da4f864a5 Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed 2018-03-12 23:44:48 +01:00
Gilles Peskine
adee19582e Merge branch 'pr_1409' into mbedtls-2.1-proposed 2018-03-11 00:52:36 +01:00
Gilles Peskine
d38464698e Merge remote-tracking branch 'upstream-public/pr/1295' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine
9a00ef3cf1 Merge branch 'pr_953' into HEAD 2018-03-11 00:52:24 +01:00
Gilles Peskine
b1e6efd55d This fixes #664 2018-03-11 00:51:02 +01:00
Gilles Peskine
15967a8501 Fix grammar in ChangeLog entry 2018-03-11 00:15:56 +01:00
Gilles Peskine
af18faca22 Merge remote-tracking branch 'upstream-public/pr/937' into mbedtls-2.1-proposed 2018-03-10 23:52:22 +01:00
Manuel Pégourié-Gonnard
f1985570a9 Fix order of sections in ChangeLog 2018-03-06 10:34:56 +01:00
Hanno Becker
89e7422a27 Add ChangeLog entry for previous security fix
Fixes #825
2018-03-05 13:46:10 +01:00
itayzafrir
cabc098a0f Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-03-05 09:50:58 +02:00
Gilles Peskine
7fded85f43 Add attribution for #1351 report 2018-02-27 08:41:56 +01:00
Gilles Peskine
25ec9cc9b3 Merge branch 'prr_428' into mbedtls-2.1-proposed 2018-02-22 16:24:13 +01:00
Gilles Peskine
e9256c5f46 Note incompatibility of truncated HMAC extension in ChangeLog
The change in the truncated HMAC extension aligns Mbed TLS with the
standard, but breaks interoperability with previous versions. Indicate
this in the ChangeLog, as well as how to restore the old behavior.
2018-02-22 16:17:52 +01:00
mohammad1603
2b1eea7202 Remove extra new lines
Remove extra new lines
2018-02-22 05:13:34 -08:00
mohammad1603
f65add4f60 Backport 2.1:Add guard to out_left to avoid negative values
return error when f_send return a value greater than out_left
2018-02-22 05:07:15 -08:00
Jaeden Amero
c07ef140ff Add ChangeLog entry for PR #1384 2018-02-22 08:33:52 +00:00
Gilles Peskine
ac33180219 Merge branch 'pr_1354' into mbedtls-2.1 2018-02-20 16:37:17 +01:00
Gilles Peskine
37e1adb7cd Mention in ChangeLog that this fixes #1351 2018-02-20 16:35:32 +01:00
Gilles Peskine
2e50efad44 Merge remote-tracking branch 'upstream-public/pr/1334' into mbedtls-2.1-proposed 2018-02-14 15:13:37 +01:00
Gilles Peskine
c0577f3931 Note in the changelog that this fixes an interoperability issue.
Fixes #1339
2018-02-14 11:33:30 +01:00
Antonio Quartulli
b9e3c6d9c6 pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Ron Eldor
5a2525c2fd Rephrase Changelog
Rephrase Changelog to be more coherent to users
2018-02-07 12:09:58 +02:00
Ron Eldor
3a3b654027 Fix handshake failure in suite B
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-07 12:09:46 +02:00
Simon Butcher
bdf548e5d8 Update ChangeLog with language and technical corrections
To clarify and correct the ChangeLog.
2018-02-05 08:43:38 +00:00
Jaeden Amero
4913826aff Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-30 17:33:25 +00:00
Hanno Becker
235854503b Adapt ChangeLog 2018-01-30 11:58:16 +00:00
Gilles Peskine
36dde9e67a Added ChangeLog entry for 64-bit ILP32 fix 2018-01-29 21:59:12 +01:00
Andres Amaya Garcia
65915438b8 Add ChangeLog entry for 64-bit ILP32 fixes 2018-01-29 21:59:12 +01:00
Jaeden Amero
035f6ea288 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-29 12:53:07 +00:00
Manuel Pégourié-Gonnard
3e6222dacb Fix alarm(0) failure on mingw32
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 13:23:40 +01:00
Jaeden Amero
bfafd12789 Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted 2018-01-26 18:09:14 +00:00
Jaeden Amero
e5b443e2d6 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-24 15:24:42 +00:00
Andres AG
8ad5acd6da Fix corner case uses of memory_buffer_alloc.c
The corner cases fixed include:
    * Allocating a buffer of size 0. With this change, the allocator now
      returns a NULL pointer in this case. Note that changes in pem.c and
      x509_crl.c were required to fix tests that did not work under this
      assumption.
    * Initialising the allocator with less memory than required for headers.
    * Fix header chain checks for uninitialised allocator.
2018-01-23 21:03:49 +00:00
Gilles Peskine
a2ef78d50c Merge remote-tracking branch 'upstream-restricted/pr/442' into mbedtls-2.1-restricted 2018-01-23 00:47:43 +01:00
Ron Eldor
1ac9aa7085 Set correct minimal versions in default conf
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:03:12 +01:00
Ron Eldor
998a4de3fa Fix Changelog notation
Remove backticks, since ChangeLog is not in MarkDown
2018-01-22 19:14:11 +02:00
Ron Eldor
a1413e05e9 Fix compilation error with Mingw32
Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use
`_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by
Thomas Glanzmann and Nick Wilson on issue #355
2018-01-22 19:06:57 +02:00
Gilles Peskine
f700ef38fa Add ChangeLog entry 2018-01-22 14:38:53 +01:00