Jaeden Amero
10a1a60966
Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
2018-03-14 18:03:41 +00:00
Jaeden Amero
0980d9a3ae
Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed
2018-03-14 17:53:27 +00:00
Jaeden Amero
4e3629590f
Merge remote-tracking branch 'upstream-public/pr/1452' into mbedtls-2.1-proposed
2018-03-14 17:38:21 +00:00
Krzysztof Stachowiak
d3cec99377
Update change log
2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
a7a8332402
Update change log
2018-03-14 14:35:12 +01:00
Manuel Pégourié-Gonnard
b0661769ab
x509: CRL: reject unsupported critical extensions
2018-03-14 09:28:24 +01:00
Gilles Peskine
df6f3dd9b0
Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed
2018-03-13 17:28:42 +01:00
Gilles Peskine
8c1217984b
Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed
...
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
2018-03-13 17:26:49 +01:00
Hanno Becker
41b6189ef7
Adapt ChangeLog
...
Add note about fix of memory leak in RSA self test.
2018-03-13 10:42:43 +00:00
Gilles Peskine
5e533f43ee
Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed
2018-03-12 23:51:50 +01:00
Gilles Peskine
889de8eedb
Merge branch 'pr_1276' into mbedtls-2.1-proposed
2018-03-12 23:51:01 +01:00
Gilles Peskine
681f5aacfe
Align ChangeLog entry with 2.7
2018-03-12 23:50:18 +01:00
Gilles Peskine
8da4f864a5
Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed
2018-03-12 23:44:48 +01:00
Gilles Peskine
adee19582e
Merge branch 'pr_1409' into mbedtls-2.1-proposed
2018-03-11 00:52:36 +01:00
Gilles Peskine
d38464698e
Merge remote-tracking branch 'upstream-public/pr/1295' into mbedtls-2.1-proposed
2018-03-11 00:52:35 +01:00
Gilles Peskine
9a00ef3cf1
Merge branch 'pr_953' into HEAD
2018-03-11 00:52:24 +01:00
Gilles Peskine
b1e6efd55d
This fixes #664
2018-03-11 00:51:02 +01:00
Gilles Peskine
15967a8501
Fix grammar in ChangeLog entry
2018-03-11 00:15:56 +01:00
Gilles Peskine
af18faca22
Merge remote-tracking branch 'upstream-public/pr/937' into mbedtls-2.1-proposed
2018-03-10 23:52:22 +01:00
Manuel Pégourié-Gonnard
f1985570a9
Fix order of sections in ChangeLog
2018-03-06 10:34:56 +01:00
Hanno Becker
89e7422a27
Add ChangeLog entry for previous security fix
...
Fixes #825
2018-03-05 13:46:10 +01:00
itayzafrir
cabc098a0f
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
...
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-03-05 09:50:58 +02:00
Gilles Peskine
7fded85f43
Add attribution for #1351 report
2018-02-27 08:41:56 +01:00
Gilles Peskine
25ec9cc9b3
Merge branch 'prr_428' into mbedtls-2.1-proposed
2018-02-22 16:24:13 +01:00
Gilles Peskine
e9256c5f46
Note incompatibility of truncated HMAC extension in ChangeLog
...
The change in the truncated HMAC extension aligns Mbed TLS with the
standard, but breaks interoperability with previous versions. Indicate
this in the ChangeLog, as well as how to restore the old behavior.
2018-02-22 16:17:52 +01:00
mohammad1603
2b1eea7202
Remove extra new lines
...
Remove extra new lines
2018-02-22 05:13:34 -08:00
mohammad1603
f65add4f60
Backport 2.1:Add guard to out_left to avoid negative values
...
return error when f_send return a value greater than out_left
2018-02-22 05:07:15 -08:00
Jaeden Amero
c07ef140ff
Add ChangeLog entry for PR #1384
2018-02-22 08:33:52 +00:00
Gilles Peskine
ac33180219
Merge branch 'pr_1354' into mbedtls-2.1
2018-02-20 16:37:17 +01:00
Gilles Peskine
37e1adb7cd
Mention in ChangeLog that this fixes #1351
2018-02-20 16:35:32 +01:00
Gilles Peskine
2e50efad44
Merge remote-tracking branch 'upstream-public/pr/1334' into mbedtls-2.1-proposed
2018-02-14 15:13:37 +01:00
Gilles Peskine
c0577f3931
Note in the changelog that this fixes an interoperability issue.
...
Fixes #1339
2018-02-14 11:33:30 +01:00
Antonio Quartulli
b9e3c6d9c6
pkcs5v2: add support for additional hmacSHA algorithms
...
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.
This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).
Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Ron Eldor
5a2525c2fd
Rephrase Changelog
...
Rephrase Changelog to be more coherent to users
2018-02-07 12:09:58 +02:00
Ron Eldor
3a3b654027
Fix handshake failure in suite B
...
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-07 12:09:46 +02:00
Simon Butcher
bdf548e5d8
Update ChangeLog with language and technical corrections
...
To clarify and correct the ChangeLog.
2018-02-05 08:43:38 +00:00
Jaeden Amero
4913826aff
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2018-01-30 17:33:25 +00:00
Hanno Becker
235854503b
Adapt ChangeLog
2018-01-30 11:58:16 +00:00
Gilles Peskine
36dde9e67a
Added ChangeLog entry for 64-bit ILP32 fix
2018-01-29 21:59:12 +01:00
Andres Amaya Garcia
65915438b8
Add ChangeLog entry for 64-bit ILP32 fixes
2018-01-29 21:59:12 +01:00
Jaeden Amero
035f6ea288
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2018-01-29 12:53:07 +00:00
Manuel Pégourié-Gonnard
3e6222dacb
Fix alarm(0) failure on mingw32
...
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 13:23:40 +01:00
Jaeden Amero
bfafd12789
Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted
2018-01-26 18:09:14 +00:00
Jaeden Amero
e5b443e2d6
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2018-01-24 15:24:42 +00:00
Andres AG
8ad5acd6da
Fix corner case uses of memory_buffer_alloc.c
...
The corner cases fixed include:
* Allocating a buffer of size 0. With this change, the allocator now
returns a NULL pointer in this case. Note that changes in pem.c and
x509_crl.c were required to fix tests that did not work under this
assumption.
* Initialising the allocator with less memory than required for headers.
* Fix header chain checks for uninitialised allocator.
2018-01-23 21:03:49 +00:00
Gilles Peskine
a2ef78d50c
Merge remote-tracking branch 'upstream-restricted/pr/442' into mbedtls-2.1-restricted
2018-01-23 00:47:43 +01:00
Ron Eldor
1ac9aa7085
Set correct minimal versions in default conf
...
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:03:12 +01:00
Ron Eldor
998a4de3fa
Fix Changelog notation
...
Remove backticks, since ChangeLog is not in MarkDown
2018-01-22 19:14:11 +02:00
Ron Eldor
a1413e05e9
Fix compilation error with Mingw32
...
Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use
`_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by
Thomas Glanzmann and Nick Wilson on issue #355
2018-01-22 19:06:57 +02:00
Gilles Peskine
f700ef38fa
Add ChangeLog entry
2018-01-22 14:38:53 +01:00
Hanno Becker
4ecd34f86c
Adapt ChangeLog
2018-01-17 17:47:58 +00:00
Jaeden Amero
1010760d91
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2018-01-10 13:16:26 +00:00
Manuel Pégourié-Gonnard
022954f4bd
Fix heap-buffer overread in ALPN ext parsing
2018-01-10 12:04:07 +01:00
Hanno Becker
f34f4e53c9
Adapt ChangeLog
2018-01-10 10:48:53 +00:00
Manuel Pégourié-Gonnard
c313e7e679
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
...
* mbedtls-2.1:
selftest: fix build error in some configurations
Timing self test: shorten redundant tests
Timing self test: increased duration
Timing self test: increased tolerance
selftest: allow excluding a subset of the tests
selftest: allow running a subset of the tests
selftest: fixed an erroneous return code
selftest: refactor to separate the list of tests from the logic
Timing self test: print some diagnosis information
mbedtls_timing_get_timer: don't use uninitialized memory
timing interface documentation: minor clarifications
Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:43:51 +01:00
Gilles Peskine
d39496233b
Timing self test: increased duration
...
Increase the duration of the self test, otherwise it tends to fail on
a busy machine even with the recently upped tolerance. But run the
loop only once, it's enough for a simple smoke test.
2017-12-20 21:58:25 +01:00
Gilles Peskine
edede44d97
selftest: allow running a subset of the tests
...
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:31:32 +01:00
Gilles Peskine
b29e70bb01
mbedtls_timing_get_timer: don't use uninitialized memory
...
mbedtls_timing_get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.
As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 19:33:48 +01:00
Gilles Peskine
3099b43c6b
Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
...
The POSIX/Unix implementation of mbedtls_set_alarm did not set the
mbedtls_timing_alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 19:33:38 +01:00
Manuel Pégourié-Gonnard
4aa6f12d0c
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
...
* mbedtls-2.1:
Allow comments in test data files
2017-12-19 12:20:18 +01:00
Manuel Pégourié-Gonnard
86bc448e75
Merge remote-tracking branch 'public/pr/1118' into mbedtls-2.1
...
* public/pr/1118:
Allow comments in test data files
2017-12-19 12:19:52 +01:00
Manuel Pégourié-Gonnard
329d0904ab
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
...
* mbedtls-2.1:
Address PR review comments
Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:43:10 +01:00
Manuel Pégourié-Gonnard
227692a6b1
Merge remote-tracking branch 'public/pr/1160' into mbedtls-2.1
...
* public/pr/1160:
Address PR review comments
Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:42:29 +01:00
Manuel Pégourié-Gonnard
451ea75286
Merge remote-tracking branch 'restricted/pr/412' into mbedtls-2.1-restricted
...
* restricted/pr/412:
Correct record header size in case of TLS
Don't allocate space for DTLS header if DTLS is disabled
Improve debugging output
Adapt ChangeLog
Add run-time check for handshake message size in ssl_write_record
Add run-time check for record content size in ssl_encrypt_buf
Add compile-time checks for size of record content and payload
2017-12-19 11:33:07 +01:00
Hanno Becker
de42c59b91
Add affiliation of bug reporter to credits in the ChangeLog
2017-12-07 15:16:04 +00:00
Gilles Peskine
92e6a0e71a
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2017-12-04 18:01:28 +00:00
Gilles Peskine
a15486a35f
Merge branch 'pr_1044' into mbedtls-2.1
2017-12-04 17:29:28 +01:00
Gilles Peskine
45c8f6a38a
Added ChangeLog entry
2017-12-04 17:28:09 +01:00
Gilles Peskine
4b36dfb820
Merge remote-tracking branch 'upstream-public/pr/1174' into mbedtls-2.1
2017-12-04 17:20:45 +01:00
Andres Amaya Garcia
7d03060228
Add ChangeLog entry
2017-12-01 21:42:19 +01:00
Gilles Peskine
aed7188b2e
Merge remote-tracking branch 'upstream-restricted/pr/427' into mbedtls-2.1-restricted
2017-12-01 18:05:40 +01:00
Hanno Becker
e84d901816
Update ChangeLog
2017-12-01 10:20:47 +00:00
Hanno Becker
e9dcb843b2
Adapt ChangeLog
2017-12-01 10:18:22 +00:00
Gilles Peskine
6cf85ff1a4
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2017-11-29 21:07:28 +01:00
Gilles Peskine
49349bacb9
Merge remote-tracking branch 'upstream-public/pr/1153' into mbedtls-2.1
2017-11-29 20:53:58 +01:00
Gilles Peskine
f663c22ab7
Merge remote-tracking branch 'upstream-public/pr/916' into mbedtls-2.1
2017-11-29 20:53:44 +01:00
Gilles Peskine
1854a0e0cd
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2017-11-28 18:44:49 +01:00
Gilles Peskine
25aa833ac3
Merge branch 'pr_1082' into mbedtls-2.1
2017-11-28 18:33:50 +01:00
Gilles Peskine
026d18aefa
Add ChangeLog entry
2017-11-28 18:33:31 +01:00
Gilles Peskine
283a80d51f
Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1
2017-11-28 18:31:28 +01:00
Gilles Peskine
31dce36364
Merge remote-tracking branch 'upstream-public/pr/1080' into mbedtls-2.1
2017-11-28 18:30:18 +01:00
Gilles Peskine
a6f6947490
Merge remote-tracking branch 'upstream-public/pr/943' into mbedtls-2.1
2017-11-28 18:28:39 +01:00
Gilles Peskine
1b8822e9b3
Merge remote-tracking branch 'upstream-restricted/pr/422' into mbedtls-2.1-restricted
...
Resolved simple conflicts caused by the independent addition of
calls to mbedtls_zeroize with sometimes whitespace or comment
differences.
2017-11-28 16:21:07 +01:00
Gilles Peskine
9aab6995a9
Merge remote-tracking branch 'upstream-restricted/pr/406' into mbedtls-2.1-restricted
2017-11-28 16:19:19 +01:00
Gilles Peskine
5a8fe053d8
Merge remote-tracking branch 'upstream-restricted/pr/401' into mbedtls-2.1-restricted
2017-11-28 14:24:15 +01:00
Gilles Peskine
336b7de48a
Merge remote-tracking branch 'upstream-restricted/pr/386' into mbedtls-2.1-restricted
2017-11-28 14:24:05 +01:00
Gilles Peskine
206110dcb9
Merge branch 'iotssl-1419-safermemcmp-volatile_backport-2.1' into mbedtls-2.1-restricted
2017-11-28 13:51:37 +01:00
Gilles Peskine
2f615af5cf
add changelog entry
2017-11-28 13:34:24 +01:00
Gilles Peskine
e881a22126
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2017-11-24 16:06:16 +01:00
Gilles Peskine
d08ae68237
Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1
2017-11-24 15:37:29 +01:00
Gilles Peskine
5eb8edc0cb
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2017-11-23 20:11:07 +01:00
Gilles Peskine
7aa24190b4
Merge remote-tracking branch 'upstream-public/pr/1107' into mbedtls-2.1
2017-11-23 20:09:48 +01:00
Gilles Peskine
a90c3da42f
Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge-2.1' into mbedtls-2.1-restricted
2017-11-23 19:06:29 +01:00
Gilles Peskine
86eece9e87
ChangeLog entry for ssl_parse_client_psk_identity fix
2017-11-23 19:04:39 +01:00
Manuel Pégourié-Gonnard
aed00f7bf7
Merge remote-tracking branch 'restricted/pr/417' into mbedtls-2.1-restricted
...
* restricted/pr/417:
RSA PSS: remove redundant check; changelog
RSA PSS: fix first byte check for keys of size 8N+1
RSA PSS: fix minimum length check for keys of size 8N+1
RSA: Fix another buffer overflow in PSS signature verification
RSA: Fix buffer overflow in PSS signature verification
2017-11-23 12:13:49 +01:00
Darryl Green
1b052e80aa
Add checks for private parameter in mbedtls_ecdsa_sign()
2017-11-20 17:11:17 +00:00
Hanno Becker
b09c5721f5
Adapt ChangeLog
2017-11-20 10:43:48 +00:00
Manuel Pégourié-Gonnard
ea0aa655f6
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
...
* mbedtls-2.1:
Fix typo in asn1.h
Improve leap year test names in x509parse.data
Correctly handle leap year in x509_date_is_valid()
Renegotiation: Add tests for SigAlg ext parsing
Parse Signature Algorithm ext when renegotiating
Fix changelog for ssl_server2.c usage fix
Fix ssl_server2 sample application prompt
Update ChangeLog for fix to #836
Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Enhance documentation of mbedtls_ssl_set_hostname
Add test case calling ssl_set_hostname twice
Make mbedtls_ssl_set_hostname safe to be called multiple times
Fix typo in configs/README.txt file
2017-11-14 08:38:52 +01:00
Hanno Becker
d43764f9d3
Adapt ChangeLog
2017-11-06 15:10:38 +00:00
Ron Eldor
5bd272627b
Backport 2.1:Fix crash when calling mbedtls_ssl_cache_free
twice
...
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-30 18:09:40 +02:00
Hanno Becker
25e39d38bd
Add ChangeLog message for EC private exponent information leak
2017-10-25 15:46:31 +01:00
Hanno Becker
cf873f74d4
Adapt ChangeLog
2017-10-25 15:46:31 +01:00
Hanno Becker
489f80cbf5
Adapt ChangeLog
2017-10-24 11:56:58 +01:00
Gilles Peskine
9745cfd87d
RSA PSS: remove redundant check; changelog
...
Remove a check introduced in the previous buffer overflow fix with keys of
size 8N+1 which the subsequent fix for buffer start calculations made
redundant.
Added a changelog entry for the buffer start calculation fix.
2017-10-23 14:49:43 +02:00
Hanno Becker
b658ee63c2
Adapt ChangeLog
2017-10-19 15:45:17 +01:00
Gilles Peskine
d0cd855145
RSA: Fix another buffer overflow in PSS signature verification
...
Fix buffer overflow in RSA-PSS signature verification when the masking
operation results in an all-zero buffer. This could happen at any key size.
2017-10-17 19:19:55 +02:00
Gilles Peskine
5c3247120f
RSA: Fix buffer overflow in PSS signature verification
...
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.
Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
2017-10-17 19:16:14 +02:00
Hanno Becker
e27543dee1
Adapt ChangeLog
2017-10-13 16:54:58 +01:00
Andres Amaya Garcia
bc041130b0
Correctly handle leap year in x509_date_is_valid()
...
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:03:01 +01:00
Ron Eldor
bac9d4d90f
Parse Signature Algorithm ext when renegotiating
...
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 13:58:08 +01:00
Hanno Becker
ffa7a33ee4
Adapt ChangeLog
2017-10-05 09:08:06 +01:00
Hanno Becker
fbaeea4693
Adapt ChangeLog
2017-10-04 14:15:53 +01:00
Simon Butcher
5d39aceb04
Fix changelog for ssl_server2.c usage fix
2017-10-02 19:17:57 +01:00
Gilles Peskine
e38900b1a1
Allow comments in test data files
2017-10-02 11:26:09 +02:00
Simon Butcher
72e9ba2ce3
Update ChangeLog for fix to #836
2017-09-30 23:51:44 +01:00
Hanno Becker
c7845e51f3
Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
...
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:49:01 +01:00
Hanno Becker
380aa64d65
Adapt ChangeLog
2017-09-28 16:26:17 +01:00
Hanno Becker
a89dbd168e
Adapt ChangeLog
2017-09-28 14:38:26 +01:00
Janos Follath
f341083b3c
DHM: Fix dhm_check_range() always returning 0
...
Although the variable ret was initialised to an error, the
MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being
0 whenewer the bignum computation was successfull and stayed 0
independently of the actual check.
2017-09-21 10:42:18 +01:00
Andres Amaya Garcia
41a38dfed6
Add ChangeLog entry
2017-09-15 11:01:40 +01:00
Sanne Wouda
bfdcfba05f
Add Changelog entry
2017-09-13 11:53:28 +01:00
Ron Eldor
00cb3af4ab
Backport 2.1:Add configuration file in md.h
...
include `*config.h*` in md.h as MACROS in the header file get ignored.
Fix for #1001 .
2017-09-07 14:42:51 +03:00
Ron Eldor
4dc8af77a9
Backport 2.1:Set PEM buffer to zero before freeing
...
Set PEM buffer to zero before freeing it, to avoid private keys
being leaked to memory after releasing it.
2017-09-07 11:08:00 +03:00
Simon Butcher
1fe5e8ab44
Update version number to 2.1.9
2017-08-10 11:51:47 +01:00
Simon Butcher
a30508309e
Fix language in Changelog for clarity
2017-08-10 10:48:33 +01:00
Simon Butcher
ea27c997c0
Improve documentation of PKCS1 decryption functions
...
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-08-01 23:00:34 +01:00
Hanno Becker
223f88dd2e
Adapt ChangeLog
2017-07-28 22:15:31 +01:00
Hanno Becker
3948a101b6
Adapt ChangeLog
2017-07-28 21:42:50 +01:00
Simon Butcher
246bf6932d
Fix duplication in Changelog introduced by merge
2017-07-28 13:08:07 +01:00
Ron Eldor
b5851193eb
Backport 2.1: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 12:21:38 +01:00
Hanno Becker
58897fbd7d
Correct indentation and labelling in ChangeLog
2017-07-28 12:20:48 +01:00
Janos Follath
4721831ffb
Fix typos
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
83765655dd
Add ChangeLog entry for the security issue
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
c386317298
Only return VERIFY_FAILED from a single point
...
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
489939f829
Improve behaviour on fatal errors
...
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-28 12:20:47 +01:00
Andres AG
b322be507b
Prevent signed integer overflow in CSR parsing
...
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-26 17:59:20 +01:00
Andres AG
1f06d9bac7
Fix potential integer overflow parsing DER CRT
...
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-26 17:57:43 +01:00
Andres AG
0ff660e0a6
Fix potential integer overflow parsing DER CRL
...
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-26 17:56:42 +01:00
Ron Eldor
a886ce3c88
Backport 2.1: Check rc of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-20 01:25:53 +02:00
Ron Eldor
0fb3e0afb9
Backport: Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-20 01:05:47 +02:00
Ron Eldor
ee709f4d13
Backport 2.1: Wrong preproccessor condition fix
...
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-20 00:47:20 +02:00
Ron Eldor
5ff277ee1e
Backport 2.1: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:30:44 +02:00
Andres Amaya Garcia
11d2db1701
Improve ChangeLog entry
2017-07-12 11:10:46 +01:00
Andres Amaya Garcia
55a5235ea1
Add ChangeLog entry for buf zeroize
2017-07-12 11:10:46 +01:00
Simon Butcher
fbb9837ad5
Update the version number to 2.1.8
2017-06-20 23:31:06 +01:00
Janos Follath
3fb1cc37a6
Improve Changelog
2017-06-16 14:15:08 +01:00
Manuel Pégourié-Gonnard
89930b354c
Merge remote-tracking branch 'restricted/iotssl-1398_backport-2.1' into mbedtls-2.1-restricted
...
* restricted/iotssl-1398_backport-2.1:
Add ChangeLog entry
Ensure application data records are not kept when fully processed
Add hard assertion to mbedtls_ssl_read_record_layer
Fix mbedtls_ssl_read
Simplify retaining of messages for future processing
2017-06-09 15:06:31 +02:00
Manuel Pégourié-Gonnard
43df7e6bb7
Merge near-duplicate ChangeLog entries
...
As agreed with Gilles on the PR discussion page
2017-06-09 14:47:42 +02:00
Hanno Becker
88647ace2b
Add ChangeLog entry
2017-06-09 11:30:33 +01:00
Manuel Pégourié-Gonnard
e2356722c0
ChangeLog cosmetics
2017-06-08 20:36:58 +02:00