Commit Graph

970 Commits

Author SHA1 Message Date
Simon Butcher
ef8fa012ea Tidied up style and phrasing of ChangeLog 2016-10-16 00:44:08 +01:00
Janos Follath
240f185b79 Update ChangeLog for MBEDTLS_SELF_TEST fix 2016-10-14 15:23:21 +01:00
Simon Butcher
8e00410402 Merge fix for AEAD Random IVs 2016-10-14 00:48:33 +01:00
Simon Butcher
9800a058ae Merge branch 'development' 2016-10-13 17:25:56 +01:00
Simon Butcher
99000142cb Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
Simon Butcher
2bd0fbaad0 Update to Changelog for #626 2016-10-13 16:29:56 +01:00
Simon Butcher
488c08c00b Merge branch fixing date validity in X.509 2016-10-13 16:13:09 +01:00
Simon Butcher
59bffa2df0 Update Changelog for X.509 unrecognised field fix 2016-10-13 15:55:56 +01:00
Simon Butcher
511526720c Merge fix for branch SSL client overread 2016-10-13 15:39:09 +01:00
Simon Butcher
b81496b9b5 Update and clean up Changelog for #622 2016-10-13 14:03:37 +01:00
Simon Butcher
d05192501b Added credit to Changelog for fix #558 2016-10-13 13:54:48 +01:00
Janos Follath
e5dc202469 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 13:54:48 +01:00
Simon Butcher
468a84c7df Clarified Changelog for fix #602 2016-10-13 13:54:48 +01:00
Andres AG
314d8a8400 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-13 13:54:47 +01:00
Simon Butcher
9af0280aa5 Updated Changelog for fix #599 2016-10-13 13:54:14 +01:00
Andres AG
410d3dd3c7 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
Simon Butcher
4f85907b5a Revise Changelog to clarify and add credit 2016-10-13 13:53:33 +01:00
Simon Butcher
b93fdddf67 Revise Changelog to clarify and add credit 2016-10-13 13:53:12 +01:00
Simon Butcher
dcb9892939 Update Changelog for fixes to X.509 sample apps 2016-10-13 13:52:39 +01:00
Simon Butcher
eb02fb5ad4 Update Changelog for fix #559 2016-10-13 13:52:00 +01:00
Simon Butcher
e5796c1fbc Add CMAC to ChangeLog 2016-10-13 13:51:12 +01:00
Janos Follath
0be2b01a6b Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-13 13:51:07 +01:00
Andres AG
94d73b0b0a Add config macro for min bytes hw entropy 2016-10-13 13:48:48 +01:00
Andres AG
ba66e8958d Add new config.h that does not need entropy source 2016-10-13 13:48:48 +01:00
Andres AG
3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Simon Butcher
77d779e8bb Update for ChangeLog for fixes for cert_app 2016-10-13 13:48:48 +01:00
Simon Butcher
1c8b33ad19 Merge branch 'development' 2016-10-13 13:40:41 +01:00
Simon Butcher
4d69ecd9cb Added credit to Changelog for fix #558 2016-10-13 00:32:28 +01:00
Janos Follath
ef44178474 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Simon Butcher
f6e3b9e8b2 Clarified Changelog for fix #602 2016-10-12 19:52:38 +01:00
Andres AG
821da84ff9 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:49:41 +01:00
Simon Butcher
3a5e070982 Updated Changelog for fix #599 2016-10-12 16:46:48 +01:00
Andres AG
776a6fcd1a Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 16:43:37 +01:00
Janos Follath
b48c8ac45d Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:36:31 +01:00
Janos Follath
1aae658d76 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:32:17 +01:00
Simon Butcher
5a74d26006 Added credit to Changelog for X.509 DER bounds fix 2016-10-11 14:09:10 +01:00
Andres AG
e0af995f12 Add test for bounds in X509 DER write funcs 2016-10-11 14:07:48 +01:00
Andres AG
60dbc93831 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 14:07:48 +01:00
Simon Butcher
851ae29a5d Revise Changelog to clarify and add credit 2016-10-11 12:28:04 +01:00
Simon Butcher
b98eaff408 Revise Changelog to clarify and add credit 2016-10-11 10:13:52 +01:00
Simon Butcher
df6c3e8e48 Merge branch 'iotssl-825-double-free-quickfix'
Conflicts:
	ChangeLog
2016-10-11 00:07:14 +01:00
Simon Butcher
f77309cb35 Update Changelog for fixes to X.509 sample apps 2016-10-10 09:05:26 +01:00
Simon Butcher
f73fd701c0 Update Changelog for fix #559 2016-10-07 11:17:44 +01:00
Simon Butcher
21c54816f5 Add CMAC to ChangeLog 2016-10-05 14:19:18 +01:00
Janos Follath
5437a75b15 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-09-30 09:29:55 +01:00
Andres AG
4b76aecaf3 Add check for validity of date in x509_get_time() 2016-09-28 14:32:54 +01:00
Andres AG
5a87c9375d Fix overread when verifying SERVER_HELLO in DTLS 2016-09-28 14:26:57 +01:00
Andres AG
7abc974ec4 Add config macro for min bytes hw entropy 2016-09-27 14:25:31 +01:00
Andres AG
f84f8926a7 Add new config.h that does not need entropy source 2016-09-27 14:25:31 +01:00
Andres AG
788aa4a812 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Simon Butcher
d43fb9598a Update for ChangeLog for fixes for cert_app 2016-09-26 20:48:56 +01:00
Andres AG
4bdbe09f90 Fix sig->tag update in mbedtls_x509_get_sig() 2016-09-19 17:09:45 +01:00
Andres AG
f9113194af Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2016-09-16 11:42:35 +01:00
Simon Butcher
c0d76b8255 Update ChangeLog for fix for #541 - out-of-tree CMake builds 2016-09-07 17:25:16 +03:00
Simon Butcher
cad6e93e19 Update to ChangeLog for bug #428 2016-09-05 01:48:31 +03:00
Simon Butcher
5908bccfc0 Updated ChangeLog for PR#565
Updated ChangeLog for pull request #565 - Remove unused consts from oid lists
2016-09-04 15:14:38 +01:00
Simon Butcher
327d66520e Update ChangeLog for fix to crypt_and_hash #441 2016-09-02 21:53:50 +01:00
Simon Butcher
cf8c1f4ddb Update ChangeLog to include the most recent fixes 2016-09-02 21:29:39 +03:00
Simon Butcher
46125fbb73 Updates ChangeLog with final changes for release 2016-06-27 19:43:55 +01:00
Simon Butcher
9c22e7311c Merge branch 'development' 2016-05-24 13:25:46 +01:00
Paul Bakker
dc08545395 Update ChangeLog to reflect 2016-05-23 14:29:32 +01:00
Paul Bakker
456fea0000 Amended ChangeLog 2016-05-23 14:29:31 +01:00
Janos Follath
c6dab2b029 Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:27:02 +01:00
Simon Butcher
94bafdf834 Merge branch 'development' 2016-05-18 18:40:46 +01:00
Paul Bakker
f8e3794792 Update ChangeLog to reflect 2016-05-13 10:50:41 +01:00
Paul Bakker
8f0e4c263a Amended ChangeLog 2016-05-12 16:38:27 +01:00
Simon Butcher
f8935075dc Update ChangeLog for bug #429 in ssl_fork_server 2016-05-03 15:43:52 +01:00
Simon Butcher
45732c7cac Update ChangeLog for bug #429 in ssl_fork_server 2016-04-29 00:12:53 +01:00
Simon Butcher
e4a46f696f Merge branch 'development' 2016-04-27 18:44:37 +01:00
Simon Butcher
3fe6cd3a2d Fixes time() abstraction for custom configs
Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.
2016-04-26 19:51:29 +01:00
Simon Butcher
a543d11d3a Fixes mbedtls_mpi_zeroize() function name in ChangeLog 2016-04-26 12:51:37 +01:00
Simon Butcher
d7e9ad7d83 Updates ChangeLog with faster MPI zeroize fix
Added optimised mbedtls_mpi_zeroise() credit to ChangeLog.
2016-04-25 16:07:12 +01:00
Janos Follath
8a3170571e Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 00:41:54 +01:00
Simon Butcher
2300776816 Merge branch 'development' 2016-04-19 10:39:36 +01:00
Janos Follath
1ed9f99ef3 Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:16:31 +01:00
Simon Butcher
3f5c875654 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
Janos Follath
10c575be3e Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-15 18:49:13 +01:00
Simon Butcher
cd0ee5e499 Fixes following review of 'iotssl-682-selftest-ci-break' 2016-03-21 22:54:37 +00:00
Janos Follath
9194744595 Add exit value macros to platform abstraction layer. 2016-03-18 14:05:28 +00:00
Simon Butcher
de69b1664b Fix ChangeLog after merge of IOTSSL-628 2016-03-17 11:13:48 +00:00
Simon Butcher
078bcdd6f6 Merge branch 'IOTSSL-628-BufferOverread' 2016-03-16 22:53:11 +00:00
Simon Butcher
184990c1d4 Merge development into development-restricted 2016-03-16 13:56:00 +00:00
Simon Butcher
4b852db299 Merge branch 'iotssl-629-der-trailing-bytes'
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Manuel Pégourié-Gonnard
8ddc93f07a Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-09 21:06:20 +00:00
Janos Follath
e43b81ae68 Add Changelog entry for current branch 2016-03-09 21:06:20 +00:00
Janos Follath
3218b21b68 Add Changelog entry for current branch 2016-03-09 21:06:19 +00:00
Manuel Pégourié-Gonnard
370717b571 Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-09 21:06:19 +00:00
Janos Follath
cc4eba73fb Add Changelog entry for current branch 2016-03-09 21:06:19 +00:00
Simon Butcher
00157ce510 Update the ChangeLog 2016-03-09 19:32:11 +00:00
Simon Butcher
f59e66ba24 Remove redundant test certificates and clarify ChangeLog 2016-03-09 19:32:10 +00:00
Janos Follath
b437b4b125 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-03-09 19:32:10 +00:00
Janos Follath
cc0e49ddde x509: trailing bytes in DER: fix bug
Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. #377
2016-02-17 14:41:36 +00:00
Janos Follath
bc247c9946 Extended ChangeLog entry 2016-02-11 11:15:44 +00:00
Janos Follath
eae41bf340 Add Changelog entry for current branch 2016-02-10 16:40:16 +00:00
Janos Follath
4ae5c294a4 Add Changelog entry and improve coding style 2016-02-10 11:27:43 +00:00
Simon Butcher
9a3ee57c84 Merge branch 'fixes' into development 2016-01-13 02:08:02 +00:00
Manuel Pégourié-Gonnard
c990189e14 Revert changes done to 'make apidoc' target
This partially reverts 1989caf71c (only the changes to Makefile and
CMakeLists, the addition to scripts/config.pl is kept).

Modifying config.h in the apidoc target creates a race condition with

    make -j4 all apidoc

where some parts of the library, tests or programs could be built with the
wrong config.h, resulting in all kinds of (semi-random) errors. Recent
versions of CMake mitigate this by adding a .NOTPARALLEL target to the
generated Makefile, but people would still get errors with older CMake
versions that are still in use (eg in RHEL 5), and with plain make.

An additional issue is that, by failing to use cp -p, the apidoc target was
updating the timestamp on config.h, which seems to cause further build issues.

Let's get back to the previous, safe, situation. The improved apidoc building
will be resurrected in a script in the next commit.

fixes #390
fixes #391
2016-01-12 14:48:03 +00:00
Manuel Pégourié-Gonnard
25caaf36a6 Avoid build errors with -O0 due to assembly 2016-01-08 14:29:11 +01:00
Manuel Pégourié-Gonnard
3551901cd1 Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-07 13:55:05 +01:00
Manuel Pégourié-Gonnard
afbb3101ce Update ChangeLog for latest PR merged
fixes #309
2016-01-07 13:26:11 +01:00