Moran Peker
6981df59e7
Remove double declaration of mbedtls_ssl_list_ciphersuites
...
Raised by TrinityTonic. #1359
2018-05-23 18:42:36 +01:00
Simon Butcher
a8002f8f39
Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1
2018-05-23 17:58:10 +01:00
Simon Butcher
7350ab18df
Fix ChangeLog for PR #1582 following merge
2018-05-23 17:55:02 +01:00
Simon Butcher
e64bf3968e
Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1
2018-05-23 17:53:23 +01:00
Simon Butcher
13188782a0
Fix up ChangeLog following rebase to mbedtls-2.1.12
2018-05-11 16:41:07 +01:00
Andres AG
879e62697e
Allow the entry_name size to be set in config.h
...
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2018-05-11 16:38:38 +01:00
Jaeden Amero
3263f46a0e
Merge remote-tracking branch 'upstream-restricted/pr/480' into mbedtls-2.1-restricted
2018-04-30 17:38:15 +01:00
Simon Butcher
50d802172f
Fix the ChangeLog for clarity, english and credit
2018-04-30 17:23:10 +01:00
Jaeden Amero
6c0fba4350
Update version to 2.1.12
2018-04-27 13:13:54 +01:00
Jaeden Amero
4faad41346
Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed
...
Remove trailing whitespace from ChangeLog.
2018-04-26 11:09:15 +01:00
Jaeden Amero
7db991d56a
Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
...
Resolve conflicts in ChangeLog
2018-04-26 09:03:14 +01:00
Andrzej Kurek
128bcbea1a
Changelog entry
2018-04-25 05:29:47 -04:00
Andrzej Kurek
bb6661479f
ssl_tls: Fix invalid buffer sizes during compression / decompression
...
Adjust information passed to zlib to include already written data.
2018-04-23 08:29:36 -04:00
Mohammad Azim Khan
3f1d5cb324
Same ciphersuite validation in server and client hello
2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard
1e2f4da801
Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed
...
* restricted/pr/469:
Improve comments style
Remove a redundant test
Add buffer size check before cert_type_len read
Update change log
Adjust 2.1 specific code to match the buffer verification tests
Add a missing buffer size check
Correct buffer size check
2018-04-18 12:22:24 +02:00
Darryl Green
ce52b58da0
Fix braces in mbedtls_memory_buffer_alloc_status()
2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak
8fc134fcb1
Update change log
2018-04-05 08:51:35 +02:00
fbrosson
0620206db3
Backport 2.1: Use "#!/usr/bin/env perl" as shebang line.
2018-04-04 22:29:59 +00:00
Gilles Peskine
24f4584473
Align ChangeLog entry for PR #1396 with development
2018-04-04 10:18:37 +02:00
Jaeden Amero
23d979bee0
Merge remote-tracking branch 'upstream-public/pr/1554' into mbedtls-2.1-proposed
2018-04-03 19:15:28 +01:00
AndrzejKurek
0de430678e
pk_sign: fix overriding and ignoring return values
2018-04-03 19:38:45 +02:00
Jaeden Amero
ac9939c096
Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed
2018-04-03 18:27:18 +01:00
Jaeden Amero
ee6c822076
Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed
2018-04-03 12:07:19 +01:00
Gilles Peskine
225684015d
Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed
2018-04-01 12:41:33 +02:00
Gilles Peskine
8b1cddcf26
Merge remote-tracking branch 'upstream-public/pr/1542' into mbedtls-2.1-proposed
2018-04-01 12:41:00 +02:00
Gilles Peskine
419e670702
Minor changelog improvement
2018-04-01 12:33:35 +02:00
Gilles Peskine
04450488ec
Add ChangeLog entry to credit independent contribution
...
Also: fixes #1437
2018-03-31 23:06:09 +02:00
Andrzej Kurek
a1149a70ae
Add tests for "return plaintext data faster on unpadded decryption"
2018-03-30 05:00:19 -04:00
Darryl Green
093c170377
Improve documentation of mbedtls_ssl_write()
2018-03-29 16:56:09 +01:00
Jaeden Amero
cbe731c653
Merge remote-tracking branch 'upstream-public/pr/1532' into mbedtls-2.1-proposed
2018-03-29 11:03:17 +01:00
Jaeden Amero
82e288adb6
Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed
2018-03-29 10:59:43 +01:00
Jaeden Amero
616485854e
Merge remote-tracking branch 'upstream-public/pr/1469' into mbedtls-2.1-proposed
2018-03-28 15:36:01 +01:00
Jaeden Amero
478baecc06
Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed
2018-03-28 15:34:25 +01:00
Ivan Krylov
1110a6fa63
Add ChangeLog entry
2018-03-28 17:25:12 +03:00
Jaeden Amero
8b4cd26eaf
Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed
2018-03-28 13:44:28 +01:00
Gilles Peskine
f362b97415
Add ChangeLog entry
...
Fixes #1299 . Fixes #1475 .
2018-03-27 23:22:37 +02:00
Andres Amaya Garcia
47569d7384
Add ChangeLog entry for PBES2 when ASN1 disabled
2018-03-27 21:34:15 +01:00
Andres Amaya Garcia
bc00667a90
Improve ChangeLog for DLEXT and AR_DASH changes
2018-03-27 20:07:52 +01:00
Andres Amaya Garcia
83bffd353e
Add ChangeLog entry for library/makefile changes
2018-03-26 00:15:21 +01:00
Gilles Peskine
eea857dc0d
Add ChangeLog entry
2018-03-23 14:38:14 +01:00
Gilles Peskine
d888bd2c65
Add changelog entries for improved testing
...
Fixes #1040
2018-03-23 02:29:49 +01:00
Gilles Peskine
2a74061198
Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
...
Conflict resolution:
* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
addition. In addition some of the additions in the
iotssl-1381-x509-verify-refactor-restricted branch need support for
keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
...
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
mohammad1603
cee0890b19
Verify that f_send and f_recv send and receive the expected length
...
Verify that f_send and f_recv send and receive the expected length
Conflicts:
ChangeLog
2018-03-22 15:01:02 -07:00
Andres Amaya Garcia
2a0aee3163
Add ChangeLog entry for redundant mutex initialization optimizations
2018-03-21 17:40:48 +00:00
Andres Amaya Garcia
09d787f2fc
Add ChangeLog entry for dylib builds using Makefile
2018-03-21 11:24:32 +00:00
Jaeden Amero
1c986a9859
Update version to 2.1.11
2018-03-16 16:29:30 +00:00
Jaeden Amero
7f44963f45
Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed
2018-03-15 15:24:47 +00:00
Ron Eldor
82712a9c97
Write correct number of ciphersuites in log
...
Change location of log, to fit the correct number of used ciphersuites
2018-03-15 15:09:28 +00:00
Jaeden Amero
23f503f12d
Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed
2018-03-14 18:32:21 +00:00
Jaeden Amero
5e50ff8f44
Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed
2018-03-14 18:16:29 +00:00
Jaeden Amero
10a1a60966
Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
2018-03-14 18:03:41 +00:00
Jaeden Amero
0980d9a3ae
Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed
2018-03-14 17:53:27 +00:00
Jaeden Amero
4e3629590f
Merge remote-tracking branch 'upstream-public/pr/1452' into mbedtls-2.1-proposed
2018-03-14 17:38:21 +00:00
Krzysztof Stachowiak
d3cec99377
Update change log
2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
a7a8332402
Update change log
2018-03-14 14:35:12 +01:00
Manuel Pégourié-Gonnard
b0661769ab
x509: CRL: reject unsupported critical extensions
2018-03-14 09:28:24 +01:00
Gilles Peskine
df6f3dd9b0
Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed
2018-03-13 17:28:42 +01:00
Gilles Peskine
8c1217984b
Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed
...
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
2018-03-13 17:26:49 +01:00
Hanno Becker
41b6189ef7
Adapt ChangeLog
...
Add note about fix of memory leak in RSA self test.
2018-03-13 10:42:43 +00:00
Gilles Peskine
5e533f43ee
Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed
2018-03-12 23:51:50 +01:00
Gilles Peskine
889de8eedb
Merge branch 'pr_1276' into mbedtls-2.1-proposed
2018-03-12 23:51:01 +01:00
Gilles Peskine
681f5aacfe
Align ChangeLog entry with 2.7
2018-03-12 23:50:18 +01:00
Gilles Peskine
8da4f864a5
Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed
2018-03-12 23:44:48 +01:00
Gilles Peskine
adee19582e
Merge branch 'pr_1409' into mbedtls-2.1-proposed
2018-03-11 00:52:36 +01:00
Gilles Peskine
d38464698e
Merge remote-tracking branch 'upstream-public/pr/1295' into mbedtls-2.1-proposed
2018-03-11 00:52:35 +01:00
Gilles Peskine
9a00ef3cf1
Merge branch 'pr_953' into HEAD
2018-03-11 00:52:24 +01:00
Gilles Peskine
b1e6efd55d
This fixes #664
2018-03-11 00:51:02 +01:00
Gilles Peskine
15967a8501
Fix grammar in ChangeLog entry
2018-03-11 00:15:56 +01:00
Gilles Peskine
af18faca22
Merge remote-tracking branch 'upstream-public/pr/937' into mbedtls-2.1-proposed
2018-03-10 23:52:22 +01:00
Manuel Pégourié-Gonnard
f1985570a9
Fix order of sections in ChangeLog
2018-03-06 10:34:56 +01:00
Hanno Becker
89e7422a27
Add ChangeLog entry for previous security fix
...
Fixes #825
2018-03-05 13:46:10 +01:00
itayzafrir
cabc098a0f
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
...
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-03-05 09:50:58 +02:00
Gilles Peskine
7fded85f43
Add attribution for #1351 report
2018-02-27 08:41:56 +01:00
Gilles Peskine
25ec9cc9b3
Merge branch 'prr_428' into mbedtls-2.1-proposed
2018-02-22 16:24:13 +01:00
Gilles Peskine
e9256c5f46
Note incompatibility of truncated HMAC extension in ChangeLog
...
The change in the truncated HMAC extension aligns Mbed TLS with the
standard, but breaks interoperability with previous versions. Indicate
this in the ChangeLog, as well as how to restore the old behavior.
2018-02-22 16:17:52 +01:00
mohammad1603
2b1eea7202
Remove extra new lines
...
Remove extra new lines
2018-02-22 05:13:34 -08:00
mohammad1603
f65add4f60
Backport 2.1:Add guard to out_left to avoid negative values
...
return error when f_send return a value greater than out_left
2018-02-22 05:07:15 -08:00
Jaeden Amero
c07ef140ff
Add ChangeLog entry for PR #1384
2018-02-22 08:33:52 +00:00
Gilles Peskine
ac33180219
Merge branch 'pr_1354' into mbedtls-2.1
2018-02-20 16:37:17 +01:00
Gilles Peskine
37e1adb7cd
Mention in ChangeLog that this fixes #1351
2018-02-20 16:35:32 +01:00
Gilles Peskine
2e50efad44
Merge remote-tracking branch 'upstream-public/pr/1334' into mbedtls-2.1-proposed
2018-02-14 15:13:37 +01:00
Gilles Peskine
c0577f3931
Note in the changelog that this fixes an interoperability issue.
...
Fixes #1339
2018-02-14 11:33:30 +01:00
Antonio Quartulli
b9e3c6d9c6
pkcs5v2: add support for additional hmacSHA algorithms
...
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.
This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).
Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Ron Eldor
5a2525c2fd
Rephrase Changelog
...
Rephrase Changelog to be more coherent to users
2018-02-07 12:09:58 +02:00
Ron Eldor
3a3b654027
Fix handshake failure in suite B
...
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-07 12:09:46 +02:00
Simon Butcher
bdf548e5d8
Update ChangeLog with language and technical corrections
...
To clarify and correct the ChangeLog.
2018-02-05 08:43:38 +00:00
Jaeden Amero
4913826aff
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2018-01-30 17:33:25 +00:00
Hanno Becker
235854503b
Adapt ChangeLog
2018-01-30 11:58:16 +00:00
Gilles Peskine
36dde9e67a
Added ChangeLog entry for 64-bit ILP32 fix
2018-01-29 21:59:12 +01:00
Andres Amaya Garcia
65915438b8
Add ChangeLog entry for 64-bit ILP32 fixes
2018-01-29 21:59:12 +01:00
Jaeden Amero
035f6ea288
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2018-01-29 12:53:07 +00:00
Manuel Pégourié-Gonnard
3e6222dacb
Fix alarm(0) failure on mingw32
...
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 13:23:40 +01:00
Jaeden Amero
bfafd12789
Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted
2018-01-26 18:09:14 +00:00
Jaeden Amero
e5b443e2d6
Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
2018-01-24 15:24:42 +00:00
Andres AG
8ad5acd6da
Fix corner case uses of memory_buffer_alloc.c
...
The corner cases fixed include:
* Allocating a buffer of size 0. With this change, the allocator now
returns a NULL pointer in this case. Note that changes in pem.c and
x509_crl.c were required to fix tests that did not work under this
assumption.
* Initialising the allocator with less memory than required for headers.
* Fix header chain checks for uninitialised allocator.
2018-01-23 21:03:49 +00:00
Gilles Peskine
a2ef78d50c
Merge remote-tracking branch 'upstream-restricted/pr/442' into mbedtls-2.1-restricted
2018-01-23 00:47:43 +01:00
Ron Eldor
1ac9aa7085
Set correct minimal versions in default conf
...
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:03:12 +01:00
Ron Eldor
998a4de3fa
Fix Changelog notation
...
Remove backticks, since ChangeLog is not in MarkDown
2018-01-22 19:14:11 +02:00
Ron Eldor
a1413e05e9
Fix compilation error with Mingw32
...
Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use
`_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by
Thomas Glanzmann and Nick Wilson on issue #355
2018-01-22 19:06:57 +02:00