Simon Butcher
c83f470eb8
Update Changelog for issue #502
2016-10-14 01:04:51 +01:00
Simon Butcher
72388387c0
Merge branch for fix for #502 - Unchecked calls
...
Conflicts:
ChangeLog
2016-10-14 01:03:11 +01:00
Simon Butcher
d9d0cda9fe
Merge branch 'mbedtls-2.1'
2016-10-13 10:35:52 +01:00
Janos Follath
0be55a0549
Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
...
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.
The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.
Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.
Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 10:35:34 +01:00
Simon Butcher
759b5a1286
Added credit to Changelog for fix #558
2016-10-13 01:00:19 +01:00
Janos Follath
95b303648c
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 00:58:09 +01:00
Simon Butcher
6f066a8636
Clarified Changelog for fix #602
2016-10-12 19:54:24 +01:00
Andres AG
6c05208f96
Fix documentation for mbedtls_gcm_finish()
...
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:54:07 +01:00
Simon Butcher
d5e33f14df
Updated Changelog for fix #599
2016-10-12 17:49:11 +01:00
Andres AG
fbd1cd9d57
Fix 1 byte overread in mbedtls_asn1_get_int()
2016-10-12 17:45:29 +01:00
Simon Butcher
73b94e3512
Added credit to Changelog for X.509 DER bounds fix
2016-10-11 16:53:10 +01:00
Andres AG
effb5582dd
Add test for bounds in X509 DER write funcs
2016-10-11 16:52:06 +01:00
Andres AG
8aa301ba31
Add missing bounds check in X509 DER write funcs
...
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 16:52:06 +01:00
Simon Butcher
4bbd8e1ad8
Revise Changelog to clarify and add credit
2016-10-11 10:42:05 +01:00
Simon Butcher
17cbca370f
Update Changelog for fixes to X.509 sample apps
2016-10-11 10:40:43 +01:00
Simon Butcher
b89a653005
Update Changelog for fix #559
2016-10-11 10:40:42 +01:00
Janos Follath
433d4c84b3
Add safety check to sample mutex implementation
...
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.
This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-11 10:40:42 +01:00
Simon Butcher
4ed1c00f10
Update Changelog for fixes to X.509 sample apps
2016-10-10 09:45:30 +01:00
Simon Butcher
c1e1f1cfdd
Update Changelog for fix #559
2016-10-07 14:17:28 +01:00
Simon Butcher
75dea20fee
Update for ChangeLog for fixes for cert_app
2016-09-26 20:51:34 +01:00
Andres AG
8df1bee06f
Add ChangeLog entry for unchecked calls fix
2016-09-05 14:10:45 +01:00
Simon Butcher
541a960bee
Update to ChangeLog for bug #428
2016-09-05 13:12:24 +03:00
Simon Butcher
532b217002
Update ChangeLog for fix to crypt_and_hash #441
2016-09-02 22:10:39 +01:00
Janos Follath
7b26865529
X509: Fix bug triggered by future CA among trusted
...
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-07-14 13:19:46 +01:00
Simon Butcher
c38aa616a0
Update ChangeLog for Release
2016-06-27 19:49:04 +01:00
Simon Butcher
88aa189415
Merge branch 'mbedtls-2.1' into mbedtls-2.1
2016-06-27 01:16:16 +01:00
Janos Follath
83f26052bf
Fix non compliance SSLv3 in server extension handling.
...
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:50:15 +01:00
Janos Follath
6200b50518
Extended ChangeLog entry
2016-05-18 19:36:02 +01:00
Janos Follath
d5770a1d78
Add Changelog entry for current branch
2016-05-18 19:33:39 +01:00
Janos Follath
9ccbd6313f
Add Changelog entry for current branch
2016-05-18 19:30:09 +01:00
Janos Follath
ea6cbb957c
Add Changelog entry for current branch
2016-05-18 19:30:09 +01:00
Simon Butcher
d58d715680
Update ChangeLog for bug #429 in ssl_fork_server
2016-04-29 00:15:34 +01:00
Janos Follath
e9d5510f05
Fix bug in ssl_write_supported_elliptic_curves_ext
...
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:55:32 +01:00
Janos Follath
689a627215
Fix null pointer dereference in the RSA module.
...
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:20:59 +01:00
Simon Butcher
0705dd0588
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-19 09:19:46 +01:00
Janos Follath
1a59a504e7
Fix odd bitlength RSA key generation
...
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:19:21 +01:00
Janos Follath
16734f011b
x509: trailing bytes in DER: fix bug
...
Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. #377
2016-03-15 23:47:36 +00:00
Manuel Pégourié-Gonnard
7715e669f1
Avoid build errors with -O0 due to assembly
2016-01-08 14:52:55 +01:00
Manuel Pégourié-Gonnard
bb81b4a009
Make ar invocation more portable
...
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.
fixes #386
2016-01-08 14:52:14 +01:00
Manuel Pégourié-Gonnard
96ec00dd3a
Update ChangeLog for latest PR merged
...
fixes #309
2016-01-08 14:51:51 +01:00
Manuel Pégourié-Gonnard
ddf118961a
Update reference to attack in ChangeLog
...
We couldn't do that before the attack was public
2016-01-08 14:46:44 +01:00
Simon Butcher
543e4366bc
Change version number to 2.1.4
...
Changed version for library files and yotta module
2016-01-04 22:41:11 +00:00
Manuel Pégourié-Gonnard
ff0a22bd9b
Tune description of a change/bugfix in ChangeLog
2016-01-04 17:39:38 +01:00
Simon Butcher
28b35c02f7
Merge branch 'mbedtls-2.1'
...
Merge of fix for memory leak in RSA-SSA signing - #372
2016-01-01 23:37:07 +00:00
Simon Butcher
318daf0c7e
Fix for memory leak in RSA-SSA signing
...
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2016-01-01 23:15:10 +00:00
Simon Butcher
976794a212
Merge remote-tracking branch 'origin/mbedtls-2.1' into HEAD
2015-12-31 23:42:54 +00:00
Simon Butcher
8360433788
Merge branch 'iotssl-541-2.1-pathlen-bugfix'
2015-12-31 23:21:52 +00:00
Simon Butcher
59d2218f63
Clarification in ChangeLog
2015-12-23 18:53:21 +00:00
Simon Butcher
aa4114910a
Merge 'iotssl-558-2.1-md5-tls-sigs-restricted'
2015-12-23 18:52:18 +00:00
Simon Butcher
35ea92dbc6
Merge 'iotssl-566-2.1-double-free-restricted'
...
Merge remote-tracking branch
'restricted/iotssl-566-2.1-double-free-restricted' into mbedtls-2.1
2015-12-23 16:49:46 +00:00