Commit Graph

823 Commits

Author SHA1 Message Date
Hanno Becker
bf4b54be33 Adapt ChangeLog 2018-01-30 11:58:46 +00:00
Manuel Pégourié-Gonnard
f39f732c31 Fix alarm(0) failure on mingw32
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 13:27:48 +01:00
Gilles Peskine
1446b8cbcb Add ChangeLog entry 2018-01-22 14:40:06 +01:00
Hanno Becker
78504c7833 Adapt ChangeLog 2018-01-10 11:25:14 +00:00
Gilles Peskine
2484ffeb81 get_timer: don't use uninitialized memory
get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 22:12:19 +01:00
Gilles Peskine
de896ebd26 Timing: fix set_alarm(0) on Unix/POSIX
The POSIX/Unix implementation of set_alarm did not set the
alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 22:04:48 +01:00
Gilles Peskine
605c2284bc Merge branch 'pr_998' into mbedtls-1.3 2017-12-19 18:10:51 +01:00
Gilles Peskine
5a0bc7f142 Added ChangeLog entry 2017-12-19 18:09:34 +01:00
Manuel Pégourié-Gonnard
b9c40b3157 Merge remote-tracking branch 'public/pr/1119' into mbedtls-1.3
* public/pr/1119:
  Allow comments in test data files
2017-12-19 12:21:07 +01:00
Manuel Pégourié-Gonnard
cc3e3b0ace Merge remote-tracking branch 'public/pr/1161' into mbedtls-1.3
* public/pr/1161:
  Address PR review comments
  Backport 1.3:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:43:57 +01:00
Gilles Peskine
4905e6c4e7 Merge branch 'pr_1045' into mbedtls-1.3 2017-12-04 17:29:13 +01:00
Gilles Peskine
046fff12fa Added ChangeLog entry 2017-12-04 17:26:40 +01:00
Gilles Peskine
6e206364d9 Merge remote-tracking branch 'upstream-public/pr/1175' into mbedtls-1.3 2017-12-04 17:21:09 +01:00
Gilles Peskine
3a3228cf90 Merge remote-tracking branch 'upstream-public/pr/1155' into mbedtls-1.3 2017-11-29 20:55:11 +01:00
Gilles Peskine
9f423b18cb Merge remote-tracking branch 'upstream-public/pr/917' into mbedtls-1.3 2017-11-29 20:55:03 +01:00
Gilles Peskine
8c946113ba Merge branch 'pr_1083' into mbedtls-1.3
Merge PR #1083 plus ChangeLog entry.
2017-11-28 18:42:21 +01:00
Gilles Peskine
f15cbdab67 Merge remote-tracking branch 'upstream-public/pr/1109' into mbedtls-1.3 2017-11-28 18:41:31 +01:00
Gilles Peskine
43a6b83419 Merge remote-tracking branch 'upstream-public/pr/1081' into mbedtls-1.3 2017-11-28 18:41:02 +01:00
Gilles Peskine
f945a2245e Merge remote-tracking branch 'upstream-public/pr/944' into mbedtls-1.3 2017-11-28 18:38:17 +01:00
Gilles Peskine
d2e8affa66 Add ChangeLog entry 2017-11-28 18:37:53 +01:00
Gilles Peskine
8083849575 Add ChangeLog entry 2017-11-28 15:27:48 +01:00
Gilles Peskine
e298532394 Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3 2017-11-24 15:38:42 +01:00
Darryl Green
fdac76f330 Add checks for private parameter in ecdsa_sign() 2017-11-20 15:53:43 +00:00
Ron Eldor
1f311ed587 Backport 1.3:Fix crash when calling mbedtls_ssl_cache_free twice
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-30 18:16:51 +02:00
Hanno Becker
18710eb102 Adapt ChangeLog 2017-10-25 09:51:30 +01:00
Andres AG
7c02d13746 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:08:46 +01:00
Ron Eldor
4491a791be Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 14:06:26 +01:00
Andres Amaya Garcia
10345fbe2a Add ChangeLog entry 2017-10-07 22:24:07 +01:00
Hanno Becker
a6cffa5edd Adapt ChangeLog 2017-10-05 08:58:00 +01:00
Simon Butcher
7d661f83e1 Fix changelog for ssl_server2.c usage fix 2017-10-02 19:22:17 +01:00
Gilles Peskine
f1cc6a4ae8 Allow comments in test data files 2017-10-02 11:20:39 +02:00
Hanno Becker
ce2c02cca2 Enhance documentation of ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure

Also, adapt ChangeLog.
2017-10-01 00:00:56 +01:00
Hanno Becker
ea65d0377c Adapt ChangeLog 2017-09-28 16:54:41 +01:00
Hanno Becker
234d503b3a Adapt ChangeLog 2017-09-28 14:45:35 +01:00
Ron Eldor
bc3fa39f0e Backport 1.3:Add configuration file in md.h
include *`config.h`* in md.h as MACROS in the header file get ignored.Backport to
Backport of #1055 to mbedtls-1.3
2017-09-07 16:58:41 +03:00
Simon Butcher
a75a459143 Removed duplication in Changelog 2017-08-10 23:38:10 +01:00
Simon Butcher
03bd0229ab Update version to 1.3.21 2017-08-10 11:52:14 +01:00
Simon Butcher
9ee5910f65 Fix language in Changelog for clarity 2017-08-10 10:49:32 +01:00
Hanno Becker
1af21bfa38 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- rsa_pkcs1_decrypt
- rsa_rsaes_pkcs1_v15_decrypt
- rsa_rsaes_oaep_decrypt
2017-08-01 23:05:31 +01:00
Hanno Becker
e7f5abc111 Adapt ChangeLog 2017-07-28 22:08:29 +01:00
Hanno Becker
56fa40f4f5 Adapt ChangeLog 2017-07-28 22:02:58 +01:00
Ron Eldor
b34be244e6 Backport 1.3: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 13:16:50 +01:00
Hanno Becker
2625f4aa93 Correct indentation and labelling in ChangeLog 2017-07-28 13:15:57 +01:00
Janos Follath
1fbc5fb027 Fix typos 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
df745670e1 Add ChangeLog entry for the security issue 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
d0e755716f Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
8af7bfa982 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-28 13:15:57 +01:00
Andres AG
3df4e4e1d0 Prevent signed integer overflow in CSR parsing
Modify the function x509_csr_parse_der() so that it checks the parsed
CSR version integer before it increments the value. This prevents a
potential signed integer overflow, as these have undefined behaviour in
the C standard.
2017-07-27 11:50:58 +01:00
Andres AG
47f3059780 Fix potential integer overflow parsing DER CRT
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-27 11:50:04 +01:00
Andres AG
26124be17a Fix potential integer overflow parsing DER CRL
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-27 11:49:08 +01:00