Commit graph

860 commits

Author SHA1 Message Date
Simon Butcher 9dad18e29a Update ChangeLog with language and technical corrections
To clarify and correct the ChangeLog.
2018-02-05 08:44:42 +00:00
Jaeden Amero abc3fe7942 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-30 17:34:56 +00:00
Hanno Becker bf4b54be33 Adapt ChangeLog 2018-01-30 11:58:46 +00:00
Jaeden Amero 8ae366f356 Merge remote-tracking branch 'upstream-restricted/pr/443' into mbedtls-1.3-restricted 2018-01-29 13:23:49 +00:00
Jaeden Amero 6564d7a904 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-29 12:51:26 +00:00
Manuel Pégourié-Gonnard f39f732c31 Fix alarm(0) failure on mingw32
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 13:27:48 +01:00
Jaeden Amero d6b8ce467c Merge remote-tracking branch 'upstream-restricted/pr/413' into mbedtls-1.3-restricted 2018-01-26 17:53:40 +00:00
Jaeden Amero 492d13dbcf Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-24 15:24:57 +00:00
Gilles Peskine 1446b8cbcb Add ChangeLog entry 2018-01-22 14:40:06 +01:00
Jaeden Amero d3df16fc0a Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2018-01-10 13:15:28 +00:00
Manuel Pégourié-Gonnard f472a829c6 Fix heap-buffer overread in ALPN ext parsing 2018-01-10 13:27:13 +01:00
Hanno Becker 78504c7833 Adapt ChangeLog 2018-01-10 11:25:14 +00:00
Manuel Pégourié-Gonnard 9872634ae8 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Timing self test: shorten redundant tests
  Timing self test: print some diagnosis information
  get_timer: don't use uninitialized memory
  Timing: fix set_alarm(0) on Unix/POSIX
2017-12-26 10:45:36 +01:00
Gilles Peskine 2484ffeb81 get_timer: don't use uninitialized memory
get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 22:12:19 +01:00
Gilles Peskine de896ebd26 Timing: fix set_alarm(0) on Unix/POSIX
The POSIX/Unix implementation of set_alarm did not set the
alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 22:04:48 +01:00
Gilles Peskine 3ac30e3f7d Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-12-19 19:01:56 +01:00
Gilles Peskine 605c2284bc Merge branch 'pr_998' into mbedtls-1.3 2017-12-19 18:10:51 +01:00
Gilles Peskine 5a0bc7f142 Added ChangeLog entry 2017-12-19 18:09:34 +01:00
Manuel Pégourié-Gonnard 90c5e396e0 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Allow comments in test data files
2017-12-19 12:21:26 +01:00
Manuel Pégourié-Gonnard b9c40b3157 Merge remote-tracking branch 'public/pr/1119' into mbedtls-1.3
* public/pr/1119:
  Allow comments in test data files
2017-12-19 12:21:07 +01:00
Manuel Pégourié-Gonnard ba110ba4d2 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Address PR review comments
  Backport 1.3:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:44:17 +01:00
Manuel Pégourié-Gonnard cc3e3b0ace Merge remote-tracking branch 'public/pr/1161' into mbedtls-1.3
* public/pr/1161:
  Address PR review comments
  Backport 1.3:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:43:57 +01:00
Gilles Peskine 3790b4714d Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-12-04 18:01:40 +00:00
Gilles Peskine 4905e6c4e7 Merge branch 'pr_1045' into mbedtls-1.3 2017-12-04 17:29:13 +01:00
Gilles Peskine 046fff12fa Added ChangeLog entry 2017-12-04 17:26:40 +01:00
Gilles Peskine 6e206364d9 Merge remote-tracking branch 'upstream-public/pr/1175' into mbedtls-1.3 2017-12-04 17:21:09 +01:00
Gilles Peskine 258bf599d6 Merge remote-tracking branch 'upstream-restricted/pr/426' into mbedtls-1.3-restricted 2017-12-01 18:03:15 +01:00
Gilles Peskine af86fb9ded Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-29 21:06:11 +01:00
Gilles Peskine 3a3228cf90 Merge remote-tracking branch 'upstream-public/pr/1155' into mbedtls-1.3 2017-11-29 20:55:11 +01:00
Gilles Peskine 9f423b18cb Merge remote-tracking branch 'upstream-public/pr/917' into mbedtls-1.3 2017-11-29 20:55:03 +01:00
Hanno Becker ad951d131d Correct dangerous typo in include/polarssl/ssl.h
The definition of SSL_MAC_ADD depends on the presence of the
configuration option POLARSSL_ARC4_C, which was misspelled as
POLARSSL_RC4_C in ssl.h, leading to a too small buffer and
subsequently to a buffer overflow during record processing.
This commit fixes the typo.
2017-11-29 18:02:49 +00:00
Gilles Peskine 2cd7c18f59 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-28 18:43:57 +01:00
Gilles Peskine 8c946113ba Merge branch 'pr_1083' into mbedtls-1.3
Merge PR #1083 plus ChangeLog entry.
2017-11-28 18:42:21 +01:00
Gilles Peskine f15cbdab67 Merge remote-tracking branch 'upstream-public/pr/1109' into mbedtls-1.3 2017-11-28 18:41:31 +01:00
Gilles Peskine 43a6b83419 Merge remote-tracking branch 'upstream-public/pr/1081' into mbedtls-1.3 2017-11-28 18:41:02 +01:00
Gilles Peskine f945a2245e Merge remote-tracking branch 'upstream-public/pr/944' into mbedtls-1.3 2017-11-28 18:38:17 +01:00
Gilles Peskine d2e8affa66 Add ChangeLog entry 2017-11-28 18:37:53 +01:00
Gilles Peskine 6f941d6c89 Merge remote-tracking branch 'upstream-restricted/pr/423' into mbedtls-1.3-restricted
Resolved simple conflicts caused by the independent addition of
calls to polarssl_zeroize with sometimes whitespace or comment
differences.
2017-11-28 16:23:28 +01:00
Gilles Peskine b087a88300 Merge remote-tracking branch 'upstream-restricted/pr/405' into mbedtls-1.3-restricted 2017-11-28 16:22:41 +01:00
Gilles Peskine c5cf89e1cc Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-28 15:32:00 +01:00
Gilles Peskine 8083849575 Add ChangeLog entry 2017-11-28 15:27:48 +01:00
Gilles Peskine 2bd6ca415b Merge remote-tracking branch 'upstream-restricted/pr/402' into mbedtls-1.3-restricted 2017-11-28 14:34:24 +01:00
Gilles Peskine d3dd8d2197 Merge remote-tracking branch 'upstream-restricted/pr/387' into mbedtls-1.3-restricted 2017-11-28 14:34:16 +01:00
Gilles Peskine c5926a7049 Merge branch 'iotssl-1419-safermemcmp-volatile_backport-1.3' into mbedtls-1.3-restricted 2017-11-28 13:50:05 +01:00
Gilles Peskine 1caad08610 add changelog entry 2017-11-28 13:35:09 +01:00
Gilles Peskine 3036cbeb8e Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-24 16:07:43 +01:00
Gilles Peskine e298532394 Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3 2017-11-24 15:38:42 +01:00
Gilles Peskine 1dc344373a Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge-1.3' into mbedtls-1.3-restricted 2017-11-23 19:11:58 +01:00
Gilles Peskine feae81de91 ChangeLog entry for ssl_parse_client_psk_identity fix 2017-11-23 19:10:48 +01:00
Manuel Pégourié-Gonnard 408dfd1f6a Merge remote-tracking branch 'restricted/pr/418' into mbedtls-1.3-restricted
* restricted/pr/418:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
2017-11-23 12:16:05 +01:00