Manuel Pégourié-Gonnard
1e07562da4
Fix wrong length limit in GCM
...
See for example page 8 of
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
The previous constant probably came from a typo as it was 2^26 - 2^5 instead
of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
2^32 as the ull suffix and cast to uint64_t show.
fixes #362
2015-12-10 14:54:21 +01:00
Simon Butcher
8254ed2a9f
Change version number to 2.2.0
...
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Simon Butcher
59a8fa7e2e
Corrected typo in ChangeLog
2015-11-03 23:09:28 +00:00
Manuel Pégourié-Gonnard
bd3639852c
Merge branch 'iotssl-519-asn1write-overflows-restricted' into development-restricted
...
* iotssl-519-asn1write-overflows-restricted:
Fix other int casts in bounds checking
Fix other occurrences of same bounds check issue
Fix potential buffer overflow in asn1write
2015-11-02 11:07:30 +09:00
Manuel Pégourié-Gonnard
537e2a9b58
Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted
...
* iotssl-518-winpathlen-restricted:
Fix potential heap corruption on Windows
2015-11-02 11:04:59 +09:00
Manuel Pégourié-Gonnard
f8b2442e2f
Merge branch 'iotssl-517-double-free-restricted' into development-restricted
...
* iotssl-517-double-free-restricted:
Fix potential double-free in ssl_conf_psk()
2015-11-02 11:03:32 +09:00
Manuel Pégourié-Gonnard
c99dffad36
Add ChangeLog entry for ASN.1 DER boolean fix
2015-11-02 06:00:02 +09:00
Manuel Pégourié-Gonnard
ba1d897987
Merge branch 'bugfixes' into development
...
* bugfixes:
Fix typo in an OID name
Disable reportedly broken assembly of Sparc(64)
2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard
568f1e7cb3
Merge branch 'iotssl-515-max-pathlen' into development
...
* iotssl-515-max-pathlen:
Add Changelog entries for this branch
Fix a style issue
Fix whitespace at EOL issues
Use symbolic constants in test data
Fixed pathlen contraint enforcement.
Additional corner cases for testing pathlen constrains. Just in case.
Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:49:08 +09:00
Manuel Pégourié-Gonnard
2b624e9b39
Add Changelog entries for this branch
2015-10-30 09:45:34 +01:00
Simon Butcher
204606238c
Merge branch 'development' into misc
2015-10-27 16:57:34 +00:00
Simon Butcher
62aab15085
Merge branch 'development' into iotssl-513-alerts
2015-10-27 16:05:34 +00:00
Simon Butcher
5f7c34b8b0
Merge branch iotssl-521-keylen-check
2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard
e0b2feae34
Mention performance fix in ChangeLog
2015-10-27 10:24:54 +01:00
Manuel Pégourié-Gonnard
65eefc8707
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
d21eb2ae81
Fix attribution in ChangeLog
2015-10-23 15:35:02 +02:00
Manuel Pégourié-Gonnard
fbdf06c1a4
Fix handling of non-fatal alerts
...
fixes #308
2015-10-23 13:11:31 +02:00
Manuel Pégourié-Gonnard
e5f3072aed
Fix #ifdef inconsistency
...
fixes #310
Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
66fc07362e
Fix typo in an OID name
...
fixes #314
2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a
Disable reportedly broken assembly of Sparc(64)
...
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
22c3b7b9da
Fix potential buffer overflow in asn1write
2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard
261faed725
Fix potential heap corruption on Windows
...
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard
173c790722
Fix potential double-free in ssl_conf_psk()
2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard
1ef96c2231
Update ChangeLog for the EC J-PAKE branch
2015-10-20 15:04:57 +02:00
Manuel Pégourié-Gonnard
4104864e54
ECHDE-PSK does not use a certificate
...
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
ca056c7748
Fix CVE number in ChangeLog
2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6
Merge branch 'development' into development-restricted
...
* development:
Remove inline workaround when not useful
Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3
Fix for #279 macroisation of 'inline' keyword
2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
899ac849d0
Merge branch 'development' into development-restricted
...
* development:
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
0431735299
Fix compile error in net.c with musl libc
...
fixes #278
2015-10-05 12:17:49 +01:00
Simon Butcher
475cf0a98a
Merge fix of IOTSSL-496 - Potential heap overflow
...
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard
0223ab9d38
Fix macroization of inline in C++
...
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher
fec73a8eec
Merge of fix for IOTSSL-481 - Double free
...
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher
c48b66bfb6
Changed attribution for Guido Vranken
2015-10-05 10:18:17 +01:00
Simon Butcher
6418ffaadb
Merge fix for IOTSSL-480 - base64 overflow issue
2015-10-05 09:54:11 +01:00
Simon Butcher
a45aa1399b
Merge of IOTSSL-476 - Random malloc in pem_read()
2015-10-05 00:26:36 +01:00
Simon Butcher
e7f96f22ee
Merge fix IOTSSL-475 Potential buffer overflow
...
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
Simon Butcher
d5ba4672b2
Merge fix for IOTSSL-474 PKCS12 Overflow
...
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
Simon Butcher
5b8d1d65f7
Fix for IOTSSL-473 Double free error
...
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard
ef388f168d
Merge branch 'development' into development-restricted
...
* development:
Updated ChangeLog with credit
Fix a fairly common typo in comments
Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
bc1babb387
Fix potential overflow in CertificateRequest
2015-10-02 11:20:28 +02:00
Simon Butcher
54eec9d1dd
Merge pull request #301 from Tilka/typo
...
Fix a fairly common typo in comments
2015-10-01 02:07:24 +01:00
Simon Butcher
a12e3c00bf
Updated ChangeLog with credit
2015-10-01 01:59:33 +01:00
Manuel Pégourié-Gonnard
0aa45c209a
Fix potential overflow in base64_encode
2015-09-30 16:37:49 +02:00
Simon Butcher
5624ec824e
Reordered TLS extension fields in client
...
Session ticket placed at end
2015-09-29 01:06:06 +01:00
Simon Butcher
04799a4274
Fixed copy and paste error
...
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Manuel Pégourié-Gonnard
d02a1daca7
Fix stack buffer overflow in pkcs12
2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard
24417f06fe
Fix potential double-free in mbedtls_ssl_conf_psk()
2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard
58fb49531d
Fix potential buffer overflow in mpi_read_string()
...
Found by Guido Vranken.
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-28 15:59:54 +02:00