Andres AG
3616f6f261
Rename net.{c,h} to net_sockets.{c,h}
...
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Simon Butcher
77d779e8bb
Update for ChangeLog for fixes for cert_app
2016-10-13 13:48:48 +01:00
Simon Butcher
1c8b33ad19
Merge branch 'development'
2016-10-13 13:40:41 +01:00
Simon Butcher
4d69ecd9cb
Added credit to Changelog for fix #558
2016-10-13 00:32:28 +01:00
Janos Follath
ef44178474
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Simon Butcher
f6e3b9e8b2
Clarified Changelog for fix #602
2016-10-12 19:52:38 +01:00
Andres AG
821da84ff9
Fix documentation for mbedtls_gcm_finish()
...
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:49:41 +01:00
Simon Butcher
3a5e070982
Updated Changelog for fix #599
2016-10-12 16:46:48 +01:00
Andres AG
776a6fcd1a
Fix 1 byte overread in mbedtls_asn1_get_int()
2016-10-12 16:43:37 +01:00
Janos Follath
b48c8ac45d
Add safety check to sample mutex implementation
...
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.
This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:36:31 +01:00
Janos Follath
1aae658d76
Add safety check to sample mutex implementation
...
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.
This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:32:17 +01:00
Simon Butcher
5a74d26006
Added credit to Changelog for X.509 DER bounds fix
2016-10-11 14:09:10 +01:00
Andres AG
e0af995f12
Add test for bounds in X509 DER write funcs
2016-10-11 14:07:48 +01:00
Andres AG
60dbc93831
Add missing bounds check in X509 DER write funcs
...
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 14:07:48 +01:00
Simon Butcher
851ae29a5d
Revise Changelog to clarify and add credit
2016-10-11 12:28:04 +01:00
Simon Butcher
b98eaff408
Revise Changelog to clarify and add credit
2016-10-11 10:13:52 +01:00
Simon Butcher
df6c3e8e48
Merge branch 'iotssl-825-double-free-quickfix'
...
Conflicts:
ChangeLog
2016-10-11 00:07:14 +01:00
Simon Butcher
f77309cb35
Update Changelog for fixes to X.509 sample apps
2016-10-10 09:05:26 +01:00
Simon Butcher
f73fd701c0
Update Changelog for fix #559
2016-10-07 11:17:44 +01:00
Simon Butcher
21c54816f5
Add CMAC to ChangeLog
2016-10-05 14:19:18 +01:00
Janos Follath
5437a75b15
Add safety check to sample mutex implementation
...
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.
This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-09-30 09:29:55 +01:00
Andres AG
4b76aecaf3
Add check for validity of date in x509_get_time()
2016-09-28 14:32:54 +01:00
Andres AG
5a87c9375d
Fix overread when verifying SERVER_HELLO in DTLS
2016-09-28 14:26:57 +01:00
Andres AG
7abc974ec4
Add config macro for min bytes hw entropy
2016-09-27 14:25:31 +01:00
Andres AG
f84f8926a7
Add new config.h that does not need entropy source
2016-09-27 14:25:31 +01:00
Andres AG
788aa4a812
Rename net.{c,h} to net_sockets.{c,h}
...
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Simon Butcher
d43fb9598a
Update for ChangeLog for fixes for cert_app
2016-09-26 20:48:56 +01:00
Andres AG
4bdbe09f90
Fix sig->tag update in mbedtls_x509_get_sig()
2016-09-19 17:09:45 +01:00
Andres AG
f9113194af
Allow the entry_name size to be set in config.h
...
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2016-09-16 11:42:35 +01:00
Simon Butcher
c0d76b8255
Update ChangeLog for fix for #541 - out-of-tree CMake builds
2016-09-07 17:25:16 +03:00
Simon Butcher
cad6e93e19
Update to ChangeLog for bug #428
2016-09-05 01:48:31 +03:00
Simon Butcher
5908bccfc0
Updated ChangeLog for PR#565
...
Updated ChangeLog for pull request #565 - Remove unused consts from oid lists
2016-09-04 15:14:38 +01:00
Simon Butcher
327d66520e
Update ChangeLog for fix to crypt_and_hash #441
2016-09-02 21:53:50 +01:00
Simon Butcher
cf8c1f4ddb
Update ChangeLog to include the most recent fixes
2016-09-02 21:29:39 +03:00
Simon Butcher
46125fbb73
Updates ChangeLog with final changes for release
2016-06-27 19:43:55 +01:00
Simon Butcher
9c22e7311c
Merge branch 'development'
2016-05-24 13:25:46 +01:00
Paul Bakker
dc08545395
Update ChangeLog to reflect
2016-05-23 14:29:32 +01:00
Paul Bakker
456fea0000
Amended ChangeLog
2016-05-23 14:29:31 +01:00
Janos Follath
c6dab2b029
Fix non compliance SSLv3 in server extension handling.
...
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:27:02 +01:00
Simon Butcher
94bafdf834
Merge branch 'development'
2016-05-18 18:40:46 +01:00
Paul Bakker
f8e3794792
Update ChangeLog to reflect
2016-05-13 10:50:41 +01:00
Paul Bakker
8f0e4c263a
Amended ChangeLog
2016-05-12 16:38:27 +01:00
Simon Butcher
f8935075dc
Update ChangeLog for bug #429 in ssl_fork_server
2016-05-03 15:43:52 +01:00
Simon Butcher
45732c7cac
Update ChangeLog for bug #429 in ssl_fork_server
2016-04-29 00:12:53 +01:00
Simon Butcher
e4a46f696f
Merge branch 'development'
2016-04-27 18:44:37 +01:00
Simon Butcher
3fe6cd3a2d
Fixes time() abstraction for custom configs
...
Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.
2016-04-26 19:51:29 +01:00
Simon Butcher
a543d11d3a
Fixes mbedtls_mpi_zeroize() function name in ChangeLog
2016-04-26 12:51:37 +01:00
Simon Butcher
d7e9ad7d83
Updates ChangeLog with faster MPI zeroize fix
...
Added optimised mbedtls_mpi_zeroise() credit to ChangeLog.
2016-04-25 16:07:12 +01:00
Janos Follath
8a3170571e
Fix bug in ssl_write_supported_elliptic_curves_ext
...
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 00:41:54 +01:00
Simon Butcher
2300776816
Merge branch 'development'
2016-04-19 10:39:36 +01:00
Janos Follath
1ed9f99ef3
Fix null pointer dereference in the RSA module.
...
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:16:31 +01:00
Simon Butcher
3f5c875654
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
Janos Follath
10c575be3e
Fix odd bitlength RSA key generation
...
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-15 18:49:13 +01:00
Simon Butcher
cd0ee5e499
Fixes following review of 'iotssl-682-selftest-ci-break'
2016-03-21 22:54:37 +00:00
Janos Follath
9194744595
Add exit value macros to platform abstraction layer.
2016-03-18 14:05:28 +00:00
Simon Butcher
de69b1664b
Fix ChangeLog after merge of IOTSSL-628
2016-03-17 11:13:48 +00:00
Simon Butcher
078bcdd6f6
Merge branch 'IOTSSL-628-BufferOverread'
2016-03-16 22:53:11 +00:00
Simon Butcher
184990c1d4
Merge development into development-restricted
2016-03-16 13:56:00 +00:00
Simon Butcher
4b852db299
Merge branch 'iotssl-629-der-trailing-bytes'
...
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Manuel Pégourié-Gonnard
8ddc93f07a
Add precision about exploitability in ChangeLog
...
Also fix some whitespace while at it.
2016-03-09 21:06:20 +00:00
Janos Follath
e43b81ae68
Add Changelog entry for current branch
2016-03-09 21:06:20 +00:00
Janos Follath
3218b21b68
Add Changelog entry for current branch
2016-03-09 21:06:19 +00:00
Manuel Pégourié-Gonnard
370717b571
Add precision about exploitability in ChangeLog
...
Also fix some whitespace while at it.
2016-03-09 21:06:19 +00:00
Janos Follath
cc4eba73fb
Add Changelog entry for current branch
2016-03-09 21:06:19 +00:00
Simon Butcher
00157ce510
Update the ChangeLog
2016-03-09 19:32:11 +00:00
Simon Butcher
f59e66ba24
Remove redundant test certificates and clarify ChangeLog
2016-03-09 19:32:10 +00:00
Janos Follath
b437b4b125
X509: Fix bug triggered by future CA among trusted
...
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-03-09 19:32:10 +00:00
Janos Follath
cc0e49ddde
x509: trailing bytes in DER: fix bug
...
Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. #377
2016-02-17 14:41:36 +00:00
Janos Follath
bc247c9946
Extended ChangeLog entry
2016-02-11 11:15:44 +00:00
Janos Follath
eae41bf340
Add Changelog entry for current branch
2016-02-10 16:40:16 +00:00
Janos Follath
4ae5c294a4
Add Changelog entry and improve coding style
2016-02-10 11:27:43 +00:00
Simon Butcher
9a3ee57c84
Merge branch 'fixes' into development
2016-01-13 02:08:02 +00:00
Manuel Pégourié-Gonnard
c990189e14
Revert changes done to 'make apidoc' target
...
This partially reverts 1989caf71c
(only the changes to Makefile and
CMakeLists, the addition to scripts/config.pl is kept).
Modifying config.h in the apidoc target creates a race condition with
make -j4 all apidoc
where some parts of the library, tests or programs could be built with the
wrong config.h, resulting in all kinds of (semi-random) errors. Recent
versions of CMake mitigate this by adding a .NOTPARALLEL target to the
generated Makefile, but people would still get errors with older CMake
versions that are still in use (eg in RHEL 5), and with plain make.
An additional issue is that, by failing to use cp -p, the apidoc target was
updating the timestamp on config.h, which seems to cause further build issues.
Let's get back to the previous, safe, situation. The improved apidoc building
will be resurrected in a script in the next commit.
fixes #390
fixes #391
2016-01-12 14:48:03 +00:00
Manuel Pégourié-Gonnard
25caaf36a6
Avoid build errors with -O0 due to assembly
2016-01-08 14:29:11 +01:00
Manuel Pégourié-Gonnard
3551901cd1
Make ar invocation more portable
...
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.
fixes #386
2016-01-07 13:55:05 +01:00
Manuel Pégourié-Gonnard
afbb3101ce
Update ChangeLog for latest PR merged
...
fixes #309
2016-01-07 13:26:11 +01:00
Manuel Pégourié-Gonnard
f92c86e44d
Update reference to attack in ChangeLog
...
We couldn't do that before the attack was public
2016-01-07 13:18:01 +01:00
Simon Butcher
bfafadb45d
Change version number to 2.2.1
...
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
7f88b8ec86
Tune description of a change/bugfix in ChangeLog
2016-01-04 17:36:44 +01:00
Simon Butcher
1285ab5dc2
Fix for memory leak in RSA-SSA signing
...
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c
2016-01-01 21:42:47 +00:00
Simon Butcher
c4a6ce6a4c
Merge branch 'origin/iotssl-541-pathlen-bugfix'
2015-12-30 07:52:54 +00:00
Simon Butcher
c42350125e
Clarification in ChangeLog
2015-12-23 18:36:16 +00:00
Simon Butcher
4c2bfdbff6
Merge 'iotssl-558-md5-tls-sigs-restricted'
2015-12-23 18:33:54 +00:00
Simon Butcher
9c2626c641
Merge 'iotssl-566-double-free-restricted'
2015-12-23 16:42:03 +00:00
Simon Butcher
00923c1897
Fix typo in Changelog
2015-12-22 19:04:24 +00:00
Simon Butcher
fabce5e137
Merge branch 'misc' into development
...
Fixes github #358 , #362 and IOTSSL-536
2015-12-22 18:56:56 +00:00
Simon Butcher
207990dcf5
Added description of change to the Changelog
...
Also clarified some comments following review.
2015-12-16 01:51:30 +00:00
Manuel Pégourié-Gonnard
1e07562da4
Fix wrong length limit in GCM
...
See for example page 8 of
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
The previous constant probably came from a typo as it was 2^26 - 2^5 instead
of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
2^32 as the ull suffix and cast to uint64_t show.
fixes #362
2015-12-10 14:54:21 +01:00
Manuel Pégourié-Gonnard
97b5209bc0
Fix potential double free in cert writing code
...
In case an entry with the given OID already exists in the list passed to
mbedtls_asn1_store_named_data() and there is not enough memory to allocate
room for the new value, the existing entry will be freed but the preceding
entry in the list will sill hold a pointer to it. (And the following entries
in the list are no longer reachable.) This results in memory leak or a double
free.
The issue is we want to leave the list in a consistent state on allocation
failure. (We could add a warning that the list is left in inconsistent state
when the function returns NULL, but behaviour changes that require more care
from the user are undesirable, especially in a stable branch.)
The chosen solution is a bit inefficient in that there is a time where both
blocks are allocated, but at least it's safe and this should trump efficiency
here: this code is only used for generating certificates, which is unlikely to
be done on very constrained devices, or to be in the critical loop of
anything. Also, the sizes involved should be fairly small anyway.
fixes #367
2015-12-10 11:23:55 +01:00
Manuel Pégourié-Gonnard
c5892ca50c
Add credits to ChangeLog
2015-12-08 16:14:58 +01:00
Manuel Pégourié-Gonnard
47229c7cbb
Disable MD5 in handshake signatures by default
2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard
f4569b14c4
Fix bug checking pathlen on first intermediate
...
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.
The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)
fixes #280
2015-11-19 11:10:38 +01:00
Simon Butcher
8254ed2a9f
Change version number to 2.2.0
...
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Simon Butcher
59a8fa7e2e
Corrected typo in ChangeLog
2015-11-03 23:09:28 +00:00
Manuel Pégourié-Gonnard
bd3639852c
Merge branch 'iotssl-519-asn1write-overflows-restricted' into development-restricted
...
* iotssl-519-asn1write-overflows-restricted:
Fix other int casts in bounds checking
Fix other occurrences of same bounds check issue
Fix potential buffer overflow in asn1write
2015-11-02 11:07:30 +09:00
Manuel Pégourié-Gonnard
537e2a9b58
Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted
...
* iotssl-518-winpathlen-restricted:
Fix potential heap corruption on Windows
2015-11-02 11:04:59 +09:00
Manuel Pégourié-Gonnard
f8b2442e2f
Merge branch 'iotssl-517-double-free-restricted' into development-restricted
...
* iotssl-517-double-free-restricted:
Fix potential double-free in ssl_conf_psk()
2015-11-02 11:03:32 +09:00
Manuel Pégourié-Gonnard
c99dffad36
Add ChangeLog entry for ASN.1 DER boolean fix
2015-11-02 06:00:02 +09:00
Manuel Pégourié-Gonnard
ba1d897987
Merge branch 'bugfixes' into development
...
* bugfixes:
Fix typo in an OID name
Disable reportedly broken assembly of Sparc(64)
2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard
568f1e7cb3
Merge branch 'iotssl-515-max-pathlen' into development
...
* iotssl-515-max-pathlen:
Add Changelog entries for this branch
Fix a style issue
Fix whitespace at EOL issues
Use symbolic constants in test data
Fixed pathlen contraint enforcement.
Additional corner cases for testing pathlen constrains. Just in case.
Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:49:08 +09:00
Manuel Pégourié-Gonnard
2b624e9b39
Add Changelog entries for this branch
2015-10-30 09:45:34 +01:00
Simon Butcher
204606238c
Merge branch 'development' into misc
2015-10-27 16:57:34 +00:00
Simon Butcher
62aab15085
Merge branch 'development' into iotssl-513-alerts
2015-10-27 16:05:34 +00:00
Simon Butcher
5f7c34b8b0
Merge branch iotssl-521-keylen-check
2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard
e0b2feae34
Mention performance fix in ChangeLog
2015-10-27 10:24:54 +01:00
Manuel Pégourié-Gonnard
65eefc8707
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
d21eb2ae81
Fix attribution in ChangeLog
2015-10-23 15:35:02 +02:00
Manuel Pégourié-Gonnard
fbdf06c1a4
Fix handling of non-fatal alerts
...
fixes #308
2015-10-23 13:11:31 +02:00
Manuel Pégourié-Gonnard
e5f3072aed
Fix #ifdef inconsistency
...
fixes #310
Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
66fc07362e
Fix typo in an OID name
...
fixes #314
2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a
Disable reportedly broken assembly of Sparc(64)
...
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
22c3b7b9da
Fix potential buffer overflow in asn1write
2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard
261faed725
Fix potential heap corruption on Windows
...
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard
173c790722
Fix potential double-free in ssl_conf_psk()
2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard
1ef96c2231
Update ChangeLog for the EC J-PAKE branch
2015-10-20 15:04:57 +02:00
Manuel Pégourié-Gonnard
4104864e54
ECHDE-PSK does not use a certificate
...
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
ca056c7748
Fix CVE number in ChangeLog
2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6
Merge branch 'development' into development-restricted
...
* development:
Remove inline workaround when not useful
Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3
Fix for #279 macroisation of 'inline' keyword
2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
899ac849d0
Merge branch 'development' into development-restricted
...
* development:
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
0431735299
Fix compile error in net.c with musl libc
...
fixes #278
2015-10-05 12:17:49 +01:00
Simon Butcher
475cf0a98a
Merge fix of IOTSSL-496 - Potential heap overflow
...
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard
0223ab9d38
Fix macroization of inline in C++
...
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher
fec73a8eec
Merge of fix for IOTSSL-481 - Double free
...
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher
c48b66bfb6
Changed attribution for Guido Vranken
2015-10-05 10:18:17 +01:00
Simon Butcher
6418ffaadb
Merge fix for IOTSSL-480 - base64 overflow issue
2015-10-05 09:54:11 +01:00
Simon Butcher
a45aa1399b
Merge of IOTSSL-476 - Random malloc in pem_read()
2015-10-05 00:26:36 +01:00
Simon Butcher
e7f96f22ee
Merge fix IOTSSL-475 Potential buffer overflow
...
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
Simon Butcher
d5ba4672b2
Merge fix for IOTSSL-474 PKCS12 Overflow
...
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
Simon Butcher
5b8d1d65f7
Fix for IOTSSL-473 Double free error
...
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard
ef388f168d
Merge branch 'development' into development-restricted
...
* development:
Updated ChangeLog with credit
Fix a fairly common typo in comments
Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
bc1babb387
Fix potential overflow in CertificateRequest
2015-10-02 11:20:28 +02:00
Simon Butcher
54eec9d1dd
Merge pull request #301 from Tilka/typo
...
Fix a fairly common typo in comments
2015-10-01 02:07:24 +01:00
Simon Butcher
a12e3c00bf
Updated ChangeLog with credit
2015-10-01 01:59:33 +01:00
Manuel Pégourié-Gonnard
0aa45c209a
Fix potential overflow in base64_encode
2015-09-30 16:37:49 +02:00
Simon Butcher
5624ec824e
Reordered TLS extension fields in client
...
Session ticket placed at end
2015-09-29 01:06:06 +01:00
Simon Butcher
04799a4274
Fixed copy and paste error
...
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Manuel Pégourié-Gonnard
d02a1daca7
Fix stack buffer overflow in pkcs12
2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard
24417f06fe
Fix potential double-free in mbedtls_ssl_conf_psk()
2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard
58fb49531d
Fix potential buffer overflow in mpi_read_string()
...
Found by Guido Vranken.
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-28 15:59:54 +02:00
Tillmann Karras
588ad50c5a
Fix a fairly common typo in comments
2015-09-25 04:27:22 +02:00
Simon Butcher
8f98842e38
Refined credits in ChangeLog for fuzzing issue
...
Changed GDS to Gotham Digital Science
2015-09-22 10:10:36 +01:00
Manuel Pégourié-Gonnard
8cea8ad8b8
Bump version to 2.1.1
2015-09-17 11:58:45 +02:00
Simon Butcher
ac58c53ab1
Merge remote-tracking branch 'origin/development'
2015-09-16 23:25:25 +01:00
Simon Butcher
7dd82f8fd5
Merge branch 'development' with bugfix branch
...
Conflicts:
ChangeLog
2015-09-16 16:21:38 +01:00
Simon Butcher
5793e7ef01
Merge 'development' into iotssl-411-port-reuse
...
Conflicts:
ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
f7022d1131
Fix bug in server parsing point formats extension
...
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.
Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
cause us to immediately abort the handshake.
None of these are a security issue.
The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Simon Butcher
a1a1128f7d
Updated ChangeLog for fix #275
2015-09-14 21:30:40 +01:00
Simon Butcher
d69f14bed8
Updated Changelog for new version
2015-09-11 20:00:20 +01:00
Simon Butcher
8a52a7468d
Added PR to Changelog for NWilson
2015-09-11 19:44:34 +01:00
Manuel Pégourié-Gonnard
c2ed8029ff
Fix ChangeLog - misplaced entries
2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard
14c2574a9d
Update Changelog
2015-09-08 15:12:45 +02:00
Simon Butcher
e5a21b4493
Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
...
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard
5f50104c52
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d
Fix possible client crash on API misuse
2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
0a0c22e0ef
Add ChangeLog entry about license change
2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard
aac5502553
Bump version to 2.1.0
2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6
Merging iotssl-457-badtail with development branch
2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
b2beb84be6
Changelog entry fro the previous commit
2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard
1385a289f4
Fix possible mutex lock/unlock mismatch
...
fixes #257
2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard
c98204e68f
Fix missing break in switch for SSL presets
...
closes #235
2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard
ed46c436c0
Fix error when loading libmbedtls.so
2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard
e33316c607
Add test build of shared libs for windows
2015-08-07 13:22:37 +02:00
Manuel Pégourié-Gonnard
32da9f66a8
Add support for MBEDTLS_USER_CONFIG_FILE
2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
9983993e27
Fix bug with make install without tests
...
closes #232
2015-08-03 10:42:10 +02:00
Manuel Pégourié-Gonnard
2006408545
Fix Make bug when installing programs
2015-08-03 10:40:38 +02:00
Manuel Pégourié-Gonnard
052d10c9d5
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
e96ce08a21
Fix compile error with armcc5 --gnu
2015-07-31 10:58:06 +02:00
Simon Butcher
10a6f02f83
Merge branch 'development' into IOTSSL-442-hello-noext
...
Conflicts:
ChangeLog
2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard
52a5079cf2
Fix bug with install target in make
...
closes #223
2015-07-27 10:36:12 +02:00
Manuel Pégourié-Gonnard
6f42417ba8
Fix typo in that broke installation in cmake
...
closes #221
2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654
Fix bug with extension-less ServerHello
...
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug
in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
bcb0460224
Fix bug with cmake and old version of GCC
2015-07-19 16:00:04 +02:00
Manuel Pégourié-Gonnard
4f3368e31e
Fix bug in benchmark.c with DHM params
2015-07-19 15:01:28 +02:00
Paul Bakker
4cb87f409d
Prepare for 2.0.0 release
2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
abc729e664
Simplify net_accept() with UDP sockets
...
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
91895853ac
Move from naked int to a structure in net.c
...
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard
a25ffc3b0f
Update Changelog for target split
2015-06-25 12:01:16 +02:00
Manuel Pégourié-Gonnard
53585eeb17
Remove test DHM params from certs.c
...
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
fd474233c8
Change SSL debug API in the library
2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
1cd10adc7c
Update prototype of x509write_set_key_usage()
...
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
60c793bdc9
Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
...
First one means we have time() but it may not return the actual wall clock
time, second means it does.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
797f48ace6
Rename ecp_curve_info.size to bit_size
2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210
Rename key_length in cipher_info
2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
88d37859b6
Update Changelog for the profiles branch
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
7ee5ddd798
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix compile errors with NO_STD_FUNCTIONS
Expand config.pl's notion of "full"
Ack external bugfix in Changelog
FIx misplaced Changelog entry (oops)
Fix compile bug: incompatible declaration of polarssl_exit in platform.c
Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5
Fix compile errors with NO_STD_FUNCTIONS
2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
f2ec505c34
Ack external bugfix in Changelog
2015-06-03 09:50:07 +01:00
Manuel Pégourié-Gonnard
3e87a9f57f
FIx misplaced Changelog entry (oops)
2015-06-03 09:48:26 +01:00
Manuel Pégourié-Gonnard
bc6ff23dc6
Update changelog for i/o lengths
2015-06-02 16:33:08 +01:00
Manuel Pégourié-Gonnard
9693668c23
Tune Changelog (typos, ordering)
2015-06-02 15:14:15 +01:00
Manuel Pégourié-Gonnard
d22514e8f6
Fix contributor's name in Changelog
2015-06-02 12:59:59 +01:00
Manuel Pégourié-Gonnard
0574bb0bdb
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Mark unused constant as such
Update ChangeLog for recent external bugfix
Serious bug fix in entropy.c
Fix memleak with repeated [gc]cm_setkey()
fix minor bug in path_cnt checks
Conflicts:
include/mbedtls/cipher.h
library/ccm.c
library/entropy.c
library/gcm.c
library/x509_crt.c
2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard
5866848092
Update ChangeLog for recent external bugfix
2015-06-02 09:08:35 +01:00
Manuel Pégourié-Gonnard
cb46fd8216
Avoid non-standard strcasecmp()
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
41b9c2b418
Remove individual mdX_file() and shaX_file()
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
eb0d8706ce
Add option for even smaller SHA-256
2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard
2a1524ccb5
Manually merge 1.3 changelog
2015-05-27 17:59:46 +02:00
Manuel Pégourié-Gonnard
61977614d8
Fix memleak with repeated [gc]cm_setkey()
2015-05-27 17:40:16 +02:00
Manuel Pégourié-Gonnard
1b8de57827
Remove a few redundant memset after calloc.
...
Using the following semantic patch provided by Mansour Moufid:
@@
expression x;
@@
x = mbedtls_calloc(...)
...
- memset(x, 0, ...);
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
5b9e5b19a1
Update ChangeLog for s/malloc/calloc
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
50518f4195
Rename _wrap headers to _internal
...
Makes it clearer that the user is not supposed to include them
2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard
866eb471da
Update Changelog for session ticket changes
2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard
0b104b056b
Adapt prototype of net_accept() for explicit size
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d4f04dba42
net.c now depends on select() unconditionally
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
a63bc94a2d
Remove timing_m_sleep() -> net_usleep()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
0c89035d4d
Update Changelog for recent timer changes
2015-05-13 10:28:41 +02:00
Manuel Pégourié-Gonnard
31993f271d
Add per-function override for AES
2015-05-12 15:41:08 +02:00
Manuel Pégourié-Gonnard
e45dba47b5
Remove unused member in des_context
2015-05-12 14:54:15 +02:00
Manuel Pégourié-Gonnard
43b37cbc92
Fix use of pem_read_buffer() in PK, DHM and X509
2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard
2088ba6d30
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Update Changelog for recent contribution
Perf: rewrite of ecp_double_jac
Conflicts:
library/ecp.c
2015-05-12 10:36:26 +02:00
Manuel Pégourié-Gonnard
154b00b07b
Update Changelog for recent contribution
2015-05-11 21:05:36 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c
Change X.509 verify flags to uint32_t
2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
56cc88a796
Rm ecp_add() and add ecp_muladd()
2015-05-11 18:40:45 +02:00
Manuel Pégourié-Gonnard
6dde596a03
Remove ecp_sub()
2015-05-11 18:18:32 +02:00
Manuel Pégourié-Gonnard
aff37e5aa1
Remove ecp_group_read_string()
2015-05-11 18:11:57 +02:00
Manuel Pégourié-Gonnard
06939cebef
Fix order of ssl_conf vs ssl_setup in programs
...
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
9a1a4d6903
Update Changelog with forgotten change
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
01e5e8c1f8
Change a few ssl_conf return types to void
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
caace65711
Update Changelog for recent config split
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
2f84e97929
Fix typos in the Changelog
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
0a4fb09534
Make xxx_drbg_random() thread-safe
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
5cb3308e5f
Merge contexts for session cache
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
6e088f9a0f
Group all renamings together in Changelog
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
662c6e8cdd
Disable truncated HMAC by default
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
1028b74cff
Upgrade default DHM params size
2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
8836994f6b
Move WANT_READ/WANT_WRITE codes to SSL
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
1b511f93c6
Rename ssl_set_bio_timeout() to set_bio()
...
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
bc2b771af4
Move ssl_set_ca_chain() to work on config
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
5a74e8bf19
Make struct cipher_base_t opaque
2015-05-06 17:10:55 +01:00
Manuel Pégourié-Gonnard
3a3ae3d47e
Update changelog
2015-05-06 17:08:54 +01:00
Manuel Pégourié-Gonnard
e36d56419e
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
fix bug in ssl_mail_client
Adapt compat.sh to GnuTLS 3.4
Fix undefined behaviour in x509
Conflicts:
programs/ssl/ssl_mail_client.c
tests/compat.sh
2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard
fa950c9480
fix bug in ssl_mail_client
2015-04-30 12:50:22 +02:00
Manuel Pégourié-Gonnard
159c524df8
Fix undefined behaviour in x509
2015-04-30 11:21:18 +02:00
Manuel Pégourié-Gonnard
da61ed3346
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Include changes from the 1.2 branch
Remove unused headers in o_p_test
Add countermeasure against cache-based lucky 13
Make results of (ext)KeyUsage accessible
Fix missing NULL check in MPI
Fix detection of getrandom()
Fix "make install" handling of symlinks
Fix bugs in programs displaying verify flags
Conflicts:
Makefile
include/polarssl/ssl.h
library/entropy_poll.c
library/ssl_srv.c
library/ssl_tls.c
programs/test/o_p_test.c
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
7b12492c77
Include changes from the 1.2 branch
2015-04-30 10:16:19 +02:00
Manuel Pégourié-Gonnard
7d1e95c991
Add countermeasure against cache-based lucky 13
2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
e16b62c3a9
Make results of (ext)KeyUsage accessible
2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e
Fix missing NULL check in MPI
2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard
d97828e7af
Fix detection of getrandom()
2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
f5203e0bb5
Fix "make install" handling of symlinks
2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
8a81e84638
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Add countermeasure against cache-based lucky 13
Conflicts:
library/ssl_tls.c
2015-04-29 02:13:42 +02:00
Manuel Pégourié-Gonnard
eab147c4d0
Rename pkcs11_xxx_init() to bind()
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
69a69cc5ae
memory_buffer_alloc_init() now returns void
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
41d479e7df
Split ssl_init() -> ssl_setup()
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
47fede0d6d
Add countermeasure against cache-based lucky 13
2015-04-29 01:35:48 +02:00
Manuel Pégourié-Gonnard
8d128efd48
Split mbedtls_ctr_drbg_init() -> seed()
2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5
Split mbedtls_hmac_drbg_init() -> seed{,_buf}()
2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265
Split mbedtls_gcm_init() -> gcm_setkey()
2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969
Split mbedtls_ccm_init() -> setkey()
2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
d54e617ea6
Restructure Changelog
2015-04-28 17:56:12 +02:00
Manuel Pégourié-Gonnard
8f5fd31212
Change mutex_init/free to return void
2015-04-24 14:42:34 +02:00
Manuel Pégourié-Gonnard
e75fa70b36
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Make results of (ext)KeyUsage accessible
Use x509_crt_verify_info() in programs
Add x509_crt_verify_info()
Conflicts:
ChangeLog
include/mbedtls/x509_crt.h
include/polarssl/ssl.h
include/polarssl/x509.h
library/ssl_srv.c
library/ssl_tls.c
library/x509_crt.c
programs/ssl/ssl_client1.c
programs/ssl/ssl_client2.c
programs/ssl/ssl_mail_client.c
programs/ssl/ssl_server2.c
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
tests/ssl-opt.sh
tests/suites/test_suite_x509parse.function
2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard
e6efa6f54e
manually merge 9f98251
make extKeyUsage accessible
2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard
b5f48ad82f
manually merge 39a183a
add x509_crt_verify_info()
2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard
e2650c8238
Merge branch 'mbedtls-1.3' into development
...
* commit '23c0608':
Fix bug in generate_code.pl
Fix typo in contributor name (oops!)
2015-04-17 20:39:50 +02:00
Manuel Pégourié-Gonnard
144bc224e9
Merge branch 'mbedtls-1.3' into development
...
* commit 'a2fce21':
Fix potential NULL dereference on bad usage
Conflicts:
library/ssl_tls.c
2015-04-17 20:39:07 +02:00
Manuel Pégourié-Gonnard
53c76c07de
Merge branch 'mbedtls-1.3' into development
...
* commit 'ce60fbe':
Fix potential timing difference with RSA PMS
Update Changelog for recent merge
Added more constant-time code and removed biases in the prime number generation routines.
Conflicts:
library/bignum.c
library/ssl_srv.c
2015-04-17 20:19:32 +02:00
Manuel Pégourié-Gonnard
de9b363fbd
Merge branch mbedtls-1.3 into development
...
* commit '95f0089':
Update Changelog for DH params
Add test case for dh params with privateValueLength
accept PKCS#3 DH parameters with privateValueLength included
Conflicts:
library/dhm.c
2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard
9f98251e72
Make results of (ext)KeyUsage accessible
2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
39a183a629
Add x509_crt_verify_info()
2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
ba334201a9
Fix typo in contributor name (oops!)
2015-04-17 17:24:20 +02:00
Manuel Pégourié-Gonnard
a2fce21ae5
Fix potential NULL dereference on bad usage
2015-04-15 21:04:19 +02:00
Manuel Pégourié-Gonnard
12a8b66961
Update Changelog for recent merge
2015-04-15 14:20:14 +02:00
Manuel Pégourié-Gonnard
95f00892d2
Update Changelog for DH params
2015-04-15 14:12:05 +02:00
Manuel Pégourié-Gonnard
ab22910191
Just use stdint.h even with MSVC
2015-04-15 11:58:31 +02:00
Manuel Pégourié-Gonnard
862d503c01
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix typos in Changelog
Fix macro name from wrong branch
Fix bug in pk_parse_key()
Fixed typos
Updated Travis CI config for mbedtls project
Conflicts:
include/mbedtls/ecp.h
include/polarssl/compat-1.2.h
include/polarssl/openssl.h
include/polarssl/platform.h
library/pkparse.c
programs/pkey/mpi_demo.c
2015-04-15 11:30:46 +02:00
Manuel Pégourié-Gonnard
0645bfa74e
Fix typos in Changelog
2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e6c8366b46
Fix bug in pk_parse_key()
2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e1e5871a55
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix bug in pk_parse_key()
Update generated file
Conflicts:
library/pkparse.c
library/version_features.c
2015-04-15 10:50:34 +02:00
Paul Bakker
6152b0267c
Fixed typos
2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard
924cd100a6
Fix bug in pk_parse_key()
2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard
975d5fa206
Remove option HAVE_LONGLONG
2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard
7b53889f05
Remove support for HAVE_INT8 and HAVE_INT16
2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard
b31424c86a
Make HAVE_IPV6 non-optional
2015-04-09 16:42:38 +02:00
Manuel Pégourié-Gonnard
43b997fee9
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Deprecate HAVE_INT8 and HAVE_INT16
Deprecate using NET_C without HAVE_IPV6
Officially deprecate compat-1.2.h and openssl.h
Document POLARSSL_CAMELLIA_SMALL_MEMORY
Fix bug with ssl_set_curves() check on client
Fix bug in POLARSSL_PLATFORM_STD_EXIT support
2015-04-09 15:34:42 +02:00
Manuel Pégourié-Gonnard
23ce09b18f
Deprecate HAVE_INT8 and HAVE_INT16
2015-04-09 14:51:51 +02:00
Manuel Pégourié-Gonnard
a98af5e2b2
Deprecate using NET_C without HAVE_IPV6
2015-04-09 14:40:46 +02:00
Manuel Pégourié-Gonnard
8c3f0f4c16
Official deprecate compat-1.2.h and openssl.h
2015-04-09 14:10:26 +02:00
Manuel Pégourié-Gonnard
d759d7d720
Update ChangeLog for Great Renaming
2015-04-08 20:13:33 +02:00
Manuel Pégourié-Gonnard
07ec1ddd10
Fix bug with ssl_set_curves() check on client
2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard
29f777ef54
Fix bug with ssl_set_curves() check on client
2015-04-03 17:57:59 +02:00
Manuel Pégourié-Gonnard
f1d2f7c456
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix bug in Via Padlock support
Fix portability issue in Makefile
2015-04-02 12:44:00 +01:00
Manuel Pégourié-Gonnard
cf201201e6
Fix bug in Via Padlock support
2015-04-02 10:53:59 +01:00
Manuel Pégourié-Gonnard
427b672551
Add XXX_PROCESS_ALT mecchanism
2015-03-31 18:32:50 +02:00
Manuel Pégourié-Gonnard
26c9f90cae
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Add missing depends in x509 programs
Simplify ifdef checks in programs/x509
Fix thread safety issue in RSA operations
Add test certificate for bitstring in DN
Add support for X.520 uniqueIdentifier
Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
0878a0d884
Add missing depends in x509 programs
2015-03-31 15:14:37 +02:00
Manuel Pégourié-Gonnard
c89d6cf77c
Make pk_info_t opaque
2015-03-31 14:43:19 +02:00
Manuel Pégourié-Gonnard
8c8be1ebbb
Change default min TLS version to TLS 1.0
2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard
348bcb3694
Make RSA_ALT support optionnal
2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard
8fce937a1a
Simplify ecdsa_context
2015-03-31 13:06:41 +02:00
Manuel Pégourié-Gonnard
dfdcac9d51
Merge ecdsa_write_signature{,_det}() together
2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard
b8cfe3f0d9
pk_sign() now requires non-NONE md_alg for ECDSA
2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard
fa44f20b9f
Change authmode default to Required on client
2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard
606df8c199
Re-section ChangeLog
2015-03-27 17:13:17 +01:00
Manuel Pégourié-Gonnard
1d0ca1a336
Move key_usage to more that 8 bits
2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard
1022fed36e
Remove redundant sig_oid2 in x509 structures
2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard
88fca3ef0e
Fix thread safety issue in RSA operations
...
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).
The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.
A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
2015-03-27 15:12:05 +01:00
Manuel Pégourié-Gonnard
39ead3ef2f
Add test certificate for bitstring in DN
2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard
a958d69a70
Rename test_ca_list to test_cas_pem
2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard
75f901006b
Add len constants to certs.c
2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard
147fa097e2
Reintroduce md_init_ctx compatibility wrapper
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281
Make hmac_ctx optional
...
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4da88c50c1
Remove specific xxx_hmac functions
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
ca878dbaa5
Make md_info_t an opaque structure
...
- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
negligible
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
d81562ffc0
Remove RC4 ciphersuites by default
2015-03-23 14:51:08 +01:00
Manuel Pégourié-Gonnard
8a80318df2
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Update generated file
Update Changelog for deprecation config flags
Fix tests to work with DEPRECATED_REMOVED
Add POLARSSL_DEPRECATED_{WARNING,REMOVED}
Suppress clang warning we don't want
2015-03-23 14:31:25 +01:00
Manuel Pégourié-Gonnard
f7dbedb7db
Update Changelog for deprecation config flags
2015-03-23 14:20:04 +01:00
Manuel Pégourié-Gonnard
849b174e57
Disable RC4 by default in the library
2015-03-20 19:14:19 +00:00
Manuel Pégourié-Gonnard
4b378c9423
Remove old script
2015-03-20 18:30:40 +00:00
Manuel Pégourié-Gonnard
c4dfaccfa0
Update ChankeLog for removed programs
2015-03-20 17:46:40 +00:00
Manuel Pégourié-Gonnard
fa8aebcbcc
Fix a constness issue
2015-03-19 13:38:17 +00:00
Manuel Pégourié-Gonnard
35f1d7f0aa
Update signature of mpi_mul_mpi()
2015-03-19 12:42:40 +00:00
Manuel Pégourié-Gonnard
cc0d084820
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Actually use armcc for the armcc test ^^'
Add more -O level variety in all.sh
Document recent make changes
build: Makefile: cleanup CFLAGS
build: Makefile: cleanup LDFLAGS
build: Makefile: simplify root Makefile
build: Makefile: remove bashism
Conflicts:
programs/Makefile
2015-03-13 16:32:40 +00:00
Manuel Pégourié-Gonnard
40f315ac16
Document recent make changes
2015-03-13 13:50:30 +00:00
Manuel Pégourié-Gonnard
b6b16bddc3
Drop pbkdf2 module (superseded by pkcs5)
2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
f9c1387b9d
Drop POLARSSL_ERROR_STRERROR_BC
2015-03-11 10:59:38 +00:00
Manuel Pégourié-Gonnard
57a26da593
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Use link-time garbage collection in memory.sh
scripts/memory.sh only work on Linux
Add missing 'const' on selftest data
Use only headers for doxygen (no doc in C files)
Add missing extern "C" guard in aesni.h
Fix compile error with renego disabled
Remove slow PKCS5 test
Stop checking key-cert match systematically
Make tests/*.sh runnable from anywhere
Update visual C files
2015-03-11 10:30:21 +00:00
Manuel Pégourié-Gonnard
1a90147dc5
Add missing extern "C" guard in aesni.h
2015-03-10 16:12:29 +00:00
Manuel Pégourié-Gonnard
51bccd3889
Fix compile error with renego disabled
2015-03-10 16:09:08 +00:00
Manuel Pégourié-Gonnard
f427f8854a
Stop checking key-cert match systematically
2015-03-10 15:35:29 +00:00
Manuel Pégourié-Gonnard
88bdb0bb51
Update Changelog with recent changes
2015-03-10 14:02:33 +00:00
Manuel Pégourié-Gonnard
cd4cd1dd26
Merge branch 'development' into dtls
...
* development:
Fix the fix to ssl_set_psk()
Update Changelog
Finish fixing memleak in ssl_server2 arg parsing
Fix another potential memory leak found by find-mem-leak.cocci.
Add a rule for another type of memory leak to find-mem-leak.cocci.
Fix a potential memory leak found by find-mem-leak.cocci.
Add a semantic patch to find potential memory leaks.
Fix whitespace of 369e6c20
.
Apply the semantic patch rm-malloc-cast.cocci.
Add a semantic patch to remove casts of malloc.
2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard
df4e44025d
Update Changelog
2015-02-18 10:11:06 +00:00
Manuel Pégourié-Gonnard
cc8980872c
Merge branch 'mbedtls-1.4' into dtls
...
* mbedtls-1.4:
Add missing require_gnutls guards in ssl-opt.sh
Remove gnutls from the travis build
Update release date and added note
2015-02-17 16:50:45 +00:00
Manuel Pégourié-Gonnard
d901d17817
Merge branch 'development' into dtls
...
* development: (100 commits)
Update Changelog for the mem-measure branch
Fix issues introduced when rebasing
Fix compile error in memory_buffer_alloc_selftest
Code cosmetics
Add curve25519 to ecc-heap.sh
Add curve25519 to the benchmark program
Fix compile issue when buffer_alloc not available
New script ecc-heap.sh
Fix unused variable issue in some configs
Rm usunused member in private struct
Add heap usage for PK in benchmark
Use memory_buffer_alloc() in benchmark if available
Only define mode_func if mode is enabled (CBC etc)
PKCS8 encrypted key depend on PKCS5 or PKCS12
Disable SRV_C for client measurement
Output stack+heap usage with massif
Enable NIST_OPTIM by default for config-suite-b
Refactor memory.sh
Adapt memory.sh to config-suite-b
Adapt mini-client for config-suite-b.h
...
Conflicts:
ChangeLog
include/polarssl/net.h
library/Makefile
library/error.c
library/ssl_tls.c
programs/Makefile
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard
ad350ed759
Update Changelog for the mem-measure branch
2015-02-16 17:45:35 +00:00
Manuel Pégourié-Gonnard
ea0184bbeb
Document changes to make for windows
2015-02-16 15:42:16 +00:00
Manuel Pégourié-Gonnard
09eb14c01e
Revert "Require unix-utils in path for windows make"
...
This reverts commit 5d46cca09a
.
In preparation of merging an external contribution that superseedes this
Conflicts:
ChangeLog
2015-02-16 15:25:31 +00:00
Paul Bakker
9c5898f033
Update release date and added note
2015-02-16 16:22:05 +01:00
Manuel Pégourié-Gonnard
6fdc4cae53
Fix potential signedness issue
2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard
00c220123d
Update Changelog for portability improvements
2015-02-13 15:15:51 +00:00
Manuel Pégourié-Gonnard
5d46cca09a
Require unix-utils in path for windows make
2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard
dda5213982
Fix harmless warnings with mingw in timing.c
2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard
38433535e3
Fix hardclock() with mingw64
2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard
677af93baa
Update Changelog for the cleanup branch
2015-02-10 11:41:57 +00:00
Manuel Pégourié-Gonnard
6f60cd848b
Move from SHA-1 to SHA-256 as default in programs
2015-02-10 11:31:58 +00:00
Manuel Pégourié-Gonnard
7bf1976034
Prepare Changelog for 1.3 branch development
...
This is meant to minimize/simplify merge conflict between topic branches.
2015-02-10 10:09:37 +00:00
Manuel Pégourié-Gonnard
f7d2bbaa62
Merge branch 'development' into dtls
...
* development:
Add missing guards for gnuTLS
Prepare for mbed TLS 1.3.10 release
Fix potential timing issue in RSA pms handling
Conflicts:
ChangeLog
doxygen/input/doc_mainpage.h
doxygen/mbedtls.doxyfile
include/polarssl/version.h
library/CMakeLists.txt
library/ssl_srv.c
tests/suites/test_suite_version.data
visualc/VS2010/mbedTLS.vcxproj
visualc/VS6/mbedtls.dsp
visualc/VS6/mbedtls.dsw
2015-02-09 11:42:40 +00:00
Paul Bakker
daae3b749b
Prepare for mbed TLS 1.3.10 release
2015-02-08 15:49:54 +01:00
Manuel Pégourié-Gonnard
6674cce892
Fix potential timing issue in RSA pms handling
2015-02-06 11:36:56 +00:00
Manuel Pégourié-Gonnard
20343cfec9
Merge branch 'development' into dtls
...
* development:
Add attribution
Fix ignore patterns for windows cmake again
2015-02-03 11:31:06 +00:00
Manuel Pégourié-Gonnard
aa422b2f1a
Add attribution
2015-02-02 09:30:45 +00:00
Manuel Pégourié-Gonnard
2a0718d947
Merge branch 'development' into dtls
...
* development: (46 commits)
Fix url again
Fix small bug in base64_encode()
Fix depend that was checked but not documented
Fix dependency that was not checked
Minor gitginore fixes
Move some ignore patterns to subdirectories
Ignore CMake/MSVC-related build files.
Re-categorize changelog entry
Fix misattribution
Minor nits with stdout/stderr.
Add cmake compatibility targets
Add script for polarssl symlink creation
Fix more stdio inclusion issues
Add debug info for cert/suite selection
Fix possible portability issue
Fix bug in ssl_get_verify_result()
aescrypt2.c local char array not initial
Update Changelog
Fix mips64 bignum implementation
Fix usage string of ssl_client2
...
Conflicts:
include/polarssl/ssl.h
library/CMakeLists.txt
library/Makefile
programs/Makefile
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
visualc/VS2010/PolarSSL.sln
visualc/VS2010/mbedTLS.vcxproj
visualc/VS6/mbedtls.dsp
visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
65fc6a886a
Fix small bug in base64_encode()
2015-01-28 16:49:26 +00:00
Manuel Pégourié-Gonnard
f3046efb24
Re-categorize changelog entry
2015-01-28 15:21:42 +00:00
Manuel Pégourié-Gonnard
ee7d599904
Fix misattribution
2015-01-28 15:21:42 +00:00
Manuel Pégourié-Gonnard
607d663b41
Add debug info for cert/suite selection
2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
e89163c0a8
Fix bug in ssl_get_verify_result()
2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
9d7fc16dbf
Update Changelog
2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard
c9e0483b42
Update Changelog
2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard
acdb9b9525
Fix unchecked error code on Windows
2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard
67505bf9e8
Merge branch 'development' into dtls
...
* development:
Adapt tests to new defaults/errors.
Fix typos/cosmetics in Changelog
Disable RC4 by default in example programs.
Add ssl_set_arc4_support()
Set min version to TLS 1.0 in programs
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
bfccdd3c92
Merge commit '36adc36' into dtls
...
* commit '36adc36':
Add support for getrandom()
Use library default for trunc-hmac in ssl_client2
Make truncated hmac a runtime option server-side
Fix portability issue in script
Specific error for suites in common but none good
Prefer SHA-1 certificates for pre-1.2 clients
Some more refactoring/tuning.
Minor refactoring
Conflicts:
include/polarssl/error.h
include/polarssl/ssl.h
library/error.c
2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard
8fbb01ec84
Merge commit 'b2eaac1' into dtls
...
* commit 'b2eaac1':
Stop assuming chars are signed
Add tests for CBC record splitting
Fix tests that were failing with record splitting
Allow disabling record splitting at runtime
Add 1/n-1 record splitting
Enhance doc on ssl_write()
Conflicts:
include/polarssl/ssl.h
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard
0af1ba3521
Merge commit 'f6080b8' into dtls
...
* commit 'f6080b8':
Fix warning in reduced configs
Adapt to "negative" switch for renego
Add tests for periodic renegotiation
Make renego period configurable
Auto-renegotiate before sequence number wrapping
Update Changelog for compile-option renegotiation
Switch from an enable to a disable flag
Save 48 bytes if SSLv3 is not defined
Make renegotiation a compile-time option
Add tests for renego security enforcement
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
programs/ssl/ssl_server2.c
tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43
Merge commit 'd7e2483' into dtls
...
* commit 'd7e2483': (57 commits)
Skip signature_algorithms ext if PSK only
Fix bug in ssl_client2 reconnect option
Cosmetics in ssl_server2
Improve debugging message.
Fix net_usleep for durations greater than 1 second
Use pk_load_file() in X509
Create ticket keys only if enabled
Fix typo in #ifdef
Clarify documentation a bit
Fix comment on resumption
Update comment from draft to RFC
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
Add recursion.pl to all.sh
Allow x509_crt_verify_child() in recursion.pl
Set a compile-time limit to X.509 chain length
Fix 3DES -> DES in all.sh (+ time estimates)
Add curves.pl to all.sh
Rework all.sh to use MSan instead of valgrind
Fix depends on individual curves in tests
Add script to test depends on individual curves
...
Conflicts:
CMakeLists.txt
programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5
Merge commit '8b9bcec' into dtls
...
* commit '8b9bcec':
Stop assuming chars are signed
Fix len miscalculation in buffer-based allocator
Fix NULL dereference in buffer-based allocator
Add test_suite_memory_buffer_alloc
Add memory_buffer_alloc_self_test()
Fix missing bound check
Add test for ctr_drbg_update() input sanitizing
Refactor for clearer correctness/security
Stop assuming chars are signed
Conflicts:
library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Manuel Pégourié-Gonnard
d1a878c68f
Fix typos/cosmetics in Changelog
2015-01-14 16:59:23 +01:00
Paul Bakker
5b8f7eaa3e
Merge new security defaults for programs (RC4 disabled, SSL3 disabled)
2015-01-14 16:26:54 +01:00
Paul Bakker
36adc3631c
Merge support for getrandom() call
2015-01-14 16:19:59 +01:00
Paul Bakker
c82b7e2003
Merge option to disable truncated hmac on the server-side
2015-01-14 16:16:55 +01:00
Paul Bakker
e522d0fa57
Merge smarter certificate selection for pre-TLS-1.2 clients
2015-01-14 16:12:48 +01:00
Paul Bakker
f3561154ff
Merge support for 1/n-1 record splitting
2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
5dd28ea432
Fix len miscalculation in buffer-based allocator
2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
547ff6618f
Fix NULL dereference in buffer-based allocator
2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
5cb4b31057
Fix missing bound check
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
fa06581c73
Disable RC4 by default in example programs.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
448ea506bf
Set min version to TLS 1.0 in programs
2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
18292456c5
Add support for getrandom()
2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e
Specific error for suites in common but none good
2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
df331a55d2
Prefer SHA-1 certificates for pre-1.2 clients
2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard
3ff78239fe
Add tests for CBC record splitting
2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard
d94232389e
Skip signature_algorithms ext if PSK only
2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
fa4238838a
Update Changelog for compile-option renegotiation
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
fd6c85c3eb
Set a compile-time limit to X.509 chain length
2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard
426d4ae7ff
Split x509_crl_parse_der() out of x509_crl_parse()
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
8c9223df84
Add text view to debug_print_buf()
2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
d681443f69
Fix potential stack overflow
2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
e959979621
Fix ECDSA sign buffer size
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
b31b61b9e8
Fix potential undefined behaviour in Camellia
2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard
54f6e562e6
Fix CFLAGS with cmake and gcc
2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard
de17125875
Update ChangeLog for pk_check_pair() & Co
2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard
e10e06d863
Blind RSA operations even without CRT
2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard
d056ce0e3e
Use seq_num as AEAD nonce by default
2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
c7647079fa
Merge branch 'development' into dtls
...
* development:
Include 1.2.12 release information in ChangeLog
2014-11-05 16:02:57 +01:00
Manuel Pégourié-Gonnard
b3c6a97b31
Update Changelog for session-hash
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
c122ae7612
Update Changelog for EtM
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
178f9d6e19
Update Changelog for FALLBACK_SCSV
2014-11-05 16:00:49 +01:00
Paul Bakker
a6c5ea2c43
Include 1.2.12 release information in ChangeLog
2014-10-24 16:26:29 +02:00
Paul Bakker
1de7ddc333
Remove duplicate ChangeLog lines
2014-10-21 16:33:30 +02:00
Manuel Pégourié-Gonnard
4d7fbbf8fd
Update Changelog
2014-10-21 16:32:59 +02:00
Manuel Pégourié-Gonnard
ef88e68188
Deprecate ssl_set_bio()
2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
e6bdc4497c
Merge I/O contexts into one
2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard
f4acfe1808
Document previous API changes in this branch
2014-10-21 16:32:23 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Paul Bakker
b082bb50de
Fix typos in ChangeLog
2014-10-20 13:37:51 +02:00
Manuel Pégourié-Gonnard
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard
43c3b28ca6
Fix memory leak with crafted ClientHello
2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard
64938c63f0
Accept spaces at end of line/buffer in base64
2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard
7f4ed67a97
Fix compile error with armcc in mpi_is_prime()
2014-10-15 22:06:46 +02:00
Manuel Pégourié-Gonnard
da1b4de0e4
Increase MPI_MAX_BYTES to allow RSA 8192
2014-10-15 22:06:46 +02:00
Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard
480905d563
Fix selection of hash from sig_alg ClientHello ext.
2014-08-30 14:19:59 +02:00
Sander Niemeijer
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard
a13500fdf7
Fix bug with ssl_close_notify and non-blocking I/O
2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard
f07f421759
Fix server-initiated renego with non-blocking I/O
2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard
f26a1e8602
ssl_read() stops returning non-application data
2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard
dca108e5a2
Rm reference to non-existent file in VS projects
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
462906f955
Do no test net_usleep() when not defined
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
868c0eea08
Update Changelog for the last few commits
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
42cc641159
Don't print uninitialized buffer in ssl_mail_client
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9a6b442cee
Fix non-blocking sockets in net_accept()
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
a04fa4fa04
RSA-PSK key exchange requires TLS 1.x
...
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858
Fix compile error in ssl_pthread_server
2014-08-14 11:34:33 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
1910aa78a3
Fix release date for 1.3.8
2014-07-11 11:28:56 +02:00
Paul Bakker
0ae5a3d336
Include 1.2.11 ChangeLog
2014-07-11 11:28:30 +02:00
Paul Bakker
6c343d7d9a
Fix mpi_write_string() to write "00" as hex output for empty MPI
2014-07-10 15:27:10 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
28476e2789
Updated ChangeLog
2014-07-09 10:19:52 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f
Change selection of hash algorithm for TLS 1.2
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
bd77254b18
md_list() starting with strongest hash
2014-07-08 13:03:02 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Paul Bakker
b9e08b086b
Merge server-side enforced renegotiation requests
2014-07-04 15:01:37 +02:00
Paul Bakker
d598318661
Fix base64_decode() to return and check length correctly
2014-07-04 15:01:00 +02:00
Paul Bakker
23647b4df5
Update ChangeLog
2014-07-04 15:00:12 +02:00
Manuel Pégourié-Gonnard
dfc7df0bec
Add SSL_CIPHERSUITES config option
2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard
01edb1044c
Add POLARSSL_REMOVE_RC4_CIPHERSUITES
2014-06-25 11:27:59 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
3135725670
Disable broken Sparc64 bn_mul assembly
2014-06-25 11:26:15 +02:00
Manuel Pégourié-Gonnard
8df68632e8
Fix bug in DHE-PSK PMS computation
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579
Fix off-by-one error in point format parsing
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
acbcbba860
Fix asm format of bn_mul.h for more portability
...
Found by Barry K. Nathan.
Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html :
"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-06-25 11:26:13 +02:00
Barry K. Nathan
35e7cb9aa6
Fix preprocessor checks for bn_mul PPC asm
...
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a
Restore ability to trust non-CA selfsigned EE cert
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516
Restore ability to use v1 CA if trusted locally
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
08485cca81
Fix SSL_BUFFER_LEN
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
eaa76f7e20
Fix computation of minlen for encrypted packets
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
0bcc4e1df7
Fix length checking for AEAD ciphersuites
2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard
3579522d31
Update Changelog for example configs changes
2014-06-24 17:33:54 +02:00
Manuel Pégourié-Gonnard
398c57b0b3
Blowfish accepts variable key len in cipher layer
2014-06-24 11:01:33 +02:00
Paul Bakker
3c38f29a61
Fix DER output of gen_key app (found by Gergely Budai)
2014-06-14 16:46:43 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Paul Bakker
c2ff2083ee
Merge parsing and verification of RSASSA-PSS in X.509 modules
2014-06-12 22:02:47 +02:00
Paul Bakker
f51183a262
Revert deleted PolarSSL 1.3.4 release line in ChangeLog
2014-06-12 21:53:40 +02:00
Paul Bakker
863989bc81
Add LINK_WITH_PTHREAD to ChangeLog
2014-06-12 21:49:01 +02:00
Paul Bakker
49033ba0ac
Update ChangeLog for external fixes
2014-06-12 21:46:13 +02:00
Manuel Pégourié-Gonnard
b479871956
Update Changelog for RSASSA-PSS in X.509
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard
bf696d030b
Make sig_opts non-optional in X509 structures
...
This simplifies the code.
2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
cf975a3857
Factor out some common code
2014-06-02 16:12:46 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
c6ece49890
Updated ChangeLog for CCM
2014-05-22 15:45:03 +02:00
Paul Bakker
0f651c7422
Stricter check on SSL ClientHello internal sizes compared to actual packet size
2014-05-22 15:12:19 +02:00
Paul Bakker
dff3139cc8
Updated ChangeLog
2014-05-22 15:06:41 +02:00
Paul Bakker
5593f7caae
Fix typo in debug_print_msg()
2014-05-06 10:29:28 +02:00
Paul Bakker
47431b6d31
Updated ChangeLog for 1.3.7 to 2014-05-02
2014-05-02 13:27:13 +02:00
Paul Bakker
da13016d84
Prepped for 1.3.7 release
2014-05-01 14:27:19 +02:00
Barry K. Nathan
cf975f5988
Fix build with cc from Apple LLVM
...
On Xcode 4.x and above (I tested Xcode 4.6.3 on 10.7.5 and Xcode 5.5.1 on 10.9.2), cmake (2.8.12.2, whether from MacPorts or from clang.org, FWIW) is detecting /usr/bin/cc as Clang, but CMAKE_COMPILER_IS_CLANG is not getting set, so the tests aren't being built. (There may have been other build problems as well, but the fact that the tests weren't being built was by far the most obvious problem.)
Checking the compiler ID detected by cmake, rather than the name of the command used to invoke the compiler, fixes this.
2014-04-30 16:53:34 +02:00
Markus Pfeiffer
a26a005acf
Make compilation on DragonFly work
2014-04-30 16:52:28 +02:00
Paul Bakker
2a024ac86a
Merge dependency fixes
2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard
c16f4e1f78
Move RC4 ciphersuites down the list
2014-04-30 16:27:06 +02:00
Paul Bakker
8eab8d368b
Merge more portable AES-NI
2014-04-30 16:21:08 +02:00
Paul Bakker
33dc46b080
Fix bug with mpi_fill_random() on big-endian
2014-04-30 16:20:39 +02:00
Paul Bakker
f96f7b607a
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-04-30 16:02:38 +02:00
Paul Bakker
6384440b13
Better support for the different Attribute Types from IETF PKIX (RFC 5280)
2014-04-30 15:34:12 +02:00
Paul Bakker
24f37ccaed
rsa_check_pubkey() now allows an E up to N
2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5
version_check_feature() added to check for compile-time options at run-time
2014-04-30 11:49:44 +02:00
Paul Bakker
a70366317d
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
3a306b9067
Fix misplaced #endif in ssl_tls.c
2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2
Fix some more curve depends in X.509 tests
2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
63a5bfe903
Update Changelog for AES-NI
2014-04-26 17:21:07 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6
Debug module only outputs full lines instead of parts
2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa
debug_set_log_mode() added to determine raw or full logging
2014-04-25 16:58:14 +02:00
Paul Bakker
61885c7f7f
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
...
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker
fdba46885b
cert_write app should use subject of issuer certificate as issuer of cert
2014-04-25 11:48:35 +02:00
Paul Bakker
4ffcd2f9c3
Typo in PKCS#11 module
2014-04-25 11:44:12 +02:00
Paul Bakker
10a9dd35ea
Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c
2014-04-25 11:27:16 +02:00
Paul Bakker
088c5c5f18
POLARSSL_CONFIG_OPTIONS has been removed. Values are set individually
...
For the Platform module this requires the introduction of
POLARSSL_PLATFORM_NO_STD_FUNCTIONS to allow not performing the default
assignments.
2014-04-25 11:11:10 +02:00
Paul Bakker
e92f73d73b
Updated ChangeLog
2014-04-18 14:08:26 +02:00
Paul Bakker
784b04ff9a
Prepared for version 1.3.6
2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard
9655e4597a
Reject certificates with times not in UTC
2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard
0776a43788
Use UTC to heck certificate validity
2014-04-11 13:59:31 +02:00
Paul Bakker
52c5af7d2d
Merge support for verifying the extendedKeyUsage extension in X.509
2014-04-11 13:58:57 +02:00