Commit graph

1346 commits

Author SHA1 Message Date
Jaeden Amero a0d60a4dbc Add ChangeLog entry for PR #1384 2018-02-22 08:28:10 +00:00
Gilles Peskine 8db3efbc76 Add missing MBEDTLS_DEPRECATED_REMOVED guards
Add missing MBEDTLS_DEPRECATED_REMOVED guards around the definitions
of mbedtls_aes_decrypt and mbedtls_aes_encrypt.
This fixes the build under -Wmissing-prototypes -Werror.

Fixes #1388
2018-02-21 19:16:20 +01:00
Gilles Peskine 420386d61d Merge branch 'pr_1352' into mbedtls-2.7-proposed 2018-02-20 16:40:50 +01:00
Gilles Peskine 200b24fdf8 Mention in ChangeLog that this fixes #1351 2018-02-20 16:40:11 +01:00
Gilles Peskine 1e3fd69777 Merge remote-tracking branch 'upstream-public/pr/1333' into development-proposed 2018-02-14 15:12:49 +01:00
Gilles Peskine 49ac5d06ed Merge branch 'pr_1365' into development-proposed 2018-02-14 14:36:44 +01:00
Gilles Peskine 27b0754501 Add ChangeLog entries for PR #1168 and #1362 2018-02-14 14:36:33 +01:00
Gilles Peskine 5daa76537a Add ChangeLog entry for PR #1165 2018-02-14 14:10:24 +01:00
Antonio Quartulli 12ccef2761
pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:15 +08:00
Ron Eldor 099e61df52 Rephrase Changelog
Rephrase Changelog to be more coherent to users
2018-02-06 17:34:27 +02:00
Ron Eldor 85e1dcff6a Fix handshake failure in suite B
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-06 15:59:38 +02:00
Simon Butcher 55fc4e0c5a Update ChangeLog with language and technical corrections
To clarify and correct the ChangeLog.
2018-02-05 08:41:14 +00:00
Jaeden Amero 98b9373849 Merge branch 'development' into development-restricted 2018-01-30 17:32:12 +00:00
Hanno Becker 2a03794d62 Adapt ChangeLog 2018-01-30 14:40:10 +00:00
Gilles Peskine 0edda4236d Added ChangeLog entry for 64-bit ILP32 fix
Fixes #849
2018-01-29 21:31:16 +01:00
Jaeden Amero 26342e54f5 Merge branch 'development' into development-restricted 2018-01-29 12:49:52 +00:00
Jaeden Amero 3b8fbaab87 Merge remote-tracking branch 'upstream-public/pr/1328' into development 2018-01-29 12:49:46 +00:00
Manuel Pégourié-Gonnard 5405962954 Fix alarm(0) failure on mingw32
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 10:24:50 +01:00
Jaeden Amero 2acbf17b97 Merge branch 'development' into development-restricted 2018-01-26 20:57:38 +00:00
Jaeden Amero 751aa510c0 Merge remote-tracking branch 'upstream-public/pr/1303' into development 2018-01-26 20:48:55 +00:00
Jaeden Amero 784de59ccd Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted
- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
2018-01-26 18:43:04 +00:00
Gilles Peskine 7ecab3df4c Error codes for hardware accelerator failures
Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography
modules where the software implementation can be replaced by a hardware
implementation.

This does not include the individual message digest modules since they
currently have no way to return error codes.

This does include the higher-level md, cipher and pk modules since
alternative implementations and even algorithms can be plugged in at
runtime.
2018-01-26 17:56:38 +01:00
Jaeden Amero a03587b848 Merge branch 'development' into development-restricted 2018-01-26 12:48:04 +00:00
Jaeden Amero 791e08ad8b Add a ChangeLog entry 2018-01-26 12:04:12 +00:00
Jaeden Amero 66954e1c1f Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
Jaeden Amero 005239e3ed Merge remote-tracking branch 'upstream-public/pr/1294' into development 2018-01-25 14:47:39 +00:00
Jaeden Amero 65ba60a975 Merge branch 'development' into development-restricted 2018-01-25 10:09:03 +00:00
Jaeden Amero cef0c5a2c8 Merge remote-tracking branch 'upstream-public/pr/1304' into development 2018-01-25 10:07:39 +00:00
Hanno Becker 087d5ad593 Minor improvement in ChangeLog 2018-01-24 16:06:25 +00:00
Jaeden Amero 3c082ce293 Merge branch 'development' into development-restricted 2018-01-24 15:17:15 +00:00
Gilles Peskine 9b534666a2 Add ChangeLog entry 2018-01-24 10:47:19 +00:00
Hanno Becker 616d1ca605 Add support for alternative ECJPAKE implementation
This commit allows users to provide alternative implementations of the
ECJPAKE interface through the configuration option MBEDTLS_ECJPAKE_ALT.
When set, the user must add `ecjpake_alt.h` declaring the same
interface as `ecjpake.h`, as well as add some compilation unit which
implements the functionality. This is in line with the preexisting
support for alternative implementations of other modules.
2018-01-24 10:36:22 +00:00
Andres AG 9cf1f96a7b Fix corner case uses of memory_buffer_alloc.c
The corner cases fixed include:
    * Allocating a buffer of size 0. With this change, the allocator now
      returns a NULL pointer in this case. Note that changes in pem.c and
      x509_crl.c were required to fix tests that did not work under this
      assumption.
    * Initialising the allocator with less memory than required for headers.
    * Fix header chain checks for uninitialised allocator.
2018-01-23 19:37:44 +00:00
Gilles Peskine 41b40e6463 Merge remote-tracking branch 'upstream-restricted/pr/441' into development-restricted 2018-01-23 00:59:51 +01:00
Gilles Peskine aaaa98cd60 Merge branch 'development-proposed' into development-restricted 2018-01-23 00:59:17 +01:00
Gilles Peskine ff812804fb Merge branch 'pr_1239' into development-proposed 2018-01-23 00:58:13 +01:00
Gilles Peskine cb1e5eb326 Merge branch 'pr_1000' into development-proposed 2018-01-23 00:57:34 +01:00
Gilles Peskine 550a2b036b Merge branch 'pr_1163' into development-proposed 2018-01-23 00:57:26 +01:00
Gilles Peskine 7a0c6b8e95 Add ChangeLog entry 2018-01-22 23:16:52 +01:00
Gilles Peskine 26faa11630 Add ChangeLog entry 2018-01-22 23:13:22 +01:00
Gilles Peskine 980d203a6b Add ChangeLog entry 2018-01-22 23:10:53 +01:00
Ron Eldor 5e9f14d4d9 Set correct minimal versions in default conf
Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
2018-01-22 22:06:44 +01:00
Gilles Peskine 0a96910e55 MD API deprecation: ChangeLog updates
Use the updated names for the new functions (xxx_ret instead of xxx_ext).

List the new deprecations in the appropriate sections.

Credit the independent report of the misuse of zeroizing to reset a
hash context in entropy.c.
2018-01-22 14:55:20 +01:00
Gilles Peskine d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Gilles Peskine d40c22ba20 Merge branch 'development' into development-restricted 2018-01-17 08:03:33 +01:00
Gilles Peskine 5098400d71 Add ChangeLog entry 2018-01-17 08:01:37 +01:00
Jaeden Amero 91d49e8b6a ChangeLog: Use Steven Cooreman's correct name 2018-01-12 13:48:55 +00:00
Jaeden Amero 31f3f0b87b Merge branch 'development' into development-restricted 2018-01-10 13:17:02 +00:00
Hanno Becker 997e2184c5 Adapt ChangeLog 2018-01-10 10:41:39 +00:00
Jaeden Amero f342cb791b Merge branch 'development' into development-restricted 2018-01-09 13:16:37 +00:00
Manuel Pégourié-Gonnard 239987fd31 Fix heap-buffer overread in ALPN ext parsing 2018-01-09 13:48:38 +01:00
Jaeden Amero 0bc9e30435 Merge remote-tracking branch 'upstream-public/pr/1060' into development 2018-01-09 12:20:54 +00:00
Jaeden Amero 7de0b8aae7 Merge remote-tracking branch 'upstream-public/pr/1046' into development 2018-01-09 11:31:55 +00:00
Jaeden Amero 35285cca67 Merge remote-tracking branch 'upstream-public/pr/1027' into development 2018-01-09 10:42:03 +00:00
Hanno Becker 8bc74d6f2f Merge branch 'development' into iotssl-1619 2018-01-03 10:24:02 +00:00
Gilles Peskine 07d1078cdc Merge branch 'development' into development-restricted 2018-01-02 17:45:08 +01:00
Gilles Peskine ec9c626b75 ChangeLog entry for PR #964 2018-01-02 16:27:50 +01:00
Gilles Peskine 8e09d8f6a5 Add full stop to ChangeLog entry 2018-01-02 16:09:42 +01:00
Gilles Peskine 197a6d454b Merge remote-tracking branch 'upstream-public/pr/1097' into development 2018-01-02 16:09:15 +01:00
Gilles Peskine 618d091f2a Add ChangeLog entry for CCM_ALT
Edit the CMAC_ALT ChangeLog entry to mention CCM_ALT which was added
in a sister PR and is being merged together.

Use full name rather than Github id as attribution.

Move the entry under "Features" for better consistency with historical
practice.
2018-01-02 16:09:07 +01:00
Gilles Peskine 3fcc045c23 Merge remote-tracking branch 'upstream-public/pr/866' into development
Conflict resolution: additions in the same places as
upstream-public/pr/865, both adding into lexicographically sorted
lists, resolved by taking the additions in lexicographic order.
2018-01-02 15:55:55 +01:00
Manuel Pégourié-Gonnard eb2a6ab518 Merge branch 'development' into development-restricted
* development:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:50 +01:00
Manuel Pégourié-Gonnard ae3925c774 Merge remote-tracking branch 'public/pr/1136' into development
* public/pr/1136:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:20 +01:00
Hanno Becker a47023e4d5 Incorporate comments on merge commit
* Correct order of sections in ChangeLog
* Restore unintentionally removed whitespace and
  formatting improvements.
* Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
  to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h
  documentation.
2017-12-22 17:08:40 +00:00
Hanno Becker 32297e8314 Merge branch 'development' into iotssl-1619 2017-12-22 10:24:32 +00:00
Ron Eldor 621080d7c6 Fix compilation issue weh self test defined
1. Surround the generate keys with
`#if ! defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)`
to resolve build issue when `MBEDTLS_SELF_TEST` is defined for
alternative CMAC as well
2. Update ChangeLog
2017-12-21 10:57:43 +02:00
Gilles Peskine 8873bcc4de Timing self test: increased duration
Increase the duration of the self test, otherwise it tends to fail on
a busy machine even with the recently upped tolerance. But run the
loop only once, it's enough for a simple smoke test.
2017-12-20 21:57:48 +01:00
Gilles Peskine 8064bf3adf New timing unit tests
New set of unit tests for the timing module, instead of just running
the selftest function.

The selftest function sometimes fails on a heavily loaded
machine (such as a typical continuous integration system). Because of
the all-in-one nature of the test and because the exact load pattern
can be hard to reproduce, it is difficult to diagnose failures of CI
runs with selftest. The new tests are more separated and I strove to
point out potential failure modes in comments.

* mbedtls_timing_hardclock: not tested. This function gives so few
  guarantees that there isn't much to test, and it is hard to test
  reliably because clock cycles don't easily relate to time in any
  remotely portable way. This function isn't used in the library
  anyway, it's only there for benchmark programs.
* mbedtls_timing_get_timer: tested by setting a timer and verifying
  that it reaches its target, and by verifying that a timer started
  later than another always has a smaller elapsed time.
* mbedtls_set_alarm: tested by setting an alarm, busy-waiting for it
  and measuring the elapsed time with a timer.
* mbedtls_timing_set_delay, mbedtls_timing_get_delay: tested by
  setting a delay object and watching it go through its two delay
  values, using a timer to check that the delays are passed at the
  expected time.

The tests pass under light to moderate load, but some of them can be
defeated with sufficiently heavy load. This is unavoidable since the
test process to be effectively suspended for any length of time,
making us think that a timer has gone on for too long.
2017-12-20 21:57:48 +01:00
Gilles Peskine c82fbb4e14 selftest: allow running a subset of the tests
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:23:13 +01:00
Gilles Peskine d92f0aa3be mbedtls_timing_get_timer: don't use uninitialized memory
mbedtls_timing_get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 18:53:52 +01:00
Gilles Peskine a0af95f052 Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
The POSIX/Unix implementation of mbedtls_set_alarm did not set the
mbedtls_timing_alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 18:50:03 +01:00
Manuel Pégourié-Gonnard 4813f15ce5 Merge branch 'development' into development-restricted
* development:
  Address PR review comments
  Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:39:35 +01:00
Manuel Pégourié-Gonnard 705c52f5ec Merge remote-tracking branch 'public/pr/1145' into development
* public/pr/1145:
  Address PR review comments
  Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:37:36 +01:00
Manuel Pégourié-Gonnard d04c623ed6 Merge remote-tracking branch 'restricted/pr/403' into development-restricted
* restricted/pr/403:
  Correct record header size in case of TLS
  Don't allocate space for DTLS header if DTLS is disabled
  Improve debugging output
  Adapt ChangeLog
  Add run-time check for handshake message size in ssl_write_record
  Add run-time check for record content size in ssl_encrypt_buf
  Add compile-time checks for size of record content and payload
2017-12-19 11:31:20 +01:00
Manuel Pégourié-Gonnard 1827368b01 Merge branch 'development' into development-restricted
* development:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
2017-12-19 11:28:36 +01:00
Manuel Pégourié-Gonnard 4712119687 Merge remote-tracking branch 'restricted/pr/397' into development
* restricted/pr/397:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
2017-12-19 11:27:22 +01:00
Hanno Becker 5dcae51cd9 Add affiliation of bug reporter to credits in the ChangeLog 2017-12-07 15:03:22 +00:00
Gilles Peskine 880c6e74a1 Merge branch 'development' into development-restricted 2017-12-04 18:00:26 +00:00
Gilles Peskine d629411212 Merge branch 'pr_920' into development 2017-12-01 23:46:58 +01:00
Gilles Peskine 8acce85175 Added ChangeLog entry 2017-12-01 23:46:40 +01:00
Gilles Peskine ff01e009e6 Merge branch 'pr_1043' into development 2017-12-01 23:42:17 +01:00
Gilles Peskine b592f32291 Added ChangeLog entry 2017-12-01 23:40:28 +01:00
Gilles Peskine e3783da0b2 Merge remote-tracking branch 'upstream-public/pr/1172' into development 2017-12-01 22:36:21 +01:00
Gilles Peskine 02e28fe0fd Merge remote-tracking branch 'upstream-restricted/pr/425' into development-restricted 2017-12-01 17:58:12 +01:00
Gilles Peskine 0960f0663e Merge branch 'development' into development-restricted 2017-11-29 21:07:55 +01:00
Gilles Peskine 0884f4811b Merge remote-tracking branch 'upstream-public/pr/1141' into development 2017-11-29 20:50:59 +01:00
Gilles Peskine 183de312f9 Merge remote-tracking branch 'upstream-public/pr/895' into development 2017-11-29 20:49:21 +01:00
Hanno Becker 004198adb3 Update ChangeLog 2017-11-29 16:57:06 +00:00
Gilles Peskine 7fb29b17c7 Merge branch 'development' into development-restricted 2017-11-28 18:46:09 +01:00
Gilles Peskine 4daffe236a Merge branch 'pr_1025' into development
Merge PR #1025 + ChangeLog entry
2017-11-28 18:23:53 +01:00
Gilles Peskine d742b74838 Add ChangeLog entry 2017-11-28 17:40:56 +01:00
Gilles Peskine ea8d697fa2 Merge remote-tracking branch 'upstream-public/pr/1089' into development
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
2017-11-28 17:32:32 +01:00
Gilles Peskine 4b117d9c92 Merge remote-tracking branch 'upstream-public/pr/1055' into development 2017-11-28 17:23:37 +01:00
Gilles Peskine f2421210a5 Merge remote-tracking branch 'upstream-public/pr/828' into development 2017-11-28 17:22:37 +01:00
Gilles Peskine 9c3573a962 Merge remote-tracking branch 'upstream-public/pr/988' into development 2017-11-28 17:08:03 +01:00
Gilles Peskine 41e974178f Merge remote-tracking branch 'upstream-restricted/pr/419' into development-restricted
Resolved simple conflicts caused by the independent addition of
calls to mbedtls_zeroize with sometimes whitespace or comment
differences.
2017-11-28 16:16:27 +01:00
Gilles Peskine 9c8ac0ce2c Merge remote-tracking branch 'upstream-restricted/pr/404' into development-restricted 2017-11-28 15:50:02 +01:00
Gilles Peskine 7ca6d1fdd4 Merge remote-tracking branch 'upstream-restricted/pr/399' into development-restricted 2017-11-28 14:17:53 +01:00
Gilles Peskine c753f5daf4 Merge remote-tracking branch 'upstream-restricted/pr/369' into development-restricted 2017-11-28 14:16:47 +01:00
Gilles Peskine 80441c666f Merge branch 'iotssl-1419-safermemcmp-volatile' into development-restricted 2017-11-28 13:52:33 +01:00
Gilles Peskine d4755deafa add changelog entry 2017-11-28 13:31:12 +01:00
Gilles Peskine 2507267cd4 Merge branch 'development' into development-restricted 2017-11-24 16:05:49 +01:00
Gilles Peskine e7707228b4 Merge remote-tracking branch 'upstream-public/pr/1062' into development 2017-11-24 15:35:50 +01:00
Gilles Peskine 7635cde35c Merge branch 'development' into development-restricted 2017-11-23 20:06:04 +01:00
Gilles Peskine 68306ed31f Merge remote-tracking branch 'upstream-public/pr/1094' into development 2017-11-23 20:02:46 +01:00
Gilles Peskine 1a2640c025 Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge' into development-restricted 2017-11-23 18:58:30 +01:00
Gilles Peskine dab611a7b1 ChangeLog entry for ssl_parse_client_psk_identity fix 2017-11-23 18:53:55 +01:00
Manuel Pégourié-Gonnard bfa8df4c7e Merge remote-tracking branch 'restricted/pr/416' into development-restricted
* restricted/pr/416:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
2017-11-23 12:10:01 +01:00
Darryl Green 36ba8b683a Add changelog for mbedtls_ecdsa_sign fix 2017-11-21 09:55:33 +00:00
Hanno Becker 8d19bcf37f Adapt ChangeLog 2017-11-20 16:25:50 +00:00
Hanno Becker 7dc832bb53 Adapt ChangeLog 2017-11-20 08:52:25 +00:00
Gilles Peskine 91048a3aac RSA PSS: remove redundant check; changelog
Remove a check introduced in the previous buffer overflow fix with keys of
size 8N+1 which the subsequent fix for buffer start calculations made
redundant.

Added a changelog entry for the buffer start calculation fix.
2017-10-19 17:46:14 +02:00
Hanno Becker 509fef7de3 Add ChangeLog message for EC private exponent information leak 2017-10-19 10:10:18 +01:00
Hanno Becker a21e2a015b Adapt ChangeLog 2017-10-19 09:15:17 +01:00
Gilles Peskine 6a54b0240d RSA: Fix another buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the masking
operation results in an all-zero buffer. This could happen at any key size.
2017-10-17 19:12:36 +02:00
Gilles Peskine 28a0c72795 RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.

Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
2017-10-17 19:01:38 +02:00
Ron Eldor e1a9a4a826 Fix crash when calling mbedtls_ssl_cache_free twice
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-17 18:15:41 +03:00
Hanno Becker 479e8e24e6 Adapt ChangeLog 2017-10-17 11:03:50 +01:00
Hanno Becker e2a73c13cf Enhancement of ChangeLog entry 2017-10-17 10:34:04 +01:00
Hanno Becker 0cd5b94dba Adapt ChangeLog 2017-10-13 17:17:28 +01:00
Simon Butcher 6f63db7ed5 Fix changelog for ssl_server2.c usage fix 2017-10-12 23:22:17 +01:00
Gilles Peskine 085c10afdb Allow comments in test data files 2017-10-12 23:22:17 +01:00
Andres Amaya Garcia 735b37eeef Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 23:21:37 +01:00
Ron Eldor 73a381772b Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-12 23:21:37 +01:00
Gilles Peskine 4552bf7558 Allow comments in test data files 2017-10-12 23:20:56 +01:00
Andres Amaya Garcia 106637fc2d Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 19:54:46 +01:00
Hanno Becker 854244abbf Adapt ChangeLog 2017-10-12 16:26:37 +01:00
Ron Eldor 8dd73e62d2 Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 12:49:00 +01:00
Ron Eldor a84c1cb355 Address PR cpomments reviews
1) move the change into Features from Changes, in the changLog
2) Change the feature alternative configuration MBEDTLS_ECDH_ALT
definition to function alternative defintions
MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT
2017-10-10 19:04:27 +03:00
Ron Eldor 314adb6baa Address PR review comments
1) update ChangLog to have new feature in Features instead of Changes
2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions:
MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
2017-10-10 18:49:02 +03:00
Simon Butcher 16373a5933 Fix changelog for ssl_server2.c usage fix 2017-10-06 11:59:13 +01:00
Simon Butcher 2c4f9460ea Update ChangeLog for fix to #836 2017-10-06 11:59:13 +01:00
Hanno Becker 1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
Gilles Peskine b04e2c3d81 Allow comments in test data files 2017-10-06 11:58:50 +01:00
Hanno Becker 7e304fcac9 Move deprecation to separate section in ChangeLog 2017-10-05 11:50:24 +01:00
Hanno Becker 1613715f6f Adapt ChangeLog 2017-10-05 10:30:11 +01:00
Hanno Becker 86e5230e54 Adapt ChangeLog 2017-10-05 09:08:53 +01:00
Simon Butcher 967a60502e Fix changelog for ssl_server2.c usage fix 2017-10-02 19:14:58 +01:00
Simon Butcher 83ce8201dc Update ChangeLog for fix to #836 2017-09-30 23:39:46 +01:00
Hanno Becker 2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:35:21 +01:00
Gilles Peskine 26182edd0c Allow comments in test data files 2017-09-29 15:45:12 +02:00
Hanno Becker 041a6b030f Adapt ChangeLog 2017-09-28 14:52:26 +01:00
Ron Eldor 2f73c9342f Fix Changelog notation
Remove backticks, since ChangeLog is not in MarkDown
2017-09-26 15:06:56 +03:00
Ron Eldor 8b766218a8 Update ChangeLog
Update ChangeLog according to Andres seggestion
2017-09-24 15:44:56 +03:00
Ron Eldor 2981a0a740 Address Andres PR comments
Address Andres' comments in the PR
2017-09-24 15:41:09 +03:00
Jaeden Amero 1526330931 Allow alternate implementation of GCM
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
2017-09-22 17:42:44 +01:00
Janos Follath b174c84a3b Refine dhm_check_range() fix Changelog entry 2017-09-21 12:05:14 +01:00
Janos Follath aa325d7b7f DHM: Fix dhm_check_range() always returning 0
Although the variable ret was initialised to an error, the
MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being
0 whenewer the bignum computation was successfull and stayed 0
independently of the actual check.
2017-09-21 12:04:41 +01:00
Hanno Becker 930025da6d Adapt ChangeLog 2017-09-18 16:12:28 +01:00
Hanno Becker 81e96dd54a Adapt ChangeLog 2017-09-18 11:07:25 +01:00