Commit graph

864 commits

Author SHA1 Message Date
Simon Butcher 016a0d3b6f Update library version number to 2.1.6 2016-10-17 15:44:26 +01:00
Simon Butcher 35d0d94f5b Merge branch 'mbedtls-2.1' 2016-10-17 13:07:32 +01:00
Simon Butcher a978fac02b Merge branch 'mbedtls-2.1' 2016-10-17 12:16:27 +01:00
Simon Butcher 657c010884 Tidied up style and phrasing of ChangeLog 2016-10-16 00:18:54 +01:00
Simon Butcher c83f470eb8 Update Changelog for issue #502 2016-10-14 01:04:51 +01:00
Simon Butcher 72388387c0 Merge branch for fix for #502 - Unchecked calls
Conflicts:
	ChangeLog
2016-10-14 01:03:11 +01:00
Simon Butcher 8ee9d7658c Update to Changelog for #626 2016-10-13 16:30:19 +01:00
Andres AG 53d77130fc Add check for validity of date in x509_get_time() 2016-10-13 16:24:12 +01:00
Andres AG 6220ecbc48 Fix overread when verifying SERVER_HELLO in DTLS 2016-10-13 15:43:46 +01:00
Simon Butcher 8390e0a97c Update and clean up Changelog for #622 2016-10-13 15:27:09 +01:00
Andres AG 6a3fa2159c Fix sig->tag update in mbedtls_x509_get_sig() 2016-10-13 15:23:35 +01:00
Simon Butcher d9d0cda9fe Merge branch 'mbedtls-2.1' 2016-10-13 10:35:52 +01:00
Janos Follath 0be55a0549 Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 10:35:34 +01:00
Simon Butcher 759b5a1286 Added credit to Changelog for fix #558 2016-10-13 01:00:19 +01:00
Janos Follath 95b303648c Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:58:09 +01:00
Simon Butcher 6f066a8636 Clarified Changelog for fix #602 2016-10-12 19:54:24 +01:00
Andres AG 6c05208f96 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:54:07 +01:00
Simon Butcher d5e33f14df Updated Changelog for fix #599 2016-10-12 17:49:11 +01:00
Andres AG fbd1cd9d57 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 17:45:29 +01:00
Simon Butcher 73b94e3512 Added credit to Changelog for X.509 DER bounds fix 2016-10-11 16:53:10 +01:00
Andres AG effb5582dd Add test for bounds in X509 DER write funcs 2016-10-11 16:52:06 +01:00
Andres AG 8aa301ba31 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 16:52:06 +01:00
Simon Butcher 4bbd8e1ad8 Revise Changelog to clarify and add credit 2016-10-11 10:42:05 +01:00
Simon Butcher 17cbca370f Update Changelog for fixes to X.509 sample apps 2016-10-11 10:40:43 +01:00
Simon Butcher b89a653005 Update Changelog for fix #559 2016-10-11 10:40:42 +01:00
Janos Follath 433d4c84b3 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-11 10:40:42 +01:00
Simon Butcher 4ed1c00f10 Update Changelog for fixes to X.509 sample apps 2016-10-10 09:45:30 +01:00
Simon Butcher c1e1f1cfdd Update Changelog for fix #559 2016-10-07 14:17:28 +01:00
Simon Butcher 75dea20fee Update for ChangeLog for fixes for cert_app 2016-09-26 20:51:34 +01:00
Andres AG 8df1bee06f Add ChangeLog entry for unchecked calls fix 2016-09-05 14:10:45 +01:00
Simon Butcher 541a960bee Update to ChangeLog for bug #428 2016-09-05 13:12:24 +03:00
Simon Butcher 532b217002 Update ChangeLog for fix to crypt_and_hash #441 2016-09-02 22:10:39 +01:00
Janos Follath 7b26865529 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-07-14 13:19:46 +01:00
Simon Butcher c38aa616a0 Update ChangeLog for Release 2016-06-27 19:49:04 +01:00
Simon Butcher 88aa189415 Merge branch 'mbedtls-2.1' into mbedtls-2.1 2016-06-27 01:16:16 +01:00
Janos Follath 83f26052bf Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:50:15 +01:00
Janos Follath 6200b50518 Extended ChangeLog entry 2016-05-18 19:36:02 +01:00
Janos Follath d5770a1d78 Add Changelog entry for current branch 2016-05-18 19:33:39 +01:00
Janos Follath 9ccbd6313f Add Changelog entry for current branch 2016-05-18 19:30:09 +01:00
Janos Follath ea6cbb957c Add Changelog entry for current branch 2016-05-18 19:30:09 +01:00
Simon Butcher d58d715680 Update ChangeLog for bug #429 in ssl_fork_server 2016-04-29 00:15:34 +01:00
Janos Follath e9d5510f05 Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:55:32 +01:00
Janos Follath 689a627215 Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:20:59 +01:00
Simon Butcher 0705dd0588 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-19 09:19:46 +01:00
Janos Follath 1a59a504e7 Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:19:21 +01:00
Janos Follath 16734f011b x509: trailing bytes in DER: fix bug
Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. #377
2016-03-15 23:47:36 +00:00
Manuel Pégourié-Gonnard 7715e669f1 Avoid build errors with -O0 due to assembly 2016-01-08 14:52:55 +01:00
Manuel Pégourié-Gonnard bb81b4a009 Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-08 14:52:14 +01:00
Manuel Pégourié-Gonnard 96ec00dd3a Update ChangeLog for latest PR merged
fixes #309
2016-01-08 14:51:51 +01:00
Manuel Pégourié-Gonnard ddf118961a Update reference to attack in ChangeLog
We couldn't do that before the attack was public
2016-01-08 14:46:44 +01:00