Manuel Pégourié-Gonnard
9897cc933d
Update ChangeLog
2017-08-15 14:30:43 +02:00
Manuel Pégourié-Gonnard
21b7719fb2
Add ChangeLog entry for current progress
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
171a481b96
Add a ChangeLog entry for changes so far
2017-08-09 11:44:53 +02:00
Simon Butcher
f85c90a61d
Fixes running order of sections in Changelog
2017-07-27 15:11:52 +01:00
Simon Butcher
5deb518d05
Fix merge errors in ChangeLog
2017-07-27 15:08:01 +01:00
Andres AG
2e65a54d5a
Prevent signed integer overflow in CSR parsing
...
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-27 15:08:01 +01:00
Andres AG
7ca4a03955
Fix potential integer overflow parsing DER CRT
...
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-27 15:08:01 +01:00
Andres AG
c0fbf784b6
Fix potential integer overflow parsing DER CRL
...
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-27 15:08:01 +01:00
Simon Butcher
a85ae63de1
Added missing credit to Changelog and format fixes
2017-07-27 15:08:01 +01:00
Ron Eldor
84ccfe0328
Check return code of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-27 15:08:01 +01:00
Ron Eldor
c44b5a0068
Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-27 15:08:01 +01:00
Ron Eldor
9e0bb50e7b
Wrong preproccessor condition fix
...
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-27 15:08:01 +01:00
Ron Eldor
fb46c32ecb
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 15:08:01 +01:00
Janos Follath
b85291c364
Remove mutexes from ECP hardware acceleration
...
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.
Fixes #863
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
031622ffa2
Remove MBEDTLS_TYPE_UDBL option
2017-07-27 15:08:01 +01:00
Gilles Peskine
ed942f84e6
MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
...
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
b820bf8e45
Enable 64-bit compilation with ARM Compiler 6
...
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-27 15:08:01 +01:00
Simon Butcher
11757be5e1
Correct order of sections in the ChangeLog
2017-07-27 15:08:01 +01:00
Ron Eldor
410b74205f
Check return code of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-27 15:08:01 +01:00
Ron Eldor
23a99c46fd
Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-27 15:08:01 +01:00
Ron Eldor
4aa02719c0
Wrong preproccessor condition fix
...
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-27 15:08:01 +01:00
Ron Eldor
70505ac981
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 15:08:01 +01:00
Janos Follath
8c14b2e24b
Remove mutexes from ECP hardware acceleration
...
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.
Fixes #863
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
5478bc79ae
Fix typo in ChangeLog and update macro name
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
24f3641617
Modify ChangeLog according to API changes
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
2187e03817
Add ChangeLog entry for platform setup and teardown
2017-07-27 15:08:01 +01:00
Simon Butcher
ab67043178
Update Changelog for API/ABI fixes to revert interface
2017-07-27 15:08:01 +01:00
Ron Eldor
ca6ff5884d
Check return code of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-27 15:08:01 +01:00
Ron Eldor
36d904218b
Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-27 15:08:01 +01:00
Ron Eldor
6314068d42
Wrong preproccessor condition fix
...
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-27 15:08:01 +01:00
Ron Eldor
e2efaeaafc
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 15:08:01 +01:00
Andres Amaya Garcia
d0e15d7ebe
Add ChangeLog entry for config-no-entropy.h change
2017-07-27 15:08:01 +01:00
Janos Follath
78b1473ff3
Remove mutexes from ECP hardware acceleration
...
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.
Fixes #863
2017-07-27 15:08:01 +01:00
Hanno Becker
01a0e07e9d
Correct indentation and labelling in ChangeLog
2017-07-26 11:49:40 +01:00
Janos Follath
745bcf454f
Fix typos
2017-07-21 14:04:31 +01:00
Manuel Pégourié-Gonnard
ee98109af5
Add ChangeLog entry for the security issue
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
31458a1878
Only return VERIFY_FAILED from a single point
...
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
d15795acd5
Improve behaviour on fatal errors
...
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-06 11:58:41 +02:00
Simon Butcher
f2a597fa3d
Update the version number to 2.5.1
2017-06-20 23:08:10 +01:00
Janos Follath
5a1c0e7162
Improve Changelog
2017-06-16 12:27:47 +01:00
Manuel Pégourié-Gonnard
4a42f3c405
Merge remote-tracking branch 'restricted/iotssl-1398' into development-restricted
...
* restricted/iotssl-1398:
Add ChangeLog entry
Ensure application data records are not kept when fully processed
Add hard assertion to mbedtls_ssl_read_record_layer
Fix mbedtls_ssl_read
Simplify retaining of messages for future processing
2017-06-09 15:02:40 +02:00
Manuel Pégourié-Gonnard
a8e5a4730d
Merge near-duplicate ChangeLog entries
...
As agreed with Gilles on the PR discussion page
2017-06-09 14:46:50 +02:00
Hanno Becker
bf4c2e3f79
Add ChangeLog entry
2017-06-09 11:28:45 +01:00
Manuel Pégourié-Gonnard
740665e43b
ChangeLog cosmetics
2017-06-08 20:37:30 +02:00
Manuel Pégourié-Gonnard
b86b143030
Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted
...
* restricted/iotssl-1138-rsa-padding-check-restricted:
RSA PKCS1v1.5 verification: check padding length
2017-06-08 20:31:06 +02:00
Manuel Pégourié-Gonnard
a0bf6ecfc3
Merge remote-tracking branch 'restricted/IOTSSL-1366/development-restricted' into development-restricted
...
* restricted/IOTSSL-1366/development-restricted:
More length checks in RSA PKCS1v15 verify
More length checks in RSA PKCS1v15 verify
2017-06-08 20:24:29 +02:00
Manuel Pégourié-Gonnard
db108ac944
Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development
...
* hanno/mpi_read_file_underflow:
Fix potential stack underflow in mpi_read_file.
2017-06-08 19:48:03 +02:00
Manuel Pégourié-Gonnard
1178ac5e77
Merge remote-tracking branch 'hanno/sliding_exponentiation' into development
...
* hanno/sliding_exponentiation:
Adapt ChangeLog
Abort modular inversion when modulus is one.
Correct sign in modular exponentiation algorithm.
2017-06-08 19:46:30 +02:00
Manuel Pégourié-Gonnard
c44c3c288d
Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development
...
* janos/iotssl-1156-ecdsa-sample-and-doc-clarification:
Clarify the use of ECDSA API
2017-06-08 10:16:54 +02:00
Hanno Becker
39ae8cd207
Fix implementation of VERIFY_OPTIONAL verification mode
...
This commit changes the behaviour of mbedtls_ssl_parse_certificate
to make the two authentication modes MBEDTLS_SSL_VERIFY_REQUIRED and
MBEDTLS_SSL_VERIFY_OPTIONAL be in the following relationship:
Mode == MBEDTLS_SSL_VERIFY_REQUIRED
<=> Mode == MBEDTLS_SSL_VERIFY_OPTIONAL + check verify result
Also, it changes the behaviour to perform the certificate chain
verification even if the trusted CA chain is empty. Previously, the
function failed in this case, even when using optional verification,
which was brought up in #864 .
2017-06-07 11:13:19 +01:00