head 1.2; access; symbols pkgsrc-2016Q1:1.1.0.8 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.6 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.4 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.2 pkgsrc-2015Q2-base:1.1; locks; strict; comment @# @; 1.2 date 2016.06.16.14.17.03; author fhajny; state dead; branches; next 1.1; commitid hvWTNvKeKr9khHaz; 1.1 date 2015.06.12.09.05.05; author fhajny; state Exp; branches; next ; commitid nh22bxTUMFnks7py; desc @@ 1.2 log @Update security/mbedtls to 2.2.1. This breaks removes the legacy PolarSSL compatibility layer. For software that needs it, please use security/mbedtls1 instead. Change license to apache-2.0. Upstream changelog since 1.3.11 follows. = mbed TLS 2.2.1 released 2016-01-05 Security - Fix potential double free when mbedtls_asn1_store_named_data() fails to allocate memory. Only used for certificate generation, not triggerable remotely in SSL/TLS. - Disable MD5 handshake signatures in TLS 1.2 by default Bugfix - Fix over-restrictive length limit in GCM. - Fix bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has pathLenConstraint=0. - Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign() - Fix suboptimal handling of unexpected records that caused interop issues with some peers over unreliable links. Avoid dropping an entire DTLS datagram if a single record in a datagram is unexpected, instead only drop the record and look at subsequent records (if any are present) in the same datagram. = mbed TLS 2.2.0 released 2015-11-04 Security - Fix potential double free if mbedtls_ssl_conf_psk() is called more than once and some allocation fails. Cannot be forced remotely. - Fix potential heap corruption on Windows when mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be triggered remotely. - Fix potential buffer overflow in some asn1_write_xxx() functions. Cannot be triggered remotely unless you create X.509 certificates based on untrusted input or write keys of untrusted origin. - The X509 max_pathlen constraint was not enforced on intermediate certificates. Features - Experimental support for EC J-PAKE as defined in Thread 1.0.0. Disabled by default as the specification might still change. - Added a key extraction callback to accees the master secret and key block. (Potential uses include EAP-TLS and Thread.) Bugfix - Self-signed certificates were not excluded from pathlen counting, resulting in some valid X.509 being incorrectly rejected. - Fix build error with configurations where ECDHE-PSK is the only key exchange. - Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or ECHD-ECDSA if the only key exchange. Multiple reports. - Fixed a bug causing some handshakes to fail due to some non-fatal alerts not being properly ignored. - mbedtls_x509_crt_verify(_with_profile)() now also checks the key type and size/curve against the profile. Before that, there was no way to set a minimum key size for end-entity certificates with RSA keys. - Fix failures in MPI on Sparc(64) due to use of bad assembly code. - Fix typo in name of the extKeyUsage OID. - Fix bug in ASN.1 encoding of booleans that caused generated CA certificates to be rejected by some applications, including OS X Keychain. Changes - Improved performance of mbedtls_ecp_muladd() when one of the scalars is or -1. = mbed TLS 2.1.2 released 2015-10-06 Security - Added fix for CVE-2015-5291 to prevent heap corruption due to buffer overflow of the hostname or session ticket. - Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than once in the same handhake and mbedtls_ssl_conf_psk() was used. - Fix stack buffer overflow in pkcs12 decryption (used by mbedtls_pk_parse_key(file)() when the password is > 129 bytes. - Fix potential buffer overflow in mbedtls_mpi_read_string(). - Fix potential random memory allocation in mbedtls_pem_read_buffer() on crafted PEM input data. - Fix possible heap buffer overflow in base64_encoded() when the input buffer is 512MB or larger on 32-bit platforms. - Fix potential double-free if mbedtls_conf_psk() is called repeatedly on the same mbedtls_ssl_config object and memory allocation fails. - Fix potential heap buffer overflow in servers that perform client authentication against a crafted CA cert. Cannot be triggered remotely unless you allow third parties to pick trust CAs for client auth. Bugfix - Fix compile error in net.c with musl libc. - Fix macroization of 'inline' keyword when building as C++. Changes - Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure domain names are compliant with RFC 1035. - Fixed paths for check_config.h in example config files. = mbed TLS 2.1.1 released 2015-09-17 Security - Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5 signatures. - Fix possible client-side NULL pointer dereference (read) when the client tries to continue the handshake after it failed (a misuse of the API). Bugfix - Fix warning when using a 64bit platform. - Fix off-by-one error in parsing Supported Point Format extension that caused some handshakes to fail. Changes - Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow use of mbedtls_x509_crt_profile_next. - When a client initiates a reconnect from the same port as a live connection, if cookie verification is available (MBEDTLS_SSL_DTLS_HELLO_VERIFY defined in config.h, and usable cookie callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be detected and mbedtls_ssl_read() will return MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new handshake with the same context. (See RFC 6347 section 4.2.8.) = mbed TLS 2.1.0 released 2015-09-04 Features - Added support for yotta as a build system. - Primary open source license changed to Apache 2.0 license. Bugfix - Fix segfault in the benchmark program when benchmarking DHM. - Fix build error with CMake and pre-4.5 versions of GCC - Fix bug when parsing a ServerHello without extensions - Fix bug in CMake lists that caused libmbedcrypto.a not to be installed - Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be installed - Fix compile error with armcc 5 with --gnu option. - Fix bug in Makefile that caused programs not to be installed correctly - Fix bug in Makefile that prevented from installing without building the tests - Fix missing -static-libgcc when building shared libraries for Windows with make. - Fix link error when building shared libraries for Windows with make. - Fix error when loading libmbedtls.so. - Fix bug in mbedtls_ssl_conf_default() that caused the default preset to be always used - Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could result trying to unlock an unlocked mutex on invalid input - Fix -Wshadow warnings - Fix memory corruption on client with overlong PSK identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely - Fix unused function warning when using MBEDTLS_MDx_ALT or MBEDTLS_SHAxxx_ALT - Fix memory corruption in pkey programs Changes - The PEM parser now accepts a trailing space at end of lines - It is now possible to #include a user-provided configuration file at the end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the compiler's command line. - When verifying a certificate chain, if an intermediate certificate is trusted, no later cert is checked. - Prepend a "thread identifier" to debug messages - Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment length. = mbed TLS 2.0.0 released 2015-07-13 Features - Support for DTLS 1.0 and 1.2 (RFC 6347). - Ability to override core functions from MDx, SHAx, AES and DES modules with custom implementation (eg hardware accelerated), complementing the ability to override the whole module. - New server-side implementation of session tickets that rotate keys to preserve forward secrecy, and allows sharing across multiple contexts. - Added a concept of X.509 cerificate verification profile that controls which algorithms and key sizes (curves for ECDSA) are acceptable. - Expanded configurability of security parameters in the SSL module with mbedtls_ssl_conf_dhm_min_bitlen() and mbedtls_ssl_conf_sig_hashes(). - Introduced a concept of presets for SSL security-relevant configuration parameters. API Changes - The library has been split into libmbedcrypto, libmbedx509, libmbedtls. You now need to link to all of them if you use TLS for example. - All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace. Some names have been further changed to make them more consistent. Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt - Renamings of fields inside structures, not covered by the previous list: mbedtls_cipher_info_t.key_length -> key_bitlen mbedtls_cipher_context_t.key_length -> key_bitlen mbedtls_ecp_curve_info.size -> bit_size - Headers are now found in the 'mbedtls' directory (previously 'polarssl'). - The following _init() functions that could return errors have been split into an _init() that returns void and another function that should generally be the first function called on this context after init: mbedtls_ssl_init() -> mbedtls_ssl_setup() mbedtls_ccm_init() -> mbedtls_ccm_setkey() mbedtls_gcm_init() -> mbedtls_gcm_setkey() mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)() mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_seed() Note that for mbedtls_ssl_setup(), you need to be done setting up the ssl_config structure before calling it. - Most ssl_set_xxx() functions (all except ssl_set_bio(), ssl_set_hostname(), ssl_set_session() and ssl_set_client_transport_id(), plus ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx() (see rename.pl and compat-1.3.h above) and their first argument's type changed from ssl_context to ssl_config. - ssl_set_bio() changed signature (contexts merged, order switched, one additional callback for read-with-timeout). - The following functions have been introduced and must be used in callback implementations (SNI, PSK) instead of their *conf counterparts: mbedtls_ssl_set_hs_own_cert() mbedtls_ssl_set_hs_ca_chain() mbedtls_ssl_set_hs_psk() - mbedtls_ssl_conf_ca_chain() lost its last argument (peer_cn), now set using mbedtls_ssl_set_hostname(). - mbedtls_ssl_conf_session_cache() changed prototype (only one context pointer, parameters reordered). - On server, mbedtls_ssl_conf_session_tickets_cb() must now be used in place of mbedtls_ssl_conf_session_tickets() to enable session tickets. - The SSL debug callback gained two new arguments (file name, line number). - Debug modes were removed. - mbedtls_ssl_conf_truncated_hmac() now returns void. - mbedtls_memory_buffer_alloc_init() now returns void. - X.509 verification flags are now an uint32_t. Affect the signature of: mbedtls_ssl_get_verify_result() mbedtls_x509_ctr_verify_info() mbedtls_x509_crt_verify() (flags, f_vrfy -> needs to be updated) mbedtls_ssl_conf_verify() (f_vrfy -> needs to be updated) - The following functions changed prototype to avoid an in-out length parameter: mbedtls_base64_encode() mbedtls_base64_decode() mbedtls_mpi_write_string() mbedtls_dhm_calc_secret() - In the NET module, all "int" and "int *" arguments for file descriptors changed type to "mbedtls_net_context *". - net_accept() gained new arguments for the size of the client_ip buffer. - In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now return void. - ecdsa_write_signature() gained an addtional md_alg argument and ecdsa_write_signature_det() was deprecated. - pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. - Last argument of x509_crt_check_key_usage() and mbedtls_x509write_crt_set_key_usage() changed from int to unsigned. - test_ca_list (from certs.h) is renamed to test_cas_pem and is only available if POLARSSL_PEM_PARSE_C is defined (it never worked without). - Test certificates in certs.c are no longer guaranteed to be nul-terminated strings; use the new *_len variables instead of strlen(). - Functions mbedtls_x509_xxx_parse(), mbedtls_pk_parse_key(), mbedtls_pk_parse_public_key() and mbedtls_dhm_parse_dhm() now expect the length parameter to include the terminating null byte for PEM input. - Signature of mpi_mul_mpi() changed to make the last argument unsigned - calloc() is now used instead of malloc() everywhere. API of platform layer and the memory_buffer_alloc module changed accordingly. - Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION (support for renegotiation now needs explicit enabling in config.h). - Split MBEDTLS_HAVE_TIME into MBEDTLS_HAVE_TIME and MBEDTLS_HAVE_TIME_DATE in config.h - net_connect() and net_bind() have a new 'proto' argument to choose between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP. Their 'port' argument type is changed to a string. - Some constness fixes Removals - Removed mbedtls_ecp_group_read_string(). Only named groups are supported. - Removed mbedtls_ecp_sub() and mbedtls_ecp_add(), use mbedtls_ecp_muladd(). - Removed individual mdX_hmac, shaX_hmac, mdX_file and shaX_file functions (use generic functions from md.h) - Removed mbedtls_timing_msleep(). Use mbedtls_net_usleep() or a custom waiting function. - Removed test DHM parameters from the test certs module. - Removed the PBKDF2 module (use PKCS5). - Removed POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()). - Removed compat-1.2.h (helper for migrating from 1.2 to 1.3). - Removed openssl.h (very partial OpenSSL compatibility layer). - Configuration options POLARSSL_HAVE_LONGLONG was removed (now always on). - Configuration options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 have been removed (compiler is required to support 32-bit operations). - Configuration option POLARSSL_HAVE_IPV6 was removed (always enabled). - Removed test program o_p_test, the script compat.sh does more. - Removed test program ssl_test, superseded by ssl-opt.sh. - Removed helper script active-config.pl New deprecations - md_init_ctx() is deprecated in favour of md_setup(), that adds a third argument (allowing memory savings if HMAC is not used) Semi-API changes (technically public, morally private) - Renamed a few headers to include _internal in the name. Those headers are not supposed to be included by users. - Changed md_info_t into an opaque structure (use md_get_xxx() accessors). - Changed pk_info_t into an opaque structure. - Changed cipher_base_t into an opaque structure. - Removed sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl. - x509_crt.key_usage changed from unsigned char to unsigned int. - Removed r and s from ecdsa_context - Removed mode from des_context and des3_context Default behavior changes - The default minimum TLS version is now TLS 1.0. - RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the default ciphersuite list returned by ssl_list_ciphersuites() - Support for receiving SSLv2 ClientHello is now disabled by default at compile time. - The default authmode for SSL/TLS clients is now REQUIRED. - Support for RSA_ALT contexts in the PK layer is now optional. Since is is enabled in the default configuration, this is only noticeable if using a custom config.h - Default DHM parameters server-side upgraded from 1024 to 2048 bits. - A minimum RSA key size of 2048 bits is now enforced during ceritificate chain verification. - Negotiation of truncated HMAC is now disabled by default on server too. - The following functions are now case-sensitive: mbedtls_cipher_info_from_string() mbedtls_ecp_curve_info_from_name() mbedtls_md_info_from_string() mbedtls_ssl_ciphersuite_from_string() mbedtls_version_check_feature() Requirement changes - The minimum MSVC version required is now 2010 (better C99 support). - The NET layer now unconditionnaly relies on getaddrinfo() and select(). - Compiler is required to support C99 types such as long long and uint32_t. API changes from the 1.4 preview branch - ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with new prototype, and mbedtls_ssl_set_read_timeout(). - The following functions now return void: mbedtls_ssl_conf_transport() mbedtls_ssl_conf_max_version() mbedtls_ssl_conf_min_version() - DTLS no longer hard-depends on TIMING_C, but uses a callback interface instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing an example implementation, see mbedtls_timing_delay_context and mbedtls_timing_set/get_delay(). - With UDP sockets, it is no longer necessary to call net_bind() again after a successful net_accept(). Changes - mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now thread-safe if MBEDTLS_THREADING_C is enabled. - Reduced ROM fooprint of SHA-256 and added an option to reduce it even more (at the expense of performance) MBEDTLS_SHA256_SMALLER. @ text @$NetBSD: patch-programs_test_CMakeLists.txt,v 1.1 2015/06/12 09:05:05 fhajny Exp $ Make OpenSSL optional. --- programs/test/CMakeLists.txt.orig 2015-06-04 12:49:19.000000000 +0000 +++ programs/test/CMakeLists.txt @@@@ -1,4 +1,6 @@@@ -FIND_PACKAGE(OpenSSL) +if(ENABLE_TESTING) + FIND_PACKAGE(OpenSSL) +endif(ENABLE_TESTING) set(libs mbedtls @ 1.1 log @Import mbed TLS 1.3.11 as security/mbedtls. This is former security/polarssl rebranded under a new name, keeping the same API though and providing the previous libs as symlinks, so should be used as as drop-in replacement for security/polarssl. Changelog since polarssl-1.3.9 follows. = mbed TLS 1.3.11 released 2015-06-04 Security * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and extendedKeyUsage on the leaf certificate was lost (results not accessible via ssl_get_verify_results()). * Add countermeasure against "Lucky 13 strikes back" cache-based attack, https://dl.acm.org/citation.cfm?id=2714625 Features * Improve ECC performance by using more efficient doubling formulas (contributed by Peter Dettman). * Add x509_crt_verify_info() to display certificate verification results. * Add support for reading DH parameters with privateValueLength included (contributed by Daniel Kahn Gillmor). * Add support for bit strings in X.509 names (request by Fredrik Axelsson). * Add support for id-at-uniqueIdentifier in X.509 names. * Add support for overriding snprintf() (except on Windows) and exit() in the platform layer. * Add an option to use macros instead of function pointers in the platform layer (helps get rid of unwanted references). * Improved Makefiles for Windows targets by fixing library targets and making cross-compilation easier (thanks to Alon Bar-Lev). * The benchmark program also prints heap usage for public-key primitives if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined. * New script ecc-heap.sh helps measuring the impact of ECC parameters on speed and RAM (heap only for now) usage. * New script memory.sh helps measuring the ROM and RAM requirements of two reduced configurations (PSK-CCM and NSA suite B). * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce warnings on use of deprecated functions (with GCC and Clang only). * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce errors on use of deprecated functions. Bugfix * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS. * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara). * Fix bug in entropy.c when THREADING_C is also enabled that caused entropy_free() to crash (thanks to Rafał Przywara). * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than once on the same context. * Fix bug in ssl_mail_client when password is longer that username (found by Bruno Pape). * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules (detected by Clang's 3.6 UBSan). * mpi_size() and mpi_msb() would segfault when called on an mpi that is initialized but not set (found by pravic). * Fix detection of support for getrandom() on Linux (reported by syzzer) by doing it at runtime (using uname) rather that compile time. * Fix handling of symlinks by "make install" (found by Gaël PORTAY). * Fix potential NULL pointer dereference (not trigerrable remotely) when ssl_write() is called before the handshake is finished (introduced in 1.3.10) (first reported by Martin Blumenstingl). * Fix bug in pk_parse_key() that caused some valid private EC keys to be rejected. * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). * Fix thread safety bug in RSA operations (found by Fredrik Axelsson). * Fix hardclock() (only used in the benchmarking program) with some versions of mingw64 (found by kxjhlele). * Fix warnings from mingw64 in timing.c (found by kxjklele). * Fix potential unintended sign extension in asn1_get_len() on 64-bit platforms. * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid). * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced in 1.3.10). * Add missing extern "C" guard in aesni.h (reported by amir zamani). * Add missing dependency on SHA-256 in some x509 programs (reported by Gergely Budai). * Fix bug related to ssl_set_curves(): the client didn't check that the curve picked by the server was actually allowed. Changes * Remove bias in mpi_gen_prime (contributed by Pascal Junod). * Remove potential sources of timing variations (some contributed by Pascal Junod). * Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated. * Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated. * compat-1.2.h and openssl.h are deprecated. * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now more flexible (warning: OFLAGS is not used any more) (see the README) (contributed by Alon Bar-Lev). * ssl_set_own_cert() no longer calls pk_check_pair() since the performance impact was bad for some users (this was introduced in 1.3.10). * Move from SHA-1 to SHA-256 in example programs using signatures (suggested by Thorsten Mühlfelder). * Remove some unneeded inclusions of header files from the standard library "minimize" others (eg use stddef.h if only size_t is needed). * Change #include lines in test files to use double quotes instead of angle brackets for uniformity with the rest of the code. * Remove dependency on sscanf() in X.509 parsing modules. = mbed TLS 1.3.10 released 2015-02-09 Security * NULL pointer dereference in the buffer-based allocator when the buffer is full and polarssl_free() is called (found by Mark Hasemeyer) (only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is not by default). * Fix remotely-triggerable uninitialised pointer dereference caused by crafted X.509 certificate (TLS server is not affected if it doesn't ask for a client certificate) (found using Codenomicon Defensics). * Fix remotely-triggerable memory leak caused by crafted X.509 certificates (TLS server is not affected if it doesn't ask for a client certificate) (found using Codenomicon Defensics). * Fix potential stack overflow while parsing crafted X.509 certificates (TLS server is not affected if it doesn't ask for a client certificate) (found using Codenomicon Defensics). * Fix timing difference that could theoretically lead to a Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges (reported by Sebastian Schinzel). Features * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv). * Add support for Extended Master Secret (draft-ietf-tls-session-hash). * Add support for Encrypt-then-MAC (RFC 7366). * Add function pk_check_pair() to test if public and private keys match. * Add x509_crl_parse_der(). * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the length of an X.509 verification chain. * Support for renegotiation can now be disabled at compile-time * Support for 1/n-1 record splitting, a countermeasure against BEAST. * Certificate selection based on signature hash, preferring SHA-1 over SHA-2 for pre-1.2 clients when multiple certificates are available. * Add support for getrandom() syscall on recent Linux kernels with Glibc or a compatible enough libc (eg uClibc). * Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime while using the default ciphersuite list. * Added new error codes and debug messages about selection of ciphersuite/certificate. Bugfix * Stack buffer overflow if ctr_drbg_update() is called with too large add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE if memory_buffer_alloc_init() was called with buf not aligned and len not a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely). * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found by Julian Ospald). * Fix potential undefined behaviour in Camellia. * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a multiple of 8 (found by Gergely Budai). * Fix unchecked return code in x509_crt_parse_path() on Windows (found by Peter Vaskovic). * Fix assembly selection for MIPS64 (thanks to James Cowgill). * ssl_get_verify_result() now works even if the handshake was aborted due to a failed verification (found by Fredrik Axelsson). * Skip writing and parsing signature_algorithm extension if none of the key exchanges enabled needs certificates. This fixes a possible interop issue with some servers when a zero-length extension was sent. (Reported by Peter Dettman.) * On a 0-length input, base64_encode() did not correctly set output length (found by Hendrik van den Boogaard). Changes * Use deterministic nonces for AEAD ciphers in TLS by default (possible to switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. * ssl_set_own_cert() now returns an error on key-certificate mismatch. * Forbid repeated extensions in X.509 certificates. * debug_print_buf() now prints a text view in addition to hexadecimal. * A specific error is now returned when there are ciphersuites in common but none of them is usable due to external factors such as no certificate with a suitable (extended)KeyUsage or curve or no PSK set. * It is now possible to disable negotiation of truncated HMAC server-side @ text @d1 1 a1 1 $NetBSD: patch-programs_test_CMakeLists.txt,v 1.1 2015/03/28 19:00:28 rodent Exp $ @