Jaeden Amero
402256184a
Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
...
Resolve conflicts in ChangeLog.
2018-04-26 09:03:51 +01:00
Andrzej Kurek
149f3a4d73
Change variable bytes_written to header_bytes in record decompression
...
The name is changed to better reflect the input, decompression case
2018-04-24 06:32:44 -04:00
Andrzej Kurek
c3a3e2df0e
ssl_tls: Fix invalid buffer sizes during compression / decompression
...
Adjust information passed to zlib to include already written data.
2018-04-23 08:39:13 -04:00
Manuel Pégourié-Gonnard
8bce3685f5
Merge remote-tracking branch 'restricted/pr/468' into mbedtls-2.7-restricted-proposed
...
* restricted/pr/468:
Improve comments style
Remove a redundant test
Add buffer size check before cert_type_len read
Update change log
Add a missing buffer size check
Correct buffer size check
2018-04-18 12:21:36 +02:00
Krzysztof Stachowiak
affb4f8e90
Improve comments style
2018-04-10 13:43:23 +02:00
Krzysztof Stachowiak
5ca4c5a15d
Remove a redundant test
2018-04-10 13:43:17 +02:00
Krzysztof Stachowiak
314f16136f
Add buffer size check before cert_type_len read
2018-04-10 13:43:10 +02:00
Krzysztof Stachowiak
071f9a3e47
Add a missing buffer size check
2018-04-04 13:44:04 +02:00
Krzysztof Stachowiak
3d8663b4f9
Correct buffer size check
...
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-04-04 13:43:00 +02:00
Jaeden Amero
d8e0cec63b
Merge remote-tracking branch 'upstream-public/pr/1464' into mbedtls-2.7-proposed
2018-04-03 18:27:54 +01:00
Jaeden Amero
b5f53b1039
Merge remote-tracking branch 'upstream-public/pr/1401' into mbedtls-2.7-proposed
2018-04-03 12:09:45 +01:00
Jaeden Amero
e7dc46240d
Merge remote-tracking branch 'upstream-public/pr/1543' into mbedtls-2.7-proposed
2018-04-03 12:03:30 +01:00
mohammad1603
29ed80f79f
Fix compatibility problem in the printed message
...
Replace %zu with %lu and add cast for the printed value.
2018-04-02 07:34:26 -07:00
Gilles Peskine
595c84a7b1
Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed
2018-04-01 12:41:29 +02:00
Gilles Peskine
a0e03a81a7
Merge branch 'pr_1538' into mbedtls-2.7-proposed
2018-04-01 12:35:50 +02:00
Gilles Peskine
cc78ac46e7
Update error.c
2018-03-30 18:52:10 +02:00
Gilles Peskine
5114d3e4e1
Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
...
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Andy Leiserson
38a29ee5d0
return plaintext data faster on unpadded decryption
2018-03-29 08:39:55 -04:00
Jaeden Amero
38e37bdd56
Merge remote-tracking branch 'upstream-public/pr/1529' into mbedtls-2.7-proposed
2018-03-29 11:00:09 +01:00
mohammad1603
44a6a688c8
Check whether INT_MAX larger than SIZE_MAX scenario
...
Check whether INT_MAX larger than SIZE_MAX scenario
2018-03-28 23:45:33 -07:00
Jaeden Amero
5166a188eb
Merge remote-tracking branch 'upstream-public/pr/1468' into mbedtls-2.7-proposed
2018-03-28 15:36:36 +01:00
Jaeden Amero
0d891042d1
Merge remote-tracking branch 'upstream-public/pr/1524' into mbedtls-2.7-proposed
2018-03-28 15:33:45 +01:00
Jaeden Amero
ef59b732c2
Merge remote-tracking branch 'upstream-public/pr/1479' into mbedtls-2.7-proposed
2018-03-28 14:21:19 +01:00
Jethro Beekman
004e37117c
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
...
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-28 11:29:21 +02:00
Andres Amaya Garcia
24e8283309
Fix coding style in pkcs5.c preprocessor directives
2018-03-27 21:25:53 +01:00
Marcos Del Sol Vives
a1bc0e25b7
Compile PBES2 in PKCS5 only if ASN1 is enabled
2018-03-27 21:25:52 +01:00
Andres Amaya Garcia
2f1595238a
Allow overriding ar param prefix in library/Makefile
2018-03-26 00:08:36 +01:00
Andres Amaya Garcia
2679c1c81e
Make DLEXT var configurable in library/Makefile
2018-03-26 00:08:33 +01:00
Jaeden Amero
877c6dcf22
Merge remote-tracking branch 'upstream-restricted/pr/456' into mbedtls-2.7
2018-03-23 11:19:43 +00:00
Gilles Peskine
2cfeb887b4
Merge tag 'mbedtls-2.7.2' into iotssl-1381-x509-verify-refactor-2.7-restricted
...
Conflict resolution:
* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
addition. In addition some of the additions in the
iotssl-1381-x509-verify-refactor-restricted branch need support for
keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:12:44 +01:00
mohammad1603
2ea2d686e2
Verify that f_send and f_recv send and receive the expected length
...
Verify that f_send and f_recv send and receive the expected length
Conflicts:
ChangeLog
2018-03-22 14:56:28 -07:00
Gilles Peskine
d675986506
Merge remote-tracking branch 'upstream-public/pr/1256' into mbedtls-2.7-proposed
2018-03-22 21:52:01 +01:00
Gilles Peskine
8980da5caf
Merge remote-tracking branch 'myfork/pr_726' into mbedtls-2.7-proposed
2018-03-22 21:49:43 +01:00
Gergely Budai
8190678c01
Do not define and initialize global mutexes on configurations that do not use them.
2018-03-21 15:13:08 +00:00
Mitsuhiro Nakamura
1e3c00090a
Fix dylib linking
2018-03-21 11:18:09 +00:00
Gilles Peskine
21701305ce
Robustness fix in mbedtls_ssl_derive_keys
...
In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in
ciphersuites that don't use HMAC. This doesn't change the behavior of
the code, but avoids relying on an uncaught error when attempting to
start an HMAC operation that hadn't been initialized.
2018-03-20 18:41:25 +01:00
mohammad1603
b11af86daf
Avoid wraparound on in_left
...
Avoid wraparound on in_left
2018-03-19 07:18:13 -07:00
Jaeden Amero
9ae1fba869
Update version to 2.7.2
2018-03-16 16:30:17 +00:00
Jaeden Amero
c9908f010a
Merge remote-tracking branch 'upstream-public/pr/1064' into mbedtls-2.7-restricted-proposed
2018-03-15 14:58:24 +00:00
Jaeden Amero
e0b1a73c56
Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed
2018-03-15 14:36:47 +00:00
Jaeden Amero
73923e1575
Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed
2018-03-15 14:36:22 +00:00
Jaeden Amero
8a032e6051
Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
2018-03-15 14:35:47 +00:00
Jaeden Amero
32ae73b289
Merge remote-tracking branch 'upstream-public/pr/1448' into mbedtls-2.7-proposed
2018-03-15 14:33:29 +00:00
Jaeden Amero
100273ddfb
Merge remote-tracking branch 'upstream-public/pr/1449' into mbedtls-2.7-proposed
2018-03-15 14:32:54 +00:00
Jaeden Amero
e1c916ca5e
Merge remote-tracking branch 'upstream-public/pr/1451' into mbedtls-2.7-proposed
2018-03-15 08:34:33 +00:00
Krzysztof Stachowiak
b5609f3ca5
Prevent arithmetic overflow on bould check
2018-03-14 11:41:47 +01:00
Krzysztof Stachowiak
b3e8f9e2e6
Add bounds check before signature
2018-03-14 11:40:55 +01:00
Krzysztof Stachowiak
8e0b1166b6
Prevent arithmetic overflow on bounds check
2018-03-14 11:21:35 +01:00
Krzysztof Stachowiak
9e1839bc43
Add bounds check before length read
2018-03-14 11:20:46 +01:00
Manuel Pégourié-Gonnard
5a9f46e57c
x509: CRL: reject unsupported critical extensions
2018-03-14 09:24:12 +01:00