yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 01:31:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
4368 commits 88 branches 205 tags 69 MiB
Commit graph

4368 commits

This branch
This branch
All branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard e3e8edfa51 Fix potential integer overflow in prev. commit 
Found by Clang's -Wshift-count-overflow
 2015-12-01 09:34:36 +01:00
Simon Butcher 15b15d1361 Added integer divide by as separate function 
Added 64bit integer divided by 32bit integer, with remainder
 2015-11-26 19:35:03 +00:00
Manuel Pégourié-Gonnard 3134ef0504 footprint.sh: tune output again 2015-11-25 10:50:27 +00:00
Manuel Pégourié-Gonnard 4553a6cdcf footprint.sh: improve printed output 2015-11-25 10:39:54 +00:00
Manuel Pégourié-Gonnard f4569b14c4 Fix bug checking pathlen on first intermediate 
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.

The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)

fixes #280
 2015-11-19 11:10:38 +01:00
Manuel Pégourié-Gonnard 8b4331aa56 Add test case for root with max_pathlen=0 
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
 2015-11-19 11:10:33 +01:00
Manuel Pégourié-Gonnard a3aa43da5f Add test case for first intermediate max_pathlen=0 
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
 2015-11-19 10:56:30 +01:00
Simon Butcher 8254ed2a9f Change version number to 2.2.0 
Changed for library and yotta module
 2015-11-04 19:55:40 +00:00
Simon Butcher 59a8fa7e2e Corrected typo in ChangeLog 2015-11-03 23:09:28 +00:00
Manuel Pégourié-Gonnard bd3639852c Merge branch 'iotssl-519-asn1write-overflows-restricted' into development-restricted 
* iotssl-519-asn1write-overflows-restricted:
  Fix other int casts in bounds checking
  Fix other occurrences of same bounds check issue
  Fix potential buffer overflow in asn1write
 2015-11-02 11:07:30 +09:00
Manuel Pégourié-Gonnard 537e2a9b58 Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted 
* iotssl-518-winpathlen-restricted:
  Fix potential heap corruption on Windows
 2015-11-02 11:04:59 +09:00
Manuel Pégourié-Gonnard f8b2442e2f Merge branch 'iotssl-517-double-free-restricted' into development-restricted 
* iotssl-517-double-free-restricted:
  Fix potential double-free in ssl_conf_psk()
 2015-11-02 11:03:32 +09:00
Manuel Pégourié-Gonnard ce0e3f7f5c Bump yotta version number to 2.2.0-rc2 2015-11-02 06:53:44 +09:00
Manuel Pégourié-Gonnard a8838af8e6 Use own implementation of strsep() 
Not available on windows, and strtok() is not a good option
 2015-11-02 06:44:24 +09:00
Manuel Pégourié-Gonnard 644c2e0fdb Add new program to gitignore 2015-11-02 06:34:29 +09:00
Manuel Pégourié-Gonnard c99dffad36 Add ChangeLog entry for ASN.1 DER boolean fix 2015-11-02 06:00:02 +09:00
Manuel Pégourié-Gonnard 0a543a8bc5 Merge pull request #320 from Inikup/fix-issue-318 
Fix boolean values according to DER specs
 2015-11-02 05:52:42 +09:00
Manuel Pégourié-Gonnard 1c6f19aa47 Merge pull request #317 from Inikup/fix-issue-315 
cert_write : fix "Destination buffer is too small" error
 2015-11-02 05:52:26 +09:00
Manuel Pégourié-Gonnard ba1d897987 Merge branch 'bugfixes' into development 
* bugfixes:
  Fix typo in an OID name
  Disable reportedly broken assembly of Sparc(64)
 2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard 568f1e7cb3 Merge branch 'iotssl-515-max-pathlen' into development 
* iotssl-515-max-pathlen:
  Add Changelog entries for this branch
  Fix a style issue
  Fix whitespace at EOL issues
  Use symbolic constants in test data
  Fixed pathlen contraint enforcement.
  Additional corner cases for testing pathlen constrains. Just in case.
  Added test case for pathlen constrains in intermediate certificates
 2015-11-02 05:49:08 +09:00
Janos Follath 6c92268093 Improved on the previous fix and added a test case to cover both types 
of carries.
 2015-10-30 17:50:12 +01:00
Manuel Pégourié-Gonnard 1fa36597fc Merge remote-tracking branch 'refs/remotes/origin/development' into development 
* refs/remotes/origin/development:
  Fix help message for cert_req/cert_write programs
 2015-10-30 16:54:35 +01:00
Manuel Pégourié-Gonnard 54eeecfff3 Merge pull request #316 from Inikup/help-key_cert_sign-fix 
Fix help message for cert_req/cert_write programs
 2015-10-30 14:50:42 +01:00
Manuel Pégourié-Gonnard 067523ef98 Small improvement to test script 2015-10-30 11:15:40 +01:00
Manuel Pégourié-Gonnard fb84d38b45 Try to prevent some misuse of RSA functions 
fixes #331
 2015-10-30 10:56:25 +01:00
Manuel Pégourié-Gonnard 2b624e9b39 Add Changelog entries for this branch 2015-10-30 09:45:34 +01:00
Manuel Pégourié-Gonnard 45777c384d Fix a style issue 2015-10-30 09:24:28 +01:00
Manuel Pégourié-Gonnard e670f90e48 Fix whitespace at EOL issues 2015-10-30 09:23:19 +01:00
Manuel Pégourié-Gonnard 03dde85c3b Use symbolic constants in test data 2015-10-30 09:18:06 +01:00
Manuel Pégourié-Gonnard f7a4688257 Mention new test script in Readme 2015-10-28 13:43:43 +01:00
Manuel Pégourié-Gonnard 8de8a327f4 Bump yotta version to 2.2.0-rc.1 2015-10-27 18:09:39 +01:00
Simon Butcher 6edd78bd8b Merge branch 'misc' into development 2015-10-27 16:58:01 +00:00
Simon Butcher 204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
Simon Butcher 459a950f31 Fixed typo in comment 2015-10-27 16:09:03 +00:00
Simon Butcher b48ace74c4 Merge branch 'iotssl-513-alerts' into development 2015-10-27 16:06:10 +00:00
Simon Butcher 62aab15085 Merge branch 'development' into iotssl-513-alerts 2015-10-27 16:05:34 +00:00
Simon Butcher c87747b675 Removed debug code accidentally left in test code 
Removed debug code accidentally left in test_suite_x509parse.function.
 2015-10-27 15:16:51 +00:00
Simon Butcher fa8094ea40 Merge branch 'iotssl-521-keylen-check' into development 2015-10-27 15:15:40 +00:00
Simon Butcher 5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard e0b2feae34 Mention performance fix in ChangeLog 2015-10-27 10:24:54 +01:00
Simon Butcher e357a64355 Merge pull request #328 from ARMmbed/iotssl-461-ecjpake-finalization 
Iotssl 461 ecjpake finalization
 2015-10-27 00:08:31 +00:00
Manuel Pégourié-Gonnard 231a065909 yotta Readme: edited by Irit 2015-10-26 17:50:04 +01:00
Janos Follath 3fc644f246 Removed recursion from fix #309. 2015-10-25 14:24:10 +01:00
Janos Follath 8483e28e21 Merge remote-tracking branch 'upstream/development' into iss309 2015-10-25 12:36:03 +01:00
Janos Follath 6cbacec3b3 Improved on the fix of #309 and extended the test to cover subroutines. 2015-10-25 12:31:27 +01:00
Janos Follath 044a86bde8 Tests and fix added for #309 (inplace mpi doubling). 2015-10-25 10:58:03 +01:00
Manuel Pégourié-Gonnard 65eefc8707 Fix missing check for RSA key length on EE certs 
- also adapt tests to use lesser requirement for compatibility with old
  testing material
 2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard ac8673cb3f Add quick script to estimate ROM footprint 2015-10-23 15:51:02 +02:00
Manuel Pégourié-Gonnard de9f953b9f Optimize more common cases in ecp_muladd() 2015-10-23 15:50:37 +02:00
Manuel Pégourié-Gonnard d21eb2ae81 Fix attribution in ChangeLog 2015-10-23 15:35:02 +02:00