Commit graph

6304 commits

Author SHA1 Message Date
Jaeden Amero e0b1a73c56 Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:47 +00:00
Jaeden Amero 73923e1575 Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:22 +00:00
Jaeden Amero 8a032e6051 Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed 2018-03-15 14:35:47 +00:00
Jaeden Amero 32ae73b289 Merge remote-tracking branch 'upstream-public/pr/1448' into mbedtls-2.7-proposed 2018-03-15 14:33:29 +00:00
Jaeden Amero 100273ddfb Merge remote-tracking branch 'upstream-public/pr/1449' into mbedtls-2.7-proposed 2018-03-15 14:32:54 +00:00
Jaeden Amero e1c916ca5e Merge remote-tracking branch 'upstream-public/pr/1451' into mbedtls-2.7-proposed 2018-03-15 08:34:33 +00:00
Manuel Pégourié-Gonnard c3901d4cd3 fixup previous commit: add forgotten file 2018-03-14 14:10:19 +01:00
Manuel Pégourié-Gonnard dae3fc3fe0 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:46:54 +01:00
Manuel Pégourié-Gonnard 282159c318 x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:46:53 +01:00
Krzysztof Stachowiak 4e0141fc00 Update change log 2018-03-14 11:43:00 +01:00
Krzysztof Stachowiak b5609f3ca5 Prevent arithmetic overflow on bould check 2018-03-14 11:41:47 +01:00
Krzysztof Stachowiak b3e8f9e2e6 Add bounds check before signature 2018-03-14 11:40:55 +01:00
Krzysztof Stachowiak bcb8149510 Update change log 2018-03-14 11:23:34 +01:00
Krzysztof Stachowiak 8e0b1166b6 Prevent arithmetic overflow on bounds check 2018-03-14 11:21:35 +01:00
Krzysztof Stachowiak 9e1839bc43 Add bounds check before length read 2018-03-14 11:20:46 +01:00
Manuel Pégourié-Gonnard 5a9f46e57c x509: CRL: reject unsupported critical extensions 2018-03-14 09:24:12 +01:00
Jaeden Amero 1a6ddb4382 Merge branch 'mbedtls-2.7' into mbedtls-2.7-restricted 2018-03-13 17:28:20 +00:00
Gilles Peskine 6013004fa9 Note in the changelog that this fixes an interoperability issue.
Fixes #1339
2018-03-13 17:27:53 +00:00
Gilles Peskine 64540d9577 Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:46 +01:00
Gilles Peskine 955d70459d Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:33 +01:00
Manuel Pégourié-Gonnard b0ba5bccff Yet another dependency issue (PKCS1_V15)
Found by running:

CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl

(Also tested with same command but CC=gcc)

Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:44:45 +01:00
Andrzej Kurek f21eaa1502 Add a missing bracket in ifdef for __cplusplus 2018-03-13 08:17:28 -04:00
Gilles Peskine 427ff4836c Merge remote-tracking branch 'upstream-public/pr/1219' into mbedtls-2.7-proposed 2018-03-12 23:52:24 +01:00
Gilles Peskine c5671bdcf4 Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed 2018-03-12 23:44:56 +01:00
Gilles Peskine 4668d8359c Merge remote-tracking branch 'upstream-public/pr/1241' into mbedtls-2.7-proposed 2018-03-12 23:42:46 +01:00
Manuel Pégourié-Gonnard a3c5ad5db0 Fix remaining issues found by depend-hashes 2018-03-12 15:51:32 +01:00
Manuel Pégourié-Gonnard b314ece10b Fix remaining issues found by depend-pkalgs 2018-03-12 15:51:30 +01:00
Gilles Peskine b21a085bae Show build modes in code font
This clarifies that it's the string to type and not just some
description of it.
2018-03-12 13:12:34 +01:00
Gilles Peskine 8eda5ec8b4 Merge branch 'pr_1408' into mbedtls-2.7-proposed 2018-03-11 00:48:18 +01:00
Gilles Peskine 4848b97bc7 Merge remote-tracking branch 'upstream-public/pr/1249' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Gilles Peskine dd7f5b9a37 Merge remote-tracking branch 'upstream-public/pr/1079' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Gilles Peskine 7b7c64424f Merge remote-tracking branch 'upstream-public/pr/1012' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Gilles Peskine 158fc33368 Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD 2018-03-11 00:47:54 +01:00
Gilles Peskine 3f1b89d251 This fixes #664 2018-03-11 00:35:39 +01:00
Gilles Peskine 0ee482c82c Fix grammar in ChangeLog entry 2018-03-11 00:18:50 +01:00
Gilles Peskine c0826f1625 Merge remote-tracking branch 'upstream-public/pr/936' into mbedtls-2.7-proposed 2018-03-10 23:48:10 +01:00
Gilles Peskine 9c4f4038dd Add changelog entry 2018-03-10 23:36:30 +01:00
Hanno Becker 930ec7dfe5 Minor fixes 2018-03-09 10:48:12 +00:00
Hanno Becker 26f1f6061d Improve documentation on the use of blinding in RSA 2018-03-09 10:47:30 +00:00
Hanno Becker e856e84de3 Don't enable RSA_NO_CRT in config.pl full 2018-03-09 10:47:01 +00:00
Hanno Becker 70e66395b5 Adapt ChangeLog 2018-03-09 10:46:43 +00:00
Hanno Becker 69d45cce5d Add a run with RSA_NO_CRT to all.sh 2018-03-09 10:46:23 +00:00
Hanno Becker a5fa07958e Verify the result of RSA private key operations
If RSA-CRT is used for signing, and if an attacker can cause a glitch
in one of the two computations modulo P or Q, the difference between
the faulty and the correct signature (which is not secret) will be
divisible by P or Q, but not by both, allowing to recover the private
key by taking the GCD with the public RSA modulus N. This is known as
the Bellcore Glitch Attack. Verifying the RSA signature before handing
it out is a countermeasure against it.
2018-03-09 10:42:23 +00:00
Gilles Peskine c1a493d79b Refer to X.690 by number
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
2018-03-08 18:18:34 +01:00
Manuel Pégourié-Gonnard e786a7ecdb x509: fix remaining unchecked call to mbedtls_md()
The other two calls have been fixed already, fix that one too for consistency.
2018-03-07 09:41:20 +01:00
Manuel Pégourié-Gonnard 71df3733d0 Clarify mutual references in comments 2018-03-07 09:36:30 +01:00
Sanne Wouda 22797fcc57 Remove redundant dependency 2018-03-06 23:35:14 +01:00
Sanne Wouda bb50113123 Rename test and update dependencies 2018-03-06 23:35:14 +01:00
Sanne Wouda cf79312a6d Update changelog entry 2018-03-06 23:31:52 +01:00
Sanne Wouda 52895b2b2e Add Changelog entry 2018-03-06 23:31:52 +01:00