Jethro Beekman
d2df936e67
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
...
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:01:18 -07:00
Jaeden Amero
8be0e6db41
Update version to 2.8.0
2018-03-16 16:25:12 +00:00
Jaeden Amero
79a5e72719
Merge remote-tracking branch 'upstream-restricted/pr/463' into development-restricted-proposed
2018-03-15 08:25:05 +00:00
Jaeden Amero
24b2d6fb6d
Merge remote-tracking branch 'upstream-restricted/pr/459' into development-restricted-proposed
2018-03-15 08:24:44 +00:00
Jaeden Amero
8e4ff12909
Merge branch 'development-proposed' into development-restricted-proposed
2018-03-15 08:23:55 +00:00
Jaeden Amero
ce183d994c
Merge remote-tracking branch 'upstream-public/pr/1448' into development-proposed
2018-03-15 08:23:53 +00:00
Jaeden Amero
d1fedc55d7
Merge remote-tracking branch 'upstream-public/pr/1440' into development-proposed
2018-03-15 08:23:35 +00:00
Jaeden Amero
95ad522ecc
Merge remote-tracking branch 'upstream-public/pr/1439' into development-proposed
2018-03-15 08:23:10 +00:00
Jaeden Amero
64293777eb
Merge remote-tracking branch 'upstream-public/pr/1423' into development-proposed
2018-03-15 08:22:48 +00:00
Jaeden Amero
a53d9abfe8
Merge remote-tracking branch 'upstream-public/pr/1051' into development-proposed
2018-03-15 08:22:48 +00:00
Manuel Pégourié-Gonnard
47a98d4e2c
fixup previous commit: add forgotten file
2018-03-14 14:08:57 +01:00
Manuel Pégourié-Gonnard
a63305d134
x509: CRL: add tests for non-critical extension
...
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:44:54 +01:00
Manuel Pégourié-Gonnard
0bdb050b2d
x509: CRL: add tests for malformed extensions
...
This covers all lines added in the previous commit. Coverage was tested using:
make CFLAGS='--coverage -g3 -O0'
(cd tests && ./test_suite_x509parse)
make lcov
firefox Coverage/index.html # then visual check
Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:00:55 +01:00
Krzysztof Stachowiak
7fa1ae70c8
Add Changelog entry
2018-03-14 11:57:37 +01:00
Krzysztof Stachowiak
00bbf572af
Update change log
2018-03-14 11:14:13 +01:00
Manuel Pégourié-Gonnard
fd3e4fbae7
x509: CRL: reject unsupported critical extensions
2018-03-14 09:15:02 +01:00
Gilles Peskine
5f1932817c
Merge remote-tracking branch 'upstream-restricted/pr/398' into development-restricted-proposed
2018-03-13 17:18:06 +01:00
Gilles Peskine
553a06f08a
Merge remote-tracking branch 'upstream-restricted/pr/351' into development-restricted-proposed
...
Move the added ChangeLog entry to the bottom so that the list remains
in merge order.
2018-03-13 17:15:34 +01:00
Krzysztof Stachowiak
5224a7544c
Prevent arithmetic overflow on bounds check
2018-03-13 11:31:38 +01:00
Krzysztof Stachowiak
740b218386
Add bounds check before length read
2018-03-13 11:31:14 +01:00
Krzysztof Stachowiak
027f84c69f
Prevent arithmetic overflow on bounds check
2018-03-13 11:29:24 +01:00
Krzysztof Stachowiak
a1098f81c2
Add bounds check before signature length read
2018-03-13 11:28:49 +01:00
Gilles Peskine
f3ada4adb0
Merge branch 'pr_679' into development-proposed
2018-03-13 00:13:29 +01:00
Gilles Peskine
6dc4a31988
Add ChangeLog entry. Fixes #678
2018-03-13 00:13:06 +01:00
Gilles Peskine
13678d251f
Merge remote-tracking branch 'upstream-public/pr/922' into development-proposed
2018-03-13 00:10:07 +01:00
Gilles Peskine
d5f7d24e84
Merge branch 'pr_1064' into development-proposed
2018-03-13 00:08:05 +01:00
Gilles Peskine
3ff4a074af
Fix ChangeLog style. Fix #918
2018-03-13 00:06:19 +01:00
Gilles Peskine
a31d8206b1
Merge remote-tracking branch 'upstream-public/pr/778' into development-proposed
2018-03-12 23:45:08 +01:00
Gilles Peskine
69845ed00d
Merge remote-tracking branch 'upstream-public/pr/1241' into development-proposed
2018-03-12 23:43:30 +01:00
Gilles Peskine
b21a085bae
Show build modes in code font
...
This clarifies that it's the string to type and not just some
description of it.
2018-03-12 13:12:34 +01:00
Gilles Peskine
469b882947
Merge branch 'pr_1407' into development-proposed
2018-03-11 00:45:10 +01:00
Gilles Peskine
754768262b
Merge remote-tracking branch 'upstream-public/pr/1249' into development-proposed
2018-03-11 00:45:10 +01:00
Gilles Peskine
19c3862d0c
Merge remote-tracking branch 'upstream-public/pr/1079' into development-proposed
2018-03-11 00:45:10 +01:00
Gilles Peskine
34ba06fac8
Merge remote-tracking branch 'upstream-public/pr/1012' into development-proposed
2018-03-11 00:45:09 +01:00
Gilles Peskine
b4c571e603
Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD
2018-03-11 00:44:14 +01:00
Gilles Peskine
3f1b89d251
This fixes #664
2018-03-11 00:35:39 +01:00
Gilles Peskine
08af538ec9
Fix grammar in ChangeLog entry
2018-03-11 00:20:08 +01:00
Gilles Peskine
29d7d4da2f
Merge remote-tracking branch 'upstream-public/pr/936' into development-proposed
2018-03-10 23:51:58 +01:00
Gilles Peskine
9c4f4038dd
Add changelog entry
2018-03-10 23:36:30 +01:00
Gilles Peskine
1ed45ea36b
Refer to X.690 by number
...
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
2018-03-08 18:19:17 +01:00
Hanno Becker
6f486a6fb5
Fix merge error
2018-03-08 13:31:44 +00:00
Hanno Becker
e494e20f0c
Move and reword deprecation warning/error on compression support
2018-03-08 13:26:12 +00:00
Sanne Wouda
22797fcc57
Remove redundant dependency
2018-03-06 23:35:14 +01:00
Sanne Wouda
bb50113123
Rename test and update dependencies
2018-03-06 23:35:14 +01:00
Sanne Wouda
cf79312a6d
Update changelog entry
2018-03-06 23:31:52 +01:00
Sanne Wouda
52895b2b2e
Add Changelog entry
2018-03-06 23:31:52 +01:00
Sanne Wouda
90da97d587
Add test case found through fuzzing to pkparse test suite
2018-03-06 23:31:12 +01:00
Sanne Wouda
7b2e85dd7c
Use both applicable error codes and a proper coding style
2018-03-06 23:28:46 +01:00
Sanne Wouda
b2b29d5259
Add end-of-buffer check to prevent heap-buffer-overflow
...
Dereference of *p should not happen when it points past the end of the
buffer.
Internal reference: IOTSSL-1663
2018-03-06 23:28:46 +01:00
Hanno Becker
cf092b2ccf
Deprecate support for record compression
2018-03-06 14:27:09 +00:00