Gilles Peskine
69d1b293fc
Merge remote-tracking branch 'myfork/pr_1073' into mbedtls-2.7-proposed
2018-03-22 21:53:22 +01:00
Gilles Peskine
d675986506
Merge remote-tracking branch 'upstream-public/pr/1256' into mbedtls-2.7-proposed
2018-03-22 21:52:01 +01:00
Gilles Peskine
8980da5caf
Merge remote-tracking branch 'myfork/pr_726' into mbedtls-2.7-proposed
2018-03-22 21:49:43 +01:00
Gilles Peskine
88c6df1ce8
Add ChangeLog entry
2018-03-22 21:48:28 +01:00
Gilles Peskine
48115740da
Merge remote-tracking branch 'upstream-public/pr/1442' into mbedtls-2.7-proposed
2018-03-22 21:30:19 +01:00
Gilles Peskine
9b9cc616ca
Add ChangeLog entry
2018-03-22 17:03:45 +01:00
Andres Amaya Garcia
56c72480ca
Add ChangeLog entry for redundant mutex initialization optimizations
2018-03-21 17:39:14 +00:00
Gergely Budai
8190678c01
Do not define and initialize global mutexes on configurations that do not use them.
2018-03-21 15:13:08 +00:00
Gilles Peskine
0114ffc76b
all.sh: Verify out-of-tree testing with CMake
...
Run a test case in ssl-opt.sh to validate that testing works in an
out-of-tree CMake build.
2018-03-21 12:29:20 +01:00
Gilles Peskine
a71d64c74f
all.sh: fix cleanup happening during an out-of-tree build
2018-03-21 12:29:15 +01:00
Gilles Peskine
31b07e2833
all.sh: be more conservative when cleaning up CMake artefacts
...
Only delete things that we expect to find, to avoid deleting other
things that people might have lying around in their build tree.
Explicitly skip .git to avoid e.g. accidentally matching a branch
name.
2018-03-21 12:29:08 +01:00
Gilles Peskine
8405257035
Support out-of-tree testing with CMake
...
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:28:59 +01:00
Andres Amaya Garcia
d90d0dcaf1
Add ChangeLog entry for dylib builds using Makefile
2018-03-21 11:19:47 +00:00
Mitsuhiro Nakamura
1e3c00090a
Fix dylib linking
2018-03-21 11:18:09 +00:00
Gilles Peskine
19ceb7104c
all.sh: add opposites to all boolean options
...
All options can now be overridden by a subsequent option, e.g.
"all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This
allows making wrapper scripts with default options and occasionally
overriding those options when running the wrapper script.
2018-03-21 08:48:40 +01:00
Gilles Peskine
54933e95bd
all.sh: option parsing: reduce vertical spread
...
Only whitespace changes.
2018-03-21 08:48:33 +01:00
Gilles Peskine
53038ebecc
all.sh: with --no-armcc, don't call armcc from output_env.sh
...
When not running armcc, don't try to invoke armcc at all, not even to
report its version.
2018-03-21 08:48:26 +01:00
Gilles Peskine
21701305ce
Robustness fix in mbedtls_ssl_derive_keys
...
In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in
ciphersuites that don't use HMAC. This doesn't change the behavior of
the code, but avoids relying on an uncaught error when attempting to
start an HMAC operation that hadn't been initialized.
2018-03-20 18:41:25 +01:00
mohammad1603
b11af86daf
Avoid wraparound on in_left
...
Avoid wraparound on in_left
2018-03-19 07:18:13 -07:00
Jaeden Amero
9ae1fba869
Update version to 2.7.2
2018-03-16 16:30:17 +00:00
Simon Butcher
001427b6c3
Add clarity to use of the rsa_internal.h interface
...
Added additional clarification to the use of the rsa_internal.h interface and as
and when it can be used by whom. Policy hasn't changed, but it needed to be
clearer who can and can't use it and it's level of support.
2018-03-16 15:46:29 +00:00
Jaeden Amero
c9908f010a
Merge remote-tracking branch 'upstream-public/pr/1064' into mbedtls-2.7-restricted-proposed
2018-03-15 14:58:24 +00:00
Jaeden Amero
e0b1a73c56
Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed
2018-03-15 14:36:47 +00:00
Jaeden Amero
73923e1575
Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed
2018-03-15 14:36:22 +00:00
Jaeden Amero
8a032e6051
Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
2018-03-15 14:35:47 +00:00
Jaeden Amero
32ae73b289
Merge remote-tracking branch 'upstream-public/pr/1448' into mbedtls-2.7-proposed
2018-03-15 14:33:29 +00:00
Jaeden Amero
100273ddfb
Merge remote-tracking branch 'upstream-public/pr/1449' into mbedtls-2.7-proposed
2018-03-15 14:32:54 +00:00
Jaeden Amero
e1c916ca5e
Merge remote-tracking branch 'upstream-public/pr/1451' into mbedtls-2.7-proposed
2018-03-15 08:34:33 +00:00
Manuel Pégourié-Gonnard
c3901d4cd3
fixup previous commit: add forgotten file
2018-03-14 14:10:19 +01:00
Manuel Pégourié-Gonnard
dae3fc3fe0
x509: CRL: add tests for non-critical extension
...
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:46:54 +01:00
Manuel Pégourié-Gonnard
282159c318
x509: CRL: add tests for malformed extensions
...
This covers all lines added in the previous commit. Coverage was tested using:
make CFLAGS='--coverage -g3 -O0'
(cd tests && ./test_suite_x509parse)
make lcov
firefox Coverage/index.html # then visual check
Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:46:53 +01:00
Krzysztof Stachowiak
4e0141fc00
Update change log
2018-03-14 11:43:00 +01:00
Krzysztof Stachowiak
b5609f3ca5
Prevent arithmetic overflow on bould check
2018-03-14 11:41:47 +01:00
Krzysztof Stachowiak
b3e8f9e2e6
Add bounds check before signature
2018-03-14 11:40:55 +01:00
Krzysztof Stachowiak
bcb8149510
Update change log
2018-03-14 11:23:34 +01:00
Krzysztof Stachowiak
8e0b1166b6
Prevent arithmetic overflow on bounds check
2018-03-14 11:21:35 +01:00
Krzysztof Stachowiak
9e1839bc43
Add bounds check before length read
2018-03-14 11:20:46 +01:00
Manuel Pégourié-Gonnard
5a9f46e57c
x509: CRL: reject unsupported critical extensions
2018-03-14 09:24:12 +01:00
Jaeden Amero
1a6ddb4382
Merge branch 'mbedtls-2.7' into mbedtls-2.7-restricted
2018-03-13 17:28:20 +00:00
Gilles Peskine
6013004fa9
Note in the changelog that this fixes an interoperability issue.
...
Fixes #1339
2018-03-13 17:27:53 +00:00
Gilles Peskine
64540d9577
Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed
2018-03-13 17:24:46 +01:00
Gilles Peskine
955d70459d
Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed
2018-03-13 17:24:33 +01:00
Manuel Pégourié-Gonnard
b0ba5bccff
Yet another dependency issue (PKCS1_V15)
...
Found by running:
CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl
(Also tested with same command but CC=gcc)
Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:44:45 +01:00
Andrzej Kurek
f21eaa1502
Add a missing bracket in ifdef for __cplusplus
2018-03-13 08:17:28 -04:00
Gilles Peskine
427ff4836c
Merge remote-tracking branch 'upstream-public/pr/1219' into mbedtls-2.7-proposed
2018-03-12 23:52:24 +01:00
Gilles Peskine
c5671bdcf4
Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed
2018-03-12 23:44:56 +01:00
Gilles Peskine
4668d8359c
Merge remote-tracking branch 'upstream-public/pr/1241' into mbedtls-2.7-proposed
2018-03-12 23:42:46 +01:00
Manuel Pégourié-Gonnard
a3c5ad5db0
Fix remaining issues found by depend-hashes
2018-03-12 15:51:32 +01:00
Manuel Pégourié-Gonnard
b314ece10b
Fix remaining issues found by depend-pkalgs
2018-03-12 15:51:30 +01:00
Gilles Peskine
b21a085bae
Show build modes in code font
...
This clarifies that it's the string to type and not just some
description of it.
2018-03-12 13:12:34 +01:00