If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
Inspired by test code provided by Nicholas Wilson in PR #351.
The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.
Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
Modify the function x509_csr_parse_der() so that it checks the parsed
CSR version integer before it increments the value. This prevents a
potential signed integer overflow, as these have undefined behaviour in
the C standard.
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
Modify the mbedtls/Makefile and tests/Makefile files to avoid executing
POSIX shell commands. Furthermore, ensure that perl scripts explicitly
invoke the interpreter instead of relying on the environment to read
the shebang and find the interpreter, which can cause failures in
Windows.
The check `if( *p + n > end )` in `ssl_parse_client_psk_identity` is
unsafe because `*p + n` might overflow, thus bypassing the check. As
`n` is a user-specified value up to 65K, this is relevant if the
library happens to be located in the last 65K of virtual memory.
This commit replaces the check by a safe version.
The previous version of `ssl_safer_memcmp` did not qualify the
pointers to the arrays to be compared as volatile, theoretically
opening the possibility for the compiler to notice that the loop
operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This
commit changes this. It also declares the stack variable `diff` as
volatile, to force read and write in every loop; omitting that, the
compiler would still be allowed to get away with reading `A[i]` and
`B[i]` but not doing the XOR and not updating `diff`.
* restricted/iotssl-1398_backport-1.3:
Add ChangeLog entry
Ensure application data records are not kept when fully processed
Add hard assertion to ssl_read_record
Fix mbedtls_ssl_read
Simplify retaining of messages for future processing
In mbed TLS 1.3 a check went missing disabling the use of extensions
in SERVER_HELLO for SSLv3, causing the "SSLv3 with extensions" test
case from ssl-opt.sh to fail. This commit fixes that and adds a dump
of all extensions present in the client hello that the same test case
also checks for.
This commit fixes the following case: If a client is both expecting a
SERVER_HELLO and has an application data record that's partially
processed in flight (that's the situation the client gets into after
receiving a ServerHelloRequest followed by ApplicationData), a
subsequent call to ssl_read will set keep_current_message = 1
when seeing the unexpected application data, but not reset it to 0
after the application data has been processed. This commit fixes this.
