Andrzej Kurek
350e4dc6df
pk_sign: adjust return values
2018-04-03 04:04:36 -04:00
Andrzej Kurek
d959492797
pk_sign: fix overriding and ignoring return values
2018-03-26 04:13:24 -04:00
Gilles Peskine
69d1b293fc
Merge remote-tracking branch 'myfork/pr_1073' into mbedtls-2.7-proposed
2018-03-22 21:53:22 +01:00
Gilles Peskine
d675986506
Merge remote-tracking branch 'upstream-public/pr/1256' into mbedtls-2.7-proposed
2018-03-22 21:52:01 +01:00
Gilles Peskine
8980da5caf
Merge remote-tracking branch 'myfork/pr_726' into mbedtls-2.7-proposed
2018-03-22 21:49:43 +01:00
Gilles Peskine
88c6df1ce8
Add ChangeLog entry
2018-03-22 21:48:28 +01:00
Gilles Peskine
48115740da
Merge remote-tracking branch 'upstream-public/pr/1442' into mbedtls-2.7-proposed
2018-03-22 21:30:19 +01:00
Gilles Peskine
9b9cc616ca
Add ChangeLog entry
2018-03-22 17:03:45 +01:00
Jaeden Amero
9ae1fba869
Update version to 2.7.2
2018-03-16 16:30:17 +00:00
Jaeden Amero
c9908f010a
Merge remote-tracking branch 'upstream-public/pr/1064' into mbedtls-2.7-restricted-proposed
2018-03-15 14:58:24 +00:00
Jaeden Amero
e0b1a73c56
Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed
2018-03-15 14:36:47 +00:00
Jaeden Amero
73923e1575
Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed
2018-03-15 14:36:22 +00:00
Jaeden Amero
8a032e6051
Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
2018-03-15 14:35:47 +00:00
Jaeden Amero
32ae73b289
Merge remote-tracking branch 'upstream-public/pr/1448' into mbedtls-2.7-proposed
2018-03-15 14:33:29 +00:00
Jaeden Amero
100273ddfb
Merge remote-tracking branch 'upstream-public/pr/1449' into mbedtls-2.7-proposed
2018-03-15 14:32:54 +00:00
Jaeden Amero
e1c916ca5e
Merge remote-tracking branch 'upstream-public/pr/1451' into mbedtls-2.7-proposed
2018-03-15 08:34:33 +00:00
Manuel Pégourié-Gonnard
c3901d4cd3
fixup previous commit: add forgotten file
2018-03-14 14:10:19 +01:00
Manuel Pégourié-Gonnard
dae3fc3fe0
x509: CRL: add tests for non-critical extension
...
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:46:54 +01:00
Manuel Pégourié-Gonnard
282159c318
x509: CRL: add tests for malformed extensions
...
This covers all lines added in the previous commit. Coverage was tested using:
make CFLAGS='--coverage -g3 -O0'
(cd tests && ./test_suite_x509parse)
make lcov
firefox Coverage/index.html # then visual check
Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:46:53 +01:00
Krzysztof Stachowiak
4e0141fc00
Update change log
2018-03-14 11:43:00 +01:00
Krzysztof Stachowiak
b5609f3ca5
Prevent arithmetic overflow on bould check
2018-03-14 11:41:47 +01:00
Krzysztof Stachowiak
b3e8f9e2e6
Add bounds check before signature
2018-03-14 11:40:55 +01:00
Krzysztof Stachowiak
bcb8149510
Update change log
2018-03-14 11:23:34 +01:00
Krzysztof Stachowiak
8e0b1166b6
Prevent arithmetic overflow on bounds check
2018-03-14 11:21:35 +01:00
Krzysztof Stachowiak
9e1839bc43
Add bounds check before length read
2018-03-14 11:20:46 +01:00
Manuel Pégourié-Gonnard
5a9f46e57c
x509: CRL: reject unsupported critical extensions
2018-03-14 09:24:12 +01:00
Jaeden Amero
1a6ddb4382
Merge branch 'mbedtls-2.7' into mbedtls-2.7-restricted
2018-03-13 17:28:20 +00:00
Gilles Peskine
6013004fa9
Note in the changelog that this fixes an interoperability issue.
...
Fixes #1339
2018-03-13 17:27:53 +00:00
Gilles Peskine
64540d9577
Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed
2018-03-13 17:24:46 +01:00
Gilles Peskine
955d70459d
Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed
2018-03-13 17:24:33 +01:00
Andrzej Kurek
f21eaa1502
Add a missing bracket in ifdef for __cplusplus
2018-03-13 08:17:28 -04:00
Gilles Peskine
427ff4836c
Merge remote-tracking branch 'upstream-public/pr/1219' into mbedtls-2.7-proposed
2018-03-12 23:52:24 +01:00
Gilles Peskine
c5671bdcf4
Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed
2018-03-12 23:44:56 +01:00
Gilles Peskine
4668d8359c
Merge remote-tracking branch 'upstream-public/pr/1241' into mbedtls-2.7-proposed
2018-03-12 23:42:46 +01:00
Gilles Peskine
b21a085bae
Show build modes in code font
...
This clarifies that it's the string to type and not just some
description of it.
2018-03-12 13:12:34 +01:00
Gilles Peskine
8eda5ec8b4
Merge branch 'pr_1408' into mbedtls-2.7-proposed
2018-03-11 00:48:18 +01:00
Gilles Peskine
4848b97bc7
Merge remote-tracking branch 'upstream-public/pr/1249' into mbedtls-2.7-proposed
2018-03-11 00:48:17 +01:00
Gilles Peskine
dd7f5b9a37
Merge remote-tracking branch 'upstream-public/pr/1079' into mbedtls-2.7-proposed
2018-03-11 00:48:17 +01:00
Gilles Peskine
7b7c64424f
Merge remote-tracking branch 'upstream-public/pr/1012' into mbedtls-2.7-proposed
2018-03-11 00:48:17 +01:00
Gilles Peskine
158fc33368
Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD
2018-03-11 00:47:54 +01:00
Gilles Peskine
3f1b89d251
This fixes #664
2018-03-11 00:35:39 +01:00
Gilles Peskine
0ee482c82c
Fix grammar in ChangeLog entry
2018-03-11 00:18:50 +01:00
Gilles Peskine
c0826f1625
Merge remote-tracking branch 'upstream-public/pr/936' into mbedtls-2.7-proposed
2018-03-10 23:48:10 +01:00
Gilles Peskine
9c4f4038dd
Add changelog entry
2018-03-10 23:36:30 +01:00
Hanno Becker
930ec7dfe5
Minor fixes
2018-03-09 10:48:12 +00:00
Hanno Becker
26f1f6061d
Improve documentation on the use of blinding in RSA
2018-03-09 10:47:30 +00:00
Hanno Becker
e856e84de3
Don't enable RSA_NO_CRT in config.pl full
2018-03-09 10:47:01 +00:00
Hanno Becker
70e66395b5
Adapt ChangeLog
2018-03-09 10:46:43 +00:00
Hanno Becker
69d45cce5d
Add a run with RSA_NO_CRT to all.sh
2018-03-09 10:46:23 +00:00
Hanno Becker
a5fa07958e
Verify the result of RSA private key operations
...
If RSA-CRT is used for signing, and if an attacker can cause a glitch
in one of the two computations modulo P or Q, the difference between
the faulty and the correct signature (which is not secret) will be
divisible by P or Q, but not by both, allowing to recover the private
key by taking the GCD with the public RSA modulus N. This is known as
the Bellcore Glitch Attack. Verifying the RSA signature before handing
it out is a countermeasure against it.
2018-03-09 10:42:23 +00:00