Commit Graph

6114 Commits

Author SHA1 Message Date
Andrzej Kurek
350e4dc6df pk_sign: adjust return values 2018-04-03 04:04:36 -04:00
Andrzej Kurek
d959492797 pk_sign: fix overriding and ignoring return values 2018-03-26 04:13:24 -04:00
Gilles Peskine
69d1b293fc Merge remote-tracking branch 'myfork/pr_1073' into mbedtls-2.7-proposed 2018-03-22 21:53:22 +01:00
Gilles Peskine
d675986506 Merge remote-tracking branch 'upstream-public/pr/1256' into mbedtls-2.7-proposed 2018-03-22 21:52:01 +01:00
Gilles Peskine
8980da5caf Merge remote-tracking branch 'myfork/pr_726' into mbedtls-2.7-proposed 2018-03-22 21:49:43 +01:00
Gilles Peskine
88c6df1ce8 Add ChangeLog entry 2018-03-22 21:48:28 +01:00
Gilles Peskine
48115740da Merge remote-tracking branch 'upstream-public/pr/1442' into mbedtls-2.7-proposed 2018-03-22 21:30:19 +01:00
Gilles Peskine
9b9cc616ca Add ChangeLog entry 2018-03-22 17:03:45 +01:00
Jaeden Amero
9ae1fba869 Update version to 2.7.2 2018-03-16 16:30:17 +00:00
Jaeden Amero
c9908f010a Merge remote-tracking branch 'upstream-public/pr/1064' into mbedtls-2.7-restricted-proposed 2018-03-15 14:58:24 +00:00
Jaeden Amero
e0b1a73c56 Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:47 +00:00
Jaeden Amero
73923e1575 Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:22 +00:00
Jaeden Amero
8a032e6051 Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed 2018-03-15 14:35:47 +00:00
Jaeden Amero
32ae73b289 Merge remote-tracking branch 'upstream-public/pr/1448' into mbedtls-2.7-proposed 2018-03-15 14:33:29 +00:00
Jaeden Amero
100273ddfb Merge remote-tracking branch 'upstream-public/pr/1449' into mbedtls-2.7-proposed 2018-03-15 14:32:54 +00:00
Jaeden Amero
e1c916ca5e Merge remote-tracking branch 'upstream-public/pr/1451' into mbedtls-2.7-proposed 2018-03-15 08:34:33 +00:00
Manuel Pégourié-Gonnard
c3901d4cd3 fixup previous commit: add forgotten file 2018-03-14 14:10:19 +01:00
Manuel Pégourié-Gonnard
dae3fc3fe0 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:46:54 +01:00
Manuel Pégourié-Gonnard
282159c318 x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:46:53 +01:00
Krzysztof Stachowiak
4e0141fc00 Update change log 2018-03-14 11:43:00 +01:00
Krzysztof Stachowiak
b5609f3ca5 Prevent arithmetic overflow on bould check 2018-03-14 11:41:47 +01:00
Krzysztof Stachowiak
b3e8f9e2e6 Add bounds check before signature 2018-03-14 11:40:55 +01:00
Krzysztof Stachowiak
bcb8149510 Update change log 2018-03-14 11:23:34 +01:00
Krzysztof Stachowiak
8e0b1166b6 Prevent arithmetic overflow on bounds check 2018-03-14 11:21:35 +01:00
Krzysztof Stachowiak
9e1839bc43 Add bounds check before length read 2018-03-14 11:20:46 +01:00
Manuel Pégourié-Gonnard
5a9f46e57c x509: CRL: reject unsupported critical extensions 2018-03-14 09:24:12 +01:00
Jaeden Amero
1a6ddb4382 Merge branch 'mbedtls-2.7' into mbedtls-2.7-restricted 2018-03-13 17:28:20 +00:00
Gilles Peskine
6013004fa9 Note in the changelog that this fixes an interoperability issue.
Fixes #1339
2018-03-13 17:27:53 +00:00
Gilles Peskine
64540d9577 Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:46 +01:00
Gilles Peskine
955d70459d Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:33 +01:00
Andrzej Kurek
f21eaa1502 Add a missing bracket in ifdef for __cplusplus 2018-03-13 08:17:28 -04:00
Gilles Peskine
427ff4836c Merge remote-tracking branch 'upstream-public/pr/1219' into mbedtls-2.7-proposed 2018-03-12 23:52:24 +01:00
Gilles Peskine
c5671bdcf4 Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed 2018-03-12 23:44:56 +01:00
Gilles Peskine
4668d8359c Merge remote-tracking branch 'upstream-public/pr/1241' into mbedtls-2.7-proposed 2018-03-12 23:42:46 +01:00
Gilles Peskine
b21a085bae Show build modes in code font
This clarifies that it's the string to type and not just some
description of it.
2018-03-12 13:12:34 +01:00
Gilles Peskine
8eda5ec8b4 Merge branch 'pr_1408' into mbedtls-2.7-proposed 2018-03-11 00:48:18 +01:00
Gilles Peskine
4848b97bc7 Merge remote-tracking branch 'upstream-public/pr/1249' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Gilles Peskine
dd7f5b9a37 Merge remote-tracking branch 'upstream-public/pr/1079' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Gilles Peskine
7b7c64424f Merge remote-tracking branch 'upstream-public/pr/1012' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Gilles Peskine
158fc33368 Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD 2018-03-11 00:47:54 +01:00
Gilles Peskine
3f1b89d251 This fixes #664 2018-03-11 00:35:39 +01:00
Gilles Peskine
0ee482c82c Fix grammar in ChangeLog entry 2018-03-11 00:18:50 +01:00
Gilles Peskine
c0826f1625 Merge remote-tracking branch 'upstream-public/pr/936' into mbedtls-2.7-proposed 2018-03-10 23:48:10 +01:00
Gilles Peskine
9c4f4038dd Add changelog entry 2018-03-10 23:36:30 +01:00
Hanno Becker
930ec7dfe5 Minor fixes 2018-03-09 10:48:12 +00:00
Hanno Becker
26f1f6061d Improve documentation on the use of blinding in RSA 2018-03-09 10:47:30 +00:00
Hanno Becker
e856e84de3 Don't enable RSA_NO_CRT in config.pl full 2018-03-09 10:47:01 +00:00
Hanno Becker
70e66395b5 Adapt ChangeLog 2018-03-09 10:46:43 +00:00
Hanno Becker
69d45cce5d Add a run with RSA_NO_CRT to all.sh 2018-03-09 10:46:23 +00:00
Hanno Becker
a5fa07958e Verify the result of RSA private key operations
If RSA-CRT is used for signing, and if an attacker can cause a glitch
in one of the two computations modulo P or Q, the difference between
the faulty and the correct signature (which is not secret) will be
divisible by P or Q, but not by both, allowing to recover the private
key by taking the GCD with the public RSA modulus N. This is known as
the Bellcore Glitch Attack. Verifying the RSA signature before handing
it out is a countermeasure against it.
2018-03-09 10:42:23 +00:00