mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-02 14:54:16 +01:00

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	6ad4f65780	Add test case for root with max_pathlen=0 This was already working but not tested so far (Test case from previous commit still failing.) Test certificates generated with: programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \ issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \ selfsign=1 max_pathlen=0 programs/x509/cert_write serial=92 output_file=cert92.crt \ issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \ subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK" mv cert9?.crt tests/data_files/dir4 rm cert9?.key	2015-11-19 12:02:29 +01:00
Manuel Pégourié-Gonnard	c058074836	Add test case for first intermediate max_pathlen=0 !!! This test case is currently failing !!! (See fix in next-next commit.) Test certificates generated with the following script: programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \ issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \ selfsign=1 programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \ issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \ subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \ max_pathlen=0 programs/x509/cert_write serial=83 output_file=cert83.crt \ issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \ subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK" mv cert8?.crt tests/data_files/dir4 rm cert8?.key	2015-11-19 12:01:11 +01:00
Simon Butcher	1f4e08c979	Changed version number to 1.3.15 Changed for library	2015-11-05 15:44:46 +00:00
Simon Butcher	34fc23fa6a	Corrected typo in ChangeLog	2015-11-03 23:14:16 +00:00
Manuel Pégourié-Gonnard	edb2327609	Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted * mbedtls-1.3: Use own implementation of strsep() Add Changelog entries for this branch Use symbolic constants in test data Fixed pathlen contraint enforcement. Additional corner cases for testing pathlen constrains. Just in case. Added test case for pathlen constrains in intermediate certificates	2015-11-02 06:57:30 +09:00
Manuel Pégourié-Gonnard	28e1ac5cab	Use own implementation of strsep() Not available on windows, and strtok() is not a good option	2015-11-02 06:50:46 +09:00
Manuel Pégourié-Gonnard	f23d6c56a4	Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted * mbedtls-1.3: Add ChangeLog entry for previous commit cert_write : fix "Destination buffer is too small" error Add ChangeLog entry for previous two commits Test certificate "Server1 SHA1, key_usage" reissued. Fix boolean values according to DER specs Fix typo in an OID name Disable reportedly broken assembly of Sparc(64) ECHDE-PSK does not use a certificate Actually ignore most non-fatal alerts	2015-10-30 10:17:05 +01:00
Manuel Pégourié-Gonnard	54150a36d1	Add Changelog entries for this branch	2015-10-30 09:45:00 +01:00
Manuel Pégourié-Gonnard	1da232df97	Use symbolic constants in test data	2015-10-30 09:39:42 +01:00
Janos Follath	92ac059b57	Fixed pathlen contraint enforcement.	2015-10-29 12:49:40 +01:00
Janos Follath	3d98a7eee3	Additional corner cases for testing pathlen constrains. Just in case. backport of `ef4f258`	2015-10-28 18:20:43 +01:00
Janos Follath	189c743d3e	Added test case for pathlen constrains in intermediate certificates backport of `822b2c3`	2015-10-28 18:15:48 +01:00
Manuel Pégourié-Gonnard	664b751572	Add ChangeLog entry for previous commit	2015-10-27 15:12:39 +01:00
Jonathan Leroy	2744df4f7a	cert_write : fix "Destination buffer is too small" error This commit fixes the `Destination buffer is too small` error returned by `mbedtls_cert_write` command when the values of `subject_name` or `issuer_name` parameters exceed 128 characters. I have increased the size of these varaibles from 128 to 256 characters, but I don't know if it's the best way to solve this issue... Fixes #315.	2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard	96e75ac97c	Add ChangeLog entry for previous two commits	2015-10-27 15:12:39 +01:00
Jonathan Leroy	094788ed7d	Test certificate "Server1 SHA1, key_usage" reissued.	2015-10-27 15:12:39 +01:00
Jonathan Leroy	b76e43651e	Fix boolean values according to DER specs In BER encoding, any boolean with a non-zero value is considered as TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE. This commit makes `mbedtls_asn1_write_bool` function uses `255` instead of `1` for BOOLEAN values. With this fix, boolean values are now reconized by OS X keychain (tested on OS X 10.11). Fixes #318.	2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard	c4baf98ce6	Fix typo in an OID name fixes #314	2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard	7bbabeae8f	Disable reportedly broken assembly of Sparc(64) fixes #292	2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard	c094a97223	ECHDE-PSK does not use a certificate fixes #270	2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard	0aaefcebc0	Actually ignore most non-fatal alerts fixes #308	2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard	5ca3640fa7	Fix other int casts in bounds checking Not a security issue as here we know the buffer is large enough (unless something else if badly wrong in the code), and the value cast to int is less than 2^16 (again, unless issues elsewhere). Still changing to a more correct check as a matter of principle backport of `bc5e508`	2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard	8abc22dde5	Fix other occurrences of same bounds check issue Security impact is the same: not triggerrable remotely except in very specific use cases backport of `4dc9b39`	2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard	758f490c90	Fix potential buffer overflow in asn1write Ref: IOTSSL-519 backport of `22c3b7b`	2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard	215a14bf29	Fix potential heap corruption on Windows If len is large enough, when cast to an int it will be negative and then the test if( len > MAX_PATH - 3 ) will not behave as expected. Ref: IOTSSL-518 backport of `261faed725`	2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard	9c52176776	Fix potential double-free in ssl_set_psk() Internal ref: IOTSSL-517	2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard	ad9c68ab21	Fix typo in documenation	2015-10-20 09:38:10 +02:00
Simon Butcher	9b52b804c7	Corrected misleading fn description in ssl_cache.h Mistake in comments spotted by Andris Mednis	2015-10-19 19:35:04 +01:00
Manuel Pégourié-Gonnard	f093bde91e	Bump version to 1.3.14	2015-10-05 19:06:46 +01:00
Manuel Pégourié-Gonnard	c5934272fc	Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted * mbedtls-1.3: Fix spurious #endif from previous cherry-pick Fix macroization of inline in C++ Add missing warning in doc Fix compile error in net.c with musl libc	2015-10-05 17:06:24 +01:00
Simon Butcher	36abef4c5c	Merge multiple backported vulnerability fixes	2015-10-05 16:44:59 +01:00
Manuel Pégourié-Gonnard	fa647a75a1	Fix references to non-standard SIZE_T_MAX Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.	2015-10-05 15:29:48 +01:00
Manuel Pégourié-Gonnard	cf1db3cf1c	Fix spurious #endif from previous cherry-pick	2015-10-05 14:57:01 +01:00
Manuel Pégourié-Gonnard	20607bb0fa	Fix macroization of inline in C++ When compiling as C++, MSVC complains about our macroization of a keyword. Stop doing that as we know inline is always available in C++	2015-10-05 14:28:17 +01:00
Manuel Pégourié-Gonnard	ded3ae500b	Add missing warning in doc Found by Nicholas Wilson fixes #288	2015-10-05 14:18:16 +01:00
Manuel Pégourié-Gonnard	614624790d	Fix compile error in net.c with musl libc fixes #278	2015-10-05 14:15:46 +01:00
Manuel Pégourié-Gonnard	de9c8a5734	Fix potential overflow in CertificateRequest	2015-10-02 12:04:20 +02:00
Manuel Pégourié-Gonnard	f3e6e4badb	Add extra check before integer conversion end < p should never happen, but just be extra sure	2015-10-02 09:53:52 +02:00
Manuel Pégourié-Gonnard	c7e61a2e3f	Fix more typos in ChangeLog	2015-10-01 18:22:54 +02:00
Manuel Pégourié-Gonnard	6d6018383e	Fix typos in ChangeLog and comments	2015-10-01 18:20:55 +02:00
Manuel Pégourié-Gonnard	48ec2c7b5e	Fix potential overflow in base64_encode	2015-10-01 10:07:28 +02:00
Manuel Pégourié-Gonnard	5aff029f9d	Fix potential double-free in ssl_set_psk()	2015-10-01 09:58:50 +02:00
Simon Butcher	643a922c56	Reordered extension fields and added to ChangeLog Reordered the transmission sequence of TLS extension fields in client hello and added to ChangeLog.	2015-10-01 01:17:10 +01:00
Simon Butcher	b1e325d6b2	Added bounds checking for TLS extensions IOTSSL-478 - Added checks to prevent buffer overflows.	2015-10-01 00:24:36 +01:00
Manuel Pégourié-Gonnard	9bf29bee22	Fix potential random malloc in pem_read()	2015-09-30 17:01:35 +02:00
Manuel Pégourié-Gonnard	59efb6a1b9	Fix potential buffer overflow in mpi_read_string() Found by Guido Vranken. Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB()) could result in far too few memory to be allocated, then overflowing the buffer in the subsequent for loop. Both integer overflows happen when slen is close to or greater than SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system). Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with respect to future code changes.	2015-09-30 16:50:31 +02:00
Manuel Pégourié-Gonnard	7b4b2ac378	Fix stack buffer overflow in pkcs12	2015-09-30 16:46:07 +02:00
Simon Butcher	c988f32add	Added max length checking of hostname	2015-09-29 23:27:20 +01:00
Simon Butcher	21823f9a69	Refined credits in ChangeLog for fuzzing issue Changed GDS to Gotham Digital Science	2015-09-22 10:20:58 +01:00
Manuel Pégourié-Gonnard	df048c59cf	Bump version to 1.3.13	2015-09-17 11:53:14 +02:00

... 6 7 8 9 10 ...

3472 Commits