Commit Graph

6656 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
0bdb050b2d x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:00:55 +01:00
Krzysztof Stachowiak
7fa1ae70c8 Add Changelog entry 2018-03-14 11:57:37 +01:00
Krzysztof Stachowiak
00bbf572af Update change log 2018-03-14 11:14:13 +01:00
Manuel Pégourié-Gonnard
fd3e4fbae7 x509: CRL: reject unsupported critical extensions 2018-03-14 09:15:02 +01:00
Gilles Peskine
5f1932817c Merge remote-tracking branch 'upstream-restricted/pr/398' into development-restricted-proposed 2018-03-13 17:18:06 +01:00
Gilles Peskine
553a06f08a Merge remote-tracking branch 'upstream-restricted/pr/351' into development-restricted-proposed
Move the added ChangeLog entry to the bottom so that the list remains
in merge order.
2018-03-13 17:15:34 +01:00
Hanno Becker
b6f880b63b Revert whitespace change to ease merging 2018-03-13 12:48:50 +00:00
Manuel Pégourié-Gonnard
1ba8a3fc55 Yet another dependency issue (PKCS1_V15)
Found by running:

CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl

(Also tested with same command but CC=gcc)

Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:42:38 +01:00
Andrzej Kurek
ccbd8a4bbb Add a missing bracket in ifdef for __cplusplus 2018-03-13 07:52:09 -04:00
Hanno Becker
bc6c110139 Add test to ssl-opt.sh demonstrating the need for ssl_check_pending 2018-03-13 11:48:32 +00:00
Hanno Becker
ddc3ebbc3f Exemplify use of mbedtls_ssl_check_pending in ssl_server2.c 2018-03-13 11:48:32 +00:00
Hanno Becker
6a33f59f76 Add tests for event-driven I/O in DTLS to ssl-opt.sh 2018-03-13 11:48:29 +00:00
Hanno Becker
62dcbaf567 Improve crediting in ChangeLog 2018-03-13 10:54:43 +00:00
Krzysztof Stachowiak
5224a7544c Prevent arithmetic overflow on bounds check 2018-03-13 11:31:38 +01:00
Krzysztof Stachowiak
740b218386 Add bounds check before length read 2018-03-13 11:31:14 +01:00
Krzysztof Stachowiak
027f84c69f Prevent arithmetic overflow on bounds check 2018-03-13 11:29:24 +01:00
Krzysztof Stachowiak
a1098f81c2 Add bounds check before signature length read 2018-03-13 11:28:49 +01:00
Darryl Green
127c5affce Add copyright to abi_check script 2018-03-13 09:17:23 +00:00
Gilles Peskine
f3ada4adb0 Merge branch 'pr_679' into development-proposed 2018-03-13 00:13:29 +01:00
Gilles Peskine
6dc4a31988 Add ChangeLog entry. Fixes #678 2018-03-13 00:13:06 +01:00
Gilles Peskine
13678d251f Merge remote-tracking branch 'upstream-public/pr/922' into development-proposed 2018-03-13 00:10:07 +01:00
Gilles Peskine
d5f7d24e84 Merge branch 'pr_1064' into development-proposed 2018-03-13 00:08:05 +01:00
Gilles Peskine
3ff4a074af Fix ChangeLog style. Fix #918 2018-03-13 00:06:19 +01:00
Gilles Peskine
a31d8206b1 Merge remote-tracking branch 'upstream-public/pr/778' into development-proposed 2018-03-12 23:45:08 +01:00
Gilles Peskine
69845ed00d Merge remote-tracking branch 'upstream-public/pr/1241' into development-proposed 2018-03-12 23:43:30 +01:00
Manuel Pégourié-Gonnard
88a8dcb38e Fix remaining issues found by depend-hashes 2018-03-12 15:49:35 +01:00
Manuel Pégourié-Gonnard
147b28ec3f Fix remaining issues found by depend-pkalgs 2018-03-12 15:26:59 +01:00
Gilles Peskine
b21a085bae Show build modes in code font
This clarifies that it's the string to type and not just some
description of it.
2018-03-12 13:12:34 +01:00
Gilles Peskine
469b882947 Merge branch 'pr_1407' into development-proposed 2018-03-11 00:45:10 +01:00
Gilles Peskine
754768262b Merge remote-tracking branch 'upstream-public/pr/1249' into development-proposed 2018-03-11 00:45:10 +01:00
Gilles Peskine
19c3862d0c Merge remote-tracking branch 'upstream-public/pr/1079' into development-proposed 2018-03-11 00:45:10 +01:00
Gilles Peskine
34ba06fac8 Merge remote-tracking branch 'upstream-public/pr/1012' into development-proposed 2018-03-11 00:45:09 +01:00
Gilles Peskine
b4c571e603 Merge remote-tracking branch 'upstream-public/pr/1296' into HEAD 2018-03-11 00:44:14 +01:00
Gilles Peskine
3f1b89d251 This fixes #664 2018-03-11 00:35:39 +01:00
Gilles Peskine
08af538ec9 Fix grammar in ChangeLog entry 2018-03-11 00:20:08 +01:00
Gilles Peskine
29d7d4da2f Merge remote-tracking branch 'upstream-public/pr/936' into development-proposed 2018-03-10 23:51:58 +01:00
Gilles Peskine
9c4f4038dd Add changelog entry 2018-03-10 23:36:30 +01:00
Darryl Green
7c2dd5890f Add script for ABI compatibility checking 2018-03-09 17:33:32 +00:00
Brendan Shanks
e61514d70d benchmark: Fix incompatibility with C89 compilers
Initializing arrays using non-constant expressions is not permitted in
C89, and was causing errors when compiling with Metrowerks CodeWarrior
(for classic MacOS) in C89 mode. Clang also produces a warning when
compiling with '-Wc99-extensions':

test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
                                         ^~~~~~~~~~
test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
                                         ^~~~~~~~~~

Declaring the arrays as 'static' makes them constant expressions.

fixes #1353
2018-03-08 17:41:40 -08:00
Gilles Peskine
1ed45ea36b Refer to X.690 by number
It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
2018-03-08 18:19:17 +01:00
Hanno Becker
6f486a6fb5 Fix merge error 2018-03-08 13:31:44 +00:00
Hanno Becker
e494e20f0c Move and reword deprecation warning/error on compression support 2018-03-08 13:26:12 +00:00
Manuel Pégourié-Gonnard
e57d7438b0 Improve documentation of some internal functions 2018-03-07 10:00:57 +01:00
Sanne Wouda
22797fcc57 Remove redundant dependency 2018-03-06 23:35:14 +01:00
Sanne Wouda
bb50113123 Rename test and update dependencies 2018-03-06 23:35:14 +01:00
Sanne Wouda
cf79312a6d Update changelog entry 2018-03-06 23:31:52 +01:00
Sanne Wouda
52895b2b2e Add Changelog entry 2018-03-06 23:31:52 +01:00
Sanne Wouda
90da97d587 Add test case found through fuzzing to pkparse test suite 2018-03-06 23:31:12 +01:00
Sanne Wouda
7b2e85dd7c Use both applicable error codes and a proper coding style 2018-03-06 23:28:46 +01:00
Sanne Wouda
b2b29d5259 Add end-of-buffer check to prevent heap-buffer-overflow
Dereference of *p should not happen when it points past the end of the
buffer.

Internal reference: IOTSSL-1663
2018-03-06 23:28:46 +01:00