Commit Graph

2633 Commits

Author SHA1 Message Date
Ron Eldor
b847d8f2a9 Add ecc extensions only if ecc ciphersuite is used
Fix compliancy to RFC4492. ECC extensions should be included
only if ec ciphersuites are used. Interoperability issue with
bouncy castle. #1157
2018-06-28 16:07:22 +03:00
Simon Butcher
b1c796ec48 Merge remote-tracking branch 'public/pr/1769' into mbedtls-2.1 2018-06-22 15:05:34 +01:00
Philippe Antoine
2c3c18039b Fix memory leak in mbedtls_x509_csr_parse 2018-06-22 12:19:33 +01:00
Andres Amaya Garcia
b999a73eb4 Document ssl_write_real() behaviour in detail 2018-06-21 19:37:27 +01:00
Simon Butcher
6fc9ceece3 Change the library version to 2.1.13 2018-06-18 14:49:02 +01:00
Simon Butcher
0a715b1587 Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1 2018-06-17 18:02:57 +01:00
Simon Butcher
fd436b34eb Merge remote-tracking branch 'public/pr/1673' into mbedtls-2.1 2018-06-17 18:02:21 +01:00
Simon Butcher
577d39b930 Compilation warning fixes on 32b platfrom with IAR
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683

This is based on work by Ron Eldor in PR #750.
2018-06-14 09:10:23 +01:00
Andres Amaya Garcia
b5c87012ec Initialise pointers to avoid IAR compiler warnings 2018-06-14 08:48:49 +01:00
Azim Khan
c57d0e5ed5 Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-06-14 08:48:49 +01:00
Fabio Alessandrelli
789096a71d Only redefine _WIN32_WINNT macro when < 0x0501 2018-06-08 16:26:53 +01:00
Gilles Peskine
8ba12295f8 Fix MSan build without MBEDTLS_TIMING_C
When MBEDTLS_TIMING_C was not defined in config.h, but the MemSan
memory sanitizer was activated, entropy_poll.c used memset without
declaring it. Fix this by including string.h unconditionally.
2018-06-01 18:38:53 +02:00
Simon Butcher
a8002f8f39 Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1 2018-05-23 17:58:10 +01:00
Simon Butcher
e64bf3968e Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1 2018-05-23 17:53:23 +01:00
Andres AG
879e62697e Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2018-05-11 16:38:38 +01:00
Jaeden Amero
6c0fba4350 Update version to 2.1.12 2018-04-27 13:13:54 +01:00
Jaeden Amero
4faad41346 Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed
Remove trailing whitespace from ChangeLog.
2018-04-26 11:09:15 +01:00
Jaeden Amero
32f5cc6dd4 ssl_cli: Fix all.sh test failure for ECJPAKE typo
When the "same ciphersuite validation" was backported to 2.1, we
introduced the use of irrelevant defines in ssl_cli.c. all.sh catches
these as "Likely typos". Remove the code for ECJPAKE, a feature that doesn't exist in 2.1, from ssl_cli to fix this test failure.

    ******************************************************************
    * test/build: declared and exported names
    * Thu Apr 26 08:23:19 UTC 2018
    ******************************************************************
    1175 macros
         143 enum-consts
    942 identifiers
    771 exported-symbols
    Exported symbols declared in header: PASS
    Names of actual-macros: PASS
    Names of enum-consts: PASS
    Names of identifiers: PASS
    Likely typos: FAIL
    MBEDTLS_KEY_EXCHANGE_ECJPAKE
    MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
    FAILED
2018-04-26 10:43:28 +01:00
Jaeden Amero
7db991d56a Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
Resolve conflicts in ChangeLog
2018-04-26 09:03:14 +01:00
Andrzej Kurek
302be2fce4 Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:29:32 -04:00
Andrzej Kurek
078014aebe Change variable bytes_written to header_bytes in record decompression
The name is changed to better reflect the input, decompression case
2018-04-24 06:33:49 -04:00
Andrzej Kurek
bb6661479f ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-23 08:29:36 -04:00
Mohammad Azim Khan
3f1d5cb324 Same ciphersuite validation in server and client hello 2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard
1e2f4da801 Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed
* restricted/pr/469:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Adjust 2.1 specific code to match the buffer verification tests
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:22:24 +02:00
Darryl Green
ce52b58da0 Fix braces in mbedtls_memory_buffer_alloc_status() 2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak
28485d0a01 Improve comments style 2018-04-10 13:36:43 +02:00
Krzysztof Stachowiak
99fb6e9461 Remove a redundant test 2018-04-10 13:36:00 +02:00
Krzysztof Stachowiak
57e1a9fdfc Add buffer size check before cert_type_len read 2018-04-10 13:35:09 +02:00
Krzysztof Stachowiak
0ac812f5ce Adjust 2.1 specific code to match the buffer verification tests 2018-04-05 08:50:20 +02:00
Krzysztof Stachowiak
444678ea8b Add a missing buffer size check 2018-04-04 15:41:07 +02:00
Krzysztof Stachowiak
f8ba5cf8e9 Correct buffer size check
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-04-04 14:36:20 +02:00
Jaeden Amero
ac9939c096 Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed 2018-04-03 18:27:18 +01:00
Jaeden Amero
ee6c822076 Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed 2018-04-03 12:07:19 +01:00
Jaeden Amero
b40dae5c21 Merge remote-tracking branch 'upstream-public/pr/1546' into mbedtls-2.1-proposed 2018-04-03 12:03:12 +01:00
mohammad1603
ad2908c9d6 Fix compatibility problem in the printed message
Replace %zu with %lu and add cast for the printed value.
2018-04-02 07:30:32 -07:00
Gilles Peskine
225684015d Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed 2018-04-01 12:41:33 +02:00
Gilles Peskine
911a432704 Update error.c 2018-03-30 18:51:31 +02:00
Gilles Peskine
1198e6329f Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:51:14 +02:00
Andrzej Kurek
944adb9f4f return plaintext data faster on unpadded decryption 2018-03-30 04:58:13 -04:00
Jaeden Amero
82e288adb6 Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed 2018-03-29 10:59:43 +01:00
mohammad1603
f72e51f2b8 Check whether INT_MAX larger than SIZE_MAX scenario
Check whether INT_MAX larger than SIZE_MAX scenario
2018-03-28 23:44:39 -07:00
Jaeden Amero
616485854e Merge remote-tracking branch 'upstream-public/pr/1469' into mbedtls-2.1-proposed 2018-03-28 15:36:01 +01:00
Jaeden Amero
478baecc06 Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed 2018-03-28 15:34:25 +01:00
Jaeden Amero
8b4cd26eaf Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed 2018-03-28 13:44:28 +01:00
Andres Amaya Garcia
624b557e56 Fix coding style in pkcs5.c preprocessor directives 2018-03-27 21:33:05 +01:00
Marcos Del Sol Vives
a3ee13d199 Compile PBES2 in PKCS5 only if ASN1 is enabled 2018-03-27 21:33:02 +01:00
Andres Amaya Garcia
b3ac0ff722 Allow overriding ar param prefix in library/Makefile 2018-03-26 00:12:55 +01:00
Andres Amaya Garcia
23e520143d Make DLEXT var configurable in library/Makefile 2018-03-26 00:12:53 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00