Commit Graph

4932 Commits

Author SHA1 Message Date
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
mohammad1603
cee0890b19 Verify that f_send and f_recv send and receive the expected length
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
2018-03-22 15:01:02 -07:00
Andres Amaya Garcia
387ff07157 Make matching more robbust in generate_errors.pl 2018-03-22 15:46:22 +01:00
Andres Amaya Garcia
8936ffe66a Ensure that only .h files are parsed in generate_errors.pl 2018-03-22 15:46:21 +01:00
Andres Amaya Garcia
4a91c1a0b5 Change generate_errors.pl to call perl grep
Change the script generate_errors.pl to call the grep function in Perl
instead of calling the external tool grep directly as this causes
problems when ANSI escape sequences are included in the grep output
string.
2018-03-22 15:46:16 +01:00
Andres Amaya Garcia
2a0aee3163 Add ChangeLog entry for redundant mutex initialization optimizations 2018-03-21 17:40:48 +00:00
Gergely Budai
0a91973e4b Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:32:47 +00:00
Paul Bakker
3d72b5d688 Add end guard comment 2018-03-21 15:29:35 +00:00
Embedthis Software
d641260987 Fix single threaded builds 2018-03-21 15:29:01 +00:00
Andres Amaya Garcia
09d787f2fc Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:24:32 +00:00
Mitsuhiro Nakamura
e00964d9a7 Fix dylib linking 2018-03-21 11:21:59 +00:00
Gilles Peskine
823734b96c Robustness fix in mbedtls_ssl_derive_keys
In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in
ciphersuites that don't use HMAC. This doesn't change the behavior of
the code, but avoids relying on an uncaught error when attempting to
start an HMAC operation that hadn't been initialized.
2018-03-19 19:06:08 +01:00
mohammad1603
89c12ecfb5 Avoid wraparound on in_left
Avoid wraparound on in_left
2018-03-19 07:15:50 -07:00
Jaeden Amero
1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Jaeden Amero
7f44963f45 Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed 2018-03-15 15:24:47 +00:00
Ron Eldor
329e4d572b Addres review comments
Resolves comments raised in the review
2018-03-15 15:09:28 +00:00
Ron Eldor
f71ce5229e Add log and fix stle issues
Address Andres comments of PR
2018-03-15 15:09:28 +00:00
Ron Eldor
82712a9c97 Write correct number of ciphersuites in log
Change location of log, to fit the correct number of used ciphersuites
2018-03-15 15:09:28 +00:00
Jaeden Amero
23f503f12d Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed 2018-03-14 18:32:21 +00:00
Jaeden Amero
5e50ff8f44 Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed 2018-03-14 18:16:29 +00:00
Jaeden Amero
10a1a60966 Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed 2018-03-14 18:03:41 +00:00
Jaeden Amero
0980d9a3ae Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed 2018-03-14 17:53:27 +00:00
Jaeden Amero
4e3629590f Merge remote-tracking branch 'upstream-public/pr/1452' into mbedtls-2.1-proposed 2018-03-14 17:38:21 +00:00
Krzysztof Stachowiak
d3cec99377 Update change log 2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
c86b880411 Prevent arithmetic overflow on bounds check 2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
ce0d3ca128 Add bounds check before signature length read 2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
a7a8332402 Update change log 2018-03-14 14:35:12 +01:00
Krzysztof Stachowiak
0e0afacbc5 Prevent arithmetic overflow on bounds check 2018-03-14 14:35:12 +01:00
Krzysztof Stachowiak
7040553a02 Add bounds check before length read 2018-03-14 14:35:12 +01:00
Manuel Pégourié-Gonnard
a566dc4d45 fixup previous commit: add forgotten file 2018-03-14 14:10:43 +01:00
Manuel Pégourié-Gonnard
74b8ae89c6 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:48:04 +01:00
Manuel Pégourié-Gonnard
85f36ae0a1 x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:48:03 +01:00
Manuel Pégourié-Gonnard
b0661769ab x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
Gilles Peskine
df6f3dd9b0 Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed 2018-03-13 17:28:42 +01:00
Gilles Peskine
8c1217984b Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
2018-03-13 17:26:49 +01:00
Manuel Pégourié-Gonnard
503047f824 Fix 2.1-specific remaining MD/PK depend issues
For library/certs.c the issue is resolved by aligning it with the version in
the 2.7 branch (which is currently the same as the version in the development
branch)
2018-03-13 11:53:48 +01:00
Hanno Becker
41b6189ef7 Adapt ChangeLog
Add note about fix of memory leak in RSA self test.
2018-03-13 10:42:43 +00:00
Hanno Becker
b81fcd00e6 Correct memory leak in RSA self test
The RSA self test didn't free the RSA context on failure.
2018-03-13 10:31:02 +00:00
Gilles Peskine
5e533f43ee Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed 2018-03-12 23:51:50 +01:00
Gilles Peskine
889de8eedb Merge branch 'pr_1276' into mbedtls-2.1-proposed 2018-03-12 23:51:01 +01:00
Gilles Peskine
681f5aacfe Align ChangeLog entry with 2.7 2018-03-12 23:50:18 +01:00
Gilles Peskine
8da4f864a5 Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed 2018-03-12 23:44:48 +01:00
Gilles Peskine
5913453168 Merge remote-tracking branch 'upstream-public/pr/1431' into mbedtls-2.1-proposed 2018-03-12 23:43:44 +01:00
Manuel Pégourié-Gonnard
62732b36fb Fix remaining issues found by depend-hashes 2018-03-12 15:52:55 +01:00
Manuel Pégourié-Gonnard
8326fb2e1f Fix remaining issues found by depend-pkalgs 2018-03-12 15:52:53 +01:00
Gilles Peskine
adee19582e Merge branch 'pr_1409' into mbedtls-2.1-proposed 2018-03-11 00:52:36 +01:00
Gilles Peskine
857802afb3 Merge remote-tracking branch 'upstream-public/pr/1250' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine
d38464698e Merge remote-tracking branch 'upstream-public/pr/1295' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine
0aacc9a96d Merge remote-tracking branch 'upstream-public/pr/1297' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00