Commit Graph

3155 Commits

Author SHA1 Message Date
Ron Eldor
c32b3b73c4 Add ecc extensions only if ecc ciphersuite is used
Fix compliancy to RFC4492. ECC extensions should be included
only if ec ciphersuites are used. Interoperability issue with
bouncy castle. #1157
2018-06-28 15:49:34 +03:00
Simon Butcher
0e342f77fc Merge remote-tracking branch 'public/pr/1390' into mbedtls-2.7 2018-06-27 11:11:34 +01:00
Simon Butcher
035d824ad5 Merge remote-tracking branch 'public/pr/1768' into mbedtls-2.7 2018-06-27 11:09:27 +01:00
Philippe Antoine
0f91c0f441 Coding style
Commit to be squashed
2018-06-22 11:45:38 +01:00
Philippe Antoine
dc58e59280 Simplify code in mbedtls_x509_csr_parse 2018-06-22 11:44:48 +01:00
Philippe Antoine
78657e52d8 Fix memory leak in mbedtls_x509_csr_parse 2018-06-22 11:44:38 +01:00
Andres Amaya Garcia
0fc4e0878e Document ssl_write_real() behaviour in detail 2018-06-21 19:29:49 +01:00
Simon Butcher
662ae9eaae Change the library version to 2.7.4 2018-06-18 14:42:14 +01:00
Simon Butcher
112dfd5bc5 Merge remote-tracking branch 'public/pr/1728' into mbedtls-2.7 2018-06-15 13:02:40 +01:00
Simon Butcher
47212c8e2c Merge remote-tracking branch 'public/pr/1581' into mbedtls-2.7 2018-06-14 11:02:43 +01:00
Simon Butcher
da46a40855 Merge remote-tracking branch 'public/pr/1711' into mbedtls-2.7 2018-06-14 11:01:14 +01:00
Simon Butcher
49de6b89c1 Compilation warning fixes on 32b platfrom with IAR
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683

This is based on work by Ron Eldor in PR #750, some of which was independently
fixed by Azim Khan and already merged in PR #1655.
2018-06-14 09:05:55 +01:00
Simon Butcher
fb6da8815c Merge remote-tracking branch 'public/pr/1655' into mbedtls-2.7 2018-06-12 17:40:08 +01:00
Fabio Alessandrelli
ec4ce37709 Only redefine _WIN32_WINNT macro when < 0x0501 2018-06-08 12:28:47 +01:00
Simon Butcher
bb5e1c3973 Fix multiple quality issues in the source
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
2018-06-08 11:14:43 +01:00
Azim Khan
826cdab010 Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-05-25 14:58:33 +01:00
Darryl Green
68207f868b Fix braces in mbedtls_memory_buffer_alloc_status() 2018-05-23 16:32:33 +01:00
Jaeden Amero
1fc4d33f5f Update version to 2.7.3 2018-04-27 13:15:45 +01:00
Jaeden Amero
07d1d5f270 Merge remote-tracking branch 'upstream-restricted/pr/473' into mbedtls-2.7-restricted-proposed
Remove trailing whitespace in ChangeLog.
2018-04-26 09:07:15 +01:00
Jaeden Amero
402256184a Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
Resolve conflicts in ChangeLog.
2018-04-26 09:03:51 +01:00
Andrzej Kurek
6608096544 Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:28:08 -04:00
Andrzej Kurek
149f3a4d73 Change variable bytes_written to header_bytes in record decompression
The name is changed to better reflect the input, decompression case
2018-04-24 06:32:44 -04:00
Andrzej Kurek
c3a3e2df0e ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-23 08:39:13 -04:00
Mohammad Azim Khan
0acbd7df03 Same ciphersuite validation in server and client hello 2018-04-20 19:58:37 +01:00
Manuel Pégourié-Gonnard
8bce3685f5 Merge remote-tracking branch 'restricted/pr/468' into mbedtls-2.7-restricted-proposed
* restricted/pr/468:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:21:36 +02:00
Krzysztof Stachowiak
affb4f8e90 Improve comments style 2018-04-10 13:43:23 +02:00
Krzysztof Stachowiak
5ca4c5a15d Remove a redundant test 2018-04-10 13:43:17 +02:00
Krzysztof Stachowiak
314f16136f Add buffer size check before cert_type_len read 2018-04-10 13:43:10 +02:00
Krzysztof Stachowiak
071f9a3e47 Add a missing buffer size check 2018-04-04 13:44:04 +02:00
Krzysztof Stachowiak
3d8663b4f9 Correct buffer size check
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-04-04 13:43:00 +02:00
Jaeden Amero
d8e0cec63b Merge remote-tracking branch 'upstream-public/pr/1464' into mbedtls-2.7-proposed 2018-04-03 18:27:54 +01:00
Jaeden Amero
b5f53b1039 Merge remote-tracking branch 'upstream-public/pr/1401' into mbedtls-2.7-proposed 2018-04-03 12:09:45 +01:00
Jaeden Amero
e7dc46240d Merge remote-tracking branch 'upstream-public/pr/1543' into mbedtls-2.7-proposed 2018-04-03 12:03:30 +01:00
mohammad1603
29ed80f79f Fix compatibility problem in the printed message
Replace %zu with %lu and add cast for the printed value.
2018-04-02 07:34:26 -07:00
Gilles Peskine
595c84a7b1 Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed 2018-04-01 12:41:29 +02:00
Gilles Peskine
a0e03a81a7 Merge branch 'pr_1538' into mbedtls-2.7-proposed 2018-04-01 12:35:50 +02:00
Gilles Peskine
cc78ac46e7 Update error.c 2018-03-30 18:52:10 +02:00
Gilles Peskine
5114d3e4e1 Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Andy Leiserson
38a29ee5d0 return plaintext data faster on unpadded decryption 2018-03-29 08:39:55 -04:00
Jaeden Amero
38e37bdd56 Merge remote-tracking branch 'upstream-public/pr/1529' into mbedtls-2.7-proposed 2018-03-29 11:00:09 +01:00
mohammad1603
44a6a688c8 Check whether INT_MAX larger than SIZE_MAX scenario
Check whether INT_MAX larger than SIZE_MAX scenario
2018-03-28 23:45:33 -07:00
Jaeden Amero
5166a188eb Merge remote-tracking branch 'upstream-public/pr/1468' into mbedtls-2.7-proposed 2018-03-28 15:36:36 +01:00
Jaeden Amero
0d891042d1 Merge remote-tracking branch 'upstream-public/pr/1524' into mbedtls-2.7-proposed 2018-03-28 15:33:45 +01:00
Jaeden Amero
ef59b732c2 Merge remote-tracking branch 'upstream-public/pr/1479' into mbedtls-2.7-proposed 2018-03-28 14:21:19 +01:00
Jethro Beekman
004e37117c Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-28 11:29:21 +02:00
Andres Amaya Garcia
24e8283309 Fix coding style in pkcs5.c preprocessor directives 2018-03-27 21:25:53 +01:00
Marcos Del Sol Vives
a1bc0e25b7 Compile PBES2 in PKCS5 only if ASN1 is enabled 2018-03-27 21:25:52 +01:00
Andres Amaya Garcia
2f1595238a Allow overriding ar param prefix in library/Makefile 2018-03-26 00:08:36 +01:00
Andres Amaya Garcia
2679c1c81e Make DLEXT var configurable in library/Makefile 2018-03-26 00:08:33 +01:00
Jaeden Amero
877c6dcf22 Merge remote-tracking branch 'upstream-restricted/pr/456' into mbedtls-2.7 2018-03-23 11:19:43 +00:00