Janos Follath
742783fe85
Included tests for the overflow
...
Conflicts:
library/rsa.c
2016-05-18 19:58:41 +01:00
Janos Follath
21ca00243c
Add Changelog entry for current branch
2016-05-18 19:58:41 +01:00
Simon Butcher
d3253b018e
Fix for backprt of IOTSSL-628
...
Corrections to constand and function names changed between 1.3 and 2.1
2016-05-18 19:58:41 +01:00
Simon Butcher
2d49c4d2f6
Fix ChangeLog after merging fix for IOTSSL-628
2016-05-18 19:58:41 +01:00
Janos Follath
7295c189ee
Extended ChangeLog entry
2016-05-18 19:58:41 +01:00
Janos Follath
092f2c48c4
Move underflow test to make time constant
2016-05-18 19:58:41 +01:00
Janos Follath
574b118bf8
Add Changelog entry for current branch
2016-05-18 19:58:40 +01:00
Janos Follath
3bed13df1c
Included test for integer underflow.
2016-05-18 19:58:40 +01:00
Janos Follath
6483af8e42
Fix the broken pkcs1 v1.5 test.
...
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-05-18 19:58:40 +01:00
Janos Follath
8eeecd0444
Fix the backport of pkcs1 v1.5 test suite.
...
The test suite was not properly backported and it remained unnoticed,
because it was not compile due to the change in the naming of the
compile time requirements.
2016-05-18 19:58:40 +01:00
Janos Follath
f18263d78b
Removing 'if' branch from the fix.
...
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-05-18 19:58:40 +01:00
Janos Follath
7244ecf52e
Add tests for the bug IOTSSL-619.
...
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-05-18 19:58:40 +01:00
Janos Follath
a1ebe662f3
Add Changelog entry for current branch
2016-05-18 19:58:40 +01:00
Janos Follath
f570f7f686
Length check added
2016-05-18 19:58:40 +01:00
Simon Butcher
01660396da
Corrects debug macro in ssl_cli.c
2016-04-22 10:05:50 +01:00
Janos Follath
4e03439e6a
Fix bug in ssl_write_supported_elliptic_curves_ext
...
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:59:00 +01:00
Janos Follath
7ddc2cdfce
Fix null pointer dereference in the RSA module.
...
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:28:24 +01:00
Simon Butcher
e9f842782b
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-19 10:02:43 +01:00
Janos Follath
d61fc6881a
Fix odd bitlength RSA key generation
...
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:42:17 +01:00
Janos Follath
4dfecabb97
Update default configuration
...
Change the default settings for SSL and modify the tests accordingly.
2016-03-14 13:40:43 +00:00
Simon Butcher
a91d85e331
Fix for net_usleep() timing selftest on mingw
...
In mingw32, net_usleep() was failing to sleep for the given period, and was
sleeping in microseconds, not milliseconds. Fix backported from mbed TLS 2.x of
using the Win32 Sleep() API call rather than using the timeout of select().
2016-01-15 14:36:08 +00:00
Manuel Pégourié-Gonnard
54f2c490ed
Avoid build errors with -O0 due to assembly
2016-01-08 15:30:03 +01:00
Manuel Pégourié-Gonnard
20715dc73b
Make ar invocation more portable
...
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.
fixes #386
2016-01-08 15:28:40 +01:00
Manuel Pégourié-Gonnard
faae6d2019
Fix backporting mistakes in previous 5 commits
2016-01-08 15:24:46 +01:00
Manuel Pégourié-Gonnard
40510a3a79
Update ChangeLog for latest PR merged
...
fixes #309
2016-01-08 15:22:41 +01:00
Janos Follath
2db440d2f1
Improved on the previous fix and added a test case to cover both types
...
of carries.
2016-01-08 15:22:05 +01:00
Janos Follath
2b806fad7b
Removed recursion from fix #309 .
2016-01-08 15:20:29 +01:00
Janos Follath
ff5317e99b
Improved on the fix of #309 and extended the test to cover subroutines.
2016-01-08 15:19:14 +01:00
Janos Follath
87f1494809
Tests and fix added for #309 (inplace mpi doubling).
2016-01-08 15:18:03 +01:00
Manuel Pégourié-Gonnard
a3a1cd33d1
Update reference to attack in ChangeLog
...
We couldn't do that before the attack was public
2016-01-08 15:11:12 +01:00
Simon Butcher
84181adae8
Change version number to 1.3.16
...
Changed version for library files and yotta module
2016-01-04 22:49:30 +00:00
Simon Butcher
302c5fed24
Added _ENABLE_MD5_SIGNATURES into features list
...
Specifically, 'POLARSSL_SSL_ENABLE_MD5_SIGNATURES' into version_features.c
2016-01-04 14:41:31 +00:00
Simon Butcher
d7fe6fbd76
Fix for MPI divide on MSVC
...
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 22:39:18 +00:00
Simon Butcher
a39690e7bf
Correction to ChangeLog
...
Corrected function name for rsa_rsassa_pkcs1_v15_sign()
2016-01-02 00:49:12 +00:00
Simon Butcher
14400c8fb0
Merge memory leak fix into branch 'mbedtls-1.3'
...
Merge of fix for memory leak in RSA-SSA signing - #372
2016-01-02 00:28:19 +00:00
Simon Butcher
7d3f3a8ac8
Fix for memory leak in RSA-SSA signing
...
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2016-01-02 00:03:39 +00:00
Simon Butcher
a192c8f5d8
Merge branch 'iotssl-541-1.3-pathlen-bugfix'
2016-01-01 01:13:45 +00:00
Simon Butcher
caa8b4977c
Merge remote-tracking branch 'origin/misc-1.3' into mbedtls-1.3
2015-12-22 20:15:35 +00:00
Manuel Pégourié-Gonnard
cf16b79238
Avoid seemingly-possible overflow
...
By looking just at that test, it looks like 2 + dn_size could overflow. In
fact that can't happen as that would mean we've read a CA cert of size is too
big to be represented by a size_t.
However, it's best for code to be more obviously free of overflow without
having to reason about the bigger picture.
2015-12-22 20:13:35 +00:00
Simon Butcher
e4ed3475b0
Added integer divide by as separate function
...
Added 64bit integer divided by 32bit integer, with remainder
2015-12-22 15:26:57 +00:00
Manuel Pégourié-Gonnard
c05014459e
Fix wrong length limit in GCM
...
See for example page 8 of
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
The previous constant probably came from a typo as it was 2^26 - 2^5 instead
of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
2^32 as the ull suffix and cast to uint64_t show.
fixes #362
2015-12-10 16:34:32 +01:00
Manuel Pégourié-Gonnard
c4a47e3483
Fix bug checking pathlen on first intermediate
...
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.
The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)
fixes #280
2015-11-19 12:06:45 +01:00
Manuel Pégourié-Gonnard
6ad4f65780
Add test case for root with max_pathlen=0
...
This was already working but not tested so far
(Test case from previous commit still failing.)
Test certificates generated with:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key
programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"
mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 12:02:29 +01:00
Manuel Pégourié-Gonnard
c058074836
Add test case for first intermediate max_pathlen=0
...
!!! This test case is currently failing !!!
(See fix in next-next commit.)
Test certificates generated with the following script:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key
programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"
mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 12:01:11 +01:00
Simon Butcher
1f4e08c979
Changed version number to 1.3.15
...
Changed for library
2015-11-05 15:44:46 +00:00
Simon Butcher
34fc23fa6a
Corrected typo in ChangeLog
2015-11-03 23:14:16 +00:00
Manuel Pégourié-Gonnard
edb2327609
Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
...
* mbedtls-1.3:
Use own implementation of strsep()
Add Changelog entries for this branch
Use symbolic constants in test data
Fixed pathlen contraint enforcement.
Additional corner cases for testing pathlen constrains. Just in case.
Added test case for pathlen constrains in intermediate certificates
2015-11-02 06:57:30 +09:00
Manuel Pégourié-Gonnard
28e1ac5cab
Use own implementation of strsep()
...
Not available on windows, and strtok() is not a good option
2015-11-02 06:50:46 +09:00
Manuel Pégourié-Gonnard
f23d6c56a4
Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
...
* mbedtls-1.3:
Add ChangeLog entry for previous commit
cert_write : fix "Destination buffer is too small" error
Add ChangeLog entry for previous two commits
Test certificate "Server1 SHA1, key_usage" reissued.
Fix boolean values according to DER specs
Fix typo in an OID name
Disable reportedly broken assembly of Sparc(64)
ECHDE-PSK does not use a certificate
Actually ignore most non-fatal alerts
2015-10-30 10:17:05 +01:00
Manuel Pégourié-Gonnard
54150a36d1
Add Changelog entries for this branch
2015-10-30 09:45:00 +01:00