Commit Graph

6233 Commits

Author SHA1 Message Date
Gilles Peskine
9ff0f052b3 Add ChangeLog entry.
Fixes #1353
2018-03-26 18:29:52 +01:00
Gilles Peskine
e4f2736b42 Add ChangeLog entry 2018-03-26 12:29:30 +02:00
Andrzej Kurek
d959492797 pk_sign: fix overriding and ignoring return values 2018-03-26 04:13:24 -04:00
Andres Amaya Garcia
89320a489b Add ChangeLog entry for library/makefile changes 2018-03-26 00:08:40 +01:00
Andres Amaya Garcia
2f1595238a Allow overriding ar param prefix in library/Makefile 2018-03-26 00:08:36 +01:00
Andres Amaya Garcia
2679c1c81e Make DLEXT var configurable in library/Makefile 2018-03-26 00:08:33 +01:00
Ivan Krylov
5cb1f09ab4 slight rewording requested by reviewer (#758) 2018-03-24 18:48:04 +03:00
Jaeden Amero
877c6dcf22 Merge remote-tracking branch 'upstream-restricted/pr/456' into mbedtls-2.7 2018-03-23 11:19:43 +00:00
Brendan Shanks
968cda12f3 benchmark: Fix incompatibility with C89 compilers
Initializing arrays using non-constant expressions is not permitted in
C89, and was causing errors when compiling with Metrowerks CodeWarrior
(for classic MacOS) in C89 mode. Clang also produces a warning when
compiling with '-Wc99-extensions':

test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
                                         ^~~~~~~~~~
test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
                                         ^~~~~~~~~~

Declaring the arrays as 'static' makes them constant expressions.

fixes #1353
2018-03-22 23:21:29 -07:00
Gilles Peskine
d4dc1a0266 Add changelog entries for improved testing
Fixes #1040
2018-03-23 02:19:49 +01:00
Gilles Peskine
79d441c64f Add missing dependencies in test_suite_x509parse
Found by depends-hashes.pl and depends-pkgalgs.pl.
2018-03-23 02:18:36 +01:00
Gilles Peskine
763da6e550 all.sh --keep-going: properly handle multiple-builds scripts
In keep-going mode, if a multiple-builds script fails, record its
status and keep going.
2018-03-23 02:18:33 +01:00
Gilles Peskine
2cfeb887b4 Merge tag 'mbedtls-2.7.2' into iotssl-1381-x509-verify-refactor-2.7-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:12:44 +01:00
mohammad1603
2ea2d686e2 Verify that f_send and f_recv send and receive the expected length
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
2018-03-22 14:56:28 -07:00
Gilles Peskine
69d1b293fc Merge remote-tracking branch 'myfork/pr_1073' into mbedtls-2.7-proposed 2018-03-22 21:53:22 +01:00
Gilles Peskine
d675986506 Merge remote-tracking branch 'upstream-public/pr/1256' into mbedtls-2.7-proposed 2018-03-22 21:52:01 +01:00
Gilles Peskine
8980da5caf Merge remote-tracking branch 'myfork/pr_726' into mbedtls-2.7-proposed 2018-03-22 21:49:43 +01:00
Gilles Peskine
88c6df1ce8 Add ChangeLog entry 2018-03-22 21:48:28 +01:00
Gilles Peskine
48115740da Merge remote-tracking branch 'upstream-public/pr/1442' into mbedtls-2.7-proposed 2018-03-22 21:30:19 +01:00
Gilles Peskine
9b9cc616ca Add ChangeLog entry 2018-03-22 17:03:45 +01:00
Andres Amaya Garcia
56c72480ca Add ChangeLog entry for redundant mutex initialization optimizations 2018-03-21 17:39:14 +00:00
Gergely Budai
8190678c01 Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:13:08 +00:00
Andres Amaya Garcia
d90d0dcaf1 Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:19:47 +00:00
Mitsuhiro Nakamura
1e3c00090a Fix dylib linking 2018-03-21 11:18:09 +00:00
Gilles Peskine
21701305ce Robustness fix in mbedtls_ssl_derive_keys
In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in
ciphersuites that don't use HMAC. This doesn't change the behavior of
the code, but avoids relying on an uncaught error when attempting to
start an HMAC operation that hadn't been initialized.
2018-03-20 18:41:25 +01:00
mohammad1603
b11af86daf Avoid wraparound on in_left
Avoid wraparound on in_left
2018-03-19 07:18:13 -07:00
Jaeden Amero
9ae1fba869 Update version to 2.7.2 2018-03-16 16:30:17 +00:00
Simon Butcher
001427b6c3 Add clarity to use of the rsa_internal.h interface
Added additional clarification to the use of the rsa_internal.h interface and as
and when it can be used by whom. Policy hasn't changed, but it needed to be
clearer who can and can't use it and it's level of support.
2018-03-16 15:46:29 +00:00
Jaeden Amero
c9908f010a Merge remote-tracking branch 'upstream-public/pr/1064' into mbedtls-2.7-restricted-proposed 2018-03-15 14:58:24 +00:00
Jaeden Amero
e0b1a73c56 Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:47 +00:00
Jaeden Amero
73923e1575 Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:22 +00:00
Jaeden Amero
8a032e6051 Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed 2018-03-15 14:35:47 +00:00
Jaeden Amero
32ae73b289 Merge remote-tracking branch 'upstream-public/pr/1448' into mbedtls-2.7-proposed 2018-03-15 14:33:29 +00:00
Jaeden Amero
100273ddfb Merge remote-tracking branch 'upstream-public/pr/1449' into mbedtls-2.7-proposed 2018-03-15 14:32:54 +00:00
Jaeden Amero
e1c916ca5e Merge remote-tracking branch 'upstream-public/pr/1451' into mbedtls-2.7-proposed 2018-03-15 08:34:33 +00:00
Manuel Pégourié-Gonnard
c3901d4cd3 fixup previous commit: add forgotten file 2018-03-14 14:10:19 +01:00
Manuel Pégourié-Gonnard
dae3fc3fe0 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:46:54 +01:00
Manuel Pégourié-Gonnard
282159c318 x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:46:53 +01:00
Krzysztof Stachowiak
4e0141fc00 Update change log 2018-03-14 11:43:00 +01:00
Krzysztof Stachowiak
b5609f3ca5 Prevent arithmetic overflow on bould check 2018-03-14 11:41:47 +01:00
Krzysztof Stachowiak
b3e8f9e2e6 Add bounds check before signature 2018-03-14 11:40:55 +01:00
Krzysztof Stachowiak
bcb8149510 Update change log 2018-03-14 11:23:34 +01:00
Krzysztof Stachowiak
8e0b1166b6 Prevent arithmetic overflow on bounds check 2018-03-14 11:21:35 +01:00
Krzysztof Stachowiak
9e1839bc43 Add bounds check before length read 2018-03-14 11:20:46 +01:00
Manuel Pégourié-Gonnard
5a9f46e57c x509: CRL: reject unsupported critical extensions 2018-03-14 09:24:12 +01:00
Jaeden Amero
1a6ddb4382 Merge branch 'mbedtls-2.7' into mbedtls-2.7-restricted 2018-03-13 17:28:20 +00:00
Gilles Peskine
6013004fa9 Note in the changelog that this fixes an interoperability issue.
Fixes #1339
2018-03-13 17:27:53 +00:00
Gilles Peskine
64540d9577 Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:46 +01:00
Gilles Peskine
955d70459d Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:33 +01:00
Manuel Pégourié-Gonnard
b0ba5bccff Yet another dependency issue (PKCS1_V15)
Found by running:

CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl

(Also tested with same command but CC=gcc)

Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:44:45 +01:00