Simon Butcher
b2d2fec5a4
Corrected typo in ChangeLog
2015-11-03 23:12:36 +00:00
Manuel Pégourié-Gonnard
c28240596a
Fix other int casts in bounds checking
...
Not a security issue as here we know the buffer is large enough (unless
something else if badly wrong in the code), and the value cast to int is less
than 2^16 (again, unless issues elsewhere).
Still changing to a more correct check as a matter of principle
2015-11-02 10:43:03 +09:00
Manuel Pégourié-Gonnard
5784dd5ac8
Fix other occurrences of same bounds check issue
...
Security impact is the same: not triggerrable remotely except in very specific
use cases
2015-11-02 10:43:03 +09:00
Manuel Pégourié-Gonnard
0d66bb959f
Fix potential buffer overflow in asn1write
2015-11-02 10:42:44 +09:00
Manuel Pégourié-Gonnard
9dc66f4b2f
Fix potential heap corruption on Windows
...
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-11-02 10:41:13 +09:00
Manuel Pégourié-Gonnard
ffb8180733
Fix potential double-free in ssl_conf_psk()
2015-11-02 10:40:14 +09:00
Manuel Pégourié-Gonnard
e34dcd7ec5
Use own implementation of strsep()
...
Not available on windows, and strtok() is not a good option
2015-11-02 06:48:40 +09:00
Manuel Pégourié-Gonnard
1cf8851a77
Add ChangeLog entry for ASN.1 DER boolean fix
2015-11-02 06:00:38 +09:00
Jonathan Leroy
e03fa7c16a
Test certificate "Server1 SHA1, key_usage" reissued.
2015-11-02 05:58:58 +09:00
Jonathan Leroy
00c6b3c35a
Fix boolean values according to DER specs
...
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.
This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.
With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).
Fixes #318 .
2015-11-02 05:58:43 +09:00
Jonathan Leroy
3dd85ddfdf
cert_write : fix "Destination buffer is too small" error
...
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.
I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...
Fixes #315 .
2015-11-02 05:58:30 +09:00
Manuel Pégourié-Gonnard
621f83e5c5
Fix typo in an OID name
...
fixes #314
2015-11-02 05:58:10 +09:00
Manuel Pégourié-Gonnard
7a40dc686f
Disable reportedly broken assembly of Sparc(64)
...
fixes #292
2015-11-02 05:57:49 +09:00
Manuel Pégourié-Gonnard
e55448a50f
Add Changelog entries for max_pathlen fixes
2015-11-02 05:56:57 +09:00
Manuel Pégourié-Gonnard
1d9348a06f
Fix a style issue
2015-11-02 05:56:08 +09:00
Manuel Pégourié-Gonnard
fd1f9e735e
Fix whitespace at EOL issues
2015-11-02 05:55:58 +09:00
Manuel Pégourié-Gonnard
841caf1b74
Use symbolic constants in test data
2015-11-02 05:55:39 +09:00
Janos Follath
860f239eb9
Fixed pathlen contraint enforcement.
2015-11-02 05:55:28 +09:00
Janos Follath
36f1234d96
Additional corner cases for testing pathlen constrains. Just in case.
2015-11-02 05:55:15 +09:00
Janos Follath
c7bea3158a
Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:55:02 +09:00
Jonathan Leroy
1f8c20ac9a
Fix help message for cert_req/cert_write programs
...
In cert_req and cert_write programs, "key_certificate_sign" is not an
allowed velue for "key_usage" parameter. The correct value is
"key_cert_sign".
See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208
and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323 .
2015-10-30 16:56:44 +01:00
Manuel Pégourié-Gonnard
d13585f1b3
Small improvement to test script
2015-10-30 16:56:30 +01:00
Manuel Pégourié-Gonnard
9f44a80ea3
Try to prevent some misuse of RSA functions
...
fixes #331
2015-10-30 10:57:43 +01:00
Manuel Pégourié-Gonnard
8f115968da
Pick up ChangeLog fixes from development
2015-10-28 13:55:28 +01:00
Manuel Pégourié-Gonnard
a7f0a42101
Mention new test script in Readme
2015-10-28 13:42:14 +01:00
Manuel Pégourié-Gonnard
93080dfacf
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-28 13:22:32 +01:00
Simon Butcher
94c5e3c654
Fixed typo in comment
2015-10-28 13:21:12 +01:00
Manuel Pégourié-Gonnard
722da74cfc
Fix attribution in ChangeLog
2015-10-28 13:20:16 +01:00
Manuel Pégourié-Gonnard
a314076486
Fix handling of non-fatal alerts
...
fixes #308
2015-10-28 13:19:55 +01:00
Manuel Pégourié-Gonnard
134ca18fbc
Add key-exchanges.pl to test list
2015-10-28 13:17:18 +01:00
Manuel Pégourié-Gonnard
fe3affdad2
Add -Werror to reduced configs test scripts
2015-10-28 13:17:08 +01:00
Manuel Pégourié-Gonnard
5baec9050e
Fix warning in some reduced configs
2015-10-28 13:16:56 +01:00
Manuel Pégourié-Gonnard
f9945bc283
Fix #ifdef inconsistency
...
fixes #310
Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
Conflicts:
ChangeLog
2015-10-28 13:16:33 +01:00
Manuel Pégourié-Gonnard
4b56e755af
Add script to test configs with single key exchanges
2015-10-28 13:15:23 +01:00
Manuel Pégourié-Gonnard
1cb668cf0f
ECHDE-PSK does not use a certificate
...
fixes #270
2015-10-28 13:15:12 +01:00
Manuel Pégourié-Gonnard
d113b8e89d
Move all KEY_EXCHANGE__ definitions in one place
2015-10-28 13:15:01 +01:00
Manuel Pégourié-Gonnard
5ce77da2b3
Mention performance fix in ChangeLog
2015-10-27 10:35:02 +01:00
Manuel Pégourié-Gonnard
00992d45c0
Optimize more common cases in ecp_muladd()
2015-10-27 10:30:36 +01:00
Manuel Pégourié-Gonnard
241bf6717a
Optimize some case of mbedtls_ecp_muladd()
...
Those are used by EC-JPAKE
2015-10-27 10:30:03 +01:00
Manuel Pégourié-Gonnard
770f453547
Remove useless code
...
closes #321
2015-10-27 10:29:26 +01:00
Manuel Pégourié-Gonnard
c4cbc94d44
Small fix to 'make test' script
...
When the tests fail they don't display the number of skipped and run test
2015-10-27 10:29:26 +01:00
Manuel Pégourié-Gonnard
a6925c502d
Fix typo in documentation
2015-10-27 10:28:49 +01:00
Simon Butcher
759b6d9df6
Corrected misleading fn description in ssl_cache.h
...
Mistake in comments spotted by Andris Mednis
2015-10-27 10:28:24 +01:00
Simon Butcher
60d41b5d87
Corrected URL/reference to MPI library
2015-10-27 10:28:11 +01:00
James Cowgill
6bfa1d826e
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-27 10:27:51 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
ca056c7748
Fix CVE number in ChangeLog
2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard
c80a74f734
Merge branch 'development' into development-restricted
...
* development:
Add 'inline' workaround where needed
2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard
2ac9c60838
Add 'inline' workaround where needed
...
Was previously using the workaround from md.h
2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6
Merge branch 'development' into development-restricted
...
* development:
Remove inline workaround when not useful
Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00