Commit Graph

6614 Commits

Author SHA1 Message Date
Jaeden Amero
ac021d901b Merge remote-tracking branch 'upstream-public/pr/2143' into mbedtls-2.7 2018-12-06 15:52:01 +00:00
Simon Butcher
2297157dd6
Merge pull request #541 from ARMmbed/version-2.7.8
Update the library version to 2.7.8
2018-12-02 13:21:10 +00:00
Simon Butcher
4a908ca6bb Update library version number to 2.7.8 2018-12-01 23:12:40 +00:00
Simon Butcher
be16e38102 Clarify attribution for the Bleichenbacher's Cat fix 2018-12-01 23:04:54 +00:00
Simon Butcher
4303f7619e Merge remote-tracking branch 'restricted/pr/513' into mbedtls-2.7-restricted 2018-11-29 17:27:35 +00:00
Simon Butcher
e34a4f5825 Merge remote-tracking branch 'restricted/pr/536' into mbedtls-2.7-restricted 2018-11-29 17:26:43 +00:00
Simon Butcher
a0d3e1d570 Merge remote-tracking branch 'restricted/pr/518' into mbedtls-2.7-restricted 2018-11-29 17:26:25 +00:00
Gilles Peskine
5db9c830f1 Add changelog entry for mbedtls_mpi_write_binary fix 2018-11-29 12:47:02 +01:00
Gilles Peskine
813bdeb663 Tweak RSA vulnerability changelog entry
* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
2018-11-29 12:46:47 +01:00
Gilles Peskine
220cc17165 mbedtls_mpi_write_binary: don't leak the exact size of the number
In mbedtls_mpi_write_binary, avoid leaking the size of the number
through timing or branches, if possible. More precisely, if the number
fits in the output buffer based on its allocated size, the new code's
trace doesn't depend on the value of the number.
2018-11-26 12:45:35 +01:00
Simon Butcher
e26f79ba67
Merge pull request #533 from sbutcher-arm/version-2.7.7
Bump Mbed TLS Version to 2.7.7
2018-11-19 18:50:34 +00:00
Simon Butcher
20f30d97a8 Update library version number to 2.7.7 2018-11-19 18:32:22 +00:00
Simon Butcher
7fd58a9e4f Refine the language in the ChangeLog
Fix the language and descriptions in the ChangeLog following review of the
Release Notes for the next release.
2018-11-19 16:01:15 +00:00
Simon Butcher
357fbee3fd Fix language and formatting in ChangeLog
Changed the formatting and language in the ChangeLog to the house-style.
2018-11-08 13:47:21 +00:00
Simon Butcher
58012321b8 Merge remote-tracking branch 'restricted/pr/521' into mbedtls-2.7-restricted-proposed 2018-11-07 13:36:00 +00:00
Simon Butcher
02d3b1cfbb Merge remote-tracking branch 'restricted/pr/523' into mbedtls-2.7-restricted-proposed 2018-11-07 13:35:07 +00:00
Simon Butcher
9136dab9c3 Merge remote-tracking branch 'public/pr/2138' into mbedtls-2.7-restricted-proposed 2018-11-07 13:34:42 +00:00
Simon Butcher
c37966239c Merge remote-tracking branch 'public/pr/2080' into mbedtls-2.7-restricted-proposed 2018-11-07 13:34:27 +00:00
Simon Butcher
ce8c509b3e Merge remote-tracking branch 'public/pr/2135' into mbedtls-2.7-restricted-proposed 2018-11-07 13:33:09 +00:00
Simon Butcher
a5c0071cd2 Merge remote-tracking branch 'public/pr/2153' into mbedtls-2.7-restricted-proposed 2018-11-07 13:32:53 +00:00
Simon Butcher
b7d2d5c933 Merge remote-tracking branch 'public/pr/2155' into mbedtls-2.7-restricted-proposed 2018-11-07 13:32:04 +00:00
Simon Butcher
0afa2ef6c4 Merge remote-tracking branch 'public/pr/2176' into mbedtls-2.7-restricted-proposed 2018-11-07 13:31:39 +00:00
Hanno Becker
0a08a4a68d Adapt ChangeLog 2018-11-06 13:19:06 +00:00
Hanno Becker
18a4cbfac3 Don't perform binary comparison of CRL issuer and CA subject
Previously, when checking whether a CRT was revoked through
one of the configured CRLs, the library would only consider
those CRLs whose `issuer` field binary-matches the `subject`
field of the CA that has issued the CRT in question. If those
fields were not binary equivalent, the corresponding CRL was
discarded.

This is not in line with RFC 5280, which demands that the
comparison should be format- and case-insensitive. For example:

- If the same string is once encoded as a `PrintableString` and
  another time as a `UTF8String`, they should compare equal.
- If two strings differ only in their choice of upper and lower case
  letters, they should compare equal.

This commit fixes this by using the dedicated x509_name_cmp()
function to compare the CRL issuer with the CA subject.

Fixes #1784.
2018-11-06 13:18:40 +00:00
Hanno Becker
52da7ee9e0 Move static x509_name_cmp() in library/x509_crt.c
A subsequent change will need this function earlier
within the file.
2018-11-06 13:18:23 +00:00
Hanno Becker
2130163012 Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.

The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
  tests/data_files/Makefile which allows easy
  change of the subject DN.
- changes the default string format from `PrintableString`
  to `UTF8String`.

Specifically:
- `test-ca_utf8.crt` was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641, after modifying the subject DN line in the build
   instruction for `test-ca.crt` in `tests/data_files/Makefile`.
-  `test-ca_printable.crt` is a copy of `test-ca.crt`
   because at the time of this commit, `PrintableString` is
   still the default string format.
2018-11-06 13:17:07 +00:00
Gilles Peskine
0eaa6d5bb6 Fix buffer overflow in test mbedtls_mpi_is_prime_det 2018-11-05 16:43:17 +01:00
Simon Butcher
7b28abc8ae Merge remote-tracking branch 'public/pr/2045' into mbedtls-2.7-proposed 2018-11-04 18:53:52 +00:00
Simon Butcher
5a15fa3cdc Merge remote-tracking branch 'public/pr/2096' into mbedtls-2.7-proposed 2018-11-04 18:48:46 +00:00
Simon Butcher
fa8c974329 Merge remote-tracking branch 'public/pr/2115' into mbedtls-2.7-proposed 2018-11-04 18:42:47 +00:00
Hanno Becker
0b0753c588 Adapt ChangeLog 2018-10-30 10:09:24 +00:00
Hanno Becker
3ddf101ac1 Correct typo in documentation of MBEDTLS_SSL_RENEGOTIATION 2018-10-30 09:39:35 +00:00
Hanno Becker
995878cc00 Improve documentation of mbedtls_ssl_get_verify_result()
Fixes #517.
2018-10-30 09:35:16 +00:00
Ron Eldor
051cfd1f92 Add doxygen.sh script to git hooks
Add the doxygen.sh script to the pre-push git script
2018-10-29 10:45:00 +02:00
Simon Butcher
e2a6f01f3f Merge remote-tracking branch 'public/pr/1763' into mbedtls-2.7-proposed 2018-10-28 18:13:46 +00:00
Simon Butcher
80544a1fc2 Merge remote-tracking branch 'public/pr/2057' into mbedtls-2.7-proposed 2018-10-28 17:23:49 +00:00
Simon Butcher
50f03ce4fb Merge remote-tracking branch 'public/pr/2071' into mbedtls-2.7-proposed 2018-10-28 16:55:12 +00:00
Simon Butcher
1222dddbd0 Merge remote-tracking branch 'public/pr/2112' into mbedtls-2.7-proposed 2018-10-28 16:22:29 +00:00
Simon Butcher
0ef20f765c Merge remote-tracking branch 'public/pr/2109' into mbedtls-2.7-proposed 2018-10-28 16:17:17 +00:00
Simon Butcher
ec3f9c362d Merge remote-tracking branch 'public/pr/2032' into mbedtls-2.7 2018-10-27 18:34:46 +01:00
Simon Butcher
e7bc4fc47f Merge remote-tracking branch 'public/pr/2041' into mbedtls-2.7 2018-10-27 18:28:03 +01:00
Simon Butcher
6d5db78b86 Merge remote-tracking branch 'public/pr/2037' into mbedtls-2.7 2018-10-27 18:01:49 +01:00
Simon Butcher
e5eb2581f8 Make inclusion of stdio.h conditional in x509_crt.c
stdio.h was being included both conditionally if MBEDTLS_FS_IO was
defined, and also unconditionally, which made at least one of them
redundant.

This change removes the unconditional inclusion of stdio.h and makes it
conditional on MBEDTLS_PLATFORM_C.
2018-10-25 18:23:07 +01:00
Hanno Becker
85adbfa9ef Adapt ChangeLog 2018-10-25 15:50:41 +01:00
Hanno Becker
5cc4f76f5f Reinitialize PK ctx in mbedtls_pk_parse_key before reuse are free
Context: This commit makes a change to mbedtls_pk_parse_key() which
is responsible for parsing of private keys. The function doesn't know
the key format in advance (PEM vs. DER, encrypted vs. unencrypted) and
tries them one by one, resetting the PK context in between.

Issue: The previous code resets the PK context through a call to
mbedtls_pk_free() along, lacking the accompanying mbedtls_pk_init()
call. Practically, this is not an issue because functionally
mbedtls_pk_free() + mbedtls_pk_init() is equivalent to mbedtls_pk_free()
with the current implementation of these functions, but strictly
speaking it's nonetheless a violation of the API semantics according
to which xxx_free() functions leave a context in uninitialized state.
(yet not entirely random, because xxx_free() functions must be idempotent,
so they cannot just fill the context they operate on with garbage).

Change: The commit adds calls to mbedtls_pk_init() after those calls
to mbedtls_pk_free() within mbedtls_pk_parse_key() after which the
PK context might still be used.
2018-10-25 15:24:21 +01:00
Simon Butcher
2adf43a30b
Merge pull request #2122 from dgreen-arm/mbedtls-2.7-jenkinsfile
Backport 2.7: Add Jenkinsfile for PR job
2018-10-19 17:01:16 +01:00
Darryl Green
37b35b13e6 Add Jenkinsfile for PR job 2018-10-19 15:25:57 +01:00
Darryl Green
94759f6593 Mark internal function as static 2018-10-19 09:21:15 +01:00
Darryl Green
56d7cc472f Fix bias in random number generation in Miller-Rabin test
When a random number is generated for the Miller-Rabin primality test,
if the bit length of the random number is larger than the number being
tested, the random number is shifted right to have the same bit length.
This introduces bias, as the random number is now guaranteed to be
larger than 2^(bit length-1).

Changing this to instead zero all bits higher than the tested numbers
bit length will remove this bias and keep the random number being
uniformly generated.
2018-10-19 09:21:15 +01:00
Janos Follath
8d3fb2e167 Changelog: Add entry for prime validation fix 2018-10-19 09:21:15 +01:00