Manuel Pégourié-Gonnard
47229c7cbb
Disable MD5 in handshake signatures by default
2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard
e2e25e7427
DTLS: avoid dropping too many records
...
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).
So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.
This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()
fixes #345
2015-12-03 16:13:17 +01:00
Manuel Pégourié-Gonnard
1630888aa0
Fix two more compiler warnings
...
- declaration after statement
- always true comparison due to limited range of operand
2015-12-01 10:27:00 +01:00
Manuel Pégourié-Gonnard
e3e8edfa51
Fix potential integer overflow in prev. commit
...
Found by Clang's -Wshift-count-overflow
2015-12-01 09:34:36 +01:00
Simon Butcher
15b15d1361
Added integer divide by as separate function
...
Added 64bit integer divided by 32bit integer, with remainder
2015-11-26 19:35:03 +00:00
Manuel Pégourié-Gonnard
3134ef0504
footprint.sh: tune output again
2015-11-25 10:50:27 +00:00
Manuel Pégourié-Gonnard
4553a6cdcf
footprint.sh: improve printed output
2015-11-25 10:39:54 +00:00
Manuel Pégourié-Gonnard
f4569b14c4
Fix bug checking pathlen on first intermediate
...
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.
The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)
fixes #280
2015-11-19 11:10:38 +01:00
Manuel Pégourié-Gonnard
8b4331aa56
Add test case for root with max_pathlen=0
...
This was already working but not tested so far
(Test case from previous commit still failing.)
Test certificates generated with:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key
programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"
mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:10:33 +01:00
Manuel Pégourié-Gonnard
a3aa43da5f
Add test case for first intermediate max_pathlen=0
...
!!! This test case is currently failing !!!
(See fix in next-next commit.)
Test certificates generated with the following script:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key
programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"
mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 10:56:30 +01:00
Simon Butcher
8254ed2a9f
Change version number to 2.2.0
...
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Simon Butcher
59a8fa7e2e
Corrected typo in ChangeLog
2015-11-03 23:09:28 +00:00
Manuel Pégourié-Gonnard
bd3639852c
Merge branch 'iotssl-519-asn1write-overflows-restricted' into development-restricted
...
* iotssl-519-asn1write-overflows-restricted:
Fix other int casts in bounds checking
Fix other occurrences of same bounds check issue
Fix potential buffer overflow in asn1write
2015-11-02 11:07:30 +09:00
Manuel Pégourié-Gonnard
537e2a9b58
Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted
...
* iotssl-518-winpathlen-restricted:
Fix potential heap corruption on Windows
2015-11-02 11:04:59 +09:00
Manuel Pégourié-Gonnard
f8b2442e2f
Merge branch 'iotssl-517-double-free-restricted' into development-restricted
...
* iotssl-517-double-free-restricted:
Fix potential double-free in ssl_conf_psk()
2015-11-02 11:03:32 +09:00
Manuel Pégourié-Gonnard
ce0e3f7f5c
Bump yotta version number to 2.2.0-rc2
2015-11-02 06:53:44 +09:00
Manuel Pégourié-Gonnard
a8838af8e6
Use own implementation of strsep()
...
Not available on windows, and strtok() is not a good option
2015-11-02 06:44:24 +09:00
Manuel Pégourié-Gonnard
644c2e0fdb
Add new program to gitignore
2015-11-02 06:34:29 +09:00
Manuel Pégourié-Gonnard
c99dffad36
Add ChangeLog entry for ASN.1 DER boolean fix
2015-11-02 06:00:02 +09:00
Manuel Pégourié-Gonnard
0a543a8bc5
Merge pull request #320 from Inikup/fix-issue-318
...
Fix boolean values according to DER specs
2015-11-02 05:52:42 +09:00
Manuel Pégourié-Gonnard
1c6f19aa47
Merge pull request #317 from Inikup/fix-issue-315
...
cert_write : fix "Destination buffer is too small" error
2015-11-02 05:52:26 +09:00
Manuel Pégourié-Gonnard
ba1d897987
Merge branch 'bugfixes' into development
...
* bugfixes:
Fix typo in an OID name
Disable reportedly broken assembly of Sparc(64)
2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard
568f1e7cb3
Merge branch 'iotssl-515-max-pathlen' into development
...
* iotssl-515-max-pathlen:
Add Changelog entries for this branch
Fix a style issue
Fix whitespace at EOL issues
Use symbolic constants in test data
Fixed pathlen contraint enforcement.
Additional corner cases for testing pathlen constrains. Just in case.
Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:49:08 +09:00
Janos Follath
6c92268093
Improved on the previous fix and added a test case to cover both types
...
of carries.
2015-10-30 17:50:12 +01:00
Manuel Pégourié-Gonnard
1fa36597fc
Merge remote-tracking branch 'refs/remotes/origin/development' into development
...
* refs/remotes/origin/development:
Fix help message for cert_req/cert_write programs
2015-10-30 16:54:35 +01:00
Manuel Pégourié-Gonnard
54eeecfff3
Merge pull request #316 from Inikup/help-key_cert_sign-fix
...
Fix help message for cert_req/cert_write programs
2015-10-30 14:50:42 +01:00
Manuel Pégourié-Gonnard
067523ef98
Small improvement to test script
2015-10-30 11:15:40 +01:00
Manuel Pégourié-Gonnard
fb84d38b45
Try to prevent some misuse of RSA functions
...
fixes #331
2015-10-30 10:56:25 +01:00
Manuel Pégourié-Gonnard
2b624e9b39
Add Changelog entries for this branch
2015-10-30 09:45:34 +01:00
Manuel Pégourié-Gonnard
45777c384d
Fix a style issue
2015-10-30 09:24:28 +01:00
Manuel Pégourié-Gonnard
e670f90e48
Fix whitespace at EOL issues
2015-10-30 09:23:19 +01:00
Manuel Pégourié-Gonnard
03dde85c3b
Use symbolic constants in test data
2015-10-30 09:18:06 +01:00
Manuel Pégourié-Gonnard
f7a4688257
Mention new test script in Readme
2015-10-28 13:43:43 +01:00
Manuel Pégourié-Gonnard
8de8a327f4
Bump yotta version to 2.2.0-rc.1
2015-10-27 18:09:39 +01:00
Simon Butcher
6edd78bd8b
Merge branch 'misc' into development
2015-10-27 16:58:01 +00:00
Simon Butcher
204606238c
Merge branch 'development' into misc
2015-10-27 16:57:34 +00:00
Simon Butcher
459a950f31
Fixed typo in comment
2015-10-27 16:09:03 +00:00
Simon Butcher
b48ace74c4
Merge branch 'iotssl-513-alerts' into development
2015-10-27 16:06:10 +00:00
Simon Butcher
62aab15085
Merge branch 'development' into iotssl-513-alerts
2015-10-27 16:05:34 +00:00
Simon Butcher
c87747b675
Removed debug code accidentally left in test code
...
Removed debug code accidentally left in test_suite_x509parse.function.
2015-10-27 15:16:51 +00:00
Simon Butcher
fa8094ea40
Merge branch 'iotssl-521-keylen-check' into development
2015-10-27 15:15:40 +00:00
Simon Butcher
5f7c34b8b0
Merge branch iotssl-521-keylen-check
2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard
e0b2feae34
Mention performance fix in ChangeLog
2015-10-27 10:24:54 +01:00
Simon Butcher
e357a64355
Merge pull request #328 from ARMmbed/iotssl-461-ecjpake-finalization
...
Iotssl 461 ecjpake finalization
2015-10-27 00:08:31 +00:00
Manuel Pégourié-Gonnard
231a065909
yotta Readme: edited by Irit
2015-10-26 17:50:04 +01:00
Janos Follath
3fc644f246
Removed recursion from fix #309 .
2015-10-25 14:24:10 +01:00
Janos Follath
8483e28e21
Merge remote-tracking branch 'upstream/development' into iss309
2015-10-25 12:36:03 +01:00
Janos Follath
6cbacec3b3
Improved on the fix of #309 and extended the test to cover subroutines.
2015-10-25 12:31:27 +01:00
Janos Follath
044a86bde8
Tests and fix added for #309 (inplace mpi doubling).
2015-10-25 10:58:03 +01:00
Manuel Pégourié-Gonnard
65eefc8707
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-23 16:19:53 +02:00