Gilles Peskine
1fae860f0f
Merge remote-tracking branch 'upstream-public/pr/1543' into development-proposed
2018-04-04 09:03:25 +02:00
Gilles Peskine
90a8b5219f
Merge branch 'pr_1480' into development-proposed
2018-04-01 12:44:06 +02:00
Gilles Peskine
0ed632f445
Merge remote-tracking branch 'upstream-public/pr/1499' into development-proposed
2018-04-01 12:41:22 +02:00
Gilles Peskine
695d557dcf
Merge branch 'pr_1180' into development-proposed
2018-04-01 12:26:36 +02:00
Gilles Peskine
cc78ac46e7
Update error.c
2018-03-30 18:52:10 +02:00
Gilles Peskine
5114d3e4e1
Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
...
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Jaeden Amero
2ad47e3bcc
Merge remote-tracking branch 'upstream-public/pr/1528' into development-proposed
2018-03-29 11:00:50 +01:00
Jaeden Amero
78a03ec230
Merge remote-tracking branch 'upstream-public/pr/1379' into development-proposed
2018-03-29 10:57:57 +01:00
Jaeden Amero
90226be779
Merge remote-tracking branch 'upstream-public/pr/1467' into development-proposed
2018-03-28 15:35:22 +01:00
Jaeden Amero
2843d21d99
Merge remote-tracking branch 'upstream-public/pr/1523' into development-proposed
2018-03-28 15:32:13 +01:00
Jaeden Amero
5ec118352e
Merge remote-tracking branch 'upstream-public/pr/1474' into development-proposed
2018-03-28 14:22:29 +01:00
Jaeden Amero
552b9cc5ba
Merge remote-tracking branch 'upstream-public/pr/1477' into development-proposed
2018-03-28 13:42:32 +01:00
Jaeden Amero
8645e90825
Merge remote-tracking branch 'upstream-restricted/pr/363' into development-proposed
2018-03-28 11:54:28 +01:00
Manuel Pégourié-Gonnard
18b78435dc
Fix a typo in a comment
2018-03-28 11:14:06 +02:00
Nicholas Wilson
54fc34ea68
Include order of Curve25519 base point in curve data
2018-03-28 11:08:30 +02:00
Andres Amaya Garcia
af9a486b01
Fix coding style in pkcs5.c preprocessor directives
2018-03-27 20:53:12 +01:00
Marcos Del Sol Vives
8a0dfacb58
Compile PBES2 in PKCS5 only if ASN1 is enabled
2018-03-27 20:15:33 +01:00
Andy Leiserson
79e7789d44
return plaintext data faster on unpadded decryption
2018-03-27 10:55:24 -07:00
Jaeden Amero
fba16f782c
Merge remote-tracking branch 'upstream-public/pr/572' into development-proposed
2018-03-27 16:42:20 +01:00
Andres Amaya Garcia
ceed91b72c
Allow overriding ar param prefix in library/Makefile
2018-03-25 23:48:39 +01:00
Andres Amaya Garcia
873f15d70d
Make DLEXT var configurable in library/Makefile
2018-03-25 23:47:15 +01:00
Jaeden Amero
f65379bc40
Merge remote-tracking branch 'upstream-restricted/pr/382' into development
2018-03-23 11:14:17 +00:00
Gilles Peskine
15ad579895
Merge tag 'mbedtls-2.8.0' into iotssl-1381-x509-verify-refactor-restricted
...
Conflict resolution:
* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
addition. In addition some of the additions in the
iotssl-1381-x509-verify-refactor-restricted branch need support for
keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:16:22 +01:00
Jethro Beekman
d2df936e67
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
...
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:01:18 -07:00
Gilles Peskine
a7b34c7810
Merge remote-tracking branch 'upstream-public/pr/1406' into development-proposed
2018-03-22 21:52:48 +01:00
Gilles Peskine
f15a8beacf
Merge remote-tracking branch 'upstream-public/pr/1256' into development-proposed
2018-03-22 21:51:53 +01:00
Gilles Peskine
0818540ff7
Merge branch 'pr_726' into development-proposed
2018-03-22 21:50:48 +01:00
Gilles Peskine
5bdb671404
Merge branch 'pr_403' into development-proposed
2018-03-22 21:34:15 +01:00
Gilles Peskine
4e4be7cf62
Optimize unnecessary zeorizing in mbedtls_mpi_copy
...
Based on a contribution by Alexey Skalozub
(https://github.com/ARMmbed/mbedtls/pull/405 ).
2018-03-21 16:29:03 +01:00
Gergely Budai
13f7fb372e
Do not define and initialize global mutexes on configurations that do not use them.
2018-03-21 15:01:55 +00:00
Azim Khan
27e8a120b2
Assign NULL after freeing psk and psk_identity
2018-03-21 14:24:11 +00:00
junyeonLEE
316b162ac3
Separate psk and psk_identity buffers free
...
Sometimes, psk_identity buffer can't released because psk buffer is NULL.
So, separate it.
2018-03-21 14:15:28 +00:00
Mitsuhiro Nakamura
5ff2ee51e9
Fix dylib linking
2018-03-21 11:10:59 +00:00
Jaeden Amero
8be0e6db41
Update version to 2.8.0
2018-03-16 16:25:12 +00:00
Jaeden Amero
79a5e72719
Merge remote-tracking branch 'upstream-restricted/pr/463' into development-restricted-proposed
2018-03-15 08:25:05 +00:00
Jaeden Amero
24b2d6fb6d
Merge remote-tracking branch 'upstream-restricted/pr/459' into development-restricted-proposed
2018-03-15 08:24:44 +00:00
Jaeden Amero
ce183d994c
Merge remote-tracking branch 'upstream-public/pr/1448' into development-proposed
2018-03-15 08:23:53 +00:00
Jaeden Amero
d1fedc55d7
Merge remote-tracking branch 'upstream-public/pr/1440' into development-proposed
2018-03-15 08:23:35 +00:00
Jaeden Amero
95ad522ecc
Merge remote-tracking branch 'upstream-public/pr/1439' into development-proposed
2018-03-15 08:23:10 +00:00
Manuel Pégourié-Gonnard
fd3e4fbae7
x509: CRL: reject unsupported critical extensions
2018-03-14 09:15:02 +01:00
Gilles Peskine
5f1932817c
Merge remote-tracking branch 'upstream-restricted/pr/398' into development-restricted-proposed
2018-03-13 17:18:06 +01:00
Gilles Peskine
553a06f08a
Merge remote-tracking branch 'upstream-restricted/pr/351' into development-restricted-proposed
...
Move the added ChangeLog entry to the bottom so that the list remains
in merge order.
2018-03-13 17:15:34 +01:00
Manuel Pégourié-Gonnard
1ba8a3fc55
Yet another dependency issue (PKCS1_V15)
...
Found by running:
CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl
(Also tested with same command but CC=gcc)
Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:42:38 +01:00
Krzysztof Stachowiak
5224a7544c
Prevent arithmetic overflow on bounds check
2018-03-13 11:31:38 +01:00
Krzysztof Stachowiak
740b218386
Add bounds check before length read
2018-03-13 11:31:14 +01:00
Krzysztof Stachowiak
027f84c69f
Prevent arithmetic overflow on bounds check
2018-03-13 11:29:24 +01:00
Krzysztof Stachowiak
a1098f81c2
Add bounds check before signature length read
2018-03-13 11:28:49 +01:00
Gilles Peskine
f3ada4adb0
Merge branch 'pr_679' into development-proposed
2018-03-13 00:13:29 +01:00
Gilles Peskine
d5f7d24e84
Merge branch 'pr_1064' into development-proposed
2018-03-13 00:08:05 +01:00
Gilles Peskine
a31d8206b1
Merge remote-tracking branch 'upstream-public/pr/778' into development-proposed
2018-03-12 23:45:08 +01:00