TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-03 11:06:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
979 Commits 179 Branches 280 Tags
e4e4be77bed48deb01e61dff07f2d3231a9b9938
Commit Graph

538 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
e4e4be77be Fix potential overflow in base64_encode 2015-10-01 18:10:17 +02:00
Manuel Pégourié-Gonnard
b73ce45b3f Fix potential random malloc in pem_read() 2015-10-01 17:00:22 +02:00
Manuel Pégourié-Gonnard
9b75305d6a Fix potential buffer overflow in mpi_read_string() 
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
 2015-10-01 16:59:55 +02:00
Manuel Pégourié-Gonnard
73011bba95 Fix stack buffer overflow in pkcs12 2015-10-01 16:57:47 +02:00
Manuel Pégourié-Gonnard
a7975dcf9a Remove file that should never have been added 
Oops.
 2015-09-21 12:07:10 +02:00
Manuel Pégourié-Gonnard
9405e462d0 Bump version to 1.2.15 2015-09-17 11:55:25 +02:00
Manuel Pégourié-Gonnard
2bc4505f5d Add counter-measure against RSA-CRT attack 
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

backport of a1cdcd2
 2015-09-09 12:36:49 +02:00
Manuel Pégourié-Gonnard
fa566e3545 Fix possible client crash on API misuse 2015-09-03 11:01:37 +02:00
Manuel Pégourié-Gonnard
aa4e55bd23 Fix warning with MD/SHA ALT implementation 
backport of e217cee

see #239
 2015-08-31 12:23:30 +02:00
Manuel Pégourié-Gonnard
faf44abf2a Accept a trailing space at end of PEM lines 
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
 2015-08-10 16:43:28 +02:00
Manuel Pégourié-Gonnard
af39e3e597 Fix missing -static-libgcc for dlls 2015-08-10 16:41:14 +02:00
Paul Bakker
7fc4e3e225 Prepare for 1.2.15 release 2015-08-10 15:06:34 +01:00
Manuel Pégourié-Gonnard
3517c20df7 Up default server DH params to 2048 bits 2015-07-03 17:43:06 +02:00
Manuel Pégourié-Gonnard
78a428dbd0 Fix unchecked malloc() 
Found using Infer.
 2015-06-29 19:00:38 +02:00
Manuel Pégourié-Gonnard
26d88cf154 Fix thread-safety issue in debug.c 2015-06-29 18:54:28 +02:00
Manuel Pégourié-Gonnard
5324d411da Up min size of DHM params to 1024 bits 2015-06-29 18:54:28 +02:00
Paul Bakker
7b209579c6 Prepare for 1.2.14 release 2015-06-26 15:35:30 +01:00
Manuel Pégourié-Gonnard
70f0df9e46 Add countermeasure against cache-based lucky 13 2015-04-29 09:45:58 +02:00
Manuel Pégourié-Gonnard
0c2fa144bc Fix invalid memory read in x509_get_sig() 2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
cd7d24d464 Fix bug in Via Padlock support 
Backport of cf201201 from the 1.3 branch
 2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
7e82884811 Fix hardclock with some versions of mingw64 
Backport of 383433535 from the 1.3 branch
 2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
a9553a8c49 Fix warnings from mingw64 in timing.c 
Backport from dda52139 from the 1.3 branch
 2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
64f65e84bc Fix potential unintended sign extension 
Backport of 6fdc4cae from the 1.3 branch
 2015-04-23 10:55:04 +02:00
Manuel Pégourié-Gonnard
aa695be983 Fix version-major intolerance again 
This time doing minimal changes to avoid introducing other issues.
 2015-04-10 14:12:14 +02:00
Manuel Pégourié-Gonnard
9b4c5d9f21 Revert "Fix verion-major intolerance" 
This reverts commit 6d841c2c5c.

This commit introduced a security-critical bug in the way the client version
is validated. Let's first revert it to fix the security issue, and then fix
the version-major intolerance issue another way.
 2015-04-10 13:57:43 +02:00
Paul Bakker
9fdc58fd9e Ready for release 1.2.13 2015-02-16 15:17:32 +01:00
Paul Bakker
530927b163 Update copyright line to 2015 2015-02-13 14:24:10 +01:00
Manuel Pégourié-Gonnard
f097400abc Fix small bug in base64_encode() 2015-02-05 11:48:58 +00:00
Manuel Pégourié-Gonnard
2dc15c8e7d Fix unchecked error on windows 2015-02-05 11:34:49 +00:00
Manuel Pégourié-Gonnard
e12abf90ce Fix url 2015-01-28 17:13:45 +00:00
Manuel Pégourié-Gonnard
0edee5e386 Update copyright notice 2015-01-26 15:29:40 +00:00
Manuel Pégourié-Gonnard
258bab0b1b Fix missing bound check 2014-11-27 09:27:21 +01:00
Manuel Pégourié-Gonnard
4cdb3babad Add POLARSSL_X509_MAX_INTERMEDIATE_CA 2014-11-20 17:12:15 +01:00
Manuel Pégourié-Gonnard
6a095d2383 Make x509parse_crt() iterative 2014-11-20 17:03:09 +01:00
Manuel Pégourié-Gonnard
1c022a6983 Fix memory leaks in PKCS#5 and PKCS#12 2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
d8a1ea72b1 Fix potential buffer overread of size 1 2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
ffbeedb838 Fix potential undefined behaviour in Camellia 2014-11-17 11:52:34 +01:00
Manuel Pégourié-Gonnard
6c28491a15 Backport build modes from 1.3 2014-11-17 11:15:13 +01:00
Manuel Pégourié-Gonnard
017bf57daa Forbid repeated X.509 extensions 2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
360eb91d02 Fix potential stack overflow 2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
fdec957e55 Fix memory leak with crafted X.509 certs 2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d3ae430241 Fix uninitialised pointer dereference 2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d730aa517a Use blinding for RSA even without CRT 2014-11-12 16:29:12 +01:00
Paul Bakker
fc3697ce2b Prepared for PolarSSL-1.2.12 2014-10-24 10:42:52 +02:00
Manuel Pégourié-Gonnard
0b12d5e332 Accept spaces at EOL/buffer in base64_decode() 2014-10-23 17:00:26 +02:00
Alfred Klomp
d6d5ef2f0d timing.c: avoid referencing garbage value 
Found with Clang's `scan-build` tool.

When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.

Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
 2014-10-23 15:36:33 +02:00
Alfred Klomp
ec99373df6 pkcs5.c: fix dead store: return proper exit status 
Found with Clang's `scan-build` tool.

The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
 2014-10-23 15:34:02 +02:00
Manuel Pégourié-Gonnard
9711920304 Fix ssl_read wrt non-Application Data 2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard
3fdfcedebb Fix net_accept() regarding non-blocking sockets 2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard
0b0b522932 Fix compiler warnings on iOS 2014-10-23 15:17:27 +02:00