mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
mbedtls/library
History
Hanno Becker b75ffb5061 Don't perform binary comparison of CRL issuer and CA subject 
Previously, when checking whether a CRT was revoked through
one of the configured CRLs, the library would only consider
those CRLs whose `issuer` field binary-matches the `subject`
field of the CA that has issued the CRT in question. If those
fields were not binary equivalent, the corresponding CRL was
discarded.

This is not in line with RFC 5280, which demands that the
comparison should be format- and case-insensitive. For example:

- If the same string is once encoded as a `PrintableString` and
  another time as a `UTF8String`, they should compare equal.
- If two strings differ only in their choice of upper and lower case
  letters, they should compare equal.

This commit fixes this by using the dedicated x509_name_cmp()
function to compare the CRL issuer with the CA subject.

Fixes #1784.
2018-11-05 11:54:06 +00:00
..
.gitignore
Split libs with make + general make cleanups
2015-06-25 10:59:56 +02:00
aes.c
Merge remote-tracking branch 'public/pr/1736' into development
2018-06-17 17:34:55 +01:00
aesni.c
Warn if using a memory sanitizer on AESNI
2018-04-05 15:37:38 +02:00
arc4.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
aria.c
Use mbedtls_printf instead of printf
2018-08-13 13:49:52 +03:00
asn1parse.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
asn1write.c
Treat warnings as errors for IAR
2018-05-25 14:54:14 +01:00
base64.c
Add comment to integer overflow fix in base64.c
2017-02-15 23:31:07 +02:00
bignum.c
Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed
2018-05-04 14:39:24 +01:00
blowfish.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
camellia.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
ccm.c
enforce input and output of ccm selftest on stack
2018-07-30 11:29:26 +03:00
certs.c
Undo API change from SHA1 deprecation
2017-07-27 21:44:33 +01:00
chacha20.c
Fix usage of inline with for some compilers
2018-06-07 11:54:17 +02:00
chachapoly.c
Fix a few typos
2018-06-18 10:30:30 +02:00
cipher_wrap.c
Fix after PR comments
2018-07-23 18:18:32 +01:00
cipher.c
Resolve PR review comments
2018-07-23 18:18:35 +01:00
cmac.c
Merge remote-tracking branch 'public/pr/1390' into development
2018-06-27 10:51:47 +01:00
CMakeLists.txt
Update library version number to 2.13.1
2018-09-06 19:10:26 +01:00
ctr_drbg.c
ctr_drbg: add comments relating the code with the NIST specification
2018-08-21 17:55:46 +03:00
debug.c
Fix compilation error with Mingw32
2017-09-06 17:51:14 +03:00
des.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
dhm.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
ecdh.c
Fix some typos in documentation and comments
2018-10-22 09:56:53 +02:00
ecdsa.c
Fix function name to fit conventions
2018-10-16 10:41:31 +02:00
ecjpake.c
Fix minor code style issues
2018-05-15 09:21:57 +01:00
ecp_curves.c
Merge branch 'pr_348' into development-proposed
2018-04-04 09:18:27 +02:00
ecp.c
Detect unsigned integer overflow in mbedtls_ecp_check_budget()
2018-10-26 15:09:35 +01:00
entropy_poll.c
Merge remote-tracking branch 'public/pr/1198' into development
2018-07-24 17:20:17 +01:00
entropy.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
error.c
Merge remote-tracking branch 'public/pr/1993' into development
2018-10-27 18:36:28 +01:00
gcm.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
havege.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
hkdf.c
Fix issue if salt = NULL and salt_len !=0 in mbedtls_hkdf_extract()
2018-07-23 10:34:47 -07:00
hmac_drbg.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
Makefile
Update library version number to 2.13.0
2018-08-31 15:59:10 +01:00
md2.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
md4.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
md5.c
Fix Lucky 13 cache attack on MD/SHA padding
2018-07-05 10:47:00 +02:00
md_wrap.c
New MD API: rename functions from _ext to _ret
2018-01-22 11:54:42 +01:00
md.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
memory_buffer_alloc.c
Fix braces in mbedtls_memory_buffer_alloc_status()
2018-06-12 16:56:04 +01:00
net_sockets.c
Merge remote-tracking branch 'public/pr/1198' into development
2018-07-24 17:20:17 +01:00
nist_kw.c
Add selftests
2018-07-24 16:43:20 +01:00
oid.c
pkcs5v2: add support for additional hmacSHA algorithms
2018-02-08 17:18:15 +08:00
padlock.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
pem.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
pk_wrap.c
Fix or improve some comments (and whitespace)
2018-10-15 15:27:49 +02:00
pk.c
Fix function name to fit conventions
2018-10-16 10:41:31 +02:00
pkcs5.c
Treat warnings as errors for IAR
2018-05-25 14:54:14 +01:00
pkcs11.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
pkcs12.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
pkparse.c
Remove unnecessary mark as unused #1098
2018-07-11 15:16:53 +02:00
pkwrite.c
Adapt PK test suite to use new interface
2017-08-23 16:17:27 +01:00
platform_util.c
Don't declare and define gmtime()-mutex on Windows platforms
2018-09-06 12:09:56 +01:00
platform.c
Convert mbedtls_free and mbedtls_calloc into functions
2018-06-13 09:17:59 +01:00
poly1305.c
Fix usage of inline with for some compilers
2018-06-07 11:54:17 +02:00
ripemd160.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
rsa_internal.c
Add explicit type cast to avoid truncation warning
2018-01-03 09:27:40 +00:00
rsa.c
Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed
2018-05-04 14:39:24 +01:00
sha1.c
Fix Lucky 13 cache attack on MD/SHA padding
2018-07-05 10:47:00 +02:00
sha256.c
Fix Lucky 13 cache attack on MD/SHA padding
2018-07-05 10:47:00 +02:00
sha512.c
Fix Lucky 13 cache attack on MD/SHA padding
2018-07-05 10:47:00 +02:00
ssl_cache.c
Address PR review comments
2017-10-29 17:53:52 +02:00
ssl_ciphersuites.c
Merge remote-tracking branch 'upstream-public/pr/1378' into development
2018-08-10 10:59:53 +01:00
ssl_cli.c
Fix misleading sub-state name and comments
2018-10-16 10:28:17 +02:00
ssl_cookie.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
ssl_srv.c
Style: Add numerous comments indicating condition guarded by #endif
2018-08-28 10:13:29 +01:00
ssl_ticket.c
Fix bug in SSL ticket implementation removing keys of age < 1s
2018-08-21 17:48:52 +01:00
ssl_tls.c
Merge remote-tracking branch 'public/pr/2111' into development-proposed
2018-10-28 16:22:18 +00:00
threading.c
Don't declare and define gmtime()-mutex on Windows platforms
2018-09-06 12:09:56 +01:00
timing.c
library: Port to Haiku.
2018-04-11 20:27:32 -04:00
version_features.c
Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted
2018-09-11 12:39:14 +02:00
version.c
Fix missing void argument declarations #678
2016-11-04 23:05:56 +01:00
x509_create.c
Fix other occurrences of same bounds check issue
2015-10-21 12:50:45 +02:00
x509_crl.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
x509_crt.c
Don't perform binary comparison of CRL issuer and CA subject
2018-11-05 11:54:06 +00:00
x509_csr.c
Merge remote-tracking branch 'public/pr/1621' into development
2018-06-28 12:09:15 +01:00
x509.c
Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
2018-09-05 15:06:19 +01:00
x509write_crt.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
x509write_csr.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
xtea.c
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00