mbedtls/library at fab356996336ba286d71b5747ed981b6021878ff - mbedtls - Gitea: Git with a cup of tea

mirror/mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-26 21:35:35 +00:00

History

Hanno Becker fab3569963 Use in-place decryption in pk_parse_pkcs8_encrypted_der

The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.

This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.

There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key.
   This does not need adaption since the PEM context used to hold the decoded
   key is already constructed and owned by mbedtls_pk_parse_key.
2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key.
   In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with
   the buffer provided by the user, which is declared const. The commit
   therefore adds a small code paths making a copy of the keybuffer before
   calling pk_parse_pkcs8_encrypted_der.

2017-08-25 13:57:21 +01:00

..

.gitignore

Split libs with make + general make cleanups

2015-06-25 10:59:56 +02:00

aes.c

Export mbedtls_aes_(en/de)crypt to retain for API compatibility

2017-07-20 12:36:53 +02:00

aesni.c

Fix build errors on x32 by using the generic 'add' instruction

2016-05-23 14:29:28 +01:00

arc4.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

asn1parse.c

Fix 1 byte overread in mbedtls_asn1_get_int()

2016-10-13 13:54:14 +01:00

asn1write.c

Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths

2016-08-25 15:42:27 +01:00

base64.c

Add comment to integer overflow fix in base64.c

2017-02-15 23:31:07 +02:00

bignum.c

Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development

2017-06-08 19:48:03 +02:00

blowfish.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

camellia.c

Address user reported coverity issues.

2016-06-07 14:52:35 +01:00

ccm.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

certs.c

Undo API change from SHA1 deprecation

2017-07-20 12:36:53 +02:00

cipher_wrap.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

cipher.c

Fix integer overflows in buffer bound checks

2017-02-15 23:31:07 +02:00

cmac.c

Fix check-doxy-blocks.pl errors (cmac.c ecjpake.h)

2017-05-12 00:18:04 +01:00

CMakeLists.txt

Update the version number to 2.5.1

2017-06-20 23:08:10 +01:00

ctr_drbg.c

Fix integer overflows in buffer bound checks

2017-02-15 23:31:07 +02:00

debug.c

Fix compiler warning in debug.c

2017-02-15 09:08:26 +00:00

des.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

dhm.c

Check return code of mbedtls_mpi_fill_random

2017-07-20 01:23:32 +02:00

ecdh.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

ecdsa.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

ecjpake.c

Fix potential stack buffer overflow in ecjpake

2015-10-20 16:20:56 +02:00

ecp_curves.c

ECP: Add module and function level replacement options.

2017-05-11 22:42:14 +01:00

ecp.c

Check return code of mbedtls_mpi_fill_random

2017-07-20 01:23:32 +02:00

entropy_poll.c

Renames null entropy source function for clarity

2016-06-12 00:31:33 +01:00

entropy.c

Fix unused variable warnings for null entropy config

2016-09-15 18:57:34 +01:00

error.c

Merge fix for IE Certificate Compatibility

2016-10-13 17:21:01 +01:00

gcm.c

fix for issue 1118: check if iv is zero in gcm.

2017-07-20 00:11:24 +02:00

havege.c

Fixes warnings found by Clang static analyser

2016-05-23 23:18:26 +01:00

hmac_drbg.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

Makefile

Added cmac.o to libary/Makefile

2016-10-13 13:51:09 +01:00

md2.c

Fix integer overflows in buffer bound checks

2017-02-15 23:31:07 +02:00

md4.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

md5.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

md_wrap.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

md.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

memory_buffer_alloc.c

Fixes memory leak in memory_buffer_alloc.c debug

2016-05-23 14:29:29 +01:00

net_sockets.c

Fix formatting issues in net_sockets.c

2017-02-15 09:08:26 +00:00

oid.c

Removing in compile time unused entries from oid_ecp_grp list

2016-09-04 15:14:38 +01:00

padlock.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

pem.c

Fix unused variable/function compilation warnings

2017-02-15 22:54:42 +02:00

pk_wrap.c

Fix data loss in unsigned int cast in PK

2017-05-11 21:55:17 +01:00

pk.c

Fix data loss in unsigned int cast in PK

2017-05-11 21:55:17 +01:00

pkcs5.c

Fix output of PKCS#5 and RIPEMD-160 self tests

2016-08-25 16:36:35 +01:00

pkcs11.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

pkcs12.c

Shut up a few clang-analyze warnings about use of uninitialized variables

2016-05-23 14:29:28 +01:00

pkparse.c

Use in-place decryption in pk_parse_pkcs8_encrypted_der

2017-08-25 13:57:21 +01:00

pkwrite.c

Fix other occurrences of same bounds check issue

2015-10-21 12:50:45 +02:00

platform.c

Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT

2017-07-21 02:12:49 +02:00

ripemd160.c

Fix output of PKCS#5 and RIPEMD-160 self tests

2016-08-25 16:36:35 +01:00

rsa.c

Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted

2017-06-08 20:31:06 +02:00

sha1.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

sha256.c

Use allocated memory for SHA self tests

2016-10-13 15:10:14 +01:00

sha512.c

Use allocated memory for SHA self tests

2016-10-13 15:10:14 +01:00

ssl_cache.c

Puts platform time abstraction into its own header

2016-07-13 14:46:18 +01:00

ssl_ciphersuites.c

Undo API change

2017-07-20 12:36:53 +02:00

ssl_cli.c

Simplify retaining of messages for future processing

2017-06-08 10:12:16 +01:00

ssl_cookie.c

Fix resource leak when using mutex and ssl_cookie

2017-03-02 12:26:11 +00:00

ssl_srv.c

Merge remote-tracking branch 'gilles/iotssl-1223/development' into development

2017-06-06 20:11:36 +02:00

ssl_ticket.c

Puts platform time abstraction into its own header

2016-07-13 14:46:18 +01:00

ssl_tls.c

Ensure application data records are not kept when fully processed

2017-06-09 10:42:03 +01:00

threading.c

Remove mutexes from ECP hardware acceleration

2017-07-19 02:07:59 +01:00

timing.c

Give better error messages for semi-portable parts

2016-02-22 10:47:32 +01:00

version_features.c

Checked names

2017-07-22 11:53:56 +02:00

version.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

x509_create.c

Fix other occurrences of same bounds check issue

2015-10-21 12:50:45 +02:00

x509_crl.c

Fix potential integer overflow parsing DER CRL

2017-07-26 12:07:26 +01:00

x509_crt.c

Fix potential integer overflow parsing DER CRT

2017-07-26 17:13:03 +01:00

x509_csr.c

Prevent signed integer overflow in CSR parsing

2017-07-26 17:19:59 +01:00

x509.c

X.509 self-tests: replaced SHA-1 certificates by SHA-256

2017-06-06 18:44:13 +02:00

x509write_crt.c

Add missing bounds check in X509 DER write funcs

2016-10-11 14:07:48 +01:00

x509write_csr.c

Add missing bounds check in X509 DER write funcs

2016-10-11 14:07:48 +01:00

xtea.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00