mbedtls/library
Gilles Peskine 139108af94 RSA PSS: fix minimum length check for keys of size 8N+1
The check introduced by the previous security fix was off by one. It
fixed the buffer overflow but was not compliant with the definition of
PSS which technically led to accepting some invalid signatures (but
not signatures made without the private key).
2017-10-18 19:03:42 +02:00
..
.gitignore
aes.c Export mbedtls_aes_(en/de)crypt to retain for API compatibility 2017-07-27 21:44:33 +01:00
aesni.c Fix build errors on x32 by using the generic 'add' instruction 2016-05-23 14:29:28 +01:00
arc4.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
asn1write.c Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths 2016-08-25 15:42:27 +01:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development 2017-06-08 19:48:03 +02:00
blowfish.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
camellia.c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
ccm.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
certs.c Undo API change from SHA1 deprecation 2017-07-27 21:44:33 +01:00
cipher.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
cipher_wrap.c
cmac.c Rename time and index parameter to avoid name conflict. 2017-07-28 22:28:08 +01:00
CMakeLists.txt Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
ctr_drbg.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
debug.c Fix compiler warning in debug.c 2017-02-15 09:08:26 +00:00
des.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
dhm.c Check return code of mbedtls_mpi_fill_random 2017-07-27 21:44:33 +01:00
ecdh.c
ecdsa.c
ecjpake.c Fix potential stack buffer overflow in ecjpake 2015-10-20 16:20:56 +02:00
ecp.c Check return code of mbedtls_mpi_fill_random 2017-07-27 21:44:33 +01:00
ecp_curves.c ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
entropy.c Rename time and index parameter to avoid name conflict. 2017-07-28 22:28:08 +01:00
entropy_poll.c Renames null entropy source function for clarity 2016-06-12 00:31:33 +01:00
error.c Only return VERIFY_FAILED from a single point 2017-07-06 11:58:41 +02:00
gcm.c fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
havege.c Fixes warnings found by Clang static analyser 2016-05-23 23:18:26 +01:00
hmac_drbg.c
Makefile Added cmac.o to libary/Makefile 2016-10-13 13:51:09 +01:00
md.c
md2.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
md4.c
md5.c
md_wrap.c
memory_buffer_alloc.c Fixes memory leak in memory_buffer_alloc.c debug 2016-05-23 14:29:29 +01:00
net_sockets.c Fix formatting issues in net_sockets.c 2017-02-15 09:08:26 +00:00
oid.c Removing in compile time unused entries from oid_ecp_grp list 2016-09-04 15:14:38 +01:00
padlock.c
pem.c Fix unused variable/function compilation warnings 2017-02-15 22:54:42 +02:00
pk.c Fix data loss in unsigned int cast in PK 2017-05-11 21:55:17 +01:00
pk_wrap.c Fix data loss in unsigned int cast in PK 2017-05-11 21:55:17 +01:00
pkcs5.c Fix output of PKCS#5 and RIPEMD-160 self tests 2016-08-25 16:36:35 +01:00
pkcs11.c
pkcs12.c Shut up a few clang-analyze warnings about use of uninitialized variables 2016-05-23 14:29:28 +01:00
pkparse.c Clarify Comments and Fix Typos (#651) 2017-02-15 09:08:26 +00:00
pkwrite.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
platform.c Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT 2017-07-27 21:44:33 +01:00
ripemd160.c Fix output of PKCS#5 and RIPEMD-160 self tests 2016-08-25 16:36:35 +01:00
rsa.c RSA PSS: fix minimum length check for keys of size 8N+1 2017-10-18 19:03:42 +02:00
sha1.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
sha256.c Use allocated memory for SHA self tests 2016-10-13 15:10:14 +01:00
sha512.c Use allocated memory for SHA self tests 2016-10-13 15:10:14 +01:00
ssl_cache.c Fix naked call to time() with platform call 2017-07-28 23:46:43 +01:00
ssl_ciphersuites.c Undo API change 2017-07-27 21:44:33 +01:00
ssl_cli.c Always print gmt_unix_time in TLS client 2017-10-06 11:59:13 +01:00
ssl_cookie.c Fix resource leak when using mutex and ssl_cookie 2017-03-02 12:26:11 +00:00
ssl_srv.c Merge remote-tracking branch 'gilles/iotssl-1223/development' into development 2017-06-06 20:11:36 +02:00
ssl_ticket.c Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
ssl_tls.c Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. 2017-10-06 11:58:50 +01:00
threading.c Remove mutexes from ECP hardware acceleration 2017-07-27 21:44:32 +01:00
timing.c Give better error messages for semi-portable parts 2016-02-22 10:47:32 +01:00
version.c
version_features.c Checked names 2017-07-27 21:44:33 +01:00
x509.c Rename time and index parameter to avoid name conflict. 2017-07-28 22:28:08 +01:00
x509_create.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
x509_crl.c Fix potential integer overflow parsing DER CRL 2017-07-27 21:44:34 +01:00
x509_crt.c Fix potential integer overflow parsing DER CRT 2017-07-27 21:44:34 +01:00
x509_csr.c Prevent signed integer overflow in CSR parsing 2017-07-27 21:44:34 +01:00
x509write_crt.c Rename time and index parameter to avoid name conflict. 2017-07-28 22:28:08 +01:00
x509write_csr.c Add missing bounds check in X509 DER write funcs 2016-10-11 14:07:48 +01:00
xtea.c