From c6559722f298821efda08cfe4aeda78ae8f66549 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 11:23:36 +0100 Subject: [PATCH 01/54] Fix buffer overreads in mbedtls_pem_read_buffer() --- ChangeLog | 7 +++++++ library/pem.c | 20 +++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 92d7977e0..3f95de34b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.1.x branch released xxxx-xx-xx + +Bugfix + * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing + the input string in pem format to extract the different components. Found + by Eyal Itkin. + = mbed TLS 2.1.6 branch released 2016-10-17 Security diff --git a/library/pem.c b/library/pem.c index 1ee3966e1..d1c660412 100644 --- a/library/pem.c +++ b/library/pem.c @@ -249,7 +249,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const enc = 0; - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) @@ -262,22 +262,22 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #if defined(MBEDTLS_DES_C) - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; s1 += 23; - if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; } - else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_CBC; s1 += 18; - if( pem_get_iv( s1, pem_iv, 8) != 0 ) + if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 16; @@ -285,9 +285,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { - if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if( s2 - s1 < 22 ) + return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_128_CBC; else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) enc_alg = MBEDTLS_CIPHER_AES_192_CBC; @@ -297,7 +299,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); s1 += 22; - if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); s1 += 32; @@ -316,7 +318,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 == s2 ) + if( s1 >= s2 ) return( MBEDTLS_ERR_PEM_INVALID_DATA ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); From d5d6a3054b67379f740f522259fd72e131001ec5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 24 Oct 2016 14:31:54 +0100 Subject: [PATCH 02/54] Add tests for overreads in pem_read_buffer() --- ChangeLog | 2 +- tests/suites/test_suite_pem.data | 9 +++++++++ tests/suites/test_suite_pem.function | 24 ++++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3f95de34b..4bde6e4f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in pem format to extract the different components. Found + the input string in PEM format to extract the different components. Found by Eyal Itkin. = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 973c92325..9a62db8ea 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -15,3 +15,12 @@ mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102 PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" + +PEM read (DES-EDE3-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 + +PEM read (DES-CBC + invalid iv) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 + +PEM read (unknown encryption algorithm) +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 6a62bfed9..5e022109c 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -3,12 +3,7 @@ #include "mbedtls/pem.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PEM_WRITE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *result_str ) { unsigned char buf[5000]; @@ -38,3 +33,20 @@ exit: mbedtls_free( check_buf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */ +void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret ) +{ + mbedtls_pem_context ctx; + size_t use_len = 0; + + mbedtls_pem_init( &ctx ); + + TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer, + (const unsigned char *)data, NULL, 0, + &use_len ) == ret ); + +exit: + mbedtls_pem_free( &ctx ); +} +/* END_CASE */ From ba2fda645affceb7fafde8aa0624ccf12a5e59e7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Jan 2017 23:24:02 +0000 Subject: [PATCH 03/54] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 10 ++++++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 92d7977e0..0776a56d8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Bugfix + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + = mbed TLS 2.1.6 branch released 2016-10-17 Security diff --git a/library/cipher.c b/library/cipher.c index ccc068503..1523b07da 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -300,9 +300,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) || + ilen <= mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) ) + ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index aefddfa1d..646196eb1 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -290,7 +290,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 897670131..95cbcce65 100644 --- a/library/md2.c +++ b/library/md2.c @@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From 81d126f92397511f1bd4bb6f88f43d2f892838cf Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 04/54] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/base64.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 92d7977e0..13827accd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Bugfix + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + = mbed TLS 2.1.6 branch released 2016-10-17 Security diff --git a/library/base64.c b/library/base64.c index 3432e5fcd..d4fdf6e1a 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || dlen < n ) From 7cd7cf0ebe9e31a5cdc21a46b538214d96666f0c Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:08:44 +0000 Subject: [PATCH 05/54] Fix CRL parsing to avoid infinite loop This patch modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM format with trailing characters after the footer does not result in the execution of an infinite loop. --- ChangeLog | 9 +++++++++ library/x509_crl.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 92d7977e0..7f7740f27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fixed potential livelock during the parsing of a CRL in PEM format in + mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing + characters after the footer could result in the execution of an infinite + loop. The issue can be triggered remotely. Found by Greg Zaverucha, + Microsoft. + = mbed TLS 2.1.6 branch released 2016-10-17 Security diff --git a/library/x509_crl.c b/library/x509_crl.c index 125a77399..dca14cc99 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -529,7 +529,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s mbedtls_pem_free( &pem ); } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + else if( is_pem ) { mbedtls_pem_free( &pem ); return( ret ); From 978bdf957529703527c84bf30f3905caa33e7242 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:10:38 +0000 Subject: [PATCH 06/54] Add test for infinite loop in CRL parse --- .../crl-malformed-trailing-spaces.pem | 20 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 ++++ tests/suites/test_suite_x509parse.function | 16 +++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 tests/data_files/crl-malformed-trailing-spaces.pem diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/crl-malformed-trailing-spaces.pem new file mode 100644 index 000000000..9eae3da19 --- /dev/null +++ b/tests/data_files/crl-malformed-trailing-spaces.pem @@ -0,0 +1,20 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwQDaQAwZgIxAL/VFrDIYUECsS0rVpAy +6zt/CqeAZ1sa/l5LTaG1XW286n2Kibipr6EpkYZNYIQILgIxAI0wb3Py1DHPWpYf +/BFBH7C3KYq+nWTrLeEnhrjU1LzG/CiQ8lnuskya6lw/P3lJ/A== +-----END X509 CRL----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6511cef9f..e81148e71 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -198,6 +198,10 @@ X509 CRL Information EC, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" +X509 CRL Malformed Input (trailing spaces at end of file) +depends_on:MBEDTLS_PEM_PARSE_C +mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT + X509 CSR Information RSA with MD4 depends_on:MBEDTLS_PEM_PARSE_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 40e653d1d..a724cd8e4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -163,6 +163,22 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ +void mbedtls_x509_crl_parse( char *crl_file, int result ) +{ + mbedtls_x509_crl crl; + char buf[2000]; + + mbedtls_x509_crl_init( &crl ); + memset( buf, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result ); + +exit: + mbedtls_x509_crl_free( &crl ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */ void mbedtls_x509_csr_info( char *csr_file, char *result_str ) { From 8136e824b33632108df6f56079c58e43a0215131 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 9 Dec 2016 17:26:23 +0000 Subject: [PATCH 07/54] Fix verify out flags from x509_crt_verify_top() This change fixes a regression introduced by an earlier commit that modified x509_crt_verify_top() to ensure that valid certificates that are after past or future valid in the chain are processed. However the change introduced a change in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the verification regardless of the cause. The fix maintains both behaviours: * Ensure that valid certificates after future and past are verified * Ensure that the correct verification flags are set. To do so, a temporary pointer to the first future or past valid certificate is maintained while traversing the chain. If a truly valid certificate is found then that one is used, otherwise if no valid certificate is found and the end of the chain is reached, the program reverts back to using the future or past valid certificate. --- ChangeLog | 9 +++++++++ library/x509_crt.c | 33 +++++++++++++++++++++------------ 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 92d7977e0..4008783d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix output certificate verification flags set by x509_crt_verify_top() when + traversing a chain of trusted CA. The issue would cause both flags, + MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be + set when the verification conditions are not met regardless of the cause. + Found by Harm Verhagen and inestlerode. #665 #561 + = mbed TLS 2.1.6 branch released 2016-10-17 Security diff --git a/library/x509_crt.c b/library/x509_crt.c index 81402ba55..84a2d4f16 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1893,6 +1893,7 @@ static int x509_crt_verify_top( int check_path_cnt; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; + mbedtls_x509_crt *future_past_ca = NULL; if( mbedtls_x509_time_is_past( &child->valid_to ) ) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; @@ -1947,16 +1948,6 @@ static int x509_crt_verify_top( continue; } - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) - { - continue; - } - - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - { - continue; - } - if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, child->sig_md, hash, mbedtls_md_get_size( md_info ), child->sig.p, child->sig.len ) != 0 ) @@ -1964,6 +1955,20 @@ static int x509_crt_verify_top( continue; } + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) || + mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + { + if ( future_past_ca == NULL ) + future_past_ca = trust_ca; + + continue; + } + + break; + } + + if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) + { /* * Top of chain is signed by a trusted CA */ @@ -1971,8 +1976,6 @@ static int x509_crt_verify_top( if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - - break; } /* @@ -1992,6 +1995,12 @@ static int x509_crt_verify_top( ((void) ca_crl); #endif + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; + + if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; + if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, From 3da3b6eccbb21a6d052218d48b4e6de11e728078 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 13 Dec 2016 09:59:07 +0000 Subject: [PATCH 08/54] Add tests for out flags from x509_crt_verify_top() The tests load certificate chains from files. The CA chains contain a past or future certificate and an invalid certificate. The test then checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or MBEDTLS_X509_BADCERT_FUTURE. --- .../test-ca2_cat-future-invalid.crt | 27 +++++++++++++++++++ .../data_files/test-ca2_cat-past-invalid.crt | 27 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 3 files changed, 62 insertions(+) create mode 100644 tests/data_files/test-ca2_cat-future-invalid.crt create mode 100644 tests/data_files/test-ca2_cat-past-invalid.crt diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt new file mode 100644 index 000000000..b1cfbf054 --- /dev/null +++ b/tests/data_files/test-ca2_cat-future-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt new file mode 100644 index 000000000..febad7408 --- /dev/null +++ b/tests/data_files/test-ca2_cat-past-invalid.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ +H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd +BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh +clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 +AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ +Xj09kLboxuemP40IIqhQnpYptMg= +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6511cef9f..9a44dbe72 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -715,6 +715,14 @@ X509 Certificate verification #85 (Not yet valid CA and valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" +X509 Certificate verification #86 (Not yet valid CA and invalid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"NULL" + +X509 Certificate verification #87 (Expired CA and invalid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From df06c200b831c29337a28302049270ecce282e7e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 09/54] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index d4fdf6e1a..4ed6b312a 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,6 +192,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From f083b31fb3282ca1a8e63e054a945f351c99565e Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 14:36:49 +0000 Subject: [PATCH 10/54] Fix generate_code.pl to handle escaped : --- tests/scripts/generate_code.pl | 2 +- tests/suites/test_suite_pem.data | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 1c7a281d7..1c9cfc5b3 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -139,7 +139,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// $param_defs .= " char *param$i = params[$i];\n"; $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n"; push @dispatch_params, "param$i"; - $mapping_regex .= ":[^:\n]+"; + $mapping_regex .= ":(?:\\\\.|[^:\n])+"; } else { diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 9a62db8ea..339b4d3f8 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,10 +17,10 @@ PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":-4608 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":-4608 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":-4736 +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG From ebb855518d914501133b7fd8994162e2e7deed2f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 4 Nov 2016 12:23:11 +0000 Subject: [PATCH 11/54] Fix multiple erroneously named source files in comments This fixes many incorrect references to filenames in the comments in config.h. --- include/mbedtls/config.h | 62 ++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e77cf2623..c720cb98e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1443,7 +1443,7 @@ * library/pkwrite.c * library/x509_create.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c */ #define MBEDTLS_ASN1_WRITE_C @@ -1771,7 +1771,7 @@ * * Enable the generic message digest layer. * - * Module: library/mbedtls_md.c + * Module: library/md.c * Caller: * * Uncomment to enable generic message digest wrappers. @@ -1783,7 +1783,7 @@ * * Enable the MD2 hash algorithm. * - * Module: library/mbedtls_md2.c + * Module: library/md2.c * Caller: * * Uncomment to enable support for (rare) MD2-signed X.509 certs. @@ -1795,7 +1795,7 @@ * * Enable the MD4 hash algorithm. * - * Module: library/mbedtls_md4.c + * Module: library/md4.c * Caller: * * Uncomment to enable support for (rare) MD4-signed X.509 certs. @@ -1807,8 +1807,8 @@ * * Enable the MD5 hash algorithm. * - * Module: library/mbedtls_md5.c - * Caller: library/mbedtls_md.c + * Module: library/md5.c + * Caller: library/md.c * library/pem.c * library/ssl_tls.c * @@ -1857,11 +1857,11 @@ * library/rsa.c * library/x509.c * library/x509_create.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * This modules translates between OIDs and internal values. */ @@ -1889,9 +1889,9 @@ * Module: library/pem.c * Caller: library/dhm.c * library/pkparse.c - * library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -1907,7 +1907,7 @@ * Module: library/pem.c * Caller: library/pkwrite.c * library/x509write_crt.c - * library/mbedtls_x509write_csr.c + * library/x509write_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -1937,8 +1937,8 @@ * Enable the generic public (asymetric) key parser. * * Module: library/pkparse.c - * Caller: library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_PK_C * @@ -2029,8 +2029,8 @@ * * Enable the RIPEMD-160 hash algorithm. * - * Module: library/mbedtls_ripemd160.c - * Caller: library/mbedtls_md.c + * Module: library/ripemd160.c + * Caller: library/md.c * */ #define MBEDTLS_RIPEMD160_C @@ -2058,8 +2058,8 @@ * * Enable the SHA1 cryptographic hash algorithm. * - * Module: library/mbedtls_sha1.c - * Caller: library/mbedtls_md.c + * Module: library/sha1.c + * Caller: library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2074,9 +2074,9 @@ * * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. * - * Module: library/mbedtls_sha256.c + * Module: library/sha256.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2091,9 +2091,9 @@ * * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. * - * Module: library/mbedtls_sha512.c + * Module: library/sha512.c * Caller: library/entropy.c - * library/mbedtls_md.c + * library/md.c * library/ssl_cli.c * library/ssl_srv.c * @@ -2229,9 +2229,9 @@ * Enable X.509 core for using certificates. * * Module: library/x509.c - * Caller: library/mbedtls_x509_crl.c - * library/mbedtls_x509_crt.c - * library/mbedtls_x509_csr.c + * Caller: library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, * MBEDTLS_PK_PARSE_C @@ -2245,7 +2245,7 @@ * * Enable X.509 certificate parsing. * - * Module: library/mbedtls_x509_crt.c + * Module: library/x509_crt.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c @@ -2261,8 +2261,8 @@ * * Enable X.509 CRL parsing. * - * Module: library/mbedtls_x509_crl.c - * Caller: library/mbedtls_x509_crt.c + * Module: library/x509_crl.c + * Caller: library/x509_crt.c * * Requires: MBEDTLS_X509_USE_C * @@ -2275,7 +2275,7 @@ * * Enable X.509 Certificate Signing Request (CSR) parsing. * - * Module: library/mbedtls_x509_csr.c + * Module: library/x509_csr.c * Caller: library/x509_crt_write.c * * Requires: MBEDTLS_X509_USE_C From 0a5ff55537d62490d4d0a2d184d2bf736dc67f3b Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Sat, 14 Nov 2015 13:09:01 +0000 Subject: [PATCH 12/54] Allow test suites to be run on Windows For a start, they don't even compile with Visual Studio due to strcasecmp being missing. Secondly, on Windows Perl scripts aren't executable and have to be run using the Perl interpreter directly; thankfully CMake is able to find cygwin Perl straight away without problems. --- tests/CMakeLists.txt | 7 ++++++- tests/suites/helpers.function | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 47fedd5f7..b1b1ea426 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -10,6 +10,11 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) +find_package(Perl) +if(NOT PERL_FOUND) + message(FATAL_ERROR "Cannot build test suites without Perl") +endif() + function(add_test_suite suite_name) if(ARGV1) set(data_name ${ARGV1}) @@ -19,7 +24,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c - COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} + COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 8f681dbd4..6af918cad 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -15,6 +15,8 @@ #ifdef _MSC_VER #include typedef UINT32 uint32_t; +#define strncasecmp _strnicmp +#define strcasecmp _stricmp #else #include #endif From 63285aaddc85a5f03b31963036c2038eb337ffff Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 3 Nov 2016 01:11:37 +0000 Subject: [PATCH 13/54] Fix compiler warning with MSVC Fixes compiler warnings found with Microsoft Visual Studio 2015 (and earlier versions). --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 9251aed31..81402ba55 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1121,7 +1121,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, + w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); From 5e20b82395c52b5f269fb76aef56b8857973063a Mon Sep 17 00:00:00 2001 From: Simon B Date: Thu, 3 Nov 2016 01:12:50 +0000 Subject: [PATCH 14/54] Fix config of compiler warning flags with MSVC Compiler warnings were being configured twice and not suppressed on the test suites with Microsoft Visual Studio. --- CMakeLists.txt | 4 +++- tests/CMakeLists.txt | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 499ccff90..6b3182bfb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -54,7 +54,9 @@ if(CMAKE_COMPILER_IS_CLANG) endif(CMAKE_COMPILER_IS_CLANG) if(MSVC) - set(CMAKE_C_FLAGS_CHECK "/WX") + # Strictest warnings, and treat as errors + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") endif(MSVC) if(CMAKE_BUILD_TYPE STREQUAL "Coverage") diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index b1b1ea426..8608da14d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -39,7 +39,9 @@ if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) endif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) if(MSVC) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /w") # no warnings here + # If a warning level has been defined, suppress all warnings for test code + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W0") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) add_test_suite(aes aes.ecb) From 31ea513dce3a87fb5097825847f9ddfe3b3cde37 Mon Sep 17 00:00:00 2001 From: Simon B Date: Sat, 12 Nov 2016 22:34:10 +0000 Subject: [PATCH 15/54] Remove need for elevated command line in Windows Changes use of mklink in Windows test builds, to create junctions instead of directory symbolic links. This removes the need for an elevated command prompt when running cmake to create the Visual Studio project files. --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 8608da14d..96ce7f94f 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -112,7 +112,7 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) if (CMAKE_HOST_UNIX) set(command ln -s ${target} ${link}) else() - set(command cmd.exe /c mklink /d ${link} ${target}) + set(command cmd.exe /c mklink /j ${link} ${target}) endif() execute_process(COMMAND ${command} From ef1329e4afb44ed55a0124b0c820d15e816b4fc4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Jan 2017 23:24:02 +0000 Subject: [PATCH 16/54] Fix integer overflows in buffer bound checks Fix potential integer overflows in the following functions: * mbedtls_md2_update() to be bypassed and cause * mbedtls_cipher_update() * mbedtls_ctr_drbg_reseed() This overflows would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 6 ++++++ library/cipher.c | 4 ++-- library/ctr_drbg.c | 3 ++- library/md2.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4bde6e4f2..5856f416a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,12 @@ Bugfix * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_md2_update() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/library/cipher.c b/library/cipher.c index ccc068503..1523b07da 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -300,9 +300,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) || + ilen <= mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) ) + ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index aefddfa1d..646196eb1 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -290,7 +290,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); diff --git a/library/md2.c b/library/md2.c index 897670131..95cbcce65 100644 --- a/library/md2.c +++ b/library/md2.c @@ -158,7 +158,7 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s while( ilen > 0 ) { - if( ctx->left + ilen > 16 ) + if( ilen > 16 - ctx->left ) fill = 16 - ctx->left; else fill = ilen; From d00d3e250e201f8fae9330bce1a5e321cb84aaa5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 18 Jan 2017 17:21:03 +0000 Subject: [PATCH 17/54] Fix integer overflow in mbedtls_base64_decode() Fix potential integer overflows in the function mbedtls_base64_decode(). This overflow would mainly be exploitable in 32-bit systems and could cause buffer bound checks to be bypassed. --- ChangeLog | 2 ++ library/base64.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 5856f416a..e8fa013e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_md2_update() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could + cause buffer bound checks to be bypassed. Found by Eyal Itkin. = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/library/base64.c b/library/base64.c index 3432e5fcd..d4fdf6e1a 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,7 +192,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } - n = ( ( n * 6 ) + 7 ) >> 3; + n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; if( dst == NULL || dlen < n ) From 2b912b4eeae645fe917093f884a0c52e9bce6ec7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 08:46:53 +0000 Subject: [PATCH 18/54] Add comment to integer overflow fix in base64.c Adds clarifying comment to the integer overflow fix in base64.c --- library/base64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/base64.c b/library/base64.c index d4fdf6e1a..4ed6b312a 100644 --- a/library/base64.c +++ b/library/base64.c @@ -192,6 +192,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } + /* The following expression is to calculate the following formula without + * risk of integer overflow in n: + * n = ( ( n * 6 ) + 7 ) >> 3; + */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; From 7a77cb21d864179e05a3c36ad939bb929d9fd334 Mon Sep 17 00:00:00 2001 From: Brian J Murray Date: Sun, 6 Nov 2016 04:45:15 -0800 Subject: [PATCH 19/54] Clarify Comments and Fix Typos (#651) Fixes many typos, and errors in comments. * Clarifies many comments * Grammar correction in config.pl help text * Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE. * Comment typo fix (Dont => Don't) * Comment typo fix (assure => ensure) * Comment typo fix (byes => bytes) * Added citation for quoted standard * Comment typo fix (one complement => 1's complement) The is some debate about whether to prefer "one's complement", "ones' complement", or "1's complement". The more recent RFCs related to TLS (RFC 6347, RFC 4347, etc) use " 1's complement", so I followed that convention. * Added missing ")" in comment * Comment alignment * Incorrect comment after #endif --- include/mbedtls/rsa.h | 2 +- include/mbedtls/x509.h | 2 +- library/net.c | 2 +- library/pkparse.c | 12 ++++++------ library/ssl_tls.c | 9 +++++---- library/x509.c | 2 +- scripts/config.pl | 22 ++++++++++++++++++++-- 7 files changed, 35 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 9c8645df6..a324b6936 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -206,7 +206,7 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rs * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note This function does NOT take care of message - * padding. Also, be sure to set input[0] = 0 or assure that + * padding. Also, be sure to set input[0] = 0 or ensure that * input is smaller than N. * * \note The input and output buffers must be large diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 54dac166b..f219bf128 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -157,7 +157,7 @@ #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ +#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* * Storage format identifiers diff --git a/library/net.c b/library/net.c index a77268c55..b6b08ed72 100644 --- a/library/net.c +++ b/library/net.c @@ -228,7 +228,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char } } - /* I we ever get there, it's a success */ + /* Bind was successful */ ret = 0; break; } diff --git a/library/pkparse.c b/library/pkparse.c index bddcf5d3a..f0a12f983 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1186,12 +1186,12 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, #endif /* MBEDTLS_PEM_PARSE_C */ /* - * At this point we only know it's not a PEM formatted key. Could be any - * of the known DER encoded private key formats - * - * We try the different DER format parsers to see if one passes without - * error - */ + * At this point we only know it's not a PEM formatted key. Could be any + * of the known DER encoded private key formats + * + * We try the different DER format parsers to see if one passes without + * error + */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, pwd, pwdlen ) ) == 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d44264208..c455625da 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3413,7 +3413,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { - /* Dont check write errors as we can't do anything here. + /* Don't check write errors as we can't do anything here. * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); @@ -5914,8 +5914,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot const char **p; /* - * "Empty strings MUST NOT be included and byte strings MUST NOT be - * truncated". Check lengths now rather than later. + * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings + * MUST NOT be truncated." + * We check lengths now rather than later. */ tot_len = 0; for( p = protos; *p != NULL; p++ ) @@ -7472,7 +7473,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, * and, for DTLS, to/from TLS equivalent. * * For TLS this is the identity. - * For DTLS, use one complement (v -> 255 - v, and then map as follows: + * For DTLS, use 1's complement (v -> 255 - v, and then map as follows: * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) */ diff --git a/library/x509.c b/library/x509.c index 33bcb9ef0..b063a19c5 100644 --- a/library/x509.c +++ b/library/x509.c @@ -656,7 +656,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 /* * X.509 Extensions (No parsing of extensions, pointer should - * be either manually updated or extensions should be parsed! + * be either manually updated or extensions should be parsed!) */ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ) diff --git a/scripts/config.pl b/scripts/config.pl index d4c32fd1b..5e1865d8c 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -6,8 +6,26 @@ use warnings; use strict; my $usage = <] unset -$0 [-f ] set [] +$0 [-f ] [set | unset | full | realfull] + +Commands + set [] - Uncomments or adds a #define for the to + the configuration file, and optionally making it + of . + If the symbol isn't present in the file an error + is returned. + unset - Comments out the #define for the given symbol if + present in the configuration file. + full - Uncomments all #define's in the configuration file + excluding some reserved symbols, until the + 'Module configuration options' section + realfull - Uncomments all #define's with no exclusions + +Options + -f - The file or file path for the configuration file + to edit. When omitted, the following default is + used: + $config_file EOU # for our eyes only: # $0 [-f ] full|realfull From 13945f66659b0e192926402cadc48b0548f55589 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 10:25:19 +0000 Subject: [PATCH 20/54] Fix redefinition of macro ssl_set_bio Fix redefinition of macro ssl_set_bio to undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h. --- ChangeLog | 2 ++ include/mbedtls/compat-1.3.h | 1 - scripts/data_files/rename-1.3-2.0.txt | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e8fa013e3..32f930b6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.x branch released xxxx-xx-xx Bugfix + * Fix redefinition of macro ssl_set_bio to undefined symbol + mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index 27abbd972..af51b5f82 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -2453,7 +2453,6 @@ #define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support #define ssl_set_authmode mbedtls_ssl_conf_authmode #define ssl_set_bio mbedtls_ssl_set_bio -#define ssl_set_bio mbedtls_ssl_set_bio_timeout #define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain #define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting #define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt index 397f6beae..cb3381ab8 100644 --- a/scripts/data_files/rename-1.3-2.0.txt +++ b/scripts/data_files/rename-1.3-2.0.txt @@ -1996,7 +1996,6 @@ ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols ssl_set_arc4_support mbedtls_ssl_conf_arc4_support ssl_set_authmode mbedtls_ssl_conf_authmode ssl_set_bio mbedtls_ssl_set_bio -ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout ssl_set_ca_chain mbedtls_ssl_conf_ca_chain ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites From 480a958e54d188b7601aa6dc334312a9b56a0d98 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 15:05:53 +0000 Subject: [PATCH 21/54] Fix unused variable/function compilation warnings This PR fixes a number of unused variable/function compilation warnings that arise when using a config.h that does not define the macro MBEDTLS_PEM_PARSE_C. --- ChangeLog | 3 +++ library/pem.c | 2 +- library/x509_csr.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 32f930b6b..91102c3e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix redefinition of macro ssl_set_bio to undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 + * Fix unused variable/function compilation warnings in pem.c and x509_csr.c + that are reported when building mbed TLS with a config.h that does not + define MBEDTLS_PEM_PARSE_C. #562 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/library/pem.c b/library/pem.c index d1c660412..8dd86a4ac 100644 --- a/library/pem.c +++ b/library/pem.c @@ -44,12 +44,12 @@ #define mbedtls_free free #endif +#if defined(MBEDTLS_PEM_PARSE_C) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(MBEDTLS_PEM_PARSE_C) void mbedtls_pem_init( mbedtls_pem_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_pem_context ) ); diff --git a/library/x509_csr.c b/library/x509_csr.c index dbf659b44..60f66b3f3 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -259,8 +259,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, */ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret; #if defined(MBEDTLS_PEM_PARSE_C) + int ret; size_t use_len; mbedtls_pem_context pem; #endif From 8efc769647f14fde52d2688a8018fbb115db5533 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 15 Dec 2016 17:01:16 +0000 Subject: [PATCH 22/54] Fix renegotiation at incorrect times in DTLS Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared 64 bits of record counter instead of 48 bits as described in RFC 6347 Section 4.3.1. This would cause the function's return value to be occasionally incorrect and the renegotiation routines to be triggered at unexpected times. --- ChangeLog | 5 +++++ include/mbedtls/ssl.h | 6 ++++-- library/ssl_tls.c | 16 ++++++++++++---- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 91102c3e8..9bbefcdde 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ Bugfix * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define MBEDTLS_PEM_PARSE_C. #562 + * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that + would compare 64 bits of the record counter instead of 48 bits as indicated + in RFC 6347 Section 4.3.1. This could cause the execution of the + renegotiation routines at unexpected times when the protocol is DTLS. Found + by wariua. #687 * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing the input string in PEM format to extract the different components. Found by Eyal Itkin. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa7fbda28..fa9d48cdc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1946,7 +1946,7 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ /** * \brief Set record counter threshold for periodic renegotiation. - * (Default: 2^64 - 256.) + * (Default: 2^48 - 1) * * Renegotiation is automatically triggered when a record * counter (outgoing or ingoing) crosses the defined @@ -1957,9 +1957,11 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * + * \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM, + * the maximum renegotiation period is 2^48 - 1. + * * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. - * Set to 2^64 - 1 to disable periodic renegotiation */ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, const unsigned char period[8] ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c455625da..43efe0ce3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6380,6 +6380,10 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) */ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) { + size_t ep_len = ssl_ep_len( ssl ); + int in_ctr_cmp; + int out_ctr_cmp; + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) @@ -6387,8 +6391,12 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) return( 0 ); } - if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 && - memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 ) + in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + out_ctr_cmp = memcmp( ssl->out_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len ); + + if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) { return( 0 ); } @@ -7120,8 +7128,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_RENEGOTIATION) conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset( conf->renego_period, 0xFF, 7 ); - conf->renego_period[7] = 0x00; + memset( conf->renego_period, 0x00, 2 ); + memset( conf->renego_period + 2, 0xFF, 6 ); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) From 85041738e4863b920b6500d693677b9130daa343 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 19 Jan 2017 16:30:57 +0000 Subject: [PATCH 23/54] Add DTLS test to check 6 byte record ctr is cmp Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in the TLS case. Because currently there are no testing facilities to check that renegotiation routines are triggered after X number of input/output messages, the test consists on setting a renegotiation period that cannot be represented in 6 bytes, but whose least-significant byte is 2. If the library behaves correctly, the renegotiation routines will be executed after two exchanged. --- programs/ssl/ssl_server2.c | 27 +++++++++++++++++++++------ tests/ssl-opt.sh | 13 +++++++++++++ 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index bd4d1d1b4..1f6caf2d3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -60,6 +60,8 @@ int main( void ) #include #include #include +#include +#include #if !defined(_WIN32) #include @@ -109,7 +111,7 @@ int main( void ) #define DFL_ALLOW_LEGACY -2 #define DFL_RENEGOTIATE 0 #define DFL_RENEGO_DELAY -2 -#define DFL_RENEGO_PERIOD -1 +#define DFL_RENEGO_PERIOD ( (uint64_t)-1 ) #define DFL_EXCHANGES 1 #define DFL_MIN_VERSION -1 #define DFL_MAX_VERSION -1 @@ -288,7 +290,7 @@ int main( void ) " renegotiation=%%d default: 0 (disabled)\n" \ " renegotiate=%%d default: 0 (disabled)\n" \ " renego_delay=%%d default: -2 (library default)\n" \ - " renego_period=%%d default: (library default)\n" + " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n" #else #define USAGE_RENEGO "" #endif @@ -339,6 +341,19 @@ int main( void ) " force_ciphersuite= default: all enabled\n" \ " acceptable ciphersuite names:\n" + +#define PUT_UINT64_BE(out_be,in_le,i) \ +{ \ + (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \ + (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \ + (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \ + (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \ + (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \ + (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \ + (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \ + (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ +} + /* * global options */ @@ -364,7 +379,7 @@ struct options int allow_legacy; /* allow legacy renegotiation */ int renegotiate; /* attempt renegotiation? */ int renego_delay; /* delay before enforcing renegotiation */ - int renego_period; /* period for automatic renegotiation */ + uint64_t renego_period; /* period for automatic renegotiation */ int exchanges; /* number of data exchanges */ int min_version; /* minimum protocol version accepted */ int max_version; /* maximum protocol version accepted */ @@ -1025,8 +1040,8 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "renego_period" ) == 0 ) { - opt.renego_period = atoi( q ); - if( opt.renego_period < 2 || opt.renego_period > 255 ) + if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 || + opt.renego_period < 2 ) goto usage; } else if( strcmp( p, "exchanges" ) == 0 ) @@ -1741,7 +1756,7 @@ int main( int argc, char *argv[] ) if( opt.renego_period != DFL_RENEGO_PERIOD ) { - renego_period[7] = opt.renego_period; + PUT_UINT64_BE( renego_period, opt.renego_period, 0 ); mbedtls_ssl_conf_renegotiation_period( &conf, renego_period ); } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e73d01105..24b0fff14 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1534,6 +1534,19 @@ run_test "Renegotiation: DTLS, server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +run_test "Renegotiation: DTLS, renego_period overflow" \ + "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ + "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "record counter limit reached: renegotiate" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" \ + requires_gnutls run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ From 0f862949534cc0208f51733ea2d80d5c766d75b1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 13:08:37 +0000 Subject: [PATCH 24/54] Clarify fix for #673 in Changelog Clarified fix, and added credit. --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bbefcdde..fd77f70ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.x branch released xxxx-xx-xx Bugfix - * Fix redefinition of macro ssl_set_bio to undefined symbol - mbedtls_ssl_set_bio_timeout in compat-1.3.h. #673 + * Fix the redefinition of macro ssl_set_bio to an undefined symbol + mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. + Found by omlib-lin. #673 * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not define MBEDTLS_PEM_PARSE_C. #562 From f384fae69ae63b801af5768dd2834a0d9eb01afa Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 14:26:15 +0000 Subject: [PATCH 25/54] Fix undefined variable in scripts/config.pl The variable $config_file was being referenced without being defined in the script config.pl. --- scripts/config.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 5e1865d8c..d8d6a20ed 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -5,6 +5,7 @@ use warnings; use strict; +my $config_file = "include/mbedtls/config.h"; my $usage = <] [set | unset | full | realfull] @@ -58,8 +59,6 @@ my @non_excluded = qw( PLATFORM_[A-Z0-9]+_ALT ); -my $config_file = "include/mbedtls/config.h"; - # get -f option if (@ARGV >= 2 && $ARGV[0] eq "-f") { shift; # -f From ef3d4e436568b87cca6d20e059e3d2365a7b0fce Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 16:36:59 +0000 Subject: [PATCH 26/54] Add credit to Changelog for #562 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fd77f70ea..aaf1bba69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,7 @@ Bugfix Found by omlib-lin. #673 * Fix unused variable/function compilation warnings in pem.c and x509_csr.c that are reported when building mbed TLS with a config.h that does not - define MBEDTLS_PEM_PARSE_C. #562 + define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562 * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that would compare 64 bits of the record counter instead of 48 bits as indicated in RFC 6347 Section 4.3.1. This could cause the execution of the From aa093e4c5e2e7df8972604278faa11718769bf11 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 2 Feb 2017 17:01:10 +0000 Subject: [PATCH 27/54] Fix examples that failed to compile without PEM --- programs/ssl/dtls_client.c | 2 +- programs/ssl/ssl_mail_client.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index b37eb838c..2527d8d64 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -37,7 +37,7 @@ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CERTS_C) + !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) int main( void ) { mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 974c17020..ef68f24f8 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -491,13 +491,13 @@ int main( int argc, char *argv[] ) ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len ); #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); + mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined."); } #endif if( ret < 0 ) From 3a7d9314b490716f2190613bec8200a4160a61ce Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 3 Feb 2017 00:21:28 +0000 Subject: [PATCH 28/54] Add clarification to the TLS renegotiation period Expanded details on use of mbedtls_ssl_conf_renegotiation_period() --- include/mbedtls/ssl.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa9d48cdc..1f885ee14 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1957,8 +1957,14 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * - * \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM, - * the maximum renegotiation period is 2^48 - 1. + * The renegotiation period can be disabled by setting + * conf->disable_renegotiation to + * MBEDTLS_SSL_RENEGOTIATION_DISABLED. + * + * \note When the configured transport is + * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation + * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, + * the maximum renegotiation period is 2^64 - 1. * * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. From c89250913f6a2ea4b9e1c04be981c4f699137293 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 19 Jan 2017 11:24:33 +0000 Subject: [PATCH 29/54] Fix data loss in unsigned int cast in PK This patch introduces some additional checks in the PK module for 64-bit systems only. The problem is that the API functions in the PK abstraction accept a size_t value for the hashlen, while the RSA module accepts an unsigned int for the hashlen. Instead of silently casting size_t to unsigned int, this change checks whether the hashlen overflows an unsigned int and returns an error. --- ChangeLog | 7 +++++++ library/pk.c | 11 ++++++++++- library/pk_wrap.c | 18 ++++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index aaf1bba69..c1cb9efd8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,13 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.x branch released xxxx-xx-xx +Security + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + mbedtls_pk_sign(). Found by Jean-Philippe Aumasson. + Bugfix * Fix the redefinition of macro ssl_set_bio to an undefined symbol mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. diff --git a/library/pk.c b/library/pk.c index 10bd0a582..8d13bc5ce 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,6 +29,8 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" +#include "mbedtls/bignum.h" + #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif @@ -39,6 +41,8 @@ #include "mbedtls/ecdsa.h" #endif +#include + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -209,6 +213,11 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, int ret; const mbedtls_pk_rsassa_pss_options *pss_opts; +#if defined(MBEDTLS_HAVE_INT64) + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + if( options == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -232,7 +241,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, return( 0 ); #else return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#endif +#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ } /* General case: no options */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 712ad4832..db6274cbf 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -30,6 +30,7 @@ /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" +#include "mbedtls/bignum.h" #include @@ -49,6 +50,8 @@ #define mbedtls_free free #endif +#include + #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -74,6 +77,11 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, { int ret; +#if defined(MBEDTLS_HAVE_INT64) + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); @@ -93,6 +101,11 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { +#if defined(MBEDTLS_HAVE_INT64) + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + *sig_len = ((mbedtls_rsa_context *) ctx)->len; return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, @@ -402,6 +415,11 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; +#if defined(MBEDTLS_HAVE_INT64) + if( UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ + *sig_len = rsa_alt->key_len_func( rsa_alt->key ); return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, From b8ba86162ad2ade5009eb7ceb5a51f0a3f0c6268 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 15 Feb 2017 10:56:03 +0000 Subject: [PATCH 30/54] Add PK tests to avoid hashlen overflow for RSA --- tests/suites/test_suite_pk.data | 3 +++ tests/suites/test_suite_pk.function | 36 +++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 22a7fa8b1..f6ea378ff 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -150,3 +150,6 @@ Check pair #5 (RSA vs EC) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH +RSA hash_len overflow (size_t vs unsigned int) +depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 +pk_rsa_overflow: diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 08a262346..5fa8a693a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -5,6 +5,9 @@ #include "mbedtls/ecp.h" #include "mbedtls/rsa.h" +/* For detecting 64-bit compilation */ +#include "mbedtls/bignum.h" + static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); #define RSA_KEY_SIZE 512 @@ -414,6 +417,34 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 */ +void pk_rsa_overflow( ) +{ + mbedtls_pk_context pk; + size_t hash_len = (size_t)-1; + + mbedtls_pk_init( &pk ); + + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + +#if defined(MBEDTLS_PKCS1_V21) + TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk, + MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_PKCS1_V21 */ + + TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len, + NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0, + rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + +exit: + mbedtls_pk_free( &pk ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ void pk_rsa_alt( ) { @@ -461,6 +492,11 @@ void pk_rsa_alt( ) /* Test signature */ TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig, &sig_len, rnd_std_rand, NULL ) == 0 ); +#if defined(MBEDTLS_HAVE_INT64) + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, (size_t)-1, + NULL, NULL, rnd_std_rand, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* MBEDTLS_HAVE_INT64 */ TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); From e4b3df5824005911e916f7022429d0851d8ef8f6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 26 Feb 2017 02:01:22 +0000 Subject: [PATCH 31/54] Fix formatting in ChangeLog --- ChangeLog | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0fcaf5c41..5a5451207 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.x branch released xxxx-xx-xx Security - * Add checks to prevent signature forgeries for very large messages while - using RSA through the PK module in 64-bit systems. The issue was caused by - some data loss when casting a size_t to an unsigned int value in the - functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and - mbedtls_pk_sign(). Found by Jean-Philippe Aumasson. + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + mbedtls_pk_sign(). Found by Jean-Philippe Aumasson. * Fixed potential livelock during the parsing of a CRL in PEM format in mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing characters after the footer could result in the execution of an infinite From a841d75aadacbe587a25146db34a8ea4b50007ad Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 Feb 2017 14:13:02 +0000 Subject: [PATCH 32/54] Add unit tests for X509 certificate date parsing --- tests/suites/test_suite_x509parse.data | 61 ++++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 8 ++- 2 files changed, 64 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index edb74579b..5ea5164f8 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1524,3 +1524,64 @@ x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DAT X509 Get time (UTC invalid sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC without time zone) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212":0:2000:2:29:12:12:12 + +X509 Get time (UTC with invalid time zone #1) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC with invalid time zone #2) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Date with invalid tag) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERR_X509_INVALID_DATE+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0:0:0:0:0:0 + +X509 Get time (UTC, truncated) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Generalized Time, truncated) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC without seconds) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212":MBEDTLS_ERR_X509_INVALID_DATE:2000:2:29:12:12:0 + +X509 Get time (UTC without seconds and with invalid time zone #1) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC without second and with invalid time zone #2) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in year) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in month) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001%30231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in day) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011`0231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in hour) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302h1212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in min) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"00113023u012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (UTC invalid character in sec) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index a724cd8e4..89f46093b 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -613,16 +613,14 @@ void x509_get_time( int tag, char *time_str, int ret, int hour, int min, int sec ) { mbedtls_x509_time time; - unsigned char buf[17]; + unsigned char buf[21]; unsigned char* start = buf; unsigned char* end = buf; memset( &time, 0x00, sizeof( time ) ); *end = (unsigned char)tag; end++; - if( tag == MBEDTLS_ASN1_UTC_TIME ) - *end = 13; - else - *end = 15; + *end = strlen( time_str ); + TEST_ASSERT( *end < 20 ); end++; memcpy( end, time_str, (size_t)*(end - 1) ); end += *(end - 1); From 5ad4045981765944bdb9226cb37f9f9a271201fb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 3 Feb 2017 12:36:59 +0000 Subject: [PATCH 33/54] Fix buffer overread in mbedtls_x509_get_time() A heap overread might happen when parsing malformed certificates. Reported by Peng Li and Yueh-Hsun Lin. Refactoring the parsing fixes the problem. This commit applies the relevant part of the OpenVPN contribution applied to mbed TLS 1.3 in commit 17da9dd82931abdf054a01c466bce45e7d12b742. --- ChangeLog | 2 + library/x509.c | 137 +++++++++++++++++++++++++++++++------------------ 2 files changed, 88 insertions(+), 51 deletions(-) diff --git a/ChangeLog b/ChangeLog index 73804ec85..d26cec265 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,8 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could cause buffer bound checks to be bypassed. Found by Eyal Itkin. + * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng + Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/library/x509.c b/library/x509.c index b063a19c5..844cd6d64 100644 --- a/library/x509.c +++ b/library/x509.c @@ -475,14 +475,20 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, } } -static int x509_parse_int(unsigned char **p, unsigned n, int *res){ +static int x509_parse_int( unsigned char **p, size_t n, int *res ) +{ *res = 0; - for( ; n > 0; --n ){ - if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE; + + for( ; n > 0; --n ) + { + if( ( **p < '0') || ( **p > '9' ) ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + *res *= 10; - *res += (*(*p)++ - '0'); + *res += ( *(*p)++ - '0' ); } - return 0; + + return( 0 ); } static int x509_date_is_valid(const mbedtls_x509_time *time) @@ -512,6 +518,70 @@ static int x509_date_is_valid(const mbedtls_x509_time *time) return( 0 ); } +/* + * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) + * field. + */ +static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, + mbedtls_x509_time *time ) +{ + int ret; + + /* + * Minimum length is 10 or 12 depending on yearlen + */ + if ( len < yearlen + 8 ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + len -= yearlen + 8; + + /* + * Parse year, month, day, hour, minute + */ + CHECK( x509_parse_int( p, yearlen, &time->year ) ); + if ( 2 == yearlen ) + { + if ( time->year < 50 ) + time->year += 100; + + time->year += 1900; + } + + CHECK( x509_parse_int( p, 2, &time->mon ) ); + CHECK( x509_parse_int( p, 2, &time->day ) ); + CHECK( x509_parse_int( p, 2, &time->hour ) ); + CHECK( x509_parse_int( p, 2, &time->min ) ); + + /* + * Parse seconds if present + */ + if ( len >= 2 ) + { + CHECK( x509_parse_int( p, 2, &time->sec ) ); + len -= 2; + } + else + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + + /* + * Parse trailing 'Z' if present + */ + if ( 1 == len && 'Z' == **p ) + { + (*p)++; + len--; + } + + /* + * We should have parsed all characters at this point + */ + if ( 0 != len ) + return ( MBEDTLS_ERR_X509_INVALID_DATE ); + + CHECK( x509_date_is_valid( time ) ); + + return ( 0 ); +} + /* * Time ::= CHOICE { * utcTime UTCTime, @@ -521,7 +591,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, mbedtls_x509_time *time ) { int ret; - size_t len; + size_t len, year_len; unsigned char tag; if( ( end - *p ) < 1 ) @@ -531,55 +601,20 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, tag = **p; if( tag == MBEDTLS_ASN1_UTC_TIME ) - { - (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); - - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - - CHECK( x509_parse_int( p, 2, &time->year ) ); - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); - if( len > 10 ) - CHECK( x509_parse_int( p, 2, &time->sec ) ); - if( len > 12 && *(*p)++ != 'Z' ) - return( MBEDTLS_ERR_X509_INVALID_DATE ); - - time->year += 100 * ( time->year < 50 ); - time->year += 1900; - - CHECK( x509_date_is_valid( time ) ); - - return( 0 ); - } + year_len = 2; else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) - { - (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); - - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - - CHECK( x509_parse_int( p, 4, &time->year ) ); - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); - if( len > 12 ) - CHECK( x509_parse_int( p, 2, &time->sec ) ); - if( len > 14 && *(*p)++ != 'Z' ) - return( MBEDTLS_ERR_X509_INVALID_DATE ); - - CHECK( x509_date_is_valid( time ) ); - - return( 0 ); - } + year_len = 4; else return( MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + + (*p)++; + ret = mbedtls_asn1_get_len( p, end, &len ); + + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); + + return x509_parse_time( p, len, year_len, time ); } int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) From f4cbe10bcef6b398e1bb10bc749ad2e28a7e4589 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 8 Dec 2016 17:19:21 +0000 Subject: [PATCH 34/54] Fix memory leak in mbedtls_x509_crl_parse() The memory leak call was caused by missing calls to mbedtls_pem_free() when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. --- ChangeLog | 3 +++ library/x509_crl.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d26cec265..64aeac5f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,9 @@ Bugfix cause buffer bound checks to be bypassed. Found by Eyal Itkin. * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. + * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused + by missing calls to mbedtls_pem_free() in cases when a + MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/library/x509_crl.c b/library/x509_crl.c index dca14cc99..3af10f69b 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -524,16 +524,17 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s if( ( ret = mbedtls_x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 ) { + mbedtls_pem_free( &pem ); return( ret ); } - - mbedtls_pem_free( &pem ); } else if( is_pem ) { mbedtls_pem_free( &pem ); return( ret ); } + + mbedtls_pem_free( &pem ); } /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. * And a valid CRL cannot be less than 1 byte anyway. */ From 763e32731acf5e53346a657e390fab24693644d4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 16:36:22 +0000 Subject: [PATCH 35/54] Fix credit in ChangeLog for #722 --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 64aeac5f0..4d71127da 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,7 +46,8 @@ Bugfix Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused by missing calls to mbedtls_pem_free() in cases when a - MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. + MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and + fix proposed by Guido Vranken. #722 = mbed TLS 2.1.6 branch released 2016-10-17 From c7fb230fa4e5a521bf5c047f1ae2a9345284f6bf Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 15:51:14 +0000 Subject: [PATCH 36/54] Add invalid key tests for curve SECP224K1 This curve has special arithmetic on 64 bit platforms and an untested path lead to trying to free a buffer on the stack. For the sake of completeness, a test case for a point with non-affine coordinates has been added as well. --- tests/suites/test_suite_ecp.data | 12 ++++++++++-- tests/suites/test_suite_ecp.function | 7 ++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 1c858b5f7..a43e7d75d 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -32,11 +32,19 @@ mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_SECP192R1:19:192:"secp192r1" ECP check pubkey Montgomery #1 (too big) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_check_pub_mx:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ECP_INVALID_KEY +ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY ECP check pubkey Montgomery #2 (biggest) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_check_pub_mx:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":0 +ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0 + +ECP check pubkey Koblitz #1 (point not on curve) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:MBEDTLS_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"1":MBEDTLS_ERR_ECP_INVALID_KEY + +ECP check pubkey Koblitz #2 (coordinate not affine) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_check_pub:MBEDTLS_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":MBEDTLS_ERR_ECP_INVALID_KEY ECP write binary #0 (zero, bad format) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index eee648693..bd2fd3687 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -29,7 +29,7 @@ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char *name ) /* END_CASE */ /* BEGIN_CASE */ -void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) +void ecp_check_pub( int grp_id, char *x_hex, char *y_hex, char *z_hex, int ret ) { mbedtls_ecp_group grp; mbedtls_ecp_point P; @@ -39,8 +39,9 @@ void ecp_check_pub_mx( int grp_id, char *key_hex, int ret ) TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, key_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_lset( &P.Z, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret ); From 8dbb35ae13c45c4c9eb1342c2a64aca2465514d9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 27 Jan 2017 16:05:20 +0000 Subject: [PATCH 37/54] ECP: Prevent freeing a buffer on stack The function ecp_mod_koblitz computed the space for the result of a multiplication optimally for that specific case, but unfortunately the function mbedtls_mpi_mul_mpi performs a generic, suboptimal calculation and needs one more limb for the result. Since the result's buffer is on the stack, the best case scenario is that the program stops. This only happened on 64 bit platforms. Fixes #569 --- ChangeLog | 6 ++++++ library/ecp_curves.c | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4d71127da..1f09c8387 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,12 @@ Security characters after the footer could result in the execution of an infinite loop. The issue can be triggered remotely. Found by Greg Zaverucha, Microsoft. + * Fixed a bug that caused freeing a buffer that was allocated on the stack, + when verifying the validity of a key on secp224k1. This could be + triggered remotely for example with a maliciously constructed certificate + and might have led to remote code execution on some exotic embedded + platforms. Reported independently by rongsaws and Regina Wilson. + CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 9a6e8eb18..a2a5495a9 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -1213,7 +1213,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t int ret; size_t i; mbedtls_mpi M, R; - mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R]; + mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; if( N->n < p_limbs ) return( 0 ); @@ -1235,7 +1235,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) @@ -1257,7 +1257,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); - M.n += R.n - adjust; /* Make room for multiplication by R */ + M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ if( mask != 0 ) From 3ea1af214c10bff11f4337f1ef65f55cbeeea8f6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 28 Feb 2017 18:47:27 +0000 Subject: [PATCH 38/54] Clarify ChangeLog for #569 --- ChangeLog | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1f09c8387..129a20297 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,9 +16,8 @@ Security * Fixed a bug that caused freeing a buffer that was allocated on the stack, when verifying the validity of a key on secp224k1. This could be triggered remotely for example with a maliciously constructed certificate - and might have led to remote code execution on some exotic embedded - platforms. Reported independently by rongsaws and Regina Wilson. - CVE-2017-2784 + and potentially could lead to remote code execution on some platforms. + Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when From 45bbb21799a6d108f490305492ae72e1f592051a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 22 Jul 2016 11:54:30 +0100 Subject: [PATCH 39/54] Fix default hostname for verification used in ssl_client1 --- programs/ssl/ssl_client1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 1aeddf71c..8119acfa2 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -177,7 +177,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 ) + if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); goto exit; From 09b6274247b4443087c1d945c6b8878bb8cadde8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 13:08:37 +0000 Subject: [PATCH 40/54] Clarify fix for #673 in Changelog Clarified fix, and added credit. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 129a20297..9ec6f25d8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,7 @@ Security Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix +<<<<<<< HEAD * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From e4b89450f90085c1b44bd9bab0477c7b136c7f63 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 16:36:59 +0000 Subject: [PATCH 41/54] Add credit to Changelog for #562 --- ChangeLog | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9ec6f25d8..129a20297 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,7 +20,6 @@ Security Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix -<<<<<<< HEAD * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From 8f352fd2c11df14757fffd8f6d3a0d8b85890ea5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 17:23:36 +0200 Subject: [PATCH 42/54] fix for issue 1101: missing rsa context initialization added mbedtls_rsa_init in rsa_decrypt sample application --- programs/pkey/rsa_decrypt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 0200bd7ed..489b58907 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -86,6 +86,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); From 57031ce0a949dda00a838f0a02790c717990d454 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 22:17:49 +0000 Subject: [PATCH 43/54] Fix Visual Studio template files Adds interim directories to the Visual Studio project files to avoid warning MSB8028 in Visual Studio 2015, where shared directories of intermediate files between project files generate the warning. --- .../data_files/vs2010-app-template.vcxproj | 28 +++++++++++-------- .../data_files/vs2010-main-template.vcxproj | 4 +++ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index 593c22df9..806130a10 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index 6e30ffe15..773b58a33 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ From 59dd04f1298228c1ab37d4d1ccc6f20ed1e880f4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 1 Mar 2017 23:17:57 +0000 Subject: [PATCH 44/54] Update of the Visual Studio files Contains additional project file, ecdh_curve25519.vcxproj, as well as fix for intermediate files causing the warning MSB8028 with Visual Studio 2015. --- visualc/VS2010/aescrypt2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/benchmark.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_req.vcxproj | 28 ++++++++++++---------- visualc/VS2010/cert_write.vcxproj | 28 ++++++++++++---------- visualc/VS2010/crl_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/crypt_and_hash.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_genprime.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dh_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dtls_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/dtls_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ecdsa.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_entropy.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_key.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 28 ++++++++++++---------- visualc/VS2010/gen_random_havege.vcxproj | 28 ++++++++++++---------- visualc/VS2010/generic_sum.vcxproj | 28 ++++++++++++---------- visualc/VS2010/hello.vcxproj | 28 ++++++++++++---------- visualc/VS2010/key_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/key_app_writer.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mbedTLS.vcxproj | 4 ++++ visualc/VS2010/mini_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/mpi_demo.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pem2der.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_decrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_encrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_sign.vcxproj | 28 ++++++++++++---------- visualc/VS2010/pk_verify.vcxproj | 28 ++++++++++++---------- visualc/VS2010/req_app.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_decrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_encrypt.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_genkey.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_sign.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_sign_pss.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_verify.vcxproj | 28 ++++++++++++---------- visualc/VS2010/rsa_verify_pss.vcxproj | 28 ++++++++++++---------- visualc/VS2010/selftest.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_cert_test.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_client1.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_client2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_fork_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_mail_client.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_server.vcxproj | 28 ++++++++++++---------- visualc/VS2010/ssl_server2.vcxproj | 28 ++++++++++++---------- visualc/VS2010/strerror.vcxproj | 28 ++++++++++++---------- visualc/VS2010/udp_proxy.vcxproj | 28 ++++++++++++---------- 47 files changed, 740 insertions(+), 552 deletions(-) diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index afbfe48c7..644ef751b 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index ee3ada3be..2655c657c 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index 0988a298a..e73b5eb2a 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index ef3ed2ea2..d378271df 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index 43c009325..39a3239fc 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index d7599990d..d4055982e 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index d9d70ea39..35d4a7b9b 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index c211badd0..4774caed8 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index 4e2ee2049..ae8754c0b 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index 025c54874..ee219971d 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index 0f51e0470..4b55587f2 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index e643d92a9..114412d37 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 5d83e1f40..786b838d5 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index d3eee21cb..00905666d 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index e72d47521..c7ee53f57 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index cffbc434c..78da2dfcb 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 729f8fe60..7e638e3c5 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 3ff156304..b6438610a 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index 1d368951e..e0692d9e2 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index ecd1154ab..47e1b2936 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 6443005dc..c434baeb6 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 915b41e7c..aba90c78a 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -65,15 +65,19 @@ true + $(Configuration)\$(TargetName)\ true + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ false + $(Configuration)\$(TargetName)\ diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index e3007d75b..4dbeb9d62 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index 881ea2350..dfb68eb9c 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 50f877d90..3823107e8 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 17f0ffe90..9b689bf8f 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 2e49348da..c58c1d954 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index 1549dfdc5..4b22d3e21 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 1aee7aeb7..6d9654c6a 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 1d3809527..5c6870ce1 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 67404ef20..fb3f4441c 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 8fab1d5ef..779c020cd 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 87e67f47c..756b597b4 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index b24d3a1e3..cf15c7045 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index d4b605c38..67246d12f 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index daaa29da6..8aa85cb3f 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index f8b8c807e..a046fe212 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 44268d21b..ae85181b0 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/ssl_cert_test.vcxproj index 187c2ec4c..158f2366a 100644 --- a/visualc/VS2010/ssl_cert_test.vcxproj +++ b/visualc/VS2010/ssl_cert_test.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index 479ca94cc..390593085 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index a956922d5..4fcb6adb7 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index 18c916557..389097684 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index c1856175c..e85cfcbf8 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index 09888b750..cf2b258aa 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index b39ce5dce..5cac05ef9 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 58feabceb..927942ffe 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index 1ca3e6af9..e1135b9c7 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -71,18 +71,22 @@ - - true - - - true - - - false - - - false - + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + From a156363070fdaadb4aa07c5b7221aec9a0e402d3 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 8 Feb 2017 14:05:57 +0000 Subject: [PATCH 45/54] Remove use of inttypes.h in MSVC from ssl_server2 The sample application programs/ssl/ssl_server2.c was previously modifies to use inttypes.h to parse a string to a 64-bit integer. However, MSVC does not support C99, so compilation fails. This patch modifies the sample app to use the MSVC specific parsing functions instead of inttypes.h. --- programs/ssl/ssl_server2.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1f6caf2d3..20fec5324 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -61,7 +61,10 @@ int main( void ) #include #include #include + +#if !defined(_MSC_VER) #include +#endif #if !defined(_WIN32) #include @@ -1040,8 +1043,13 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "renego_period" ) == 0 ) { - if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 || - opt.renego_period < 2 ) +#if defined(_MSC_VER) + opt.renego_period = _strtoui64( q, NULL, 10 ); +#else + if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 ) + goto usage; +#endif /* _MSC_VER */ + if( opt.renego_period < 2 ) goto usage; } else if( strcmp( p, "exchanges" ) == 0 ) From 9aabf6dfcd0ed80fffcf886e51ed36f9e4e81e97 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Mar 2017 09:18:09 +0000 Subject: [PATCH 46/54] Add fix and credit for #742 to the ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 129a20297..bb15ee2ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -53,6 +53,9 @@ Bugfix by missing calls to mbedtls_pem_free() in cases when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and fix proposed by Guido Vranken. #722 + * Fixed the templates used to generate project and solution files for Visual + Studio 2015 as well as the files themselves, to remove a build warning + generated in Visual Studio 2015. Reported by Steve Valliere. #742 = mbed TLS 2.1.6 branch released 2016-10-17 From 2b8d89009895f0e2bb5cf1accb05822b56fa5396 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 13:08:37 +0000 Subject: [PATCH 47/54] Clarify fix for #673 in Changelog Clarified fix, and added credit. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index bb15ee2ab..e40589e36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,7 @@ Security Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix +<<<<<<< HEAD * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From 3c6a1a937212bbf64ca39473dbe1cd94729fe5e1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 2 Feb 2017 16:36:59 +0000 Subject: [PATCH 48/54] Add credit to Changelog for #562 --- ChangeLog | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e40589e36..bb15ee2ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,7 +20,6 @@ Security Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 Bugfix -<<<<<<< HEAD * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From 8c5385e150074bcc97c4919c856de817740e79a4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 29 Jan 2017 18:51:35 +0200 Subject: [PATCH 49/54] Backport 2.1:Resource leak in ssl_cookie and mutex When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it. Raised and fix suggested by lan Gillingham in the mbed TLS forum Tracked in #771 --- ChangeLog | 2 ++ library/ssl_cookie.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index bb15ee2ab..32d76df95 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,8 @@ Bugfix * Fixed the templates used to generate project and solution files for Visual Studio 2015 as well as the files themselves, to remove a build warning generated in Visual Studio 2015. Reported by Steve Valliere. #742 + * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C. + Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771 = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 7e0c573ad..786af6d4a 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -98,7 +98,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) mbedtls_md_free( &ctx->hmac_ctx ); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); From 46efbff2c1acd72ab12a2d9d1b7ed903850e57e6 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 13:13:15 +0000 Subject: [PATCH 50/54] Fix failing pkparse test case The first three test cases from test_suites_pkparse.data failed because the key file they read requires DES to be read. However, MBEDTLS_DES_C was missing from the dependency list. --- tests/suites/test_suite_pkparse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 763c0db6b..8c27708f0 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1,13 +1,13 @@ Parse RSA Key #1 (No password when required) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #2 (Correct password) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) From e0545c30ddc0dc5ee03705e31d5f6ebb0a8452b4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 6 Jan 2017 13:17:35 +0000 Subject: [PATCH 51/54] Fix buffer overflow in mbedtls_mpi_write_string() Fix a buffer overflow when writting a string representation of an MPI number to a buffer in hexadecimal. The problem occurs because hex digits are written in pairs and this is not accounted for in the calculation of the required buffer size when the number of digits is odd. --- ChangeLog | 3 +++ library/bignum.c | 7 ++++++- tests/suites/test_suite_mpi.data | 3 +++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 32d76df95..a298738fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,9 @@ Bugfix generated in Visual Studio 2015. Reported by Steve Valliere. #742 * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C. Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771 + * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI + number to write in hexadecimal is negative and requires an odd number of + digits. Found and fixed by Guido Vranken. = mbed TLS 2.1.6 branch released 2016-10-17 diff --git a/library/bignum.c b/library/bignum.c index 7841bea43..199b4f2ee 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -534,7 +534,12 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, n = mbedtls_mpi_bitlen( X ); if( radix >= 4 ) n >>= 1; if( radix >= 16 ) n >>= 1; - n += 3; + /* + * Round up the buffer length to an even value to ensure that there is + * enough room for hexadecimal values that can be represented in an odd + * number of digits. + */ + n += 3 + ( ( n + 1 ) & 1 ); if( buflen < n ) { diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 3fd7f2d1b..0d4ee4490 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -46,6 +46,9 @@ mpi_read_write_string:16:"":16:"00":4:0:0 Test mpi_read_write_string #9 (Empty MPI -> dec) mpi_read_write_string:16:"":10:"0":4:0:0 +Test mpi_write_string #10 (Negative hex with odd number of digits) +mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + Base test mbedtls_mpi_read_binary #1 mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" From bd6882b8669ade3a20ff1f6409e1fe1abb0b2ca7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 7 Mar 2017 12:37:14 +0000 Subject: [PATCH 52/54] Corrected attibution in Changelog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a298738fa..af5aa723d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,7 +17,8 @@ Security when verifying the validity of a key on secp224k1. This could be triggered remotely for example with a maliciously constructed certificate and potentially could lead to remote code execution on some platforms. - Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784 + Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos + team. #569 CVE-2017-2784 Bugfix * Fix output certificate verification flags set by x509_crt_verify_top() when From 340bb1bab1c4e0c76ff6c4f284630ed03f9ce0af Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 7 Mar 2017 19:35:49 +0000 Subject: [PATCH 53/54] Added missing credit to ChangeLog for #555 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index af5aa723d..f4ce56d60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,8 @@ Bugfix * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI number to write in hexadecimal is negative and requires an odd number of digits. Found and fixed by Guido Vranken. + * Fix unlisted DES configuration dependency in some pkparse test cases. Found + by inestlerode. #555 = mbed TLS 2.1.6 branch released 2016-10-17 From 23234776994c64c08f47b6db55a593e01b71c5ef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 8 Mar 2017 16:29:31 +0000 Subject: [PATCH 54/54] Update version number to 2.1.7 for release --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- yotta/data/module.json | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index f4ce56d60..fe5ce6535 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.1.x branch released xxxx-xx-xx += mbed TLS 2.1.7 branch released 2017-03-08 Security * Add checks to prevent signature forgeries for very large messages while diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 8400fccac..7ce531409 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.1.6 source code documentation + * @mainpage mbed TLS v2.1.7 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index bfe59925e..57ac14681 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.1.6" +PROJECT_NAME = "mbed TLS v2.1.7" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 3d6d162e5..a4b4559ef 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,16 +39,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 1 -#define MBEDTLS_VERSION_PATCH 6 +#define MBEDTLS_VERSION_PATCH 7 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02010600 -#define MBEDTLS_VERSION_STRING "2.1.6" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.1.6" +#define MBEDTLS_VERSION_NUMBER 0x02010700 +#define MBEDTLS_VERSION_STRING "2.1.7" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.1.7" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index ce128ef2a..fbafa8ef0 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -138,15 +138,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.1.6 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.1.7 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.1.6 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.1.7 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.1.6 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.1.7 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 13f7c666e..6a6ca0c3f 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.1.6" +check_compiletime_version:"2.1.7" Check runtime library version -check_runtime_version:"2.1.6" +check_runtime_version:"2.1.7" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 diff --git a/yotta/data/module.json b/yotta/data/module.json index aef538f48..0068e72a5 100644 --- a/yotta/data/module.json +++ b/yotta/data/module.json @@ -1,6 +1,6 @@ { "name": "mbedtls", - "version": "2.1.4", + "version": "2.1.7", "description": "The mbed TLS crypto/SSL/TLS library", "licenses": [ {