mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-03 17:15:46 +00:00
Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3: Include changes from the 1.2 branch Remove unused headers in o_p_test Add countermeasure against cache-based lucky 13 Make results of (ext)KeyUsage accessible Fix missing NULL check in MPI Fix detection of getrandom() Fix "make install" handling of symlinks Fix bugs in programs displaying verify flags Conflicts: Makefile include/polarssl/ssl.h library/entropy_poll.c library/ssl_srv.c library/ssl_tls.c programs/test/o_p_test.c programs/test/ssl_cert_test.c programs/x509/cert_app.c
This commit is contained in:
commit
da61ed3346
66
ChangeLog
66
ChangeLog
|
@ -117,6 +117,11 @@ Features
|
||||||
errors on use of deprecated functions.
|
errors on use of deprecated functions.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
|
* mpi_size() and mpi_msb() would segfault when called on an mpi that is
|
||||||
|
initialized but not set (found by pravic).
|
||||||
|
* Fix detection of support for getrandom() on Linux (reported by syzzer) by
|
||||||
|
doing it at runtime (using uname) rather that compile time.
|
||||||
|
* Fix handling of symlinks by "make install" (found by Gaël PORTAY).
|
||||||
* Fix potential NULL pointer dereference (not trigerrable remotely) when
|
* Fix potential NULL pointer dereference (not trigerrable remotely) when
|
||||||
ssl_write() is called before the handshake is finished (introduced in
|
ssl_write() is called before the handshake is finished (introduced in
|
||||||
1.3.10) (first reported by Martin Blumenstingl).
|
1.3.10) (first reported by Martin Blumenstingl).
|
||||||
|
@ -663,6 +668,67 @@ Security
|
||||||
* RSA blinding on CRT operations to counter timing attacks
|
* RSA blinding on CRT operations to counter timing attacks
|
||||||
(found by Cyril Arnaud and Pierre-Alain Fouque)
|
(found by Cyril Arnaud and Pierre-Alain Fouque)
|
||||||
|
|
||||||
|
|
||||||
|
= Version 1.2.14 released 2015-05-??
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix potential invalid memory read in the server, that allows a client to
|
||||||
|
crash it remotely (found by Caj Larsson).
|
||||||
|
* Fix potential invalid memory read in certificate parsing, that allows a
|
||||||
|
client to crash the server remotely if client authentication is enabled
|
||||||
|
(found using Codenomicon Defensics).
|
||||||
|
* Add countermeasure against "Lucky 13 strikes back" cache-based attack,
|
||||||
|
https://dl.acm.org/citation.cfm?id=2714625
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
|
||||||
|
* Fix hardclock() (only used in the benchmarking program) with some
|
||||||
|
versions of mingw64 (found by kxjhlele).
|
||||||
|
* Fix warnings from mingw64 in timing.c (found by kxjklele).
|
||||||
|
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
|
||||||
|
platforms (found with Coverity Scan).
|
||||||
|
|
||||||
|
= Version 1.2.13 released 2015-02-16
|
||||||
|
Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
|
||||||
|
this will be made in the 1.2 branch at this point.
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix remotely-triggerable uninitialised pointer dereference caused by
|
||||||
|
crafted X.509 certificate (TLS server is not affected if it doesn't ask
|
||||||
|
for a client certificate) (found using Codenomicon Defensics).
|
||||||
|
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
|
||||||
|
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||||
|
(found using Codenomicon Defensics).
|
||||||
|
* Fix potential stack overflow while parsing crafted X.509 certificates
|
||||||
|
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||||
|
found using Codenomicon Defensics).
|
||||||
|
* Fix buffer overread of size 1 when parsing crafted X.509 certificates
|
||||||
|
(TLS server is not affected if it doesn't ask for a client certificate).
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix potential undefined behaviour in Camellia.
|
||||||
|
* Fix memory leaks in PKCS#5 and PKCS#12.
|
||||||
|
* Stack buffer overflow if ctr_drbg_update() is called with too large
|
||||||
|
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
|
||||||
|
* Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced
|
||||||
|
in 1.2.12).
|
||||||
|
* Fix unchecked return code in x509_crt_parse_path() on Windows (found by
|
||||||
|
Peter Vaskovic).
|
||||||
|
* Fix assembly selection for MIPS64 (thanks to James Cowgill).
|
||||||
|
* ssl_get_verify_result() now works even if the handshake was aborted due
|
||||||
|
to a failed verification (found by Fredrik Axelsson).
|
||||||
|
* Skip writing and parsing signature_algorithm extension if none of the
|
||||||
|
key exchanges enabled needs certificates. This fixes a possible interop
|
||||||
|
issue with some servers when a zero-length extension was sent. (Reported
|
||||||
|
by Peter Dettman.)
|
||||||
|
* On a 0-length input, base64_encode() did not correctly set output length
|
||||||
|
(found by Hendrik van den Boogaard).
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
|
||||||
|
* Forbid repeated extensions in X.509 certificates.
|
||||||
|
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
|
||||||
|
length of an X.509 verification chain (default = 8).
|
||||||
= Version 1.2.12 released 2014-10-24
|
= Version 1.2.12 released 2014-10-24
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -22,7 +22,7 @@ install:
|
||||||
cp -r include/mbedtls $(DESTDIR)/include
|
cp -r include/mbedtls $(DESTDIR)/include
|
||||||
|
|
||||||
mkdir -p $(DESTDIR)/lib
|
mkdir -p $(DESTDIR)/lib
|
||||||
cp library/libmbedtls.* $(DESTDIR)/lib
|
cp -RP library/libmbedtls.* $(DESTDIR)/lib
|
||||||
|
|
||||||
mkdir -p $(DESTDIR)/bin
|
mkdir -p $(DESTDIR)/bin
|
||||||
for p in programs/*/* ; do \
|
for p in programs/*/* ; do \
|
||||||
|
|
|
@ -150,7 +150,9 @@ typedef struct
|
||||||
mbedtls_mpi;
|
mbedtls_mpi;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Initialize one MPI
|
* \brief Initialize one MPI (make internal references valid)
|
||||||
|
* This just makes it ready to be set or freed,
|
||||||
|
* but does not define a value for the MPI.
|
||||||
*
|
*
|
||||||
* \param X One MPI to initialize.
|
* \param X One MPI to initialize.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -356,6 +356,9 @@ size_t mbedtls_mpi_msb( const mbedtls_mpi *X )
|
||||||
{
|
{
|
||||||
size_t i, j;
|
size_t i, j;
|
||||||
|
|
||||||
|
if( X->n == 0 )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
for( i = X->n - 1; i > 0; i-- )
|
for( i = X->n - 1; i > 0; i-- )
|
||||||
if( X->p[i] != 0 )
|
if( X->p[i] != 0 )
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -86,27 +86,46 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
|
||||||
{
|
{
|
||||||
return( syscall( SYS_getrandom, buf, buflen, flags ) );
|
return( syscall( SYS_getrandom, buf, buflen, flags ) );
|
||||||
}
|
}
|
||||||
#endif /* SYS_getrandom */
|
|
||||||
#endif /* __linux__ */
|
|
||||||
|
|
||||||
#if defined(HAVE_GETRANDOM)
|
#include <sys/utsname.h>
|
||||||
|
/* Check if version is at least 3.17.0 */
|
||||||
#include <errno.h>
|
static int check_version_3_17_plus( void )
|
||||||
|
|
||||||
int mbedtls_platform_entropy_poll( void *data,
|
|
||||||
unsigned char *output, size_t len, size_t *olen )
|
|
||||||
{
|
{
|
||||||
int ret;
|
int minor;
|
||||||
((void) data);
|
struct utsname un;
|
||||||
|
const char *ver;
|
||||||
|
|
||||||
if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
|
/* Get version information */
|
||||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
uname(&un);
|
||||||
|
ver = un.release;
|
||||||
|
|
||||||
|
/* Check major version; assume a single digit */
|
||||||
|
if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
|
||||||
|
return( -1 );
|
||||||
|
|
||||||
|
if( ver[0] - '0' > 3 )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
/* Ok, so now we know major == 3, check minor.
|
||||||
|
* Assume 1 or 2 digits. */
|
||||||
|
if( ver[2] < '0' || ver[2] > '9' )
|
||||||
|
return( -1 );
|
||||||
|
|
||||||
|
minor = ver[2] - '0';
|
||||||
|
|
||||||
|
if( ver[3] >= '0' && ver[3] <= '9' )
|
||||||
|
minor = 10 * minor + ver[3] - '0';
|
||||||
|
else if( ver [3] != '.' )
|
||||||
|
return( -1 );
|
||||||
|
|
||||||
|
if( minor < 17 )
|
||||||
|
return( -1 );
|
||||||
|
|
||||||
*olen = ret;
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
static int has_getrandom = -1;
|
||||||
#else /* HAVE_GETRANDOM */
|
#endif /* SYS_getrandom */
|
||||||
|
#endif /* __linux__ */
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
|
@ -117,6 +136,22 @@ int mbedtls_platform_entropy_poll( void *data,
|
||||||
size_t ret;
|
size_t ret;
|
||||||
((void) data);
|
((void) data);
|
||||||
|
|
||||||
|
#if defined(HAVE_GETRANDOM)
|
||||||
|
if( has_getrandom == -1 )
|
||||||
|
has_getrandom = ( check_version_3_17_plus() == 0 );
|
||||||
|
|
||||||
|
if( has_getrandom )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
|
||||||
|
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
|
||||||
|
|
||||||
|
*olen = ret;
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* HAVE_GETRANDOM */
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
file = fopen( "/dev/urandom", "rb" );
|
file = fopen( "/dev/urandom", "rb" );
|
||||||
|
@ -135,7 +170,6 @@ int mbedtls_platform_entropy_poll( void *data,
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* HAVE_GETRANDOM */
|
|
||||||
#endif /* _WIN32 && !EFIX64 && !EFI32 */
|
#endif /* _WIN32 && !EFIX64 && !EFI32 */
|
||||||
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
|
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
|
||||||
|
|
||||||
|
|
|
@ -176,12 +176,12 @@ int main( void )
|
||||||
char vrfy_buf[512];
|
char vrfy_buf[512];
|
||||||
|
|
||||||
mbedtls_printf( " failed\n" );
|
mbedtls_printf( " failed\n" );
|
||||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
|
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||||
mbedtls_printf( "%s\n", vrfy_buf );
|
mbedtls_printf( "%s\n", vrfy_buf );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", flags );
|
mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
Arguments with no value
|
||||||
|
mpi_null:
|
||||||
|
|
||||||
Base test mpi_read_write_string #1
|
Base test mpi_read_write_string #1
|
||||||
mpi_read_write_string:10:"128":10:"128":100:0:0
|
mpi_read_write_string:10:"128":10:"128":100:0:0
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,25 @@
|
||||||
* END_DEPENDENCIES
|
* END_DEPENDENCIES
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* BEGIN_CASE */
|
||||||
|
void mpi_null( )
|
||||||
|
{
|
||||||
|
mbedtls_mpi X, Y, Z;
|
||||||
|
|
||||||
|
mbedtls_mpi_init( &X );
|
||||||
|
mbedtls_mpi_init( &Y );
|
||||||
|
mbedtls_mpi_init( &Z );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_msb( &X ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_mpi_free( &X );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void mpi_read_write_string( int radix_X, char *input_X, int radix_A,
|
void mpi_read_write_string( int radix_X, char *input_X, int radix_A,
|
||||||
char *input_A, int output_size, int result_read,
|
char *input_A, int output_size, int result_read,
|
||||||
|
|
Loading…
Reference in a new issue