Commit graph

1826 commits

Author SHA1 Message Date
Simon Butcher 2261f198ee Merge branch 'mbedtls-1.3' 2016-10-17 16:09:06 +01:00
Simon Butcher 149950d876 Added checks for POLARSSL_SSL_CLI_C
Added additional POLARSSL_SSL_CLI_C preprocessor conditions to suppress warnings on
server only builds.
2016-10-15 22:35:06 +01:00
Simon Butcher 60371454bd Merge branch for fix for #502 - Unchecked calls 2016-10-14 01:10:02 +01:00
Simon Butcher 8a1a91f3da Update features list 2016-10-13 22:11:15 +01:00
Andres AG 0da3e44fea Add check for validity of date in x509_get_time() 2016-10-13 17:00:01 +01:00
Andres AG 67ae0b9839 Fix sig->tag update in mbedtls_x509_get_sig() 2016-10-13 15:33:07 +01:00
Janos Follath 441d6f9833 Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 14:14:16 +01:00
Janos Follath bfcd032f9d Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 12:54:33 +01:00
Andres AG 6ad5d9450a Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-13 12:54:32 +01:00
Andres AG 57e6e8fbb7 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 12:54:32 +01:00
Andres AG 372bf79d67 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-13 12:45:07 +01:00
Simon Butcher 7458bc39ae Fix guards in SSL for ECDH key exchanges 2016-10-13 12:44:20 +01:00
Janos Follath af1e74be70 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-10-13 12:44:19 +01:00
Janos Follath 3072458ec3 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 09:27:18 +01:00
Andres AG cdbcd2012d Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:56:03 +01:00
Andres AG 15fdb7f9ff Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 18:28:03 +01:00
Janos Follath 17da9dd829 Add option for relaxed X509 time verification.
The certificates are not valid according to the RFC, but are in wide
distribution across the internet. Hence the request to add a
compile-time flag to accept these certificates if wanted by the
application.

If POLARSSL_RELAXED_X509_DATE is enabled it will allow dates without
seconds, and allow dates with timezones (but doesn't actually use
the timezone).

Patch provided by OpenVPN.
2016-09-30 09:04:18 +01:00
Brian J Murray 4556d205a3 Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502)
* Fixed unchecked calls to mbedtls_md_setup in rsa.c:

* style fixes
2016-09-05 14:11:45 +01:00
Simon Butcher 25e569877a Fix guards in SSL for ECDH key exchanges 2016-09-05 15:14:22 +03:00
Janos Follath 8a8445415f X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-07-14 14:08:53 +01:00
Simon Butcher 4f7b13bd79 Changed library version number to 1.3.17 2016-06-27 19:37:31 +01:00
Simon Butcher fd349bcb8e Merge branch 'mbedtls-1.3' into mbedtls-1.3 2016-06-27 01:29:03 +01:00
Janos Follath 307e181cfa Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 18:52:14 +01:00
Janos Follath 742783fe85 Included tests for the overflow
Conflicts:
	library/rsa.c
2016-05-18 19:58:41 +01:00
Simon Butcher d3253b018e Fix for backprt of IOTSSL-628
Corrections to constand and function names changed between 1.3 and 2.1
2016-05-18 19:58:41 +01:00
Janos Follath 092f2c48c4 Move underflow test to make time constant 2016-05-18 19:58:41 +01:00
Janos Follath 3bed13df1c Included test for integer underflow. 2016-05-18 19:58:40 +01:00
Janos Follath f18263d78b Removing 'if' branch from the fix.
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-05-18 19:58:40 +01:00
Janos Follath f570f7f686 Length check added 2016-05-18 19:58:40 +01:00
Simon Butcher 01660396da Corrects debug macro in ssl_cli.c 2016-04-22 10:05:50 +01:00
Janos Follath 4e03439e6a Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:59:00 +01:00
Janos Follath 7ddc2cdfce Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:28:24 +01:00
Simon Butcher e9f842782b Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-19 10:02:43 +01:00
Janos Follath d61fc6881a Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:42:17 +01:00
Simon Butcher a91d85e331 Fix for net_usleep() timing selftest on mingw
In mingw32, net_usleep() was failing to sleep for the given period, and was
sleeping in microseconds, not milliseconds. Fix backported from mbed TLS 2.x of
using the Win32 Sleep() API call rather than using the timeout of select().
2016-01-15 14:36:08 +00:00
Manuel Pégourié-Gonnard 20715dc73b Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-08 15:28:40 +01:00
Manuel Pégourié-Gonnard faae6d2019 Fix backporting mistakes in previous 5 commits 2016-01-08 15:24:46 +01:00
Janos Follath 2db440d2f1 Improved on the previous fix and added a test case to cover both types
of carries.
2016-01-08 15:22:05 +01:00
Janos Follath 2b806fad7b Removed recursion from fix #309. 2016-01-08 15:20:29 +01:00
Janos Follath ff5317e99b Improved on the fix of #309 and extended the test to cover subroutines. 2016-01-08 15:19:14 +01:00
Janos Follath 87f1494809 Tests and fix added for #309 (inplace mpi doubling). 2016-01-08 15:18:03 +01:00
Simon Butcher 84181adae8 Change version number to 1.3.16
Changed version for library files and yotta module
2016-01-04 22:49:30 +00:00
Simon Butcher 302c5fed24 Added _ENABLE_MD5_SIGNATURES into features list
Specifically, 'POLARSSL_SSL_ENABLE_MD5_SIGNATURES' into version_features.c
2016-01-04 14:41:31 +00:00
Simon Butcher d7fe6fbd76 Fix for MPI divide on MSVC
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 22:39:18 +00:00
Simon Butcher 14400c8fb0 Merge memory leak fix into branch 'mbedtls-1.3'
Merge of fix for memory leak in RSA-SSA signing - #372
2016-01-02 00:28:19 +00:00
Simon Butcher 7d3f3a8ac8 Fix for memory leak in RSA-SSA signing
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2016-01-02 00:03:39 +00:00
Simon Butcher a192c8f5d8 Merge branch 'iotssl-541-1.3-pathlen-bugfix' 2016-01-01 01:13:45 +00:00
Simon Butcher caa8b4977c Merge remote-tracking branch 'origin/misc-1.3' into mbedtls-1.3 2015-12-22 20:15:35 +00:00
Manuel Pégourié-Gonnard cf16b79238 Avoid seemingly-possible overflow
By looking just at that test, it looks like 2 + dn_size could overflow. In
fact that can't happen as that would mean we've read a CA cert of size is too
big to be represented by a size_t.

However, it's best for code to be more obviously free of overflow without
having to reason about the bigger picture.
2015-12-22 20:13:35 +00:00
Simon Butcher e4ed3475b0 Added integer divide by as separate function
Added 64bit integer divided by 32bit integer, with remainder
2015-12-22 15:26:57 +00:00