Commit graph

1018 commits

Author SHA1 Message Date
Simon Butcher 55bd7e450c Fix for bug introduced in backporting MPI MSVC fix
Some variables were being declared twice in int_div_int() due to an error in
cherry-picking the commit from mbedtls-1.3
2016-01-04 00:29:17 +00:00
Simon Butcher 6901e50d81 Fix for MPI divide on MSVC
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 23:12:21 +00:00
Simon Butcher e5049f46d4 Fix for memory leak in RSA-SSA signing
Fix in rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2016-01-02 01:24:15 +00:00
Simon Butcher c3f9229d49 Merge branch 'iotssl-541-1.2-pathlen-bugfix' into polarssl-1.2 2016-01-01 01:37:03 +00:00
Simon Butcher c23bf6e23c Avoid seemingly-possible overflow
By looking just at that test, it looks like 2 + dn_size could overflow. In
fact that can't happen as that would mean we've read a CA cert of size is too
big to be represented by a size_t.

However, it's best for code to be more obviously free of overflow without
having to reason about the bigger picture.
2015-12-22 23:53:04 +00:00
Simon Butcher 15f0bbef2d Added integer divide by as separate function
Added 64bit integer divided by 32bit integer, with remainder
2015-12-22 18:39:08 +00:00
Manuel Pégourié-Gonnard 7929229a32 Fix bug checking pathlen on first intermediate
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.

The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)

fixes #280
2015-12-03 09:53:20 +01:00
Manuel Pégourié-Gonnard d7d0b0118c Add test case for root with max_pathlen=0
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"
2015-12-03 09:49:57 +01:00
Manuel Pégourié-Gonnard cec3289659 Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:
(using mbed TLS 2.2 as 1.2 does not hove those programs)

programs/pkey/gen_key type=rsa filename=cert81.key
programs/pkey/gen_key type=rsa filename=cert82.key
programs/pkey/gen_key type=rsa filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"
2015-12-02 12:04:49 +01:00
Simon Butcher 0d1cf0fec1 Change version number to 1.2.18
Changed for library version
2015-11-06 10:51:16 +00:00
Simon Butcher 06f8b91777 Corrected typo in ChangeLog 2015-11-03 23:15:00 +00:00
Manuel Pégourié-Gonnard 1afde77a3f Merge branch 'polarssl-1.2' into polarssl-1.2-restricted
* polarssl-1.2:
  Use own implementation of strsep()
  Add Changelog entries for this branch
  Use symbolic constants in test data
  Fixed pathlen contraint enforcement.
  Additional corner cases for testing pathlen constrains
  Added test case for pathlen constrains in intermediate certificates
2015-11-02 06:58:09 +09:00
Manuel Pégourié-Gonnard 4dd43ae647 Use own implementation of strsep() 2015-11-02 06:52:52 +09:00
Manuel Pégourié-Gonnard 018063477b Add Changelog entries for this branch 2015-11-02 06:10:24 +09:00
Manuel Pégourié-Gonnard 7a4d9a5b92 Use symbolic constants in test data 2015-11-02 06:10:24 +09:00
Manuel Pégourié-Gonnard e51f47c78b Fixed pathlen contraint enforcement.
backport of 92ac059
2015-11-02 06:10:24 +09:00
Manuel Pégourié-Gonnard ab003740b4 Additional corner cases for testing pathlen constrains
backport of 3d98a7e
2015-11-02 06:10:24 +09:00
Manuel Pégourié-Gonnard 03ae1bc3f2 Added test case for pathlen constrains in intermediate certificates 2015-11-02 06:09:57 +09:00
Manuel Pégourié-Gonnard f2256ebd43 Merge branch 'polarssl-1.2' into polarssl-1.2-restricted
* polarssl-1.2:
  Disable reportedly broken assembly of Sparc(64)
2015-10-30 10:18:25 +01:00
Manuel Pégourié-Gonnard 31e095ef00 Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-10-27 15:14:35 +01:00
Manuel Pégourié-Gonnard 5388eea449 Fix potential buffer overflow in asn1write
Ref: IOTSSL-519
2015-10-27 11:39:32 +01:00
Manuel Pégourié-Gonnard 80e6cffcad Fix potential heap corruption on Windows
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.

Ref: IOTSSL-518

backport of 261faed725
2015-10-27 11:30:31 +01:00
Manuel Pégourié-Gonnard 69994584c7 Fix typo in documenation 2015-10-20 09:38:39 +02:00
Simon Butcher 66aa1a3088 Corrected misleading fn description in ssl_cache.h
Mistake in comments spotted by Andris Mednis
2015-10-19 19:39:46 +01:00
Manuel Pégourié-Gonnard 305722fa12 Bump version to 1.2.17 2015-10-05 19:14:51 +01:00
Simon Butcher 697b37a365 Merge branch 'polarssl-1.2-restricted' of ssh://github.com/ARMmbed/mbedtls-restricted into polarssl-1.2-restricted 2015-10-05 17:34:36 +01:00
Simon Butcher 8b846b8804 Added CVE code to ChangeLog 2015-10-05 17:34:19 +01:00
Manuel Pégourié-Gonnard 01978bfe63 Merge branch 'polarssl-1.2' into polarssl-1.2-restricted
* polarssl-1.2:
  Fix spurious #endif from previous cherry-pick
  Fix macroization of inline in C++
  Add missing warning in doc
  Fix compile error in net.c with musl libc
2015-10-05 17:31:05 +01:00
Simon Butcher ac4461f783 Changed attribution for Guido Vranken 2015-10-05 17:26:53 +01:00
Simon Butcher c047c74b95 Merge of multiple security fixes 2015-10-05 17:18:59 +01:00
Manuel Pégourié-Gonnard 42571ddb4e Fix references to non-standard SIZE_T_MAX
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:31:53 +01:00
Manuel Pégourié-Gonnard cfd1ba9f7c Fix spurious #endif from previous cherry-pick 2015-10-05 14:57:55 +01:00
Manuel Pégourié-Gonnard 0123405f32 Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 14:37:00 +01:00
Manuel Pégourié-Gonnard 021a11500f Add missing warning in doc
Found by Nicholas Wilson

fixes #288
2015-10-05 14:34:46 +01:00
Manuel Pégourié-Gonnard 27840e0d43 Fix compile error in net.c with musl libc
fixes #278
2015-10-05 14:32:43 +01:00
Manuel Pégourié-Gonnard d64f1ad98b Fix potential overflow in CertificateRequest 2015-10-02 12:36:02 +02:00
Manuel Pégourié-Gonnard 65d6a97e65 Add ChangeLog entry 2015-10-02 10:09:53 +02:00
Manuel Pégourié-Gonnard 9a656a0aaa Fix typos in ChangeLog 2015-10-01 18:19:14 +02:00
Manuel Pégourié-Gonnard e4e4be77be Fix potential overflow in base64_encode 2015-10-01 18:10:17 +02:00
Manuel Pégourié-Gonnard b73ce45b3f Fix potential random malloc in pem_read() 2015-10-01 17:00:22 +02:00
Manuel Pégourié-Gonnard 9b75305d6a Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-01 16:59:55 +02:00
Manuel Pégourié-Gonnard 73011bba95 Fix stack buffer overflow in pkcs12 2015-10-01 16:57:47 +02:00
Simon Butcher 13ca8951f9 Added max length checking of hostname 2015-09-30 00:45:21 +01:00
Simon Butcher 2cf9696785 Refined credits in ChangeLog for fuzzing issue
Changed GDS to Gotham Digital Science
2015-09-22 10:26:12 +01:00
Manuel Pégourié-Gonnard a7975dcf9a Remove file that should never have been added
Oops.
2015-09-21 12:07:10 +02:00
Manuel Pégourié-Gonnard 9405e462d0 Bump version to 1.2.15 2015-09-17 11:55:25 +02:00
Manuel Pégourié-Gonnard 5b76bb8605 Fix GNUism in bump_version.sh 2015-09-17 11:54:19 +02:00
Simon Butcher d107e20c7a Merge pull request #296 from ARMmbed/polarssl-1.2-restricted
Merge of polarssl-1.2-restricted
2015-09-17 01:27:41 +01:00
Manuel Pégourié-Gonnard 2bc4505f5d Add counter-measure against RSA-CRT attack
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

backport of a1cdcd2
2015-09-09 12:36:49 +02:00
Manuel Pégourié-Gonnard fa566e3545 Fix possible client crash on API misuse 2015-09-03 11:01:37 +02:00