Manuel Pégourié-Gonnard
770f453547
Remove useless code
...
closes #321
2015-10-27 10:29:26 +01:00
Simon Butcher
60d41b5d87
Corrected URL/reference to MPI library
2015-10-27 10:28:11 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6
Merge branch 'development' into development-restricted
...
* development:
Remove inline workaround when not useful
Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3
Fix for #279 macroisation of 'inline' keyword
2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
2d7083435d
Fix references to non-standard SIZE_T_MAX
...
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard
899ac849d0
Merge branch 'development' into development-restricted
...
* development:
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
0431735299
Fix compile error in net.c with musl libc
...
fixes #278
2015-10-05 12:17:49 +01:00
Simon Butcher
475cf0a98a
Merge fix of IOTSSL-496 - Potential heap overflow
...
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard
0223ab9d38
Fix macroization of inline in C++
...
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher
fec73a8eec
Merge of fix for IOTSSL-481 - Double free
...
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher
6418ffaadb
Merge fix for IOTSSL-480 - base64 overflow issue
2015-10-05 09:54:11 +01:00
Simon Butcher
a45aa1399b
Merge of IOTSSL-476 - Random malloc in pem_read()
2015-10-05 00:26:36 +01:00
Simon Butcher
e7f96f22ee
Merge fix IOTSSL-475 Potential buffer overflow
...
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
Simon Butcher
d5ba4672b2
Merge fix for IOTSSL-474 PKCS12 Overflow
...
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
Simon Butcher
5b8d1d65f7
Fix for IOTSSL-473 Double free error
...
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard
ef388f168d
Merge branch 'development' into development-restricted
...
* development:
Updated ChangeLog with credit
Fix a fairly common typo in comments
Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
bc1babb387
Fix potential overflow in CertificateRequest
2015-10-02 11:20:28 +02:00
Manuel Pégourié-Gonnard
0aa45c209a
Fix potential overflow in base64_encode
2015-09-30 16:37:49 +02:00
Simon Butcher
5624ec824e
Reordered TLS extension fields in client
...
Session ticket placed at end
2015-09-29 01:06:06 +01:00
Simon Butcher
04799a4274
Fixed copy and paste error
...
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Simon Butcher
0fc94e9f83
Revised bounds checking on TLS extensions
...
Revisions following review feedback
2015-09-28 20:52:04 +01:00
Simon Butcher
9f81231fb8
Revised hostname length check from review
2015-09-28 19:22:33 +01:00
Manuel Pégourié-Gonnard
d02a1daca7
Fix stack buffer overflow in pkcs12
2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard
24417f06fe
Fix potential double-free in mbedtls_ssl_conf_psk()
2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard
58fb49531d
Fix potential buffer overflow in mpi_read_string()
...
Found by Guido Vranken.
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-28 15:59:54 +02:00
Simon Butcher
ed9976634f
Added bounds checking for TLS extensions
...
IOTSSL-478 - Added checks to prevent buffer overflows.
2015-09-28 02:14:30 +01:00
Simon Butcher
89f77623b8
Added max length checking of hostname
2015-09-27 22:50:49 +01:00
Tillmann Karras
588ad50c5a
Fix a fairly common typo in comments
2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8
Bump version to 2.1.1
2015-09-17 11:58:45 +02:00
Simon Butcher
ac58c53ab1
Merge remote-tracking branch 'origin/development'
2015-09-16 23:25:25 +01:00
Simon Butcher
7dd82f8fd5
Merge branch 'development' with bugfix branch
...
Conflicts:
ChangeLog
2015-09-16 16:21:38 +01:00
Simon Butcher
5793e7ef01
Merge 'development' into iotssl-411-port-reuse
...
Conflicts:
ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
f7022d1131
Fix bug in server parsing point formats extension
...
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.
Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
cause us to immediately abort the handshake.
None of these are a security issue.
The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Manuel Pégourié-Gonnard
ea5370d4a2
Don't allow reconnect during handshake
...
Especially for resumed handshake, it's entirely possible for an epoch=0
ClientHello to be retransmitted or arrive so late that the server is already
at epoch=1. There is no good way to detect whether it's that or a reconnect.
However:
- a late ClientHello seems more likely that client going down and then up
again in the middle of a handshake
- even if that's the case, we'll time out on that handshake soon enough
- we don't want to break handshake flows that used to work
So the safest option is to not treat that as a reconnect.
2015-09-15 15:17:54 +02:00
Simon Butcher
49641ad799
Merge pull request #275 from embedthis/fix-1
...
FIX: compiler warning with recvfrom on 64-bit
2015-09-14 19:59:28 +01:00
Simon Butcher
d0bf6a3891
Update ssl_tls.c
...
Clarification in comments
2015-09-11 17:34:49 +01:00
Simon Butcher
74ca8d07ad
Update ssl_tls.c
...
Clarification in comments to ssl_handle_possible_reconnect()
2015-09-11 17:22:40 +01:00
Simon Butcher
0789aed39d
Update ssl_tls.c
...
Typo
2015-09-11 17:15:17 +01:00
Embedthis Software
a25cab8bea
FIX: compiler warning with recvfrom on 64-bit
2015-09-09 08:49:48 -07:00
Manuel Pégourié-Gonnard
ddfe5d20d1
Tune dependencies
...
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
2ed05a049a
Fix typos
2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard
ab05d23b29
Update generated file
2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard
62c74bb78a
Stop wasting resources
...
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.
Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
Nicholas Wilson
2088e2ebd9
fix const-ness of argument to mbedtls_ssl_conf_cert_profile
...
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
Simon Butcher
e5a21b4493
Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
...
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard
5f50104c52
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard
3f09b6d4c2
Fix API
2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard
be619c1264
Clean up error codes
2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
11331fc25b
First working dirty version
...
- uses too much resources
- wrong API
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
9650205df7
Start detecting epoch 0 ClientHellos
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d
Fix possible client crash on API misuse
2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
aac5502553
Bump version to 2.1.0
2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
Simon Butcher
52754594b6
Merging iotssl-457-badtail with development branch
2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b
Skip to trusted certs early in the chain
...
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).
closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12
Fix RSA mutex fix
...
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.
Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.
see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
1385a289f4
Fix possible mutex lock/unlock mismatch
...
fixes #257
2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard
e578b1c79a
Relax timing_self_test for windows idiosyncrasies
2015-08-18 20:11:48 +02:00
Manuel Pégourié-Gonnard
c98204e68f
Fix missing break in switch for SSL presets
...
closes #235
2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard
91bbfb6fb7
Make timing selftest less sensitive
...
- allow up to 12.5% security/error margin
- use larger delays
- this avoid the security/error margin being too low
The test used to fail about 1 out of 6 times on some buildbots VMs, but never
failed on the physical machines used for development.
2015-08-10 14:33:12 +02:00
Manuel Pégourié-Gonnard
ed46c436c0
Fix error when loading libmbedtls.so
2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard
111ce9f735
Fix build error with shared libraries for windows
2015-08-07 12:07:16 +02:00
Manuel Pégourié-Gonnard
8018c28600
Add -static-libgcc for Windows dll builds
2015-08-07 11:55:56 +02:00
Manuel Pégourié-Gonnard
620ee19823
Fix return of x509_self_test without SHA-1
...
No being able to run the test is not a failure
2015-08-07 10:57:47 +02:00
Manuel Pégourié-Gonnard
d1004f02e6
Fix printed output of some selftests
2015-08-07 10:57:41 +02:00
Manuel Pégourié-Gonnard
0a8857435c
DTLS: treat bad MAC on Finished as an error
...
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.
closes #227
2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard
052d10c9d5
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
Simon Butcher
10a6f02f83
Merge branch 'development' into IOTSSL-442-hello-noext
...
Conflicts:
ChangeLog
2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard
6f42417ba8
Fix typo in that broke installation in cmake
...
closes #221
2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard
4cc8c63226
Add test for extensionless ClientHello
2015-07-23 12:24:03 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654
Fix bug with extension-less ServerHello
...
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug
in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
cb0d212c97
Fix level of some debug messages
2015-07-22 11:52:11 +02:00
Manuel Pégourié-Gonnard
b076116e14
Fix one debug message
2015-07-22 11:39:23 +02:00
Manuel Pégourié-Gonnard
1bab7d7064
Fix blank line in comments
2015-07-13 09:06:18 +01:00
Paul Bakker
4cb87f409d
Prepare for 2.0.0 release
2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
fc2ccfe72c
Fix missing comma with ENTROPY_HARDWARE_ALT
2015-07-10 11:15:50 +01:00
Manuel Pégourié-Gonnard
a4f055fe0c
Some windows environments don't have _snprint_s
...
Do an alternative version for them.
That happens for example with our windows buildbot with mingw32-make.
2015-07-08 17:35:37 +02:00
Manuel Pégourié-Gonnard
20af64dc2c
Still need to #define inline for MSVC
...
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard
e540b49a3f
Add one more debug message
2015-07-07 12:44:38 +02:00
Manuel Pégourié-Gonnard
b4b19f395f
Add a debug message
2015-07-07 11:41:21 +02:00
Manuel Pégourié-Gonnard
001f2b6246
Use xxx_clone() instead of memcpy() in SSL
2015-07-06 16:54:51 +02:00
Manuel Pégourié-Gonnard
c0bf01e8d2
Undo overzealous renaming of internal variables
...
The rename script couldn't know it was a local variable with the same name as
on of the global functions
2015-07-06 16:26:23 +02:00
Manuel Pégourié-Gonnard
052a6c9cfe
Add mbedtls_md_clone()
2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard
16d412f465
Add md/shaXXX_clone() API
...
Will be used in the SSL/TLS modules
2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard
b9d64e5bbe
Fix missing calls to md/shaxxx_free()
2015-07-06 14:18:56 +02:00
Manuel Pégourié-Gonnard
71d296a15d
Add missing calls to _free() in md_wrap
...
We can't just assume xxx_free() will only zeroize, because of alternative
implementations
2015-07-06 11:36:25 +02:00
Manuel Pégourié-Gonnard
5791109707
Make the hardclock test optional
...
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard
9bd0afdb22
Add guards for closed socket in net.c
...
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.
This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard
2505528be4
Rm obsolete defines for inline wiht MSVC
...
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard
636741b176
Remove obsolete hacks for uin32_t
...
We now require support for stdint.h from the compiler.
2015-07-01 17:13:05 +02:00
Manuel Pégourié-Gonnard
9de64f5af1
Fix MSVC warnings in library and programs
2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard
acecb653d5
Fix mbedtls_net_usleep() on Windows
...
For some reason select() doesn't seem to work.
2015-07-01 12:00:56 +02:00
Manuel Pégourié-Gonnard
abc729e664
Simplify net_accept() with UDP sockets
...
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
db2468d7aa
Update old comment
2015-06-30 17:19:48 +02:00
Manuel Pégourié-Gonnard
3d7d00ad23
Rename mbedtls_net_close() to mbedtls_net_free()
...
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard
91895853ac
Move from naked int to a structure in net.c
...
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard
16a17a496c
Fix net_accept() for UDP sockets on Windows
...
On Windows, recvfrom() returns an error code if the destination buffer is too
small to hold the next datagram.
2015-06-30 11:31:10 +02:00
Manuel Pégourié-Gonnard
a16e7c468c
Rename a debug function
2015-06-29 20:14:19 +02:00