Commit graph

3332 commits

Author SHA1 Message Date
Simon Butcher 741bd90a30 Merge branch 'mbedtls-1.3-iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:46:37 +00:00
Simon Butcher 13f9e40059 Merge branch 'mbedtls-1.3' 2017-02-25 21:47:24 +00:00
Andres AG dcd49ec05a Add lib target to library/CMakeLists.txt 2017-02-25 21:27:17 +00:00
Andres AG 22d77a209f Fix generate_code.pl to handle escaped : 2017-02-25 21:27:17 +00:00
Simon Butcher 746edf4e75 Add comment to integer overflow fix in base64.c
Adds clarifying comment to the integer overflow fix in base64.c
2017-02-25 21:27:17 +00:00
Andres AG 59abd301f5 Fix integer overflow in mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-25 21:27:17 +00:00
Andres Amaya Garcia 74ef650772 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-25 21:25:44 +00:00
Andres AG 480f7e7d5e Add tests for overreads in pem_read_buffer() 2017-02-25 21:25:07 +00:00
Andres AG de6079af8e Fix buffer overreads in mbedtls_pem_read_buffer() 2017-02-25 21:25:06 +00:00
Simon Butcher df1197dad0 Merge branch 'mbedtls-1.3-restricted' 2017-02-20 23:08:02 +00:00
Andres AG 63c4fda9cf Add lib target to library/CMakeLists.txt 2017-02-20 22:03:19 +00:00
Simon Butcher 851dcc96d4 Add credit to Changelog for #562 2017-02-20 22:03:19 +00:00
Simon Butcher e6254531d0 Fix curves.pl script to build
The script, `tests/scripts/curves.pl` was broken, and did not build due to the
make command not having been updated with the change from polarssl to mbed TLS.
2017-02-20 22:01:55 +00:00
Simon Butcher ba32ebf7f4 Add comment to integer overflow fix in base64.c
Adds clarifying comment to the integer overflow fix in base64.c
2017-02-20 22:01:55 +00:00
Simon Butcher b2bad3c79b Adds dl link library to OpenSSL example builds
The example o_p_test uses OpenSSL. On some platforms that fails to build
unless the dl library is included as a static link library.
2017-02-20 22:01:55 +00:00
Andres AG 7ded99ff64 Fix integer overflow in mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-20 22:01:55 +00:00
Andres Amaya Garcia cfad181250 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-20 22:00:33 +00:00
Andres AG 29b43737ba Fix unused variable/function compilation warnings
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
POLARSSL_PEM_PARSE_C.
2017-02-20 21:57:52 +00:00
Simon B d9c8f26f8b Fix for MSVC Compiler warnings
Fixes Microsoft Visual C compiler warnings in multiple files. All issues
with type mismatches.
2017-02-20 21:56:56 +00:00
Andres AG 562bbb6f6a Add PK tests to avoid hashlen overflow for RSA 2017-02-15 10:44:07 +00:00
Andres AG c71b7eb0e7 Fix data loss in unsigned int cast in PK
This patch introduces some additional checks in the PK module for 64-bit
systems only. The problem is that the API functions in the PK
abstraction accept a size_t value for the hashlen, while the RSA module
accepts an unsigned int for the hashlen. Instead of silently casting
size_t to unsigned int, this change checks whether the hashlen overflows
an unsigned int and returns an error.
2017-02-15 10:44:02 +00:00
Simon Butcher d9bac1f4f9 Merge 'mbedtls-1.3-fix-cmake-lib-target'
Add a lib target to library/CMakeLists.txt to improve compatibility between
mbed TLS 1.3 and more recent versions of the library.
2017-02-03 17:18:33 +00:00
Simon Butcher 98c96fe7c6 Merge branch 'mbedtls-1.3' 2017-02-03 16:54:49 +00:00
Andres AG 5cf7f38806 Add lib target to library/CMakeLists.txt 2017-02-03 16:28:22 +00:00
Simon Butcher df33a6a805 Add credit to Changelog for #562 2017-02-02 16:53:50 +00:00
Simon Butcher 800c7c6195 Merge 'mbedtls-1.3-iotssl-952-tfirmware-warnings'
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
2017-02-02 16:52:37 +00:00
Andres Amaya Garcia 27417426ae Merge pull request #783 from sbutcher-arm/1.3-curves.pl-fix
Fix curves.pl script to build
2017-02-02 15:13:21 +00:00
Simon Butcher 1842a00688 Fix curves.pl script to build
The script, `tests/scripts/curves.pl` was broken, and did not build due to the
make command not having been updated with the change from polarssl to mbed TLS.
2017-02-02 15:06:51 +00:00
Simon Butcher 50b4b12f9f Fix curves.pl script to build
The script, `tests/scripts/curves.pl` was broken, and did not build due to the
make command not having been updated with the change from polarssl to mbed TLS.
2017-02-02 15:01:24 +00:00
Andres AG 6aa732f25a Fix generate_code.pl to handle escaped : 2017-02-02 14:42:40 +00:00
Simon Butcher 2d56a827cc Add comment to integer overflow fix in base64.c
Adds clarifying comment to the integer overflow fix in base64.c
2017-02-02 09:17:41 +00:00
Simon Butcher 8cf6d31f54 Merge branch fix-base64-arithmetic-overflows
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-02 09:15:05 +00:00
Simon Butcher 0289920d12 Merge branch mbedtls-1.3-fix-arithmetic-overflows
Fix potential integer overflows in the following functions:

 * mbedtls_md2_update()
 * mbedtls_cipher_update()
 * mbedtls_ctr_drbg_reseed()

This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-01 21:46:47 +00:00
Andres Amaya Garcia f1d52d08ea Merge pull request #780 from sbutcher-arm/openssl-link-lib-fix
Adds dl link library to OpenSSL example builds
2017-02-01 13:55:15 +00:00
Simon Butcher 40d8cc7181 Adds dl link library to OpenSSL example builds
The example o_p_test uses OpenSSL. On some platforms that fails to build
unless the dl library is included as a static link library.
2017-02-01 12:38:44 +00:00
Andres AG 67c6df4a8a Add test for infinite loop in CRL parse 2017-01-19 17:16:47 +00:00
Andres AG e567101f6b Fix CRL parsing to avoid infinite loop
This patch modifies the function mbedtls_x509_crl_parse() to ensure
that a CRL in PEM format with trailing characters after the footer does
not result in the execution of an infinite loop.
2017-01-19 16:57:16 +00:00
Andres AG 3e3698ca30 Fix integer overflow in mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-01-18 17:30:29 +00:00
Andres Amaya Garcia 593e8b2793 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-01-18 13:56:58 +00:00
Andres AG f0a401f080 Fix unused variable/function compilation warnings
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
POLARSSL_PEM_PARSE_C.
2016-12-07 16:11:17 +00:00
Andres AG fada2e9f3e Add tests for overreads in pem_read_buffer() 2016-11-21 11:34:55 +00:00
Andres AG d3cbc15951 Fix buffer overreads in mbedtls_pem_read_buffer() 2016-11-21 11:25:17 +00:00
Simon B a697bf503a Fix for MSVC Compiler warnings
Fixes Microsoft Visual C compiler warnings in multiple files. All issues
with type mismatches.
2016-11-10 15:40:53 +00:00
Simon Butcher c1d54bb7b2 Update library version to 1.3.18 2016-10-17 23:40:14 +01:00
Simon Butcher 2d0ffbbdc7 Fix integration of bugfix for #626
Adds check for validity of date in x509_get_time() back in, as it was
lost in the merge.
2016-10-17 22:41:54 +01:00
Simon Butcher 2261f198ee Merge branch 'mbedtls-1.3' 2016-10-17 16:09:06 +01:00
Simon Butcher 91fa80430d Merge branch 'mbedtls-1.3' 2016-10-17 16:05:55 +01:00
Simon Butcher 000d94d67a Merge branch 'mbedtls-1.3'
Conflicts:
	ChangeLog
2016-10-17 16:05:09 +01:00
Simon Butcher fd8d7991a0 Tidied up style and phrasing of ChangeLog 2016-10-16 00:48:37 +01:00
Simon Butcher 123fb027dd Update all.sh test script
Various fixes to the all.sh script.
 * support for two different versions of OpenSSL and GNUTLS, to allow testing of
   legacy features, deprecated but not yet removed in the library.
 * additional test builds for server only and client only builds
 * removed error redirection on armcc to allow build errors to be output
 * added tools checking, to ensure the absence of a tool will cause a failure, rather
   than silently failing to execute a test
 * added test for out of tree cmake builds
2016-10-15 22:35:06 +01:00