Commit graph

1808 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard cf1db3cf1c Fix spurious #endif from previous cherry-pick 2015-10-05 14:57:01 +01:00
Manuel Pégourié-Gonnard 20607bb0fa Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 14:28:17 +01:00
Manuel Pégourié-Gonnard 614624790d Fix compile error in net.c with musl libc
fixes #278
2015-10-05 14:15:46 +01:00
Manuel Pégourié-Gonnard de9c8a5734 Fix potential overflow in CertificateRequest 2015-10-02 12:04:20 +02:00
Manuel Pégourié-Gonnard f3e6e4badb Add extra check before integer conversion
end < p should never happen, but just be extra sure
2015-10-02 09:53:52 +02:00
Manuel Pégourié-Gonnard 48ec2c7b5e Fix potential overflow in base64_encode 2015-10-01 10:07:28 +02:00
Manuel Pégourié-Gonnard 5aff029f9d Fix potential double-free in ssl_set_psk() 2015-10-01 09:58:50 +02:00
Simon Butcher 643a922c56 Reordered extension fields and added to ChangeLog
Reordered the transmission sequence of TLS extension fields in client hello
and added to ChangeLog.
2015-10-01 01:17:10 +01:00
Simon Butcher b1e325d6b2 Added bounds checking for TLS extensions
IOTSSL-478 - Added checks to prevent buffer overflows.
2015-10-01 00:24:36 +01:00
Manuel Pégourié-Gonnard 9bf29bee22 Fix potential random malloc in pem_read() 2015-09-30 17:01:35 +02:00
Manuel Pégourié-Gonnard 59efb6a1b9 Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-30 16:50:31 +02:00
Manuel Pégourié-Gonnard 7b4b2ac378 Fix stack buffer overflow in pkcs12 2015-09-30 16:46:07 +02:00
Simon Butcher c988f32add Added max length checking of hostname 2015-09-29 23:27:20 +01:00
Manuel Pégourié-Gonnard df048c59cf Bump version to 1.3.13 2015-09-17 11:53:14 +02:00
Manuel Pégourié-Gonnard a701d2f5e9 Fix bug in server parsing point formats extension
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15

Backport of f7022d1
2015-09-17 11:46:56 +02:00
Manuel Pégourié-Gonnard a1cdcd2364 Add counter-measure against RSA-CRT attack
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

backport of 5f50104
2015-09-09 12:23:47 +02:00
Manuel Pégourié-Gonnard bb564e0fb4 Fix possible client crash on API misuse 2015-09-03 10:44:32 +02:00
Manuel Pégourié-Gonnard 1c38550bbd Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

see #220

backport of fdbdd72
2015-09-01 18:34:15 +02:00
Manuel Pégourié-Gonnard 6512554f42 Fix handling of long PSK identities
backport from c3b5d83

see #238
2015-08-31 11:43:47 +02:00
Manuel Pégourié-Gonnard e217ceea38 Fix warning with MD/SHA ALT implementation
backport of 8b2641d

see #239
2015-08-31 11:22:47 +02:00
Manuel Pégourié-Gonnard a67fd79e8f Fix -Wshadow warnings
Backport of ea35666 and 824ba72

see #240
2015-08-31 11:07:51 +02:00
Manuel Pégourié-Gonnard 5efed09c5f Fix possible unlock before lock in RSA
Backport of 1385a28 and 4d04cdc

see #257
2015-08-31 10:21:10 +02:00
Manuel Pégourié-Gonnard 3a5ee1c411 Increase tolerance of timing selftest
Forgot to move that one to 20% in previous commit
2015-08-19 14:48:34 +02:00
Manuel Pégourié-Gonnard 25f44a6020 Relax timing_self_test for windows idiosyncrasies
Also widen accepted error to +/- 20 % while at it
2015-08-19 10:22:54 +02:00
Paul Bakker 3edec6c4ed Prepare for 1.3.12 release 2015-08-11 13:22:10 +01:00
Manuel Pégourié-Gonnard 705de2f98d Revert "Avoid formatting debug message uselessly"
This reverts commit 925a72628b.

Reason: introduced an ABI change in the maintenance branch.
2015-08-10 17:36:47 +02:00
Manuel Pégourié-Gonnard b5d77d3fd9 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
2015-08-10 12:01:50 +02:00
Manuel Pégourié-Gonnard 1b1254fa05 Fix missing -static-libgcc when building dlls 2015-08-10 11:56:54 +02:00
Manuel Pégourié-Gonnard 3ab7b96f35 Make hardclock selftest optional 2015-07-06 17:17:55 +02:00
Manuel Pégourié-Gonnard f0f399d66c Up default server DHM size to 2048 bits 2015-07-03 17:45:57 +02:00
Manuel Pégourié-Gonnard 56e245d959 Only do dynamic alloc when necessary 2015-06-29 19:52:44 +02:00
Manuel Pégourié-Gonnard 925a72628b Avoid formatting debug message uselessly 2015-06-29 19:47:17 +02:00
Manuel Pégourié-Gonnard 9ea1b23cc4 Up min size of DHM params to 1024 bits on client 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard 6c3ccf5fd0 Fix thread-safety issue in debug.c
Closes #203
2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard 8e8ae3d961 Fix potential NULL dereference on bad usage 2015-06-23 18:57:28 +02:00
Manuel Pégourié-Gonnard b26b75e17b Clean up RSA PMS checking code 2015-06-23 18:52:09 +02:00
Paul Bakker 19eef51487 Prepare for 1.3.11 release 2015-06-04 14:49:19 +02:00
Manuel Pégourié-Gonnard dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
ptahpeteh 249bece013 Fix compile bug: incompatible declaration of polarssl_exit in platform.c
This causes a compile-time error: 

platform.c(157): error:  #147: declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h")
2015-06-02 15:26:09 +02:00
Manuel Pégourié-Gonnard 468b06dab0 Merge remote-tracking branch 'ptahpeteh/patch-1' into mbedtls-1.3
* ptahpeteh/patch-1:
  Serious bug fix in entropy.c
2015-06-02 09:03:06 +01:00
ptahpeteh 638fa0bb0f Serious bug fix in entropy.c
Bug: mutex access within entropy_contex after it has been zeroed leads to app crash.
2015-06-01 12:28:29 +02:00
Manuel Pégourié-Gonnard 61977614d8 Fix memleak with repeated [gc]cm_setkey() 2015-05-27 17:40:16 +02:00
Nicholas Wilson bc07c3a1f0 fix minor bug in path_cnt checks
If the top certificate occurs twice in trust_ca (for example) it would
not be good for the second instance to be checked with check_path_cnt
reduced twice!
2015-05-13 10:40:30 +01:00
Manuel Pégourié-Gonnard 48647b9255 Merge remote-tracking branch 'nw/misc' into mbedtls-1.3
* nw/misc:
  Typos and doc additions
2015-05-12 12:48:12 +02:00
Manuel Pégourié-Gonnard 7010e4688f Merge remote-tracking branch 'peterdettman/perf-ecp-double-jac' into mbedtls-1.3
* peterdettman/perf-ecp-double-jac:
  Perf: rewrite of ecp_double_jac
2015-05-11 20:26:47 +02:00
Nicholas Wilson d0fa5ccbb0 Typos and doc additions 2015-05-11 10:44:11 +01:00
Manuel Pégourié-Gonnard 159c524df8 Fix undefined behaviour in x509 2015-04-30 11:21:18 +02:00
Manuel Pégourié-Gonnard 7d1e95c991 Add countermeasure against cache-based lucky 13 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard e16b62c3a9 Make results of (ext)KeyUsage accessible 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard 770b5e1e9e Fix missing NULL check in MPI 2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard d97828e7af Fix detection of getrandom() 2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard 39a183a629 Add x509_crt_verify_info() 2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard a2fce21ae5 Fix potential NULL dereference on bad usage 2015-04-15 21:04:19 +02:00
Manuel Pégourié-Gonnard ce60fbeb30 Fix potential timing difference with RSA PMS 2015-04-15 16:56:28 +02:00
Manuel Pégourié-Gonnard aac657a1d3 Merge remote-tracking branch 'pj/development' into mbedtls-1.3
* pj/development:
  Added more constant-time code and removed biases in the prime number generation routines.
2015-04-15 14:12:59 +02:00
Daniel Kahn Gillmor 2ed81733a6 accept PKCS#3 DH parameters with privateValueLength included
library/dhm.c: accept (and ignore) optional privateValueLength for
PKCS#3 DH parameters.

PKCS#3 defines the ASN.1 encoding of a DH parameter set like this:

----------------
DHParameter ::= SEQUENCE {
  prime INTEGER, -- p
  base INTEGER, -- g
  privateValueLength INTEGER OPTIONAL }

The fields of type DHParameter have the following meanings:

     o    prime is the prime p.

     o    base is the base g.

     o    privateValueLength is the optional private-value
          length l.
----------------

See: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc

This optional parameter was added in PKCS#3 version 1.4, released
November 1, 1993.

dhm.c currently doesn't cope well with PKCS#3 files that have this
optional final parameter included. i see errors like:

------------
dhm_parse_dhmfile returned -0x33E6

Last error was: -0x33E6 - DHM - The ASN.1 data is not formatted correctly : ASN1 - Actual length differs from expected lengt
------------

You can generate PKCS#3 files with this final parameter with recent
versions of certtool from GnuTLS:

 certtool --generate-dh-params > dh.pem
2015-04-15 13:27:13 +02:00
Manuel Pégourié-Gonnard e6c8366b46 Fix bug in pk_parse_key() 2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard dbd60f72b1 Update generated file 2015-04-09 16:35:54 +02:00
Manuel Pégourié-Gonnard 29f777ef54 Fix bug with ssl_set_curves() check on client 2015-04-03 17:57:59 +02:00
Manuel Pégourié-Gonnard 32a7fe3fec Fix bug in POLARSSL_PLATFORM_STD_EXIT support 2015-04-03 17:56:30 +02:00
Manuel Pégourié-Gonnard cf201201e6 Fix bug in Via Padlock support 2015-04-02 10:53:59 +01:00
Manuel Pégourié-Gonnard 88fca3ef0e Fix thread safety issue in RSA operations
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).

The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.

A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
2015-03-27 15:12:05 +01:00
Manuel Pégourié-Gonnard 9409e0cea2 Add support for X.520 uniqueIdentifier 2015-03-27 13:03:54 +01:00
Manuel Pégourié-Gonnard dd5dbcae90 Accept bitstrings in X.509 names 2015-03-27 13:03:09 +01:00
Manuel Pégourié-Gonnard bf8f7febd8 Update generated file 2015-03-23 14:24:06 +01:00
Manuel Pégourié-Gonnard c70581c272 Add POLARSSL_DEPRECATED_{WARNING,REMOVED} 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard 85b6600ab2 Suppress clang warning we don't want 2015-03-23 12:03:49 +01:00
Manuel Pégourié-Gonnard 9395298d12 Fix use of deprecated function in the library 2015-03-20 18:23:52 +00:00
Manuel Pégourié-Gonnard 71432849ed Use proper doxygen markup to mark deprecations 2015-03-20 17:26:50 +00:00
Alon Bar-Lev f7a9f30348 build: Makefile: cleanup CFLAGS
CFLAGS are reserved for external interaction via make variable, the
following should work:

$ make CFLAGS="-O3"
$ CFLAGS="-O3" make

1. Move internal flags to LOCAL_CFLAGS
2. Respect external CFLAGS
3. CFLAGS should be last compiler flags.
4. Default CFLAGS is -O optimization, remove OFLAGS.
5. Add WARNING_CFLAGS to control warning setting and enable to remove
   if compiler does not support flags.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Alon Bar-Lev ada4105ba2 build: Makefile: cleanup LDFLAGS
LDFLAGS are reserved for external interaction via make variable, the
following should work:

$ make LDFLAGS="-L/xxx"
$ LDFLAGS="-L/xxx" make

1. Move internal flags to LOCAL_LDFLAGS
2. Respect external LDFLAGS
3. LDFLAGS should be last linkage flags.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Pascal Junod b99183dfc6 Added more constant-time code and removed biases in the prime number generation routines. 2015-03-11 16:49:45 +01:00
Manuel Pégourié-Gonnard 28122e4329 Add missing 'const' on selftest data 2015-03-11 09:13:42 +00:00
Manuel Pégourié-Gonnard 51bccd3889 Fix compile error with renego disabled 2015-03-10 16:09:08 +00:00
Manuel Pégourié-Gonnard 73ed39d4b1 Remove slow PKCS5 test 2015-03-10 15:59:22 +00:00
Manuel Pégourié-Gonnard f427f8854a Stop checking key-cert match systematically 2015-03-10 15:35:29 +00:00
Manuel Pégourié-Gonnard fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard 1dd1674559 Move private macro from header to C file 2015-03-06 12:01:27 +00:00
Manuel Pégourié-Gonnard 385069f17d Add some missing 'static' on a few objects 2015-03-06 12:01:27 +00:00
Manuel Pégourié-Gonnard 02ba5785bf Fix -fPIC when cross-compiling to windows 2015-02-18 13:42:26 +00:00
Manuel Pégourié-Gonnard f7db5e0a4a Avoid possible dangling pointers
If the allocation fails, we don't really want ssl->in_ctr = 8 lying around.
2015-02-18 10:32:41 +00:00
Manuel Pégourié-Gonnard f45850c493 Fix the fix to ssl_set_psk()
- possible for the first malloc to fail and the second to succeed
- missing = NULL assignment
2015-02-18 10:23:52 +00:00
Manuel Pégourié-Gonnard ac08b543db Merge remote-tracking branch 'rasp/mem-leak' into development
* rasp/mem-leak:
  Fix another potential memory leak found by find-mem-leak.cocci.
  Add a rule for another type of memory leak to find-mem-leak.cocci.
  Fix a potential memory leak found by find-mem-leak.cocci.
  Add a semantic patch to find potential memory leaks.
  Fix whitespace of 369e6c20.
  Apply the semantic patch rm-malloc-cast.cocci.
  Add a semantic patch to remove casts of malloc.

Conflicts:
	programs/ssl/ssl_server2.c
2015-02-18 10:07:22 +00:00
Mansour Moufid f81088bb80 Fix a potential memory leak found by find-mem-leak.cocci. 2015-02-17 13:10:21 -05:00
Manuel Pégourié-Gonnard 981732bb8e Fix missing/misplaced #include's 2015-02-17 15:47:31 +00:00
Manuel Pégourié-Gonnard 491a3fe057 Fix compile error in memory_buffer_alloc_selftest 2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard 0da7b040d1 Rm usunused member in private struct 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard 50da0482e0 Add heap usage for PK in benchmark 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard b8ca723154 Only define mode_func if mode is enabled (CBC etc) 2015-02-16 17:23:59 +00:00
Manuel Pégourié-Gonnard a2424a045a PKCS8 encrypted key depend on PKCS5 or PKCS12 2015-02-16 17:22:47 +00:00
Manuel Pégourié-Gonnard aff2976d10 Merge branch 'build' into development
* build:
  build: make: support windows cross compile
2015-02-16 15:26:09 +00:00
Manuel Pégourié-Gonnard 09eb14c01e Revert "Require unix-utils in path for windows make"
This reverts commit 5d46cca09a.

In preparation of merging an external contribution that superseedes this

Conflicts:
	ChangeLog
2015-02-16 15:25:31 +00:00
Manuel Pégourié-Gonnard f812054d00 Revert "Replace SONAME with SOVERSION in makefile"
This reverts commit 418080010a.

In preparation of merging one external contribution that supersedes this.
2015-02-16 15:24:17 +00:00
Mansour Moufid 99b9259f76 Fix whitespace of 369e6c20. 2015-02-16 10:43:52 +00:00
Mansour Moufid c531b4af3c Apply the semantic patch rm-malloc-cast.cocci.
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard d48bf6892c Write literal byte more clearly 2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard 85fadb749c Make loop bound more obvious
Helps static analyzers and does not decrease human readability.
2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard 6fdc4cae53 Fix potential signedness issue 2015-02-16 09:13:40 +00:00
Mansour Moufid bd1d44e251 Fix whitespace of 369e6c20. 2015-02-15 17:51:07 -05:00
Mansour Moufid 369e6c20b3 Apply the semantic patch rm-malloc-cast.cocci.
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
2015-02-15 17:49:11 -05:00