Commit graph

4159 commits

Author SHA1 Message Date
Simon Butcher 0fc94e9f83 Revised bounds checking on TLS extensions
Revisions following review feedback
2015-09-28 20:52:04 +01:00
Simon Butcher 9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Manuel Pégourié-Gonnard d02a1daca7 Fix stack buffer overflow in pkcs12 2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard 24417f06fe Fix potential double-free in mbedtls_ssl_conf_psk() 2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard 58fb49531d Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-28 15:59:54 +02:00
Simon Butcher ed9976634f Added bounds checking for TLS extensions
IOTSSL-478 - Added checks to prevent buffer overflows.
2015-09-28 02:14:30 +01:00
Simon Butcher 89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras 588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard f592e8eaf6 Update yotta dependency version
We've had a bit of a race between us adapting to changes in 0.3.x and the
sockets author reverting those changes in the 0.3.x line and pushing them to
0.4.0. Let's use the newest and greatest sockets :)
2015-09-22 15:04:07 +02:00
Simon Butcher 8f98842e38 Refined credits in ChangeLog for fuzzing issue
Changed GDS to Gotham Digital Science
2015-09-22 10:10:36 +01:00
Manuel Pégourié-Gonnard 2f056a0aee Try to run yotta update for yotta build test
But accept failures in case we're offline
2015-09-18 14:37:54 +02:00
Manuel Pégourié-Gonnard ca4fb7154a Fix mbed examples after minar upgrade 2015-09-18 14:36:57 +02:00
Manuel Pégourié-Gonnard 8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher 22b294132d Merge pull request #294 from ARMmbed/development-restricted
Merge restricted topic branch
2015-09-16 23:59:52 +01:00
Simon Butcher ac58c53ab1 Merge remote-tracking branch 'origin/development' 2015-09-16 23:25:25 +01:00
Simon Butcher 7dd82f8fd5 Merge branch 'development' with bugfix branch
Conflicts:
	ChangeLog
2015-09-16 16:21:38 +01:00
Simon Butcher 9aa72188dd Merge branch 'bugfix' into development 2015-09-16 16:19:45 +01:00
Simon Butcher ea4b76d54a Merge pull request #273 from ARMmbed/iotssl-411-port-reuse
Iotssl 411 port reuse
2015-09-16 15:53:06 +01:00
Simon Butcher 5793e7ef01 Merge 'development' into iotssl-411-port-reuse
Conflicts:
	ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard f7022d1131 Fix bug in server parsing point formats extension
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Pascal Bach 5e4c206b77 Make config check include for configs examples more consistent
This way all config examples work when used like described in the README.
2015-09-15 21:38:12 +02:00
Manuel Pégourié-Gonnard ea5370d4a2 Don't allow reconnect during handshake
Especially for resumed handshake, it's entirely possible for an epoch=0
ClientHello to be retransmitted or arrive so late that the server is already
at epoch=1. There is no good way to detect whether it's that or a reconnect.

However:
- a late ClientHello seems more likely that client going down and then up
  again in the middle of a handshake
- even if that's the case, we'll time out on that handshake soon enough
- we don't want to break handshake flows that used to work
So the safest option is to not treat that as a reconnect.
2015-09-15 15:17:54 +02:00
Manuel Pégourié-Gonnard 6ad23b9855 Make failing test more robust
Let the client retry longer, to make sure the server will time out before the
client gives up. Make it really longer to get a deterministic client exit
status (make sure it has time to reconnect after the server timeout).
2015-09-15 12:57:46 +02:00
Simon Butcher a1a1128f7d Updated ChangeLog for fix #275 2015-09-14 21:30:40 +01:00
Simon Butcher 520d3b81ad Merge pull request #289 from quartzjer/development
Corrections to typos in README.md
2015-09-14 20:03:19 +01:00
Simon Butcher 49641ad799 Merge pull request #275 from embedthis/fix-1
FIX: compiler warning with recvfrom on 64-bit
2015-09-14 19:59:28 +01:00
Jeremie Miller c57556e52a tiny spelling fixes 2015-09-12 09:57:23 -06:00
Simon Butcher d69f14bed8 Updated Changelog for new version 2015-09-11 20:00:20 +01:00
Simon Butcher 8a52a7468d Added PR to Changelog for NWilson 2015-09-11 19:44:34 +01:00
Simon Butcher 835faec899 Merge branch 'NWilson-const_profile' 2015-09-11 19:27:08 +01:00
Simon Butcher d0bf6a3891 Update ssl_tls.c
Clarification in comments
2015-09-11 17:34:49 +01:00
Simon Butcher 74ca8d07ad Update ssl_tls.c
Clarification in comments to ssl_handle_possible_reconnect()
2015-09-11 17:22:40 +01:00
Simon Butcher 0789aed39d Update ssl_tls.c
Typo
2015-09-11 17:15:17 +01:00
Simon Butcher 1a57af1607 Update ssl.h
Typo
2015-09-11 17:14:16 +01:00
Simon Butcher 4f6882a8a3 Update config.h
Typo in RFC x-ref comment.
2015-09-11 17:12:46 +01:00
Embedthis Software a25cab8bea FIX: compiler warning with recvfrom on 64-bit 2015-09-09 08:49:48 -07:00
Manuel Pégourié-Gonnard a6b95f01cc Print I/O buffer size in memory.sh 2015-09-09 13:51:05 +02:00
Manuel Pégourié-Gonnard ddfe5d20d1 Tune dependencies
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard c2ed8029ff Fix ChangeLog - misplaced entries 2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard 2ed05a049a Fix typos 2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard ab05d23b29 Update generated file 2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard 259db91023 Add test without cookies
Tune existing tests while at it
2015-09-09 11:48:45 +02:00
Manuel Pégourié-Gonnard 22311ae62e Improve help message of ssl_*2.c 2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard 62c74bb78a Stop wasting resources
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
Nicholas Wilson 2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard 222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard 3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard 14c2574a9d Update Changelog 2015-09-08 15:12:45 +02:00
Simon Butcher e5a21b4493 Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard 5f50104c52 Add counter-measure against RSA-CRT attack
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00