Commit graph

5210 commits

Author SHA1 Message Date
Simon Butcher a29c5e9e66 Add comment to integer overflow fix in base64.c
Adds clarifying comment to the integer overflow fix in base64.c
2017-02-15 23:31:07 +02:00
Andres AG 4623d83c6f Fix integer overflow mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Andres Amaya Garcia 6a54336897 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Andres AG 49d29337fa Add tests for overreads in pem_read_buffer() 2017-02-15 23:31:07 +02:00
Janos Follath 182013faf4 Prevent SLOTH attacks 2017-02-15 23:29:32 +02:00
Andres AG 0eced5aae5 Fix examples that failed to compile without PEM 2017-02-15 23:28:48 +02:00
Simon Butcher 2537f37faf Add clarification to the TLS renegotiation period
Expanded details on use of mbedtls_ssl_conf_renegotiation_period()
2017-02-15 23:28:48 +02:00
Simon Butcher a333b3c194 Add credit to Changelog for #562 2017-02-15 23:28:48 +02:00
Simon Butcher d57c8f0048 Clarify fix for #673 in Changelog
Clarified fix, and added credit.
2017-02-15 23:27:58 +02:00
Andres AG 13fb6e7271 Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-02-15 23:26:35 +02:00
Andres AG 2196c7f81c Fix renegotiation at incorrect times in DTLS
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-02-15 23:26:35 +02:00
Jaakko Korhonen 747fceb785 Fixed typo in ssl.h 2017-02-15 23:25:08 +02:00
Simon Butcher ba6aa63578 Fix all.sh test builds with recent glibc and clang
Fixes strict C99 builds in all.sh with glibc version >2.19 where platform support
wasn't being compiled in automatically.

Also fixes C99 syntax with armclang.
2017-02-15 23:25:08 +02:00
Simon Butcher 53716395b2 Clarify use of armcc in all.sh 2017-02-15 23:23:22 +02:00
Andres AG 0911f0880c Add -march argument to armc6 build tests 2017-02-15 23:23:22 +02:00
Andres AG 7f08d7a35a Modify output_env.sh to make it extensible 2017-02-15 23:23:22 +02:00
Andres AG 9e3fba09fd Add ARM Compiler 6 build tests to all.sh 2017-02-15 23:23:22 +02:00
Simon Butcher 880420adf0 Clarify CMAC API
Added additional text to cmac.h to make the API clearer.
2017-02-15 22:55:55 +02:00
Janos Follath 4c006cdb1c Update library version number to 2.4.1 2017-02-15 22:55:55 +02:00
Janos Follath 5da3a6f92f Update CMAC test vectors. 2017-02-15 22:55:30 +02:00
Andres AG c0db511820 Fix unused variable/function compilation warnings
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
2017-02-15 22:54:42 +02:00
Andres AG d15423446b Fix redefinition of macro ssl_set_bio
Fix redefinition of macro ssl_set_bio to undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h.
2017-02-15 22:51:24 +02:00
Simon B 8477d37ee6 Remove need for elevated command line in Windows
Changes use of mklink in Windows test builds, to create junctions instead of
directory symbolic links. This removes the need for an elevated command prompt
when running cmake to create the Visual Studio project files.
2017-02-15 09:08:26 +00:00
DSiekmeier d49a142c6f removed outdated comment 2017-02-15 09:08:26 +00:00
Simon Butcher 1e6f5ac127 Make mingw test build a requirement of all.sh
Changed the mingw test build to be a required test of the all.sh script.
2017-02-15 09:08:26 +00:00
Simon Butcher 4ae4fdcd99 Fix mingw test build to avoid executing the tests
Changed the mingw build target to avoid building mingw test suites and
then attempting to run them which was failing on Linux.
2017-02-15 09:08:26 +00:00
Simon Butcher e4ac5428f3 Fix formatting issues in net_sockets.c 2017-02-15 09:08:26 +00:00
Simon Butcher 36540ff741 Fix compiler warning in debug.c 2017-02-15 09:08:26 +00:00
Simon Butcher 9510cc1a18 Make the test builds much stricter for warnings
Tighten up the test options in all.sh, test-ref-configs.pl and curves.pl
to ensure the builds are strict for all warnings, warnings are treated
as errors, and that wherever possible builds are strict to the C99
standard. (Note that builds that use the Unix sockets API cannot be).
2017-02-15 09:08:26 +00:00
Jaakko Korhonen 244d243742 Fixed typo in README.md
Removed an extra e from agreement.
2017-02-15 09:08:26 +00:00
Andres AG 342889fdbe Remove unused var warnings in windows unittests 2017-02-15 09:08:26 +00:00
Simon B 24d9a4cf8d Fix config of compiler warning flags with MSVC
Compiler warnings were being configured twice and not suppressed on the
test suites with Microsoft Visual Studio.
2017-02-15 09:08:26 +00:00
Simon B 3c6b18df3a Fix various compiler warnings with MSVC
Fixes various compiler warnings found with Microsoft Visual Studio 2015
(and earlier versions).
2017-02-15 09:08:26 +00:00
Brian J Murray 1903fb312f Clarify Comments and Fix Typos (#651)
Fixes many typos, and errors in comments.

* Clarifies many comments
* Grammar correction in config.pl help text
* Removed comment about MBEDTLS_X509_EXT_NS_CERT_TYPE.
* Comment typo fix (Dont => Don't)
* Comment typo fix (assure => ensure)
* Comment typo fix (byes => bytes)
* Added citation for quoted standard
* Comment typo fix (one complement => 1's complement)

The is some debate about whether to prefer "one's complement",  "ones'
complement", or "1's complement".  The more recent RFCs related to TLS
(RFC 6347,  RFC 4347, etc) use " 1's complement", so I followed that
convention.

* Added missing ")" in comment
* Comment alignment
* Incorrect comment after #endif
2017-02-15 09:08:26 +00:00
Simon Butcher e8bfbe2f5b Fix multiple erroneously named source files in comments
This fixes many incorrect references to filenames in the comments in config.h.
2017-02-15 09:08:26 +00:00
Andres AG b9d3db68c6 Use MAKEFLAGS to pass args to make in all.sh
Modify the script at tests/scripts/all.sh to export the variable
MAKEFLAGS with -j if it was not set before. This should decrease the
total runtime of tests/scripts/all.sh by letting make run multiple jobs
in parallel. Also, add a check at the top of the script to cause a
failure if the environment is not Linux.
2017-02-15 09:08:26 +00:00
Simon Butcher fe2d53f440 Add detail to ChangeLog for SLOTH fix 2017-02-08 12:05:03 +00:00
Simon Butcher 410bc115ec Add comment to integer overflow fix in base64.c
Adds clarifying comment to the integer overflow fix in base64.c
2017-02-08 12:04:27 +00:00
Andres AG cde8035e57 Fix integer overflow mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-08 12:04:27 +00:00
Andres Amaya Garcia f7cf56fa45 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-08 12:04:24 +00:00
Andres AG f535662894 Add tests for overreads in pem_read_buffer() 2017-02-08 12:03:46 +00:00
Janos Follath bcb0c4c98c Prevent SLOTH attacks 2017-02-08 12:03:41 +00:00
Andres AG 7df03916e1 Fix buffer overreads in mbedtls_pem_read_buffer() 2017-02-08 10:35:40 +00:00
Andres AG 1a6e9c30f1 Add porting information to the main README 2017-02-06 16:53:30 +00:00
Andres AG cef21e4cd9 Fix examples that failed to compile without PEM 2017-02-04 22:59:46 +00:00
Simon Butcher ee75b9b417 Add clarification to the TLS renegotiation period
Expanded details on use of mbedtls_ssl_conf_renegotiation_period()
2017-02-03 00:21:28 +00:00
Simon Butcher 1d4db5b7b5 Merge 'iotssl-1099-incorrect-renego-dtls'
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-02-02 23:47:08 +00:00
Simon Butcher d9440b15e6 Add credit to Changelog for #562 2017-02-02 16:17:37 +00:00
Simon Butcher d934b5371a Merge 'iotssl-952-tfirmware-warnings'
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
2017-02-02 16:08:29 +00:00
Simon Butcher a90f6bd657 Merge PR #737 - type in ssl.h 2017-02-02 15:32:47 +00:00