Commit graph

1346 commits

Author SHA1 Message Date
Ron Eldor 8ab0595538 Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-27 21:44:33 +01:00
Ron Eldor 5a21fd62bf fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia 92fcfe2933 Add ChangeLog entry for config-no-entropy.h change 2017-07-27 21:44:32 +01:00
Janos Follath bfea4a7c02 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-27 21:44:32 +01:00
Simon Butcher ab0a8042f4 Fix merge errors in ChangeLog 2017-07-26 17:25:55 +01:00
Andres AG 642ea1f399 Prevent signed integer overflow in CSR parsing
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-26 17:19:59 +01:00
Andres AG 487b7a9efc Fix potential integer overflow parsing DER CRT
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-26 17:13:03 +01:00
Andres AG 853c46c8d3 Fix potential integer overflow parsing DER CRL
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-26 12:07:26 +01:00
Hanno Becker 01a0e07e9d Correct indentation and labelling in ChangeLog 2017-07-26 11:49:40 +01:00
Simon Butcher de1586799d Added missing credit to Changelog and format fixes 2017-07-22 11:56:20 +02:00
Ron Eldor e6ec1d2d44 Check return code of mbedtls_mpi_fill_random
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-22 11:56:20 +02:00
Ron Eldor 8a26de6d99 Resource leak fix on windows platform
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-22 11:56:20 +02:00
Ron Eldor 237ab35b4a Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-22 11:56:20 +02:00
Ron Eldor 537e2e9bb3 fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-22 11:56:20 +02:00
Janos Follath 3422ddfa4c Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-22 11:55:39 +02:00
Andres Amaya Garcia de2e70431f Remove MBEDTLS_TYPE_UDBL option 2017-07-22 11:53:56 +02:00
Gilles Peskine 9a9adcd6aa MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia 05d9535c90 Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-22 11:53:56 +02:00
Janos Follath 745bcf454f Fix typos 2017-07-21 14:04:31 +01:00
Simon Butcher 8d65f95901 Correct order of sections in the ChangeLog 2017-07-21 02:15:14 +02:00
Ron Eldor e1b2f6bd33 Check return code of mbedtls_mpi_fill_random
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-21 02:14:08 +02:00
Ron Eldor 45778acf85 Resource leak fix on windows platform
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-21 02:14:07 +02:00
Ron Eldor 8c50e72a0a Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-21 02:14:07 +02:00
Ron Eldor 49406c8978 fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-21 02:14:07 +02:00
Janos Follath 1d74c41a49 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-21 02:14:07 +02:00
Andres Amaya Garcia f92e5d5dbc Fix typo in ChangeLog and update macro name 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia 849811c9cc Modify ChangeLog according to API changes 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia ab8b624fd5 Add ChangeLog entry for platform setup and teardown 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia 8798a10ff0 Update ChangeLog entry as ssl_tls.c needs fixing 2017-07-20 14:46:23 +01:00
Simon Butcher 75c0c814e4 Update Changelog for API/ABI fixes to revert interface 2017-07-20 12:36:53 +02:00
Ron Eldor 7875b24287 Check return code of mbedtls_mpi_fill_random
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-20 01:23:32 +02:00
Ron Eldor eba5dabc61 Resource leak fix on windows platform
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-20 01:02:40 +02:00
Ron Eldor 85bdcf8c16 Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-20 00:44:57 +02:00
Ron Eldor e1b92fee55 fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:11:24 +02:00
Andres Amaya Garcia 6f45598d32 Add ChangeLog entry for config-no-entropy.h change 2017-07-19 12:24:45 +01:00
Janos Follath a9e775efe4 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-19 02:07:59 +01:00
Andres Amaya Garcia d48ba2b336 Improve ChangeLog entry 2017-07-06 17:17:43 +01:00
Manuel Pégourié-Gonnard ee98109af5 Add ChangeLog entry for the security issue 2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard 31458a1878 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard d15795acd5 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-06 11:58:41 +02:00
Andres Amaya Garcia 364051ff57 Add ChangeLog entry for buf zeroize 2017-07-05 15:40:17 +01:00
Andres Amaya Garcia f01a644aac Add ChangeLog entry 2017-07-03 16:00:59 +01:00
Andres Amaya Garcia 79ae065117 Add ChangeLog entry for IAR compilation warnings 2017-06-27 16:37:40 +01:00
Simon Butcher f2a597fa3d Update the version number to 2.5.1 2017-06-20 23:08:10 +01:00
Janos Follath 5a1c0e7162 Improve Changelog 2017-06-16 12:27:47 +01:00
Manuel Pégourié-Gonnard 4a42f3c405 Merge remote-tracking branch 'restricted/iotssl-1398' into development-restricted
* restricted/iotssl-1398:
  Add ChangeLog entry
  Ensure application data records are not kept when fully processed
  Add hard assertion to mbedtls_ssl_read_record_layer
  Fix mbedtls_ssl_read
  Simplify retaining of messages for future processing
2017-06-09 15:02:40 +02:00
Manuel Pégourié-Gonnard a8e5a4730d Merge near-duplicate ChangeLog entries
As agreed with Gilles on the PR discussion page
2017-06-09 14:46:50 +02:00
Hanno Becker bf4c2e3f79 Add ChangeLog entry 2017-06-09 11:28:45 +01:00
Manuel Pégourié-Gonnard 740665e43b ChangeLog cosmetics 2017-06-08 20:37:30 +02:00
Manuel Pégourié-Gonnard b86b143030 Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted
* restricted/iotssl-1138-rsa-padding-check-restricted:
  RSA PKCS1v1.5 verification: check padding length
2017-06-08 20:31:06 +02:00
Manuel Pégourié-Gonnard a0bf6ecfc3 Merge remote-tracking branch 'restricted/IOTSSL-1366/development-restricted' into development-restricted
* restricted/IOTSSL-1366/development-restricted:
  More length checks in RSA PKCS1v15 verify
  More length checks in RSA PKCS1v15 verify
2017-06-08 20:24:29 +02:00
Manuel Pégourié-Gonnard db108ac944 Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development
* hanno/mpi_read_file_underflow:
  Fix potential stack underflow in mpi_read_file.
2017-06-08 19:48:03 +02:00
Manuel Pégourié-Gonnard 1178ac5e77 Merge remote-tracking branch 'hanno/sliding_exponentiation' into development
* hanno/sliding_exponentiation:
  Adapt ChangeLog
  Abort modular inversion when modulus is one.
  Correct sign in modular exponentiation algorithm.
2017-06-08 19:46:30 +02:00
Manuel Pégourié-Gonnard c44c3c288d Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development
* janos/iotssl-1156-ecdsa-sample-and-doc-clarification:
  Clarify the use of ECDSA API
2017-06-08 10:16:54 +02:00
Hanno Becker 39ae8cd207 Fix implementation of VERIFY_OPTIONAL verification mode
This commit changes the behaviour of mbedtls_ssl_parse_certificate
to make the two authentication modes MBEDTLS_SSL_VERIFY_REQUIRED and
MBEDTLS_SSL_VERIFY_OPTIONAL be in the following relationship:

    Mode == MBEDTLS_SSL_VERIFY_REQUIRED
<=> Mode == MBEDTLS_SSL_VERIFY_OPTIONAL + check verify result

Also, it changes the behaviour to perform the certificate chain
verification even if the trusted CA chain is empty. Previously, the
function failed in this case, even when using optional verification,
which was brought up in #864.
2017-06-07 11:13:19 +01:00
Manuel Pégourié-Gonnard ddc6e52cc1 Merge remote-tracking branch 'gilles/iotssl-1223/development' into development
* gilles/iotssl-1223/development:
  Fix FALLBACK_SCSV parsing
2017-06-06 20:11:36 +02:00
Manuel Pégourié-Gonnard 383a118338 Merge remote-tracking branch 'gilles/IOTSSL-1330/development' into development
* gilles/IOTSSL-1330/development:
  Changelog entry for the bug fixes
  SSLv3: when refusing renegotiation, stop processing
  Ignore failures when sending fatal alerts
  Cleaned up double variable declaration
  Code portability fix
  Added changelog entry
  Send TLS alerts in many more cases
  Skip all non-executables in run-test-suites.pl
  SSL tests: server requires auth, client has no certificate
  Balanced braces across preprocessor conditionals
  Support setting the ports on the command line
2017-06-06 19:22:41 +02:00
Gilles Peskine 5d2511c4d4 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 18:44:14 +02:00
Gilles Peskine 5e79cb3662 Remove SHA-1 in TLS by default
Default to forbidding the use of SHA-1 in TLS where it is unsafe: for
certificate signing, and as the signature hash algorithm for the TLS
1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the
XXX_SHA ciphersuites and in the PRF for TLS <= 1.1.

For easy backward compatibility for use in controlled environments,
turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.
2017-06-06 18:44:13 +02:00
Manuel Pégourié-Gonnard 23b33f8663 Merge remote-tracking branch 'hanno/sig_hash_compatibility' into development
* hanno/sig_hash_compatibility:
  Improve documentation
  Split long lines
  Remember suitable hash function for any signature algorithm.
  Introduce macros and functions to characterize certain ciphersuites.
2017-06-06 18:14:57 +02:00
Hanno Becker eccf60caab Adapt ChangeLog 2017-06-05 15:19:01 +01:00
Andres AG 51a7ae1353 Add missing ret code checks in PEM module
Add missing return code checks in the functions pem_des_decrypt(),
pem_3des_decrypt() and pem_aes_decrypt() so that the calling function
mbedtls_pem_read_buffer() is notified of errors reported by the crypto
primitives AES, DES and 3DES.
2017-05-30 16:40:36 +01:00
Gilles Peskine d50177fdf3 Fix FALLBACK_SCSV parsing
Fixed a bug in ssl_srv.c when parsing TLS_FALLBACK_SCSV in the
ciphersuite list that caused it to miss it sometimes. Reported by Hugo
Leisink as issue #810. Fix initially by @andreasag01; this commit
isolates the bug fix and adds a non-regression test.
2017-05-16 17:53:03 +02:00
Simon Butcher 9f77017a8d Updated version number to 2.5.0 2017-05-16 10:22:37 +01:00
Andres AG f5bf7189d3 Change return type of AES decrypt and encrypt
This patch modifies the following 2 functions in the AES module to
change the return type from void to int:
    * mbedtls_aes_encrypt() -> mbedtls_internal_aes_encrypt()
    * mbedtls_aes_decrypt() -> mbedtls_internal_aes_decrypt()
This change is necessary to allow users of MBEDTLS_AES_ALT,
MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT to return an error
code when replacing the default with their own implementation, e.g.
a hardware crypto accelerator.
2017-05-16 10:22:37 +01:00
Janos Follath 2850cdaed9 Add Changelog entry for RSA exponent blinding 2017-05-16 10:22:37 +01:00
Janos Follath c66e5596ba Add Changelog entry for CA list suppression 2017-05-16 10:22:37 +01:00
Andres Amaya Garcia 46fe17ecf2 Remove obsolete macros from compat-1.3.h 2017-05-16 10:22:37 +01:00
Gilles Peskine 4a7f6a0ddb RSA: wipe stack buffers
The RSA private key functions rsa_rsaes_pkcs1_v15_decrypt and
rsa_rsaes_oaep_decrypt put sensitive data (decryption results) on the
stack. Wipe it before returning.

Thanks to Laurent Simon for reporting this issue.
2017-05-16 10:22:37 +01:00
Simon Butcher 77da95357f Add fix for #667 to ChangeLog 2017-05-16 10:22:37 +01:00
Simon Butcher 4775e83337 Fix ChangeLog
Fixes the ChangeLog following the merge of the ECP HW acceleration interfaces
in aab9efb.
2017-05-16 10:22:37 +01:00
Janos Follath 45182a0065 Add Changelog entry for RSA exponent blinding 2017-05-16 10:22:37 +01:00
Janos Follath 7a8a090f55 Add Changelog entry for CA list suppression 2017-05-16 10:22:37 +01:00
Andres Amaya Garcia 75fdf631fd Remove obsolete macros from compat-1.3.h 2017-05-16 10:22:37 +01:00
Hanno Becker 7e5437a972 Remember suitable hash function for any signature algorithm.
This commit changes `ssl_parse_signature_algorithms_ext` to remember
one suitable ( := supported by client and by our config ) hash
algorithm per signature algorithm.

It also modifies the ciphersuite checking function
`ssl_ciphersuite_match` to refuse a suite if there
is no suitable hash algorithm.

Finally, it adds the corresponding entry to the ChangeLog.
2017-05-15 11:50:11 +01:00
Janos Follath 7e2406f6f0 Add Changelog entry 2017-05-11 22:42:14 +01:00
Manuel Pégourié-Gonnard c1380de887 RSA PKCS1v1.5 verification: check padding length
The test case was generated by modifying our signature code so that it
produces a 7-byte long padding (which also means garbage at the end, so it is
essential in to check that the error that is detected first is indeed the
padding rather than the final length check).
2017-05-11 13:10:13 +02:00
Gilles Peskine 3df98f50a9 Changelog entry for the bug fixes 2017-05-10 17:47:40 +02:00
Hanno Becker 072e806a07 Adapt ChangeLog 2017-05-09 10:47:49 +01:00
Hanno Becker b2034b7785 Fix potential stack underflow in mpi_read_file.
When provided with an empty line, mpi_read_file causes a numeric
underflow resulting in a stack underflow. This commit fixes this and
adds some documentation to mpi_read_file.
2017-05-09 10:29:06 +01:00
Hanno Becker a6ed9c5429 Backup errno in net_would_block
Safe and restore the value of errno in net_would_block to be sure
it's not affected by the guarding call to fcntl. Fixes #845.
2017-05-04 13:53:26 +01:00
Gilles Peskine 0e17eb05f8 More length checks in RSA PKCS1v15 verify
Tighten ASN.1 parsing of RSA PKCS#1 v1.5 signatures, to avoid a
potential Bleichenbacher-style attack.
2017-05-03 18:56:10 +02:00
Gilles Peskine 36091fe3ef Added changelog entry 2017-05-03 16:55:03 +02:00
Simon Butcher b65c2be5f1 Updated version number to 2.4.2 for release 2017-03-10 18:50:44 +00:00
Janos Follath 0a5154b8a1 Clarify the use of ECDSA API
In the ecdsa.c sample application we don't use hashing, we use ecdsa
directly on a buffer containing plain text. Although the text explains
that it should be the message hash it still can be confusing.

Any misunderstandings here are potentially very dangerous, because ECDSA
truncates the message hash if necessary and this can lead to trivial
signature forgeries if the API is misused and the message is passed
directly to the function without hashing.

This commit adds a hash computation step to the ecdsa.c sample
application and clarification to the doxygen documentation of the
ECDSA functions involved.
2017-03-10 11:31:41 +00:00
Simon Butcher 81cf88f6d7 Added missing credit to ChangeLog for #555 2017-03-07 19:35:49 +00:00
Simon Butcher 8b987500f2 Corrected attibution in Changelog 2017-03-07 12:37:14 +00:00
Andres AG d1cc7f6f34 Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 21:34:21 +00:00
Ron Eldor 12e0b800da Fix resource leak when using mutex and ssl_cookie
When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by
initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it.
Raised and fix suggested by lan Gillingham in the mbed TLS forum
Tracked in #771
2017-03-02 12:26:11 +00:00
Simon Butcher 28d9fe031d Fix mistake in ChangeLog from file merge 2017-03-02 12:05:54 +00:00
Ron Eldor 04965edaa8 Fix resource leak when using mutex and ssl_cookie
When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by
initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it.
Raised and fix suggested by lan Gillingham in the mbed TLS forum
Tracked in #771
2017-03-02 11:58:15 +00:00
Simon Butcher 956c58ffa9 Add fix and credit for #742 to the ChangeLog 2017-03-02 09:20:53 +00:00
Simon Butcher 065cede476 Add fix and credit for #742 to the ChangeLog 2017-03-02 09:18:09 +00:00
Simon Butcher 71e9d58dc2 Clarify ChangeLog for #569 2017-02-28 18:47:27 +00:00
Janos Follath 7dadc2f259 ECP: Prevent freeing a buffer on stack
The function ecp_mod_koblitz computed the space for the result of a
multiplication optimally for that specific case, but unfortunately
the function mbedtls_mpi_mul_mpi performs a generic, suboptimal
calculation and needs one more limb for the result. Since the result's
buffer is on the stack, the best case scenario is that the program
stops.

This only happened on 64 bit platforms.

Fixes #569
2017-02-28 18:41:39 +00:00
Simon Butcher d02dc14c94 Fix credit in ChangeLog for #722 2017-02-28 16:36:22 +00:00
Andres AG 5708dcb368 Fix memory leak in mbedtls_x509_crl_parse()
The memory leak call was caused by missing calls to mbedtls_pem_free()
when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was
encountered.
2017-02-28 14:51:31 +00:00
Janos Follath 87c980749d Fix buffer overread in mbedtls_x509_get_time()
A heap overread might happen when parsing malformed certificates.
Reported by Peng Li and Yueh-Hsun Lin.

Refactoring the parsing fixes the problem. This commit applies the
relevant part of the OpenVPN contribution applied to mbed TLS 1.3
in commit 17da9dd829.
2017-02-28 14:23:12 +00:00
Simon Butcher fc794ff2b7 Merge branch 'iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 19:06:05 +00:00
Simon Butcher 0278a38f10 Merge branch 'iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:16:02 +00:00
Simon Butcher 0621b1fbb0 Add detail to ChangeLog for SLOTH fix 2017-02-15 23:31:07 +02:00
Andres AG 4623d83c6f Fix integer overflow mbedtls_base64_decode()
Fix potential integer overflows in the function mbedtls_base64_decode().
This overflow would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Andres Amaya Garcia 6a54336897 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Janos Follath 182013faf4 Prevent SLOTH attacks 2017-02-15 23:29:32 +02:00
Simon Butcher a333b3c194 Add credit to Changelog for #562 2017-02-15 23:28:48 +02:00
Simon Butcher d57c8f0048 Clarify fix for #673 in Changelog
Clarified fix, and added credit.
2017-02-15 23:27:58 +02:00
Andres AG 2196c7f81c Fix renegotiation at incorrect times in DTLS
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-02-15 23:26:35 +02:00
Janos Follath 4c006cdb1c Update library version number to 2.4.1 2017-02-15 22:55:55 +02:00
Janos Follath 5da3a6f92f Update CMAC test vectors. 2017-02-15 22:55:30 +02:00
Andres AG c0db511820 Fix unused variable/function compilation warnings
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
2017-02-15 22:54:42 +02:00
Andres AG d15423446b Fix redefinition of macro ssl_set_bio
Fix redefinition of macro ssl_set_bio to undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h.
2017-02-15 22:51:24 +02:00
Simon Butcher 1d4db5b7b5 Merge 'iotssl-1099-incorrect-renego-dtls'
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-02-02 23:47:08 +00:00
Simon Butcher d9440b15e6 Add credit to Changelog for #562 2017-02-02 16:17:37 +00:00
Simon Butcher d934b5371a Merge 'iotssl-952-tfirmware-warnings'
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
2017-02-02 16:08:29 +00:00
Simon Butcher 1bef2266e5 Clarify fix for #673 in Changelog
Clarified fix, and added credit.
2017-02-02 13:08:37 +00:00
Simon Butcher 4d1e104bc1 Merge iotssl-1079-macro-redefinition-warning
Fix redefinition of macro ssl_set_bio to undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h.
2017-02-02 12:19:04 +00:00
Andres AG d16506624a Fix verify out flags from x509_crt_verify_top()
This change fixes a regression introduced by an earlier commit that
modified x509_crt_verify_top() to ensure that valid certificates
that are after past or future valid in the chain are processed. However
the change introduced a change in behaviour that caused the
verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in
the verification regardless of the cause.

The fix maintains both behaviours:
  * Ensure that valid certificates after future and past are verified
  * Ensure that the correct verification flags are set.

To do so, a temporary pointer to the first future or past valid
certificate is maintained while traversing the chain. If a truly valid
certificate is found then that one is used, otherwise if no valid
certificate is found and the end of the chain is reached, the program
reverts back to using the future or past valid certificate.
2017-01-20 13:52:01 +00:00
Andres AG 939954c0b0 Fix CRL parsing to avoid infinite loop
This patch modifies the function mbedtls_x509_crl_parse() to ensure
that a CRL in PEM format with trailing characters after the footer does
not result in the execution of an infinite loop.
2017-01-19 16:43:48 +00:00
Andres AG 18c5c59b5b Fix renegotiation at incorrect times in DTLS
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-01-19 16:30:15 +00:00
Janos Follath 1808dc01bd Update library version number to 2.4.1 2016-12-13 16:00:52 +00:00
Janos Follath cd13bd2819 Update CMAC test vectors. 2016-12-13 16:00:52 +00:00
Andres AG 0368cb7f1c Fix unused variable/function compilation warnings
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
2016-12-07 16:15:32 +00:00
Andres AG ee7157e735 Fix redefinition of macro ssl_set_bio
Fix redefinition of macro ssl_set_bio to undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h.
2016-12-07 10:27:00 +00:00
Andres AG 9c94b6951c Add tests for overreads in pem_read_buffer() 2016-11-21 11:03:40 +00:00
Andres AG 703990b839 Fix buffer overreads in mbedtls_pem_read_buffer() 2016-10-24 13:00:37 +01:00
Simon Butcher 19dbd41c5b Update Changelog version number to 2.4.0 2016-10-16 19:35:49 +01:00
Simon Butcher ef8fa012ea Tidied up style and phrasing of ChangeLog 2016-10-16 00:44:08 +01:00
Janos Follath 240f185b79 Update ChangeLog for MBEDTLS_SELF_TEST fix 2016-10-14 15:23:21 +01:00
Simon Butcher 8e00410402 Merge fix for AEAD Random IVs 2016-10-14 00:48:33 +01:00
Simon Butcher 9800a058ae Merge branch 'development' 2016-10-13 17:25:56 +01:00
Simon Butcher 99000142cb Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
Simon Butcher 2bd0fbaad0 Update to Changelog for #626 2016-10-13 16:29:56 +01:00
Simon Butcher 488c08c00b Merge branch fixing date validity in X.509 2016-10-13 16:13:09 +01:00
Simon Butcher 59bffa2df0 Update Changelog for X.509 unrecognised field fix 2016-10-13 15:55:56 +01:00
Simon Butcher 511526720c Merge fix for branch SSL client overread 2016-10-13 15:39:09 +01:00
Simon Butcher b81496b9b5 Update and clean up Changelog for #622 2016-10-13 14:03:37 +01:00
Simon Butcher d05192501b Added credit to Changelog for fix #558 2016-10-13 13:54:48 +01:00
Janos Follath e5dc202469 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 13:54:48 +01:00
Simon Butcher 468a84c7df Clarified Changelog for fix #602 2016-10-13 13:54:48 +01:00
Andres AG 314d8a8400 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-13 13:54:47 +01:00
Simon Butcher 9af0280aa5 Updated Changelog for fix #599 2016-10-13 13:54:14 +01:00
Andres AG 410d3dd3c7 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
Simon Butcher 4f85907b5a Revise Changelog to clarify and add credit 2016-10-13 13:53:33 +01:00
Simon Butcher b93fdddf67 Revise Changelog to clarify and add credit 2016-10-13 13:53:12 +01:00
Simon Butcher dcb9892939 Update Changelog for fixes to X.509 sample apps 2016-10-13 13:52:39 +01:00
Simon Butcher eb02fb5ad4 Update Changelog for fix #559 2016-10-13 13:52:00 +01:00
Simon Butcher e5796c1fbc Add CMAC to ChangeLog 2016-10-13 13:51:12 +01:00
Janos Follath 0be2b01a6b Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-13 13:51:07 +01:00
Andres AG 94d73b0b0a Add config macro for min bytes hw entropy 2016-10-13 13:48:48 +01:00
Andres AG ba66e8958d Add new config.h that does not need entropy source 2016-10-13 13:48:48 +01:00
Andres AG 3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Simon Butcher 77d779e8bb Update for ChangeLog for fixes for cert_app 2016-10-13 13:48:48 +01:00
Simon Butcher 1c8b33ad19 Merge branch 'development' 2016-10-13 13:40:41 +01:00
Simon Butcher 4d69ecd9cb Added credit to Changelog for fix #558 2016-10-13 00:32:28 +01:00
Janos Follath ef44178474 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Simon Butcher f6e3b9e8b2 Clarified Changelog for fix #602 2016-10-12 19:52:38 +01:00
Andres AG 821da84ff9 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:49:41 +01:00
Simon Butcher 3a5e070982 Updated Changelog for fix #599 2016-10-12 16:46:48 +01:00
Andres AG 776a6fcd1a Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 16:43:37 +01:00
Janos Follath b48c8ac45d Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:36:31 +01:00
Janos Follath 1aae658d76 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:32:17 +01:00
Simon Butcher 5a74d26006 Added credit to Changelog for X.509 DER bounds fix 2016-10-11 14:09:10 +01:00
Andres AG e0af995f12 Add test for bounds in X509 DER write funcs 2016-10-11 14:07:48 +01:00
Andres AG 60dbc93831 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 14:07:48 +01:00
Simon Butcher 851ae29a5d Revise Changelog to clarify and add credit 2016-10-11 12:28:04 +01:00
Simon Butcher b98eaff408 Revise Changelog to clarify and add credit 2016-10-11 10:13:52 +01:00
Simon Butcher df6c3e8e48 Merge branch 'iotssl-825-double-free-quickfix'
Conflicts:
	ChangeLog
2016-10-11 00:07:14 +01:00
Simon Butcher f77309cb35 Update Changelog for fixes to X.509 sample apps 2016-10-10 09:05:26 +01:00
Simon Butcher f73fd701c0 Update Changelog for fix #559 2016-10-07 11:17:44 +01:00
Simon Butcher 21c54816f5 Add CMAC to ChangeLog 2016-10-05 14:19:18 +01:00
Janos Follath 5437a75b15 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-09-30 09:29:55 +01:00
Andres AG 4b76aecaf3 Add check for validity of date in x509_get_time() 2016-09-28 14:32:54 +01:00
Andres AG 5a87c9375d Fix overread when verifying SERVER_HELLO in DTLS 2016-09-28 14:26:57 +01:00
Andres AG 7abc974ec4 Add config macro for min bytes hw entropy 2016-09-27 14:25:31 +01:00
Andres AG f84f8926a7 Add new config.h that does not need entropy source 2016-09-27 14:25:31 +01:00
Andres AG 788aa4a812 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Simon Butcher d43fb9598a Update for ChangeLog for fixes for cert_app 2016-09-26 20:48:56 +01:00
Andres AG 4bdbe09f90 Fix sig->tag update in mbedtls_x509_get_sig() 2016-09-19 17:09:45 +01:00
Andres AG f9113194af Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2016-09-16 11:42:35 +01:00
Simon Butcher c0d76b8255 Update ChangeLog for fix for #541 - out-of-tree CMake builds 2016-09-07 17:25:16 +03:00
Simon Butcher cad6e93e19 Update to ChangeLog for bug #428 2016-09-05 01:48:31 +03:00
Simon Butcher 5908bccfc0 Updated ChangeLog for PR#565
Updated ChangeLog for pull request #565 - Remove unused consts from oid lists
2016-09-04 15:14:38 +01:00
Simon Butcher 327d66520e Update ChangeLog for fix to crypt_and_hash #441 2016-09-02 21:53:50 +01:00
Simon Butcher cf8c1f4ddb Update ChangeLog to include the most recent fixes 2016-09-02 21:29:39 +03:00
Simon Butcher 46125fbb73 Updates ChangeLog with final changes for release 2016-06-27 19:43:55 +01:00
Simon Butcher 9c22e7311c Merge branch 'development' 2016-05-24 13:25:46 +01:00
Paul Bakker dc08545395 Update ChangeLog to reflect 2016-05-23 14:29:32 +01:00
Paul Bakker 456fea0000 Amended ChangeLog 2016-05-23 14:29:31 +01:00
Janos Follath c6dab2b029 Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:27:02 +01:00
Simon Butcher 94bafdf834 Merge branch 'development' 2016-05-18 18:40:46 +01:00
Paul Bakker f8e3794792 Update ChangeLog to reflect 2016-05-13 10:50:41 +01:00
Paul Bakker 8f0e4c263a Amended ChangeLog 2016-05-12 16:38:27 +01:00
Simon Butcher f8935075dc Update ChangeLog for bug #429 in ssl_fork_server 2016-05-03 15:43:52 +01:00
Simon Butcher 45732c7cac Update ChangeLog for bug #429 in ssl_fork_server 2016-04-29 00:12:53 +01:00
Simon Butcher e4a46f696f Merge branch 'development' 2016-04-27 18:44:37 +01:00
Simon Butcher 3fe6cd3a2d Fixes time() abstraction for custom configs
Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.
2016-04-26 19:51:29 +01:00
Simon Butcher a543d11d3a Fixes mbedtls_mpi_zeroize() function name in ChangeLog 2016-04-26 12:51:37 +01:00
Simon Butcher d7e9ad7d83 Updates ChangeLog with faster MPI zeroize fix
Added optimised mbedtls_mpi_zeroise() credit to ChangeLog.
2016-04-25 16:07:12 +01:00
Janos Follath 8a3170571e Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 00:41:54 +01:00
Simon Butcher 2300776816 Merge branch 'development' 2016-04-19 10:39:36 +01:00
Janos Follath 1ed9f99ef3 Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:16:31 +01:00
Simon Butcher 3f5c875654 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
Janos Follath 10c575be3e Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-15 18:49:13 +01:00
Simon Butcher cd0ee5e499 Fixes following review of 'iotssl-682-selftest-ci-break' 2016-03-21 22:54:37 +00:00
Janos Follath 9194744595 Add exit value macros to platform abstraction layer. 2016-03-18 14:05:28 +00:00
Simon Butcher de69b1664b Fix ChangeLog after merge of IOTSSL-628 2016-03-17 11:13:48 +00:00
Simon Butcher 078bcdd6f6 Merge branch 'IOTSSL-628-BufferOverread' 2016-03-16 22:53:11 +00:00
Simon Butcher 184990c1d4 Merge development into development-restricted 2016-03-16 13:56:00 +00:00
Simon Butcher 4b852db299 Merge branch 'iotssl-629-der-trailing-bytes'
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Manuel Pégourié-Gonnard 8ddc93f07a Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-09 21:06:20 +00:00
Janos Follath e43b81ae68 Add Changelog entry for current branch 2016-03-09 21:06:20 +00:00
Janos Follath 3218b21b68 Add Changelog entry for current branch 2016-03-09 21:06:19 +00:00
Manuel Pégourié-Gonnard 370717b571 Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-09 21:06:19 +00:00
Janos Follath cc4eba73fb Add Changelog entry for current branch 2016-03-09 21:06:19 +00:00
Simon Butcher 00157ce510 Update the ChangeLog 2016-03-09 19:32:11 +00:00
Simon Butcher f59e66ba24 Remove redundant test certificates and clarify ChangeLog 2016-03-09 19:32:10 +00:00
Janos Follath b437b4b125 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-03-09 19:32:10 +00:00
Janos Follath cc0e49ddde x509: trailing bytes in DER: fix bug
Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. #377
2016-02-17 14:41:36 +00:00
Janos Follath bc247c9946 Extended ChangeLog entry 2016-02-11 11:15:44 +00:00
Janos Follath eae41bf340 Add Changelog entry for current branch 2016-02-10 16:40:16 +00:00
Janos Follath 4ae5c294a4 Add Changelog entry and improve coding style 2016-02-10 11:27:43 +00:00
Simon Butcher 9a3ee57c84 Merge branch 'fixes' into development 2016-01-13 02:08:02 +00:00
Manuel Pégourié-Gonnard c990189e14 Revert changes done to 'make apidoc' target
This partially reverts 1989caf71c (only the changes to Makefile and
CMakeLists, the addition to scripts/config.pl is kept).

Modifying config.h in the apidoc target creates a race condition with

    make -j4 all apidoc

where some parts of the library, tests or programs could be built with the
wrong config.h, resulting in all kinds of (semi-random) errors. Recent
versions of CMake mitigate this by adding a .NOTPARALLEL target to the
generated Makefile, but people would still get errors with older CMake
versions that are still in use (eg in RHEL 5), and with plain make.

An additional issue is that, by failing to use cp -p, the apidoc target was
updating the timestamp on config.h, which seems to cause further build issues.

Let's get back to the previous, safe, situation. The improved apidoc building
will be resurrected in a script in the next commit.

fixes #390
fixes #391
2016-01-12 14:48:03 +00:00
Manuel Pégourié-Gonnard 25caaf36a6 Avoid build errors with -O0 due to assembly 2016-01-08 14:29:11 +01:00
Manuel Pégourié-Gonnard 3551901cd1 Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-07 13:55:05 +01:00
Manuel Pégourié-Gonnard afbb3101ce Update ChangeLog for latest PR merged
fixes #309
2016-01-07 13:26:11 +01:00
Manuel Pégourié-Gonnard f92c86e44d Update reference to attack in ChangeLog
We couldn't do that before the attack was public
2016-01-07 13:18:01 +01:00
Simon Butcher bfafadb45d Change version number to 2.2.1
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard 7f88b8ec86 Tune description of a change/bugfix in ChangeLog 2016-01-04 17:36:44 +01:00
Simon Butcher 1285ab5dc2 Fix for memory leak in RSA-SSA signing
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c
2016-01-01 21:42:47 +00:00
Simon Butcher c4a6ce6a4c Merge branch 'origin/iotssl-541-pathlen-bugfix' 2015-12-30 07:52:54 +00:00
Simon Butcher c42350125e Clarification in ChangeLog 2015-12-23 18:36:16 +00:00
Simon Butcher 4c2bfdbff6 Merge 'iotssl-558-md5-tls-sigs-restricted' 2015-12-23 18:33:54 +00:00
Simon Butcher 9c2626c641 Merge 'iotssl-566-double-free-restricted' 2015-12-23 16:42:03 +00:00
Simon Butcher 00923c1897 Fix typo in Changelog 2015-12-22 19:04:24 +00:00
Simon Butcher fabce5e137 Merge branch 'misc' into development
Fixes github #358, #362 and IOTSSL-536
2015-12-22 18:56:56 +00:00
Simon Butcher 207990dcf5 Added description of change to the Changelog
Also clarified some comments following review.
2015-12-16 01:51:30 +00:00
Manuel Pégourié-Gonnard 1e07562da4 Fix wrong length limit in GCM
See for example page 8 of
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

The previous constant probably came from a typo as it was 2^26 - 2^5 instead
of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
2^32 as the ull suffix and cast to uint64_t show.

fixes #362
2015-12-10 14:54:21 +01:00
Manuel Pégourié-Gonnard 97b5209bc0 Fix potential double free in cert writing code
In case an entry with the given OID already exists in the list passed to
mbedtls_asn1_store_named_data() and there is not enough memory to allocate
room for the new value, the existing entry will be freed but the preceding
entry in the list will sill hold a pointer to it. (And the following entries
in the list are no longer reachable.) This results in memory leak or a double
free.

The issue is we want to leave the list in a consistent state on allocation
failure. (We could add a warning that the list is left in inconsistent state
when the function returns NULL, but behaviour changes that require more care
from the user are undesirable, especially in a stable branch.)

The chosen solution is a bit inefficient in that there is a time where both
blocks are allocated, but at least it's safe and this should trump efficiency
here: this code is only used for generating certificates, which is unlikely to
be done on very constrained devices, or to be in the critical loop of
anything. Also, the sizes involved should be fairly small anyway.

fixes #367
2015-12-10 11:23:55 +01:00
Manuel Pégourié-Gonnard c5892ca50c Add credits to ChangeLog 2015-12-08 16:14:58 +01:00
Manuel Pégourié-Gonnard 47229c7cbb Disable MD5 in handshake signatures by default 2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard f4569b14c4 Fix bug checking pathlen on first intermediate
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.

The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)

fixes #280
2015-11-19 11:10:38 +01:00
Simon Butcher 8254ed2a9f Change version number to 2.2.0
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Simon Butcher 59a8fa7e2e Corrected typo in ChangeLog 2015-11-03 23:09:28 +00:00
Manuel Pégourié-Gonnard bd3639852c Merge branch 'iotssl-519-asn1write-overflows-restricted' into development-restricted
* iotssl-519-asn1write-overflows-restricted:
  Fix other int casts in bounds checking
  Fix other occurrences of same bounds check issue
  Fix potential buffer overflow in asn1write
2015-11-02 11:07:30 +09:00
Manuel Pégourié-Gonnard 537e2a9b58 Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted
* iotssl-518-winpathlen-restricted:
  Fix potential heap corruption on Windows
2015-11-02 11:04:59 +09:00
Manuel Pégourié-Gonnard f8b2442e2f Merge branch 'iotssl-517-double-free-restricted' into development-restricted
* iotssl-517-double-free-restricted:
  Fix potential double-free in ssl_conf_psk()
2015-11-02 11:03:32 +09:00
Manuel Pégourié-Gonnard c99dffad36 Add ChangeLog entry for ASN.1 DER boolean fix 2015-11-02 06:00:02 +09:00
Manuel Pégourié-Gonnard ba1d897987 Merge branch 'bugfixes' into development
* bugfixes:
  Fix typo in an OID name
  Disable reportedly broken assembly of Sparc(64)
2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard 568f1e7cb3 Merge branch 'iotssl-515-max-pathlen' into development
* iotssl-515-max-pathlen:
  Add Changelog entries for this branch
  Fix a style issue
  Fix whitespace at EOL issues
  Use symbolic constants in test data
  Fixed pathlen contraint enforcement.
  Additional corner cases for testing pathlen constrains. Just in case.
  Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:49:08 +09:00
Manuel Pégourié-Gonnard 2b624e9b39 Add Changelog entries for this branch 2015-10-30 09:45:34 +01:00
Simon Butcher 204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
Simon Butcher 62aab15085 Merge branch 'development' into iotssl-513-alerts 2015-10-27 16:05:34 +00:00
Simon Butcher 5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard e0b2feae34 Mention performance fix in ChangeLog 2015-10-27 10:24:54 +01:00
Manuel Pégourié-Gonnard 65eefc8707 Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard d21eb2ae81 Fix attribution in ChangeLog 2015-10-23 15:35:02 +02:00
Manuel Pégourié-Gonnard fbdf06c1a4 Fix handling of non-fatal alerts
fixes #308
2015-10-23 13:11:31 +02:00
Manuel Pégourié-Gonnard e5f3072aed Fix #ifdef inconsistency
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard 66fc07362e Fix typo in an OID name
fixes #314
2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard 7c5fcdc17a Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard 22c3b7b9da Fix potential buffer overflow in asn1write 2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard 261faed725 Fix potential heap corruption on Windows
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard 173c790722 Fix potential double-free in ssl_conf_psk() 2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard 1ef96c2231 Update ChangeLog for the EC J-PAKE branch 2015-10-20 15:04:57 +02:00
Manuel Pégourié-Gonnard 4104864e54 ECHDE-PSK does not use a certificate
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard ca056c7748 Fix CVE number in ChangeLog 2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard a97ab2c8a6 Merge branch 'development' into development-restricted
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher 7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard 899ac849d0 Merge branch 'development' into development-restricted
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard 0431735299 Fix compile error in net.c with musl libc
fixes #278
2015-10-05 12:17:49 +01:00
Simon Butcher 475cf0a98a Merge fix of IOTSSL-496 - Potential heap overflow
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard 0223ab9d38 Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher fec73a8eec Merge of fix for IOTSSL-481 - Double free
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher c48b66bfb6 Changed attribution for Guido Vranken 2015-10-05 10:18:17 +01:00
Simon Butcher 6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Simon Butcher a45aa1399b Merge of IOTSSL-476 - Random malloc in pem_read() 2015-10-05 00:26:36 +01:00
Simon Butcher e7f96f22ee Merge fix IOTSSL-475 Potential buffer overflow
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
Simon Butcher d5ba4672b2 Merge fix for IOTSSL-474 PKCS12 Overflow
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
Simon Butcher 5b8d1d65f7 Fix for IOTSSL-473 Double free error
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard ef388f168d Merge branch 'development' into development-restricted
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard bc1babb387 Fix potential overflow in CertificateRequest 2015-10-02 11:20:28 +02:00
Simon Butcher 54eec9d1dd Merge pull request #301 from Tilka/typo
Fix a fairly common typo in comments
2015-10-01 02:07:24 +01:00
Simon Butcher a12e3c00bf Updated ChangeLog with credit 2015-10-01 01:59:33 +01:00
Manuel Pégourié-Gonnard 0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher 5624ec824e Reordered TLS extension fields in client
Session ticket placed at end
2015-09-29 01:06:06 +01:00
Simon Butcher 04799a4274 Fixed copy and paste error
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Manuel Pégourié-Gonnard d02a1daca7 Fix stack buffer overflow in pkcs12 2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard 24417f06fe Fix potential double-free in mbedtls_ssl_conf_psk() 2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard 58fb49531d Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-28 15:59:54 +02:00
Tillmann Karras 588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Simon Butcher 8f98842e38 Refined credits in ChangeLog for fuzzing issue
Changed GDS to Gotham Digital Science
2015-09-22 10:10:36 +01:00
Manuel Pégourié-Gonnard 8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher ac58c53ab1 Merge remote-tracking branch 'origin/development' 2015-09-16 23:25:25 +01:00
Simon Butcher 7dd82f8fd5 Merge branch 'development' with bugfix branch
Conflicts:
	ChangeLog
2015-09-16 16:21:38 +01:00
Simon Butcher 5793e7ef01 Merge 'development' into iotssl-411-port-reuse
Conflicts:
	ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard f7022d1131 Fix bug in server parsing point formats extension
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Simon Butcher a1a1128f7d Updated ChangeLog for fix #275 2015-09-14 21:30:40 +01:00
Simon Butcher d69f14bed8 Updated Changelog for new version 2015-09-11 20:00:20 +01:00
Simon Butcher 8a52a7468d Added PR to Changelog for NWilson 2015-09-11 19:44:34 +01:00
Manuel Pégourié-Gonnard c2ed8029ff Fix ChangeLog - misplaced entries 2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard 14c2574a9d Update Changelog 2015-09-08 15:12:45 +02:00
Simon Butcher e5a21b4493 Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard 5f50104c52 Add counter-measure against RSA-CRT attack
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard 7f2f062a5d Fix possible client crash on API misuse 2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard 0a0c22e0ef Add ChangeLog entry about license change 2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Simon Butcher 52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard b2beb84be6 Changelog entry fro the previous commit 2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard 1385a289f4 Fix possible mutex lock/unlock mismatch
fixes #257
2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard c98204e68f Fix missing break in switch for SSL presets
closes #235
2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard ed46c436c0 Fix error when loading libmbedtls.so 2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard e33316c607 Add test build of shared libs for windows 2015-08-07 13:22:37 +02:00
Manuel Pégourié-Gonnard 32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard 9983993e27 Fix bug with make install without tests
closes #232
2015-08-03 10:42:10 +02:00
Manuel Pégourié-Gonnard 2006408545 Fix Make bug when installing programs 2015-08-03 10:40:38 +02:00
Manuel Pégourié-Gonnard 052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Simon Butcher 10a6f02f83 Merge branch 'development' into IOTSSL-442-hello-noext
Conflicts:
	ChangeLog
2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard 52a5079cf2 Fix bug with install target in make
closes #223
2015-07-27 10:36:12 +02:00
Manuel Pégourié-Gonnard 6f42417ba8 Fix typo in that broke installation in cmake
closes #221
2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard a6e5bd5654 Fix bug with extension-less ServerHello
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard bcb0460224 Fix bug with cmake and old version of GCC 2015-07-19 16:00:04 +02:00
Manuel Pégourié-Gonnard 4f3368e31e Fix bug in benchmark.c with DHM params 2015-07-19 15:01:28 +02:00
Paul Bakker 4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard abc729e664 Simplify net_accept() with UDP sockets
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard 91895853ac Move from naked int to a structure in net.c
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard a25ffc3b0f Update Changelog for target split 2015-06-25 12:01:16 +02:00
Manuel Pégourié-Gonnard 53585eeb17 Remove test DHM params from certs.c
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard c0d749418b Make 'port' a string in NET module
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 1cd10adc7c Update prototype of x509write_set_key_usage()
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
First one means we have time() but it may not return the actual wall clock
time, second means it does.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard 898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard 88d37859b6 Update Changelog for the profiles branch 2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard 7ee5ddd798 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard f2ec505c34 Ack external bugfix in Changelog 2015-06-03 09:50:07 +01:00
Manuel Pégourié-Gonnard 3e87a9f57f FIx misplaced Changelog entry (oops) 2015-06-03 09:48:26 +01:00
Manuel Pégourié-Gonnard bc6ff23dc6 Update changelog for i/o lengths 2015-06-02 16:33:08 +01:00
Manuel Pégourié-Gonnard 9693668c23 Tune Changelog (typos, ordering) 2015-06-02 15:14:15 +01:00
Manuel Pégourié-Gonnard d22514e8f6 Fix contributor's name in Changelog 2015-06-02 12:59:59 +01:00
Manuel Pégourié-Gonnard 0574bb0bdb Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Mark unused constant as such
  Update ChangeLog for recent external bugfix
  Serious bug fix in entropy.c
  Fix memleak with repeated [gc]cm_setkey()
  fix minor bug in path_cnt checks

Conflicts:
	include/mbedtls/cipher.h
	library/ccm.c
	library/entropy.c
	library/gcm.c
	library/x509_crt.c
2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard 5866848092 Update ChangeLog for recent external bugfix 2015-06-02 09:08:35 +01:00
Manuel Pégourié-Gonnard cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard 41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard eb0d8706ce Add option for even smaller SHA-256 2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard 2a1524ccb5 Manually merge 1.3 changelog 2015-05-27 17:59:46 +02:00