Commit graph

3442 commits

Author SHA1 Message Date
Hanno Becker dcbb0246f9 Correct comments 2017-07-28 22:04:08 +01:00
Hanno Becker 56fa40f4f5 Adapt ChangeLog 2017-07-28 22:02:58 +01:00
Hanno Becker e6ee6383a9 Reliably zeroize sensitive data in AES sample application
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 21:58:47 +01:00
Hanno Becker 8188d392af Reliably zeroize sensitive data in Crypt-and-Hash sample application
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 21:58:31 +01:00
Simon Butcher e513cf7f26 Remove the check in ssl-opt.sh for MAX_INTERMEDIATE_CA
The check uses grep, not config.pl, on the x509 headers - not where it should
be configured - config.h. grep syntax isn't very portable. Without config.pl
it's quite hard to do this check properly so removing this check.
2017-07-28 13:16:50 +01:00
Simon Butcher 4c338d539a Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 13:16:50 +01:00
Ron Eldor b34be244e6 Backport 1.3: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 13:16:50 +01:00
Hanno Becker 88252333e2 Fix typo 2017-07-28 13:15:57 +01:00
Hanno Becker 63ee8c1b73 Check threshold for POLARSSL_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that POLARSSL_X509_MAX_INTERMEDIATE_CA is below
the hardcoded threshold 20 used in the long certificate chain generating
script tests/data_files/dir-max/long.sh. This commit adds a compile-time
check for that.
2017-07-28 13:15:57 +01:00
Hanno Becker 806c680eba Improve Readme for long test certificate chains 2017-07-28 13:15:57 +01:00
Hanno Becker 5a0ea97cfb Check value of POLARSSL_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
POLARSSL_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit
adds a check before conducting the respective tests.
2017-07-28 13:15:57 +01:00
Hanno Becker 2625f4aa93 Correct indentation and labelling in ChangeLog 2017-07-28 13:15:57 +01:00
Janos Follath 5308f47038 Fix implementation-defined integer conversion
"When an integer is demoted to a signed integer with smaller size, or an
unsigned integer is converted to its corresponding signed integer, if
the value cannot be represented the result is implementation-defined."
2017-07-28 13:15:57 +01:00
Janos Follath 1fbc5fb027 Fix typos 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard 33e8d34e95 Fix filtering bug in ssl-opt.sh
If the first test to be run according to -e and -f options is just after a
test that would have been skipped due to a require_xxx instruction, then it
would be incorrectly skipped.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard cfea3ebd01 Update doc of return value of verify() 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard e23f7b312d Make test script more portable
seq isn't POSIX and isn't present by default on BSDs
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard 77644f2815 Improve comments 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard df745670e1 Add ChangeLog entry for the security issue 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard a68d591176 Add SSL tests for long cert chains 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard d0e755716f Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard 8af7bfa982 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard 7ac50196f3 Add test for limit on intermediate certificates
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-28 13:15:14 +01:00
Simon Butcher c94aeb5be9 Add CRT DER tests with incorrect version 2017-07-27 12:27:00 +01:00
Simon Butcher c31d691b87 Add CRL DER tests with incorrect version 2017-07-27 12:18:25 +01:00
Simon Butcher bb43aa90c3 Add CSR DER tests with incorrect version 2017-07-27 12:13:19 +01:00
Andres AG 3df4e4e1d0 Prevent signed integer overflow in CSR parsing
Modify the function x509_csr_parse_der() so that it checks the parsed
CSR version integer before it increments the value. This prevents a
potential signed integer overflow, as these have undefined behaviour in
the C standard.
2017-07-27 11:50:58 +01:00
Andres AG 47f3059780 Fix potential integer overflow parsing DER CRT
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-27 11:50:04 +01:00
Andres AG 26124be17a Fix potential integer overflow parsing DER CRL
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-27 11:49:08 +01:00
Ron Eldor 57501ef056 Backport 1.3: Check rc of mbedtls_mpi_fill_random
Add MPI_CHK to check for error value of mpi_fill_random.
Backport from Report and fix suggestion by guidovranken in #740
2017-07-20 01:26:53 +02:00
Ron Eldor 454da1fa6f Backport 1.3: Resource leak fix on windows
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-20 01:08:17 +02:00
Ron Eldor 7771824235 Backport 1.3: Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-20 00:49:43 +02:00
Ron Eldor 4f1e64ed4b Backport 1.3: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:33:27 +02:00
Ron Eldor 1d260545fc Minor: Fix typo in program comments
Fix a typo in some reference program applications
2017-07-19 23:44:21 +02:00
Simon Butcher 573bb96416 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
 - mbedtls_rsa_pkcs1_decrypt,
 - mbedtls_rsa_rsaes_pkcs1_v15_decrypt
  - mbedtls_rsa_rsaes_oaep_decrypt
2017-07-19 01:58:47 +01:00
Simon Butcher 8a2855ee3c Update the version number to 1.3.20 2017-06-20 23:46:46 +01:00
Janos Follath 3aab1a8796 Improve Changelog 2017-06-16 14:28:37 +01:00
Manuel Pégourié-Gonnard 7880cb40f4 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Remove %zu format string from ssl_client2 and ssl_server2
2017-06-09 17:41:46 +02:00
Manuel Pégourié-Gonnard 8fea6b205a Merge remote-tracking branch 'hanno/remove_format_qualifier_backport-1.3' into mbedtls-1.3
* hanno/remove_format_qualifier_backport-1.3:
  Remove %zu format string from ssl_client2 and ssl_server2
2017-06-09 17:39:51 +02:00
Hanno Becker 569a4f4573 Remove %zu format string from ssl_client2 and ssl_server2 2017-06-09 16:26:04 +01:00
Manuel Pégourié-Gonnard b870179c3c Merge remote-tracking branch 'restricted/iotssl-1398_backport-1.3' into mbedtls-1.3-restricted
* restricted/iotssl-1398_backport-1.3:
  Add ChangeLog entry
  Ensure application data records are not kept when fully processed
  Add hard assertion to ssl_read_record
  Fix mbedtls_ssl_read
  Simplify retaining of messages for future processing
2017-06-09 17:06:43 +02:00
Manuel Pégourié-Gonnard 249c30c7c5 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Add entry to ChangeLog
  Don't parse or write extensions in SSLv3
2017-06-09 16:52:44 +02:00
Hanno Becker cc608e86b5 Add entry to ChangeLog 2017-06-09 15:40:48 +01:00
Hanno Becker 5745778333 Don't parse or write extensions in SSLv3
In mbed TLS 1.3 a check went missing disabling the use of extensions
in SERVER_HELLO for SSLv3, causing the "SSLv3 with extensions" test
case from ssl-opt.sh to fail. This commit fixes that and adds a dump
of all extensions present in the client hello that the same test case
also checks for.
2017-06-09 15:30:29 +01:00
Manuel Pégourié-Gonnard 6d61e9751b Improve ChangeLog description of X509 MD5 changes 2017-06-09 14:52:09 +02:00
Manuel Pégourié-Gonnard 7d810939b5 Merge remote-tracking branch 'restricted/1205' into mbedtls-1.3-restricted
* restricted/1205:
  Fix name, documentation & location of config flag
  Restrict MD5 in x509 certificates
2017-06-09 14:49:04 +02:00
Manuel Pégourié-Gonnard 67df3e62e7 Merge near-duplicate ChangeLog entries
As agreed with Gilles on the PR discussion page
2017-06-09 14:48:03 +02:00
Hanno Becker b9c09af596 Add ChangeLog entry 2017-06-09 11:31:43 +01:00
Hanno Becker 0401a3d888 Ensure application data records are not kept when fully processed
This commit fixes the following case: If a client is both expecting a
SERVER_HELLO and has an application data record that's partially
processed in flight (that's the situation the client gets into after
receiving a ServerHelloRequest followed by ApplicationData), a
subsequent call to ssl_read will set keep_current_message = 1
when seeing the unexpected application data, but not reset it to 0
after the application data has been processed. This commit fixes this.
2017-06-09 10:52:45 +01:00
Manuel Pégourié-Gonnard 89306daef5 Fix location of ChangeLog entry
This one was meant to be in the security section, must have been moved while
resolving a merge conflict.
2017-06-08 20:42:33 +02:00