Commit graph

4713 commits

Author SHA1 Message Date
Hanno Becker b658ee63c2 Adapt ChangeLog 2017-10-19 15:45:17 +01:00
Florin a360411e4f Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-19 15:44:37 +01:00
Hanno Becker e298c8b46c Correct typo 2017-10-19 15:44:37 +01:00
Hanno Becker 0d885d3d8c Add expected number of fragments to 16384-byte packet tests 2017-10-19 15:44:37 +01:00
Hanno Becker 2fabe5fb70 Add tests for messages beyond 16384 bytes to ssl-opt.sh
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-10-19 15:44:37 +01:00
Hanno Becker 0560778fb0 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-10-19 15:44:37 +01:00
Hanno Becker 1a662eb928 Allow requests of size larger than 16384 in ssl_client2 2017-10-19 15:44:37 +01:00
Gilles Peskine 31a2d14b92 RSA PSS: fix first byte check for keys of size 8N+1
For a key of size 8N+1, check that the first byte after applying the
public key operation is 0 (it could have been 1 instead). The code was
incorrectly doing a no-op check instead, which led to invalid
signatures being accepted. Not a security flaw, since you would need the
private key to craft such an invalid signature, but a bug nonetheless.
2017-10-19 15:43:53 +02:00
Gilles Peskine 9e2058281d RSA PSS: fix minimum length check for keys of size 8N+1
The check introduced by the previous security fix was off by one. It
fixed the buffer overflow but was not compliant with the definition of
PSS which technically led to accepting some invalid signatures (but
not signatures made without the private key).
2017-10-18 19:06:50 +02:00
Gilles Peskine d0cd855145 RSA: Fix another buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the masking
operation results in an all-zero buffer. This could happen at any key size.
2017-10-17 19:19:55 +02:00
Gilles Peskine 5c3247120f RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.

Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
2017-10-17 19:16:14 +02:00
Hanno Becker 469e93c0f6 Add warning on the use of RFC 5114 primes 2017-10-16 09:21:33 +01:00
Hanno Becker e27543dee1 Adapt ChangeLog 2017-10-13 16:54:58 +01:00
Hanno Becker 80e0d46062 Use 2048-bit DHE parameters from RFC 3526 instead of 5114 by default
The parameters from RFC 5114 are not considered trustworthy, while those from
RFC 3526 have been generated in a nothing-up-my-sleeve manner.
2017-10-13 16:51:54 +01:00
Andres Amaya Garcia fe7fd6e8dc Fix typo in asn1.h 2017-10-12 22:42:04 +01:00
Andres Amaya Garcia b1d78fcf70 Improve leap year test names in x509parse.data 2017-10-12 21:03:15 +01:00
Andres Amaya Garcia bc041130b0 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:03:01 +01:00
Janos Follath 5f1dd80eaf Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 13:58:17 +01:00
Ron Eldor bac9d4d90f Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 13:58:08 +01:00
Hanno Becker 8379554b24 Correct typo: PBDFK -> PBKDF 2017-10-06 14:37:35 +01:00
Hanno Becker 0d0422cbd0 Unify naming schemes for RSA keys 2017-10-06 14:09:58 +01:00
Hanno Becker 59ce0a7635 Improve documentation in pkparse.c
State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for
zeroizing and freeing the provided key buffer.
2017-10-06 14:09:47 +01:00
Hanno Becker 0c104b19e4 Fix typo 2017-10-06 14:05:23 +01:00
Hanno Becker 82027c1cd9 Don't use all_final as a target in tests/data_files/Makefile
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-10-06 14:05:13 +01:00
Hanno Becker 734b6d4527 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-10-06 14:05:04 +01:00
Hanno Becker f5b1ea3707 Correct Makefile in tests/data_files
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
2017-10-06 14:04:54 +01:00
Hanno Becker f700a71acb Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys
For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for
PKCS8-v2-3DES encrypted RSA keys.
2017-10-06 14:04:22 +01:00
Hanno Becker 5e568e225a Add further tests for new RSA keys
For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present.
2017-10-06 14:04:15 +01:00
Hanno Becker dca50813e9 Update keyfiles
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
2017-10-06 14:04:02 +01:00
Hanno Becker 9c22f5904a Add RSA key generation commands to test Makefile
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
2017-10-06 14:03:53 +01:00
Hanno Becker 570238e008 Fix typo in pkparse.c 2017-10-06 14:03:45 +01:00
Hanno Becker 0642ed4e45 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-10-06 14:03:24 +01:00
Hanno Becker ffa7a33ee4 Adapt ChangeLog 2017-10-05 09:08:06 +01:00
Hanno Becker cdba5cdcb9 Improve output on bad cmd line args in programs/x509/cert_write 2017-10-04 14:54:17 +01:00
Hanno Becker bc7cbbacd8 Use X509 CRT version macros for version checks in x509write_crt_der 2017-10-04 14:52:21 +01:00
Hanno Becker 37de7755fb Fix error code printing in cert_write
Error codes can consume up to two bytes, but only one was printed so far.
2017-10-04 14:52:13 +01:00
Hanno Becker 54d6c5bea2 Use X509 CRT version macros in cert_write program 2017-10-04 14:51:55 +01:00
Hanno Becker 4f4864a245 Fix senseless comment 2017-10-04 14:51:47 +01:00
Hanno Becker 7de3ff36df Minor style and typo corrections 2017-10-04 14:51:32 +01:00
Hanno Becker 2b6c3f655a Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-10-04 14:36:38 +01:00
Hanno Becker 781af0d60c Extend cert_write example program by multiple cmd line options
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
2017-10-04 14:35:34 +01:00
Hanno Becker c4cd8c64cd Don't add extensions for X.509 non-v3 certificates
This commit removes extension-writing code for X.509 non-v3 certificates from
mbedtls_x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
2017-10-04 14:34:14 +01:00
Hanno Becker e3af3afd5a Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-10-04 14:34:02 +01:00
Hanno Becker 0ca15967d1 Don't allocate space for DTLS header if DTLS is disabled 2017-10-04 14:15:53 +01:00
Hanno Becker 6e052b0fbe Improve debugging output 2017-10-04 14:15:53 +01:00
Hanno Becker fbaeea4693 Adapt ChangeLog 2017-10-04 14:15:53 +01:00
Hanno Becker 0983dc49d6 Add run-time check for handshake message size in ssl_write_record 2017-10-04 14:15:30 +01:00
Hanno Becker aede183630 Add run-time check for record content size in ssl_encrypt_buf 2017-10-04 14:15:30 +01:00
Hanno Becker 6499bedfa8 Add compile-time checks for size of record content and payload 2017-10-04 14:15:30 +01:00
Simon Butcher 5d39aceb04 Fix changelog for ssl_server2.c usage fix 2017-10-02 19:17:57 +01:00