Commit Graph

5173 Commits

Author SHA1 Message Date
Simon Butcher
246bf6932d Fix duplication in Changelog introduced by merge 2017-07-28 13:08:07 +01:00
Simon Butcher
266f3446b7 Remove the check in ssl-opt.sh for MAX_INTERMEDIATE_CA
The check uses grep, not config.pl, on the x509 headers - not where it should
be configured - config.h. grep syntax isn't very portable. Without config.pl
it's quite hard to do this check properly so removing this check.
2017-07-28 13:02:33 +01:00
Simon Butcher
d4d70c4985 Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 12:27:54 +01:00
Ron Eldor
b5851193eb Backport 2.1: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 12:21:38 +01:00
Hanno Becker
eeb1350073 Fix typo 2017-07-28 12:20:48 +01:00
Hanno Becker
88c6f726c5 Check threshold for MBEDTLS_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA is below the
hardcoded threshold 20 used in the long certificate chain generating script
tests/data_files/dir-max/long.sh. This commit adds a compile-time check for
that.
2017-07-28 12:20:48 +01:00
Hanno Becker
323a2227ee Improve Readme for long test certificate chains 2017-07-28 12:20:48 +01:00
Hanno Becker
81cc8f668b Check value of MBEDTLS_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
MBEDTLS_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit adds a check
before conducting the respective tests.
2017-07-28 12:20:48 +01:00
Hanno Becker
58897fbd7d Correct indentation and labelling in ChangeLog 2017-07-28 12:20:48 +01:00
Janos Follath
4721831ffb Fix typos 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
f2269b0579 Update doc of return value of verify() 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
71103cbcbb Make test script more portable
seq isn't POSIX and isn't present by default on BSDs
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
cdb4dc9393 Improve comments 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
83765655dd Add ChangeLog entry for the security issue 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
591035d0b4 Add SSL tests for long cert chains 2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
c386317298 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
489939f829 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-28 12:20:47 +01:00
Manuel Pégourié-Gonnard
4770dbc913 Add test for limit on intermediate certificates
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-28 12:19:49 +01:00
Andres AG
ad6cf99d6d Add CRT DER tests with incorrect version 2017-07-26 18:01:54 +01:00
Andres AG
9674a628e5 Add CRL DER tests with incorrect version 2017-07-26 18:01:43 +01:00
Andres AG
7ebf632b3e Add CSR DER tests with incorrect version 2017-07-26 18:01:32 +01:00
Andres AG
b322be507b Prevent signed integer overflow in CSR parsing
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-26 17:59:20 +01:00
Andres AG
1f06d9bac7 Fix potential integer overflow parsing DER CRT
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-26 17:57:43 +01:00
Andres AG
0ff660e0a6 Fix potential integer overflow parsing DER CRL
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-26 17:56:42 +01:00
Ron Eldor
a886ce3c88 Backport 2.1: Check rc of mbedtls_mpi_fill_random
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-20 01:25:53 +02:00
Ron Eldor
0fb3e0afb9 Backport: Resource leak fix on windows platform
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-20 01:05:47 +02:00
Ron Eldor
ee709f4d13 Backport 2.1: Wrong preproccessor condition fix
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-20 00:47:20 +02:00
Ron Eldor
5ff277ee1e Backport 2.1: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:30:44 +02:00
Ron Eldor
a905bdc999 Minor: Fix typo in program comments
Fix a typos in some reference program applications
2017-07-19 23:39:59 +02:00
Hanno Becker
cea8b53680 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-19 01:49:45 +01:00
Andres Amaya Garcia
246b1634ff Zeroize buf if mbedtls_base64_decode() fails 2017-07-12 11:10:46 +01:00
Andres Amaya Garcia
11d2db1701 Improve ChangeLog entry 2017-07-12 11:10:46 +01:00
Andres Amaya Garcia
bab1edc721 Zeroize tmp buffer in entropy_update() 2017-07-12 11:10:46 +01:00
Andres Amaya Garcia
55a5235ea1 Add ChangeLog entry for buf zeroize 2017-07-12 11:10:46 +01:00
Andres Amaya Garcia
3d23146f62 Set len var to 0 when buf is freed in ssl_tls.c 2017-07-11 17:31:02 +01:00
Andres Amaya Garcia
c17cc44ed9 Zeroize tmp buf in ctr_drbg_write_seed_file() 2017-07-11 17:31:02 +01:00
Andres Amaya Garcia
4f02a7bd6a Zeroize heap buf on failure in pem.c 2017-07-11 17:31:02 +01:00
Andres Amaya Garcia
1b7d6f8c03 Zeroize old psk buf when changing value in ssl_tls 2017-07-11 17:31:02 +01:00
Andres Amaya Garcia
64f0e09316 Zeroize tmp buf in mbedtls_mpi_fill_random() 2017-07-11 17:30:57 +01:00
Andres Amaya Garcia
e0a727ec4e Zeroize tmp bufs in ctr_drbg.c functions 2017-07-11 17:22:11 +01:00
Andres Amaya Garcia
e7c839bf02 Zeroize return buf on failure in pkparse.c 2017-07-11 17:22:08 +01:00
Andres Amaya Garcia
f113161192 Zeroize tmp bufs in hmac_drbg.c functions 2017-07-11 17:22:03 +01:00
Andres Amaya Garcia
81284add2e Zeroize tmp bufs in entropy.c functions 2017-07-11 17:21:12 +01:00
Andres Amaya Garcia
2390c2ad9e Zeroize tmp buf in mbedtls_md_file() md.c 2017-07-11 17:19:30 +01:00
Andres Amaya Garcia
ea0fad4327 Zeroize tmp buf on fail in load_file() dhm.c 2017-07-11 17:19:25 +01:00
Andres Amaya Garcia
ead11ca1d6 Remove malloc references in mbedtls/scripts 2017-07-06 10:53:21 +01:00
Hanno Becker
c26741f8ca Prevent bounds check bypass through overflow in PSK identity parsing
The check `if( *p + n > end )` in `ssl_parse_client_psk_identity` is
unsafe because `*p + n` might overflow, thus bypassing the check. As
`n` is a user-specified value up to 65K, this is relevant if the
library happens to be located in the last 65K of virtual memory.

This commit replaces the check by a safe version.
2017-06-26 14:10:13 +01:00
Hanno Becker
f2e16336d5 Prevent clever optimization to prematurely quit loop in safe memcmp
The previous version of `mbedtls_ssl_safer_memcmp` did not qualify the
pointers to the arrays to be compared as volatile, theoretically
opening the possibility for the compiler to notice that the loop
operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This
commit changes this. It also declares the stack variable `diff` as
volatile, to force read and write in every loop; omitting that, the
compiler would still be allowed to get away with reading `A[i]` and
`B[i]` but not doing the XOR and not updating `diff`.
2017-06-26 13:35:45 +01:00
Simon Butcher
fbb9837ad5 Update the version number to 2.1.8 2017-06-20 23:31:06 +01:00
Hanno Becker
499391a02d Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-06-20 19:33:51 +01:00