Commit Graph

5109 Commits

Author SHA1 Message Date
Janos Follath
50d83c123d Add Changelog entry 2017-03-15 13:45:36 +00:00
Janos Follath
8937986d4d Update version features with ECP macros 2017-03-15 13:44:26 +00:00
Janos Follath
cb7a19cb20 Remove obsolote ECP abstraction macros
Some macros have been removed from the Elliptic Curve Point abstraction
layer, and they shouldn't have remained in the check_config.h
2017-03-15 13:44:26 +00:00
Janos Follath
d26f07ea85 Apply review feedback on ECP interface
Naming conventions are revised, style issues corrected and minor
optimisation added.
2017-03-15 13:44:26 +00:00
Janos Follath
466d207c95 Update ECP hardware abstraction interface
With this commit the Elliptic Curve Point interface is rewised. Two
compile time options has been removed to simplify the interface and
the function names got a new prefix that indicates that these functions
are for internal use and not part of the public interface.
2017-03-15 13:44:26 +00:00
Janos Follath
cc393a237b Adjust documentation to new ECP function names. 2017-03-15 13:44:26 +00:00
Janos Follath
b9dbff7260 Add thread safety to ECP hardware acceleration
The intended use of the abstraction layer for Elliptic Curve Point
arithmetic is to enable using hardware cryptographic accelerators.
These devices are a shared resource and the driver code rarely provides
thread safety.

This commit adds mutexes to the abstraction layer to protect the device
in a multi-threaded environment.
2017-03-15 13:44:26 +00:00
Janos Follath
46315740b8 Add global mutex for asymmetric crypto accelerator
The primary use case behind providing an abstraction layer to enable
alternative Elliptic Curve Point arithmetic implementation, is making
use of cryptographic acceleration hardware if it is present.

To provide thread safety for the hardware accelerator we need a mutex
to guard it.
2017-03-15 13:44:26 +00:00
Janos Follath
3234681a82 Fix alternative ECP function names
The alternative Elliptic Curve Point arithmetic functions didn't have
an 'mbedtls_' prefix as required by check-names.sh.
2017-03-15 13:44:26 +00:00
Janos Follath
63f7cf5e35 Fix ECP alternative macro names
The compile time macros enabling the initialisation and deinitialisation
in the alternative Elliptic Curve Point arithmetic implementation had
names that did not end with '_ALT' as required by check-names.sh.
2017-03-15 13:44:26 +00:00
Janos Follath
58cf392bd4 Remove alt_internal directory 2017-03-15 13:44:26 +00:00
Janos Follath
61ea6ecfe8 Clean up ECP abstraction layer code
This commit fixes several style issues and fixes in the documentation
of the Elliptic Curve Point arithmetic abstraction layer.
2017-03-15 13:44:26 +00:00
Janos Follath
4ced7c2506 ECP: Add module and function level replacement options. 2017-03-15 13:44:26 +00:00
Simon Butcher
b65c2be5f1 Updated version number to 2.4.2 for release 2017-03-10 18:50:44 +00:00
Simon Butcher
f8c45eb61a Merge branch 'development' 2017-03-10 18:45:21 +00:00
Simon Butcher
81cf88f6d7 Added missing credit to ChangeLog for #555 2017-03-07 19:35:49 +00:00
Simon Butcher
8b987500f2 Corrected attibution in Changelog 2017-03-07 12:37:14 +00:00
Andres AG
d1cc7f6f34 Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 21:34:21 +00:00
Andres AG
99acfc4521 Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 16:01:08 +00:00
Andres AG
b5ba28cbea Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 15:26:09 +00:00
Ron Eldor
12e0b800da Fix resource leak when using mutex and ssl_cookie
When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by
initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it.
Raised and fix suggested by lan Gillingham in the mbed TLS forum
Tracked in #771
2017-03-02 12:26:11 +00:00
Simon Butcher
28d9fe031d Fix mistake in ChangeLog from file merge 2017-03-02 12:05:54 +00:00
Ron Eldor
04965edaa8 Fix resource leak when using mutex and ssl_cookie
When using ssl_cookie with MBEDTLS_THREADING_C, fix a resource leak caused by
initiating a mutex in mbedtls_ssl_cookie_free instead of freeing it.
Raised and fix suggested by lan Gillingham in the mbed TLS forum
Tracked in #771
2017-03-02 11:58:15 +00:00
Simon Butcher
956c58ffa9 Add fix and credit for #742 to the ChangeLog 2017-03-02 09:20:53 +00:00
Simon Butcher
065cede476 Add fix and credit for #742 to the ChangeLog 2017-03-02 09:18:09 +00:00
Andres AG
429aaee671 Remove use of inttypes.h in MSVC from ssl_server2
The sample application programs/ssl/ssl_server2.c was previously
modifies to use inttypes.h to parse a string to a 64-bit integer.
However, MSVC does not support C99, so compilation fails. This
patch modifies the sample app to use the MSVC specific parsing
functions instead of inttypes.h.
2017-03-02 00:09:55 +00:00
Simon Butcher
24ce844530 Update of the Visual Studio files
Contains additional project file, ecdh_curve25519.vcxproj, as well as fix
for intermediate files causing the warning MSB8028 with Visual Studio 2015.
2017-03-02 00:09:55 +00:00
Simon Butcher
cde009101b Fix Visual Studio template files
Adds interim directories to the Visual Studio project files to avoid warning
MSB8028 in Visual Studio 2015, where shared directories of intermediate files
between project files generate the warning.
2017-03-02 00:09:55 +00:00
Andres AG
0b736db0f3 Remove use of inttypes.h in MSVC from ssl_server2
The sample application programs/ssl/ssl_server2.c was previously
modifies to use inttypes.h to parse a string to a 64-bit integer.
However, MSVC does not support C99, so compilation fails. This
patch modifies the sample app to use the MSVC specific parsing
functions instead of inttypes.h.
2017-03-01 23:24:35 +00:00
Simon Butcher
6406e81832 Update of the Visual Studio files
Contains additional project file, ecdh_curve25519.vcxproj, as well as fix
for intermediate files causing the warning MSB8028 with Visual Studio 2015.
2017-03-01 22:32:44 +00:00
Simon Butcher
08902ed671 Fix Visual Studio template files
Adds interim directories to the Visual Studio project files to avoid warning
MSB8028 in Visual Studio 2015, where shared directories of intermediate files
between project files generate the warning.
2017-03-01 22:32:28 +00:00
Ron Eldor
f3870f72b6 fix for issue 1101: missing rsa context initialization
added mbedtls_rsa_init in rsa_decrypt sample application
2017-03-01 08:09:57 +00:00
Ron Eldor
dbe8316e23 fix for issue 1101: missing rsa context initialization
added mbedtls_rsa_init in rsa_decrypt sample application
2017-03-01 07:56:40 +00:00
Paul Bakker
719aa8bb37 Fix default hostname for verification used in ssl_client1 2017-02-28 23:19:06 +00:00
Paul Bakker
2382816a84 Fix default hostname for verification used in ssl_client1 2017-02-28 22:23:41 +00:00
Simon Butcher
71e9d58dc2 Clarify ChangeLog for #569 2017-02-28 18:47:27 +00:00
Janos Follath
7dadc2f259 ECP: Prevent freeing a buffer on stack
The function ecp_mod_koblitz computed the space for the result of a
multiplication optimally for that specific case, but unfortunately
the function mbedtls_mpi_mul_mpi performs a generic, suboptimal
calculation and needs one more limb for the result. Since the result's
buffer is on the stack, the best case scenario is that the program
stops.

This only happened on 64 bit platforms.

Fixes #569
2017-02-28 18:41:39 +00:00
Janos Follath
28fff14113 Add invalid key tests for curve SECP224K1
This curve has special arithmetic on 64 bit platforms and an untested
path lead to trying to free a buffer on the stack.

For the sake of completeness, a test case for a point with non-affine
coordinates has been added as well.
2017-02-28 18:41:39 +00:00
Simon Butcher
d02dc14c94 Fix credit in ChangeLog for #722 2017-02-28 16:36:22 +00:00
Andres AG
5708dcb368 Fix memory leak in mbedtls_x509_crl_parse()
The memory leak call was caused by missing calls to mbedtls_pem_free()
when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was
encountered.
2017-02-28 14:51:31 +00:00
Janos Follath
87c980749d Fix buffer overread in mbedtls_x509_get_time()
A heap overread might happen when parsing malformed certificates.
Reported by Peng Li and Yueh-Hsun Lin.

Refactoring the parsing fixes the problem. This commit applies the
relevant part of the OpenVPN contribution applied to mbed TLS 1.3
in commit 17da9dd829.
2017-02-28 14:23:12 +00:00
Janos Follath
ea7054a00c Add unit tests for X509 certificate date parsing 2017-02-28 14:23:12 +00:00
Janos Follath
f3ebf909c9 Merge branch 'development' into development-restricted 2017-02-28 09:16:40 +00:00
Jaakko Korhonen
aca11a071d Fixed typo in ssl.h 2017-02-28 08:58:02 +00:00
Simon Butcher
b3fd4d35d2 Merge remote-tracking branch 'restricted/porting-readme'
Modifies the main mbed TLS README.md to include some porting information. The
new information simply refers the users to existing knowledge base articles that
contain relevant information.
2017-02-27 23:13:44 +00:00
Simon Butcher
fc794ff2b7 Merge branch 'iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 19:06:05 +00:00
Simon Butcher
0278a38f10 Merge branch 'iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:16:02 +00:00
Simon Butcher
9cfdf2caa7 Merge branch 'development-restricted' 2017-02-15 23:55:22 +02:00
Simon Butcher
0621b1fbb0 Add detail to ChangeLog for SLOTH fix 2017-02-15 23:31:07 +02:00
Simon Butcher
a29c5e9e66 Add comment to integer overflow fix in base64.c
Adds clarifying comment to the integer overflow fix in base64.c
2017-02-15 23:31:07 +02:00