Commit Graph

2457 Commits

Author SHA1 Message Date
Gilles Peskine
36816929e5 Timing self test: shorten redundant tests
We don't need to test multiple delays in a self-test.
Save 5s of busy-wait.
2017-12-20 22:32:47 +01:00
Gilles Peskine
d39496233b Timing self test: increased duration
Increase the duration of the self test, otherwise it tends to fail on
a busy machine even with the recently upped tolerance. But run the
loop only once, it's enough for a simple smoke test.
2017-12-20 21:58:25 +01:00
Gilles Peskine
e2bf3b802a Timing self test: increased tolerance
mbedtls_timing_self_test fails annoyingly often when running on a busy
machine such as can be expected of a continous integration system.
Increase the tolerances in the delay test, to reduce the chance of
failures that are only due to missing a deadline on a busy machine.
2017-12-20 21:58:25 +01:00
Gilles Peskine
105e6bcb7d Timing self test: print some diagnosis information
Print some not-very-nice-looking but helpful diagnosis information if
the timing selftest fails. Since the failures tend to be due to heavy
system load that's hard to reproduce, this information is necessary to
understand what's going on.
2017-12-20 19:33:55 +01:00
Gilles Peskine
b29e70bb01 mbedtls_timing_get_timer: don't use uninitialized memory
mbedtls_timing_get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.

As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
2017-12-20 19:33:48 +01:00
Gilles Peskine
3099b43c6b Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
The POSIX/Unix implementation of mbedtls_set_alarm did not set the
mbedtls_timing_alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
2017-12-20 19:33:38 +01:00
Manuel Pégourié-Gonnard
227692a6b1 Merge remote-tracking branch 'public/pr/1160' into mbedtls-2.1
* public/pr/1160:
  Address PR review comments
  Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:42:29 +01:00
Manuel Pégourié-Gonnard
d1ededf4a3 Merge remote-tracking branch 'public/pr/1187' into mbedtls-2.1
* public/pr/1187:
  Fix build error with gcc -Werror=misleading-indentation
2017-12-18 11:46:10 +01:00
Manuel Pégourié-Gonnard
912e4471bb Merge remote-tracking branch 'public/pr/1185' into mbedtls-2.1
* public/pr/1185:
  Fix build without MBEDTLS_FS_IO
2017-12-18 11:44:07 +01:00
Gilles Peskine
a15486a35f Merge branch 'pr_1044' into mbedtls-2.1 2017-12-04 17:29:28 +01:00
Gilles Peskine
4b36dfb820 Merge remote-tracking branch 'upstream-public/pr/1174' into mbedtls-2.1 2017-12-04 17:20:45 +01:00
Gilles Peskine
14ab4cff9f Fix build error with gcc -Werror=misleading-indentation
Fix misleading indentation. This was just bad indentation, the
behavior was correct. It was detected by gcc 6.
2017-12-01 11:45:21 +01:00
Gilles Peskine
6ddfa37084 Fix build without MBEDTLS_FS_IO
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by d08ae68237
    Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1
2017-11-30 12:20:19 +01:00
Gilles Peskine
49349bacb9 Merge remote-tracking branch 'upstream-public/pr/1153' into mbedtls-2.1 2017-11-29 20:53:58 +01:00
Gilles Peskine
f663c22ab7 Merge remote-tracking branch 'upstream-public/pr/916' into mbedtls-2.1 2017-11-29 20:53:44 +01:00
Gilles Peskine
25aa833ac3 Merge branch 'pr_1082' into mbedtls-2.1 2017-11-28 18:33:50 +01:00
Gilles Peskine
283a80d51f Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1 2017-11-28 18:31:28 +01:00
Gilles Peskine
a6f6947490 Merge remote-tracking branch 'upstream-public/pr/943' into mbedtls-2.1 2017-11-28 18:28:39 +01:00
Gilles Peskine
d08ae68237 Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1 2017-11-24 15:37:29 +01:00
Gilles Peskine
7aa24190b4 Merge remote-tracking branch 'upstream-public/pr/1107' into mbedtls-2.1 2017-11-23 20:09:48 +01:00
Darryl Green
1b052e80aa Add checks for private parameter in mbedtls_ecdsa_sign() 2017-11-20 17:11:17 +00:00
Manuel Pégourié-Gonnard
ea0aa655f6 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  Fix typo in asn1.h
  Improve leap year test names in x509parse.data
  Correctly handle leap year in x509_date_is_valid()
  Renegotiation: Add tests for SigAlg ext parsing
  Parse Signature Algorithm ext when renegotiating
  Fix changelog for ssl_server2.c usage fix
  Fix ssl_server2 sample application prompt
  Update ChangeLog for fix to #836
  Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
  Enhance documentation of mbedtls_ssl_set_hostname
  Add test case calling ssl_set_hostname twice
  Make mbedtls_ssl_set_hostname safe to be called multiple times
  Fix typo in configs/README.txt file
2017-11-14 08:38:52 +01:00
Ron Eldor
be17ed59d6 Address PR review comments
set `cache->chain` to NULL,
instead of setting the whole structure to zero.
2017-10-30 18:11:38 +02:00
Ron Eldor
5bd272627b Backport 2.1:Fix crash when calling mbedtls_ssl_cache_free twice
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-30 18:09:40 +02:00
Hanno Becker
3cd07be889 Fix handling of HS msgs in mbedtls_ssl_read if renegotiation unused
Previously, if `MBEDTLS_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `mbedtls_ssl_read` (expecting application data) lead to the
connection being closed. This commit fixes this, restricting the
`MBEDTLS_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.
2017-10-24 11:49:19 +01:00
Hanno Becker
e454d73cc0 Swap branches accepting/refusing renegotiation in in ssl_read 2017-10-24 11:47:37 +01:00
Florin
a360411e4f Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-19 15:44:37 +01:00
Hanno Becker
e298c8b46c Correct typo 2017-10-19 15:44:37 +01:00
Andres Amaya Garcia
bc041130b0 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:03:01 +01:00
Ron Eldor
bac9d4d90f Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 13:58:08 +01:00
Hanno Becker
59ce0a7635 Improve documentation in pkparse.c
State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for
zeroizing and freeing the provided key buffer.
2017-10-06 14:09:47 +01:00
Hanno Becker
0c104b19e4 Fix typo 2017-10-06 14:05:23 +01:00
Hanno Becker
570238e008 Fix typo in pkparse.c 2017-10-06 14:03:45 +01:00
Hanno Becker
bc7cbbacd8 Use X509 CRT version macros for version checks in x509write_crt_der 2017-10-04 14:52:21 +01:00
Hanno Becker
7de3ff36df Minor style and typo corrections 2017-10-04 14:51:32 +01:00
Hanno Becker
c4cd8c64cd Don't add extensions for X.509 non-v3 certificates
This commit removes extension-writing code for X.509 non-v3 certificates from
mbedtls_x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
2017-10-04 14:34:14 +01:00
Hanno Becker
e3af3afd5a Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-10-04 14:34:02 +01:00
Hanno Becker
c7845e51f3 Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:49:01 +01:00
Hanno Becker
593b0d33f6 Make mbedtls_ssl_set_hostname safe to be called multiple times
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-09-30 23:47:34 +01:00
Hanno Becker
69f00bfbe1 Correct parsing checks in mbedtls_pk_parse_key
Two code-paths in `mbedtls_pk_parse_key` returned success on a failure in `mbedtls_pk_setup`.
2017-09-28 16:26:19 +01:00
Hanno Becker
da8e163020 Remove unreachable branches in pkparse.c 2017-09-28 15:54:21 +01:00
Hanno Becker
e5d5b9098a Mention in-place decryption in pk_parse_key_pkcs8_encrypted_der
Also fixes a typo.
2017-09-28 15:54:11 +01:00
Hanno Becker
ff532958bf Remove unnecessary cast 2017-09-28 15:53:48 +01:00
Hanno Becker
a1d5856c25 Add missing calls to mbedtls_pem_free in mbedtls_pk_parse 2017-09-28 15:52:38 +01:00
Hanno Becker
9f2b60bc83 Use in-place decryption in pk_parse_pkcs8_encrypted_der
The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.

This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.

There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key.
   This does not need adaption since the PEM context used to hold the decoded
   key is already constructed and owned by mbedtls_pk_parse_key.
2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key.
   In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with
   the buffer provided by the user, which is declared const. The commit
   therefore adds a small code paths making a copy of the keybuffer before
   calling pk_parse_pkcs8_encrypted_der.
2017-09-28 15:52:27 +01:00
Hanno Becker
f581e11881 Fix extraction of signature-type from PK context instance 2017-09-28 14:32:27 +01:00
Andres Amaya Garcia
1042d8637c Dont send alert on invalid DTLS record type
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-15 10:57:29 +01:00
Hanno Becker
66580d284d Add internal macro ENTROPY_HAVE_STRONG indicating strong entropy
This commit adds the macro ENTROPY_HAVE_STRONG to the helper test file tests/suites/helpers.function to be able to make
tests depend on the presence of strong entropy.
2017-09-08 10:13:59 +01:00
Simon Butcher
1fe5e8ab44 Update version number to 2.1.9 2017-08-10 11:51:47 +01:00
Andres Amaya Garcia
93a8789b62 Change PK module preprocessor check on word size
There were preprocessor directives in pk.c and pk_wrap.c that cheked
whether the bit length of size_t was greater than that of unsigned int.
However, the check relied on the MBEDTLS_HAVE_INT64 macro being defined
which is not directly related to size_t. This might result in errors in
some platforms. This change modifies the check to use the macros
SIZE_MAX and UINT_MAX instead making the code more robust.
2017-08-04 13:43:07 +01:00