Commit Graph

694 Commits

Author SHA1 Message Date
Simon Butcher
60371454bd Merge branch for fix for #502 - Unchecked calls 2016-10-14 01:10:02 +01:00
Janos Follath
30b273c78e Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 14:34:35 +01:00
Janos Follath
ae01c3cc62 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-10-13 14:26:57 +01:00
Simon Butcher
c9b564e64c Update Changelog for fix #559 2016-10-13 14:24:03 +01:00
Simon Butcher
394d65d1bb Update for ChangeLog for fixes for cert_app 2016-10-13 14:23:57 +01:00
Simon Butcher
c112d21076 Update to ChangeLog for bug #428 2016-10-13 14:23:46 +01:00
Simon Butcher
cb60bfb52d Update ChangeLog for fix to crypt_and_hash #441 2016-10-13 14:23:15 +01:00
Janos Follath
24f4d7f95e X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-10-13 14:21:24 +01:00
Andres AG
a16d684df3 Add test for bounds in X509 DER write funcs 2016-10-13 14:20:22 +01:00
Andres AG
0c12bd69f5 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-13 14:20:14 +01:00
Janos Follath
441d6f9833 Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 14:14:16 +01:00
Simon Butcher
1227d7cdf1 Added credit to Changelog for fix #558 2016-10-13 12:54:33 +01:00
Janos Follath
bfcd032f9d Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 12:54:33 +01:00
Simon Butcher
e337ee647f Clarified Changelog for fix #602 2016-10-13 12:54:32 +01:00
Andres AG
6ad5d9450a Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-13 12:54:32 +01:00
Simon Butcher
6b8d9cffc2 Updated Changelog for fix #599 2016-10-13 12:54:32 +01:00
Andres AG
57e6e8fbb7 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 12:54:32 +01:00
Andres AG
f527609849 Add test for bounds in X509 DER write funcs 2016-10-13 12:45:08 +01:00
Simon Butcher
1e5de32473 Update Changelog for fix #559 2016-10-13 12:45:07 +01:00
Andres AG
372bf79d67 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-13 12:45:07 +01:00
Simon Butcher
80d191bbe9 Update for ChangeLog for fixes for cert_app 2016-10-13 12:44:20 +01:00
Simon Butcher
2491fa2f2e Update to ChangeLog for bug #428 2016-10-13 12:44:20 +01:00
Simon Butcher
6f3c9cc8b7 Update ChangeLog for fix to crypt_and_hash #441 2016-10-13 12:44:20 +01:00
Janos Follath
af1e74be70 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-10-13 12:44:19 +01:00
Janos Follath
17da9dd829 Add option for relaxed X509 time verification.
The certificates are not valid according to the RFC, but are in wide
distribution across the internet. Hence the request to add a
compile-time flag to accept these certificates if wanted by the
application.

If POLARSSL_RELAXED_X509_DATE is enabled it will allow dates without
seconds, and allow dates with timezones (but doesn't actually use
the timezone).

Patch provided by OpenVPN.
2016-09-30 09:04:18 +01:00
Andres AG
d1ebdf56be Add ChangeLog entry for unchecked calls fix 2016-09-05 14:14:54 +01:00
Simon Butcher
f6d2b6fb19 Update to ChangeLog for bug #428 2016-09-05 15:15:31 +03:00
Simon Butcher
2af8b0dcb4 Update ChangeLog for fix to crypt_and_hash #441 2016-09-03 12:41:09 +01:00
Janos Follath
8a8445415f X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-07-14 14:08:53 +01:00
Simon Butcher
2d01f2d4c5 Update Changelog for release 2016-06-27 20:00:26 +01:00
Simon Butcher
fd349bcb8e Merge branch 'mbedtls-1.3' into mbedtls-1.3 2016-06-27 01:29:03 +01:00
Janos Follath
307e181cfa Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 18:52:14 +01:00
Simon Butcher
959d4328c1 Fix ChangeLog for backport of IOTSSL-621 2016-05-18 20:08:16 +01:00
Janos Follath
af1836e1cf Add Changelog entry for current branch 2016-05-18 20:07:27 +01:00
Simon Butcher
49ed628ede Fix ChangeLog after merging fix for IOTSSL-628 2016-05-18 20:07:27 +01:00
Janos Follath
f383363d43 Extended ChangeLog entry 2016-05-18 20:01:46 +01:00
Janos Follath
c70515d455 Add Changelog entry for current branch 2016-05-18 20:00:19 +01:00
Simon Butcher
f31d9676d1 Fix ChangeLog for backport of IOTSSL-621 2016-05-18 19:58:41 +01:00
Janos Follath
21ca00243c Add Changelog entry for current branch 2016-05-18 19:58:41 +01:00
Simon Butcher
2d49c4d2f6 Fix ChangeLog after merging fix for IOTSSL-628 2016-05-18 19:58:41 +01:00
Janos Follath
7295c189ee Extended ChangeLog entry 2016-05-18 19:58:41 +01:00
Janos Follath
574b118bf8 Add Changelog entry for current branch 2016-05-18 19:58:40 +01:00
Janos Follath
a1ebe662f3 Add Changelog entry for current branch 2016-05-18 19:58:40 +01:00
Janos Follath
4e03439e6a Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:59:00 +01:00
Janos Follath
7ddc2cdfce Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:28:24 +01:00
Janos Follath
d61fc6881a Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:42:17 +01:00
Janos Follath
4dfecabb97 Update default configuration
Change the default settings for SSL and modify the tests accordingly.
2016-03-14 13:40:43 +00:00
Manuel Pégourié-Gonnard
54f2c490ed Avoid build errors with -O0 due to assembly 2016-01-08 15:30:03 +01:00
Manuel Pégourié-Gonnard
20715dc73b Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-08 15:28:40 +01:00
Manuel Pégourié-Gonnard
40510a3a79 Update ChangeLog for latest PR merged
fixes #309
2016-01-08 15:22:41 +01:00