Commit Graph

3314 Commits

Author SHA1 Message Date
Jaeden Amero
76fda568b7 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  Changelog entry for HAVEGE fix
  Prevent building the HAVEGE module on platforms where it doesn't work
  Fix misuse of signed ints in the HAVEGE module
2019-07-09 13:23:42 +01:00
Gilles Peskine
d1800a76a9 Prevent building the HAVEGE module on platforms where it doesn't work
If int is not capable of storing as many values as unsigned, the code
may generate a trap value. If signed int and unsigned int aren't
32-bit types, the code may calculate meaningless values.
2019-07-05 11:33:10 +02:00
Gilles Peskine
8850e2e367 Fix misuse of signed ints in the HAVEGE module
The elements of the HAVEGE state are manipulated with bitwise
operations, with the expectations that the elements are 32-bit
unsigned integers (or larger). But they are declared as int, and so
the code has undefined behavior. Clang with Asan correctly points out
some shifts that reach the sign bit.

Use unsigned int internally. This is technically an aliasing violation
since we're accessing an array of `int` via a pointer to `unsigned
int`, but since we don't access the array directly inside the same
function, it's very unlikely to be compiled in an unintended manner.
2019-07-05 11:31:50 +02:00
Jaeden Amero
1e61b0fb3f Merge remote-tracking branch 'restricted/pr/581' into mbedtls-2.7-restricted
* restricted/pr/581:
  Remove unnecessary empty line
  Add a test for signing content with a long ECDSA key
  Add documentation notes about the required size of the signature buffers
  Add missing MBEDTLS_ECP_C dependencies in check_config.h
  Change size of preallocated buffer for pk_sign() calls
2019-06-24 11:40:49 +01:00
Jaeden Amero
0b2035794f Merge remote-tracking branch 'origin/pr/2713' into mbedtls-2.7
* origin/pr/2713:
  programs: Make `make clean` clean all programs always
  ssl_tls: Enable Suite B with subset of ECP curves
  windows: Fix Release x64 configuration
  timing: Remove redundant include file
  net_sockets: Fix typo in net_would_block()
2019-06-21 15:58:02 +01:00
Jaeden Amero
0cf1776a2d Merge remote-tracking branch 'origin/pr/2451' into mbedtls-2.7
* origin/pr/2451:
  Fix #2370, minor typos and spelling mistakes
2019-06-21 15:55:21 +01:00
Jaeden Amero
ba59f6b38e ssl_tls: Enable Suite B with subset of ECP curves
Make sure the code compiles even if some curves are not defined.

Fixes #1591
2019-06-20 16:30:36 +01:00
Jaeden Amero
548ba2e190 timing: Remove redundant include file
There is no need to include winbase.h, as it will be pulled in by
windows.h as needed.

Fixes #2640
2019-06-20 16:28:10 +01:00
Jaeden Amero
1529ede823 net_sockets: Fix typo in net_would_block()
Fixes #528
2019-06-20 16:28:10 +01:00
Jaeden Amero
35a7e4675f Merge remote-tracking branch 'origin/pr/2688' into mbedtls-2.7
* origin/pr/2688:
  Update library version to 2.7.11
2019-06-18 14:22:59 +01:00
k-stachowiak
dff85e7e8a Remove unnecessary empty line 2019-06-13 11:54:49 +02:00
Jaeden Amero
6794f68d29 Update library version to 2.7.11 2019-06-11 17:31:57 +01:00
k-stachowiak
b50c39ca4a Change size of preallocated buffer for pk_sign() calls 2019-06-06 13:06:46 +02:00
Hanno Becker
c24e019513 Improve documentation of mbedtls_x509_get_ext()
- Explain the use of explicit ASN.1 tagging for the extensions structuree
- Remove misleading comment which suggests that mbedtls_x509_get_ext()
  also parsed the header of the first extension, which is not the case.
2019-06-04 14:03:27 +01:00
Hanno Becker
19557c2078 Always return a high-level error code from X.509 module
Some functions within the X.509 module return an ASN.1 low level
error code where instead this error code should be wrapped by a
high-level X.509 error code as in the bulk of the module.

Specifically, the following functions are affected:
- mbedtls_x509_get_ext()
- x509_get_version()
- x509_get_uid()

This commit modifies these functions to always return an
X.509 high level error code.

Care has to be taken when adapting `mbetls_x509_get_ext()`:
Currently, the callers `mbedtls_x509_crt_ext()` treat the
return code `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG` specially to
gracefully detect and continue if the extension structure is not
present. Wrapping the ASN.1 error with
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and adapting the check
accordingly would mean that an unexpected tag somewhere
down the extension parsing would be ignored by the caller.

The way out of this is the following: Luckily, the extension
structure is always the last field in the surrounding structure,
so if there is some data remaining, it must be an Extension
structure, so we don't need to deal with a tag mismatch gracefully
in the first place.

We may therefore wrap the return code from the initial call to
`mbedtls_asn1_get_tag()` in `mbedtls_x509_get_ext()` by
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and simply remove
the special treatment of `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG`
in the callers `x509_crl_get_ext()` and `x509_crt_get_ext()`.

This renders `mbedtls_x509_get_ext()` unsuitable if it ever
happened that an Extension structure is optional and does not
occur at the end of its surrounding structure, but for CRTs
and CRLs, it's fine.

The following tests need to be adapted:
- "TBSCertificate v3, issuerID wrong tag"
  The issuerID is optional, so if we look for its presence
  but find a different tag, we silently continue and try
  parsing the subjectID, and then the extensions. The tag '00'
  used in this test doesn't match either of these, and the
  previous code would hence return LENGTH_MISMATCH after
  unsucessfully trying issuerID, subjectID and Extensions.
  With the new code, any data remaining after issuerID and
  subjectID _must_ be Extension data, so we fail with
  UNEXPECTED_TAG when trying to parse the Extension data.
- "TBSCertificate v3, UIDs, invalid length"
  The test hardcodes the expectation of
  MBEDTLS_ERR_ASN1_INVALID_LENGTH, which needs to be
  wrapped in MBEDTLS_ERR_X509_INVALID_FORMAT now.

Fixes #2431.
2019-06-04 14:03:27 +01:00
Hanno Becker
1de13dbc49 Obey bounds of ASN.1 substructures
When parsing a substructure of an ASN.1 structure, no field within
the substructure must exceed the bounds of the substructure.
Concretely, the `end` pointer passed to the ASN.1 parsing routines
must be updated to point to the end of the substructure while parsing
the latter.

This was previously not the case for the routines
- x509_get_attr_type_and_value(),
- mbedtls_x509_get_crt_ext(),
- mbedtls_x509_get_crl_ext().
These functions kept using the end of the parent structure as the
`end` pointer and would hence allow substructure fields to cross
the substructure boundary. This could lead to successful parsing
of ill-formed X.509 CRTs.

This commit fixes this.

Care has to be taken when adapting `mbedtls_x509_get_crt_ext()`
and `mbedtls_x509_get_crl_ext()`, as the underlying function
`mbedtls_x509_get_ext()` returns `0` if no extensions are present
but doesn't set the variable which holds the bounds of the Extensions
structure in case the latter is present. This commit addresses
this by returning early from `mbedtls_x509_get_crt_ext()` and
`mbedtls_x509_get_crl_ext()` if parsing has reached the end of
the input buffer.

The following X.509 parsing tests need to be adapted:
- "TBSCertificate, issuer two inner set datas"
  This test exercises the X.509 CRT parser with a Subject name
  which has two empty `AttributeTypeAndValue` structures.
  This is supposed to fail with `MBEDTLS_ERR_ASN1_OUT_OF_DATA`
  because the parser should attempt to parse the first structure
  and fail because of a lack of data. Previously, it failed to
  obey the (0-length) bounds of the first AttributeTypeAndValue
  structure and would try to interpret the beginning of the second
  AttributeTypeAndValue structure as the first field of the first
  AttributeTypeAndValue structure, returning an UNEXPECTED_TAG error.
- "TBSCertificate, issuer, no full following string"
  This test exercises the parser's behaviour on an AttributeTypeAndValue
  structure which contains more data than expected; it should therefore
  fail with MBEDTLS_ERR_ASN1_LENGTH_MISMATCH. Because of the missing bounds
  check, it previously failed with UNEXPECTED_TAG because it interpreted
  the remaining byte in the first AttributeTypeAndValue structure as the
  first byte in the second AttributeTypeAndValue structure.
- "SubjectAltName repeated"
  This test should exercise two SubjectAltNames extensions in succession,
  but a wrong length values makes the second SubjectAltNames extension appear
  outside of the Extensions structure. With the new bounds in place, this
  therefore fails with a LENGTH_MISMATCH error. This commit adapts the test
  data to put the 2nd SubjectAltNames extension inside the Extensions
  structure, too.
2019-06-04 14:03:27 +01:00
Jaeden Amero
99b679f364 Merge remote-tracking branch 'origin/pr/2504' into mbedtls-2.7
* origin/pr/2504:
  Fix ChangeLog entry ordering
  Fix typo
  Add non-regression test for buffer overflow
  Improve documentation of mbedtls_mpi_write_string()
  Adapt ChangeLog
  Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
2019-04-05 14:09:25 +01:00
Jaeden Amero
415255f4a0 Merge remote-tracking branch 'origin/pr/2513' into mbedtls-2.7
* origin/pr/2513:
  x509.c: Fix potential memory leak in X.509 self test
2019-04-05 13:48:19 +01:00
Jaeden Amero
a5f5ad3cf4 Merge remote-tracking branch 'restricted/pr/554' into mbedtls-2.7
* restricted/pr/554:
  Fix too small buffer in a test
  Add changelog entry for mbedtls_ecdh_get_params robustness
  Fix ecdh_get_params with mismatching group
  Add test case for ecdh_get_params with mismatching group
  Add test case for ecdh_calc_secret
2019-03-27 14:53:29 +00:00
Jaeden Amero
1beeeff394 Merge remote-tracking branch 'origin/pr/2527' into mbedtls-2.7
* origin/pr/2527:
  Update library version to 2.7.10
2019-03-26 14:53:56 +00:00
Jaeden Amero
b4686b4f32 Update library version to 2.7.10 2019-03-19 16:18:43 +00:00
Junhwan Park
e5d016356a x509.c: Fix potential memory leak in X.509 self test
Found and fixed by Junhwan Park in #2106.

Signed-off-by: Junhwan Park <semoking@naver.com>
2019-03-11 15:17:27 +02:00
Janos Follath
216e7385ef Fix typo 2019-03-06 14:00:44 +00:00
Hanno Becker
a277d4cc82 Improve documentation of mbedtls_mpi_write_string() 2019-03-06 14:00:33 +00:00
Hanno Becker
eff335d575 Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
This can only occur for negative numbers. Fixes #2404.
2019-03-06 13:56:31 +00:00
Jaeden Amero
3a70ab9319 Merge remote-tracking branch 'origin/pr/2390' into mbedtls-2.7
* origin/pr/2390:
  Correct length check for DTLS records from old epochs.
2019-03-05 16:38:00 +00:00
Jaeden Amero
f921e8fa9f Merge remote-tracking branch 'origin/pr/2387' into mbedtls-2.7
* origin/pr/2387:
  Update change log
  all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
  Fix DEADCODE in mbedtls_mpi_exp_mod()
2019-03-05 16:34:12 +00:00
Jaeden Amero
a47f32b9b9 Merge remote-tracking branch 'origin/pr/1976' into mbedtls-2.7
* origin/pr/1976:
  Move ChangeLog entry from Bugfix to Changes section
  Adapt ChangeLog
  Return from debugging functions if SSL context is unset
2019-03-05 16:28:59 +00:00
Jaeden Amero
6ee6f181ff Merge remote-tracking branch 'origin/pr/2435' into mbedtls-2.7
* origin/pr/2435:
  Use certificates from data_files and refer them
  Specify server certificate to use in SHA-1 test
  refactor CA and SRV certificates into separate blocks
  refactor SHA-1 certificate defintions and assignment
  refactor server SHA-1 certificate definition into a new block
  define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
  server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
  add entry to ChangeLog
2019-03-05 16:25:53 +00:00
Simon Butcher
fb85576f05 Merge remote-tracking branch 'restricted/pr/529' into mbedtls-2.7
* restricted/pr/529:
  Fix order of sections in the ChangeLog
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
2019-03-03 10:08:12 +00:00
Gilles Peskine
f58078c7c5 Fix ecdh_get_params with mismatching group
If mbedtls_ecdh_get_params is called with keys belonging to
different groups, make it return an error the second time, rather than
silently interpret the first key as being on the second curve.

This makes the non-regression test added by the previous commit pass.
2019-02-21 18:17:05 +01:00
Antonin Décimo
8fd9156a4a Fix #2370, minor typos and spelling mistakes 2019-02-18 15:57:54 +00:00
Ron Eldor
de0c841b94 Use certificates from data_files and refer them
Use the server certificate from `data_files` folder, for formality,
and refer to the source, for easier reproduction.
2019-02-13 16:00:07 +02:00
Andres Amaya Garcia
21ade06ef8 Reduce priority of 3DES ciphersuites 2019-02-13 09:52:46 +00:00
ILUXONCHIK
be3d1ee4ac refactor CA and SRV certificates into separate blocks 2019-02-12 15:38:22 +02:00
ILUXONCHIK
231385568e refactor SHA-1 certificate defintions and assignment
As per refactoring suggestion that I made in #1520.
2019-02-12 15:38:12 +02:00
ILUXONCHIK
62f9aec184 refactor server SHA-1 certificate definition into a new block 2019-02-12 15:38:03 +02:00
ILUXONCHIK
e3be6723b0 define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME 2019-02-12 15:37:48 +02:00
ILUXONCHIK
4d8325eceb server SHA-256 certificate now follows the same logic as CA SHA-256 certificate 2019-02-12 15:37:39 +02:00
Andres Amaya Garcia
04ee5e0bbd Fix ASN1 bitstring writing
Refactor the function mbedtls_asn1_write_bitstring() that removes
trailing 0s at the end of DER encoded bitstrings. The function is
implemented according to Hanno Becker's suggestions.

This commit also changes the functions x509write_crt_set_ns_cert_type
and crt_set_key_usage to call the new function as the use named
bitstrings instead of the regular bitstrings.
2019-02-11 21:10:48 +00:00
Peter Kolbus
f5d153daf0 Fix DEADCODE in mbedtls_mpi_exp_mod()
In mbedtls_mpi_exp_mod(), the limit check on wsize is never true when
MBEDTLS_MPI_WINDOW_SIZE is at least 6. Wrap in a preprocessor guard
to remove the dead code and resolve a Coverity finding from the
DEADCODE checker.

Change-Id: Ice7739031a9e8249283a04de11150565b613ae89
2019-02-05 16:42:27 +01:00
Jaeden Amero
bdc807dbe8 Merge remote-tracking branch 'origin/pr/2343' into mbedtls-2.7 2019-01-30 15:45:15 +00:00
Jaeden Amero
9033e541a6 Merge remote-tracking branch 'origin/pr/2234' into mbedtls-2.7 2019-01-30 15:29:00 +00:00
Hanno Becker
a34cc6b1c6 Correct length check for DTLS records from old epochs.
DTLS records from previous epochs were incorrectly checked against the
current epoch transform's minimal content length, leading to the
rejection of entire datagrams. This commit fixed that and adapts two
test cases accordingly.

Internal reference: IOTSSL-1417
2019-01-30 15:07:09 +01:00
Simon Butcher
d09324ac58 Merge remote-tracking branch 'public/pr/2264' into mbedtls-2.7 2019-01-23 10:58:08 +01:00
Simon Butcher
c5b6c2f877 Merge remote-tracking branch 'public/pr/2296' into mbedtls-2.7 2019-01-23 09:51:48 +01:00
Gilles Peskine
4e7b323fd8 Use CMAKE_BUILD_TYPE to do Asan builds
Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting
`-fsanitize=address`. This lets cmake determine the necessary compiler
and linker flags.

With UNSAFE_BUILD on, force -Wno-error. This is necessary to build
with MBEDTLS_TEST_NULL_ENTROPY.
2019-01-10 18:28:17 +01:00
Simon Butcher
b22a808cc6 Update the version of the library to 2.7.9 2018-12-21 10:52:37 +00:00
Ron Eldor
c7aac417f2 Return error code of underlying function.
Return the error code if failed, instead of returning value `1`.
If not failed, return the call of the underlying function,
in `mbedtls_ecdsa_genkey()`.
2018-12-17 10:22:19 +02:00
Jaeden Amero
b85e35d8d2 Merge remote-tracking branch 'upstream-public/pr/2102' into mbedtls-2.7 2018-12-07 16:15:46 +00:00