Commit Graph

896 Commits

Author SHA1 Message Date
Andres AG
fbd1cd9d57 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 17:45:29 +01:00
Simon Butcher
73b94e3512 Added credit to Changelog for X.509 DER bounds fix 2016-10-11 16:53:10 +01:00
Andres AG
effb5582dd Add test for bounds in X509 DER write funcs 2016-10-11 16:52:06 +01:00
Andres AG
8aa301ba31 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 16:52:06 +01:00
Simon Butcher
4bbd8e1ad8 Revise Changelog to clarify and add credit 2016-10-11 10:42:05 +01:00
Simon Butcher
17cbca370f Update Changelog for fixes to X.509 sample apps 2016-10-11 10:40:43 +01:00
Simon Butcher
b89a653005 Update Changelog for fix #559 2016-10-11 10:40:42 +01:00
Janos Follath
433d4c84b3 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-11 10:40:42 +01:00
Simon Butcher
4ed1c00f10 Update Changelog for fixes to X.509 sample apps 2016-10-10 09:45:30 +01:00
Simon Butcher
c1e1f1cfdd Update Changelog for fix #559 2016-10-07 14:17:28 +01:00
Simon Butcher
75dea20fee Update for ChangeLog for fixes for cert_app 2016-09-26 20:51:34 +01:00
Andres AG
8df1bee06f Add ChangeLog entry for unchecked calls fix 2016-09-05 14:10:45 +01:00
Simon Butcher
541a960bee Update to ChangeLog for bug #428 2016-09-05 13:12:24 +03:00
Simon Butcher
532b217002 Update ChangeLog for fix to crypt_and_hash #441 2016-09-02 22:10:39 +01:00
Janos Follath
7b26865529 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-07-14 13:19:46 +01:00
Simon Butcher
c38aa616a0 Update ChangeLog for Release 2016-06-27 19:49:04 +01:00
Simon Butcher
88aa189415 Merge branch 'mbedtls-2.1' into mbedtls-2.1 2016-06-27 01:16:16 +01:00
Janos Follath
83f26052bf Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:50:15 +01:00
Janos Follath
6200b50518 Extended ChangeLog entry 2016-05-18 19:36:02 +01:00
Janos Follath
d5770a1d78 Add Changelog entry for current branch 2016-05-18 19:33:39 +01:00
Janos Follath
9ccbd6313f Add Changelog entry for current branch 2016-05-18 19:30:09 +01:00
Janos Follath
ea6cbb957c Add Changelog entry for current branch 2016-05-18 19:30:09 +01:00
Simon Butcher
d58d715680 Update ChangeLog for bug #429 in ssl_fork_server 2016-04-29 00:15:34 +01:00
Janos Follath
e9d5510f05 Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:55:32 +01:00
Janos Follath
689a627215 Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:20:59 +01:00
Simon Butcher
0705dd0588 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-19 09:19:46 +01:00
Janos Follath
1a59a504e7 Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:19:21 +01:00
Janos Follath
16734f011b x509: trailing bytes in DER: fix bug
Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. #377
2016-03-15 23:47:36 +00:00
Manuel Pégourié-Gonnard
7715e669f1 Avoid build errors with -O0 due to assembly 2016-01-08 14:52:55 +01:00
Manuel Pégourié-Gonnard
bb81b4a009 Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-08 14:52:14 +01:00
Manuel Pégourié-Gonnard
96ec00dd3a Update ChangeLog for latest PR merged
fixes #309
2016-01-08 14:51:51 +01:00
Manuel Pégourié-Gonnard
ddf118961a Update reference to attack in ChangeLog
We couldn't do that before the attack was public
2016-01-08 14:46:44 +01:00
Simon Butcher
543e4366bc Change version number to 2.1.4
Changed version for library files and yotta module
2016-01-04 22:41:11 +00:00
Manuel Pégourié-Gonnard
ff0a22bd9b Tune description of a change/bugfix in ChangeLog 2016-01-04 17:39:38 +01:00
Simon Butcher
28b35c02f7 Merge branch 'mbedtls-2.1'
Merge of fix for memory leak in RSA-SSA signing - #372
2016-01-01 23:37:07 +00:00
Simon Butcher
318daf0c7e Fix for memory leak in RSA-SSA signing
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2016-01-01 23:15:10 +00:00
Simon Butcher
976794a212 Merge remote-tracking branch 'origin/mbedtls-2.1' into HEAD 2015-12-31 23:42:54 +00:00
Simon Butcher
8360433788 Merge branch 'iotssl-541-2.1-pathlen-bugfix' 2015-12-31 23:21:52 +00:00
Simon Butcher
59d2218f63 Clarification in ChangeLog 2015-12-23 18:53:21 +00:00
Simon Butcher
aa4114910a Merge 'iotssl-558-2.1-md5-tls-sigs-restricted' 2015-12-23 18:52:18 +00:00
Simon Butcher
35ea92dbc6 Merge 'iotssl-566-2.1-double-free-restricted'
Merge remote-tracking branch
'restricted/iotssl-566-2.1-double-free-restricted' into mbedtls-2.1
2015-12-23 16:49:46 +00:00
Simon Butcher
2bc3897a53 Typo in ChangeLog 2015-12-22 19:38:55 +00:00
Simon Butcher
e82ac57ef6 Merge remote-tracking branch 'origin/misc-2.1' into mbedtls-2.1 2015-12-22 19:36:17 +00:00
Simon Butcher
e103aa8a53 Added description of change to the Changelog
Also clarified some comments following review.
2015-12-16 01:51:01 +00:00
Manuel Pégourié-Gonnard
9055c1a011 Fix wrong length limit in GCM
See for example page 8 of
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

The previous constant probably came from a typo as it was 2^26 - 2^5 instead
of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
2^32 as the ull suffix and cast to uint64_t show.

fixes #362
2015-12-10 15:08:37 +01:00
Manuel Pégourié-Gonnard
3e60d2a458 Fix potential double free in cert writing code
In case an entry with the given OID already exists in the list passed to
mbedtls_asn1_store_named_data() and there is not enough memory to allocate
room for the new value, the existing entry will be freed but the preceding
entry in the list will sill hold a pointer to it. (And the following entries
in the list are no longer reachable.) This results in memory leak or a double
free.

The issue is we want to leave the list in a consistent state on allocation
failure. (We could add a warning that the list is left in inconsistent state
when the function returns NULL, but behaviour changes that require more care
from the user are undesirable, especially in a stable branch.)

The chosen solution is a bit inefficient in that there is a time where both
blocks are allocated, but at least it's safe and this should trump efficiency
here: this code is only used for generating certificates, which is unlikely to
be done on very constrained devices, or to be in the critical loop of
anything. Also, the sizes involved should be fairly small anyway.

fixes #367
2015-12-10 11:24:35 +01:00
Manuel Pégourié-Gonnard
2bbfee3cbc Add credits to ChangeLog 2015-12-08 16:14:30 +01:00
Manuel Pégourié-Gonnard
b39528e2e8 Disable MD5 in handshake signatures by default 2015-12-04 15:13:36 +01:00
Manuel Pégourié-Gonnard
d847f1f46a Fix ChangeLog 2015-11-19 12:17:17 +01:00
Manuel Pégourié-Gonnard
b030c33e57 Fix bug checking pathlen on first intermediate
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.

The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)

fixes #280
2015-11-19 11:26:52 +01:00
Simon Butcher
ef43d41f67 Changed version number to 2.1.3
Changed for library
2015-11-04 22:08:33 +00:00
Simon Butcher
b2d2fec5a4 Corrected typo in ChangeLog 2015-11-03 23:12:36 +00:00
Manuel Pégourié-Gonnard
0d66bb959f Fix potential buffer overflow in asn1write 2015-11-02 10:42:44 +09:00
Manuel Pégourié-Gonnard
9dc66f4b2f Fix potential heap corruption on Windows
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-11-02 10:41:13 +09:00
Manuel Pégourié-Gonnard
ffb8180733 Fix potential double-free in ssl_conf_psk() 2015-11-02 10:40:14 +09:00
Manuel Pégourié-Gonnard
1cf8851a77 Add ChangeLog entry for ASN.1 DER boolean fix 2015-11-02 06:00:38 +09:00
Manuel Pégourié-Gonnard
621f83e5c5 Fix typo in an OID name
fixes #314
2015-11-02 05:58:10 +09:00
Manuel Pégourié-Gonnard
7a40dc686f Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-11-02 05:57:49 +09:00
Manuel Pégourié-Gonnard
e55448a50f Add Changelog entries for max_pathlen fixes 2015-11-02 05:56:57 +09:00
Manuel Pégourié-Gonnard
8f115968da Pick up ChangeLog fixes from development 2015-10-28 13:55:28 +01:00
Manuel Pégourié-Gonnard
93080dfacf Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard
722da74cfc Fix attribution in ChangeLog 2015-10-28 13:20:16 +01:00
Manuel Pégourié-Gonnard
a314076486 Fix handling of non-fatal alerts
fixes #308
2015-10-28 13:19:55 +01:00
Manuel Pégourié-Gonnard
f9945bc283 Fix #ifdef inconsistency
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.

Conflicts:
	ChangeLog
2015-10-28 13:16:33 +01:00
Manuel Pégourié-Gonnard
1cb668cf0f ECHDE-PSK does not use a certificate
fixes #270
2015-10-28 13:15:12 +01:00
Manuel Pégourié-Gonnard
5ce77da2b3 Mention performance fix in ChangeLog 2015-10-27 10:35:02 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
ca056c7748 Fix CVE number in ChangeLog 2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
899ac849d0 Merge branch 'development' into development-restricted
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
0431735299 Fix compile error in net.c with musl libc
fixes #278
2015-10-05 12:17:49 +01:00
Simon Butcher
475cf0a98a Merge fix of IOTSSL-496 - Potential heap overflow
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard
0223ab9d38 Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher
fec73a8eec Merge of fix for IOTSSL-481 - Double free
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher
c48b66bfb6 Changed attribution for Guido Vranken 2015-10-05 10:18:17 +01:00
Simon Butcher
6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Simon Butcher
a45aa1399b Merge of IOTSSL-476 - Random malloc in pem_read() 2015-10-05 00:26:36 +01:00
Simon Butcher
e7f96f22ee Merge fix IOTSSL-475 Potential buffer overflow
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
Simon Butcher
d5ba4672b2 Merge fix for IOTSSL-474 PKCS12 Overflow
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
Simon Butcher
5b8d1d65f7 Fix for IOTSSL-473 Double free error
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard
ef388f168d Merge branch 'development' into development-restricted
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
bc1babb387 Fix potential overflow in CertificateRequest 2015-10-02 11:20:28 +02:00
Simon Butcher
54eec9d1dd Merge pull request #301 from Tilka/typo
Fix a fairly common typo in comments
2015-10-01 02:07:24 +01:00
Simon Butcher
a12e3c00bf Updated ChangeLog with credit 2015-10-01 01:59:33 +01:00
Manuel Pégourié-Gonnard
0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher
5624ec824e Reordered TLS extension fields in client
Session ticket placed at end
2015-09-29 01:06:06 +01:00
Simon Butcher
04799a4274 Fixed copy and paste error
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Manuel Pégourié-Gonnard
d02a1daca7 Fix stack buffer overflow in pkcs12 2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard
24417f06fe Fix potential double-free in mbedtls_ssl_conf_psk() 2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard
58fb49531d Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-28 15:59:54 +02:00
Tillmann Karras
588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Simon Butcher
8f98842e38 Refined credits in ChangeLog for fuzzing issue
Changed GDS to Gotham Digital Science
2015-09-22 10:10:36 +01:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher
ac58c53ab1 Merge remote-tracking branch 'origin/development' 2015-09-16 23:25:25 +01:00
Simon Butcher
7dd82f8fd5 Merge branch 'development' with bugfix branch
Conflicts:
	ChangeLog
2015-09-16 16:21:38 +01:00
Simon Butcher
5793e7ef01 Merge 'development' into iotssl-411-port-reuse
Conflicts:
	ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
f7022d1131 Fix bug in server parsing point formats extension
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Simon Butcher
a1a1128f7d Updated ChangeLog for fix #275 2015-09-14 21:30:40 +01:00
Simon Butcher
d69f14bed8 Updated Changelog for new version 2015-09-11 20:00:20 +01:00