Commit Graph

3470 Commits

Author SHA1 Message Date
Hanno Becker
be812f68c5 Add build and ssl-opt.sh run for SSL_DISABLE_RENEGOTIATION to all.sh 2017-10-25 09:51:30 +01:00
Hanno Becker
e8f3d933e9 Add dep'n on !DISABLE_RENEGOTIATION to renego tests in ssl-opt.sh 2017-10-25 09:51:13 +01:00
Hanno Becker
bfd0991daa Fix handling of HS msgs in ssl_read if renegotiation unused
Previously, if `POLARSSL_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `ssl_read` (expecting application data) lead to the connection being
closed. This commit fixes this, restricting the
`POLARSSL_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.
2017-10-25 09:34:48 +01:00
Hanno Becker
268191a305 Swap branches accepting/refusing renegotiation in in ssl_read 2017-10-25 09:33:22 +01:00
Andres Amaya Garcia
75ea35eac8 Fix typo in asn1.h 2017-10-12 22:43:16 +01:00
Andres Amaya Garcia
8a6ba0b495 Improve leap year test names in x509parse.data 2017-10-12 21:18:21 +01:00
Andres AG
7c02d13746 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:08:46 +01:00
Janos Follath
ea111c5501 Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 14:06:40 +01:00
Ron Eldor
4491a791be Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 14:06:26 +01:00
Andres Amaya Garcia
10345fbe2a Add ChangeLog entry 2017-10-07 22:24:07 +01:00
Andres Amaya Garcia
cf428733b8 Fix coding style in x509_parse_int() 2017-10-07 22:22:26 +01:00
Andres Amaya Garcia
876214cd9d Change param type for x509_parse_int() to fix warn 2017-10-07 22:22:15 +01:00
Andres Amaya Garcia
8388be3ec7 Add brackets around net.c macro arguments 2017-10-07 22:22:04 +01:00
Andres Amaya Garcia
86f76ea25c Add brackets around function macro arguments 2017-10-07 22:21:54 +01:00
Andres Amaya Garcia
a4d1857003 Fix type in net.c comment 2017-10-07 22:21:46 +01:00
Andres Amaya Garcia
6e5e9aaf7f Fix MSVC warning in net.c
The warning was caused because in MSVC some of the function parameters
for the socket APIs are int while the fields in struct addrinfo are
size_t e.g. possible data loss.
2017-10-07 22:21:38 +01:00
Andres Amaya Garcia
2d0a5840fe Fix MSVC warning in sample programs
The warning was caused because of conversions from size_t to int, which
can cause data loss. The files affected are:
* ssl_client2.c
* ssl_server2.c
* ssl_mail_client.c
2017-10-07 22:21:29 +01:00
Simon Butcher
7d661f83e1 Fix changelog for ssl_server2.c usage fix 2017-10-02 19:22:17 +01:00
Ron Eldor
4ca4fd774d Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-02 19:22:04 +01:00
Hanno Becker
ce2c02cca2 Enhance documentation of ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure

Also, adapt ChangeLog.
2017-10-01 00:00:56 +01:00
Hanno Becker
b9ac47c371 Make ssl_set_hostname safe to be called multiple times
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-09-30 23:58:45 +01:00
Ron Eldor
a1af31e14a Fix typo in configs/README.txt file
Fix typo in Readme file: ajust->adjust
2017-09-30 21:56:38 +01:00
Simon Butcher
a75a459143 Removed duplication in Changelog 2017-08-10 23:38:10 +01:00
Simon Butcher
03bd0229ab Update version to 1.3.21 2017-08-10 11:52:14 +01:00
Simon Butcher
9ee5910f65 Fix language in Changelog for clarity 2017-08-10 10:49:32 +01:00
Hanno Becker
1af21bfa38 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- rsa_pkcs1_decrypt
- rsa_rsaes_pkcs1_v15_decrypt
- rsa_rsaes_oaep_decrypt
2017-08-01 23:05:31 +01:00
Hanno Becker
e7f5abc111 Adapt ChangeLog 2017-07-28 22:08:29 +01:00
Hanno Becker
ab3fbc2146 Rename time and index parameter to avoid name conflict.
As noted in #557, several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.

This commit renames the arguments accordingly.
2017-07-28 22:08:16 +01:00
Hanno Becker
dcbb0246f9 Correct comments 2017-07-28 22:04:08 +01:00
Hanno Becker
56fa40f4f5 Adapt ChangeLog 2017-07-28 22:02:58 +01:00
Hanno Becker
e6ee6383a9 Reliably zeroize sensitive data in AES sample application
The AES sample application programs/aes/aescrypt2 could miss zeroizing
the stack-based key buffer in case of an error during operation. This
commit fixes this and also clears another temporary buffer as well as
all command line arguments (one of which might be the key) before exit.
2017-07-28 21:58:47 +01:00
Hanno Becker
8188d392af Reliably zeroize sensitive data in Crypt-and-Hash sample application
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 21:58:31 +01:00
Simon Butcher
e513cf7f26 Remove the check in ssl-opt.sh for MAX_INTERMEDIATE_CA
The check uses grep, not config.pl, on the x509 headers - not where it should
be configured - config.h. grep syntax isn't very portable. Without config.pl
it's quite hard to do this check properly so removing this check.
2017-07-28 13:16:50 +01:00
Simon Butcher
4c338d539a Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 13:16:50 +01:00
Ron Eldor
b34be244e6 Backport 1.3: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 13:16:50 +01:00
Hanno Becker
88252333e2 Fix typo 2017-07-28 13:15:57 +01:00
Hanno Becker
63ee8c1b73 Check threshold for POLARSSL_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that POLARSSL_X509_MAX_INTERMEDIATE_CA is below
the hardcoded threshold 20 used in the long certificate chain generating
script tests/data_files/dir-max/long.sh. This commit adds a compile-time
check for that.
2017-07-28 13:15:57 +01:00
Hanno Becker
806c680eba Improve Readme for long test certificate chains 2017-07-28 13:15:57 +01:00
Hanno Becker
5a0ea97cfb Check value of POLARSSL_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
POLARSSL_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit
adds a check before conducting the respective tests.
2017-07-28 13:15:57 +01:00
Hanno Becker
2625f4aa93 Correct indentation and labelling in ChangeLog 2017-07-28 13:15:57 +01:00
Janos Follath
5308f47038 Fix implementation-defined integer conversion
"When an integer is demoted to a signed integer with smaller size, or an
unsigned integer is converted to its corresponding signed integer, if
the value cannot be represented the result is implementation-defined."
2017-07-28 13:15:57 +01:00
Janos Follath
1fbc5fb027 Fix typos 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
33e8d34e95 Fix filtering bug in ssl-opt.sh
If the first test to be run according to -e and -f options is just after a
test that would have been skipped due to a require_xxx instruction, then it
would be incorrectly skipped.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
cfea3ebd01 Update doc of return value of verify() 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
e23f7b312d Make test script more portable
seq isn't POSIX and isn't present by default on BSDs
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
77644f2815 Improve comments 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
df745670e1 Add ChangeLog entry for the security issue 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
a68d591176 Add SSL tests for long cert chains 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
d0e755716f Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
8af7bfa982 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-28 13:15:57 +01:00