Commit Graph

4506 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
66fc07362e Fix typo in an OID name
fixes #314
2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
bc5e508855 Fix other int casts in bounds checking
Not a security issue as here we know the buffer is large enough (unless
something else if badly wrong in the code), and the value cast to int is less
than 2^16 (again, unless issues elsewhere).

Still changing to a more correct check as a matter of principle
2015-10-21 12:51:16 +02:00
Manuel Pégourié-Gonnard
4dc9b394d3 Fix other occurrences of same bounds check issue
Security impact is the same: not triggerrable remotely except in very specific
use cases
2015-10-21 12:50:45 +02:00
Manuel Pégourié-Gonnard
22c3b7b9da Fix potential buffer overflow in asn1write 2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard
261faed725 Fix potential heap corruption on Windows
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard
cdea97c1c3 Remove useless code
closes #321
2015-10-20 20:06:36 +02:00
Manuel Pégourié-Gonnard
173c790722 Fix potential double-free in ssl_conf_psk() 2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard
c8cd2c6577 Small fix to 'make test' script
When the tests fail they don't display the number of skipped and run test
2015-10-20 17:01:10 +02:00
Manuel Pégourié-Gonnard
8a7a189220 Fix curves.pl for ECJPAKE disabled by default 2015-10-20 16:56:12 +02:00
Manuel Pégourié-Gonnard
4b20c0ee53 Fix potential stack buffer overflow in ecjpake
Two causes:
- the buffer is too short (missing 4 bytes for encoding id_len)
- the test was wrong

Would only happen when MBEDTLS_ECP_MAX_BITS == the bitsize of the curve
actually used (does not happen in the default config).

Could not be triggered remotely.
2015-10-20 16:20:56 +02:00
Manuel Pégourié-Gonnard
12ca6f5b9c Update ssl-opt.sh for EC J-PAKE disabled by default 2015-10-20 15:24:51 +02:00
Manuel Pégourié-Gonnard
1ef96c2231 Update ChangeLog for the EC J-PAKE branch 2015-10-20 15:04:57 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard
cf82893411 Disable EC J-PAKE by default (experimental) 2015-10-20 14:57:00 +02:00
Manuel Pégourié-Gonnard
3e5b5f192e Tune up config-thread.h a bit more 2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
ca700b2371 Add config-thread.h to test-ref-configs.pl 2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
eb47b870b1 Rework test-ref-configs.pl to also use ssl-opt.sh 2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
b6fe70b928 Tune up the Thread mini config 2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
b4d9d360e0 Bump yotta dependencies version 2015-10-20 09:56:34 +02:00
Manuel Pégourié-Gonnard
db90c82eb7 Fix typo in documentation 2015-10-20 09:36:39 +02:00
Simon Butcher
e3132a9e5a Corrected misleading fn description in ssl_cache.h
Mistake in comments spotted by Andris Mednis
2015-10-19 19:28:41 +01:00
Manuel Pégourié-Gonnard
5674a9797a Fix compilers warnings in reduced configs 2015-10-19 15:14:03 +02:00
Manuel Pégourié-Gonnard
9f52cac4bc Rename config-ecjpake to thread and minify it
- in the future thread might need more than just EC J-PAKE
- use the same format as the other mini configurations (no doxygen doc, only
  showing what is enabled)
2015-10-19 14:06:07 +02:00
Manuel Pégourié-Gonnard
024b6df3b1 Improve key export API and documentation
- "master secret" is the usual name
- move key block arg closer to the related lengths
- document lengths

Also fix some trailing whitespace while at it
2015-10-19 13:52:53 +02:00
Manuel Pégourié-Gonnard
b7da194939 ecjpake: fix uninitialize member 2015-10-19 13:35:22 +02:00
Simon Butcher
334a87be0b Corrected URL/reference to MPI library 2015-10-14 22:56:44 +01:00
Jonathan Leroy
00ee6eee54
Test certificate "Server1 SHA1, key_usage" reissued. 2015-10-14 13:15:22 +02:00
Jonathan Leroy
87c96c2e53
Fix boolean values according to DER specs
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.

This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.

With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).

Fixes #318.
2015-10-14 09:41:56 +02:00
Janos Follath
5dd4fe1b30 Fixed pathlen contraint enforcement. 2015-10-12 09:02:20 +02:00
Janos Follath
ef4f2588f3 Additional corner cases for testing pathlen constrains. Just in case. 2015-10-11 16:17:27 +02:00
Janos Follath
822b2c33b9 Added test case for pathlen constrains in intermediate certificates 2015-10-11 10:39:15 +02:00
Jonathan Leroy
bbc75d9791
cert_write : fix "Destination buffer is too small" error
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.

I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...

Fixes #315.
2015-10-10 21:58:07 +02:00
Jonathan Leroy
81962c36e3
Fix help message for cert_req/cert_write programs
In cert_req and cert_write programs, "key_certificate_sign" is not an
allowed velue for "key_usage" parameter. The correct value is
"key_cert_sign".

See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208
and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323.
2015-10-10 21:42:29 +02:00
Manuel Pégourié-Gonnard
d97f899f99 Merge pull request #313 from bogdanm/development
Fix yotta dependencies
2015-10-09 15:27:36 +01:00
Bogdan Marinescu
63666ef1b7 Fix yotta dependencies
Recent changes in various repositories broke the build of the yotta
module again :( This change fixes the build. Build tested with
frdm-k64f-gcc. I didn't update the yotta version number because I
don't know what is your policy with regards to version changes.
2015-10-09 17:07:00 +03:00
Manuel Pégourié-Gonnard
4104864e54 ECHDE-PSK does not use a certificate
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
adeb7d8ec9 Move all KEY_EXCHANGE__ definitions in one place 2015-10-09 14:44:47 +01:00
Manuel Pégourié-Gonnard
3eb8c34e6a Add example program for Curve25519
Getting a lot of questions about how to use it. This will hopefully get people
started.
2015-10-09 12:13:29 +01:00
Manuel Pégourié-Gonnard
262c137d8c Merge pull request #311 from jcowgill/spelling-fix
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-09 09:38:52 +01:00
James Cowgill
07a92d720a Fix minor spelling mistake in programs/pkey/gen_key.c 2015-10-09 00:28:14 +01:00
Robert Cragie
dd0e9a8456 Minimal config file for ECJPAKE 2015-10-08 17:24:08 +01:00
Robert Cragie
4d284d271b Added feature MBEDTLS_SSL_EXPORT_KEYS 2015-10-08 16:56:26 +01:00
Robert Cragie
4289c0d1fa Typo in parameter name 2015-10-06 17:20:41 +01:00
Robert Cragie
ae8535db38 Changed defs. back to MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 2015-10-06 17:11:18 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
ca056c7748 Fix CVE number in ChangeLog 2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard
c80a74f734 Merge branch 'development' into development-restricted
* development:
  Add 'inline' workaround where needed
2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard
2ac9c60838 Add 'inline' workaround where needed
Was previously using the workaround from md.h
2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00