Commit Graph

1829 Commits

Author SHA1 Message Date
Andres AG
d3cbc15951 Fix buffer overreads in mbedtls_pem_read_buffer() 2016-11-21 11:25:17 +00:00
Simon Butcher
c1d54bb7b2 Update library version to 1.3.18 2016-10-17 23:40:14 +01:00
Simon Butcher
2d0ffbbdc7 Fix integration of bugfix for #626
Adds check for validity of date in x509_get_time() back in, as it was
lost in the merge.
2016-10-17 22:41:54 +01:00
Simon Butcher
2261f198ee Merge branch 'mbedtls-1.3' 2016-10-17 16:09:06 +01:00
Simon Butcher
149950d876 Added checks for POLARSSL_SSL_CLI_C
Added additional POLARSSL_SSL_CLI_C preprocessor conditions to suppress warnings on
server only builds.
2016-10-15 22:35:06 +01:00
Simon Butcher
60371454bd Merge branch for fix for #502 - Unchecked calls 2016-10-14 01:10:02 +01:00
Simon Butcher
8a1a91f3da Update features list 2016-10-13 22:11:15 +01:00
Andres AG
0da3e44fea Add check for validity of date in x509_get_time() 2016-10-13 17:00:01 +01:00
Andres AG
67ae0b9839 Fix sig->tag update in mbedtls_x509_get_sig() 2016-10-13 15:33:07 +01:00
Janos Follath
441d6f9833 Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 14:14:16 +01:00
Janos Follath
bfcd032f9d Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 12:54:33 +01:00
Andres AG
6ad5d9450a Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-13 12:54:32 +01:00
Andres AG
57e6e8fbb7 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 12:54:32 +01:00
Andres AG
372bf79d67 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-13 12:45:07 +01:00
Simon Butcher
7458bc39ae Fix guards in SSL for ECDH key exchanges 2016-10-13 12:44:20 +01:00
Janos Follath
af1e74be70 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-10-13 12:44:19 +01:00
Janos Follath
3072458ec3 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 09:27:18 +01:00
Andres AG
cdbcd2012d Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:56:03 +01:00
Andres AG
15fdb7f9ff Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 18:28:03 +01:00
Janos Follath
17da9dd829 Add option for relaxed X509 time verification.
The certificates are not valid according to the RFC, but are in wide
distribution across the internet. Hence the request to add a
compile-time flag to accept these certificates if wanted by the
application.

If POLARSSL_RELAXED_X509_DATE is enabled it will allow dates without
seconds, and allow dates with timezones (but doesn't actually use
the timezone).

Patch provided by OpenVPN.
2016-09-30 09:04:18 +01:00
Brian J Murray
4556d205a3 Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502)
* Fixed unchecked calls to mbedtls_md_setup in rsa.c:

* style fixes
2016-09-05 14:11:45 +01:00
Simon Butcher
25e569877a Fix guards in SSL for ECDH key exchanges 2016-09-05 15:14:22 +03:00
Janos Follath
8a8445415f X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-07-14 14:08:53 +01:00
Simon Butcher
4f7b13bd79 Changed library version number to 1.3.17 2016-06-27 19:37:31 +01:00
Simon Butcher
fd349bcb8e Merge branch 'mbedtls-1.3' into mbedtls-1.3 2016-06-27 01:29:03 +01:00
Janos Follath
307e181cfa Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 18:52:14 +01:00
Janos Follath
742783fe85 Included tests for the overflow
Conflicts:
	library/rsa.c
2016-05-18 19:58:41 +01:00
Simon Butcher
d3253b018e Fix for backprt of IOTSSL-628
Corrections to constand and function names changed between 1.3 and 2.1
2016-05-18 19:58:41 +01:00
Janos Follath
092f2c48c4 Move underflow test to make time constant 2016-05-18 19:58:41 +01:00
Janos Follath
3bed13df1c Included test for integer underflow. 2016-05-18 19:58:40 +01:00
Janos Follath
f18263d78b Removing 'if' branch from the fix.
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-05-18 19:58:40 +01:00
Janos Follath
f570f7f686 Length check added 2016-05-18 19:58:40 +01:00
Simon Butcher
01660396da Corrects debug macro in ssl_cli.c 2016-04-22 10:05:50 +01:00
Janos Follath
4e03439e6a Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:59:00 +01:00
Janos Follath
7ddc2cdfce Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:28:24 +01:00
Simon Butcher
e9f842782b Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-19 10:02:43 +01:00
Janos Follath
d61fc6881a Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:42:17 +01:00
Simon Butcher
a91d85e331 Fix for net_usleep() timing selftest on mingw
In mingw32, net_usleep() was failing to sleep for the given period, and was
sleeping in microseconds, not milliseconds. Fix backported from mbed TLS 2.x of
using the Win32 Sleep() API call rather than using the timeout of select().
2016-01-15 14:36:08 +00:00
Manuel Pégourié-Gonnard
20715dc73b Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-08 15:28:40 +01:00
Manuel Pégourié-Gonnard
faae6d2019 Fix backporting mistakes in previous 5 commits 2016-01-08 15:24:46 +01:00
Janos Follath
2db440d2f1 Improved on the previous fix and added a test case to cover both types
of carries.
2016-01-08 15:22:05 +01:00
Janos Follath
2b806fad7b Removed recursion from fix #309. 2016-01-08 15:20:29 +01:00
Janos Follath
ff5317e99b Improved on the fix of #309 and extended the test to cover subroutines. 2016-01-08 15:19:14 +01:00
Janos Follath
87f1494809 Tests and fix added for #309 (inplace mpi doubling). 2016-01-08 15:18:03 +01:00
Simon Butcher
84181adae8 Change version number to 1.3.16
Changed version for library files and yotta module
2016-01-04 22:49:30 +00:00
Simon Butcher
302c5fed24 Added _ENABLE_MD5_SIGNATURES into features list
Specifically, 'POLARSSL_SSL_ENABLE_MD5_SIGNATURES' into version_features.c
2016-01-04 14:41:31 +00:00
Simon Butcher
d7fe6fbd76 Fix for MPI divide on MSVC
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
2016-01-03 22:39:18 +00:00
Simon Butcher
14400c8fb0 Merge memory leak fix into branch 'mbedtls-1.3'
Merge of fix for memory leak in RSA-SSA signing - #372
2016-01-02 00:28:19 +00:00
Simon Butcher
7d3f3a8ac8 Fix for memory leak in RSA-SSA signing
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2016-01-02 00:03:39 +00:00
Simon Butcher
a192c8f5d8 Merge branch 'iotssl-541-1.3-pathlen-bugfix' 2016-01-01 01:13:45 +00:00