Commit Graph

2687 Commits

Author SHA1 Message Date
Simon Butcher
e5828ce06c Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1 2018-06-28 11:38:18 +01:00
Ron Eldor
3dfbf406e5 Move definition of MBEDTLS_CIPHER_MODE_STREAM
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-06-28 08:49:25 +03:00
Simon Butcher
b1c796ec48 Merge remote-tracking branch 'public/pr/1769' into mbedtls-2.1 2018-06-22 15:05:34 +01:00
Philippe Antoine
2c3c18039b Fix memory leak in mbedtls_x509_csr_parse 2018-06-22 12:19:33 +01:00
Simon Butcher
ad761c45b9 Fix multiple quality issues in the source
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
2018-06-22 11:22:44 +01:00
Andres Amaya Garcia
b999a73eb4 Document ssl_write_real() behaviour in detail 2018-06-21 19:37:27 +01:00
Simon Butcher
6fc9ceece3 Change the library version to 2.1.13 2018-06-18 14:49:02 +01:00
Simon Butcher
0a715b1587 Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1 2018-06-17 18:02:57 +01:00
Simon Butcher
fd436b34eb Merge remote-tracking branch 'public/pr/1673' into mbedtls-2.1 2018-06-17 18:02:21 +01:00
Simon Butcher
577d39b930 Compilation warning fixes on 32b platfrom with IAR
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683

This is based on work by Ron Eldor in PR #750.
2018-06-14 09:10:23 +01:00
Andres Amaya Garcia
b5c87012ec Initialise pointers to avoid IAR compiler warnings 2018-06-14 08:48:49 +01:00
Azim Khan
c57d0e5ed5 Treat warnings as errors for IAR
Fix IAR compiler warnings

Two warnings have been fixed:
1. code 'if( len <= 0xFFFFFFFF )' gave warning 'pointless integer comparison'.
   This was fixed by wraping the condition in '#if SIZE_MAX > 0xFFFFFFFF'.
2. code 'diff |= A[i] ^ B[i];' gave warning 'the order of volatile accesses is undefined in'.
   This was fixed by read the volatile data in temporary variables before the computation.

Explain IAR warning on volatile access

Consistent use of CMAKE_C_COMPILER_ID
2018-06-14 08:48:49 +01:00
Fabio Alessandrelli
789096a71d Only redefine _WIN32_WINNT macro when < 0x0501 2018-06-08 16:26:53 +01:00
Gilles Peskine
e8dd77ba58 Fix Lucky13 attack protection when using HMAC-SHA-384
As a protection against the Lucky Thirteen attack, the TLS code for
CBC decryption in encrypt-then-MAC mode performs extra MAC
calculations to compensate for variations in message size due to
padding. The amount of extra MAC calculation to perform was based on
the assumption that the bulk of the time is spent in processing
64-byte blocks, which was correct for most supported hashes but not for
SHA-384. Adapt the formula to 128-byte blocks for SHA-384.
2018-06-06 17:24:50 +02:00
Gilles Peskine
8ba12295f8 Fix MSan build without MBEDTLS_TIMING_C
When MBEDTLS_TIMING_C was not defined in config.h, but the MemSan
memory sanitizer was activated, entropy_poll.c used memset without
declaring it. Fix this by including string.h unconditionally.
2018-06-01 18:38:53 +02:00
Simon Butcher
a8002f8f39 Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1 2018-05-23 17:58:10 +01:00
Simon Butcher
e64bf3968e Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1 2018-05-23 17:53:23 +01:00
Andres AG
879e62697e Allow the entry_name size to be set in config.h
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2018-05-11 16:38:38 +01:00
Jaeden Amero
6c0fba4350 Update version to 2.1.12 2018-04-27 13:13:54 +01:00
Jaeden Amero
4faad41346 Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed
Remove trailing whitespace from ChangeLog.
2018-04-26 11:09:15 +01:00
Jaeden Amero
32f5cc6dd4 ssl_cli: Fix all.sh test failure for ECJPAKE typo
When the "same ciphersuite validation" was backported to 2.1, we
introduced the use of irrelevant defines in ssl_cli.c. all.sh catches
these as "Likely typos". Remove the code for ECJPAKE, a feature that doesn't exist in 2.1, from ssl_cli to fix this test failure.

    ******************************************************************
    * test/build: declared and exported names
    * Thu Apr 26 08:23:19 UTC 2018
    ******************************************************************
    1175 macros
         143 enum-consts
    942 identifiers
    771 exported-symbols
    Exported symbols declared in header: PASS
    Names of actual-macros: PASS
    Names of enum-consts: PASS
    Names of identifiers: PASS
    Likely typos: FAIL
    MBEDTLS_KEY_EXCHANGE_ECJPAKE
    MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
    FAILED
2018-04-26 10:43:28 +01:00
Jaeden Amero
7db991d56a Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
Resolve conflicts in ChangeLog
2018-04-26 09:03:14 +01:00
Andrzej Kurek
302be2fce4 Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:29:32 -04:00
Andrzej Kurek
078014aebe Change variable bytes_written to header_bytes in record decompression
The name is changed to better reflect the input, decompression case
2018-04-24 06:33:49 -04:00
Andrzej Kurek
bb6661479f ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-23 08:29:36 -04:00
Mohammad Azim Khan
3f1d5cb324 Same ciphersuite validation in server and client hello 2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard
1e2f4da801 Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed
* restricted/pr/469:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Adjust 2.1 specific code to match the buffer verification tests
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:22:24 +02:00
Darryl Green
ce52b58da0 Fix braces in mbedtls_memory_buffer_alloc_status() 2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak
28485d0a01 Improve comments style 2018-04-10 13:36:43 +02:00
Krzysztof Stachowiak
99fb6e9461 Remove a redundant test 2018-04-10 13:36:00 +02:00
Krzysztof Stachowiak
57e1a9fdfc Add buffer size check before cert_type_len read 2018-04-10 13:35:09 +02:00
Krzysztof Stachowiak
0ac812f5ce Adjust 2.1 specific code to match the buffer verification tests 2018-04-05 08:50:20 +02:00
Krzysztof Stachowiak
444678ea8b Add a missing buffer size check 2018-04-04 15:41:07 +02:00
Krzysztof Stachowiak
f8ba5cf8e9 Correct buffer size check
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-04-04 14:36:20 +02:00
Jaeden Amero
ac9939c096 Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed 2018-04-03 18:27:18 +01:00
Jaeden Amero
ee6c822076 Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed 2018-04-03 12:07:19 +01:00
Jaeden Amero
b40dae5c21 Merge remote-tracking branch 'upstream-public/pr/1546' into mbedtls-2.1-proposed 2018-04-03 12:03:12 +01:00
mohammad1603
ad2908c9d6 Fix compatibility problem in the printed message
Replace %zu with %lu and add cast for the printed value.
2018-04-02 07:30:32 -07:00
Gilles Peskine
225684015d Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed 2018-04-01 12:41:33 +02:00
Gilles Peskine
911a432704 Update error.c 2018-03-30 18:51:31 +02:00
Gilles Peskine
1198e6329f Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:51:14 +02:00
Andrzej Kurek
944adb9f4f return plaintext data faster on unpadded decryption 2018-03-30 04:58:13 -04:00
Jaeden Amero
82e288adb6 Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed 2018-03-29 10:59:43 +01:00
mohammad1603
f72e51f2b8 Check whether INT_MAX larger than SIZE_MAX scenario
Check whether INT_MAX larger than SIZE_MAX scenario
2018-03-28 23:44:39 -07:00
Jaeden Amero
616485854e Merge remote-tracking branch 'upstream-public/pr/1469' into mbedtls-2.1-proposed 2018-03-28 15:36:01 +01:00
Jaeden Amero
478baecc06 Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed 2018-03-28 15:34:25 +01:00
Jaeden Amero
8b4cd26eaf Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed 2018-03-28 13:44:28 +01:00
Andres Amaya Garcia
624b557e56 Fix coding style in pkcs5.c preprocessor directives 2018-03-27 21:33:05 +01:00
Marcos Del Sol Vives
a3ee13d199 Compile PBES2 in PKCS5 only if ASN1 is enabled 2018-03-27 21:33:02 +01:00
Andres Amaya Garcia
b3ac0ff722 Allow overriding ar param prefix in library/Makefile 2018-03-26 00:12:55 +01:00
Andres Amaya Garcia
23e520143d Make DLEXT var configurable in library/Makefile 2018-03-26 00:12:53 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
mohammad1603
cee0890b19 Verify that f_send and f_recv send and receive the expected length
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
2018-03-22 15:01:02 -07:00
Gergely Budai
0a91973e4b Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:32:47 +00:00
Mitsuhiro Nakamura
e00964d9a7 Fix dylib linking 2018-03-21 11:21:59 +00:00
Gilles Peskine
823734b96c Robustness fix in mbedtls_ssl_derive_keys
In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in
ciphersuites that don't use HMAC. This doesn't change the behavior of
the code, but avoids relying on an uncaught error when attempting to
start an HMAC operation that hadn't been initialized.
2018-03-19 19:06:08 +01:00
mohammad1603
89c12ecfb5 Avoid wraparound on in_left
Avoid wraparound on in_left
2018-03-19 07:15:50 -07:00
Jaeden Amero
1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Jaeden Amero
7f44963f45 Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed 2018-03-15 15:24:47 +00:00
Ron Eldor
329e4d572b Addres review comments
Resolves comments raised in the review
2018-03-15 15:09:28 +00:00
Ron Eldor
f71ce5229e Add log and fix stle issues
Address Andres comments of PR
2018-03-15 15:09:28 +00:00
Ron Eldor
82712a9c97 Write correct number of ciphersuites in log
Change location of log, to fit the correct number of used ciphersuites
2018-03-15 15:09:28 +00:00
Jaeden Amero
23f503f12d Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed 2018-03-14 18:32:21 +00:00
Jaeden Amero
5e50ff8f44 Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed 2018-03-14 18:16:29 +00:00
Jaeden Amero
10a1a60966 Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed 2018-03-14 18:03:41 +00:00
Jaeden Amero
0980d9a3ae Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed 2018-03-14 17:53:27 +00:00
Jaeden Amero
4e3629590f Merge remote-tracking branch 'upstream-public/pr/1452' into mbedtls-2.1-proposed 2018-03-14 17:38:21 +00:00
Krzysztof Stachowiak
c86b880411 Prevent arithmetic overflow on bounds check 2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
ce0d3ca128 Add bounds check before signature length read 2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
0e0afacbc5 Prevent arithmetic overflow on bounds check 2018-03-14 14:35:12 +01:00
Krzysztof Stachowiak
7040553a02 Add bounds check before length read 2018-03-14 14:35:12 +01:00
Manuel Pégourié-Gonnard
b0661769ab x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
Gilles Peskine
df6f3dd9b0 Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed 2018-03-13 17:28:42 +01:00
Gilles Peskine
8c1217984b Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
2018-03-13 17:26:49 +01:00
Manuel Pégourié-Gonnard
503047f824 Fix 2.1-specific remaining MD/PK depend issues
For library/certs.c the issue is resolved by aligning it with the version in
the 2.7 branch (which is currently the same as the version in the development
branch)
2018-03-13 11:53:48 +01:00
Hanno Becker
b81fcd00e6 Correct memory leak in RSA self test
The RSA self test didn't free the RSA context on failure.
2018-03-13 10:31:02 +00:00
Gilles Peskine
5e533f43ee Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed 2018-03-12 23:51:50 +01:00
Gilles Peskine
889de8eedb Merge branch 'pr_1276' into mbedtls-2.1-proposed 2018-03-12 23:51:01 +01:00
Gilles Peskine
8da4f864a5 Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed 2018-03-12 23:44:48 +01:00
Gilles Peskine
d38464698e Merge remote-tracking branch 'upstream-public/pr/1295' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine
0aacc9a96d Merge remote-tracking branch 'upstream-public/pr/1297' into mbedtls-2.1-proposed 2018-03-11 00:52:35 +01:00
Gilles Peskine
9a00ef3cf1 Merge branch 'pr_953' into HEAD 2018-03-11 00:52:24 +01:00
Manuel Pégourié-Gonnard
ac54cea7f9 x509: fix remaining unchecked call to mbedtls_md()
The other two calls have been fixed already, fix that one too for consistency.
2018-03-07 09:44:31 +01:00
Manuel Pégourié-Gonnard
19d77b6aa6 Clarify mutual references in comments 2018-03-07 09:44:28 +01:00
Manuel Pégourié-Gonnard
b6d3e6d102 Fix some issues in comments 2018-03-06 10:35:15 +01:00
Hanno Becker
dc8751d31e Fix bug in X.509 CRT verification code 2018-03-05 13:46:10 +01:00
Manuel Pégourié-Gonnard
78df7fcc8c Fix some comment typos 2018-03-05 13:46:08 +01:00
Manuel Pégourié-Gonnard
afbbcf849c Add comments on chain verification cases
This is the beginning of a series of commits refactoring the chain
building/verification functions in order to:
- make it simpler to understand and work with
- prepare integration of restartable ECC
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
081ed0650c Improve handling of md errors in X.509
md() already checks for md_info == NULL. Also, in the future it might also
return other errors (eg hardware errors if acceleration is used), so it make
more sense to check its return value than to check for NULL ourselves and then
assume no other error can occur.

Also, currently, md_info == NULL can never happen except if the MD and OID modules
get out of sync, or if the user messes with members of the x509_crt structure
directly.

This commit does not change the current behaviour, which is to treat MD errors
the same way as a bad signature or no trusted root.
2018-03-05 13:43:45 +01:00
Gilles Peskine
25ec9cc9b3 Merge branch 'prr_428' into mbedtls-2.1-proposed 2018-02-22 16:24:13 +01:00
Hanno Becker
f599026248 Adapt version_features.c 2018-02-22 16:18:07 +01:00
mohammad1603
f65add4f60 Backport 2.1:Add guard to out_left to avoid negative values
return error when f_send return a value greater than out_left
2018-02-22 05:07:15 -08:00
Gilles Peskine
ac33180219 Merge branch 'pr_1354' into mbedtls-2.1 2018-02-20 16:37:17 +01:00
Gilles Peskine
2e50efad44 Merge remote-tracking branch 'upstream-public/pr/1334' into mbedtls-2.1-proposed 2018-02-14 15:13:37 +01:00
Antonio Quartulli
b9e3c6d9c6 pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Ron Eldor
3a3b654027 Fix handshake failure in suite B
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-07 12:09:46 +02:00
Jaeden Amero
f885c81f15 Update version to 2.1.10 2018-02-02 18:10:05 +00:00
James Cowgill
a5f8b42056 Fix build errors on x32 by using the generic 'add' instruction
On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x
registers (instead of %r?x registers). These registers must be accessed using
"addl" instead of "addq", however the GNU assembler will acccept the generic
"add" instruction and determine the correct opcode based on the registers
passed to it.
2018-01-29 21:54:26 +01:00
Jaeden Amero
035f6ea288 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-29 12:53:07 +00:00