Commit Graph

1771 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
f23d6c56a4 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Add ChangeLog entry for previous commit
  cert_write : fix "Destination buffer is too small" error
  Add ChangeLog entry for previous two commits
  Test certificate "Server1 SHA1, key_usage" reissued.
  Fix boolean values according to DER specs
  Fix typo in an OID name
  Disable reportedly broken assembly of Sparc(64)
  ECHDE-PSK does not use a certificate
  Actually ignore most non-fatal alerts
2015-10-30 10:17:05 +01:00
Jonathan Leroy
b76e43651e Fix boolean values according to DER specs
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.

This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.

With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).

Fixes #318.
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
c4baf98ce6 Fix typo in an OID name
fixes #314
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
0aaefcebc0 Actually ignore most non-fatal alerts
fixes #308
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
5ca3640fa7 Fix other int casts in bounds checking
Not a security issue as here we know the buffer is large enough (unless
something else if badly wrong in the code), and the value cast to int is less
than 2^16 (again, unless issues elsewhere).

Still changing to a more correct check as a matter of principle

backport of bc5e508
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
8abc22dde5 Fix other occurrences of same bounds check issue
Security impact is the same: not triggerrable remotely except in very specific
use cases

backport of 4dc9b39
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
758f490c90 Fix potential buffer overflow in asn1write
Ref: IOTSSL-519

backport of 22c3b7b
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
215a14bf29 Fix potential heap corruption on Windows
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.

Ref: IOTSSL-518

backport of 261faed725
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
9c52176776 Fix potential double-free in ssl_set_psk()
Internal ref: IOTSSL-517
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
f093bde91e Bump version to 1.3.14 2015-10-05 19:06:46 +01:00
Manuel Pégourié-Gonnard
c5934272fc Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Fix spurious #endif from previous cherry-pick
  Fix macroization of inline in C++
  Add missing warning in doc
  Fix compile error in net.c with musl libc
2015-10-05 17:06:24 +01:00
Simon Butcher
36abef4c5c Merge multiple backported vulnerability fixes 2015-10-05 16:44:59 +01:00
Manuel Pégourié-Gonnard
fa647a75a1 Fix references to non-standard SIZE_T_MAX
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:29:48 +01:00
Manuel Pégourié-Gonnard
cf1db3cf1c Fix spurious #endif from previous cherry-pick 2015-10-05 14:57:01 +01:00
Manuel Pégourié-Gonnard
20607bb0fa Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 14:28:17 +01:00
Manuel Pégourié-Gonnard
614624790d Fix compile error in net.c with musl libc
fixes #278
2015-10-05 14:15:46 +01:00
Manuel Pégourié-Gonnard
de9c8a5734 Fix potential overflow in CertificateRequest 2015-10-02 12:04:20 +02:00
Manuel Pégourié-Gonnard
f3e6e4badb Add extra check before integer conversion
end < p should never happen, but just be extra sure
2015-10-02 09:53:52 +02:00
Manuel Pégourié-Gonnard
48ec2c7b5e Fix potential overflow in base64_encode 2015-10-01 10:07:28 +02:00
Manuel Pégourié-Gonnard
5aff029f9d Fix potential double-free in ssl_set_psk() 2015-10-01 09:58:50 +02:00
Simon Butcher
643a922c56 Reordered extension fields and added to ChangeLog
Reordered the transmission sequence of TLS extension fields in client hello
and added to ChangeLog.
2015-10-01 01:17:10 +01:00
Simon Butcher
b1e325d6b2 Added bounds checking for TLS extensions
IOTSSL-478 - Added checks to prevent buffer overflows.
2015-10-01 00:24:36 +01:00
Manuel Pégourié-Gonnard
9bf29bee22 Fix potential random malloc in pem_read() 2015-09-30 17:01:35 +02:00
Manuel Pégourié-Gonnard
59efb6a1b9 Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-30 16:50:31 +02:00
Manuel Pégourié-Gonnard
7b4b2ac378 Fix stack buffer overflow in pkcs12 2015-09-30 16:46:07 +02:00
Simon Butcher
c988f32add Added max length checking of hostname 2015-09-29 23:27:20 +01:00
Manuel Pégourié-Gonnard
df048c59cf Bump version to 1.3.13 2015-09-17 11:53:14 +02:00
Manuel Pégourié-Gonnard
a701d2f5e9 Fix bug in server parsing point formats extension
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15

Backport of f7022d1
2015-09-17 11:46:56 +02:00
Manuel Pégourié-Gonnard
a1cdcd2364 Add counter-measure against RSA-CRT attack
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

backport of 5f50104
2015-09-09 12:23:47 +02:00
Manuel Pégourié-Gonnard
bb564e0fb4 Fix possible client crash on API misuse 2015-09-03 10:44:32 +02:00
Manuel Pégourié-Gonnard
1c38550bbd Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

see #220

backport of fdbdd72
2015-09-01 18:34:15 +02:00
Manuel Pégourié-Gonnard
6512554f42 Fix handling of long PSK identities
backport from c3b5d83

see #238
2015-08-31 11:43:47 +02:00
Manuel Pégourié-Gonnard
e217ceea38 Fix warning with MD/SHA ALT implementation
backport of 8b2641d

see #239
2015-08-31 11:22:47 +02:00
Manuel Pégourié-Gonnard
a67fd79e8f Fix -Wshadow warnings
Backport of ea35666 and 824ba72

see #240
2015-08-31 11:07:51 +02:00
Manuel Pégourié-Gonnard
5efed09c5f Fix possible unlock before lock in RSA
Backport of 1385a28 and 4d04cdc

see #257
2015-08-31 10:21:10 +02:00
Manuel Pégourié-Gonnard
3a5ee1c411 Increase tolerance of timing selftest
Forgot to move that one to 20% in previous commit
2015-08-19 14:48:34 +02:00
Manuel Pégourié-Gonnard
25f44a6020 Relax timing_self_test for windows idiosyncrasies
Also widen accepted error to +/- 20 % while at it
2015-08-19 10:22:54 +02:00
Paul Bakker
3edec6c4ed Prepare for 1.3.12 release 2015-08-11 13:22:10 +01:00
Manuel Pégourié-Gonnard
705de2f98d Revert "Avoid formatting debug message uselessly"
This reverts commit 925a72628b.

Reason: introduced an ABI change in the maintenance branch.
2015-08-10 17:36:47 +02:00
Manuel Pégourié-Gonnard
b5d77d3fd9 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
2015-08-10 12:01:50 +02:00
Manuel Pégourié-Gonnard
1b1254fa05 Fix missing -static-libgcc when building dlls 2015-08-10 11:56:54 +02:00
Manuel Pégourié-Gonnard
3ab7b96f35 Make hardclock selftest optional 2015-07-06 17:17:55 +02:00
Manuel Pégourié-Gonnard
f0f399d66c Up default server DHM size to 2048 bits 2015-07-03 17:45:57 +02:00
Manuel Pégourié-Gonnard
56e245d959 Only do dynamic alloc when necessary 2015-06-29 19:52:44 +02:00
Manuel Pégourié-Gonnard
925a72628b Avoid formatting debug message uselessly 2015-06-29 19:47:17 +02:00
Manuel Pégourié-Gonnard
9ea1b23cc4 Up min size of DHM params to 1024 bits on client 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
6c3ccf5fd0 Fix thread-safety issue in debug.c
Closes #203
2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
8e8ae3d961 Fix potential NULL dereference on bad usage 2015-06-23 18:57:28 +02:00
Manuel Pégourié-Gonnard
b26b75e17b Clean up RSA PMS checking code 2015-06-23 18:52:09 +02:00
Paul Bakker
19eef51487 Prepare for 1.3.11 release 2015-06-04 14:49:19 +02:00