Commit Graph

4295 Commits

Author SHA1 Message Date
Andres AG
6220ecbc48 Fix overread when verifying SERVER_HELLO in DTLS 2016-10-13 15:43:46 +01:00
Simon Butcher
8390e0a97c Update and clean up Changelog for #622 2016-10-13 15:27:09 +01:00
Andres AG
6a3fa2159c Fix sig->tag update in mbedtls_x509_get_sig() 2016-10-13 15:23:35 +01:00
Simon Butcher
d9d0cda9fe Merge branch 'mbedtls-2.1' 2016-10-13 10:35:52 +01:00
Janos Follath
0be55a0549 Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 10:35:34 +01:00
Janos Follath
6d3e3389e5 Add simple test for repeated IVs when using AEAD
In a USENIX WOOT '16 paper the authors exploit implementation
mistakes that cause Initialisation Vectors (IV) to repeat. This
did not happen in mbed TLS, and this test makes sure that this
won't happen in the future either.

A new test option is introduced to ssl-opt.sh that checks the server
and client logs for a pattern and fails in case there are any
duplicates in the lines following the matching ones. (This is
necessary because of the structure of the logging)

Added a test case as well to utilise the new option. This test forces
the TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ciphersuite to make the
client and the server use an AEAD cipher.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 10:26:58 +01:00
Simon Butcher
759b5a1286 Added credit to Changelog for fix #558 2016-10-13 01:00:19 +01:00
Janos Follath
95b303648c Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:58:09 +01:00
Simon Butcher
6f066a8636 Clarified Changelog for fix #602 2016-10-12 19:54:24 +01:00
Andres AG
6c05208f96 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:54:07 +01:00
Simon Butcher
d5e33f14df Updated Changelog for fix #599 2016-10-12 17:49:11 +01:00
Andres AG
fbd1cd9d57 Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 17:45:29 +01:00
Andres AG
865c899681 Fix typo in docs for mbedtls_x509write_csr_der() 2016-10-12 17:37:25 +01:00
Simon Butcher
73b94e3512 Added credit to Changelog for X.509 DER bounds fix 2016-10-11 16:53:10 +01:00
Andres AG
effb5582dd Add test for bounds in X509 DER write funcs 2016-10-11 16:52:06 +01:00
Andres AG
8aa301ba31 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 16:52:06 +01:00
Simon Butcher
4bbd8e1ad8 Revise Changelog to clarify and add credit 2016-10-11 10:42:05 +01:00
Simon Butcher
17cbca370f Update Changelog for fixes to X.509 sample apps 2016-10-11 10:40:43 +01:00
Simon Butcher
b89a653005 Update Changelog for fix #559 2016-10-11 10:40:42 +01:00
Janos Follath
433d4c84b3 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-11 10:40:42 +01:00
Simon Butcher
4ed1c00f10 Update Changelog for fixes to X.509 sample apps 2016-10-10 09:45:30 +01:00
Simon Butcher
5214607f75 Add extra compilation conditions to X.509 samples
The sample applications programs/pkey/cert_req.c and
programs/pkey/cert_write.c use the library functions
mbedtls_pk_write_csr_pem() and mbedtls_pk_write_crt_pem() respectively which
are dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option
isn't defined the build breaks.

This change adds the compilation condition MBEDTLS_PEM_WRITE_C to these
sample application.
2016-10-10 09:45:17 +01:00
Simon Butcher
c1e1f1cfdd Update Changelog for fix #559 2016-10-07 14:17:28 +01:00
Simon Butcher
411fd7c23a Add extra compilation conditions to gen_key.c #559
The sample application programs/pkey/gen_key.c uses the library function
mbedtls_pk_write_key_pem() which is dependent on the configuration option
MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks.

This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c
sample application.
2016-10-07 14:17:22 +01:00
Simon Butcher
d7fb3fd4e6 Fix error text and whitespace in crypt_and_hash.c 2016-10-07 14:16:57 +01:00
Simon Butcher
75dea20fee Update for ChangeLog for fixes for cert_app 2016-09-26 20:51:34 +01:00
Paul Bakker
3ef29f6e48 Do not add empty cert / key in cert_app 2016-09-26 20:46:10 +01:00
Paul Bakker
11a7d7cf68 Actually apply debug_level settings in cert_app 2016-09-26 20:45:57 +01:00
Andres AG
8df1bee06f Add ChangeLog entry for unchecked calls fix 2016-09-05 14:10:45 +01:00
Brian J Murray
88c2d227e4 Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502)
* Fixed unchecked calls to mbedtls_md_setup in rsa.c:

* style fixes
2016-09-05 14:05:55 +01:00
Simon Butcher
541a960bee Update to ChangeLog for bug #428 2016-09-05 13:12:24 +03:00
Paul Bakker
e6ed6a1fc4 Fix guards in SSL for ECDH key exchanges 2016-09-05 12:26:04 +03:00
Simon Butcher
532b217002 Update ChangeLog for fix to crypt_and_hash #441 2016-09-02 22:10:39 +01:00
Paul Bakker
a9f02c8c21 Fix for #441 - crypt and hash gcm (#546)
* Fix crypt_and_hash to support decrypting GCM encrypted files

* Fix documentation in crypt_and_hash for the generic case

* Remove unused lastn from crypt_and_hash

lastn is not used with the cipher layer as it already provides padding
and understanding of length of the original data.
2016-09-02 22:08:18 +01:00
Simon Butcher
e88c9102e4 Merge pull request #538 from andresag01/mbedtls-2.1-iotssl-472-ca-chain-with-invalid-dates
Mbedtls 2.1 iotssl 472 ca chain with invalid dates
2016-07-19 13:07:48 +01:00
Simon Butcher
8b459923ac Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-07-15 12:53:25 +01:00
Janos Follath
7b26865529 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-07-14 13:19:46 +01:00
Janos Follath
e223527da0 X509: Future CA among trusted: add more tests 2016-07-14 12:02:56 +01:00
Janos Follath
38921c8837 X509: Future CA among trusted: add unit tests 2016-07-14 12:02:50 +01:00
Simon Butcher
b998e27547 Merge branch 'mbedtls-2.1' 2016-06-27 19:57:27 +01:00
Simon Butcher
c38aa616a0 Update ChangeLog for Release 2016-06-27 19:49:04 +01:00
Simon Butcher
64f5df5545 Changed version number to version 2.1.5 2016-06-27 19:37:08 +01:00
Simon Butcher
88aa189415 Merge branch 'mbedtls-2.1' into mbedtls-2.1 2016-06-27 01:16:16 +01:00
Simon Butcher
60e2b2fe22 Fix whitespace and formatting in ssl_srv.c 2016-05-23 16:41:16 +01:00
Janos Follath
83f26052bf Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:50:15 +01:00
Janos Follath
b700c46750 Add a test for SSLv3 with extensions, server side
This test verifies if the server parses or sends extensions when
the protocol is SSLv3.
2016-05-23 14:43:54 +01:00
Paul Bakker
3b224ffd25 Split test into valgrind and no-valgrind version
Running valgrind on: "DTLS client reconnect from same port: reconnect,
nbio" results in timeouts.

New version added that runs only under valgrind. Original only runs when
valgrind is not used
2016-05-22 21:49:34 +01:00
Simon Butcher
6eb066ed56 Fixes RC4 config dependencies in tests in ssl-opt.h
Adds dependencies on MBEDTLS_REMOVE_ARC4_CIPHERSUITES for tests that
require RC4 to be disabled (the default config).
2016-05-19 22:25:42 +01:00
Simon Butcher
df8c386a64 Merge branch 'mbedtls-2.1' 2016-05-18 19:52:37 +01:00
Janos Follath
f06edd695a Remove unused code from PKCS1v15 test suite 2016-05-18 19:36:04 +01:00