Commit Graph

3175 Commits

Author SHA1 Message Date
Simon Butcher
e4ed3475b0 Added integer divide by as separate function
Added 64bit integer divided by 32bit integer, with remainder
2015-12-22 15:26:57 +00:00
Manuel Pégourié-Gonnard
c05014459e Fix wrong length limit in GCM
See for example page 8 of
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

The previous constant probably came from a typo as it was 2^26 - 2^5 instead
of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
2^32 as the ull suffix and cast to uint64_t show.

fixes #362
2015-12-10 16:34:32 +01:00
Manuel Pégourié-Gonnard
c4a47e3483 Fix bug checking pathlen on first intermediate
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.

The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)

fixes #280
2015-11-19 12:06:45 +01:00
Manuel Pégourié-Gonnard
6ad4f65780 Add test case for root with max_pathlen=0
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 12:02:29 +01:00
Manuel Pégourié-Gonnard
c058074836 Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 12:01:11 +01:00
Simon Butcher
1f4e08c979 Changed version number to 1.3.15
Changed for library
2015-11-05 15:44:46 +00:00
Simon Butcher
34fc23fa6a Corrected typo in ChangeLog 2015-11-03 23:14:16 +00:00
Manuel Pégourié-Gonnard
edb2327609 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Use own implementation of strsep()
  Add Changelog entries for this branch
  Use symbolic constants in test data
  Fixed pathlen contraint enforcement.
  Additional corner cases for testing pathlen constrains. Just in case.
  Added test case for pathlen constrains in intermediate certificates
2015-11-02 06:57:30 +09:00
Manuel Pégourié-Gonnard
28e1ac5cab Use own implementation of strsep()
Not available on windows, and strtok() is not a good option
2015-11-02 06:50:46 +09:00
Manuel Pégourié-Gonnard
f23d6c56a4 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Add ChangeLog entry for previous commit
  cert_write : fix "Destination buffer is too small" error
  Add ChangeLog entry for previous two commits
  Test certificate "Server1 SHA1, key_usage" reissued.
  Fix boolean values according to DER specs
  Fix typo in an OID name
  Disable reportedly broken assembly of Sparc(64)
  ECHDE-PSK does not use a certificate
  Actually ignore most non-fatal alerts
2015-10-30 10:17:05 +01:00
Manuel Pégourié-Gonnard
54150a36d1 Add Changelog entries for this branch 2015-10-30 09:45:00 +01:00
Manuel Pégourié-Gonnard
1da232df97 Use symbolic constants in test data 2015-10-30 09:39:42 +01:00
Janos Follath
92ac059b57 Fixed pathlen contraint enforcement. 2015-10-29 12:49:40 +01:00
Janos Follath
3d98a7eee3 Additional corner cases for testing pathlen constrains. Just in case.
backport of ef4f258
2015-10-28 18:20:43 +01:00
Janos Follath
189c743d3e Added test case for pathlen constrains in intermediate certificates
backport of 822b2c3
2015-10-28 18:15:48 +01:00
Manuel Pégourié-Gonnard
664b751572 Add ChangeLog entry for previous commit 2015-10-27 15:12:39 +01:00
Jonathan Leroy
2744df4f7a cert_write : fix "Destination buffer is too small" error
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.

I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...

Fixes #315.
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
96e75ac97c Add ChangeLog entry for previous two commits 2015-10-27 15:12:39 +01:00
Jonathan Leroy
094788ed7d Test certificate "Server1 SHA1, key_usage" reissued. 2015-10-27 15:12:39 +01:00
Jonathan Leroy
b76e43651e Fix boolean values according to DER specs
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.

This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.

With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).

Fixes #318.
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
c4baf98ce6 Fix typo in an OID name
fixes #314
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
7bbabeae8f Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
c094a97223 ECHDE-PSK does not use a certificate
fixes #270
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
0aaefcebc0 Actually ignore most non-fatal alerts
fixes #308
2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard
5ca3640fa7 Fix other int casts in bounds checking
Not a security issue as here we know the buffer is large enough (unless
something else if badly wrong in the code), and the value cast to int is less
than 2^16 (again, unless issues elsewhere).

Still changing to a more correct check as a matter of principle

backport of bc5e508
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
8abc22dde5 Fix other occurrences of same bounds check issue
Security impact is the same: not triggerrable remotely except in very specific
use cases

backport of 4dc9b39
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
758f490c90 Fix potential buffer overflow in asn1write
Ref: IOTSSL-519

backport of 22c3b7b
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
215a14bf29 Fix potential heap corruption on Windows
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.

Ref: IOTSSL-518

backport of 261faed725
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
9c52176776 Fix potential double-free in ssl_set_psk()
Internal ref: IOTSSL-517
2015-10-27 11:47:37 +01:00
Manuel Pégourié-Gonnard
ad9c68ab21 Fix typo in documenation 2015-10-20 09:38:10 +02:00
Simon Butcher
9b52b804c7 Corrected misleading fn description in ssl_cache.h
Mistake in comments spotted by Andris Mednis
2015-10-19 19:35:04 +01:00
Manuel Pégourié-Gonnard
f093bde91e Bump version to 1.3.14 2015-10-05 19:06:46 +01:00
Manuel Pégourié-Gonnard
c5934272fc Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Fix spurious #endif from previous cherry-pick
  Fix macroization of inline in C++
  Add missing warning in doc
  Fix compile error in net.c with musl libc
2015-10-05 17:06:24 +01:00
Simon Butcher
36abef4c5c Merge multiple backported vulnerability fixes 2015-10-05 16:44:59 +01:00
Manuel Pégourié-Gonnard
fa647a75a1 Fix references to non-standard SIZE_T_MAX
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:29:48 +01:00
Manuel Pégourié-Gonnard
cf1db3cf1c Fix spurious #endif from previous cherry-pick 2015-10-05 14:57:01 +01:00
Manuel Pégourié-Gonnard
20607bb0fa Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 14:28:17 +01:00
Manuel Pégourié-Gonnard
ded3ae500b Add missing warning in doc
Found by Nicholas Wilson

fixes #288
2015-10-05 14:18:16 +01:00
Manuel Pégourié-Gonnard
614624790d Fix compile error in net.c with musl libc
fixes #278
2015-10-05 14:15:46 +01:00
Manuel Pégourié-Gonnard
de9c8a5734 Fix potential overflow in CertificateRequest 2015-10-02 12:04:20 +02:00
Manuel Pégourié-Gonnard
f3e6e4badb Add extra check before integer conversion
end < p should never happen, but just be extra sure
2015-10-02 09:53:52 +02:00
Manuel Pégourié-Gonnard
c7e61a2e3f Fix more typos in ChangeLog 2015-10-01 18:22:54 +02:00
Manuel Pégourié-Gonnard
6d6018383e Fix typos in ChangeLog and comments 2015-10-01 18:20:55 +02:00
Manuel Pégourié-Gonnard
48ec2c7b5e Fix potential overflow in base64_encode 2015-10-01 10:07:28 +02:00
Manuel Pégourié-Gonnard
5aff029f9d Fix potential double-free in ssl_set_psk() 2015-10-01 09:58:50 +02:00
Simon Butcher
643a922c56 Reordered extension fields and added to ChangeLog
Reordered the transmission sequence of TLS extension fields in client hello
and added to ChangeLog.
2015-10-01 01:17:10 +01:00
Simon Butcher
b1e325d6b2 Added bounds checking for TLS extensions
IOTSSL-478 - Added checks to prevent buffer overflows.
2015-10-01 00:24:36 +01:00
Manuel Pégourié-Gonnard
9bf29bee22 Fix potential random malloc in pem_read() 2015-09-30 17:01:35 +02:00
Manuel Pégourié-Gonnard
59efb6a1b9 Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-30 16:50:31 +02:00
Manuel Pégourié-Gonnard
7b4b2ac378 Fix stack buffer overflow in pkcs12 2015-09-30 16:46:07 +02:00