Commit graph

5453 commits

Author SHA1 Message Date
Gilles Peskine
1a2640c025 Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge' into development-restricted 2017-11-23 18:58:30 +01:00
Gilles Peskine
dab611a7b1 ChangeLog entry for ssl_parse_client_psk_identity fix 2017-11-23 18:53:55 +01:00
Manuel Pégourié-Gonnard
bfa8df4c7e Merge remote-tracking branch 'restricted/pr/416' into development-restricted
* restricted/pr/416:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
2017-11-23 12:10:01 +01:00
Gilles Peskine
5eafc74154
Merge pull request #1159 from RonEld/1862
Change Arm Trademarks
2017-11-20 17:45:49 +01:00
Manuel Pégourié-Gonnard
888fedea06 Merge branch 'development' into development-restricted
* development: (30 commits)
  update README file (#1144)
  Fix typo in asn1.h
  Improve leap year test names in x509parse.data
  Correctly handle leap year in x509_date_is_valid()
  Renegotiation: Add tests for SigAlg ext parsing
  Parse Signature Algorithm ext when renegotiating
  Minor style fix
  config.pl get: be better behaved
  config.pl get: don't rewrite config.h; detect write errors
  Fixed "config.pl get" for options with no value
  Fix typo and bracketing in macro args
  Ensure failed test_suite output is sent to stdout
  Remove use of GNU sed features from ssl-opt.sh
  Fix typos in ssl-opt.sh comments
  Add ssl-opt.sh test to check gmt_unix_time is good
  Extend ssl-opt.h so that run_test takes function
  Always print gmt_unix_time in TLS client
  Restored note about using minimum functionality in makefiles
  Note in README that GNU make is required
  Fix changelog for ssl_server2.c usage fix
  ...
2017-11-14 08:24:22 +01:00
Ron Eldor
2ac96620f3 change URL
Change URL from developer.mbed.org to os.mbed.com
2017-11-01 14:19:50 +02:00
Ron Eldor
9d22619a13 Change Arm Trademarks to the issue template
Change the Trademarks to the issue template document
2017-10-30 18:39:47 +02:00
Ron Eldor
c7acb913ce Change Arm Trademarks
Change the Arm Trademarks according to updated Trademarks
2017-10-30 17:24:50 +02:00
Gilles Peskine
91048a3aac RSA PSS: remove redundant check; changelog
Remove a check introduced in the previous buffer overflow fix with keys of
size 8N+1 which the subsequent fix for buffer start calculations made
redundant.

Added a changelog entry for the buffer start calculation fix.
2017-10-19 17:46:14 +02:00
Gilles Peskine
b00b0da452 RSA PSS: fix first byte check for keys of size 8N+1
For a key of size 8N+1, check that the first byte after applying the
public key operation is 0 (it could have been 1 instead). The code was
incorrectly doing a no-op check instead, which led to invalid
signatures being accepted. Not a security flaw, since you would need the
private key to craft such an invalid signature, but a bug nonetheless.
2017-10-19 15:23:49 +02:00
Gilles Peskine
139108af94 RSA PSS: fix minimum length check for keys of size 8N+1
The check introduced by the previous security fix was off by one. It
fixed the buffer overflow but was not compliant with the definition of
PSS which technically led to accepting some invalid signatures (but
not signatures made without the private key).
2017-10-18 19:03:42 +02:00
RonEld
005939db98 update README file (#1144)
* update README file

update VS 2010 as the minimal version of required Visual Studio

* Rephrase the MS VS requirement

Rephrase the VS version sentence
2017-10-17 18:19:48 +01:00
Gilles Peskine
6a54b0240d RSA: Fix another buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the masking
operation results in an all-zero buffer. This could happen at any key size.
2017-10-17 19:12:36 +02:00
Gilles Peskine
28a0c72795 RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.

Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
2017-10-17 19:01:38 +02:00
Simon Butcher
6f63db7ed5 Fix changelog for ssl_server2.c usage fix 2017-10-12 23:22:17 +01:00
Gilles Peskine
085c10afdb Allow comments in test data files 2017-10-12 23:22:17 +01:00
Andres Amaya Garcia
9fb02057a5 Fix typo in asn1.h 2017-10-12 23:21:37 +01:00
Andres Amaya Garcia
60100d09ee Improve leap year test names in x509parse.data 2017-10-12 23:21:37 +01:00
Andres Amaya Garcia
735b37eeef Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 23:21:37 +01:00
Janos Follath
b0f148c0ab Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-12 23:21:37 +01:00
Ron Eldor
73a381772b Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-12 23:21:37 +01:00
Gilles Peskine
8ca0e8fdff Minor style fix 2017-10-12 23:21:37 +01:00
Gilles Peskine
d98e9e8577 config.pl get: be better behaved
When printing an option's value, print a newline at the end.

When the requested option is missing, fail with status 1 (the usual
convention for "not found") rather than -1 (which has a
system-dependent effect).
2017-10-12 23:21:37 +01:00
Gilles Peskine
01f57e351c config.pl get: don't rewrite config.h; detect write errors
scripts/config.pl would always rewrite config.h if it was reading it.
This commit changes it to not modify the file when only reading is
required, i.e. for the get command.

Also, die if writing config.h fails (e.g. disk full).
2017-10-12 23:21:37 +01:00
Gilles Peskine
f0f55ccb72 Fixed "config.pl get" for options with no value
Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed
for config.h lines with a comment at the end, but that broke the case
of macros with an empty expansion. Support all cases.
2017-10-12 23:21:37 +01:00
Andres Amaya Garcia
bd9d42c236 Fix typo and bracketing in macro args 2017-10-12 23:21:37 +01:00
Gilles Peskine
4552bf7558 Allow comments in test data files 2017-10-12 23:20:56 +01:00
Andres Amaya Garcia
77f1b109ec Fix typo in asn1.h 2017-10-12 22:40:28 +01:00
Andres Amaya Garcia
47e7b56fb6 Improve leap year test names in x509parse.data 2017-10-12 19:55:03 +01:00
Andres Amaya Garcia
106637fc2d Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 19:54:46 +01:00
Janos Follath
88f5808c13 Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 12:49:09 +01:00
Ron Eldor
8dd73e62d2 Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 12:49:00 +01:00
Gilles Peskine
ae98d4aa39 Minor style fix 2017-10-10 17:46:19 +01:00
Gilles Peskine
ad8b9ec9e9 config.pl get: be better behaved
When printing an option's value, print a newline at the end.

When the requested option is missing, fail with status 1 (the usual
convention for "not found") rather than -1 (which has a
system-dependent effect).
2017-10-10 17:46:07 +01:00
Gilles Peskine
58e5fdc0ca config.pl get: don't rewrite config.h; detect write errors
scripts/config.pl would always rewrite config.h if it was reading it.
This commit changes it to not modify the file when only reading is
required, i.e. for the get command.

Also, die if writing config.h fails (e.g. disk full).
2017-10-10 17:45:33 +01:00
Gilles Peskine
134a082455 Fixed "config.pl get" for options with no value
Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed
for config.h lines with a comment at the end, but that broke the case
of macros with an empty expansion. Support all cases.
2017-10-10 17:45:00 +01:00
Andres Amaya Garcia
86968c6dd1 Fix typo and bracketing in macro args 2017-10-07 18:29:03 +01:00
Andres Amaya Garcia
3f50f511de Ensure failed test_suite output is sent to stdout
The change modifies the template code in tests/suites/helpers.function
and tests/suites/main.function so that error messages are printed to
stdout instead of being discarded. This makes errors visible regardless
of the --verbose flag being passed or not to the test suite programs.
2017-10-07 18:15:28 +01:00
Andres Amaya Garcia
def0339db2 Ensure failed test_suite output is sent to stdout
The change modifies the template code in tests/suites/helpers.function
and tests/suites/main.function so that error messages are printed to
stdout instead of being discarded. This makes errors visible regardless
of the --verbose flag being passed or not to the test suite programs.
2017-10-07 17:33:34 +01:00
Andres Amaya Garcia
67d8da522f Remove use of GNU sed features from ssl-opt.sh 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
3b1bdff285 Fix typos in ssl-opt.sh comments 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
b84c40b12f Add ssl-opt.sh test to check gmt_unix_time is good
Add a test to ssl-opt.sh that parses the client and server debug
output and then checks that the Unix timestamp in the ServerHello
message is within acceptable bounds.
2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
93993defd1 Extend ssl-opt.h so that run_test takes function
Extend the run_test function in ssl-opt.sh so that it accepts the -f
and -F options. These parameters take an argument which is the name of
a shell function that will be called by run_test and will be given the
client input and output debug log. The idea is that these functions are
defined by each test and they can be used to do some custom check
beyon those allowed by the pattern matching capabilities of the
run_test function.
2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
6bce9cb5ac Always print gmt_unix_time in TLS client
Change ssl_parse_server_hello() so that the parsed first four random
bytes from the ServerHello message are printed by the TLS client as
a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The
debug message will only be printed if debug_level is 3 or higher.

Unconditionally enabling the debug print enabled testing of this value.
2017-10-06 11:59:13 +01:00
Gilles Peskine
470edd031f Restored note about using minimum functionality in makefiles 2017-10-06 11:59:13 +01:00
Gilles Peskine
11cb578fda Note in README that GNU make is required
Our README claims that we only use basic Make functionality, but in
fact GNU make is required for conditional compilation. Document this.

Addresses issue #967
2017-10-06 11:59:13 +01:00
Simon Butcher
16373a5933 Fix changelog for ssl_server2.c usage fix 2017-10-06 11:59:13 +01:00
Ron Eldor
71f68c4043 Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-06 11:59:13 +01:00
Simon Butcher
2c4f9460ea Update ChangeLog for fix to #836 2017-10-06 11:59:13 +01:00
Hanno Becker
1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00