From efdfeeba6a97b0c1f9d28fe5972263d8e0a6c70d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 12:15:13 +0100 Subject: [PATCH 01/27] Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA --- tests/ssl-opt.sh | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d7e0b8c01..92acd4e1f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,7 +2106,7 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='20'} +: ${MAX_IM_CA:='19'} MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 34164a83f..0dfdd61c2 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -7,7 +7,7 @@ #include "mbedtls/oid.h" #include "mbedtls/base64.h" -#if MBEDTLS_X509_MAX_INTERMEDIATE_CA >= 19 +#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ than the current threshold 19. To test larger values, please \ adapt the script tests/data_files/dir-max/long.sh." From bcfa6f42e3da922d13722fe912dcb772649e501c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 15:59:35 +0100 Subject: [PATCH 02/27] Fix the check for max CA intermediates in ssl-opt.sh The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA so the check has been changed to confirm the default value, and to show an error otherwise. --- tests/ssl-opt.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 92acd4e1f..280fc6348 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,22 +2106,17 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='19'} +MAX_IM_CA='8' MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) -if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then +if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then printf "The ${CONFIG_H} file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is greater than the script’s\n" + printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" printf "test value of ${MAX_IM_CA}. \n" printf "\n" - printf "By default, this value cannot be higher as there are insufficient\n" - printf "test certificate files available to test with.\n" + printf "The tests assume this value and if it changes, the tests in this\n" + printf "script should also be adjusted.\n" printf "\n" - printf "To generate additional test certificates use the script:\n" - printf " tests/data_files/dir-maxpath/long.sh\n" - printf "\n" - printf "To test using an alternative value, please set the environment variable\n" - printf "MAX_IM_CA or change the default value in the script tests/ssl-opt.sh.\n" exit 1 fi From c6f346b60cc15e392eb9cb3927fbff1169a0d9a7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 28 Jul 2017 16:36:51 +0100 Subject: [PATCH 03/27] Fix get option in config.pl script --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 2757f17fe..406413bd5 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*(.*)\s*\b/) { + if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { $value = $1; $done = 1; } From c08d9ddd55f192dec6537fa10ee303628af59ee0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 04/27] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 55cccd5e6..f3fa22c00 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From d5a75f44a16ed54605ee327886c52d90aa0351dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 05/27] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f3fa22c00..ecbbb4c8b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 368d55c549b27a258949162e1a8fd2cd0f559111 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 06/27] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ecbbb4c8b..e7c42737e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 7faf92a2febc1483e678f9ca477346094767dad8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 07/27] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index e7c42737e..59bdfaef6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From a207e750892e140860480b41f7745b0de22a52b7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 08/27] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 59bdfaef6..8db6551c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From f16ce1cfb7bd60e220bd772248da0b207c9a1412 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 09/27] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 ++++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh From e9b3f7ea3f0288e4d15dde069abbee1776c904ce Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 10/27] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 13067fca9d78ca30d18d0ddbc80b761e76f21aca Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 11/27] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From cf61d7d9921db0b94f0b2da10b34affc09a0a7e5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 12/27] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From 2dfb02151d0e5de147beeccd0bc88492409171dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 13/27] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- test/git-scripts/README.md | 16 ------------ test/git-scripts/pre-push.sh | 47 ------------------------------------ 2 files changed, 63 deletions(-) delete mode 100644 test/git-scripts/README.md delete mode 100755 test/git-scripts/pre-push.sh diff --git a/test/git-scripts/README.md b/test/git-scripts/README.md deleted file mode 100644 index 6bd9110c5..000000000 --- a/test/git-scripts/README.md +++ /dev/null @@ -1,16 +0,0 @@ -README for git hooks script -=========================== -git has a way to run scripts, which are invoked by specific git commands. -The git hooks are located in `/.git/hooks`, and as such are not under version control -for more information, see the [git documentation](https://git-scm.com/docs/githooks). - -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. - -Example: - -Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` - -**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** - -These scripts can also be used independently. diff --git a/test/git-scripts/pre-push.sh b/test/git-scripts/pre-push.sh deleted file mode 100755 index ee54a6cff..000000000 --- a/test/git-scripts/pre-push.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# pre-push.sh -# -# This file is part of mbed TLS (https://tls.mbed.org) -# -# Copyright (c) 2017, ARM Limited, All Rights Reserved -# -# Purpose -# -# Called by "git push" after it has checked the remote status, but before anything has been -# pushed. If this script exits with a non-zero status nothing will be pushed. -# This script can also be used independently, not using git. -# -# This hook is called with the following parameters: -# -# $1 -- Name of the remote to which the push is being done -# $2 -- URL to which the push is being done -# -# If pushing without using a named remote those arguments will be equal. -# -# Information about the commits which are being pushed is supplied as lines to -# the standard input in the form: -# -# -# - -REMOTE="$1" -URL="$2" - -echo "REMOTE is $REMOTE" -echo "URL is $URL" - -set -eu - -run_test() -{ - TEST=$1 - echo "running '$TEST'" - if ! `$TEST > /dev/null 2>&1`; then - echo "test '$TEST' failed" - return 1 - fi -} - -run_test ./tests/scripts/check-doxy-blocks.pl -run_test ./tests/scripts/check-names.sh -run_test ./tests/scripts/check-generated-files.sh From ce49a250333ff25ca896108bc3f953cbb21f9638 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 14/27] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db6551c5..59a1c0d63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 6b171e4aec10ccde54196cede7496a4295d7f13d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 15/27] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 59a1c0d63..1b1028bff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -237,6 +237,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From f601ec5f34a3795bd32b2f0113d7479812f2928c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:22:17 +0100 Subject: [PATCH 16/27] Reliably zeroize sensitive data in Crypt-and-Hash sample application The AES sample application programs/aes/crypt_and_hash could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears all command line arguments (one of which might be the key) before exit. --- programs/aes/crypt_and_hash.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index adb95e03c..a16e91e18 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -224,8 +224,6 @@ int main( int argc, char *argv[] ) } } - memset( argv[6], 0, strlen( argv[6] ) ); - #if defined(_WIN32_WCE) filesize = fseek( fin, 0L, SEEK_END ); #else @@ -303,8 +301,6 @@ int main( int argc, char *argv[] ) } - memset( key, 0, sizeof( key ) ); - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, MBEDTLS_ENCRYPT ) != 0 ) { @@ -444,8 +440,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &md_ctx, digest ); } - memset( key, 0, sizeof( key ) ); - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, MBEDTLS_DECRYPT ) != 0 ) { @@ -540,7 +534,16 @@ exit: if( fout ) fclose( fout ); + /* Zeroize all command line arguments to also cover + the case when the user has missed or reordered some, + in which case the key might not be in argv[6]. */ + for( i = 0; i < argc; i++ ) + memset( argv[i], 0, strlen( argv[i] ) ); + + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); memset( buffer, 0, sizeof( buffer ) ); + memset( output, 0, sizeof( output ) ); memset( digest, 0, sizeof( digest ) ); mbedtls_cipher_free( &cipher_ctx ); From ce37e6269ed709ad08da0924cb5e6635ebf36860 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:24:34 +0100 Subject: [PATCH 17/27] Reliably zeroize sensitive data in AES sample application The AES sample application programs/aes/aescrypt2 could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears another temporary buffer as well as all command line arguments (one of which might be the key) before exit. --- programs/aes/aescrypt2.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index c77d77f5f..7cd3349fe 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -79,7 +79,9 @@ int main( int argc, char *argv[] ) FILE *fkey, *fin = NULL, *fout = NULL; char *p; + unsigned char IV[16]; + unsigned char tmp[16]; unsigned char key[512]; unsigned char digest[32]; unsigned char buffer[1024]; @@ -123,10 +125,10 @@ int main( int argc, char *argv[] ) } mode = atoi( argv[1] ); - memset(IV, 0, sizeof(IV)); - memset(key, 0, sizeof(key)); - memset(digest, 0, sizeof(digest)); - memset(buffer, 0, sizeof(buffer)); + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); + memset( digest, 0, sizeof( digest ) ); + memset( buffer, 0, sizeof( buffer ) ); if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT ) { @@ -185,8 +187,6 @@ int main( int argc, char *argv[] ) } } - memset( argv[4], 0, strlen( argv[4] ) ); - #if defined(_WIN32_WCE) filesize = fseek( fin, 0L, SEEK_END ); #else @@ -272,7 +272,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &sha_ctx, digest ); } - memset( key, 0, sizeof( key ) ); mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 ); mbedtls_md_hmac_starts( &sha_ctx, digest, 32 ); @@ -319,7 +318,6 @@ int main( int argc, char *argv[] ) if( mode == MODE_DECRYPT ) { - unsigned char tmp[16]; /* * The encrypted file must be structured as follows: @@ -374,7 +372,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &sha_ctx, digest ); } - memset( key, 0, sizeof( key ) ); mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 ); mbedtls_md_hmac_starts( &sha_ctx, digest, 32 ); @@ -441,6 +438,15 @@ exit: if( fout ) fclose( fout ); + /* Zeroize all command line arguments to also cover + the case when the user has missed or reordered some, + in which case the key might not be in argv[4]. */ + for( i = 0; i < (unsigned int) argc; i++ ) + memset( argv[i], 0, strlen( argv[i] ) ); + + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); + memset( tmp, 0, sizeof( tmp ) ); memset( buffer, 0, sizeof( buffer ) ); memset( digest, 0, sizeof( digest ) ); From 7ec83df47fe478781b6b2e104a1e2c1feb69bfb8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:26:53 +0100 Subject: [PATCH 18/27] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1b1028bff..6bf2a5a6d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,9 @@ Security (default: 8) intermediates, even when it was not trusted. Could be triggered remotely on both sides. (With auth_mode set to required (default), the handshake was correctly aborted.) + * Realiably zeroize sensitive data after use in AES example applications + programs/aes/aescrypt2 and programs/aes/crypt_and_hash. + Found by Laurent Simon. Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 840bace4176a89553d42468b8f58b5b75118594f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 11:36:21 +0100 Subject: [PATCH 19/27] Correct comment --- programs/aes/aescrypt2.c | 3 +-- programs/aes/crypt_and_hash.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 7cd3349fe..4acf38dd7 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -155,7 +155,7 @@ int main( int argc, char *argv[] ) } /* - * Read the secret key and clean the command line. + * Read the secret key from file or command line */ if( ( fkey = fopen( argv[4], "rb" ) ) != NULL ) { @@ -318,7 +318,6 @@ int main( int argc, char *argv[] ) if( mode == MODE_DECRYPT ) { - /* * The encrypted file must be structured as follows: * diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a16e91e18..0e272ebe4 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -192,7 +192,7 @@ int main( int argc, char *argv[] ) } /* - * Read the secret key and clean the command line. + * Read the secret key from file or command line */ if( ( fkey = fopen( argv[6], "rb" ) ) != NULL ) { From 61937d4a83db6b5d976ca45e3517336809db2539 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Apr 2017 15:01:23 +0100 Subject: [PATCH 20/27] Rename time and index parameter to avoid name conflict. As noted in #557, several functions use 'index' resp. 'time' as parameter names in their declaration and/or definition, causing name conflicts with the functions in the C standard library of the same name some compilers warn about. This commit renames the arguments accordingly. --- ChangeLog | 2 ++ include/mbedtls/ecp.h | 4 ++-- include/mbedtls/x509.h | 10 +++++----- library/cmac.c | 6 +++--- library/entropy.c | 14 ++++++------- library/x509.c | 44 ++++++++++++++++++++--------------------- library/x509write_crt.c | 8 ++++---- 7 files changed, 45 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6bf2a5a6d..fb8d32143 100644 --- a/ChangeLog +++ b/ChangeLog @@ -172,6 +172,8 @@ Bugfix The PK and RSA modules use different types for passing hash length and without these checks the type cast could lead to data loss. Found by Guido Vranken. + * Avoid shadowing of time and index functions through mbed TLS function + arguments. Found by inestlerode. Fixes #557. = mbed TLS 2.4.2 branch released 2017-03-08 diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index bf9abeff6..dad9aef00 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -461,7 +461,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \brief Set a group using well-known domain parameters * * \param grp Destination group - * \param index Index in the list of well-known domain parameters + * \param id Index in the list of well-known domain parameters * * \return 0 if successful, * MBEDTLS_ERR_MPI_XXX if initialization failed @@ -470,7 +470,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \note Index should be a value of RFC 4492's enum NamedCurve, * usually in the form of a MBEDTLS_ECP_DP_XXX macro. */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index ); +int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** * \brief Set a group from a TLS ECParameters record diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 128eaded6..d7e318dfd 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -247,12 +247,12 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se * \note Intended usage is "if( is_past( valid_to ) ) ERROR". * Hence the return value of 1 if on internal errors. * - * \param time mbedtls_x509_time to check + * \param to mbedtls_x509_time to check * * \return 1 if the given time is in the past or an error occured, * 0 otherwise. */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *time ); +int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); /** * \brief Check a given mbedtls_x509_time against the system time @@ -261,12 +261,12 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *time ); * \note Intended usage is "if( is_future( valid_from ) ) ERROR". * Hence the return value of 1 if on internal errors. * - * \param time mbedtls_x509_time to check + * \param from mbedtls_x509_time to check * * \return 1 if the given time is in the future or an error occured, * 0 otherwise. */ -int mbedtls_x509_time_is_future( const mbedtls_x509_time *time ); +int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); /** * \brief Checkup routine @@ -295,7 +295,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts ); int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *time ); + mbedtls_x509_time *t ); int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ); int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, diff --git a/library/cmac.c b/library/cmac.c index 035ad071d..6df56aa9a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -169,10 +169,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1, const unsigned char *input2, const size_t block_size ) { - size_t index; + size_t idx; - for( index = 0; index < block_size; index++ ) - output[ index ] = input1[ index ] ^ input2[ index ]; + for( idx = 0; idx < block_size; idx++ ) + output[ idx ] = input1[ idx ] ^ input2[ idx ]; } /* diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7..23de4062a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -132,24 +132,24 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, mbedtls_entropy_f_source_ptr f_source, void *p_source, size_t threshold, int strong ) { - int index, ret = 0; + int idx, ret = 0; #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) return( ret ); #endif - index = ctx->source_count; - if( index >= MBEDTLS_ENTROPY_MAX_SOURCES ) + idx = ctx->source_count; + if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES ) { ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES; goto exit; } - ctx->source[index].f_source = f_source; - ctx->source[index].p_source = p_source; - ctx->source[index].threshold = threshold; - ctx->source[index].strong = strong; + ctx->source[idx].f_source = f_source; + ctx->source[idx].p_source = p_source; + ctx->source[idx].threshold = threshold; + ctx->source[idx].strong = strong; ctx->source_count++; diff --git a/library/x509.c b/library/x509.c index 88e32b067..e94a8a329 100644 --- a/library/x509.c +++ b/library/x509.c @@ -496,25 +496,25 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res ) return( 0 ); } -static int x509_date_is_valid(const mbedtls_x509_time *time) +static int x509_date_is_valid(const mbedtls_x509_time *t) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; - CHECK_RANGE( 0, 9999, time->year ); - CHECK_RANGE( 0, 23, time->hour ); - CHECK_RANGE( 0, 59, time->min ); - CHECK_RANGE( 0, 59, time->sec ); + CHECK_RANGE( 0, 9999, t->year ); + CHECK_RANGE( 0, 23, t->hour ); + CHECK_RANGE( 0, 59, t->min ); + CHECK_RANGE( 0, 59, t->sec ); - switch( time->mon ) + switch( t->mon ) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: - CHECK_RANGE( 1, 31, time->day ); + CHECK_RANGE( 1, 31, t->day ); break; case 4: case 6: case 9: case 11: - CHECK_RANGE( 1, 30, time->day ); + CHECK_RANGE( 1, 30, t->day ); break; case 2: - CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day ); + CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); break; default: return( ret ); @@ -528,7 +528,7 @@ static int x509_date_is_valid(const mbedtls_x509_time *time) * field. */ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, - mbedtls_x509_time *time ) + mbedtls_x509_time *tm ) { int ret; @@ -542,26 +542,26 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, /* * Parse year, month, day, hour, minute */ - CHECK( x509_parse_int( p, yearlen, &time->year ) ); + CHECK( x509_parse_int( p, yearlen, &tm->year ) ); if ( 2 == yearlen ) { - if ( time->year < 50 ) - time->year += 100; + if ( tm->year < 50 ) + tm->year += 100; - time->year += 1900; + tm->year += 1900; } - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); + CHECK( x509_parse_int( p, 2, &tm->mon ) ); + CHECK( x509_parse_int( p, 2, &tm->day ) ); + CHECK( x509_parse_int( p, 2, &tm->hour ) ); + CHECK( x509_parse_int( p, 2, &tm->min ) ); /* * Parse seconds if present */ if ( len >= 2 ) { - CHECK( x509_parse_int( p, 2, &time->sec ) ); + CHECK( x509_parse_int( p, 2, &tm->sec ) ); len -= 2; } else @@ -582,7 +582,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, if ( 0 != len ) return ( MBEDTLS_ERR_X509_INVALID_DATE ); - CHECK( x509_date_is_valid( time ) ); + CHECK( x509_date_is_valid( tm ) ); return ( 0 ); } @@ -593,7 +593,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, * generalTime GeneralizedTime } */ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *time ) + mbedtls_x509_time *tm ) { int ret; size_t len, year_len; @@ -619,7 +619,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, if( ret != 0 ) return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - return x509_parse_time( p, len, year_len, time ); + return x509_parse_time( p, len, year_len, tm ); } int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d1d9a22a7..4d674abcf 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -264,7 +264,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, } static int x509_write_time( unsigned char **p, unsigned char *start, - const char *time, size_t size ) + const char *t, size_t size ) { int ret; size_t len = 0; @@ -272,10 +272,10 @@ static int x509_write_time( unsigned char **p, unsigned char *start, /* * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ - if( time[0] == '2' && time[1] == '0' && time [2] < '5' ) + if( t[0] == '2' && t[1] == '0' && t[2] < '5' ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) time + 2, + (const unsigned char *) t + 2, size - 2 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) ); @@ -283,7 +283,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start, else { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) time, + (const unsigned char *) t, size ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) ); From 9fae22269b154024d8c5a99c2aba6caa585da1a8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 22:32:23 +0100 Subject: [PATCH 21/27] Fix ChangeLog for duplication after merge --- ChangeLog | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index fb8d32143..5ecf181eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's @@ -25,7 +9,7 @@ Security (default: 8) intermediates, even when it was not trusted. Could be triggered remotely on both sides. (With auth_mode set to required (default), the handshake was correctly aborted.) - * Realiably zeroize sensitive data after use in AES example applications + * Reliably zeroize sensitive data after use in AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. From a55e084bce6e4d74af0380ec8ae852cfb1ee357e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 23:46:43 +0100 Subject: [PATCH 22/27] Fix naked call to time() with platform call In ssl_cache.c a call to time() was being made instead of it's platform equivalent. --- library/ssl_cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 9b62de2dc..c771d7fe2 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -138,7 +138,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = time( NULL ), oldest = 0; + mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0; mbedtls_ssl_cache_entry *old = NULL; #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; From a418e82a35abeab3cd24f2ea0cd7162771308b53 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 23:52:10 +0100 Subject: [PATCH 23/27] Add credit to Changelog to fix for #666 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5ecf181eb..0b92f2a51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,8 @@ Bugfix * Fix a potential integer overflow in the version verification for DER encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. + * Fix a call to the libc function time() to call the platform abstraction + function mbedtls_time() instead. Found by wairua. Fix for #666 Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of From 3f2557e6f132a564a92484be2d7d90d26cd8ccf5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Aug 2017 18:06:12 +0100 Subject: [PATCH 24/27] Fix style and missing item in ChangeLog --- ChangeLog | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0b92f2a51..7e00019fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,9 +7,9 @@ Security mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) - * Reliably zeroize sensitive data after use in AES example applications + triggered remotely on both sides. (With auth_mode set to 'required' + (the default), the handshake was correctly aborted). + * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. @@ -18,15 +18,16 @@ Features and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden - by the user in a platform_alt.h file. This new APIs are required in some - embedded environments that have hardware acceleration support. + by the user in a platform_alt.h file. These new functions are required in + some embedded environments to provide a means to initialise underlying + hardware acceleration. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 - Found by James Cowgill. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found + by James Cowgill. #978 * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. @@ -35,40 +36,45 @@ API Changes a fatal error in the vrfy callback. Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported + * Add a check if iv_len is zero, and return an error if it is zero. Reported by roberto. #716 * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 + always be implemented by pthread support. #696 * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. - Found by redplait #590 + Found by redplait. #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 + Reported and fix suggested by guidovranken. #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER - encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously + encoded X.509 certificates. The overflow could enable maliciously constructed certificates to bypass the certificate verification check. * Fix a call to the libc function time() to call the platform abstraction - function mbedtls_time() instead. Found by wairua. Fix for #666 + function mbedtls_time() instead. Found by wairua. #666 + * Avoid shadowing of time and index functions through mbed TLS function + arguments. Found by inestlerode. #557. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. #708 + 64-bit division. This is useful on embedded platforms where 64-bit division + created a dependency on external libraries. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file config-no-entropy.h to reduce the RAM footprint. + * Added a test script that can be hooked into git that verifies commits + before they are pushed. = mbed TLS 2.5.1 released 2017-06-21 @@ -158,8 +164,6 @@ Bugfix The PK and RSA modules use different types for passing hash length and without these checks the type cast could lead to data loss. Found by Guido Vranken. - * Avoid shadowing of time and index functions through mbed TLS function - arguments. Found by inestlerode. Fixes #557. = mbed TLS 2.4.2 branch released 2017-03-08 @@ -228,9 +232,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From 85b602e5d0ba9fb8c5e8dd1b0eccf7268289a3f2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 25/27] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7e00019fd..a696591b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,6 +75,7 @@ Changes config-no-entropy.h to reduce the RAM footprint. * Added a test script that can be hooked into git that verifies commits before they are pushed. + * Improve documentation of PKCS1 decryption functions. = mbed TLS 2.5.1 released 2017-06-21 From 01971d094e8c49e57a2ca8e90f4d7f3bf9761f2c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Aug 2017 10:48:01 +0100 Subject: [PATCH 26/27] Fix language in Changelog for clarity --- ChangeLog | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index a696591b6..d3ad3b967 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + * Fix authentication bypass in SSL/TLS: when authmode is set to optional, mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to 'required' + (default: 8) intermediates, even when it was not trusted. This could be + triggered remotely from either side. (With authmode set to 'required' (the default), the handshake was correctly aborted). * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. @@ -19,8 +19,8 @@ Features platform-specific setup and teardown operations. The macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden by the user in a platform_alt.h file. These new functions are required in - some embedded environments to provide a means to initialise underlying - hardware acceleration. + some embedded environments to provide a means of initialising underlying + cryptographic acceleration hardware. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the @@ -31,19 +31,18 @@ API Changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the + * With authmode set to optional, the TLS handshake is now aborted if the verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. + a fatal error in the verify callback. Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. Reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + * Add a check if iv_len is zero in GCM, and return an error if it is zero. + Reported by roberto. #716 + * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait. #590 + * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(), + in the case of an error. Found by redplait. #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken. #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit From 72ea31b026e1fc61b01662474aa5125817b968bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Aug 2017 11:51:16 +0100 Subject: [PATCH 27/27] Update version number to 2.6.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 10 +++++----- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3ad3b967..227faed6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.6.0 branch released 2017-08-10 Security * Fix authentication bypass in SSL/TLS: when authmode is set to optional, diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 929c1bee5..87b5041bb 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.5.1 source code documentation + * @mainpage mbed TLS v2.6.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 4bc322df5..5df1c932d 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.5.1" +PROJECT_NAME = "mbed TLS v2.6.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 45486a995..3b209a6b0 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -38,17 +38,17 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 5 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_MINOR 6 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02050100 -#define MBEDTLS_VERSION_STRING "2.5.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.5.1" +#define MBEDTLS_VERSION_NUMBER 0x02060000 +#define MBEDTLS_VERSION_STRING "2.6.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7a9f185e2..c332d4577 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -140,15 +140,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.5.1 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.6.0 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.5.1 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.6.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.5.1 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.6.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 2432b46eb..1442a384c 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.5.1" +check_compiletime_version:"2.6.0" Check runtime library version -check_runtime_version:"2.5.1" +check_runtime_version:"2.6.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0