Merge remote-tracking branch 'restricted/pr/416' into development-restricted
* restricted/pr/416:
RSA PSS: remove redundant check; changelog
RSA PSS: fix first byte check for keys of size 8N+1
RSA PSS: fix minimum length check for keys of size 8N+1
RSA: Fix another buffer overflow in PSS signature verification
RSA: Fix buffer overflow in PSS signature verification
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 33f68fb..5e9d83d 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -8,7 +8,7 @@
## Bug
**OS**
-mbed-OS|linux|windows|
+Mbed OS|linux|windows|
**mbed TLS build:**
Version: x.x.x or git commit id
@@ -38,4 +38,4 @@
## Question
-**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)**
+**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)**
diff --git a/ChangeLog b/ChangeLog
index 4a2e710..94e64d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS x.x.x released xxxx-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
Security
* Fix buffer overflow in RSA-PSS verification when the hash is too
@@ -18,6 +18,12 @@
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
Found by projectgus and jethrogb, #836.
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
+ * Parse signature algorithm extension when renegotiating. Previously,
+ renegotiated handshakes would only accept signatures using SHA-1
+ regardless of the peer's preferences, or fail if SHA-1 was disabled.
+ * Fix leap year calculation in x509_date_is_valid() to ensure that invalid
+ dates on leap years with 100 and 400 intervals are handled correctly. Found
+ by Nicholas Wilson. #694
* Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
accepted. Generating these signatures required the private key.
diff --git a/README.md b/README.md
index 5ffd2ae..4270e80 100644
--- a/README.md
+++ b/README.md
@@ -1,37 +1,37 @@
-README for mbed TLS
+README for Mbed TLS
===================
Configuration
-------------
-mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
+Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
Compiling
---------
-There are currently four active build systems used within mbed TLS releases:
+There are currently four active build systems used within Mbed TLS releases:
- yotta
- GNU Make
- CMake
-- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010)
+- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later)
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
Yotta, as a build system, is slightly different from the other build systems:
- it provides a minimalistic configuration file by default
-- depending on the yotta target, features of mbed OS may be used in examples and tests
+- depending on the yotta target, features of Mbed OS may be used in examples and tests
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
### Yotta
-[yotta](http://yottabuild.org) is a package manager and build system developed by mbed, and is the build system of mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
+[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
-Once yotta is installed, you can use it to download the latest version of mbed TLS from the yotta registry with:
+Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with:
yotta install mbedtls
@@ -39,18 +39,18 @@
yotta build
-If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
+If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
yotta/create-module.sh
-This should be executed from the root mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
+This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
cd yotta/module
yotta build
In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
-For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
+For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
### Make
@@ -78,9 +78,9 @@
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
-Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
+Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
-In case you find that you need to do something else as well, please let us know what, so we can add it to the [mbed TLS knowledge base](https://tls.mbed.org/kb).
+In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS knowledge base](https://tls.mbed.org/kb).
### CMake
@@ -143,7 +143,7 @@
Tests
-----
-mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
+Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
@@ -158,14 +158,14 @@
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
-Porting mbed TLS
+Porting Mbed TLS
----------------
-mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
+Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
-- [Porting mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
-- [What external dependencies does mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
-- [How do I configure mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
+- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
+- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
+- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
Contributing
------------
@@ -176,12 +176,12 @@
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
-To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given.
+To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
### Making a Contribution
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
-2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
+2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
3. Write a test which shows that the bug was fixed or that the feature works as expected.
4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 082832c..e159e57 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -59,7 +59,7 @@
/**
* \name DER constants
- * These constants comply with DER encoded the ANS1 type tags.
+ * These constants comply with the DER encoded ASN.1 type tags.
* DER encoding uses hexadecimal representation.
* An example DER sequence is:\n
* - 0x02 -- tag indicating INTEGER
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 80be6ec..31c42db 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -63,8 +63,8 @@
#endif
#endif /* _MSC_VER */
-#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0)
-#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0)
+#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 )
+#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 )
#define close(fd) closesocket(fd)
static int wsa_init_done = 0;
@@ -85,7 +85,7 @@
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/* Some MS functions want int and MSVC warns if we pass size_t,
- * but the standard fucntions use socklen_t, so cast only for MSVC */
+ * but the standard functions use socklen_t, so cast only for MSVC */
#if defined(_MSC_VER)
#define MSVC_INT_CAST (int)
#else
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f137c3d..37f415d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1694,11 +1694,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
case MBEDTLS_TLS_EXT_SIG_ALG:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- break;
-#endif
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 10fff95..8467b13 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6187,7 +6187,6 @@
/* Check if new hostname is valid before
* making any change to current one */
-
if( hostname != NULL )
{
hostname_len = strlen( hostname );
@@ -6214,7 +6213,6 @@
else
{
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
-
if( ssl->hostname == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
diff --git a/library/x509.c b/library/x509.c
index e94a8a3..371d6da 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -496,9 +496,10 @@
return( 0 );
}
-static int x509_date_is_valid(const mbedtls_x509_time *t)
+static int x509_date_is_valid(const mbedtls_x509_time *t )
{
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
+ int month_len;
CHECK_RANGE( 0, 9999, t->year );
CHECK_RANGE( 0, 23, t->hour );
@@ -508,17 +509,22 @@
switch( t->mon )
{
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
- CHECK_RANGE( 1, 31, t->day );
+ month_len = 31;
break;
case 4: case 6: case 9: case 11:
- CHECK_RANGE( 1, 30, t->day );
+ month_len = 30;
break;
case 2:
- CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day );
+ if( ( !( t->year % 4 ) && t->year % 100 ) ||
+ !( t->year % 400 ) )
+ month_len = 29;
+ else
+ month_len = 28;
break;
default:
return( ret );
}
+ CHECK_RANGE( 1, month_len, t->day );
return( 0 );
}
diff --git a/scripts/config.pl b/scripts/config.pl
index 406413b..5a06a33 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -56,7 +56,7 @@
unset <symbol> - Comments out the #define for the given symbol if
present in the configuration file.
get <symbol> - Finds the #define for the given symbol, returning
- an exitcode of 0 if the symbol is found, and -1 if
+ an exitcode of 0 if the symbol is found, and 1 if
not. The value of the symbol is output if one is
specified in the configuration file.
full - Uncomments all #define's in the configuration file
@@ -175,7 +175,10 @@
$no_exclude_re = join '|', @non_excluded;
}
-open my $config_write, '>', $config_file or die "write $config_file: $!\n";
+my $config_write = undef;
+if ($action ne "get") {
+ open $config_write, '>', $config_file or die "write $config_file: $!\n";
+}
my $done;
for my $line (@config_lines) {
@@ -205,17 +208,19 @@
$done = 1;
}
} elsif (!$done && $action eq "get") {
- if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) {
+ if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) {
$value = $1;
$done = 1;
}
}
- print $config_write $line;
+ if (defined $config_write) {
+ print $config_write $line or die "write $config_file: $!\n";
+ }
}
# Did the set command work?
-if ($action eq "set"&& $force_option && !$done) {
+if ($action eq "set" && $force_option && !$done) {
# If the force option was set, append the symbol to the end of the file
my $line = "#define $name";
@@ -223,20 +228,22 @@
$line .= "\n";
$done = 1;
- print $config_write $line;
+ print $config_write $line or die "write $config_file: $!\n";
}
-close $config_write;
+if (defined $config_write) {
+ close $config_write or die "close $config_file: $!\n";
+}
if ($action eq "get") {
- if($done) {
+ if ($done) {
if ($value ne '') {
- print $value;
+ print "$value\n";
}
exit 0;
} else {
# If the symbol was not found, return an error
- exit -1;
+ exit 1;
}
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7fcca68..64f26a0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1470,6 +1470,40 @@
-s "=> renegotiate" \
-s "write hello request"
+# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
+# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
+# algorithm stronger than SHA-1 is enabled in config.h
+run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
+ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
+ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -c "=> renegotiate" \
+ -s "=> renegotiate" \
+ -S "write hello request" \
+ -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
+
+# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
+# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
+# algorithm stronger than SHA-1 is enabled in config.h
+run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
+ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
+ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
+ 0 \
+ -c "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -c "=> renegotiate" \
+ -s "=> renegotiate" \
+ -s "write hello request" \
+ -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
+
run_test "Renegotiation: double" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index b8c902e..d4cc11a 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1670,3 +1670,18 @@
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
+X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
+
+X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0
+
+X509 Get time (Generalized Time, year multiple of 400 is a leap year)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0
+
+X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0