Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
Include changes from the 1.2 branch
Remove unused headers in o_p_test
Add countermeasure against cache-based lucky 13
Make results of (ext)KeyUsage accessible
Fix missing NULL check in MPI
Fix detection of getrandom()
Fix "make install" handling of symlinks
Fix bugs in programs displaying verify flags
Conflicts:
Makefile
include/polarssl/ssl.h
library/entropy_poll.c
library/ssl_srv.c
library/ssl_tls.c
programs/test/o_p_test.c
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
diff --git a/ChangeLog b/ChangeLog
index d50ded9..8415d24 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -117,6 +117,11 @@
errors on use of deprecated functions.
Bugfix
+ * mpi_size() and mpi_msb() would segfault when called on an mpi that is
+ initialized but not set (found by pravic).
+ * Fix detection of support for getrandom() on Linux (reported by syzzer) by
+ doing it at runtime (using uname) rather that compile time.
+ * Fix handling of symlinks by "make install" (found by Gaël PORTAY).
* Fix potential NULL pointer dereference (not trigerrable remotely) when
ssl_write() is called before the handshake is finished (introduced in
1.3.10) (first reported by Martin Blumenstingl).
@@ -663,6 +668,67 @@
* RSA blinding on CRT operations to counter timing attacks
(found by Cyril Arnaud and Pierre-Alain Fouque)
+
+= Version 1.2.14 released 2015-05-??
+
+Security
+ * Fix potential invalid memory read in the server, that allows a client to
+ crash it remotely (found by Caj Larsson).
+ * Fix potential invalid memory read in certificate parsing, that allows a
+ client to crash the server remotely if client authentication is enabled
+ (found using Codenomicon Defensics).
+ * Add countermeasure against "Lucky 13 strikes back" cache-based attack,
+ https://dl.acm.org/citation.cfm?id=2714625
+
+Bugfix
+ * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
+ * Fix hardclock() (only used in the benchmarking program) with some
+ versions of mingw64 (found by kxjhlele).
+ * Fix warnings from mingw64 in timing.c (found by kxjklele).
+ * Fix potential unintended sign extension in asn1_get_len() on 64-bit
+ platforms (found with Coverity Scan).
+
+= Version 1.2.13 released 2015-02-16
+Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
+ this will be made in the 1.2 branch at this point.
+
+Security
+ * Fix remotely-triggerable uninitialised pointer dereference caused by
+ crafted X.509 certificate (TLS server is not affected if it doesn't ask
+ for a client certificate) (found using Codenomicon Defensics).
+ * Fix remotely-triggerable memory leak caused by crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate)
+ (found using Codenomicon Defensics).
+ * Fix potential stack overflow while parsing crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate)
+ found using Codenomicon Defensics).
+ * Fix buffer overread of size 1 when parsing crafted X.509 certificates
+ (TLS server is not affected if it doesn't ask for a client certificate).
+
+Bugfix
+ * Fix potential undefined behaviour in Camellia.
+ * Fix memory leaks in PKCS#5 and PKCS#12.
+ * Stack buffer overflow if ctr_drbg_update() is called with too large
+ add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
+ * Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced
+ in 1.2.12).
+ * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
+ Peter Vaskovic).
+ * Fix assembly selection for MIPS64 (thanks to James Cowgill).
+ * ssl_get_verify_result() now works even if the handshake was aborted due
+ to a failed verification (found by Fredrik Axelsson).
+ * Skip writing and parsing signature_algorithm extension if none of the
+ key exchanges enabled needs certificates. This fixes a possible interop
+ issue with some servers when a zero-length extension was sent. (Reported
+ by Peter Dettman.)
+ * On a 0-length input, base64_encode() did not correctly set output length
+ (found by Hendrik van den Boogaard).
+
+Changes
+ * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
+ * Forbid repeated extensions in X.509 certificates.
+ * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
+ length of an X.509 verification chain (default = 8).
= Version 1.2.12 released 2014-10-24
Security
diff --git a/Makefile b/Makefile
index df1ce27..c58ccd1 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,7 @@
cp -r include/mbedtls $(DESTDIR)/include
mkdir -p $(DESTDIR)/lib
- cp library/libmbedtls.* $(DESTDIR)/lib
+ cp -RP library/libmbedtls.* $(DESTDIR)/lib
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 84f47e1..a2bb339 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -150,7 +150,9 @@
mbedtls_mpi;
/**
- * \brief Initialize one MPI
+ * \brief Initialize one MPI (make internal references valid)
+ * This just makes it ready to be set or freed,
+ * but does not define a value for the MPI.
*
* \param X One MPI to initialize.
*/
diff --git a/library/bignum.c b/library/bignum.c
index 07892c5..9776092 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -356,6 +356,9 @@
{
size_t i, j;
+ if( X->n == 0 )
+ return( 0 );
+
for( i = X->n - 1; i > 0; i-- )
if( X->p[i] != 0 )
break;
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 51d69a5..aff52ba 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -86,27 +86,46 @@
{
return( syscall( SYS_getrandom, buf, buflen, flags ) );
}
-#endif /* SYS_getrandom */
-#endif /* __linux__ */
-#if defined(HAVE_GETRANDOM)
-
-#include <errno.h>
-
-int mbedtls_platform_entropy_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
+#include <sys/utsname.h>
+/* Check if version is at least 3.17.0 */
+static int check_version_3_17_plus( void )
{
- int ret;
- ((void) data);
+ int minor;
+ struct utsname un;
+ const char *ver;
- if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ /* Get version information */
+ uname(&un);
+ ver = un.release;
- *olen = ret;
+ /* Check major version; assume a single digit */
+ if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
+ return( -1 );
+
+ if( ver[0] - '0' > 3 )
+ return( 0 );
+
+ /* Ok, so now we know major == 3, check minor.
+ * Assume 1 or 2 digits. */
+ if( ver[2] < '0' || ver[2] > '9' )
+ return( -1 );
+
+ minor = ver[2] - '0';
+
+ if( ver[3] >= '0' && ver[3] <= '9' )
+ minor = 10 * minor + ver[3] - '0';
+ else if( ver [3] != '.' )
+ return( -1 );
+
+ if( minor < 17 )
+ return( -1 );
+
return( 0 );
}
-
-#else /* HAVE_GETRANDOM */
+static int has_getrandom = -1;
+#endif /* SYS_getrandom */
+#endif /* __linux__ */
#include <stdio.h>
@@ -117,6 +136,22 @@
size_t ret;
((void) data);
+#if defined(HAVE_GETRANDOM)
+ if( has_getrandom == -1 )
+ has_getrandom = ( check_version_3_17_plus() == 0 );
+
+ if( has_getrandom )
+ {
+ int ret;
+
+ if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
+ return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
+
+ *olen = ret;
+ return( 0 );
+ }
+#endif /* HAVE_GETRANDOM */
+
*olen = 0;
file = fopen( "/dev/urandom", "rb" );
@@ -135,7 +170,6 @@
return( 0 );
}
-#endif /* HAVE_GETRANDOM */
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index d699c80..35cdce4 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -176,12 +176,12 @@
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}
else
{
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", flags );
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", ret );
goto exit;
}
}
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 5da83d7..8fce55a 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -1,3 +1,6 @@
+Arguments with no value
+mpi_null:
+
Base test mpi_read_write_string #1
mpi_read_write_string:10:"128":10:"128":100:0:0
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index bf4f0b3..134d220 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -8,6 +8,25 @@
*/
/* BEGIN_CASE */
+void mpi_null( )
+{
+ mbedtls_mpi X, Y, Z;
+
+ mbedtls_mpi_init( &X );
+ mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init( &Z );
+
+ TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_msb( &X ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 );
+
+exit:
+ mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mpi_read_write_string( int radix_X, char *input_X, int radix_A,
char *input_A, int output_size, int result_read,
int result_write )