From 0aaefcebc0658b081f440ccede43504532d90c8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Oct 2015 13:42:11 +0100 Subject: [PATCH 1/9] Actually ignore most non-fatal alerts fixes #308 --- ChangeLog | 6 ++++++ library/ssl_tls.c | 26 +++++++++++++++++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3ca926813..1c132ab51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.15 released 2015-10-xx + +Bugfix + * Fix bug causing some handshakes to fail due to some non-fatal alerts not + begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 + = mbed TLS 1.3.14 released 2015-10-06 Security diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7fc9d9908..44e558257 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2211,6 +2211,7 @@ int ssl_read_record( ssl_context *ssl ) /* * Read the record header and validate it */ +read_record_header: if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); @@ -2408,7 +2409,7 @@ int ssl_read_record( ssl_context *ssl ) ssl->in_msg[0], ssl->in_msg[1] ) ); /* - * Ignore non-fatal alerts, except close_notify + * Ignore non-fatal alerts, except close_notify and no_renego */ if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL ) { @@ -2423,6 +2424,29 @@ int ssl_read_record( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ); } + + if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == SSL_ALERT_MSG_NO_RENEGOTIATION ) + { + SSL_DEBUG_MSG( 2, ( "is a no_renegotiation" ) ); + /* Will be handled when trying to parse ServerHello */ + ssl->in_left = 0; + return( 0 ); + } + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 && + ssl->endpoint == SSL_IS_SERVER && + ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT ) + { + SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + /* Will be handled in ssl_parse_certificate() */ + ssl->in_left = 0; + return( 0 ); + } + + /* Silently discard: fetch new message */ + goto read_record_header; } ssl->in_left = 0; From c094a9722305e7589309e6233e078641d27fd621 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 9 Oct 2015 14:47:17 +0100 Subject: [PATCH 2/9] ECHDE-PSK does not use a certificate fixes #270 --- ChangeLog | 3 +++ include/polarssl/ssl_ciphersuites.h | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1c132ab51..928012f84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix bug causing some handshakes to fail due to some non-fatal alerts not begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 + * Fix build error with configurations where ECDHE-PSK is the only key + exchange. Found and fix provided by Chris Hammond. #270 + = mbed TLS 1.3.14 released 2015-10-06 diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h index 1fcf4c70d..f0519ca36 100644 --- a/include/polarssl/ssl_ciphersuites.h +++ b/include/polarssl/ssl_ciphersuites.h @@ -252,7 +252,6 @@ typedef enum { defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ - defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) #define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED From 7bbabeae8f65800ca7c86aebffab5ad77c30eb32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Oct 2015 14:52:24 +0200 Subject: [PATCH 3/9] Disable reportedly broken assembly of Sparc(64) fixes #292 --- ChangeLog | 3 ++- include/polarssl/bn_mul.h | 11 ++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 928012f84..71fdd7b96 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,7 +7,8 @@ Bugfix begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 * Fix build error with configurations where ECDHE-PSK is the only key exchange. Found and fix provided by Chris Hammond. #270 - + * Fix failures in MPI on Sparc(64) due to use of bad assembly code. + Found by Kurt Danielson. #292 = mbed TLS 1.3.14 released 2015-10-06 diff --git a/include/polarssl/bn_mul.h b/include/polarssl/bn_mul.h index b2eb1e8c7..55b94a74d 100644 --- a/include/polarssl/bn_mul.h +++ b/include/polarssl/bn_mul.h @@ -409,10 +409,11 @@ #endif /* PPC32 */ /* - * The Sparc64 assembly is reported to be broken. + * The Sparc(64) assembly is reported to be broken. * Disable it for now, until we're able to fix it. */ -#if 0 && defined(__sparc__) && defined(__sparc64__) +#if 0 && defined(__sparc__) +#if defined(__sparc64__) #define MULADDC_INIT \ asm( \ @@ -443,9 +444,8 @@ : "g1", "o0", "o1", "o2", "o3", "o4", \ "o5" \ ); -#endif /* SPARCv9 */ -#if defined(__sparc__) && !defined(__sparc64__) +#else /* __sparc64__ */ #define MULADDC_INIT \ asm( \ @@ -477,7 +477,8 @@ "o5" \ ); -#endif /* SPARCv8 */ +#endif /* __sparc64__ */ +#endif /* __sparc__ */ #if defined(__microblaze__) || defined(microblaze) From c4baf98ce6fe404a98007eab4e72e604aa5e7617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Oct 2015 16:40:29 +0200 Subject: [PATCH 4/9] Fix typo in an OID name fixes #314 --- ChangeLog | 1 + library/oid.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 71fdd7b96..5af160921 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ Bugfix exchange. Found and fix provided by Chris Hammond. #270 * Fix failures in MPI on Sparc(64) due to use of bad assembly code. Found by Kurt Danielson. #292 + * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314 = mbed TLS 1.3.14 released 2015-10-06 diff --git a/library/oid.c b/library/oid.c index b616d7ea9..682b84541 100644 --- a/library/oid.c +++ b/library/oid.c @@ -268,7 +268,7 @@ static const oid_x509_ext_t oid_x509_ext[] = EXT_KEY_USAGE, }, { - { ADD_LEN( OID_EXTENDED_KEY_USAGE ), "id-ce-keyUsage", "Extended Key Usage" }, + { ADD_LEN( OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, EXT_EXTENDED_KEY_USAGE, }, { From b76e43651ef16b703c81b89bc62ff1a7a3c56a97 Mon Sep 17 00:00:00 2001 From: Jonathan Leroy Date: Wed, 14 Oct 2015 09:41:56 +0200 Subject: [PATCH 5/9] Fix boolean values according to DER specs In BER encoding, any boolean with a non-zero value is considered as TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE. This commit makes `mbedtls_asn1_write_bool` function uses `255` instead of `1` for BOOLEAN values. With this fix, boolean values are now reconized by OS X keychain (tested on OS X 10.11). Fixes #318. --- library/asn1write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/asn1write.c b/library/asn1write.c index df9442ef8..92282b120 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -192,7 +192,7 @@ int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ) if( *p - start < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (boolean) ? 1 : 0; + *--(*p) = (boolean) ? 255 : 0; len++; ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); From 094788ed7d149f09ad3e702e8279d6767ed1096d Mon Sep 17 00:00:00 2001 From: Jonathan Leroy Date: Wed, 14 Oct 2015 13:15:22 +0200 Subject: [PATCH 6/9] Test certificate "Server1 SHA1, key_usage" reissued. --- tests/data_files/server1.key_usage.crt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt index 8a4c480c8..8f4e59f2d 100644 --- a/tests/data_files/server1.key_usage.crt +++ b/tests/data_files/server1.key_usage.crt @@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf -BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAQEEBAMCAeAw -DQYJKoZIhvcNAQEFBQADggEBAFd3JxNC2rEz94ProSZcv8NNk3e3Dhfms84qjkCM -YhLyZCZywZ2cj3bXThNGVND81UNgqyzk/MEGfKh5d0EHD8v97H7Zvs/EN814d0UC -/BZWlXqX9XInjxlI3baJrRWvsJJdRxMqub9LGBdhgZAtF1BVF9fk2QrV0GW6VN7a -dGYdRYO80yf+vf5g41A0DIi3dhdLF1H7UPDwfUwkF5QckXw0yqueszcmxvCAnxng -AUKoFS971WWCjCo8lMzOXOjeAwmibihT9XBabVzN1w3gOfSBbpHFi770bWgbKPWu -csFKtvrXGtLVQeKkfI1lIMWWeddvkMWWBIqFrkBBLLOI4+A= +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw +DQYJKoZIhvcNAQEFBQADggEBABKC/1x0m57EY4H412ue3ghCWgg07VcRKamnUSTs +tnqI5T0mSvuPrxhINdQB6360ibctBkXP3S9rxGHiUdeK/JqxYs2YamCs50TSWpon +p4Hzcmjsw1YgXsQ6pmYwkzU03zqs361gt7JSOzL2dN0IjwIy47qfLQb/AXhX2Ims +7gBuqVpYqJuSHR0qsN/c6WgIE3IrbK1MB6CJTkxBfcSc5E4oUIBHmww+RSVLOczM +nGk3U13dmfG0ndhMtrMyyxBZZSUwoZLjRZ6J5mHSv+k8oo1PYQeiivNEP53mgVaY +ha0gLUIk6zNBRpY1uUmxQ+RQSMIyYPBb1RedHn2s8El2mlo= -----END CERTIFICATE----- From 96e75ac97cc85817f81f3c674e3e4fe443a88ef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Oct 2015 15:02:21 +0100 Subject: [PATCH 7/9] Add ChangeLog entry for previous two commits --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5af160921..cd2eeb45f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ Bugfix * Fix failures in MPI on Sparc(64) due to use of bad assembly code. Found by Kurt Danielson. #292 * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314 + * Fix bug in ASN.1 encoding of booleans that caused generated CA + certificates to be rejected by some applications, including OS X + Keychain. Found and fixed by Jonathan Leroy, Inikup. = mbed TLS 1.3.14 released 2015-10-06 From 2744df4f7a1854a9f1fc7b85587df7a4fd4cf8e0 Mon Sep 17 00:00:00 2001 From: Jonathan Leroy Date: Sat, 10 Oct 2015 21:58:07 +0200 Subject: [PATCH 8/9] cert_write : fix "Destination buffer is too small" error This commit fixes the `Destination buffer is too small` error returned by `mbedtls_cert_write` command when the values of `subject_name` or `issuer_name` parameters exceed 128 characters. I have increased the size of these varaibles from 128 to 256 characters, but I don't know if it's the best way to solve this issue... Fixes #315. --- programs/x509/cert_write.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 5010193d2..57cb6c7c0 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -190,11 +190,11 @@ int main( int argc, char *argv[] ) pk_context *issuer_key = &loaded_issuer_key, *subject_key = &loaded_subject_key; char buf[1024]; - char issuer_name[128]; + char issuer_name[256]; int i; char *p, *q, *r; #if defined(POLARSSL_X509_CSR_PARSE_C) - char subject_name[128]; + char subject_name[256]; x509_csr csr; #endif x509write_cert crt; From 664b751572a70a942fdad9fa19e94d9cf77a505a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Oct 2015 15:07:37 +0100 Subject: [PATCH 9/9] Add ChangeLog entry for previous commit --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index cd2eeb45f..593e7519a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Bugfix * Fix bug in ASN.1 encoding of booleans that caused generated CA certificates to be rejected by some applications, including OS X Keychain. Found and fixed by Jonathan Leroy, Inikup. + * Fix "Destination buffer is too small" error in cert_write program. + Found and fixed by Jonathan Leroy, Inikup. = mbed TLS 1.3.14 released 2015-10-06