Permalink
Browse files

update polarssl to 1.3.9

  • Loading branch information...
1 parent 42c2dcd commit 031ab21d7a65ddde7ac692110b7ba54dbd53bc65 @mind04 mind04 committed with mind04 Dec 13, 2014
Showing with 472 additions and 167 deletions.
  1. +6 −6 pdns/ext/polarssl/CMakeLists.txt
  2. +47 −0 pdns/ext/polarssl/ChangeLog
  3. +1 −1 pdns/ext/polarssl/include/polarssl/bignum.h
  4. +2 −2 pdns/ext/polarssl/include/polarssl/bn_mul.h
  5. +1 −1 pdns/ext/polarssl/include/polarssl/config.h
  6. +1 −1 pdns/ext/polarssl/include/polarssl/error.h
  7. +19 −14 pdns/ext/polarssl/include/polarssl/ssl.h
  8. +4 −4 pdns/ext/polarssl/include/polarssl/version.h
  9. +2 −0 pdns/ext/polarssl/include/polarssl/x509.h
  10. +1 −1 pdns/ext/polarssl/library/CMakeLists.txt
  11. +7 −2 pdns/ext/polarssl/library/asn1parse.c
  12. +18 −1 pdns/ext/polarssl/library/base64.c
  13. +5 −1 pdns/ext/polarssl/library/bignum.c
  14. +1 −1 pdns/ext/polarssl/library/cipher_wrap.c
  15. +3 −1 pdns/ext/polarssl/library/ecp.c
  16. +2 −0 pdns/ext/polarssl/library/error.c
  17. +1 −2 pdns/ext/polarssl/library/gcm.c
  18. +2 −2 pdns/ext/polarssl/library/md.c
  19. +6 −6 pdns/ext/polarssl/library/memory_buffer_alloc.c
  20. +8 −3 pdns/ext/polarssl/library/net.c
  21. +1 −1 pdns/ext/polarssl/library/pk.c
  22. +1 −1 pdns/ext/polarssl/library/pkcs5.c
  23. +85 −2 pdns/ext/polarssl/library/pkwrite.c
  24. +1 −1 pdns/ext/polarssl/library/rsa.c
  25. +25 −25 pdns/ext/polarssl/library/ssl_ciphersuites.c
  26. +27 −2 pdns/ext/polarssl/library/ssl_cli.c
  27. +13 −1 pdns/ext/polarssl/library/ssl_srv.c
  28. +52 −33 pdns/ext/polarssl/library/ssl_tls.c
  29. +8 −7 pdns/ext/polarssl/library/timing.c
  30. +20 −31 pdns/ext/polarssl/library/x509.c
  31. +29 −3 pdns/ext/polarssl/library/x509_create.c
  32. +73 −11 pdns/ext/polarssl/library/x509_crt.c
@@ -4,22 +4,22 @@ project(POLARSSL C)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
if(CMAKE_COMPILER_IS_GNUCC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement")
+ set(CMAKE_C_FLAGS "-Wall -Wextra -W -Wdeclaration-after-statement -Wlogical-op -Wwrite-strings")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1")
- set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS} -Werror -O1 -Wlogical-op -Wwrite-strings")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
+ set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wpointer-arith -Wwrite-strings -Wdocumentation -Wunreachable-code")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1")
- set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS} -Werror -O1 -Wpointer-arith -Wwrite-strings -Wdocumentation -Wunreachable-code")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
+ set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
endif(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
@@ -1,5 +1,52 @@
PolarSSL ChangeLog (Sorted per branch, date)
+= PolarSSL 1.3.9 released 2014-10-20
+Security
+ * Lowest common hash was selected from signature_algorithms extension in
+ TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
+ * Remotely-triggerable memory leak when parsing some X.509 certificates
+ (server is not affected if it doesn't ask for a client certificate)
+ (found using Codenomicon Defensics).
+ * Remotely-triggerable memory leak when parsing crafted ClientHello
+ (not affected if ECC support was compiled out) (found using Codenomicon
+ Defensics).
+
+Bugfix
+ * Support escaping of commas in x509_string_to_names()
+ * Fix compile error in ssl_pthread_server (found by Julian Ospald).
+ * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
+ * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
+ * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
+ * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST
+ are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito).
+ * Remove non-existent file from VS projects (found by Peter Vaskovic).
+ * ssl_read() could return non-application data records on server while
+ renegotation was pending, and on client when a HelloRequest was received.
+ * Server-initiated renegotiation would fail with non-blocking I/O if the
+ write callback returned WANT_WRITE when requesting renegotiation.
+ * ssl_close_notify() could send more than one message in some circumstances
+ with non-blocking I/O.
+ * Fix compiler warnings on iOS (found by Sander Niemeijer).
+ * x509_crt_parse() did not increase total_failed on PEM error
+ * Fix compile error with armcc in mpi_is_prime()
+ * Fix potential bad read in parsing ServerHello (found by Adrien
+ Vialletelle).
+
+Changes
+ * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
+ standard defining how to use SHA-2 with SSL 3.0).
+ * Ciphersuites using RSA-PSK key exchange new require TLS 1.x (the spec is
+ ambiguous on how to encode some packets with SSL 3.0).
+ * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if
+ RSA is disabled, larger if POLARSSL_MPI_MAX_SIZE is larger.
+ * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
+ POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
+ * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
+ RSA keys.
+ * Accept spaces at end of line or end of buffer in base64_decode().
+ * X.509 certificates with more than one AttributeTypeAndValue per
+ RelativeDistinguishedName are not accepted any more.
+
= PolarSSL 1.3.8 released 2014-07-11
Security
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
@@ -90,7 +90,7 @@ typedef UINT64 uint64_t;
* Note: Calculations can results temporarily in larger MPIs. So the number
* of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
*/
-#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
#endif /* !POLARSSL_MPI_MAX_SIZE */
#define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
@@ -833,8 +833,8 @@
#define MULADDC_CORE \
r = *(s++) * (t_udbl) b; \
- r0 = r; \
- r1 = r >> biL; \
+ r0 = (t_uint) r; \
+ r1 = (t_uint)( r >> biL ); \
r0 += c; r1 += (r0 < c); \
r0 += *d; r1 += (r0 < *d); \
c = r1; *(d++) = r0;
@@ -2113,7 +2113,7 @@
/* MPI / BIGNUM options */
//#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
-//#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+//#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
/* CTR_DRBG options */
//#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
@@ -91,7 +91,7 @@
* ECP 4 8 (Started from top)
* MD 5 4
* CIPHER 6 6
- * SSL 6 9 (Started from top)
+ * SSL 6 10 (Started from top)
* SSL 7 31
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)
@@ -145,6 +145,7 @@
#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
+#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
/*
* Various constants
@@ -204,6 +205,7 @@
#define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1
+
#define SSL_COMPRESS_NULL 0
#define SSL_COMPRESS_DEFLATE 1
@@ -560,8 +562,8 @@ struct _ssl_transform
#if defined(POLARSSL_SSL_PROTO_SSL3)
/* Needed only for SSL v3.0 secret */
- unsigned char mac_enc[48]; /*!< SSL v3.0 secret (enc) */
- unsigned char mac_dec[48]; /*!< SSL v3.0 secret (dec) */
+ unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
+ unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
#endif /* POLARSSL_SSL_PROTO_SSL3 */
md_context_t md_ctx_enc; /*!< MAC (encryption) */
@@ -1491,23 +1493,26 @@ void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
/**
* \brief Enforce server-requested renegotiation.
* (Default: enforced, max_records = 16)
- * (No effect on client.)
*
- * When a server requests a renegotiation, the client can
- * comply or ignore the request. This function allows the
- * server to decide if it should enforce its renegotiation
- * requests by closing the connection if the client doesn't
- * initiate a renegotiation.
+ * When we request a renegotiation, the peer can comply or
+ * ignore the request. This function allows us to decide
+ * whether to enforce our renegotiation requests by closing
+ * the connection if the peer doesn't comply.
*
- * However, records could already be in transit from the
- * client to the server when the request is emitted. In order
- * to increase reliability, the server can accept a number of
- * records containing application data before the ClientHello
- * that was requested.
+ * However, records could already be in transit from the peer
+ * when the request is emitted. In order to increase
+ * reliability, we can accept a number of records before the
+ * expected handshake records.
*
* The optimal value is highly dependent on the specific usage
* scenario.
*
+ * \warning On client, the grace period can only happen during
+ * ssl_read(), as opposed to ssl_write() and ssl_renegotiate()
+ * which always behave as if max_record was 0. The reason is,
+ * if we receive application data from the server, we need a
+ * place to write it, which only happens during ssl_read().
+ *
* \param ssl SSL context
* \param max_records Use SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
* enforce renegotiation, or a non-negative value to enforce
@@ -1632,7 +1637,7 @@ int ssl_renegotiate( ssl_context *ssl );
*
* \param ssl SSL context
* \param buf buffer that will hold the data
- * \param len how many bytes must be read
+ * \param len maximum number of bytes to read
*
* \return This function returns the number of bytes read, 0 for EOF,
* or a negative error code.
@@ -43,16 +43,16 @@
*/
#define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 3
-#define POLARSSL_VERSION_PATCH 8
+#define POLARSSL_VERSION_PATCH 9
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define POLARSSL_VERSION_NUMBER 0x01030800
-#define POLARSSL_VERSION_STRING "1.3.8"
-#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.8"
+#define POLARSSL_VERSION_NUMBER 0x01030900
+#define POLARSSL_VERSION_STRING "1.3.9"
+#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.9"
#if defined(POLARSSL_VERSION_C)
@@ -143,6 +143,8 @@
#define X509_FORMAT_DER 1
#define X509_FORMAT_PEM 2
+#define X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -118,7 +118,7 @@ endif()
if(USE_SHARED_POLARSSL_LIBRARY)
add_library(polarssl SHARED ${src})
- set_target_properties(polarssl PROPERTIES VERSION 1.3.8 SOVERSION 7)
+ set_target_properties(polarssl PROPERTIES VERSION 1.3.9 SOVERSION 7)
target_link_libraries(polarssl ${libs})
@@ -47,6 +47,11 @@
#include <string.h>
#include <stdlib.h>
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
/*
* ASN.1 DER decoding routines
*/
@@ -311,7 +316,7 @@ int asn1_get_alg( unsigned char **p,
if( *p == end )
{
- memset( params, 0, sizeof(asn1_buf) );
+ polarssl_zeroize( params, sizeof(asn1_buf) );
return( 0 );
}
@@ -356,7 +361,7 @@ void asn1_free_named_data( asn1_named_data *cur )
polarssl_free( cur->oid.p );
polarssl_free( cur->val.p );
- memset( cur, 0, sizeof( asn1_named_data ) );
+ polarssl_zeroize( cur, sizeof( asn1_named_data ) );
}
void asn1_free_named_data_list( asn1_named_data **head )
@@ -147,15 +147,32 @@ int base64_decode( unsigned char *dst, size_t *dlen,
uint32_t j, x;
unsigned char *p;
+ /* First pass: check for validity and get output length */
for( i = n = j = 0; i < slen; i++ )
{
+ /* Skip spaces before checking for EOL */
+ x = 0;
+ while( i < slen && src[i] == ' ' )
+ {
+ ++i;
+ ++x;
+ }
+
+ /* Spaces at end of buffer are OK */
+ if( i == slen )
+ break;
+
if( ( slen - i ) >= 2 &&
src[i] == '\r' && src[i + 1] == '\n' )
continue;
if( src[i] == '\n' )
continue;
+ /* Space inside a line is an error */
+ if( x != 0 )
+ return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
+
if( src[i] == '=' && ++j > 2 )
return( POLARSSL_ERR_BASE64_INVALID_CHARACTER );
@@ -182,7 +199,7 @@ int base64_decode( unsigned char *dst, size_t *dlen,
for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
{
- if( *src == '\r' || *src == '\n' )
+ if( *src == '\r' || *src == '\n' || *src == ' ' )
continue;
j -= ( base64_dec_map[*src] == 64 );
@@ -2057,7 +2057,11 @@ int mpi_is_prime( mpi *X,
void *p_rng )
{
int ret;
- const mpi XX = { 1, X->n, X->p }; /* Abs(X) */
+ mpi XX;
+
+ XX.s = 1;
+ XX.n = X->n;
+ XX.p = X->p;
if( mpi_cmp_int( &XX, 0 ) == 0 ||
mpi_cmp_int( &XX, 1 ) == 0 )
@@ -1313,7 +1313,7 @@ static int null_setkey( void *ctx, const unsigned char *key,
static void * null_ctx_alloc( void )
{
- return( (void *) 1 )
+ return( (void *) 1 );
}
static void null_ctx_free( void *ctx )
@@ -495,7 +495,7 @@ int ecp_point_read_binary( const ecp_group *grp, ecp_point *pt,
int ret;
size_t plen;
- if ( ilen < 1 )
+ if( ilen < 1 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
if( buf[0] == 0x00 )
@@ -952,7 +952,9 @@ static int ecp_double_jac( const ecp_group *grp, ecp_point *R,
MOD_SUB( X3 );
}
else
+ {
MPI_CHK( mpi_mul_mpi( &X3, &X3, &grp->A ) ); MOD_MUL( X3 );
+ }
MPI_CHK( mpi_add_mpi( &T3, &T3, &X3 ) ); MOD_ADD( T3 );
MPI_CHK( mpi_mul_mpi( &X3, &T3, &T3 ) ); MOD_MUL( X3 );
@@ -450,6 +450,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
+ if( use_ret == -(POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) )
+ snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" );
#endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
@@ -220,7 +220,6 @@ static void gcm_mult( gcm_context *ctx, const unsigned char x[16],
#endif /* POLARSSL_AESNI_C && POLARSSL_HAVE_X86_64 */
lo = x[15] & 0xf;
- hi = x[15] >> 4;
zh = ctx->HH[lo];
zl = ctx->HL[lo];
@@ -354,7 +353,7 @@ int gcm_update( gcm_context *ctx,
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
* Also check for possible overflow */
if( ctx->len + length < ctx->len ||
- (uint64_t) ctx->len + length > 0x03FFFFE0llu )
+ (uint64_t) ctx->len + length > 0x03FFFFE0ull )
{
return( POLARSSL_ERR_GCM_BAD_INPUT );
}
@@ -53,13 +53,13 @@ static void polarssl_zeroize( void *v, size_t n ) {
static const int supported_digests[] = {
#if defined(POLARSSL_SHA512_C)
- POLARSSL_MD_SHA384,
POLARSSL_MD_SHA512,
+ POLARSSL_MD_SHA384,
#endif
#if defined(POLARSSL_SHA256_C)
- POLARSSL_MD_SHA224,
POLARSSL_MD_SHA256,
+ POLARSSL_MD_SHA224,
#endif
#if defined(POLARSSL_SHA1_C)
Oops, something went wrong.

0 comments on commit 031ab21

Please sign in to comment.