- Merged back bugfixes from trunk (pre 0.99-pre2):

* Corrected parsing of UTCTime dates before 1990 and after 1950 * Support more exotic OID's when parsing certificates * Support more exotic name representations when parsing certificates * Replaced the expired test certificates * Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket Mbed-TLS#12)
tobbe303 · Feb 22, 2011 · 0271026 · 0271026
1 parent 82e6352
commit 0271026
Show file tree

Hide file tree

Showing 79 changed files with 2,712 additions and 3,088 deletions.
diff --git a/ChangeLog b/ChangeLog
diff --git a/include/polarssl/version.h b/include/polarssl/version.h
@@ -36,16 +36,16 @@
  */
 #define POLARSSL_VERSION_MAJOR  0
 #define POLARSSL_VERSION_MINOR  14
-#define POLARSSL_VERSION_PATCH  0
+#define POLARSSL_VERSION_PATCH  1
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define POLARSSL_VERSION_NUMBER         0x000E0000
-#define POLARSSL_VERSION_STRING         "0.14.0"
-#define POLARSSL_VERSION_STRING_FULL    "PolarSSL 0.14.0"
+#define POLARSSL_VERSION_NUMBER         0x000E0100
+#define POLARSSL_VERSION_STRING         "0.14.1"
+#define POLARSSL_VERSION_STRING_FULL    "PolarSSL 0.14.1"
 
 #if defined(POLARSSL_VERSION_C)
 

diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
@@ -122,7 +122,7 @@
 #define OID_CN                  "\x55\x04\x03"
 #define OID_PKCS1               "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
 #define OID_PKCS1_RSA           "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
-#define OID_PKCS1_RSA_SHA       "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05"
+#define OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
 #define OID_PKCS9               "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
 #define OID_PKCS9_EMAIL         "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
 

diff --git a/library/certs.c b/library/certs.c
diff --git a/library/dhm.c b/library/dhm.c
@@ -62,6 +62,37 @@ static int dhm_read_bignum( mpi *X,
     return( 0 );
 }
 
+/*
+ * Verify sanity of public value with regards to P
+ */
+static int dhm_verifypub( const mpi *P,  const mpi *pub_value )
+{
+    mpi X;
+
+    mpi_init( &X, NULL );
+    mpi_lset( &X, 1 );
+
+    /* Check G^Y or G^X is valid */
+    if( mpi_cmp_mpi( pub_value, &X ) <= 0 )
+    {
+        mpi_free( &X, NULL );
+        return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
+    }
+
+    /* Reset: x = P - 1 */
+    mpi_sub_int( &X, P, 1 );
+
+    if( mpi_cmp_mpi( pub_value, &X ) >= 0 )
+    {
+        mpi_free( &X, NULL );
+        return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
+    }
+
+    mpi_free( &X, NULL );
+
+    return( 0 );
+}
+
 /*
  * Parse the ServerKeyExchange parameters
  */
@@ -89,6 +120,9 @@ int dhm_read_params( dhm_context *ctx,
     if( end != *p + n )
         return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
 
+    if( ( ret = dhm_verifypub( &ctx->P, &ctx->GY ) ) != 0 )
+        return( ret );
+
     return( 0 );
 }
 
@@ -105,12 +139,12 @@ int dhm_make_params( dhm_context *ctx, int x_size,
     /*
      * Generate X as large as possible ( < P )
      */
-    n = x_size / sizeof( t_int );
+    n = x_size / sizeof( t_int ) + 1;
     MPI_CHK( mpi_grow( &ctx->X, n ) );
     MPI_CHK( mpi_lset( &ctx->X, 0 ) );
 
     p = (unsigned char *) ctx->X.p;
-    for( i = 0; i < x_size - 1; i++ )
+    for( i = 0; i < x_size; i++ )
         *p++ = (unsigned char) f_rng( p_rng );
 
     while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
@@ -122,6 +156,9 @@ int dhm_make_params( dhm_context *ctx, int x_size,
     MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
                           &ctx->P , &ctx->RP ) );
 
+    if( ( ret = dhm_verifypub( &ctx->P, &ctx->GX ) ) != 0 )
+        return( ret );
+
     /*
      * export P, G, GX
      */
@@ -184,13 +221,12 @@ int dhm_make_public( dhm_context *ctx, int x_size,
     /*
      * generate X and calculate GX = G^X mod P
      */
-    n = x_size / sizeof( t_int );
+    n = x_size / sizeof( t_int ) + 1;
     MPI_CHK( mpi_grow( &ctx->X, n ) );
     MPI_CHK( mpi_lset( &ctx->X, 0 ) );
 
-    n = x_size - 1;
     p = (unsigned char *) ctx->X.p;
-    for( i = 0; i < n; i++ )
+    for( i = 0; i < x_size; i++ )
         *p++ = (unsigned char) f_rng( p_rng );
 
     while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
@@ -199,6 +235,9 @@ int dhm_make_public( dhm_context *ctx, int x_size,
     MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
                           &ctx->P , &ctx->RP ) );
 
+    if( dhm_verifypub( &ctx->P, &ctx->GX ) != 0 )
+        return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED );
+
     MPI_CHK( mpi_write_binary( &ctx->GX, output, olen ) );
 
 cleanup:
@@ -223,6 +262,9 @@ int dhm_calc_secret( dhm_context *ctx,
     MPI_CHK( mpi_exp_mod( &ctx->K, &ctx->GY, &ctx->X,
                           &ctx->P, &ctx->RP ) );
 
+    if( ( ret = dhm_verifypub( &ctx->P, &ctx->GY ) ) != 0 )
+        return( ret );
+
     *olen = mpi_size( &ctx->K );
 
     MPI_CHK( mpi_write_binary( &ctx->K, output, *olen ) );

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
@@ -626,7 +626,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
 
     SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
 
-    if( ssl->client_auth == 0 )
+    if( ssl->client_auth == 0 || ssl->own_cert == NULL )
     {
         SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
         ssl->state++;

diff --git a/library/x509parse.c b/library/x509parse.c
@@ -269,9 +269,6 @@ static int x509_get_alg( unsigned char **p,
 }
 
 /*
- *  RelativeDistinguishedName ::=
- *    SET OF AttributeTypeAndValue
- *
  *  AttributeTypeAndValue ::= SEQUENCE {
  *    type     AttributeType,
  *    value    AttributeValue }
@@ -280,30 +277,18 @@ static int x509_get_alg( unsigned char **p,
  *
  *  AttributeValue ::= ANY DEFINED BY AttributeType
  */
-static int x509_get_name( unsigned char **p,
-                          const unsigned char *end,
-                          x509_name *cur )
+static int x509_get_attr_type_value( unsigned char **p,
+                                     const unsigned char *end,
+                                     x509_name *cur )
 {
     int ret, len;
-    const unsigned char *end2;
     x509_buf *oid;
     x509_buf *val;
 
-    if( ( ret = asn1_get_tag( p, end, &len,
-            ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
-        return( POLARSSL_ERR_X509_CERT_INVALID_NAME | ret );
-
-    end2 = end;
-    end  = *p + len;
-
     if( ( ret = asn1_get_tag( p, end, &len,
             ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_NAME | ret );
 
-    if( *p + len != end )
-        return( POLARSSL_ERR_X509_CERT_INVALID_NAME |
-                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
     oid = &cur->oid;
     oid->tag = **p;
 
@@ -334,9 +319,56 @@ static int x509_get_name( unsigned char **p,
 
     cur->next = NULL;
 
-    if( *p != end )
-        return( POLARSSL_ERR_X509_CERT_INVALID_NAME |
-                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+    return( 0 );
+}
+
+/*
+ *  RelativeDistinguishedName ::=
+ *    SET OF AttributeTypeAndValue
+ *
+ *  AttributeTypeAndValue ::= SEQUENCE {
+ *    type     AttributeType,
+ *    value    AttributeValue }
+ *
+ *  AttributeType ::= OBJECT IDENTIFIER
+ *
+ *  AttributeValue ::= ANY DEFINED BY AttributeType
+ */
+static int x509_get_name( unsigned char **p,
+                          const unsigned char *end,
+                          x509_name *cur )
+{
+    int ret, len;
+    const unsigned char *end2;
+    x509_name *use; 
+
+    if( ( ret = asn1_get_tag( p, end, &len,
+            ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
+        return( POLARSSL_ERR_X509_CERT_INVALID_NAME | ret );
+
+    end2 = end;
+    end  = *p + len;
+    use = cur;
+
+    do
+    {
+        if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
+            return( ret );
+
+        if( *p != end )
+        {
+            use->next = (x509_name *) malloc(
+                    sizeof( x509_name ) );
+
+            if( use->next == NULL )
+                return( 1 );
+
+            memset( use->next, 0, sizeof( x509_name ) );
+
+            use = use->next;
+        }
+    }
+    while( *p != end );
 
     /*
      * recurse until end of SEQUENCE is reached
@@ -388,7 +420,7 @@ static int x509_get_time( unsigned char **p,
                     &time->hour, &time->min, &time->sec ) < 5 )
             return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
 
-        time->year +=  100 * ( time->year < 90 );
+        time->year +=  100 * ( time->year < 50 );
         time->year += 1900;
 
         *p += len;
@@ -462,7 +494,7 @@ static int x509_get_pubkey( unsigned char **p,
                             x509_buf *pk_alg_oid,
                             mpi *N, mpi *E )
 {
-    int ret, len;
+    int ret, len, can_handle;
     unsigned char *end2;
 
     if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
@@ -471,8 +503,27 @@ static int x509_get_pubkey( unsigned char **p,
     /*
      * only RSA public keys handled at this time
      */
-    if( pk_alg_oid->len != 9 ||
-        memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 )
+    can_handle = 0;
+
+    if( pk_alg_oid->len == 9 &&
+        memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) == 0 )
+        can_handle = 1;
+
+    if( pk_alg_oid->len == 9 &&
+        memcmp( pk_alg_oid->p, OID_PKCS1, 8 ) == 0 )
+    {
+        if( pk_alg_oid->p[8] >= 2 && pk_alg_oid->p[8] <= 5 )
+            can_handle = 1;
+
+        if ( pk_alg_oid->p[8] >= 11 && pk_alg_oid->p[8] <= 14 )
+            can_handle = 1;
+    }
+
+    if( pk_alg_oid->len == 5 &&
+        memcmp( pk_alg_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
+        can_handle = 1;
+
+    if( can_handle == 0 )
         return( POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG );
 
     if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
@@ -811,6 +862,12 @@ static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
 
         return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
     }
+    if( sig_oid->len == 5 &&
+        memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
+    {
+        *sig_alg = SIG_RSA_SHA1;
+        return( 0 );
+    }
 
     return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
 }
@@ -2561,6 +2618,7 @@ int x509_self_test( int verbose )
     ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &i );
     if( ret != 0 )
     {
+        printf("%02x", i);
         if( verbose != 0 )
             printf( "failed\n" );
 

diff --git a/programs/ssl/test-ca/cert_digest.key b/programs/ssl/test-ca/cert_digest.key
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz1BT9bAJhnguZRmOjCkHU
-QjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGDJ39LlZIuoNbGhJRLs+Sm
-zP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHzaCYOYnXplXiBSBy5lpTH9
-2XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ8apGTnR//h2wkR+JSoTL
-33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1yleCiBkGMYeRQV3SWsSm1
-oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQABAoIBAAbw6iTJrYFuAyr7
-AzbzVDdnFAlWeN2Ah/mnHZMRhJUOwW6qYtpvqGsTIqERu4uJWgBiWG7fHPXd342L
-pUw7C0rsAf821o8hWa3u/V9/RqWZ08VpucUPa3MlGO3XDjlqWmmOI6RwiKbZAaaI
-m+eX40PwzjyHK41PRDn7SUUtuciWJA8zz7f6mYqt3abRoaVpqEAs4OfreKvn60lN
-SUgwrCVTVot7c+l+8QaXcvlH600um8Y/avLUbktxZMsSY47i0NIYmBGZahfvHLsE
-MmJwlkTInSXPHvKjAoCA4Ny7QWLsx6+xdcig3ZjvFeHaus48hR9dohV1V488XtXP
-u3ROIxkCgYEA8LpsoSjFCLL+6nz9Ca156UHD0oGUxVkxPH6ieHMnTCOT1ljl4WD2
-pO26NxZI46eWkl48qNMvQujufRS6KUB59KfLK4Is7yYFLkacoxkRuiUT9r3sKhYs
-MXU6ObiOA25gYCeu/OuRBbS6B/h03CuhVdkjbir28bbRUKuoi2fdLWsCgYEA6gmg
-N2/e00G6YHdNIQRIcfoOvGKvZeEvwJCTwV1BxKKRNgCKMYUT6/50fJW7Nwo+Kfem
-+4JCRz1/s9/N/F4pHo8DOHxRkQ+g55pi02S2kPJNYd4Mn1kxQ6s857PZkWCyyltD
-y+WRXN3N9ZrAto7+5Etwr2d3tb5zNotdKAYtoTUCgYBeoqs53/E1rkiQnnpLZ6tZ
-i8UT6GU4AAxfH9l3SK3WPNZNmb0lkRzlUZ+3MEePV77V474tEHiv8SpwecmFlhdb
-mutAO3i2u1emDZReeeiCKTlj8t343aaZ+t/c+TS7HJU+t9sPCvyEJbxMjdxDAdP3
-D9nh4XobJCe9cv5bb4V/6QKBgCLM1Z8Iqnh9UIphkv1y1pbkGObYQb6DcodOuDnL
-dSkZB0ChaesdH646wvV3ikQP6Nhys8i4QMS5F1EW2VlKYxDhMRhoG/TW/xURNtq6
-Ig+BiBIiY3waViH6x26oppRgbZV7ZqRd+XR2otZ/cWJz9uDZeuMKHpnOvPECXhLC
-gGx1AoGAfYLKfsB9Im+x1+JwmRz1bMHV93XrQbt6OFt4MQhfcnZqebO7KT3E5/XF
-NgjWiQcwTXPKzDxKE2YVpm/WKjh1ewypZ0eJa3PjbPG6aLlVtXGyNauQhyzlUwbZ
-nmvjOi6uZv+U+hhvfsTcRIGMfwtohqSouG8wbz59ILXQoZNESaM=
+MIIEpQIBAAKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1bYz/qrZBJre+Ea1ccxYM
+ZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2BgtgBtU9uVEmvHLr2Eu30kN
+nQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFnui4HZwsDL6IJ7fAzjwvO
+EO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLySruvfJ2sWVrfc7NFVV6Vu
+7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB37gdv3sBpWWi4B42t6Zc
+zDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQABAoIBACV0r5n2zDvTnzRG
+X2jfsFSmeq5jj6grTrdySxJNLT3d1EfhOXgylmGMaiL5EGIoI7BY5kAVgZKTxGRB
+4urT02M7CXKQ0QKKhE+4ZHsAUbOQ7y1vVDVg9bQ2vYJLorziHJxUUCjLXn4dntVQ
+Sdz0FO+pncfwAk1/aTfI3kgPd/qIsvnXfwnfSPkbn9JZeHSFuWR1nfaQzaz8y+h0
+g+gNrEzweix+llPk1s7WtficQdIOhiuD4+f7uQmCiUpNlFgojRc+CxVGtw0eCB1o
+74hNxswPGj9ianEGstzWWV2g4h83laTA2RvnGKsiZ0BisLw5KRmHkf0RPx+eZOBC
+gMS/ruECgYEA9K00uYKDSNq8dlmTaiOM9ppKPDr2B++0xNf+8TKNhsLIDxnsJulW
+LgZegCl6gExfyLbYT6XrG5FjNADSk5uD9oGqa1mPq6J7KAzpkZ1dvF/NtiHo4MAK
+Obj/jo084HCWIqMEhfve6UmkMiGg+6ht40LWYdeqlEd2Lwe6QUHSqmMCgYEAwc7c
+ZR+5kYeSjnLIxVbfHgBCcE44zcGnRI2wuzgZDQ+65rPnx5l6mEECmlzLudk7OSK7
+XGZODu1W7l/CUja8io6cuhZPMsnSrm1KJ+mMe3qKUH+eaeeisEMxsK4ZdvCKsGTe
+dg41Yi/V+TvsQocRqkSjq3bLaW3F/rQLJeZzpl0CgYEAmGL70IIhpBFfiVJWxqcn
+lzsW+xY5v02ix2pDRROYI5NSqF0bwExZOUcMOkQbIKbwjQCcDlcm67+MCopsnDQi
+Zzfw3PUlzt7eV15bZi6df8InS8Uo1jmk5Lh8qdr7TEmyqBXhrlTlS2RrGDHronEP
+J5isDroUak9rovTsItKNE0MCgYEAwOZyOzyeaRk1aA8bgj97B9NeTYWtyC3tnLAi
+rdWiKXv0nVeHZQWAHjbmrlmadLqg1beaINe67eSRV+V79nSAqLBVkmpOHdD/n5kr
+7BnrN6O6M3EybVqedS4MMTy4H8g/Yl6jhYGS5M2T/eQEvhrOHFkBRtKQl7kpDuCJ
+EAoWJgkCgYEA7Ey6LpS40L/fU5BosQwPGu82Sh/V+WRwR3QZZHxiyKoh1v3qAA/6
+3jw/xsrM0Br311DUTUPRQQLnyAzmzZqWmJWEZU7YS55NdTG3R75NzB2ZAffV4W+Y
+lE0G2DglzGeZQV8n3FK3fEu1hVkIoYfq4+6YqO6YPbpa49xbwZ2AJdU=
 -----END RSA PRIVATE KEY-----