Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature

In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
This commit is contained in:
Janos Follath 2016-09-08 10:44:16 +01:00 committed by Simon Butcher
parent aac152328d
commit 30b273c78e

View File

@ -11,10 +11,6 @@ Security
mbedtls_x509write_csr_der() when the signature is copied to the buffer
without checking whether there is enough space in the destination. The
issue cannot be triggered remotely. (found by Jethro Beekman)
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
mbedtls_x509write_csr_der() when the signature is copied to the buffer
without checking whether there is enough space in the destination. The
issue cannot be triggered remotely. (found by Jethro Beekman)
Bugfix
* Fix an issue that caused valid certificates being rejected whenever an
@ -40,22 +36,6 @@ Changes
accepting certificates with non-standard time format (that is without
seconds or with a time zone). Patch provided by OpenVPN.
Bugfix
* Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
* Fix incorrect handling of block lengths in crypt_and_hash sample program,
when GCM is used. #441
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
enabled unless others were also present. Found by David Fernandez. #428
* Fixed configuration of debug output in cert_app sample program.
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
builds where the configuration POLARSSL_PEM_WRITE_C is not defined. Found
by inestlerode. #559.
* Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
= mbed TLS 1.3.17 branch 2016-06-28
Security