Commit Graph

1201 Commits

Author SHA1 Message Date
Janos Follath
da4ea3bd92 Changelog: Add entry for prime validation fix 2018-10-11 15:43:12 +01:00
Simon Butcher
5bcbd4e7f4 Add ChangeLog entry for PR #1811 2018-09-26 23:03:56 +01:00
Simon Butcher
86d32e690c Merge remote-tracking branch 'public/pr/1973' into mbedtls-2.1 2018-09-26 22:40:09 +01:00
Simon Butcher
0624b76361 Merge remote-tracking branch 'public/pr/1898' into mbedtls-2.1 2018-09-26 22:01:33 +01:00
Simon Butcher
96e0d8ebfc Clarified ChangeLog entry
ChangeLog entry for backport of #1890 was misleading, so corrected it.
2018-09-13 12:05:40 +01:00
Simon Butcher
d3a5393a38 Update library version number to 2.1.15 2018-08-31 16:10:48 +01:00
Simon Butcher
cb9f70e23d Fix misclassification of bug in Changelog 2018-08-31 12:01:43 +01:00
Simon Butcher
9add36bbcb Merge remote-tracking branch 'restricted/pr/497' into mbedtls-2.1-restricted 2018-08-28 15:31:41 +01:00
Simon Butcher
d22de0aaa7 Merge remote-tracking branch 'restricted/pr/492' into mbedtls-2.1-restricted 2018-08-28 15:23:56 +01:00
Simon Butcher
7a47cbca16 Merge remote-tracking branch 'public/pr/1137' into mbedtls-2.1 2018-08-28 12:33:27 +01:00
Simon Butcher
85e5bfd00c Merge remote-tracking branch 'public/pr/1889' into mbedtls-2.1 2018-08-28 12:26:33 +01:00
Simon Butcher
263ca7282e Merge remote-tracking branch 'public/pr/1957' into mbedtls-2.1 2018-08-28 12:17:38 +01:00
Simon Butcher
d288ac0e83 Merge remote-tracking branch 'public/pr/1959' into mbedtls-2.1 2018-08-28 11:53:47 +01:00
Hanno Becker
47a34ff29e Adapt ChangeLog 2018-08-23 15:12:24 +01:00
Hanno Becker
1a60330e08 Adapt ChangeLog 2018-08-22 15:05:36 +01:00
Hanno Becker
d3475498e5 Adapt ChangeLog 2018-08-17 10:11:31 +01:00
Hanno Becker
10652b10d9 Improve ChangeLog wording for the commmit that Fixes #1954. 2018-08-17 10:03:48 +01:00
Hanno Becker
10195ab853 Adapt ChangeLog 2018-08-16 15:53:17 +01:00
Hanno Becker
048dba33cf Adapt ChangeLog 2018-08-14 15:50:07 +01:00
Jaeden Amero
942cfea65f Merge remote-tracking branch 'upstream-public/pr/1815' into mbedtls-2.1 2018-08-10 11:00:40 +01:00
Jaeden Amero
e3bcd9a432 Merge remote-tracking branch 'upstream-public/pr/1887' into mbedtls-2.1 2018-08-10 10:50:03 +01:00
Ron Eldor
a4d836b403 Style fix
Add space in the ChangeLog.
2018-08-01 14:35:11 +03:00
Simon Butcher
92b04d9c55 Add ChangeLog entry for bug #1890 2018-07-30 22:15:36 +01:00
Ron Eldor
7b93b6af2f Fix typo
Fix typo in ChangeLog entry.
2018-07-30 11:08:57 +03:00
Ron Eldor
78e4cb967d Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:01:37 +03:00
Philippe Antoine
795eea6e1c Fix undefined shifts
- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key

and in ssl_cli.c : unsigned char gets promoted to signed integer
2018-07-26 22:51:18 +01:00
Simon Butcher
2f7f2b1f11 Merge remote-tracking branch 'restricted/pr/502' into mbedtls-2.1-restricted 2018-07-26 14:37:12 +01:00
Angus Gratton
ba25ffef87 Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:09:37 +03:00
Simon Butcher
d908494fe5 Clarify Changelog entries
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:33:29 +01:00
Jaeden Amero
dcec5bb527 Update version to 2.1.14 2018-07-25 15:42:55 +01:00
Simon Butcher
3339fe9a02 Merge remote-tracking branch 'restricted/pr/495' into mbedtls-2.1 2018-07-24 23:42:13 +01:00
Simon Butcher
3661642a49 Merge remote-tracking branch 'public/pr/1804' into mbedtls-2.1 2018-07-24 13:17:26 +01:00
Simon Butcher
be9c2dce5b Revise ChangeLog entry for empty data records fixes 2018-07-24 13:01:59 +01:00
Simon Butcher
642ddb555e Merge remote-tracking branch 'public/pr/1864' into mbedtls-2.1 2018-07-24 13:01:02 +01:00
Simon Butcher
c098ec3af6 Merge remote-tracking branch 'public/pr/1779' into mbedtls-2.1 2018-07-20 14:47:37 +01:00
Simon Butcher
ff5bd6220b Fix ChangeLog entry for issue #1663
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:59:02 +01:00
Simon Butcher
eebee76f93 Merge remote-tracking branch 'public/pr/1846' into mbedtls-2.1 2018-07-19 19:48:40 +01:00
Simon Butcher
f11daf6ff6 Merge remote-tracking branch 'public/pr/1850' into mbedtls-2.1 2018-07-19 16:14:44 +01:00
Ron Eldor
41273200a2 Update ChangeLog
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:16:12 +03:00
Andres Amaya Garcia
01daf2a5ef Add ChangeLog entry for empty app data fix 2018-07-16 20:22:28 +01:00
Angus Gratton
fd1c5e8453 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:20:51 +01:00
Angus Gratton
1226dd7715 CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:20:44 +01:00
k-stachowiak
b435e99693 Update change log 2018-07-16 12:27:34 +02:00
Manuel Pégourié-Gonnard
534fea790e Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
99b6a711c8 Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
69675d056a Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:20:33 +02:00
Simon Butcher
54cf322c05 Add fix for #1550 and credit to the ChangeLog 2018-07-10 23:02:15 +01:00
Simon Butcher
57e9fe2df4 Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1 2018-07-10 14:59:56 +01:00
Simon Butcher
ec971d7434 Merge remote-tracking branch 'public/pr/1828' into mbedtls-2.1 2018-07-10 12:51:03 +01:00
Gilles Peskine
2347d4eb3b Add ChangeLog entry 2018-07-10 13:03:54 +02:00