Ron Eldor
34b03ef78f
Remove redundant else
statement
...
Remove `else` statement, as it is redundant. resolves #1776
2018-08-20 10:39:27 +03:00
Jaeden Amero
d8f41698d2
Merge remote-tracking branch 'upstream-public/pr/1598' into development
...
Add a Changelog entry
2018-08-10 11:23:15 +01:00
Jaeden Amero
cac0c1a250
Merge remote-tracking branch 'upstream-public/pr/1378' into development
2018-08-10 10:59:53 +01:00
Ron Eldor
1b9b217abf
enforce input and output of ccm selftest on stack
...
In `mbedtls_ccm_self_test()`, enforce input and output
buffers sent to the ccm API to be contigous and aligned,
by copying the test vectors to buffers on the stack.
2018-07-30 11:29:26 +03:00
Angus Gratton
608a487b9c
Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
...
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-27 09:15:34 +10:00
Jaeden Amero
193c86425e
Update version to 2.12.0
2018-07-25 15:42:26 +01:00
Simon Butcher
37b9fd5df6
Merge remote-tracking branch 'restricted/pr/490' into development
2018-07-24 23:40:37 +01:00
Simon Butcher
2c92949e0a
Merge remote-tracking branch 'public/pr/1198' into development
2018-07-24 17:20:17 +01:00
Simon Butcher
c88c627fba
Merge remote-tracking branch 'public/pr/1658' into development
2018-07-24 17:19:10 +01:00
Ron Eldor
9ab746c7c9
Add selftests
...
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Ron Eldor
cb349ac279
Implement the KW and KWP algorithm
...
1. Add kw to the Makefiles
2. Implement the algorithms as defined in SP800-38F, and RFC 3394.
2018-07-24 16:43:20 +01:00
Ron Eldor
466a57fbbe
Key wrapping API definition
...
Define the Key Wrapping API
2018-07-24 16:43:20 +01:00
Simon Butcher
dad05b7fc9
Merge remote-tracking branch 'public/pr/1844' into development
2018-07-24 13:05:09 +01:00
Simon Butcher
116ac43d00
Merge remote-tracking branch 'public/pr/1852' into development
2018-07-24 12:18:59 +01:00
Simon Butcher
fced1f2fb3
Merge remote-tracking branch 'public/pr/1854' into development
2018-07-24 10:26:46 +01:00
Brian J Murray
ca2ea4e217
Fix issue if salt = NULL and salt_len !=0 in mbedtls_hkdf_extract()
2018-07-23 10:34:47 -07:00
Angus Gratton
1a7a17e548
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-20 23:09:29 +01:00
Angus Gratton
34817929ea
TLSv1.2: Treat zero-length fragments as invalid, unless they are application data
...
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
2018-07-20 23:09:29 +01:00
Angus Gratton
b512bc1d29
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-20 23:09:29 +01:00
Simon Butcher
922bd1efb2
Merge remote-tracking branch 'public/pr/1752' into development
2018-07-20 14:33:18 +01:00
Simon Butcher
df15356259
Merge remote-tracking branch 'public/pr/1663' into development
2018-07-19 19:48:10 +01:00
Dawid Drozd
0e2c07e83e
Remove unnecessary mark as unused #1098
...
`ret` is used always at line 1305 in statement:
`if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )`
2018-07-11 15:16:53 +02:00
Manuel Pégourié-Gonnard
8744a02357
Clarify a few comments
...
The "+" sign could be misinterpreted as addition.
2018-07-11 12:30:40 +02:00
Simon Butcher
e7aeef09ee
Merge remote-tracking branch 'public/pr/536' into development
2018-07-10 15:24:26 +01:00
Simon Butcher
32b074720e
Merge remote-tracking branch 'public/pr/1737' into development
2018-07-10 14:57:50 +01:00
Simon Butcher
cdbb2f2168
Merge remote-tracking branch 'public/pr/1563' into development
2018-07-10 12:49:26 +01:00
Simon Butcher
6331cb0607
Fix some whitespace issues in ChangeLog and CMakeLists.txt
...
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
2018-07-10 11:48:42 +01:00
Simon Butcher
d21bd31759
Merge remote-tracking branch 'public/pr/1567' into development
2018-07-10 11:43:06 +01:00
Manuel Pégourié-Gonnard
6a25cfae2a
Avoid debug message that might leak length
...
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-10 11:15:36 +02:00
k-stachowiak
a5fbfd7cd8
Enable snprintf on FreeBSD
2018-07-08 13:22:11 +01:00
Brian J Murray
a61d123e0e
Minor changes to comments in hkdf.c
2018-07-06 10:02:39 -07:00
Manuel Pégourié-Gonnard
7b42030b5d
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Manuel Pégourié-Gonnard
1cc1fb0599
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Ron Eldor
ab8d58cb2d
Move definition of MBEDTLS_CIPHER_MODE_STREAM
...
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-07-01 10:20:43 +03:00
Simon Butcher
034e1398f0
Merge remote-tracking branch 'public/pr/1621' into development
2018-06-28 12:09:15 +01:00
Simon Butcher
4b6b08e7d2
Merge remote-tracking branch 'public/pr/1006' into development
2018-06-28 12:08:59 +01:00
Simon Butcher
1d97cab5f5
Merge remote-tracking branch 'public/pr/1645' into development
2018-06-28 12:06:16 +01:00
Simon Butcher
bea00bd89c
Merge remote-tracking branch 'public/pr/1783' into development
2018-06-28 12:04:19 +01:00
Simon Butcher
6665b67ddf
Merge remote-tracking branch 'public/pr/1390' into development
2018-06-27 10:51:47 +01:00
Nicholas Wilson
2682edf205
Fix build using -std=c99
...
In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
2018-06-25 12:00:26 +01:00
Nicholas Wilson
512b4ee9c7
Use gmtime_r to fix thread-safety issue, and use mbedtls_time on Windows
2018-06-25 11:59:54 +01:00
niisato
8ee2422ef8
about a issue Replace "new" variable #1782
2018-06-25 19:05:48 +09:00
Andres Amaya Garcia
bf7fe4f3f0
Replace check with APPLE with CMAKE_SYSTEM_NAME
2018-06-21 20:21:38 +01:00
Andres Amaya Garcia
5b92352374
Document ssl_write_real() behaviour in detail
2018-06-21 19:23:21 +01:00
Ron Eldor
755bb6af5f
Add ecc extensions only if ecc ciphersuite is used
...
Fix compliancy to RFC4492. ECC extensions should be included
only if ec ciphersuites are used. Interoperability issue with
bouncy castle. #1157
2018-06-21 16:35:26 +03:00
Andres Amaya Garcia
e3402ce44f
Enable APPLE_BUILD in makefile if using system ar
2018-06-20 10:43:21 +01:00
Philippe Antoine
21f73b57ed
Coding style
...
Commit to be squashed
2018-06-20 08:13:24 +02:00
Andres Amaya Garcia
c51d613eac
Ensure crosscompiling with make works in Mac OS X
2018-06-19 17:25:42 +01:00
Manuel Pégourié-Gonnard
2e58e8ee34
Implement ChachaPoly mode in TLS
2018-06-19 12:12:47 +02:00
Manuel Pégourié-Gonnard
ce66d5e8e1
Declare ChaCha-Poly ciphersuites
...
Prefer them over AES-GCM as they have better performance and fewer side
channel considerations in software implementations.
2018-06-19 12:11:38 +02:00