Commit Graph

5275 Commits

Author SHA1 Message Date
Jaeden Amero
e3bcd9a432 Merge remote-tracking branch 'upstream-public/pr/1887' into mbedtls-2.1 2018-08-10 10:50:03 +01:00
Ron Eldor
a4d836b403 Style fix
Add space in the ChangeLog.
2018-08-01 14:35:11 +03:00
k-stachowiak
83f9fba987 Revert change of a return variable name 2018-07-31 17:13:26 +02:00
Simon Butcher
92b04d9c55 Add ChangeLog entry for bug #1890 2018-07-30 22:15:36 +01:00
Simon Butcher
45ec65a49e Merge remote-tracking branch 'public/pr/1894' into mbedtls-2.1 2018-07-30 22:13:09 +01:00
Ron Eldor
7b93b6af2f Fix typo
Fix typo in ChangeLog entry.
2018-07-30 11:08:57 +03:00
Ron Eldor
78e4cb967d Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:01:37 +03:00
Simon Butcher
ada856fab4 Change test dependencies to RC4 from DES
Some tests were dependent on DES yet actually used RC4. Likely a copy and paste
error. This change fixes them.
2018-07-27 17:33:54 +01:00
Philippe Antoine
795eea6e1c Fix undefined shifts
- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key

and in ssl_cli.c : unsigned char gets promoted to signed integer
2018-07-26 22:51:18 +01:00
Simon Butcher
2f7f2b1f11 Merge remote-tracking branch 'restricted/pr/502' into mbedtls-2.1-restricted 2018-07-26 14:37:12 +01:00
Angus Gratton
ba25ffef87 Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:09:37 +03:00
Simon Butcher
d908494fe5 Clarify Changelog entries
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:33:29 +01:00
Jaeden Amero
dcec5bb527 Update version to 2.1.14 2018-07-25 15:42:55 +01:00
Simon Butcher
3339fe9a02 Merge remote-tracking branch 'restricted/pr/495' into mbedtls-2.1 2018-07-24 23:42:13 +01:00
Andres AG
63cc716575 Fix all.sh check_tools function to handle paths 2018-07-24 13:40:25 +01:00
Simon Butcher
48776350b2 Merge remote-tracking branch 'public/pr/1799' into mbedtls-2.1 2018-07-24 13:31:12 +01:00
Simon Butcher
3661642a49 Merge remote-tracking branch 'public/pr/1804' into mbedtls-2.1 2018-07-24 13:17:26 +01:00
Simon Butcher
be9c2dce5b Revise ChangeLog entry for empty data records fixes 2018-07-24 13:01:59 +01:00
Simon Butcher
642ddb555e Merge remote-tracking branch 'public/pr/1864' into mbedtls-2.1 2018-07-24 13:01:02 +01:00
Simon Butcher
62041cc50b Merge remote-tracking branch 'public/pr/1873' into mbedtls-2.1 2018-07-24 12:14:03 +01:00
k-stachowiak
d21e958c3e Fix code formatting 2018-07-24 12:53:54 +02:00
Simon Butcher
f10188d37d Merge remote-tracking branch 'public/pr/1876' into mbedtls-2.1 2018-07-24 08:26:34 +01:00
Simon Butcher
e9a437fe59 Correct logic to exclude i386 inline assenbly when -O0
The i386 MPI inline assembly code was being incorrectly included when
all compiler optimisation was disabled.
2018-07-23 13:42:05 +01:00
Simon Butcher
698cb3469d Add additional i386 tests to all.sh
Added an additional i386 test to all.sh, to allow one test with -O0 which
compiles out inline assembly, and one to test with -01 which includes the inline
assembly.
2018-07-23 13:41:56 +01:00
Jaeden Amero
7ef1f5b0c6 all.sh: Return error on keep-going failure
When calling all.sh from a script and using "--keep-going", errors were
sometimes missed due to all.sh always returning 0 "success" return code.
Return 1 if there is any failure encountered during a "keep-going" run.
2018-07-23 10:24:53 +01:00
Simon Butcher
f218c0c5cf Expand i386 all.sh tests to full config ASan builds
The i386 test builds were only building the default configuration and had
no address sanitisation. This commit expands the test configuration to the full
configuration in all.sh and builds with ASan for when the test suites are
executed.
2018-07-20 21:40:52 +01:00
Simon Butcher
c098ec3af6 Merge remote-tracking branch 'public/pr/1779' into mbedtls-2.1 2018-07-20 14:47:37 +01:00
Simon Butcher
3a97bc2ced Merge remote-tracking branch 'public/pr/1837' into mbedtls-2.1 2018-07-19 20:01:44 +01:00
Simon Butcher
ff5bd6220b Fix ChangeLog entry for issue #1663
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:59:02 +01:00
Simon Butcher
eebee76f93 Merge remote-tracking branch 'public/pr/1846' into mbedtls-2.1 2018-07-19 19:48:40 +01:00
Simon Butcher
f11daf6ff6 Merge remote-tracking branch 'public/pr/1850' into mbedtls-2.1 2018-07-19 16:14:44 +01:00
Ron Eldor
41273200a2 Update ChangeLog
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:16:12 +03:00
Ron Eldor
99b9f12a91 Repharse comments
Rephrase comments to clarify them.
2018-07-17 13:31:57 +03:00
Andres Amaya Garcia
dc8b6df7a7 Add test for empty app data records to ssl-opt.sh 2018-07-16 20:22:30 +01:00
Andres Amaya Garcia
01daf2a5ef Add ChangeLog entry for empty app data fix 2018-07-16 20:22:28 +01:00
Andres Amaya Garcia
6aa5169c7a Fix ssl_client2 to send 0-length app data 2018-07-16 20:22:20 +01:00
Angus Gratton
fd1c5e8453 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:20:51 +01:00
Angus Gratton
485b3930c9 TLSv1.2: Treat zero-length fragments as invalid, unless they are application data
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
2018-07-16 20:20:49 +01:00
Angus Gratton
1226dd7715 CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:20:44 +01:00
k-stachowiak
b435e99693 Update change log 2018-07-16 12:27:34 +02:00
k-stachowiak
2d2d80b916 Prevent buffer overread by one byte 2018-07-16 12:27:23 +02:00
Manuel Pégourié-Gonnard
534fea790e Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
671f932a87 Avoid debug message that might leak length
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
99b6a711c8 Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
69675d056a Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:20:33 +02:00
Ron Eldor
2e7b686f71 Remove reference to ECJPAKE
Remove reference to `MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED` as branch
`mbedtls-2.1` doesn't have `ECJPAKE`. This definition was accidently
inserted in a backport.
2018-07-11 13:37:38 +03:00
Simon Butcher
4171347709 Disable use of the i386 assembly for option -O0
We don't compile in the assembly code if compiler optimisations are disabled as
the number of registers used in the assembly code doesn't work with the -O0
option. Also anyone select -O0 probably doesn't want to compile in the assembly
code anyway.
2018-07-10 23:02:27 +01:00
Simon Butcher
54cf322c05 Add fix for #1550 and credit to the ChangeLog 2018-07-10 23:02:15 +01:00
Simon Butcher
cdad40dfce Add ebx to the i386 clobber list for MPI assembly
This fix adds the ebx register to the clobber list for the i386 inline assembly
for the multiply helper function.

ebx was used but not listed, so when the compiler chose to also use it, ebx was
getting corrupted. I'm surprised this wasn't spotted sooner.

Fixes Github issues #1550.
2018-07-10 23:00:38 +01:00
Simon Butcher
57e9fe2df4 Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1 2018-07-10 14:59:56 +01:00