Simon Butcher
eebee76f93
Merge remote-tracking branch 'public/pr/1846' into mbedtls-2.1
2018-07-19 19:48:40 +01:00
Simon Butcher
f11daf6ff6
Merge remote-tracking branch 'public/pr/1850' into mbedtls-2.1
2018-07-19 16:14:44 +01:00
Ron Eldor
41273200a2
Update ChangeLog
...
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:16:12 +03:00
Andres Amaya Garcia
01daf2a5ef
Add ChangeLog entry for empty app data fix
2018-07-16 20:22:28 +01:00
Angus Gratton
fd1c5e8453
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:20:51 +01:00
Angus Gratton
1226dd7715
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:20:44 +01:00
k-stachowiak
b435e99693
Update change log
2018-07-16 12:27:34 +02:00
Manuel Pégourié-Gonnard
534fea790e
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
99b6a711c8
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
69675d056a
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:20:33 +02:00
Simon Butcher
54cf322c05
Add fix for #1550 and credit to the ChangeLog
2018-07-10 23:02:15 +01:00
Simon Butcher
57e9fe2df4
Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1
2018-07-10 14:59:56 +01:00
Simon Butcher
ec971d7434
Merge remote-tracking branch 'public/pr/1828' into mbedtls-2.1
2018-07-10 12:51:03 +01:00
Gilles Peskine
2347d4eb3b
Add ChangeLog entry
2018-07-10 13:03:54 +02:00
k-stachowiak
9e070019ad
Update change log
2018-07-09 14:44:26 +02:00
Philippe Antoine
bbc7918b6b
Fixes different off by ones
2018-07-09 10:33:08 +02:00
Ron Eldor
5c8e588444
Minor fixes
...
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-05 14:59:23 +03:00
Simon Butcher
4b57a1f182
Add ChangeLog entry for #992 fix
2018-07-02 12:18:35 +01:00
niisato
000e48af07
Add ChangeLog
2018-06-29 11:31:52 +01:00
Ron Eldor
f27f8aeb19
Update ChangeLog
...
Update ChangeLog with a less ambigous description.
2018-06-28 16:08:09 +03:00
Ron Eldor
5c141d28ca
Add entry in ChangeLog
...
Add an entry in the ChangeLog, describing the fix.
2018-06-28 16:08:01 +03:00
Simon Butcher
b461ba5630
Adds referene in ChangeLog for issue #1623
2018-06-28 12:14:07 +01:00
Simon Butcher
03c79a1973
Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1
2018-06-28 12:00:55 +01:00
Simon Butcher
e5828ce06c
Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1
2018-06-28 11:38:18 +01:00
Ron Eldor
d7593a5b73
Add entry in ChangeLog
...
Add entry in ChangeLog for compilation error fix of #1719
2018-06-28 08:51:37 +03:00
Ron Eldor
254530f2e0
Documentation error in mbedtls_ssl_get_session
...
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-06-27 17:51:56 +03:00
Ron Eldor
e6c2f4d168
Fix typo in ChangeLog
...
Fix typo in ChangeLog discovered in PR review
2018-06-24 17:21:08 +03:00
Ron Eldor
2c8a7ec0dd
Remove unneeded namesapcing in header files
...
Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue #857
2018-06-24 17:20:40 +03:00
Simon Butcher
ba3e5e60f2
Merge remote-tracking branch 'public/pr/1558' into mbedtls-2.1
2018-06-22 15:07:52 +01:00
Simon Butcher
b1c796ec48
Merge remote-tracking branch 'public/pr/1769' into mbedtls-2.1
2018-06-22 15:05:34 +01:00
Simon Butcher
584fad2ce6
Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse()
2018-06-22 12:19:56 +01:00
Simon Butcher
ad761c45b9
Fix multiple quality issues in the source
...
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
* incorrect file permissions
* missing newline at the end of files
* trailing whitespace
* Tabs present
* TODOs in the souce code
2018-06-22 11:22:44 +01:00
Andres Amaya Garcia
45bc7db600
Add ChangeLog entry for mbedtls_ssl_write() docs
2018-06-21 19:35:46 +01:00
Ron Eldor
0bd06a3de0
Add tests for mbedtls_cipher_crypt API
...
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091 , by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
2018-06-21 13:59:01 +03:00
Simon Butcher
6fc9ceece3
Change the library version to 2.1.13
2018-06-18 14:49:02 +01:00
Simon Butcher
494fb8f968
Add ChangeLog entry for clang version fix. Issue #1072
2018-06-18 11:56:46 +01:00
Simon Butcher
0a715b1587
Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1
2018-06-17 18:02:57 +01:00
Simon Butcher
7505ef255b
Merge remote-tracking branch 'public/pr/1712' into mbedtls-2.1
2018-06-17 18:01:54 +01:00
Simon Butcher
db3fe7cbe4
Add ChangeLog entry for Microblaze fix
2018-06-15 09:39:19 +01:00
Simon Butcher
577d39b930
Compilation warning fixes on 32b platfrom with IAR
...
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683
This is based on work by Ron Eldor in PR #750 .
2018-06-14 09:10:23 +01:00
Simon Butcher
a5fb40d9f9
Merge remote-tracking branch 'public/pr/1465' into mbedtls-2.1
2018-06-11 11:49:28 +01:00
Simon Butcher
0c362f68b3
Add ChangeLog entry for _WIN32_WINNT override fix
2018-06-08 16:27:04 +01:00
Simon Butcher
fcc7a62bb1
Merge remote-tracking branch 'public/pr/1403' into mbedtls-2.1
2018-06-01 19:43:55 +01:00
Moran Peker
6981df59e7
Remove double declaration of mbedtls_ssl_list_ciphersuites
...
Raised by TrinityTonic. #1359
2018-05-23 18:42:36 +01:00
Simon Butcher
a8002f8f39
Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1
2018-05-23 17:58:10 +01:00
Simon Butcher
7350ab18df
Fix ChangeLog for PR #1582 following merge
2018-05-23 17:55:02 +01:00
Simon Butcher
e64bf3968e
Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1
2018-05-23 17:53:23 +01:00
Simon Butcher
13188782a0
Fix up ChangeLog following rebase to mbedtls-2.1.12
2018-05-11 16:41:07 +01:00
Andres AG
879e62697e
Allow the entry_name size to be set in config.h
...
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
2018-05-11 16:38:38 +01:00
Jaeden Amero
3263f46a0e
Merge remote-tracking branch 'upstream-restricted/pr/480' into mbedtls-2.1-restricted
2018-04-30 17:38:15 +01:00
Simon Butcher
50d802172f
Fix the ChangeLog for clarity, english and credit
2018-04-30 17:23:10 +01:00
Jaeden Amero
6c0fba4350
Update version to 2.1.12
2018-04-27 13:13:54 +01:00
Jaeden Amero
4faad41346
Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed
...
Remove trailing whitespace from ChangeLog.
2018-04-26 11:09:15 +01:00
Jaeden Amero
7db991d56a
Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
...
Resolve conflicts in ChangeLog
2018-04-26 09:03:14 +01:00
Andrzej Kurek
128bcbea1a
Changelog entry
2018-04-25 05:29:47 -04:00
Andrzej Kurek
bb6661479f
ssl_tls: Fix invalid buffer sizes during compression / decompression
...
Adjust information passed to zlib to include already written data.
2018-04-23 08:29:36 -04:00
Mohammad Azim Khan
3f1d5cb324
Same ciphersuite validation in server and client hello
2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard
1e2f4da801
Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed
...
* restricted/pr/469:
Improve comments style
Remove a redundant test
Add buffer size check before cert_type_len read
Update change log
Adjust 2.1 specific code to match the buffer verification tests
Add a missing buffer size check
Correct buffer size check
2018-04-18 12:22:24 +02:00
Darryl Green
ce52b58da0
Fix braces in mbedtls_memory_buffer_alloc_status()
2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak
8fc134fcb1
Update change log
2018-04-05 08:51:35 +02:00
fbrosson
0620206db3
Backport 2.1: Use "#!/usr/bin/env perl" as shebang line.
2018-04-04 22:29:59 +00:00
Gilles Peskine
24f4584473
Align ChangeLog entry for PR #1396 with development
2018-04-04 10:18:37 +02:00
Jaeden Amero
23d979bee0
Merge remote-tracking branch 'upstream-public/pr/1554' into mbedtls-2.1-proposed
2018-04-03 19:15:28 +01:00
AndrzejKurek
0de430678e
pk_sign: fix overriding and ignoring return values
2018-04-03 19:38:45 +02:00
Jaeden Amero
ac9939c096
Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed
2018-04-03 18:27:18 +01:00
Jaeden Amero
ee6c822076
Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed
2018-04-03 12:07:19 +01:00
Gilles Peskine
225684015d
Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed
2018-04-01 12:41:33 +02:00
Gilles Peskine
8b1cddcf26
Merge remote-tracking branch 'upstream-public/pr/1542' into mbedtls-2.1-proposed
2018-04-01 12:41:00 +02:00
Gilles Peskine
419e670702
Minor changelog improvement
2018-04-01 12:33:35 +02:00
Gilles Peskine
04450488ec
Add ChangeLog entry to credit independent contribution
...
Also: fixes #1437
2018-03-31 23:06:09 +02:00
Andrzej Kurek
a1149a70ae
Add tests for "return plaintext data faster on unpadded decryption"
2018-03-30 05:00:19 -04:00
Darryl Green
093c170377
Improve documentation of mbedtls_ssl_write()
2018-03-29 16:56:09 +01:00
Jaeden Amero
cbe731c653
Merge remote-tracking branch 'upstream-public/pr/1532' into mbedtls-2.1-proposed
2018-03-29 11:03:17 +01:00
Jaeden Amero
82e288adb6
Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed
2018-03-29 10:59:43 +01:00
Jaeden Amero
616485854e
Merge remote-tracking branch 'upstream-public/pr/1469' into mbedtls-2.1-proposed
2018-03-28 15:36:01 +01:00
Jaeden Amero
478baecc06
Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed
2018-03-28 15:34:25 +01:00
Ivan Krylov
1110a6fa63
Add ChangeLog entry
2018-03-28 17:25:12 +03:00
Jaeden Amero
8b4cd26eaf
Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed
2018-03-28 13:44:28 +01:00
Gilles Peskine
f362b97415
Add ChangeLog entry
...
Fixes #1299 . Fixes #1475 .
2018-03-27 23:22:37 +02:00
Andres Amaya Garcia
47569d7384
Add ChangeLog entry for PBES2 when ASN1 disabled
2018-03-27 21:34:15 +01:00
Andres Amaya Garcia
bc00667a90
Improve ChangeLog for DLEXT and AR_DASH changes
2018-03-27 20:07:52 +01:00
Andres Amaya Garcia
83bffd353e
Add ChangeLog entry for library/makefile changes
2018-03-26 00:15:21 +01:00
Gilles Peskine
eea857dc0d
Add ChangeLog entry
2018-03-23 14:38:14 +01:00
Gilles Peskine
d888bd2c65
Add changelog entries for improved testing
...
Fixes #1040
2018-03-23 02:29:49 +01:00
Gilles Peskine
2a74061198
Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
...
Conflict resolution:
* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
addition. In addition some of the additions in the
iotssl-1381-x509-verify-refactor-restricted branch need support for
keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
...
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
mohammad1603
cee0890b19
Verify that f_send and f_recv send and receive the expected length
...
Verify that f_send and f_recv send and receive the expected length
Conflicts:
ChangeLog
2018-03-22 15:01:02 -07:00
Andres Amaya Garcia
2a0aee3163
Add ChangeLog entry for redundant mutex initialization optimizations
2018-03-21 17:40:48 +00:00
Andres Amaya Garcia
09d787f2fc
Add ChangeLog entry for dylib builds using Makefile
2018-03-21 11:24:32 +00:00
Jaeden Amero
1c986a9859
Update version to 2.1.11
2018-03-16 16:29:30 +00:00
Jaeden Amero
7f44963f45
Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed
2018-03-15 15:24:47 +00:00
Ron Eldor
82712a9c97
Write correct number of ciphersuites in log
...
Change location of log, to fit the correct number of used ciphersuites
2018-03-15 15:09:28 +00:00
Jaeden Amero
23f503f12d
Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed
2018-03-14 18:32:21 +00:00
Jaeden Amero
5e50ff8f44
Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed
2018-03-14 18:16:29 +00:00
Jaeden Amero
10a1a60966
Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed
2018-03-14 18:03:41 +00:00
Jaeden Amero
0980d9a3ae
Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed
2018-03-14 17:53:27 +00:00
Jaeden Amero
4e3629590f
Merge remote-tracking branch 'upstream-public/pr/1452' into mbedtls-2.1-proposed
2018-03-14 17:38:21 +00:00
Krzysztof Stachowiak
d3cec99377
Update change log
2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
a7a8332402
Update change log
2018-03-14 14:35:12 +01:00
Manuel Pégourié-Gonnard
b0661769ab
x509: CRL: reject unsupported critical extensions
2018-03-14 09:28:24 +01:00