Commit Graph

5132 Commits

Author SHA1 Message Date
Ron Eldor
41273200a2 Update ChangeLog
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:16:12 +03:00
Ron Eldor
99b9f12a91 Repharse comments
Rephrase comments to clarify them.
2018-07-17 13:31:57 +03:00
Andres Amaya Garcia
dc8b6df7a7 Add test for empty app data records to ssl-opt.sh 2018-07-16 20:22:30 +01:00
Andres Amaya Garcia
01daf2a5ef Add ChangeLog entry for empty app data fix 2018-07-16 20:22:28 +01:00
Andres Amaya Garcia
6aa5169c7a Fix ssl_client2 to send 0-length app data 2018-07-16 20:22:20 +01:00
Angus Gratton
fd1c5e8453 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:20:51 +01:00
Angus Gratton
485b3930c9 TLSv1.2: Treat zero-length fragments as invalid, unless they are application data
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
2018-07-16 20:20:49 +01:00
Angus Gratton
1226dd7715 CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:20:44 +01:00
Manuel Pégourié-Gonnard
534fea790e Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
671f932a87 Avoid debug message that might leak length
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
99b6a711c8 Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
69675d056a Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:20:33 +02:00
Ron Eldor
2e7b686f71 Remove reference to ECJPAKE
Remove reference to `MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED` as branch
`mbedtls-2.1` doesn't have `ECJPAKE`. This definition was accidently
inserted in a backport.
2018-07-11 13:37:38 +03:00
Simon Butcher
4171347709 Disable use of the i386 assembly for option -O0
We don't compile in the assembly code if compiler optimisations are disabled as
the number of registers used in the assembly code doesn't work with the -O0
option. Also anyone select -O0 probably doesn't want to compile in the assembly
code anyway.
2018-07-10 23:02:27 +01:00
Simon Butcher
54cf322c05 Add fix for #1550 and credit to the ChangeLog 2018-07-10 23:02:15 +01:00
Simon Butcher
cdad40dfce Add ebx to the i386 clobber list for MPI assembly
This fix adds the ebx register to the clobber list for the i386 inline assembly
for the multiply helper function.

ebx was used but not listed, so when the compiler chose to also use it, ebx was
getting corrupted. I'm surprised this wasn't spotted sooner.

Fixes Github issues #1550.
2018-07-10 23:00:38 +01:00
Simon Butcher
57e9fe2df4 Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1 2018-07-10 14:59:56 +01:00
Simon Butcher
275265dc1d Merge remote-tracking branch 'public/pr/1823' into mbedtls-2.1 2018-07-10 14:34:34 +01:00
Simon Butcher
7175918621 Merge remote-tracking branch 'public/pr/1445' into mbedtls-2.1 2018-07-10 12:57:56 +01:00
Simon Butcher
ec971d7434 Merge remote-tracking branch 'public/pr/1828' into mbedtls-2.1 2018-07-10 12:51:03 +01:00
Gilles Peskine
2347d4eb3b Add ChangeLog entry 2018-07-10 13:03:54 +02:00
Simon Butcher
cb74333a8a Merge remote-tracking branch 'public/pr/1820' into mbedtls-2.1 2018-07-10 11:39:10 +01:00
Philippe Antoine
bbc7918b6b Fixes different off by ones 2018-07-09 10:33:08 +02:00
Jaeden Amero
d1da083175 tests: dhm: Rename Hallman to Hellman
Fix typo of Diffie-Hallman to Diffie-Hellman.
2018-07-06 14:28:02 +01:00
Ron Eldor
5c8e588444 Minor fixes
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-05 14:59:23 +03:00
Ron Eldor
3cd35d1cee Revert changes in the configs folder
Revert the changes in the `configs` folder to
align with the `README.txt` file.
2018-07-05 14:48:19 +03:00
Simon Butcher
4b57a1f182 Add ChangeLog entry for #992 fix 2018-07-02 12:18:35 +01:00
Brendan Shanks
9e31693f67 x509.c: Remove unused includes
Remove unused includes guarded by MBEDTLS_FS_IO, which doesn't appear
anywhere else in the file.
2018-07-02 12:17:44 +01:00
Ron Eldor
6877685ac6 Restore accidentally deleted lines
Restore lines that were accidentally deleted by a previous
moerge conflict.
2018-07-01 10:05:49 +03:00
Gilles Peskine
2cc7ad4cfc Fix ssl-opt.sh not starting when lsof is not available
$START_DELAY was used before it was defined.
2018-06-29 16:03:18 +02:00
niisato
000e48af07 Add ChangeLog 2018-06-29 11:31:52 +01:00
niisato
8ba6ff578d about a issue Replace "new" variable #1782 2018-06-29 11:30:03 +01:00
Ron Eldor
2eee2e63e5 Update ssl-opt.sh test to run condition
1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
2018-06-28 16:20:00 +03:00
Ron Eldor
b27a1ab18f Add ECC extensions test in ssl-opts.sh
Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
2018-06-28 16:09:31 +03:00
Ron Eldor
f27f8aeb19 Update ChangeLog
Update ChangeLog with a less ambigous description.
2018-06-28 16:08:09 +03:00
Ron Eldor
5c141d28ca Add entry in ChangeLog
Add an entry in the ChangeLog, describing the fix.
2018-06-28 16:08:01 +03:00
Ron Eldor
b847d8f2a9 Add ecc extensions only if ecc ciphersuite is used
Fix compliancy to RFC4492. ECC extensions should be included
only if ec ciphersuites are used. Interoperability issue with
bouncy castle. #1157
2018-06-28 16:07:22 +03:00
Simon Butcher
b461ba5630 Adds referene in ChangeLog for issue #1623 2018-06-28 12:14:07 +01:00
Simon Butcher
03c79a1973 Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1 2018-06-28 12:00:55 +01:00
Simon Butcher
2a45d6ebe6 Merge remote-tracking branch 'public/pr/1795' into mbedtls-2.1 2018-06-28 11:46:33 +01:00
Simon Butcher
e5828ce06c Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1 2018-06-28 11:38:18 +01:00
Simon Butcher
e509b4ffe0 Merge remote-tracking branch 'public/pr/1770' into mbedtls-2.1 2018-06-28 11:37:50 +01:00
Simon Butcher
29a63323fd Merge remote-tracking branch 'public/pr/1801' into mbedtls-2.1 2018-06-28 11:27:53 +01:00
Ron Eldor
112e32230e Move definition to cipher.h
Define `MBEDTLS_CIPHER_MODE_STREAM` for `MBEDTLS_CIPHER_NULL_CIPHER`
as well, in cipher.h. Remove redundant definition in `cipher_internal.h`
2018-06-28 08:52:07 +03:00
Ron Eldor
d7593a5b73 Add entry in ChangeLog
Add entry in ChangeLog for compilation error fix of #1719
2018-06-28 08:51:37 +03:00
Ron Eldor
3dfbf406e5 Move definition of MBEDTLS_CIPHER_MODE_STREAM
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-06-28 08:49:25 +03:00
Ron Eldor
254530f2e0 Documentation error in mbedtls_ssl_get_session
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-06-27 17:51:56 +03:00
Ron Eldor
af1e7d1fd6 Update the forum link in the README file
Update the forum link in the readme file as well.
2018-06-27 14:44:20 +03:00
Ron Eldor
c24108a8c8 Fix style issue
Add space before and after paranthesis.
2018-06-27 09:11:14 +03:00
Ron Eldor
45d23d62a1 Add check for return code of bignumber code
Add check for return code of `mbedtls_mpi_write_file`
as commented by @sbutcher-arm
2018-06-27 09:09:59 +03:00