Manuel Pégourié-Gonnard
7b42030b5d
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Manuel Pégourié-Gonnard
1cc1fb0599
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Gilles Peskine
104d85865d
Add ChangeLog entry
2018-06-28 17:36:02 +02:00
Darryl Green
11999bb72e
Fix minor code style issues
2018-05-15 09:21:57 +01:00
Jaeden Amero
a331e0f0af
Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed
2018-05-04 14:39:24 +01:00
Simon Butcher
e6a2a1aa97
Add the uodate to the soversion to the ChangeLog
2018-05-01 14:02:24 +01:00
Jaeden Amero
78d2f7d5df
Merge remote-tracking branch 'upstream-restricted/pr/478' into development-restricted
2018-04-30 17:37:42 +01:00
Simon Butcher
b03120ad41
Fix the ChangeLog for clarity, english and credit
2018-04-30 17:13:42 +01:00
Jaeden Amero
7d7bad6b1f
Update version to 2.9.0
...
Bump SOVERSION for parity with 2.7.2 and 2.7.3.
2018-04-30 09:58:33 +01:00
Jaeden Amero
c64a300027
Merge remote-tracking branch 'upstream-restricted/pr/471' into development-restricted-proposed
...
Remove trailing whitespace in ChangeLog.
2018-04-26 09:06:33 +01:00
Jaeden Amero
bd05dfd49f
Merge branch 'development-proposed' into development-restricted-proposed
...
Resolve conflicts in ChangeLog
2018-04-26 09:03:03 +01:00
Jaeden Amero
84a1107818
Merge remote-tracking branch 'upstream-public/pr/1592' into development-proposed
2018-04-25 14:22:12 +01:00
Jaeden Amero
38c42d5afa
Merge remote-tracking branch 'upstream-public/pr/1570' into development-proposed
...
Resolve merge conflict in ChangeLog.
2018-04-25 14:20:08 +01:00
Andrzej Kurek
b7a18c0498
Changelog entry
2018-04-25 05:25:30 -04:00
Mohammad Azim Khan
1d3b508b82
Same ciphersuite validation in server and client hello
2018-04-20 18:54:18 +01:00
Andrzej Kurek
5462e02874
ssl_tls: Fix invalid buffer sizes during compression / decompression
...
Adjust information passed to zlib to include already written data.
2018-04-20 07:58:53 -04:00
Gilles Peskine
5450d1f597
Merge branch 'crypto_alt_revision' into development-restricted-proposed
2018-04-19 21:02:40 +02:00
Gilles Peskine
81021ca2da
Improve ChangeLog entry
2018-04-19 20:59:06 +02:00
Gilles Peskine
f2b76cd45c
Merge remote-tracking branch 'upstream-restricted/pr/461' into development-restricted-proposed
2018-04-19 17:41:39 +02:00
Andres Amaya Garcia
1962405be1
Justify moving zeroize() to utils in ChangeLog
2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
9a65b1de2a
Add utils.h ChangeLog entry
2018-04-17 09:17:38 -05:00
Andrzej Kurek
aca09c7026
Changelog entry
...
Describing platform teardown and setup calls in test suites
2018-04-13 05:18:08 -04:00
Jethro Beekman
cb122373f0
Update ChangeLog for #1380
2018-04-11 08:40:38 -07:00
Ron Eldor
bf027e736a
Minor modifications after PR review
...
1. Move ChangLog entry to correct location
2. Move point formats outside the ECP_ALT check, as it's part of the RFC
2018-04-09 15:51:19 +03:00
Gilles Peskine
80aa3b8d65
Merge branch 'pr_946' into development-proposed
2018-04-04 10:33:45 +02:00
Gilles Peskine
e4d3b7f860
Fix merge glitch in ChangeLog
2018-04-04 09:28:48 +02:00
Gilles Peskine
b9e8696d56
Merge remote-tracking branch 'upstream-public/pr/1142' into development-proposed
2018-04-04 09:20:59 +02:00
Gilles Peskine
73db8380ca
Merge remote-tracking branch 'upstream-public/pr/1547' into development-proposed
2018-04-04 09:19:12 +02:00
Gilles Peskine
be2371c3d9
Merge branch 'pr_348' into development-proposed
2018-04-04 09:18:27 +02:00
Gilles Peskine
557e77d9a3
Add ChangeLog entry
2018-04-04 09:18:11 +02:00
Gilles Peskine
a09453f495
Merge branch 'pr_1395' into development-proposed
2018-04-04 09:14:12 +02:00
Gilles Peskine
d6953b58d7
Improve changelog entry
2018-04-04 09:09:29 +02:00
Kevin Luty
0cbe816bfc
ChangeLog updated and returning proper value
2018-04-02 10:01:16 -05:00
Ron Eldor
810e650c70
Adjust more modules to new design
...
Add `ecp.h` anf `timing.h` to new XXX_alt design
2018-04-01 15:59:58 +03:00
Ron Eldor
1c9f9be9a2
update ChangeLog
...
Update ChangeLog with suggested rephrasing
2018-04-01 15:14:07 +03:00
Ron Eldor
b2aacec417
Take Cryptographic API outside the XXX_ALT check
...
The cryptographic API should not be related to whether or not
there is alternative implementation. The API should be same for regular
implementation, and for alternative implementation, so it is defined
outside of the XXX_ALT precompilation check in the cryptographic API header
2018-04-01 15:12:46 +03:00
Gilles Peskine
90a8b5219f
Merge branch 'pr_1480' into development-proposed
2018-04-01 12:44:06 +02:00
Gilles Peskine
092bf3dd38
Add original PR reference
2018-04-01 12:43:48 +02:00
Gilles Peskine
0ed632f445
Merge remote-tracking branch 'upstream-public/pr/1499' into development-proposed
2018-04-01 12:41:22 +02:00
Gilles Peskine
5e4464e392
Merge remote-tracking branch 'upstream-public/pr/1539' into development-proposed
2018-04-01 12:40:37 +02:00
Gilles Peskine
695d557dcf
Merge branch 'pr_1180' into development-proposed
2018-04-01 12:26:36 +02:00
Gilles Peskine
4045c74421
Minor changelog improvement
2018-04-01 12:25:48 +02:00
Gilles Peskine
c96ccf4b3f
Add ChangeLog entry to credit independent contribution
...
Also: fixes #1437
2018-03-31 22:57:03 +02:00
Darryl Green
eea1c4ee5a
Improve documentation of mbedtls_ssl_write()
2018-03-29 16:41:09 +01:00
Andrzej Kurek
a357f1a6ca
Move changelog entry to bugfix from changes
2018-03-29 08:17:15 -04:00
Jaeden Amero
4ba87fc958
Merge remote-tracking branch 'upstream-public/pr/758' into development-proposed
2018-03-29 11:01:38 +01:00
Jaeden Amero
2ad47e3bcc
Merge remote-tracking branch 'upstream-public/pr/1528' into development-proposed
2018-03-29 11:00:50 +01:00
Jaeden Amero
78a03ec230
Merge remote-tracking branch 'upstream-public/pr/1379' into development-proposed
2018-03-29 10:57:57 +01:00
Jaeden Amero
90226be779
Merge remote-tracking branch 'upstream-public/pr/1467' into development-proposed
2018-03-28 15:35:22 +01:00
Jaeden Amero
2843d21d99
Merge remote-tracking branch 'upstream-public/pr/1523' into development-proposed
2018-03-28 15:32:13 +01:00