Commit Graph

1384 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
7b42030b5d Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Manuel Pégourié-Gonnard
1cc1fb0599 Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Gilles Peskine
104d85865d Add ChangeLog entry 2018-06-28 17:36:02 +02:00
Darryl Green
11999bb72e Fix minor code style issues 2018-05-15 09:21:57 +01:00
Jaeden Amero
a331e0f0af Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed 2018-05-04 14:39:24 +01:00
Simon Butcher
e6a2a1aa97 Add the uodate to the soversion to the ChangeLog 2018-05-01 14:02:24 +01:00
Jaeden Amero
78d2f7d5df Merge remote-tracking branch 'upstream-restricted/pr/478' into development-restricted 2018-04-30 17:37:42 +01:00
Simon Butcher
b03120ad41 Fix the ChangeLog for clarity, english and credit 2018-04-30 17:13:42 +01:00
Jaeden Amero
7d7bad6b1f Update version to 2.9.0
Bump SOVERSION for parity with 2.7.2 and 2.7.3.
2018-04-30 09:58:33 +01:00
Jaeden Amero
c64a300027 Merge remote-tracking branch 'upstream-restricted/pr/471' into development-restricted-proposed
Remove trailing whitespace in ChangeLog.
2018-04-26 09:06:33 +01:00
Jaeden Amero
bd05dfd49f Merge branch 'development-proposed' into development-restricted-proposed
Resolve conflicts in ChangeLog
2018-04-26 09:03:03 +01:00
Jaeden Amero
84a1107818 Merge remote-tracking branch 'upstream-public/pr/1592' into development-proposed 2018-04-25 14:22:12 +01:00
Jaeden Amero
38c42d5afa Merge remote-tracking branch 'upstream-public/pr/1570' into development-proposed
Resolve merge conflict in ChangeLog.
2018-04-25 14:20:08 +01:00
Andrzej Kurek
b7a18c0498 Changelog entry 2018-04-25 05:25:30 -04:00
Mohammad Azim Khan
1d3b508b82 Same ciphersuite validation in server and client hello 2018-04-20 18:54:18 +01:00
Andrzej Kurek
5462e02874 ssl_tls: Fix invalid buffer sizes during compression / decompression
Adjust information passed to zlib to include already written data.
2018-04-20 07:58:53 -04:00
Gilles Peskine
5450d1f597 Merge branch 'crypto_alt_revision' into development-restricted-proposed 2018-04-19 21:02:40 +02:00
Gilles Peskine
81021ca2da Improve ChangeLog entry 2018-04-19 20:59:06 +02:00
Gilles Peskine
f2b76cd45c Merge remote-tracking branch 'upstream-restricted/pr/461' into development-restricted-proposed 2018-04-19 17:41:39 +02:00
Andres Amaya Garcia
1962405be1 Justify moving zeroize() to utils in ChangeLog 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
9a65b1de2a Add utils.h ChangeLog entry 2018-04-17 09:17:38 -05:00
Andrzej Kurek
aca09c7026 Changelog entry
Describing platform teardown and setup calls in test suites
2018-04-13 05:18:08 -04:00
Jethro Beekman
cb122373f0 Update ChangeLog for #1380 2018-04-11 08:40:38 -07:00
Ron Eldor
bf027e736a Minor modifications after PR review
1. Move ChangLog entry to correct location
2. Move point formats outside the ECP_ALT check, as it's part of the RFC
2018-04-09 15:51:19 +03:00
Gilles Peskine
80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Gilles Peskine
e4d3b7f860 Fix merge glitch in ChangeLog 2018-04-04 09:28:48 +02:00
Gilles Peskine
b9e8696d56 Merge remote-tracking branch 'upstream-public/pr/1142' into development-proposed 2018-04-04 09:20:59 +02:00
Gilles Peskine
73db8380ca Merge remote-tracking branch 'upstream-public/pr/1547' into development-proposed 2018-04-04 09:19:12 +02:00
Gilles Peskine
be2371c3d9 Merge branch 'pr_348' into development-proposed 2018-04-04 09:18:27 +02:00
Gilles Peskine
557e77d9a3 Add ChangeLog entry 2018-04-04 09:18:11 +02:00
Gilles Peskine
a09453f495 Merge branch 'pr_1395' into development-proposed 2018-04-04 09:14:12 +02:00
Gilles Peskine
d6953b58d7 Improve changelog entry 2018-04-04 09:09:29 +02:00
Kevin Luty
0cbe816bfc
ChangeLog updated and returning proper value 2018-04-02 10:01:16 -05:00
Ron Eldor
810e650c70 Adjust more modules to new design
Add `ecp.h` anf `timing.h` to new XXX_alt design
2018-04-01 15:59:58 +03:00
Ron Eldor
1c9f9be9a2 update ChangeLog
Update ChangeLog with suggested rephrasing
2018-04-01 15:14:07 +03:00
Ron Eldor
b2aacec417 Take Cryptographic API outside the XXX_ALT check
The cryptographic API should not be related to whether or not
there is alternative implementation. The API should be same for regular
implementation, and for alternative implementation, so it is defined
outside of the XXX_ALT precompilation check in the cryptographic API header
2018-04-01 15:12:46 +03:00
Gilles Peskine
90a8b5219f Merge branch 'pr_1480' into development-proposed 2018-04-01 12:44:06 +02:00
Gilles Peskine
092bf3dd38 Add original PR reference 2018-04-01 12:43:48 +02:00
Gilles Peskine
0ed632f445 Merge remote-tracking branch 'upstream-public/pr/1499' into development-proposed 2018-04-01 12:41:22 +02:00
Gilles Peskine
5e4464e392 Merge remote-tracking branch 'upstream-public/pr/1539' into development-proposed 2018-04-01 12:40:37 +02:00
Gilles Peskine
695d557dcf Merge branch 'pr_1180' into development-proposed 2018-04-01 12:26:36 +02:00
Gilles Peskine
4045c74421 Minor changelog improvement 2018-04-01 12:25:48 +02:00
Gilles Peskine
c96ccf4b3f Add ChangeLog entry to credit independent contribution
Also: fixes #1437
2018-03-31 22:57:03 +02:00
Darryl Green
eea1c4ee5a Improve documentation of mbedtls_ssl_write() 2018-03-29 16:41:09 +01:00
Andrzej Kurek
a357f1a6ca Move changelog entry to bugfix from changes 2018-03-29 08:17:15 -04:00
Jaeden Amero
4ba87fc958 Merge remote-tracking branch 'upstream-public/pr/758' into development-proposed 2018-03-29 11:01:38 +01:00
Jaeden Amero
2ad47e3bcc Merge remote-tracking branch 'upstream-public/pr/1528' into development-proposed 2018-03-29 11:00:50 +01:00
Jaeden Amero
78a03ec230 Merge remote-tracking branch 'upstream-public/pr/1379' into development-proposed 2018-03-29 10:57:57 +01:00
Jaeden Amero
90226be779 Merge remote-tracking branch 'upstream-public/pr/1467' into development-proposed 2018-03-28 15:35:22 +01:00
Jaeden Amero
2843d21d99 Merge remote-tracking branch 'upstream-public/pr/1523' into development-proposed 2018-03-28 15:32:13 +01:00