Ron Eldor
7b93b6af2f
Fix typo
...
Fix typo in ChangeLog entry.
2018-07-30 11:08:57 +03:00
Ron Eldor
78e4cb967d
Fix hmac_drbg failure in benchmark, with threading
...
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:01:37 +03:00
Simon Butcher
2f7f2b1f11
Merge remote-tracking branch 'restricted/pr/502' into mbedtls-2.1-restricted
2018-07-26 14:37:12 +01:00
Simon Butcher
d908494fe5
Clarify Changelog entries
...
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:33:29 +01:00
Jaeden Amero
dcec5bb527
Update version to 2.1.14
2018-07-25 15:42:55 +01:00
Simon Butcher
3339fe9a02
Merge remote-tracking branch 'restricted/pr/495' into mbedtls-2.1
2018-07-24 23:42:13 +01:00
Simon Butcher
3661642a49
Merge remote-tracking branch 'public/pr/1804' into mbedtls-2.1
2018-07-24 13:17:26 +01:00
Simon Butcher
be9c2dce5b
Revise ChangeLog entry for empty data records fixes
2018-07-24 13:01:59 +01:00
Simon Butcher
642ddb555e
Merge remote-tracking branch 'public/pr/1864' into mbedtls-2.1
2018-07-24 13:01:02 +01:00
Simon Butcher
c098ec3af6
Merge remote-tracking branch 'public/pr/1779' into mbedtls-2.1
2018-07-20 14:47:37 +01:00
Simon Butcher
ff5bd6220b
Fix ChangeLog entry for issue #1663
...
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:59:02 +01:00
Simon Butcher
eebee76f93
Merge remote-tracking branch 'public/pr/1846' into mbedtls-2.1
2018-07-19 19:48:40 +01:00
Simon Butcher
f11daf6ff6
Merge remote-tracking branch 'public/pr/1850' into mbedtls-2.1
2018-07-19 16:14:44 +01:00
Ron Eldor
41273200a2
Update ChangeLog
...
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:16:12 +03:00
Andres Amaya Garcia
01daf2a5ef
Add ChangeLog entry for empty app data fix
2018-07-16 20:22:28 +01:00
Angus Gratton
fd1c5e8453
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:20:51 +01:00
Angus Gratton
1226dd7715
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:20:44 +01:00
Manuel Pégourié-Gonnard
534fea790e
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
99b6a711c8
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
69675d056a
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:20:33 +02:00
Simon Butcher
54cf322c05
Add fix for #1550 and credit to the ChangeLog
2018-07-10 23:02:15 +01:00
Simon Butcher
57e9fe2df4
Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1
2018-07-10 14:59:56 +01:00
Simon Butcher
ec971d7434
Merge remote-tracking branch 'public/pr/1828' into mbedtls-2.1
2018-07-10 12:51:03 +01:00
Gilles Peskine
2347d4eb3b
Add ChangeLog entry
2018-07-10 13:03:54 +02:00
Philippe Antoine
bbc7918b6b
Fixes different off by ones
2018-07-09 10:33:08 +02:00
Ron Eldor
5c8e588444
Minor fixes
...
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-05 14:59:23 +03:00
Simon Butcher
4b57a1f182
Add ChangeLog entry for #992 fix
2018-07-02 12:18:35 +01:00
niisato
000e48af07
Add ChangeLog
2018-06-29 11:31:52 +01:00
Simon Butcher
b461ba5630
Adds referene in ChangeLog for issue #1623
2018-06-28 12:14:07 +01:00
Simon Butcher
03c79a1973
Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1
2018-06-28 12:00:55 +01:00
Simon Butcher
e5828ce06c
Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1
2018-06-28 11:38:18 +01:00
Ron Eldor
d7593a5b73
Add entry in ChangeLog
...
Add entry in ChangeLog for compilation error fix of #1719
2018-06-28 08:51:37 +03:00
Ron Eldor
254530f2e0
Documentation error in mbedtls_ssl_get_session
...
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-06-27 17:51:56 +03:00
Ron Eldor
e6c2f4d168
Fix typo in ChangeLog
...
Fix typo in ChangeLog discovered in PR review
2018-06-24 17:21:08 +03:00
Ron Eldor
2c8a7ec0dd
Remove unneeded namesapcing in header files
...
Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue #857
2018-06-24 17:20:40 +03:00
Simon Butcher
ba3e5e60f2
Merge remote-tracking branch 'public/pr/1558' into mbedtls-2.1
2018-06-22 15:07:52 +01:00
Simon Butcher
b1c796ec48
Merge remote-tracking branch 'public/pr/1769' into mbedtls-2.1
2018-06-22 15:05:34 +01:00
Simon Butcher
584fad2ce6
Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse()
2018-06-22 12:19:56 +01:00
Simon Butcher
ad761c45b9
Fix multiple quality issues in the source
...
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
* incorrect file permissions
* missing newline at the end of files
* trailing whitespace
* Tabs present
* TODOs in the souce code
2018-06-22 11:22:44 +01:00
Andres Amaya Garcia
45bc7db600
Add ChangeLog entry for mbedtls_ssl_write() docs
2018-06-21 19:35:46 +01:00
Simon Butcher
6fc9ceece3
Change the library version to 2.1.13
2018-06-18 14:49:02 +01:00
Simon Butcher
494fb8f968
Add ChangeLog entry for clang version fix. Issue #1072
2018-06-18 11:56:46 +01:00
Simon Butcher
0a715b1587
Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1
2018-06-17 18:02:57 +01:00
Simon Butcher
7505ef255b
Merge remote-tracking branch 'public/pr/1712' into mbedtls-2.1
2018-06-17 18:01:54 +01:00
Simon Butcher
db3fe7cbe4
Add ChangeLog entry for Microblaze fix
2018-06-15 09:39:19 +01:00
Simon Butcher
577d39b930
Compilation warning fixes on 32b platfrom with IAR
...
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683
This is based on work by Ron Eldor in PR #750 .
2018-06-14 09:10:23 +01:00
Simon Butcher
a5fb40d9f9
Merge remote-tracking branch 'public/pr/1465' into mbedtls-2.1
2018-06-11 11:49:28 +01:00
Simon Butcher
0c362f68b3
Add ChangeLog entry for _WIN32_WINNT override fix
2018-06-08 16:27:04 +01:00
Simon Butcher
fcc7a62bb1
Merge remote-tracking branch 'public/pr/1403' into mbedtls-2.1
2018-06-01 19:43:55 +01:00
Moran Peker
6981df59e7
Remove double declaration of mbedtls_ssl_list_ciphersuites
...
Raised by TrinityTonic. #1359
2018-05-23 18:42:36 +01:00