Nir Sonnenschein
b7ebbcaa2c
compile time warning of 128bit ctr_drbg keys and standardized warnings
...
a compile time print was added warning in case of 128bit ctr_drbg keys.
This was don't to avoid an actual warning in these cases
(making build with warnings as errors possible).
Additional warnings on the Changelog/headers were set to use the same phrasing
phrasing was approved by Gilles and Janos.
2018-08-29 10:20:12 +03:00
Simon Butcher
8a552cf9d6
Merge remote-tracking branch 'public/pr/1920' into development-restricted
2018-08-28 15:39:38 +01:00
Simon Butcher
129fa82908
Merge remote-tracking branch 'restricted/pr/470' into development-restricted
2018-08-28 15:26:11 +01:00
Simon Butcher
7f85563f9b
Merge remote-tracking branch 'restricted/pr/491' into development-restricted
2018-08-28 15:22:40 +01:00
Hanno Becker
02f6f5af26
Adapt ChangeLog
...
Make explicit that buffering support is about DTLS.
2018-08-28 12:54:27 +01:00
Simon Butcher
9ce5160fea
Merge remote-tracking branch 'public/pr/1965' into development
2018-08-28 12:34:14 +01:00
Simon Butcher
676d3fd116
Merge remote-tracking branch 'public/pr/1129' into development
2018-08-28 12:31:23 +01:00
Simon Butcher
9d5a9e1213
Merge remote-tracking branch 'public/pr/1625' into development
2018-08-28 12:23:40 +01:00
Simon Butcher
14dac0953e
Merge remote-tracking branch 'public/pr/1918' into development
2018-08-28 12:21:41 +01:00
Simon Butcher
1846e406c8
Merge remote-tracking branch 'public/pr/1939' into development
2018-08-28 12:19:56 +01:00
Simon Butcher
9598845d11
Merge remote-tracking branch 'public/pr/1955' into development
2018-08-28 12:00:18 +01:00
Simon Butcher
4613772dea
Merge remote-tracking branch 'public/pr/1915' into development
2018-08-28 11:45:44 +01:00
Hanno Becker
0e96585bdd
Merge branch 'datagram_packing' into message_reordering
2018-08-24 12:16:41 +01:00
Hanno Becker
1841b0a11c
Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
...
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00
Hanno Becker
a70fb95c82
Adapt ChangeLog
2018-08-23 14:36:50 +01:00
Hanno Becker
aa24937853
Adapt ChangeLog
2018-08-22 10:27:13 +01:00
Hanno Becker
3546201dbc
Merge branch 'datagram_packing' into message_reordering
2018-08-22 10:25:40 +01:00
Hanno Becker
a67dee256d
Merge branch 'iotssl-2402-basic-pmtu-adaptation' into datagram_packing
2018-08-22 10:06:38 +01:00
Manuel Pégourié-Gonnard
b8eec192f6
Implement PMTU auto-reduction in handshake
2018-08-22 10:50:30 +02:00
Hanno Becker
170e2d89da
Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing
2018-08-22 09:44:54 +01:00
Hanno Becker
5e863e02ac
Adapt ChangeLog
2018-08-21 17:52:45 +01:00
Hanno Becker
903ee3d363
Merge branch 'datagram_packing' into message_reordering
2018-08-21 17:24:17 +01:00
Nir Sonnenschein
04354b0796
add ChangeLog entry
2018-08-21 17:53:38 +03:00
Manuel Pégourié-Gonnard
f2f1d40d6d
Improve wording in ChangeLog and documentation
2018-08-21 09:53:22 +02:00
Hanno Becker
6aeaa05a95
Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing
2018-08-20 12:53:37 +01:00
Manuel Pégourié-Gonnard
6e7aaca146
Move MTU setting to SSL context, not config
...
This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)
There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 10:37:23 +02:00
Ron Eldor
34b03ef78f
Remove redundant else
statement
...
Remove `else` statement, as it is redundant. resolves #1776
2018-08-20 10:39:27 +03:00
Hanno Becker
f103542c3d
Adapt ChangeLog
2018-08-17 16:52:08 +01:00
Hanno Becker
d87a59cc36
Adapt ChangeLog
2018-08-17 15:51:24 +01:00
Jaeden Amero
141e767fa9
Merge remote-tracking branch 'upstream-public/pr/1942' into development
...
Resolve conflicts in ChangeLog
2018-08-17 14:26:51 +01:00
Manuel Pégourié-Gonnard
3879fdfece
Merge remote-tracking branch 'public/pr/1955' into iotssl-165-dtls-hs-fragmentation-new
...
* public/pr/1955:
Adapt ChangeLog
Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-17 10:49:47 +02:00
Hanno Becker
eb2b15accd
Improve ChangeLog wording for the commmit that Fixes #1954 .
2018-08-17 09:47:22 +01:00
Andres Amaya Garcia
a7b9f15f27
Add ChangeLog entry for configurable gmtime() in platform
2018-08-16 21:46:35 +01:00
Hanno Becker
ad0fe92fb6
Adapt ChangeLog
2018-08-16 15:52:22 +01:00
Manuel Pégourié-Gonnard
637e234d9f
Merge remote-tracking branch 'public/pr/1915' into iotssl-165-dtls-hs-fragmentation-new
...
* public/pr/1915:
Adapt ChangeLog
Fix mbedtls_ssl_get_record_expansion() for ChaChaPoly and CBC
2018-08-16 10:01:21 +02:00
Manuel Pégourié-Gonnard
0b1d9b2c75
Declare ssl_conf_mtu()
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
01ec4af023
Add ChangeLog entry
2018-08-16 10:01:10 +02:00
Janos Follath
08a4aebc46
HKDF: Add warning to partial functions
...
The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is
used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are
called in succession carefully and an equivalent way.
Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would
prevent any misuse, but doing so would require the TLS 1.3 stack to
break abstraction and bypass the module API.
To reduce the risk of misuse we add warnings to the function
descriptions.
2018-08-14 16:08:38 +01:00
Hanno Becker
9dc3be7601
Improve wording in ChangeLog
2018-08-14 15:22:05 +01:00
Hanno Becker
361f254eab
Adapt ChangeLog
2018-08-13 16:36:58 +01:00
Ron Eldor
d1a4762adb
Use mbedtls_printf instead of printf
...
Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes #1908
2018-08-13 13:49:52 +03:00
Jaeden Amero
d8f41698d2
Merge remote-tracking branch 'upstream-public/pr/1598' into development
...
Add a Changelog entry
2018-08-10 11:23:15 +01:00
Jaeden Amero
03bd4847b3
Merge remote-tracking branch 'upstream-public/pr/1861' into development
...
Add Changelog entry
2018-08-10 11:17:14 +01:00
Jaeden Amero
cac0c1a250
Merge remote-tracking branch 'upstream-public/pr/1378' into development
2018-08-10 10:59:53 +01:00
Jaeden Amero
372b50b252
Add a ChangeLog entry for #1816
2018-08-10 10:56:31 +01:00
Jaeden Amero
f48163a960
Merge remote-tracking branch 'upstream-public/pr/1834' into development
2018-08-10 10:49:10 +01:00
Andres Amaya Garcia
824dfb34b4
Add ChangeLog entry for use of gmtime
2018-08-07 20:29:57 +01:00
Hanno Becker
448146407f
Adapt ChangeLog
2018-08-03 10:07:39 +01:00
Simon Butcher
b363382ba4
Add ChangeLog entry for bug #1890
2018-07-30 22:10:48 +01:00
Angus Gratton
608a487b9c
Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
...
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-27 09:15:34 +10:00
Simon Butcher
6c34268e20
Merge remote-tracking branch 'restricted/pr/501' into development-restricted
2018-07-26 14:24:56 +01:00
Simon Butcher
f11a7cda73
Clarify Changelog entries
...
Corrected the Changelog to move an entry in the wrong place after a merge, some
entries which were Changes not bugfixes, and corrected style issues.
2018-07-25 17:29:59 +01:00
Jaeden Amero
193c86425e
Update version to 2.12.0
2018-07-25 15:42:26 +01:00
Simon Butcher
37b9fd5df6
Merge remote-tracking branch 'restricted/pr/490' into development
2018-07-24 23:40:37 +01:00
Simon Butcher
2c92949e0a
Merge remote-tracking branch 'public/pr/1198' into development
2018-07-24 17:20:17 +01:00
Simon Butcher
c88c627fba
Merge remote-tracking branch 'public/pr/1658' into development
2018-07-24 17:19:10 +01:00
Ron Eldor
9cf0d53adc
Add ChangeLog
...
Add entry in ChangeLog for the Key Wrapping feature.
2018-07-24 16:43:20 +01:00
Simon Butcher
ccb43df37e
Merge remote-tracking branch 'public/pr/927' into development
2018-07-24 13:06:54 +01:00
Simon Butcher
dad05b7fc9
Merge remote-tracking branch 'public/pr/1844' into development
2018-07-24 13:05:09 +01:00
Simon Butcher
05330541ea
Revise ChangeLog entry for empty data records fixes
2018-07-24 12:54:15 +01:00
Simon Butcher
116ac43d00
Merge remote-tracking branch 'public/pr/1852' into development
2018-07-24 12:18:59 +01:00
Simon Butcher
fced1f2fb3
Merge remote-tracking branch 'public/pr/1854' into development
2018-07-24 10:26:46 +01:00
Simon Butcher
ecb635efca
Add ChangeLog entry for #1098 fix.
2018-07-24 10:03:41 +01:00
Brian J Murray
4736e96568
add myself to changelog
2018-07-23 10:34:47 -07:00
Ron Eldor
4e64e0b922
Fix after PR comments
...
1. Don't set IV onECB
2. Fix style issues
3. reduce number of tests
2018-07-23 18:18:32 +01:00
Ron Eldor
7b01244b99
Add tests for mbedtls_cipher_crypt API
...
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091 , by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
2018-07-23 18:02:09 +01:00
Andres Amaya Garcia
81f0633c16
Add ChangeLog entry for empty app data fix
2018-07-20 23:09:29 +01:00
Angus Gratton
1a7a17e548
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-20 23:09:29 +01:00
Angus Gratton
b512bc1d29
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-20 23:09:29 +01:00
Simon Butcher
922bd1efb2
Merge remote-tracking branch 'public/pr/1752' into development
2018-07-20 14:33:18 +01:00
Simon Butcher
862e703d51
Merge remote-tracking branch 'public/pr/921' into development
2018-07-20 14:30:50 +01:00
Simon Butcher
4f37bcabf9
Fix ChangeLog entry for issue #1663
...
The ChangeLog entry was under the wrong version, and under Changes, not
BugFixes.
2018-07-19 19:52:32 +01:00
Simon Butcher
df15356259
Merge remote-tracking branch 'public/pr/1663' into development
2018-07-19 19:48:10 +01:00
Simon Butcher
a72098b4d6
Merge remote-tracking branch 'public/pr/1778' into development
2018-07-19 16:10:38 +01:00
k-stachowiak
6ca436a457
Update change log
2018-07-16 12:20:10 +02:00
Manuel Pégourié-Gonnard
830ce11eba
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-11 18:27:08 +02:00
k-stachowiak
21feae58cb
Update change log
2018-07-11 17:34:55 +02:00
Gilles Peskine
604ccc6608
Add ChangeLog entry
2018-07-10 16:50:33 +02:00
Simon Butcher
00af447ba8
Add ChangeLog entry for PR #536
2018-07-10 15:35:43 +01:00
Simon Butcher
32b074720e
Merge remote-tracking branch 'public/pr/1737' into development
2018-07-10 14:57:50 +01:00
Simon Butcher
cdbb2f2168
Merge remote-tracking branch 'public/pr/1563' into development
2018-07-10 12:49:26 +01:00
Simon Butcher
231d7e5669
Add ChangeLog entry for PR #1567 .
...
ChangeLog entry for platform support for the Haiku OS. PR #1567 .
2018-07-10 11:56:19 +01:00
Simon Butcher
6331cb0607
Fix some whitespace issues in ChangeLog and CMakeLists.txt
...
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
2018-07-10 11:48:42 +01:00
Manuel Pégourié-Gonnard
7b42030b5d
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Ron Eldor
636179a277
Fix typo
...
Fix typo in ChangeLog entry.
2018-07-05 14:33:54 +03:00
Ron Eldor
278af4536c
Fix hmac_drbg failure in benchmark, with threading
...
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-05 14:33:22 +03:00
Manuel Pégourié-Gonnard
1cc1fb0599
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Ron Eldor
382c1db6c0
Minor fixes
...
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-04 17:42:47 +03:00
Ron Eldor
5ffc220f16
Documentation error in mbedtls_ssl_get_session
...
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-07-03 16:04:41 +03:00
Simon Butcher
05fa46e6b7
Add ChangeLog entry for #992 fix
2018-07-02 12:08:32 +01:00
Manuel Pégourié-Gonnard
823c915e59
Fix mis-merged ChangeLog
2018-07-02 12:05:49 +02:00
Ron Eldor
da2a31237e
Add entry in ChangeLog
...
Add entry in ChangeLog for compilation error fix of #1719
2018-07-01 10:22:53 +03:00
Gilles Peskine
104d85865d
Add ChangeLog entry
2018-06-28 17:36:02 +02:00
Simon Butcher
1ab9b57148
Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse()
2018-06-28 12:13:14 +01:00
Simon Butcher
4b6b08e7d2
Merge remote-tracking branch 'public/pr/1006' into development
2018-06-28 12:08:59 +01:00
Simon Butcher
1d97cab5f5
Merge remote-tracking branch 'public/pr/1645' into development
2018-06-28 12:06:16 +01:00
Simon Butcher
bea00bd89c
Merge remote-tracking branch 'public/pr/1783' into development
2018-06-28 12:04:19 +01:00
Simon Butcher
9e02b973f1
Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1
2018-06-28 11:59:15 +01:00
Ron Eldor
84e62f88a2
Update ChangeLog
...
Update ChangeLog with a less ambigous description.
2018-06-28 11:09:09 +03:00
Simon Butcher
9fa21bffe6
Merge remote-tracking branch 'public/pr/1533' into development
2018-06-27 10:50:58 +01:00