mbedtls/library
Manuel Pégourié-Gonnard 99b6a711c8 Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-12 10:20:33 +02:00
..
.gitignore
aes.c
aesni.c Fix build errors on x32 by using the generic 'add' instruction 2018-01-29 21:54:26 +01:00
arc4.c
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 17:45:29 +01:00
asn1write.c Fix potential double free in cert writing code 2015-12-10 11:24:35 +01:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-20 21:51:18 +00:00
bignum.c Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed 2018-03-13 17:26:49 +01:00
blowfish.c
camellia.c
ccm.c
certs.c Fix 2.1-specific remaining MD/PK depend issues 2018-03-13 11:53:48 +01:00
cipher_wrap.c
cipher.c return plaintext data faster on unpadded decryption 2018-03-30 04:58:13 -04:00
CMakeLists.txt Update version to 2.1.12 2018-04-27 13:13:54 +01:00
ctr_drbg.c Zeroize tmp buf in ctr_drbg_write_seed_file() 2017-07-11 17:31:02 +01:00
debug.c Fix compilation error with Mingw32 2018-01-22 19:06:57 +02:00
des.c
dhm.c Merge remote-tracking branch 'upstream-restricted/pr/406' into mbedtls-2.1-restricted 2017-11-28 16:19:19 +01:00
ecdh.c
ecdsa.c Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH 2018-03-30 18:51:14 +02:00
ecp_curves.c ECP: Prevent freeing a buffer on stack 2017-02-28 18:56:35 +00:00
ecp.c Fix information leak in ecp_gen_keypair_base 2017-10-25 15:44:10 +01:00
entropy_poll.c
entropy.c Merge branch 'pr_1276' into mbedtls-2.1-proposed 2018-03-12 23:51:01 +01:00
error.c Update error.c 2018-03-30 18:51:31 +02:00
gcm.c Backport 2.1: check if iv is zero in gcm. 2017-07-20 00:30:44 +02:00
havege.c
hmac_drbg.c Zeroize tmp bufs in hmac_drbg.c functions 2017-07-11 17:22:03 +01:00
Makefile Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed 2018-04-01 12:41:33 +02:00
md2.c Fix integer overflows in buffer bound checks 2017-02-20 21:49:01 +00:00
md4.c
md5.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:20:33 +02:00
md_wrap.c
md.c Zeroize tmp buf in mbedtls_md_file() md.c 2017-07-11 17:19:30 +01:00
memory_buffer_alloc.c Fix braces in mbedtls_memory_buffer_alloc_status() 2018-04-17 16:46:41 +02:00
net.c Fix typo and bracketing in macro args 2018-01-22 22:32:19 +01:00
oid.c pkcs5v2: add support for additional hmacSHA algorithms 2018-02-14 11:12:58 +01:00
padlock.c
pem.c Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed 2018-03-12 23:44:48 +01:00
pk_wrap.c Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH 2018-03-30 18:51:14 +02:00
pk.c Change PK module preprocessor check on word size 2017-08-04 13:43:07 +01:00
pkcs5.c Fix coding style in pkcs5.c preprocessor directives 2018-03-27 21:33:05 +01:00
pkcs11.c
pkcs12.c
pkparse.c Fix parsing of PKCS#8 encoded Elliptic Curve keys. 2018-03-22 18:03:30 -07:00
pkwrite.c Fix other occurrences of same bounds check issue 2015-11-02 10:43:03 +09:00
platform.c Fix compilation error with Mingw32 2018-01-22 19:06:57 +02:00
ripemd160.c
rsa.c Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed 2018-03-13 17:26:49 +01:00
sha1.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:20:33 +02:00
sha256.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:20:33 +02:00
sha512.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:20:33 +02:00
ssl_cache.c Address PR review comments 2017-10-30 18:11:38 +02:00
ssl_ciphersuites.c Undo API change 2017-06-20 19:33:51 +01:00
ssl_cli.c ssl_cli: Fix all.sh test failure for ECJPAKE typo 2018-04-26 10:43:28 +01:00
ssl_cookie.c Backport 2.1:Resource leak in ssl_cookie and mutex 2017-03-02 21:11:16 +00:00
ssl_srv.c Merge remote-tracking branch 'upstream-restricted/pr/442' into mbedtls-2.1-restricted 2018-01-23 00:47:43 +01:00
ssl_ticket.c
ssl_tls.c Add counter-measure to cache-based Lucky 13 2018-07-12 10:20:33 +02:00
threading.c Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:32:47 +00:00
timing.c Fix alarm(0) failure on mingw32 2018-01-29 13:23:40 +01:00
version_features.c Adapt version_features.c 2018-02-22 16:18:07 +01:00
version.c
x509_create.c Fix other occurrences of same bounds check issue 2015-11-02 10:43:03 +09:00
x509_crl.c x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
x509_crt.c Allow the entry_name size to be set in config.h 2018-05-11 16:38:38 +01:00
x509_csr.c Prevent signed integer overflow in CSR parsing 2017-07-26 17:59:20 +01:00
x509.c Correctly handle leap year in x509_date_is_valid() 2017-10-12 21:03:01 +01:00
x509write_crt.c Use X509 CRT version macros for version checks in x509write_crt_der 2017-10-04 14:52:21 +01:00
x509write_csr.c Minor style and typo corrections 2017-10-04 14:51:32 +01:00
xtea.c