Janos Follath
8d3fb2e167
Changelog: Add entry for prime validation fix
2018-10-19 09:21:15 +01:00
Simon Butcher
f73b437fc6
Add ChangeLog entry for PR #1812
2018-09-26 22:59:42 +01:00
Simon Butcher
fa5054ffab
Fix ChangeLog entry for PR #1972
2018-09-26 22:59:31 +01:00
Simon Butcher
651902d062
Merge remote-tracking branch 'public/pr/1972' into mbedtls-2.7
2018-09-26 22:35:51 +01:00
Simon Butcher
9863afc5e2
Merge remote-tracking branch 'public/pr/1899' into mbedtls-2.7
2018-09-26 22:00:02 +01:00
Simon Butcher
d6a63f4ca5
Clarified ChangeLog entry
...
ChangeLog entry for backport of #1890 was misleading, so corrected it.
2018-09-13 11:59:03 +01:00
Simon Butcher
34997fd291
Update library version number to 2.7.6
2018-08-31 16:07:23 +01:00
Simon Butcher
a36fe37429
Revised and clarified ChangeLog
...
Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
2018-08-31 12:00:58 +01:00
Simon Butcher
242169bdc3
Merge remote-tracking branch 'restricted/pr/498' into mbedtls-2.7-restricted
2018-08-28 15:29:55 +01:00
Simon Butcher
6910201cd1
Merge remote-tracking branch 'restricted/pr/493' into mbedtls-2.7-restricted
2018-08-28 15:23:39 +01:00
Simon Butcher
fbd0ccc0f0
Merge remote-tracking branch 'public/pr/1978' into mbedtls-2.7
2018-08-28 12:32:21 +01:00
Simon Butcher
4102b3d377
Merge remote-tracking branch 'public/pr/1888' into mbedtls-2.7
2018-08-28 12:25:12 +01:00
Simon Butcher
cc4f58d08c
Merge remote-tracking branch 'public/pr/1956' into mbedtls-2.7
2018-08-28 12:16:11 +01:00
Simon Butcher
f7be6b029e
Merge remote-tracking branch 'public/pr/1960' into mbedtls-2.7
2018-08-28 11:51:56 +01:00
Hanno Becker
20b5d14b28
Adapt ChangeLog
2018-08-23 15:14:51 +01:00
Hanno Becker
4d646a60bd
Adapt ChangeLog
2018-08-22 15:11:28 +01:00
Hanno Becker
f38db01c42
Adapt ChangeLog
2018-08-17 10:12:23 +01:00
Hanno Becker
517e84a0e3
Improve ChangeLog wording for the commmit that Fixes #1954 .
2018-08-17 10:04:08 +01:00
Hanno Becker
4a4c04dc9c
Adapt ChangeLog
2018-08-16 15:53:02 +01:00
Hanno Becker
8058800d54
Adapt ChangeLog
2018-08-14 15:48:41 +01:00
Jaeden Amero
9eb78b4dab
Merge remote-tracking branch 'upstream-public/pr/1900' into mbedtls-2.7
...
Add a Changelog entry
2018-08-10 11:26:15 +01:00
Jaeden Amero
f37a99e3fc
Merge remote-tracking branch 'upstream-public/pr/1814' into mbedtls-2.7
2018-08-10 11:01:29 +01:00
Jaeden Amero
3b69174852
Merge remote-tracking branch 'upstream-public/pr/1886' into mbedtls-2.7
2018-08-10 10:50:34 +01:00
Simon Butcher
51a46b9b38
Add ChangeLog entry for bug #1890
2018-07-30 22:15:14 +01:00
Ron Eldor
f19a7ab45d
Fix hmac_drbg failure in benchmark, with threading
...
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:13:18 +03:00
Philippe Antoine
84cc74e82b
Fix undefined shifts
...
- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key
and in ssl_cli.c : unsigned char gets promoted to signed integer
2018-07-26 22:49:42 +01:00
Simon Butcher
5ef42fd415
Merge remote-tracking branch 'restricted/pr/500' into mbedtls-2.7-restricted
2018-07-26 14:33:14 +01:00
Angus Gratton
cb7a5b0b0c
Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
...
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:08:06 +03:00
Simon Butcher
a64621929f
Clarify Changelog entries
...
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:30:20 +01:00
Jaeden Amero
8385110ae8
Update version to 2.7.5
2018-07-25 15:43:21 +01:00
Simon Butcher
7daacda940
Merge remote-tracking branch 'restricted/pr/494' into mbedtls-2.7
2018-07-24 23:40:53 +01:00
Simon Butcher
b47e0a68ab
Merge remote-tracking branch 'public/pr/1805' into mbedtls-2.7
2018-07-24 13:16:25 +01:00
Simon Butcher
a8ee41ce80
Revise ChangeLog entry for empty data records fixes
2018-07-24 12:59:21 +01:00
Simon Butcher
d5a3ed36b8
Merge remote-tracking branch 'public/pr/1863' into mbedtls-2.7
2018-07-24 12:57:15 +01:00
Simon Butcher
b65d6ce83f
Merge remote-tracking branch 'public/pr/1870' into mbedtls-2.7
2018-07-24 10:30:11 +01:00
Simon Butcher
c6a0fd8e83
Add ChangeLog entry for #1098 fix.
2018-07-24 10:17:36 +01:00
Simon Butcher
48883cd800
Merge remote-tracking branch 'public/pr/1780' into mbedtls-2.7
2018-07-20 14:40:51 +01:00
Simon Butcher
7924d93209
Fix ChangeLog entry for issue #1663
...
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:54:18 +01:00
Simon Butcher
bc5ec41c01
Merge remote-tracking branch 'public/pr/1847' into mbedtls-2.7
2018-07-19 19:48:25 +01:00
Simon Butcher
be347c6e21
Merge remote-tracking branch 'public/pr/1849' into mbedtls-2.7
2018-07-19 16:13:07 +01:00
Ron Eldor
8839e31fbc
Update ChangeLog
...
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:13:53 +03:00
Andres Amaya Garcia
8e346dc793
Add ChangeLog entry for empty app data fix
2018-07-16 20:14:53 +01:00
Angus Gratton
8946b0dd30
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:12:56 +01:00
Angus Gratton
1ba8e911ec
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:12:47 +01:00
k-stachowiak
55bea65ca9
Update change log
2018-07-16 12:30:48 +02:00
Manuel Pégourié-Gonnard
aba8c5bb3d
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
aeeaaf271c
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
5fcfd0345d
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:18:37 +02:00
Simon Butcher
a063fff51a
Fix Changelog entry for #1533 fix as a Change not a bugfix
2018-07-10 15:20:26 +01:00
Simon Butcher
28f68a3d15
Merge remote-tracking branch 'public/pr/1809' into mbedtls-2.7
2018-07-10 14:58:51 +01:00