Gilles Peskine 
							
						 
						
							
							
							
							
								
							
							
								ed7da59798 
								
							 
						 
						
							
							
								
								ctr_drbg: add comments relating the code with the NIST specification  
							
							
							
						 
						
							2018-08-21 17:55:46 +03:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jaeden Amero 
							
						 
						
							
							
							
							
								
							
							
								141e767fa9 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'upstream-public/pr/1942' into development  
							
							... 
							
							
							
							Resolve conflicts in ChangeLog 
							
						 
						
							2018-08-17 14:26:51 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Hanno Becker 
							
						 
						
							
							
							
							
								
							
							
								7864090ec1 
								
							 
						 
						
							
							
								
								Reset session_in/out pointers in ssl_session_reset_int()  
							
							... 
							
							
							
							Fixes  #1941 . 
						
							2018-08-13 16:35:15 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Ron Eldor 
							
						 
						
							
							
							
							
								
							
							
								d1a4762adb 
								
							 
						 
						
							
							
								
								Use mbedtls_printf instead of printf  
							
							... 
							
							
							
							Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes  #1908  
							
						 
						
							2018-08-13 13:49:52 +03:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jaeden Amero 
							
						 
						
							
							
							
							
								
							
							
								d8f41698d2 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'upstream-public/pr/1598' into development  
							
							... 
							
							
							
							Add a Changelog entry 
							
						 
						
							2018-08-10 11:23:15 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jaeden Amero 
							
						 
						
							
							
							
							
								
							
							
								cac0c1a250 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'upstream-public/pr/1378' into development  
							
							
							
						 
						
							2018-08-10 10:59:53 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Ron Eldor 
							
						 
						
							
							
							
							
								
							
							
								1b9b217abf 
								
							 
						 
						
							
							
								
								enforce input and output of ccm selftest on stack  
							
							... 
							
							
							
							In `mbedtls_ccm_self_test()`, enforce input and output
buffers sent to the ccm API to be contigous and aligned,
by copying the test vectors to buffers on the stack. 
							
						 
						
							2018-07-30 11:29:26 +03:00 
							
								 
							
						 
					 
				
					
						
							
							
								Angus Gratton 
							
						 
						
							
							
							
							
								
							
							
								608a487b9c 
								
							 
						 
						
							
							
								
								Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails  
							
							... 
							
							
							
							In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions. 
							
						 
						
							2018-07-27 09:15:34 +10:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jaeden Amero 
							
						 
						
							
							
							
							
								
							
							
								193c86425e 
								
							 
						 
						
							
							
								
								Update version to 2.12.0  
							
							
							
						 
						
							2018-07-25 15:42:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								37b9fd5df6 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'restricted/pr/490' into development  
							
							
							
						 
						
							2018-07-24 23:40:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								2c92949e0a 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1198' into development  
							
							
							
						 
						
							2018-07-24 17:20:17 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								c88c627fba 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1658' into development  
							
							
							
						 
						
							2018-07-24 17:19:10 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Ron Eldor 
							
						 
						
							
							
							
							
								
							
							
								9ab746c7c9 
								
							 
						 
						
							
							
								
								Add selftests  
							
							... 
							
							
							
							Add selftests for key wrapping 
							
						 
						
							2018-07-24 16:43:20 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Ron Eldor 
							
						 
						
							
							
							
							
								
							
							
								cb349ac279 
								
							 
						 
						
							
							
								
								Implement the KW and KWP algorithm  
							
							... 
							
							
							
							1. Add kw to the Makefiles
2. Implement the algorithms as defined in SP800-38F, and RFC 3394. 
							
						 
						
							2018-07-24 16:43:20 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Ron Eldor 
							
						 
						
							
							
							
							
								
							
							
								466a57fbbe 
								
							 
						 
						
							
							
								
								Key wrapping API definition  
							
							... 
							
							
							
							Define the Key Wrapping API 
							
						 
						
							2018-07-24 16:43:20 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								dad05b7fc9 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1844' into development  
							
							
							
						 
						
							2018-07-24 13:05:09 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								116ac43d00 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1852' into development  
							
							
							
						 
						
							2018-07-24 12:18:59 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								fced1f2fb3 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1854' into development  
							
							
							
						 
						
							2018-07-24 10:26:46 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Brian J Murray 
							
						 
						
							
							
							
							
								
							
							
								ca2ea4e217 
								
							 
						 
						
							
							
								
								Fix issue if salt = NULL and salt_len !=0 in mbedtls_hkdf_extract()  
							
							
							
						 
						
							2018-07-23 10:34:47 -07:00 
							
								 
							
						 
					 
				
					
						
							
							
								Angus Gratton 
							
						 
						
							
							
							
							
								
							
							
								1a7a17e548 
								
							 
						 
						
							
							
								
								Check for invalid short Alert messages  
							
							... 
							
							
							
							(Short Change Cipher Spec & Handshake messages are already checked for.) 
							
						 
						
							2018-07-20 23:09:29 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Angus Gratton 
							
						 
						
							
							
							
							
								
							
							
								34817929ea 
								
							 
						 
						
							
							
								
								TLSv1.2: Treat zero-length fragments as invalid, unless they are application data  
							
							... 
							
							
							
							TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all). 
							
						 
						
							2018-07-20 23:09:29 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Angus Gratton 
							
						 
						
							
							
							
							
								
							
							
								b512bc1d29 
								
							 
						 
						
							
							
								
								CBC mode: Allow zero-length message fragments (100% padding)  
							
							... 
							
							
							
							Fixes https://github.com/ARMmbed/mbedtls/issues/1632  
							
						 
						
							2018-07-20 23:09:29 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								922bd1efb2 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1752' into development  
							
							
							
						 
						
							2018-07-20 14:33:18 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								df15356259 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1663' into development  
							
							
							
						 
						
							2018-07-19 19:48:10 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Dawid Drozd 
							
						 
						
							
							
								
								
							
							
							
								
							
							
								0e2c07e83e 
								
							 
						 
						
							
							
								
								Remove unnecessary mark as unused  #1098  
							
							... 
							
							
							
							`ret` is used always at line 1305 in statement:
`if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )` 
							
						 
						
							2018-07-11 15:16:53 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								8744a02357 
								
							 
						 
						
							
							
								
								Clarify a few comments  
							
							... 
							
							
							
							The "+" sign could be misinterpreted as addition. 
							
						 
						
							2018-07-11 12:30:40 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								e7aeef09ee 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/536' into development  
							
							
							
						 
						
							2018-07-10 15:24:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								32b074720e 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1737' into development  
							
							
							
						 
						
							2018-07-10 14:57:50 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								cdbb2f2168 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1563' into development  
							
							
							
						 
						
							2018-07-10 12:49:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								6331cb0607 
								
							 
						 
						
							
							
								
								Fix some whitespace issues in ChangeLog and CMakeLists.txt  
							
							... 
							
							
							
							Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog. 
							
						 
						
							2018-07-10 11:48:42 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								d21bd31759 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1567' into development  
							
							
							
						 
						
							2018-07-10 11:43:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6a25cfae2a 
								
							 
						 
						
							
							
								
								Avoid debug message that might leak length  
							
							... 
							
							
							
							The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not. 
							
						 
						
							2018-07-10 11:15:36 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								k-stachowiak 
							
						 
						
							
							
							
							
								
							
							
								a5fbfd7cd8 
								
							 
						 
						
							
							
								
								Enable snprintf on FreeBSD  
							
							
							
						 
						
							2018-07-08 13:22:11 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Brian J Murray 
							
						 
						
							
							
							
							
								
							
							
								a61d123e0e 
								
							 
						 
						
							
							
								
								Minor changes to comments in hkdf.c  
							
							
							
						 
						
							2018-07-06 10:02:39 -07:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								7b42030b5d 
								
							 
						 
						
							
							
								
								Add counter-measure to cache-based Lucky 13  
							
							... 
							
							
							
							The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read. 
							
						 
						
							2018-07-05 14:44:49 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								1cc1fb0599 
								
							 
						 
						
							
							
								
								Fix Lucky 13 cache attack on MD/SHA padding  
							
							... 
							
							
							
							The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function. 
							
						 
						
							2018-07-05 10:47:00 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Ron Eldor 
							
						 
						
							
							
							
							
								
							
							
								ab8d58cb2d 
								
							 
						 
						
							
							
								
								Move definition of MBEDTLS_CIPHER_MODE_STREAM  
							
							... 
							
							
							
							Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719  
							
						 
						
							2018-07-01 10:20:43 +03:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								034e1398f0 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1621' into development  
							
							
							
						 
						
							2018-06-28 12:09:15 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								4b6b08e7d2 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1006' into development  
							
							
							
						 
						
							2018-06-28 12:08:59 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								1d97cab5f5 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1645' into development  
							
							
							
						 
						
							2018-06-28 12:06:16 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								bea00bd89c 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1783' into development  
							
							
							
						 
						
							2018-06-28 12:04:19 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								6665b67ddf 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/1390' into development  
							
							
							
						 
						
							2018-06-27 10:51:47 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Nicholas Wilson 
							
						 
						
							
							
							
							
								
							
							
								2682edf205 
								
							 
						 
						
							
							
								
								Fix build using -std=c99  
							
							... 
							
							
							
							In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers. 
							
						 
						
							2018-06-25 12:00:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Nicholas Wilson 
							
						 
						
							
							
							
							
								
							
							
								512b4ee9c7 
								
							 
						 
						
							
							
								
								Use gmtime_r to fix thread-safety issue, and use mbedtls_time on Windows  
							
							
							
						 
						
							2018-06-25 11:59:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								niisato 
							
						 
						
							
							
							
							
								
							
							
								8ee2422ef8 
								
							 
						 
						
							
							
								
								about a issue Replace "new" variable  #1782  
							
							
							
						 
						
							2018-06-25 19:05:48 +09:00 
							
								 
							
						 
					 
				
					
						
							
							
								Andres Amaya Garcia 
							
						 
						
							
							
							
							
								
							
							
								bf7fe4f3f0 
								
							 
						 
						
							
							
								
								Replace check with APPLE with CMAKE_SYSTEM_NAME  
							
							
							
						 
						
							2018-06-21 20:21:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Andres Amaya Garcia 
							
						 
						
							
							
							
							
								
							
							
								5b92352374 
								
							 
						 
						
							
							
								
								Document ssl_write_real() behaviour in detail  
							
							
							
						 
						
							2018-06-21 19:23:21 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Ron Eldor 
							
						 
						
							
							
							
							
								
							
							
								755bb6af5f 
								
							 
						 
						
							
							
								
								Add ecc extensions only if ecc ciphersuite is used  
							
							... 
							
							
							
							Fix compliancy to RFC4492. ECC extensions should be included
only if ec ciphersuites are used. Interoperability issue with
bouncy castle. #1157  
							
						 
						
							2018-06-21 16:35:26 +03:00 
							
								 
							
						 
					 
				
					
						
							
							
								Andres Amaya Garcia 
							
						 
						
							
							
							
							
								
							
							
								e3402ce44f 
								
							 
						 
						
							
							
								
								Enable APPLE_BUILD in makefile if using system ar  
							
							
							
						 
						
							2018-06-20 10:43:21 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Philippe Antoine 
							
						 
						
							
							
							
							
								
							
							
								21f73b57ed 
								
							 
						 
						
							
							
								
								Coding style  
							
							... 
							
							
							
							Commit to be squashed 
							
						 
						
							2018-06-20 08:13:24 +02:00