Manuel Pégourié-Gonnard
637e234d9f
Merge remote-tracking branch 'public/pr/1915' into iotssl-165-dtls-hs-fragmentation-new
...
* public/pr/1915:
Adapt ChangeLog
Fix mbedtls_ssl_get_record_expansion() for ChaChaPoly and CBC
2018-08-16 10:01:21 +02:00
Manuel Pégourié-Gonnard
0b1d9b2c75
Declare ssl_conf_mtu()
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
01ec4af023
Add ChangeLog entry
2018-08-16 10:01:10 +02:00
Hanno Becker
9dc3be7601
Improve wording in ChangeLog
2018-08-14 15:22:05 +01:00
Hanno Becker
361f254eab
Adapt ChangeLog
2018-08-13 16:36:58 +01:00
Jaeden Amero
d8f41698d2
Merge remote-tracking branch 'upstream-public/pr/1598' into development
...
Add a Changelog entry
2018-08-10 11:23:15 +01:00
Jaeden Amero
03bd4847b3
Merge remote-tracking branch 'upstream-public/pr/1861' into development
...
Add Changelog entry
2018-08-10 11:17:14 +01:00
Jaeden Amero
cac0c1a250
Merge remote-tracking branch 'upstream-public/pr/1378' into development
2018-08-10 10:59:53 +01:00
Jaeden Amero
372b50b252
Add a ChangeLog entry for #1816
2018-08-10 10:56:31 +01:00
Jaeden Amero
f48163a960
Merge remote-tracking branch 'upstream-public/pr/1834' into development
2018-08-10 10:49:10 +01:00
Hanno Becker
448146407f
Adapt ChangeLog
2018-08-03 10:07:39 +01:00
Simon Butcher
b363382ba4
Add ChangeLog entry for bug #1890
2018-07-30 22:10:48 +01:00
Angus Gratton
608a487b9c
Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
...
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-27 09:15:34 +10:00
Simon Butcher
6c34268e20
Merge remote-tracking branch 'restricted/pr/501' into development-restricted
2018-07-26 14:24:56 +01:00
Simon Butcher
f11a7cda73
Clarify Changelog entries
...
Corrected the Changelog to move an entry in the wrong place after a merge, some
entries which were Changes not bugfixes, and corrected style issues.
2018-07-25 17:29:59 +01:00
Jaeden Amero
193c86425e
Update version to 2.12.0
2018-07-25 15:42:26 +01:00
Simon Butcher
37b9fd5df6
Merge remote-tracking branch 'restricted/pr/490' into development
2018-07-24 23:40:37 +01:00
Simon Butcher
2c92949e0a
Merge remote-tracking branch 'public/pr/1198' into development
2018-07-24 17:20:17 +01:00
Simon Butcher
c88c627fba
Merge remote-tracking branch 'public/pr/1658' into development
2018-07-24 17:19:10 +01:00
Ron Eldor
9cf0d53adc
Add ChangeLog
...
Add entry in ChangeLog for the Key Wrapping feature.
2018-07-24 16:43:20 +01:00
Simon Butcher
ccb43df37e
Merge remote-tracking branch 'public/pr/927' into development
2018-07-24 13:06:54 +01:00
Simon Butcher
dad05b7fc9
Merge remote-tracking branch 'public/pr/1844' into development
2018-07-24 13:05:09 +01:00
Simon Butcher
05330541ea
Revise ChangeLog entry for empty data records fixes
2018-07-24 12:54:15 +01:00
Simon Butcher
116ac43d00
Merge remote-tracking branch 'public/pr/1852' into development
2018-07-24 12:18:59 +01:00
Simon Butcher
fced1f2fb3
Merge remote-tracking branch 'public/pr/1854' into development
2018-07-24 10:26:46 +01:00
Simon Butcher
ecb635efca
Add ChangeLog entry for #1098 fix.
2018-07-24 10:03:41 +01:00
Brian J Murray
4736e96568
add myself to changelog
2018-07-23 10:34:47 -07:00
Andres Amaya Garcia
81f0633c16
Add ChangeLog entry for empty app data fix
2018-07-20 23:09:29 +01:00
Angus Gratton
1a7a17e548
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-20 23:09:29 +01:00
Angus Gratton
b512bc1d29
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-20 23:09:29 +01:00
Simon Butcher
922bd1efb2
Merge remote-tracking branch 'public/pr/1752' into development
2018-07-20 14:33:18 +01:00
Simon Butcher
862e703d51
Merge remote-tracking branch 'public/pr/921' into development
2018-07-20 14:30:50 +01:00
Simon Butcher
4f37bcabf9
Fix ChangeLog entry for issue #1663
...
The ChangeLog entry was under the wrong version, and under Changes, not
BugFixes.
2018-07-19 19:52:32 +01:00
Simon Butcher
df15356259
Merge remote-tracking branch 'public/pr/1663' into development
2018-07-19 19:48:10 +01:00
Simon Butcher
a72098b4d6
Merge remote-tracking branch 'public/pr/1778' into development
2018-07-19 16:10:38 +01:00
Manuel Pégourié-Gonnard
830ce11eba
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-11 18:27:08 +02:00
Simon Butcher
00af447ba8
Add ChangeLog entry for PR #536
2018-07-10 15:35:43 +01:00
Simon Butcher
32b074720e
Merge remote-tracking branch 'public/pr/1737' into development
2018-07-10 14:57:50 +01:00
Simon Butcher
cdbb2f2168
Merge remote-tracking branch 'public/pr/1563' into development
2018-07-10 12:49:26 +01:00
Simon Butcher
231d7e5669
Add ChangeLog entry for PR #1567 .
...
ChangeLog entry for platform support for the Haiku OS. PR #1567 .
2018-07-10 11:56:19 +01:00
Simon Butcher
6331cb0607
Fix some whitespace issues in ChangeLog and CMakeLists.txt
...
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
2018-07-10 11:48:42 +01:00
Manuel Pégourié-Gonnard
7b42030b5d
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Manuel Pégourié-Gonnard
1cc1fb0599
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Ron Eldor
382c1db6c0
Minor fixes
...
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-04 17:42:47 +03:00
Ron Eldor
5ffc220f16
Documentation error in mbedtls_ssl_get_session
...
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-07-03 16:04:41 +03:00
Simon Butcher
05fa46e6b7
Add ChangeLog entry for #992 fix
2018-07-02 12:08:32 +01:00
Ron Eldor
da2a31237e
Add entry in ChangeLog
...
Add entry in ChangeLog for compilation error fix of #1719
2018-07-01 10:22:53 +03:00
Gilles Peskine
104d85865d
Add ChangeLog entry
2018-06-28 17:36:02 +02:00
Simon Butcher
1ab9b57148
Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse()
2018-06-28 12:13:14 +01:00
Simon Butcher
4b6b08e7d2
Merge remote-tracking branch 'public/pr/1006' into development
2018-06-28 12:08:59 +01:00