Commit graph

8043 commits

Author SHA1 Message Date
Simon Butcher 862e703d51 Merge remote-tracking branch 'public/pr/921' into development 2018-07-20 14:30:50 +01:00
Simon Butcher be685ba337 Merge remote-tracking branch 'public/pr/1836' into development 2018-07-19 20:01:23 +01:00
Simon Butcher 4f37bcabf9 Fix ChangeLog entry for issue #1663
The ChangeLog entry was under the wrong version, and under Changes, not
BugFixes.
2018-07-19 19:52:32 +01:00
Simon Butcher df15356259 Merge remote-tracking branch 'public/pr/1663' into development 2018-07-19 19:48:10 +01:00
Simon Butcher fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Simon Butcher a72098b4d6 Merge remote-tracking branch 'public/pr/1778' into development 2018-07-19 16:10:38 +01:00
Simon Butcher ca33cafab0 Add definition of purpose and use of networking module
The purpose of the networking module can sometimes be misunderstood. This adds
a definition and explanation of what the networking module is and what it can be
used for.
2018-07-18 17:52:14 +01:00
Ron Eldor 00115034ea Repharse comments
Rephrase comments to clarify them.
2018-07-17 11:21:50 +03:00
k-stachowiak 6ca436a457 Update change log 2018-07-16 12:20:10 +02:00
Manuel Pégourié-Gonnard 830ce11eba Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-11 18:27:08 +02:00
k-stachowiak 21feae58cb Update change log 2018-07-11 17:34:55 +02:00
k-stachowiak a47911cb70 Fix memory leak in ssl_setup 2018-07-11 17:26:07 +02:00
Dawid Drozd 0e2c07e83e
Remove unnecessary mark as unused #1098
`ret` is used always at line 1305 in statement:
`if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )`
2018-07-11 15:16:53 +02:00
Manuel Pégourié-Gonnard 8744a02357 Clarify a few comments
The "+" sign could be misinterpreted as addition.
2018-07-11 12:30:40 +02:00
Simon Butcher 4b9a3addb6 Disable use of the i386 assembly for option -O0
We don't compile in the assembly code if compiler optimisations are disabled as
the number of registers used in the assembly code doesn't work with the -O0
option. Also anyone select -O0 probably doesn't want to compile in the assembly
code anyway.
2018-07-10 20:18:29 +01:00
Gilles Peskine 604ccc6608 Add ChangeLog entry 2018-07-10 16:50:33 +02:00
Simon Butcher 00af447ba8 Add ChangeLog entry for PR #536 2018-07-10 15:35:43 +01:00
Simon Butcher e7aeef09ee Merge remote-tracking branch 'public/pr/536' into development 2018-07-10 15:24:26 +01:00
Simon Butcher 32b074720e Merge remote-tracking branch 'public/pr/1737' into development 2018-07-10 14:57:50 +01:00
Simon Butcher 727325baa7 Merge remote-tracking branch 'public/pr/1788' into development 2018-07-10 14:54:52 +01:00
Simon Butcher 24c0dbf71e Merge remote-tracking branch 'public/pr/1821' into development 2018-07-10 14:34:01 +01:00
Simon Butcher cdbb2f2168 Merge remote-tracking branch 'public/pr/1563' into development 2018-07-10 12:49:26 +01:00
Simon Butcher 231d7e5669 Add ChangeLog entry for PR #1567.
ChangeLog entry for platform support for the Haiku OS. PR #1567.
2018-07-10 11:56:19 +01:00
Simon Butcher 6331cb0607 Fix some whitespace issues in ChangeLog and CMakeLists.txt
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
2018-07-10 11:48:42 +01:00
Simon Butcher d21bd31759 Merge remote-tracking branch 'public/pr/1567' into development 2018-07-10 11:43:06 +01:00
Manuel Pégourié-Gonnard 6a25cfae2a Avoid debug message that might leak length
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-10 11:15:36 +02:00
k-stachowiak a5fbfd7cd8 Enable snprintf on FreeBSD 2018-07-08 13:22:11 +01:00
Brian J Murray a61d123e0e Minor changes to comments in hkdf.c 2018-07-06 10:02:39 -07:00
Jaeden Amero cdb5cc570c tests: dhm: Rename Hallman to Hellman
Fix typo of Diffie-Hallman to Diffie-Hellman.
2018-07-06 13:20:09 +01:00
Manuel Pégourié-Gonnard 7b42030b5d Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Ron Eldor 636179a277 Fix typo
Fix typo in ChangeLog entry.
2018-07-05 14:33:54 +03:00
Ron Eldor 278af4536c Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-05 14:33:22 +03:00
Manuel Pégourié-Gonnard 1cc1fb0599 Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Ron Eldor 382c1db6c0 Minor fixes
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-04 17:42:47 +03:00
Simon Butcher d50f7865ea Update the CONTRIBUTING.md file for LTS branches
The CONTRIBUTING.md referred to 'legacy' branches instead of LTS branches, and
also referenced mbedtls-1.3 which is no longer maintained, and omitted
mbedtls-2.7 which is.
2018-07-03 16:11:44 +01:00
Ron Eldor 21f9afed2b Remove the namespacing from config-no-entropy.h
Remove the `mbedtls` namespacing from the `config-no-entropy.h` file,
as it is being imported to the include folder.
2018-07-03 16:07:29 +03:00
Ron Eldor 5ffc220f16 Documentation error in mbedtls_ssl_get_session
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-07-03 16:04:41 +03:00
Andrzej Kurek 991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Manuel Pégourié-Gonnard c8c12b6007 Add NULL pointer check for consistency
Most other functions in this module have a similar check.
2018-07-02 13:09:39 +02:00
Simon Butcher 05fa46e6b7 Add ChangeLog entry for #992 fix 2018-07-02 12:08:32 +01:00
Manuel Pégourié-Gonnard 78d7e8cbc7 Rename internal variable for consistency 2018-07-02 12:33:14 +02:00
Manuel Pégourié-Gonnard 4edb9cbbc0 Justify some max_ops settings in test_suite_pk 2018-07-02 12:23:23 +02:00
Manuel Pégourié-Gonnard 823c915e59 Fix mis-merged ChangeLog 2018-07-02 12:05:49 +02:00
Ron Eldor 13dfb4e0a9 Revert changes in the configs folder
Revert the changes in the `configs` folder to
align with the `README.txt` file.
2018-07-01 10:42:54 +03:00
Ron Eldor 3fa6c2760e Move definition to cipher.h
Define `MBEDTLS_CIPHER_MODE_STREAM` for `MBEDTLS_CIPHER_NULL_CIPHER`
as well, in cipher.h. Remove redundant definition in `cipher_internal.h`
2018-07-01 10:22:53 +03:00
Ron Eldor da2a31237e Add entry in ChangeLog
Add entry in ChangeLog for compilation error fix of #1719
2018-07-01 10:22:53 +03:00
Ron Eldor ab8d58cb2d Move definition of MBEDTLS_CIPHER_MODE_STREAM
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-07-01 10:20:43 +03:00
Gilles Peskine a931265509 Fix ssl-opt.sh not starting when lsof is not available
$START_DELAY was used before it was defined.
2018-06-29 15:48:13 +02:00
Nicholas Wilson 61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00
Gilles Peskine 104d85865d Add ChangeLog entry 2018-06-28 17:36:02 +02:00