Simon Butcher
e9aa8c1d6d
Merge remote-tracking branch 'public/pr/1838' into mbedtls-2.7
2018-07-19 20:01:33 +01:00
Simon Butcher
7924d93209
Fix ChangeLog entry for issue #1663
...
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:54:18 +01:00
Simon Butcher
bc5ec41c01
Merge remote-tracking branch 'public/pr/1847' into mbedtls-2.7
2018-07-19 19:48:25 +01:00
Simon Butcher
cd9a2c6dd1
Merge remote-tracking branch 'public/pr/1848' into mbedtls-2.7
2018-07-19 16:17:07 +01:00
Simon Butcher
be347c6e21
Merge remote-tracking branch 'public/pr/1849' into mbedtls-2.7
2018-07-19 16:13:07 +01:00
Ron Eldor
8839e31fbc
Update ChangeLog
...
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:13:53 +03:00
Ron Eldor
a9779f1aff
Repharse comments
...
Rephrase comments to clarify them.
2018-07-17 13:32:31 +03:00
Andres Amaya Garcia
14783c47e7
Add test for empty app data records to ssl-opt.sh
2018-07-16 20:14:54 +01:00
Andres Amaya Garcia
8e346dc793
Add ChangeLog entry for empty app data fix
2018-07-16 20:14:53 +01:00
Andres Amaya Garcia
46a6d5cbe5
Fix ssl_client2 to send 0-length app data
2018-07-16 20:14:45 +01:00
Angus Gratton
8946b0dd30
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:12:56 +01:00
Angus Gratton
b91cb6e1e6
TLSv1.2: Treat zero-length fragments as invalid, unless they are application data
...
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
2018-07-16 20:12:55 +01:00
Angus Gratton
1ba8e911ec
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:12:47 +01:00
k-stachowiak
55bea65ca9
Update change log
2018-07-16 12:30:48 +02:00
k-stachowiak
6978949cd0
Prevent buffer overread by one byte
2018-07-16 12:30:39 +02:00
Manuel Pégourié-Gonnard
aba8c5bb3d
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
7c34432b2d
Avoid debug message that might leak length
...
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
aeeaaf271c
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
5fcfd0345d
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:18:37 +02:00
Simon Butcher
d064b5c87b
Disable use of the i386 assembly for option -O0
...
We don't compile in the assembly code if compiler optimisations are disabled as
the number of registers used in the assembly code doesn't work with the -O0
option. Also anyone select -O0 probably doesn't want to compile in the assembly
code anyway.
2018-07-10 23:20:01 +01:00
Andres Amaya Garcia
808a09ca85
Remove redundant ret = 1 in dh_client.c
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
cfb61b33cf
Add missing platform macro defines in cert_app.c
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
9f92a805e9
Add missing platform macro defines in pk_decrypt.c
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
2b0599bc91
Fix typo in platform macro defines for examples
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
0dcc6a9f7d
Fix ret code in gen_random_havege.c
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
053e1cd7ab
Fix ret code in rsa_encrypt.c
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
156099b76f
Fix ret code in rsa_decrypt.c
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
8ec767c042
Fix ret code in cert_app.c
2018-07-10 17:34:25 +01:00
Andres Amaya Garcia
77d2de223c
Fix ret code in generic_sum.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
2702000d2c
Fix ret code in pk_verify.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
a5236b1dd3
Fix ret code in pk_sign.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
a0ea01d273
Fix ret code in pk_encrypt.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
141b4f4526
Fix ret code in pk_encrypt.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
81982c84d4
Fix ret code in ecdh_curve25519.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
c899c464f6
Fix ret code in mpi_demo.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
6118adab09
Fix ret code in pem2der.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
73081c3e2f
Fix ret code in ssl_cert_test.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
01e3d21350
Fix ret code in udp_proxy.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
12ab7a6884
Fix ret code in req_app.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
8fe4d917f7
Fix ret code in crl_app.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
a7ac5ab2ee
Fix ret code in cert_write.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
7bd88dc44c
Fix ret code in cert_req.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
ea14fe76d5
Fix ret code in ssl_mail_client.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
e4f79e1902
Fix ret code in ssl_fork_server.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
bc1af79add
Fix ret code in ssl_client1.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
ac0e3e7b11
Fix ret code in gen_random_ctr_drbg.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
43e65fbbca
Fix ret code in gen_entropy.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
1b04390e4f
Fix ret code in rsa_verify_pss.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
1e36af911b
Fix ret code in rsa_verify.c
2018-07-10 17:34:24 +01:00
Andres Amaya Garcia
0b20b4e4cd
Fix ret code in rsa_sign_pss.c
2018-07-10 17:34:24 +01:00