Simon Butcher
231d7e5669
Add ChangeLog entry for PR #1567 .
...
ChangeLog entry for platform support for the Haiku OS. PR #1567 .
2018-07-10 11:56:19 +01:00
Simon Butcher
6331cb0607
Fix some whitespace issues in ChangeLog and CMakeLists.txt
...
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
2018-07-10 11:48:42 +01:00
Simon Butcher
d21bd31759
Merge remote-tracking branch 'public/pr/1567' into development
2018-07-10 11:43:06 +01:00
Manuel Pégourié-Gonnard
6a25cfae2a
Avoid debug message that might leak length
...
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-10 11:15:36 +02:00
k-stachowiak
a5fbfd7cd8
Enable snprintf on FreeBSD
2018-07-08 13:22:11 +01:00
Brian J Murray
a61d123e0e
Minor changes to comments in hkdf.c
2018-07-06 10:02:39 -07:00
Jaeden Amero
cdb5cc570c
tests: dhm: Rename Hallman to Hellman
...
Fix typo of Diffie-Hallman to Diffie-Hellman.
2018-07-06 13:20:09 +01:00
Manuel Pégourié-Gonnard
7b42030b5d
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Manuel Pégourié-Gonnard
1cc1fb0599
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Ron Eldor
382c1db6c0
Minor fixes
...
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-04 17:42:47 +03:00
Simon Butcher
d50f7865ea
Update the CONTRIBUTING.md file for LTS branches
...
The CONTRIBUTING.md referred to 'legacy' branches instead of LTS branches, and
also referenced mbedtls-1.3 which is no longer maintained, and omitted
mbedtls-2.7 which is.
2018-07-03 16:11:44 +01:00
Ron Eldor
21f9afed2b
Remove the namespacing from config-no-entropy.h
...
Remove the `mbedtls` namespacing from the `config-no-entropy.h` file,
as it is being imported to the include folder.
2018-07-03 16:07:29 +03:00
Ron Eldor
5ffc220f16
Documentation error in mbedtls_ssl_get_session
...
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-07-03 16:04:41 +03:00
Andrzej Kurek
991f9fefd9
all_sh: add a check for header inclusion in cpp_dummy_build.cpp
...
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Simon Butcher
05fa46e6b7
Add ChangeLog entry for #992 fix
2018-07-02 12:08:32 +01:00
Ron Eldor
13dfb4e0a9
Revert changes in the configs folder
...
Revert the changes in the `configs` folder to
align with the `README.txt` file.
2018-07-01 10:42:54 +03:00
Ron Eldor
3fa6c2760e
Move definition to cipher.h
...
Define `MBEDTLS_CIPHER_MODE_STREAM` for `MBEDTLS_CIPHER_NULL_CIPHER`
as well, in cipher.h. Remove redundant definition in `cipher_internal.h`
2018-07-01 10:22:53 +03:00
Ron Eldor
da2a31237e
Add entry in ChangeLog
...
Add entry in ChangeLog for compilation error fix of #1719
2018-07-01 10:22:53 +03:00
Ron Eldor
ab8d58cb2d
Move definition of MBEDTLS_CIPHER_MODE_STREAM
...
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-07-01 10:20:43 +03:00
Gilles Peskine
a931265509
Fix ssl-opt.sh not starting when lsof is not available
...
$START_DELAY was used before it was defined.
2018-06-29 15:48:13 +02:00
Nicholas Wilson
61fa436ad3
Address review comments - tidy usage of macros to use minimal values
2018-06-28 17:09:21 +01:00
Gilles Peskine
104d85865d
Add ChangeLog entry
2018-06-28 17:36:02 +02:00
Ruini Xue
5a9cb61d69
Use preserve mode to copy headers.
2018-06-28 23:21:26 +08:00
k-stachowiak
dcae78a7a9
Make a buffer limit more specific
2018-06-28 16:32:54 +02:00
k-stachowiak
470dfbabb9
Simplify OID tag parsing in x509_get_cert_ext( )
2018-06-28 16:23:39 +02:00
Ron Eldor
643df7c8a1
Update ssl-opt.sh test to run condition
...
1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
2018-06-28 16:17:00 +03:00
Simon Butcher
1ab9b57148
Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse()
2018-06-28 12:13:14 +01:00
Simon Butcher
034e1398f0
Merge remote-tracking branch 'public/pr/1621' into development
2018-06-28 12:09:15 +01:00
Simon Butcher
4b6b08e7d2
Merge remote-tracking branch 'public/pr/1006' into development
2018-06-28 12:08:59 +01:00
Simon Butcher
1d97cab5f5
Merge remote-tracking branch 'public/pr/1645' into development
2018-06-28 12:06:16 +01:00
Simon Butcher
bea00bd89c
Merge remote-tracking branch 'public/pr/1783' into development
2018-06-28 12:04:19 +01:00
Simon Butcher
9e02b973f1
Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1
2018-06-28 11:59:15 +01:00
k-stachowiak
b056dd86d0
Remove a redundant dependency clause
2018-06-28 12:58:56 +02:00
Simon Butcher
19c01efda1
Merge remote-tracking branch 'public/pr/1258' into development
2018-06-28 11:44:59 +01:00
Simon Butcher
fd0c240135
Merge remote-tracking branch 'public/pr/1793' into development
2018-06-28 11:25:16 +01:00
Ron Eldor
58093c8bec
Add ECC extensions test in ssl-opts.sh
...
Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
2018-06-28 13:22:05 +03:00
Andrzej Kurek
05be06cc2d
Make the C++ test mandatory by removing the --no-cxx flag from all.sh
...
Remove the cmake test
2018-06-28 05:10:51 -04:00
Andrzej Kurek
45a6719594
Add a CXX build to all.sh to execute the C++ dummy test by default
2018-06-28 05:10:02 -04:00
Andrzej Kurek
037ec4b416
Replace tabs with spaces
2018-06-28 05:07:08 -04:00
Andrzej Kurek
89c048c101
Tests: add a test for cpp linking
...
Change the name of header_test to cpp_dumy_build
Update the test description to better reflect its contents
2018-06-28 05:07:08 -04:00
Andrzej Kurek
0211c32c9a
Change the cpp test to be optional
...
Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
2018-06-28 05:07:08 -04:00
Andrzej Kurek
40741f8ce5
Add a test with a cpp executable including all mbed TLS headers
...
In case of any problems with the 'extern "C"' directives,
building the executable will fail
2018-06-28 05:05:40 -04:00
Ron Eldor
84e62f88a2
Update ChangeLog
...
Update ChangeLog with a less ambigous description.
2018-06-28 11:09:09 +03:00
Ron Eldor
d56654f987
Update the forum link in the README file
...
Update the forum link in the readme file as well.
2018-06-27 14:36:37 +03:00
Simon Butcher
6665b67ddf
Merge remote-tracking branch 'public/pr/1390' into development
2018-06-27 10:51:47 +01:00
Simon Butcher
9fa21bffe6
Merge remote-tracking branch 'public/pr/1533' into development
2018-06-27 10:50:58 +01:00
Simon Butcher
95a1c1f8ab
Merge remote-tracking branch 'public/pr/1617' into development
2018-06-27 10:49:59 +01:00
Ron Eldor
bf4709978c
Adjust to new RSA infrastructure
...
Don't access the rsa cotext parameters directly, but use
the local `mbedtls_mpi` variable that were exported.
2018-06-27 11:51:46 +03:00
Ron Eldor
a522147f58
Fix compilation errors after updating
...
Fix compilation errorsthat happened after new code introduced
by updating the branch. Replaced `exit` label with `cleanup`.
2018-06-27 09:19:38 +03:00
Ron Eldor
49221234c8
Update the Mbed TLS forum link
...
Update the link to the new Mbed TLS forum
2018-06-26 16:48:46 +03:00