Gilles Peskine
c12113a61a
Add changelog entry for mbedtls_mpi_write_binary fix
2018-11-29 12:47:52 +01:00
Gilles Peskine
cc47d6c595
Tweak RSA vulnerability changelog entry
...
* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
2018-11-29 12:47:50 +01:00
Gilles Peskine
ed3bdd82f8
Indicate the memory access variations in the changelog entry
2018-10-08 11:38:50 +02:00
Gilles Peskine
b0034327cb
Add ChangeLog entry
2018-10-08 11:38:50 +02:00
Simon Butcher
5bcbd4e7f4
Add ChangeLog entry for PR #1811
2018-09-26 23:03:56 +01:00
Simon Butcher
86d32e690c
Merge remote-tracking branch 'public/pr/1973' into mbedtls-2.1
2018-09-26 22:40:09 +01:00
Simon Butcher
0624b76361
Merge remote-tracking branch 'public/pr/1898' into mbedtls-2.1
2018-09-26 22:01:33 +01:00
Simon Butcher
96e0d8ebfc
Clarified ChangeLog entry
...
ChangeLog entry for backport of #1890 was misleading, so corrected it.
2018-09-13 12:05:40 +01:00
Simon Butcher
d3a5393a38
Update library version number to 2.1.15
2018-08-31 16:10:48 +01:00
Simon Butcher
cb9f70e23d
Fix misclassification of bug in Changelog
2018-08-31 12:01:43 +01:00
Simon Butcher
9add36bbcb
Merge remote-tracking branch 'restricted/pr/497' into mbedtls-2.1-restricted
2018-08-28 15:31:41 +01:00
Simon Butcher
d22de0aaa7
Merge remote-tracking branch 'restricted/pr/492' into mbedtls-2.1-restricted
2018-08-28 15:23:56 +01:00
Simon Butcher
7a47cbca16
Merge remote-tracking branch 'public/pr/1137' into mbedtls-2.1
2018-08-28 12:33:27 +01:00
Simon Butcher
85e5bfd00c
Merge remote-tracking branch 'public/pr/1889' into mbedtls-2.1
2018-08-28 12:26:33 +01:00
Simon Butcher
263ca7282e
Merge remote-tracking branch 'public/pr/1957' into mbedtls-2.1
2018-08-28 12:17:38 +01:00
Simon Butcher
d288ac0e83
Merge remote-tracking branch 'public/pr/1959' into mbedtls-2.1
2018-08-28 11:53:47 +01:00
Hanno Becker
47a34ff29e
Adapt ChangeLog
2018-08-23 15:12:24 +01:00
Hanno Becker
1a60330e08
Adapt ChangeLog
2018-08-22 15:05:36 +01:00
Hanno Becker
d3475498e5
Adapt ChangeLog
2018-08-17 10:11:31 +01:00
Hanno Becker
10652b10d9
Improve ChangeLog wording for the commmit that Fixes #1954 .
2018-08-17 10:03:48 +01:00
Hanno Becker
10195ab853
Adapt ChangeLog
2018-08-16 15:53:17 +01:00
Hanno Becker
048dba33cf
Adapt ChangeLog
2018-08-14 15:50:07 +01:00
Jaeden Amero
942cfea65f
Merge remote-tracking branch 'upstream-public/pr/1815' into mbedtls-2.1
2018-08-10 11:00:40 +01:00
Jaeden Amero
e3bcd9a432
Merge remote-tracking branch 'upstream-public/pr/1887' into mbedtls-2.1
2018-08-10 10:50:03 +01:00
Ron Eldor
a4d836b403
Style fix
...
Add space in the ChangeLog.
2018-08-01 14:35:11 +03:00
Simon Butcher
92b04d9c55
Add ChangeLog entry for bug #1890
2018-07-30 22:15:36 +01:00
Ron Eldor
7b93b6af2f
Fix typo
...
Fix typo in ChangeLog entry.
2018-07-30 11:08:57 +03:00
Ron Eldor
78e4cb967d
Fix hmac_drbg failure in benchmark, with threading
...
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-30 11:01:37 +03:00
Philippe Antoine
795eea6e1c
Fix undefined shifts
...
- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key
and in ssl_cli.c : unsigned char gets promoted to signed integer
2018-07-26 22:51:18 +01:00
Simon Butcher
2f7f2b1f11
Merge remote-tracking branch 'restricted/pr/502' into mbedtls-2.1-restricted
2018-07-26 14:37:12 +01:00
Angus Gratton
ba25ffef87
Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
...
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:09:37 +03:00
Simon Butcher
d908494fe5
Clarify Changelog entries
...
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:33:29 +01:00
Jaeden Amero
dcec5bb527
Update version to 2.1.14
2018-07-25 15:42:55 +01:00
Simon Butcher
3339fe9a02
Merge remote-tracking branch 'restricted/pr/495' into mbedtls-2.1
2018-07-24 23:42:13 +01:00
Simon Butcher
3661642a49
Merge remote-tracking branch 'public/pr/1804' into mbedtls-2.1
2018-07-24 13:17:26 +01:00
Simon Butcher
be9c2dce5b
Revise ChangeLog entry for empty data records fixes
2018-07-24 13:01:59 +01:00
Simon Butcher
642ddb555e
Merge remote-tracking branch 'public/pr/1864' into mbedtls-2.1
2018-07-24 13:01:02 +01:00
Simon Butcher
c098ec3af6
Merge remote-tracking branch 'public/pr/1779' into mbedtls-2.1
2018-07-20 14:47:37 +01:00
Simon Butcher
ff5bd6220b
Fix ChangeLog entry for issue #1663
...
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:59:02 +01:00
Simon Butcher
eebee76f93
Merge remote-tracking branch 'public/pr/1846' into mbedtls-2.1
2018-07-19 19:48:40 +01:00
Simon Butcher
f11daf6ff6
Merge remote-tracking branch 'public/pr/1850' into mbedtls-2.1
2018-07-19 16:14:44 +01:00
Ron Eldor
41273200a2
Update ChangeLog
...
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:16:12 +03:00
Andres Amaya Garcia
01daf2a5ef
Add ChangeLog entry for empty app data fix
2018-07-16 20:22:28 +01:00
Angus Gratton
fd1c5e8453
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:20:51 +01:00
Angus Gratton
1226dd7715
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:20:44 +01:00
k-stachowiak
b435e99693
Update change log
2018-07-16 12:27:34 +02:00
Manuel Pégourié-Gonnard
534fea790e
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
99b6a711c8
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
69675d056a
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:20:33 +02:00
Simon Butcher
54cf322c05
Add fix for #1550 and credit to the ChangeLog
2018-07-10 23:02:15 +01:00