Commit graph

7584 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 830ce11eba Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-11 18:27:08 +02:00
k-stachowiak 21feae58cb Update change log 2018-07-11 17:34:55 +02:00
k-stachowiak a47911cb70 Fix memory leak in ssl_setup 2018-07-11 17:26:07 +02:00
Dawid Drozd 0e2c07e83e
Remove unnecessary mark as unused #1098
`ret` is used always at line 1305 in statement:
`if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )`
2018-07-11 15:16:53 +02:00
Manuel Pégourié-Gonnard 8744a02357 Clarify a few comments
The "+" sign could be misinterpreted as addition.
2018-07-11 12:30:40 +02:00
Simon Butcher 4b9a3addb6 Disable use of the i386 assembly for option -O0
We don't compile in the assembly code if compiler optimisations are disabled as
the number of registers used in the assembly code doesn't work with the -O0
option. Also anyone select -O0 probably doesn't want to compile in the assembly
code anyway.
2018-07-10 20:18:29 +01:00
Simon Butcher 00af447ba8 Add ChangeLog entry for PR #536 2018-07-10 15:35:43 +01:00
Simon Butcher e7aeef09ee Merge remote-tracking branch 'public/pr/536' into development 2018-07-10 15:24:26 +01:00
Simon Butcher 32b074720e Merge remote-tracking branch 'public/pr/1737' into development 2018-07-10 14:57:50 +01:00
Simon Butcher 727325baa7 Merge remote-tracking branch 'public/pr/1788' into development 2018-07-10 14:54:52 +01:00
Simon Butcher 24c0dbf71e Merge remote-tracking branch 'public/pr/1821' into development 2018-07-10 14:34:01 +01:00
Simon Butcher cdbb2f2168 Merge remote-tracking branch 'public/pr/1563' into development 2018-07-10 12:49:26 +01:00
Simon Butcher 231d7e5669 Add ChangeLog entry for PR #1567.
ChangeLog entry for platform support for the Haiku OS. PR #1567.
2018-07-10 11:56:19 +01:00
Simon Butcher 6331cb0607 Fix some whitespace issues in ChangeLog and CMakeLists.txt
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
2018-07-10 11:48:42 +01:00
Simon Butcher d21bd31759 Merge remote-tracking branch 'public/pr/1567' into development 2018-07-10 11:43:06 +01:00
Manuel Pégourié-Gonnard 6a25cfae2a Avoid debug message that might leak length
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-10 11:15:36 +02:00
k-stachowiak a5fbfd7cd8 Enable snprintf on FreeBSD 2018-07-08 13:22:11 +01:00
Brian J Murray a61d123e0e Minor changes to comments in hkdf.c 2018-07-06 10:02:39 -07:00
Jaeden Amero cdb5cc570c tests: dhm: Rename Hallman to Hellman
Fix typo of Diffie-Hallman to Diffie-Hellman.
2018-07-06 13:20:09 +01:00
Manuel Pégourié-Gonnard 7b42030b5d Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Manuel Pégourié-Gonnard 1cc1fb0599 Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Ron Eldor 382c1db6c0 Minor fixes
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-04 17:42:47 +03:00
Simon Butcher d50f7865ea Update the CONTRIBUTING.md file for LTS branches
The CONTRIBUTING.md referred to 'legacy' branches instead of LTS branches, and
also referenced mbedtls-1.3 which is no longer maintained, and omitted
mbedtls-2.7 which is.
2018-07-03 16:11:44 +01:00
Ron Eldor 21f9afed2b Remove the namespacing from config-no-entropy.h
Remove the `mbedtls` namespacing from the `config-no-entropy.h` file,
as it is being imported to the include folder.
2018-07-03 16:07:29 +03:00
Ron Eldor 5ffc220f16 Documentation error in mbedtls_ssl_get_session
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-07-03 16:04:41 +03:00
Andrzej Kurek 991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Simon Butcher 05fa46e6b7 Add ChangeLog entry for #992 fix 2018-07-02 12:08:32 +01:00
Ron Eldor 13dfb4e0a9 Revert changes in the configs folder
Revert the changes in the `configs` folder to
align with the `README.txt` file.
2018-07-01 10:42:54 +03:00
Ron Eldor 3fa6c2760e Move definition to cipher.h
Define `MBEDTLS_CIPHER_MODE_STREAM` for `MBEDTLS_CIPHER_NULL_CIPHER`
as well, in cipher.h. Remove redundant definition in `cipher_internal.h`
2018-07-01 10:22:53 +03:00
Ron Eldor da2a31237e Add entry in ChangeLog
Add entry in ChangeLog for compilation error fix of #1719
2018-07-01 10:22:53 +03:00
Ron Eldor ab8d58cb2d Move definition of MBEDTLS_CIPHER_MODE_STREAM
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-07-01 10:20:43 +03:00
Gilles Peskine a931265509 Fix ssl-opt.sh not starting when lsof is not available
$START_DELAY was used before it was defined.
2018-06-29 15:48:13 +02:00
Nicholas Wilson 61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00
Gilles Peskine 104d85865d Add ChangeLog entry 2018-06-28 17:36:02 +02:00
Ruini Xue 5a9cb61d69 Use preserve mode to copy headers. 2018-06-28 23:21:26 +08:00
k-stachowiak dcae78a7a9 Make a buffer limit more specific 2018-06-28 16:32:54 +02:00
k-stachowiak 470dfbabb9 Simplify OID tag parsing in x509_get_cert_ext( ) 2018-06-28 16:23:39 +02:00
Ron Eldor 643df7c8a1 Update ssl-opt.sh test to run condition
1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
2018-06-28 16:17:00 +03:00
Simon Butcher 1ab9b57148 Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse() 2018-06-28 12:13:14 +01:00
Simon Butcher 034e1398f0 Merge remote-tracking branch 'public/pr/1621' into development 2018-06-28 12:09:15 +01:00
Simon Butcher 4b6b08e7d2 Merge remote-tracking branch 'public/pr/1006' into development 2018-06-28 12:08:59 +01:00
Simon Butcher 1d97cab5f5 Merge remote-tracking branch 'public/pr/1645' into development 2018-06-28 12:06:16 +01:00
Simon Butcher bea00bd89c Merge remote-tracking branch 'public/pr/1783' into development 2018-06-28 12:04:19 +01:00
Simon Butcher 9e02b973f1 Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1 2018-06-28 11:59:15 +01:00
k-stachowiak b056dd86d0 Remove a redundant dependency clause 2018-06-28 12:58:56 +02:00
Simon Butcher 19c01efda1 Merge remote-tracking branch 'public/pr/1258' into development 2018-06-28 11:44:59 +01:00
Simon Butcher fd0c240135 Merge remote-tracking branch 'public/pr/1793' into development 2018-06-28 11:25:16 +01:00
Ron Eldor 58093c8bec Add ECC extensions test in ssl-opts.sh
Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
2018-06-28 13:22:05 +03:00
Andrzej Kurek 05be06cc2d Make the C++ test mandatory by removing the --no-cxx flag from all.sh
Remove the cmake test
2018-06-28 05:10:51 -04:00
Andrzej Kurek 45a6719594 Add a CXX build to all.sh to execute the C++ dummy test by default 2018-06-28 05:10:02 -04:00