Hanno Becker
8058800d54
Adapt ChangeLog
2018-08-14 15:48:41 +01:00
Jaeden Amero
9eb78b4dab
Merge remote-tracking branch 'upstream-public/pr/1900' into mbedtls-2.7
...
Add a Changelog entry
2018-08-10 11:26:15 +01:00
Jaeden Amero
f37a99e3fc
Merge remote-tracking branch 'upstream-public/pr/1814' into mbedtls-2.7
2018-08-10 11:01:29 +01:00
Jaeden Amero
3b69174852
Merge remote-tracking branch 'upstream-public/pr/1886' into mbedtls-2.7
2018-08-10 10:50:34 +01:00
Simon Butcher
51a46b9b38
Add ChangeLog entry for bug #1890
2018-07-30 22:15:14 +01:00
Simon Butcher
5ef42fd415
Merge remote-tracking branch 'restricted/pr/500' into mbedtls-2.7-restricted
2018-07-26 14:33:14 +01:00
Angus Gratton
cb7a5b0b0c
Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
...
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).
Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:08:06 +03:00
Simon Butcher
a64621929f
Clarify Changelog entries
...
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:30:20 +01:00
Jaeden Amero
8385110ae8
Update version to 2.7.5
2018-07-25 15:43:21 +01:00
Simon Butcher
7daacda940
Merge remote-tracking branch 'restricted/pr/494' into mbedtls-2.7
2018-07-24 23:40:53 +01:00
Simon Butcher
b47e0a68ab
Merge remote-tracking branch 'public/pr/1805' into mbedtls-2.7
2018-07-24 13:16:25 +01:00
Simon Butcher
a8ee41ce80
Revise ChangeLog entry for empty data records fixes
2018-07-24 12:59:21 +01:00
Simon Butcher
d5a3ed36b8
Merge remote-tracking branch 'public/pr/1863' into mbedtls-2.7
2018-07-24 12:57:15 +01:00
Simon Butcher
b65d6ce83f
Merge remote-tracking branch 'public/pr/1870' into mbedtls-2.7
2018-07-24 10:30:11 +01:00
Simon Butcher
c6a0fd8e83
Add ChangeLog entry for #1098 fix.
2018-07-24 10:17:36 +01:00
Simon Butcher
48883cd800
Merge remote-tracking branch 'public/pr/1780' into mbedtls-2.7
2018-07-20 14:40:51 +01:00
Simon Butcher
7924d93209
Fix ChangeLog entry for issue #1663
...
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:54:18 +01:00
Simon Butcher
bc5ec41c01
Merge remote-tracking branch 'public/pr/1847' into mbedtls-2.7
2018-07-19 19:48:25 +01:00
Simon Butcher
be347c6e21
Merge remote-tracking branch 'public/pr/1849' into mbedtls-2.7
2018-07-19 16:13:07 +01:00
Ron Eldor
8839e31fbc
Update ChangeLog
...
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:13:53 +03:00
Andres Amaya Garcia
8e346dc793
Add ChangeLog entry for empty app data fix
2018-07-16 20:14:53 +01:00
Angus Gratton
8946b0dd30
Check for invalid short Alert messages
...
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:12:56 +01:00
Angus Gratton
1ba8e911ec
CBC mode: Allow zero-length message fragments (100% padding)
...
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:12:47 +01:00
Manuel Pégourié-Gonnard
aba8c5bb3d
Clarify attack conditions in the ChangeLog.
...
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
aeeaaf271c
Add counter-measure to cache-based Lucky 13
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.
A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).
Let's make sure they're always read.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard
5fcfd0345d
Fix Lucky 13 cache attack on MD/SHA padding
...
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:18:37 +02:00
Simon Butcher
a063fff51a
Fix Changelog entry for #1533 fix as a Change not a bugfix
2018-07-10 15:20:26 +01:00
Simon Butcher
28f68a3d15
Merge remote-tracking branch 'public/pr/1809' into mbedtls-2.7
2018-07-10 14:58:51 +01:00
Simon Butcher
a159d64e86
Merge remote-tracking branch 'public/pr/1827' into mbedtls-2.7
2018-07-10 12:50:16 +01:00
Gilles Peskine
b2d88404a3
Add ChangeLog entry
2018-07-10 13:05:11 +02:00
Philippe Antoine
33e5c32a5b
Fixes different off by ones
2018-07-09 10:39:02 +02:00
Ron Eldor
98848f020c
Minor fixes
...
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-05 15:01:51 +03:00
Simon Butcher
318cd2cc93
Add ChangeLog entry for #992 fix
2018-07-02 12:14:30 +01:00
Simon Butcher
c6bf5b4953
Add fix for #1550 and credit to the ChangeLog
2018-07-01 17:10:30 +01:00
niisato
2120ef85c7
Add ChangeLog
2018-06-29 11:25:02 +01:00
Ron Eldor
6a5d6e2295
Update ChangeLog
...
Update ChangeLog with a less ambigous description.
2018-06-28 15:50:47 +03:00
Ron Eldor
335cf423f9
Add entry in ChangeLog
...
Add an entry in the ChangeLog, describing the fix.
2018-06-28 15:50:37 +03:00
Simon Butcher
41c23b5a49
Adds referene in ChangeLog for issue #1623
2018-06-28 12:13:57 +01:00
Simon Butcher
a67b20c582
Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1
2018-06-28 11:59:51 +01:00
Ron Eldor
22bc7c17bb
Add entry in ChangeLog
...
Add entry in ChangeLog for compilation error fix of #1719
2018-06-28 08:46:12 +03:00
Ron Eldor
4624030dc4
Documentation error in mbedtls_ssl_get_session
...
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-06-27 17:49:23 +03:00
Simon Butcher
035d824ad5
Merge remote-tracking branch 'public/pr/1768' into mbedtls-2.7
2018-06-27 11:09:27 +01:00
Simon Butcher
c5edf81065
Merge remote-tracking branch 'public/pr/1772' into mbedtls-2.7
2018-06-27 11:08:33 +01:00
Simon Butcher
f15cfd5d04
Merge remote-tracking branch 'public/pr/1557' into mbedtls-2.7
2018-06-27 11:07:50 +01:00
Ron Eldor
612a600186
Fix typo in ChangeLog
...
Fix typo in ChangeLog discovered in PR review
2018-06-24 17:23:29 +03:00
Ron Eldor
df9b93e768
Remove unneeded namesapcing in header files
...
Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue #857
2018-06-24 17:23:16 +03:00
Simon Butcher
9a08e44972
Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse()
2018-06-22 12:02:59 +01:00
Andres Amaya Garcia
294331a315
Add ChangeLog entry for mbedtls_ssl_write() docs
2018-06-21 19:27:44 +01:00
Simon Butcher
662ae9eaae
Change the library version to 2.7.4
2018-06-18 14:42:14 +01:00
Simon Butcher
02582b2804
Add ChangeLog entry for clang version fix. Issue #1072
2018-06-18 11:56:13 +01:00