Commit graph

1394 commits

Author SHA1 Message Date
Hanno Becker 8058800d54 Adapt ChangeLog 2018-08-14 15:48:41 +01:00
Jaeden Amero 9eb78b4dab Merge remote-tracking branch 'upstream-public/pr/1900' into mbedtls-2.7
Add a Changelog entry
2018-08-10 11:26:15 +01:00
Jaeden Amero f37a99e3fc Merge remote-tracking branch 'upstream-public/pr/1814' into mbedtls-2.7 2018-08-10 11:01:29 +01:00
Jaeden Amero 3b69174852 Merge remote-tracking branch 'upstream-public/pr/1886' into mbedtls-2.7 2018-08-10 10:50:34 +01:00
Simon Butcher 51a46b9b38 Add ChangeLog entry for bug #1890 2018-07-30 22:15:14 +01:00
Simon Butcher 5ef42fd415 Merge remote-tracking branch 'restricted/pr/500' into mbedtls-2.7-restricted 2018-07-26 14:33:14 +01:00
Angus Gratton cb7a5b0b0c Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
2018-07-26 11:08:06 +03:00
Simon Butcher a64621929f Clarify Changelog entries
Corrected some style issues, and moved some entries from bugfixes to changes.
2018-07-25 17:30:20 +01:00
Jaeden Amero 8385110ae8 Update version to 2.7.5 2018-07-25 15:43:21 +01:00
Simon Butcher 7daacda940 Merge remote-tracking branch 'restricted/pr/494' into mbedtls-2.7 2018-07-24 23:40:53 +01:00
Simon Butcher b47e0a68ab Merge remote-tracking branch 'public/pr/1805' into mbedtls-2.7 2018-07-24 13:16:25 +01:00
Simon Butcher a8ee41ce80 Revise ChangeLog entry for empty data records fixes 2018-07-24 12:59:21 +01:00
Simon Butcher d5a3ed36b8 Merge remote-tracking branch 'public/pr/1863' into mbedtls-2.7 2018-07-24 12:57:15 +01:00
Simon Butcher b65d6ce83f Merge remote-tracking branch 'public/pr/1870' into mbedtls-2.7 2018-07-24 10:30:11 +01:00
Simon Butcher c6a0fd8e83 Add ChangeLog entry for #1098 fix. 2018-07-24 10:17:36 +01:00
Simon Butcher 48883cd800 Merge remote-tracking branch 'public/pr/1780' into mbedtls-2.7 2018-07-20 14:40:51 +01:00
Simon Butcher 7924d93209 Fix ChangeLog entry for issue #1663
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
2018-07-19 19:54:18 +01:00
Simon Butcher bc5ec41c01 Merge remote-tracking branch 'public/pr/1847' into mbedtls-2.7 2018-07-19 19:48:25 +01:00
Simon Butcher be347c6e21 Merge remote-tracking branch 'public/pr/1849' into mbedtls-2.7 2018-07-19 16:13:07 +01:00
Ron Eldor 8839e31fbc Update ChangeLog
Remove extra entries added by a bad cherry-pick.
2018-07-17 14:13:53 +03:00
Andres Amaya Garcia 8e346dc793 Add ChangeLog entry for empty app data fix 2018-07-16 20:14:53 +01:00
Angus Gratton 8946b0dd30 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-16 20:12:56 +01:00
Angus Gratton 1ba8e911ec CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-16 20:12:47 +01:00
Manuel Pégourié-Gonnard aba8c5bb3d Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard aeeaaf271c Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-12 10:18:37 +02:00
Manuel Pégourié-Gonnard 5fcfd0345d Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-12 10:18:37 +02:00
Simon Butcher a063fff51a Fix Changelog entry for #1533 fix as a Change not a bugfix 2018-07-10 15:20:26 +01:00
Simon Butcher 28f68a3d15 Merge remote-tracking branch 'public/pr/1809' into mbedtls-2.7 2018-07-10 14:58:51 +01:00
Simon Butcher a159d64e86 Merge remote-tracking branch 'public/pr/1827' into mbedtls-2.7 2018-07-10 12:50:16 +01:00
Gilles Peskine b2d88404a3 Add ChangeLog entry 2018-07-10 13:05:11 +02:00
Philippe Antoine 33e5c32a5b Fixes different off by ones 2018-07-09 10:39:02 +02:00
Ron Eldor 98848f020c Minor fixes
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
2018-07-05 15:01:51 +03:00
Simon Butcher 318cd2cc93 Add ChangeLog entry for #992 fix 2018-07-02 12:14:30 +01:00
Simon Butcher c6bf5b4953 Add fix for #1550 and credit to the ChangeLog 2018-07-01 17:10:30 +01:00
niisato 2120ef85c7 Add ChangeLog 2018-06-29 11:25:02 +01:00
Ron Eldor 6a5d6e2295 Update ChangeLog
Update ChangeLog with a less ambigous description.
2018-06-28 15:50:47 +03:00
Ron Eldor 335cf423f9 Add entry in ChangeLog
Add an entry in the ChangeLog, describing the fix.
2018-06-28 15:50:37 +03:00
Simon Butcher 41c23b5a49 Adds referene in ChangeLog for issue #1623 2018-06-28 12:13:57 +01:00
Simon Butcher a67b20c582 Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1 2018-06-28 11:59:51 +01:00
Ron Eldor 22bc7c17bb Add entry in ChangeLog
Add entry in ChangeLog for compilation error fix of #1719
2018-06-28 08:46:12 +03:00
Ron Eldor 4624030dc4 Documentation error in mbedtls_ssl_get_session
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
2018-06-27 17:49:23 +03:00
Simon Butcher 035d824ad5 Merge remote-tracking branch 'public/pr/1768' into mbedtls-2.7 2018-06-27 11:09:27 +01:00
Simon Butcher c5edf81065 Merge remote-tracking branch 'public/pr/1772' into mbedtls-2.7 2018-06-27 11:08:33 +01:00
Simon Butcher f15cfd5d04 Merge remote-tracking branch 'public/pr/1557' into mbedtls-2.7 2018-06-27 11:07:50 +01:00
Ron Eldor 612a600186 Fix typo in ChangeLog
Fix typo in ChangeLog discovered in PR review
2018-06-24 17:23:29 +03:00
Ron Eldor df9b93e768 Remove unneeded namesapcing in header files
Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue #857
2018-06-24 17:23:16 +03:00
Simon Butcher 9a08e44972 Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse() 2018-06-22 12:02:59 +01:00
Andres Amaya Garcia 294331a315 Add ChangeLog entry for mbedtls_ssl_write() docs 2018-06-21 19:27:44 +01:00
Simon Butcher 662ae9eaae Change the library version to 2.7.4 2018-06-18 14:42:14 +01:00
Simon Butcher 02582b2804 Add ChangeLog entry for clang version fix. Issue #1072 2018-06-18 11:56:13 +01:00