mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 21:40:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9,149 Commits 170 Branches 263 Tags
Commit Graph

1782 Commits

Author SHA1 Message Date
Janos Follath
08a4aebc46 HKDF: Add warning to partial functions 
The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is
used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are
called in succession carefully and an equivalent way.

Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would
prevent any misuse, but doing so would require the TLS 1.3 stack to
break abstraction and bypass the module API.

To reduce the risk of misuse we add warnings to the function
descriptions.
 2018-08-14 16:08:38 +01:00
Hanno Becker
9dc3be7601 Improve wording in ChangeLog 2018-08-14 15:22:05 +01:00
Hanno Becker
361f254eab Adapt ChangeLog 2018-08-13 16:36:58 +01:00
Ron Eldor
d1a4762adb Use mbedtls_printf instead of printf 
Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes #1908
 2018-08-13 13:49:52 +03:00
Jaeden Amero
d8f41698d2 Merge remote-tracking branch 'upstream-public/pr/1598' into development 
Add a Changelog entry
 2018-08-10 11:23:15 +01:00
Jaeden Amero
03bd4847b3 Merge remote-tracking branch 'upstream-public/pr/1861' into development 
Add Changelog entry
 2018-08-10 11:17:14 +01:00
Jaeden Amero
cac0c1a250 Merge remote-tracking branch 'upstream-public/pr/1378' into development 2018-08-10 10:59:53 +01:00
Jaeden Amero
372b50b252 Add a ChangeLog entry for #1816 2018-08-10 10:56:31 +01:00
Jaeden Amero
f48163a960 Merge remote-tracking branch 'upstream-public/pr/1834' into development 2018-08-10 10:49:10 +01:00
Andres Amaya Garcia
824dfb34b4 Add ChangeLog entry for use of gmtime 2018-08-07 20:29:57 +01:00
Hanno Becker
448146407f Adapt ChangeLog 2018-08-03 10:07:39 +01:00
Simon Butcher
b363382ba4 Add ChangeLog entry for bug #1890 2018-07-30 22:10:48 +01:00
Angus Gratton
608a487b9c Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails 
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
 2018-07-27 09:15:34 +10:00
Simon Butcher
6c34268e20 Merge remote-tracking branch 'restricted/pr/501' into development-restricted 2018-07-26 14:24:56 +01:00
Simon Butcher
f11a7cda73 Clarify Changelog entries 
Corrected the Changelog to move an entry in the wrong place after a merge, some
entries which were Changes not bugfixes, and corrected style issues.
 2018-07-25 17:29:59 +01:00
Jaeden Amero
193c86425e Update version to 2.12.0 2018-07-25 15:42:26 +01:00
Simon Butcher
37b9fd5df6 Merge remote-tracking branch 'restricted/pr/490' into development 2018-07-24 23:40:37 +01:00
Simon Butcher
2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher
c88c627fba Merge remote-tracking branch 'public/pr/1658' into development 2018-07-24 17:19:10 +01:00
Ron Eldor
9cf0d53adc Add ChangeLog 
Add entry in ChangeLog for the Key Wrapping feature.
 2018-07-24 16:43:20 +01:00
Simon Butcher
ccb43df37e Merge remote-tracking branch 'public/pr/927' into development 2018-07-24 13:06:54 +01:00
Simon Butcher
dad05b7fc9 Merge remote-tracking branch 'public/pr/1844' into development 2018-07-24 13:05:09 +01:00
Simon Butcher
05330541ea Revise ChangeLog entry for empty data records fixes 2018-07-24 12:54:15 +01:00
Simon Butcher
116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher
fced1f2fb3 Merge remote-tracking branch 'public/pr/1854' into development 2018-07-24 10:26:46 +01:00
Simon Butcher
ecb635efca Add ChangeLog entry for #1098 fix. 2018-07-24 10:03:41 +01:00
Brian J Murray
4736e96568 add myself to changelog 2018-07-23 10:34:47 -07:00
Ron Eldor
4e64e0b922 Fix after PR comments 
1. Don't set IV onECB
2. Fix style issues
3. reduce number of tests
 2018-07-23 18:18:32 +01:00
Ron Eldor
7b01244b99 Add tests for mbedtls_cipher_crypt API 
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
 2018-07-23 18:02:09 +01:00
Andres Amaya Garcia
81f0633c16 Add ChangeLog entry for empty app data fix 2018-07-20 23:09:29 +01:00
Angus Gratton
1a7a17e548 Check for invalid short Alert messages 
(Short Change Cipher Spec & Handshake messages are already checked for.)
 2018-07-20 23:09:29 +01:00
Angus Gratton
b512bc1d29 CBC mode: Allow zero-length message fragments (100% padding) 
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
 2018-07-20 23:09:29 +01:00
Simon Butcher
922bd1efb2 Merge remote-tracking branch 'public/pr/1752' into development 2018-07-20 14:33:18 +01:00
Simon Butcher
862e703d51 Merge remote-tracking branch 'public/pr/921' into development 2018-07-20 14:30:50 +01:00
Simon Butcher
4f37bcabf9 Fix ChangeLog entry for issue #1663 
The ChangeLog entry was under the wrong version, and under Changes, not
BugFixes.
 2018-07-19 19:52:32 +01:00
Simon Butcher
df15356259 Merge remote-tracking branch 'public/pr/1663' into development 2018-07-19 19:48:10 +01:00
Simon Butcher
a72098b4d6 Merge remote-tracking branch 'public/pr/1778' into development 2018-07-19 16:10:38 +01:00
k-stachowiak
723f8674c4 Provide cross platform vsnprintf wrapper 2018-07-16 14:27:07 +02:00
k-stachowiak
6ca436a457 Update change log 2018-07-16 12:20:10 +02:00
Manuel Pégourié-Gonnard
830ce11eba Clarify attack conditions in the ChangeLog. 
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
 2018-07-11 18:27:08 +02:00
k-stachowiak
21feae58cb Update change log 2018-07-11 17:34:55 +02:00
Gilles Peskine
604ccc6608 Add ChangeLog entry 2018-07-10 16:50:33 +02:00
Simon Butcher
00af447ba8 Add ChangeLog entry for PR #536 2018-07-10 15:35:43 +01:00
Simon Butcher
32b074720e Merge remote-tracking branch 'public/pr/1737' into development 2018-07-10 14:57:50 +01:00
Simon Butcher
cdbb2f2168 Merge remote-tracking branch 'public/pr/1563' into development 2018-07-10 12:49:26 +01:00
Simon Butcher
231d7e5669 Add ChangeLog entry for PR #1567. 
ChangeLog entry for platform support for the Haiku OS. PR #1567.
 2018-07-10 11:56:19 +01:00
Simon Butcher
6331cb0607 Fix some whitespace issues in ChangeLog and CMakeLists.txt 
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
 2018-07-10 11:48:42 +01:00
Manuel Pégourié-Gonnard
7b42030b5d Add counter-measure to cache-based Lucky 13 
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
 2018-07-05 14:44:49 +02:00
Ron Eldor
636179a277 Fix typo 
Fix typo in ChangeLog entry.
 2018-07-05 14:33:54 +03:00
Ron Eldor
278af4536c Fix hmac_drbg failure in benchmark, with threading 
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
 2018-07-05 14:33:22 +03:00