Commit graph

3529 commits

Author SHA1 Message Date
Hanno Becker
323d8019bf Correct preprocessor guards determining use of gmtime()
The previous code erroneously used gmtime_r() to implement
mbedtls_platform_gmtime() in case of a non-windows, non-unix system.
2018-09-06 11:30:57 +01:00
Hanno Becker
6f70581c4a Correct POSIX version check to determine presence of gmtime_r()
Recent versions of POSIX move gmtime_r to the base.
2018-09-06 09:06:33 +01:00
Hanno Becker
7dd82b4f51 platform_utils.{c/h} -> platform_util.{c/h} 2018-09-05 16:26:04 +01:00
Hanno Becker
48a816ff26 Minor documentation improvements 2018-09-05 15:22:22 +01:00
Hanno Becker
6a739789f3 Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
For consistency, also rename MBEDTLS_PLATFORM_GMTIME_ALT to
MBEDTLS_PLATFORM_GMTIME_R_ALT.
2018-09-05 15:06:19 +01:00
Hanno Becker
be2e4bddd5 Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT 2018-09-05 14:44:31 +01:00
Hanno Becker
cfeb70c6b9 gmtime: Remove special treatment for IAR
Previous commits attempted to use `gmtime_s()` for IAR systems; however,
this attempt depends on the use of C11 extensions which lead to incompatibility
with other pieces of the library, such as the use of `memset()` which is
being deprecated in favor of `memset_s()` in C11.
2018-09-05 13:52:46 +01:00
Andres Amaya Garcia
94b540ac63 Avoid redefining _POSIX_C_SOURCE 2018-09-05 12:27:32 +01:00
Andres Amaya Garcia
433f911e59 Check for IAR in gmtime macros 2018-09-05 12:01:57 +01:00
Andres Amaya Garcia
3c9733a0a3 Fix typo in comment for gmtime macro defines 2018-09-05 11:52:07 +01:00
Andres Amaya Garcia
ca04a01bb8 Document shorthand gmtime macros 2018-09-05 11:43:57 +01:00
Andres Amaya Garcia
209960611f Use gmtime_s() for IAR 2018-09-05 11:27:56 +01:00
Andres Amaya Garcia
e9b10b21f1 Define _POSIX_C_SOURCE in threading.c before POSIX detection 2018-09-05 11:25:30 +01:00
Andres Amaya Garcia
a658d7dd9d Fix style for mbedtls_platform_gmtime() 2018-08-21 19:33:02 +01:00
Andres Amaya Garcia
248e27c487 Remove redundant statement from x509_get_current_time 2018-08-16 21:50:23 +01:00
Andres Amaya Garcia
1abb368b87 Make gmtime() configurable at compile-time 2018-08-16 21:42:09 +01:00
Andres Amaya Garcia
d7177435e3 Fix check-names.sh fail with USE_GMTIME macro 2018-08-08 09:41:17 +01:00
Andres Amaya Garcia
ce6eebb0b8 Use gmtime when target is not windows or posix 2018-08-07 20:26:55 +01:00
Jaeden Amero
193c86425e Update version to 2.12.0 2018-07-25 15:42:26 +01:00
Simon Butcher
37b9fd5df6 Merge remote-tracking branch 'restricted/pr/490' into development 2018-07-24 23:40:37 +01:00
Simon Butcher
2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher
c88c627fba Merge remote-tracking branch 'public/pr/1658' into development 2018-07-24 17:19:10 +01:00
Ron Eldor
9ab746c7c9 Add selftests
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Ron Eldor
cb349ac279 Implement the KW and KWP algorithm
1. Add kw to the Makefiles
2. Implement the algorithms as defined in SP800-38F, and RFC 3394.
2018-07-24 16:43:20 +01:00
Ron Eldor
466a57fbbe Key wrapping API definition
Define the Key Wrapping API
2018-07-24 16:43:20 +01:00
Simon Butcher
dad05b7fc9 Merge remote-tracking branch 'public/pr/1844' into development 2018-07-24 13:05:09 +01:00
Simon Butcher
116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher
fced1f2fb3 Merge remote-tracking branch 'public/pr/1854' into development 2018-07-24 10:26:46 +01:00
Brian J Murray
ca2ea4e217 Fix issue if salt = NULL and salt_len !=0 in mbedtls_hkdf_extract() 2018-07-23 10:34:47 -07:00
Angus Gratton
1a7a17e548 Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
2018-07-20 23:09:29 +01:00
Angus Gratton
34817929ea TLSv1.2: Treat zero-length fragments as invalid, unless they are application data
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
2018-07-20 23:09:29 +01:00
Angus Gratton
b512bc1d29 CBC mode: Allow zero-length message fragments (100% padding)
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
2018-07-20 23:09:29 +01:00
Simon Butcher
922bd1efb2 Merge remote-tracking branch 'public/pr/1752' into development 2018-07-20 14:33:18 +01:00
Simon Butcher
df15356259 Merge remote-tracking branch 'public/pr/1663' into development 2018-07-19 19:48:10 +01:00
Dawid Drozd
0e2c07e83e
Remove unnecessary mark as unused #1098
`ret` is used always at line 1305 in statement:
`if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )`
2018-07-11 15:16:53 +02:00
Manuel Pégourié-Gonnard
8744a02357 Clarify a few comments
The "+" sign could be misinterpreted as addition.
2018-07-11 12:30:40 +02:00
Simon Butcher
e7aeef09ee Merge remote-tracking branch 'public/pr/536' into development 2018-07-10 15:24:26 +01:00
Simon Butcher
32b074720e Merge remote-tracking branch 'public/pr/1737' into development 2018-07-10 14:57:50 +01:00
Simon Butcher
cdbb2f2168 Merge remote-tracking branch 'public/pr/1563' into development 2018-07-10 12:49:26 +01:00
Simon Butcher
6331cb0607 Fix some whitespace issues in ChangeLog and CMakeLists.txt
Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
2018-07-10 11:48:42 +01:00
Simon Butcher
d21bd31759 Merge remote-tracking branch 'public/pr/1567' into development 2018-07-10 11:43:06 +01:00
Manuel Pégourié-Gonnard
6a25cfae2a Avoid debug message that might leak length
The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
2018-07-10 11:15:36 +02:00
k-stachowiak
a5fbfd7cd8 Enable snprintf on FreeBSD 2018-07-08 13:22:11 +01:00
Brian J Murray
a61d123e0e Minor changes to comments in hkdf.c 2018-07-06 10:02:39 -07:00
Manuel Pégourié-Gonnard
7b42030b5d Add counter-measure to cache-based Lucky 13
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
2018-07-05 14:44:49 +02:00
Manuel Pégourié-Gonnard
1cc1fb0599 Fix Lucky 13 cache attack on MD/SHA padding
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
2018-07-05 10:47:00 +02:00
Ron Eldor
ab8d58cb2d Move definition of MBEDTLS_CIPHER_MODE_STREAM
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
2018-07-01 10:20:43 +03:00
Simon Butcher
034e1398f0 Merge remote-tracking branch 'public/pr/1621' into development 2018-06-28 12:09:15 +01:00
Simon Butcher
4b6b08e7d2 Merge remote-tracking branch 'public/pr/1006' into development 2018-06-28 12:08:59 +01:00
Simon Butcher
1d97cab5f5 Merge remote-tracking branch 'public/pr/1645' into development 2018-06-28 12:06:16 +01:00