yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 20:45:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'mbedtls-1.3' into development

Browse source 
* mbedtls-1.3:
  Fix typos in Changelog
  Fix macro name from wrong branch
  Fix bug in pk_parse_key()
  Fixed typos
  Updated Travis CI config for mbedtls project

Conflicts:
	include/mbedtls/ecp.h
	include/polarssl/compat-1.2.h
	include/polarssl/openssl.h
	include/polarssl/platform.h
	library/pkparse.c
	programs/pkey/mpi_demo.c
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-15 11:30:46 +02:00
parent e1e5871a55 0645bfa74e
commit 862d503c01
8 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.travis.yml
View file

@ -13,14 +13,14 @@ script:
- tests/scripts/test-ref-configs.pl - tests/scripts/test-ref-configs.pl
env: env:
global: global:
secure: LidFb8vsR72MKTVpaZ8IYHR1xeVnff47/+ckEge5F9gcwf7QmfSI3+gBLZZciNdyrWzOFhlQ5Q2z/pqVeRtEkKrlcporoMMcHRIbyIA+lfRE1HnYHw7jITScfN9ZmK4msU1ElRlAk6U7ND6MPTH8QfWwchNafDk9d3AoHL4/RrQ= secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
addons: addons:
coverity_scan: coverity_scan:
project: project:
name: "polarssl/polarssl" name: "ARMmbed/mbedtls"
description: "mbed TLS Open Source SSL Library" description: "mbed TLS Open Source SSL Library"
notification_email: p.j.bakker@polarssl.org notification_email: p.j.bakker@polarssl.org
build_command_prepend: build_command_prepend:
build_command: make build_command: make
branch_pattern: development branch_pattern: coverity_scan

6
ChangeLog
View file

@ -114,10 +114,10 @@ Changes
* Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated. * Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
* Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated. * Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
* compat-1.2.h and openssl.h are deprecated. * compat-1.2.h and openssl.h are deprecated.
* Adjusting/overriding CFLAGS and LDFLAGS with the make build syste is now * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
more flexible (warning: OFLAGS is not used any more) (see the README) more flexible (warning: OFLAGS is not used any more) (see the README)
(contributed by Alon Bar-Lev). (contributed by Alon Bar-Lev).
* ssl_set_own_cert() now longers calls pk_check_pair() since the * ssl_set_own_cert() no longer calls pk_check_pair() since the
performance impact was bad for some users (this was introduced in 1.3.10). performance impact was bad for some users (this was introduced in 1.3.10).
* Move from SHA-1 to SHA-256 in example programs using signatures * Move from SHA-1 to SHA-256 in example programs using signatures
(suggested by Thorsten Mühlfelder). (suggested by Thorsten Mühlfelder).
@ -156,7 +156,7 @@ Features
length of an X.509 verification chain. length of an X.509 verification chain.
* Support for renegotiation can now be disabled at compile-time * Support for renegotiation can now be disabled at compile-time
* Support for 1/n-1 record splitting, a countermeasure against BEAST. * Support for 1/n-1 record splitting, a countermeasure against BEAST.
* Certificate selection based on signature hash, prefering SHA-1 over SHA-2 * Certificate selection based on signature hash, preferring SHA-1 over SHA-2
for pre-1.2 clients when multiple certificates are available. for pre-1.2 clients when multiple certificates are available.
* Add support for getrandom() syscall on recent Linux kernels with Glibc or * Add support for getrandom() syscall on recent Linux kernels with Glibc or
a compatible enough libc (eg uClibc). a compatible enough libc (eg uClibc).

2
README.rst
View file

@ -68,7 +68,7 @@ There are many different build modes available within the CMake buildsystem. Mos
- ASanDbg. - ASanDbg.
Same as ASan but slower, with debug information and better stack traces. Same as ASan but slower, with debug information and better stack traces.
- MemSan. - MemSan.
This intruments the code with MemorySanitizer to check for uninitialised This instruments the code with MemorySanitizer to check for uninitialised
memory reads. Experimental, needs recent clang on Linux/x86_64. memory reads. Experimental, needs recent clang on Linux/x86_64.
- MemSanDbg. - MemSanDbg.
Same as ASan but slower, with debug information, better stack traces and Same as ASan but slower, with debug information, better stack traces and

2
include/mbedtls/ecp.h
View file

@ -642,7 +642,7 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
* \param pub Keypair structure holding a public key * \param pub Keypair structure holding a public key
* \param prv Keypair structure holding a private (plus public) key * \param prv Keypair structure holding a private (plus public) key
* *
* \return 0 if successfull (keys are valid and match), or * \return 0 if successful (keys are valid and match), or
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or * MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
* a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code. * a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
*/ */

1
library/pkparse.c
View file

@ -787,7 +787,6 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
* Is 'publickey' present? If not, or if we can't read it (eg because it * Is 'publickey' present? If not, or if we can't read it (eg because it
* is compressed), create it from the private key. * is compressed), create it from the private key.
*/ */
pubkey_done = 0;
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
{ {

2
programs/pkey/mpi_demo.c
View file

@ -96,7 +96,7 @@ cleanup:
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( "\nAn error occured.\n" ); polarssl_printf( "\nAn error occurred.\n" );
ret = 1; ret = 1;
} }

2
scripts/ecc-heap.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# Measure heap usage (and perfomance) of ECC operations with various values of # Measure heap usage (and performance) of ECC operations with various values of
# the relevant tunable compile-time parameters. # the relevant tunable compile-time parameters.
# #
# Usage (preferably on a 32-bit platform): # Usage (preferably on a 32-bit platform):

2
tests/data_files/Readme-x509.txt
View file

@ -73,7 +73,7 @@ Certificate revocation lists
Signing CA in parentheses (same meaning as certificates). Signing CA in parentheses (same meaning as certificates).
- crl-ec-sha*: (2) server6.crt - crl-ec-sha*: (2) server6.crt
- crl-future.pem: (2) server6.crt + unkown - crl-future.pem: (2) server6.crt + unknown
- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown - crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown - crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
- crl_md*.pem: crl_sha*.pem: (1) same as crl.pem - crl_md*.pem: crl_sha*.pem: (1) same as crl.pem