yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-06 17:29:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
5216 commits 88 branches 205 tags 69 MiB
Commit graph

1221 commits

Author SHA1 Message Date
Simon Butcher be9c2dce5b Revise ChangeLog entry for empty data records fixes 2018-07-24 13:01:59 +01:00
Simon Butcher 642ddb555e Merge remote-tracking branch 'public/pr/1864' into mbedtls-2.1 2018-07-24 13:01:02 +01:00
Simon Butcher c098ec3af6 Merge remote-tracking branch 'public/pr/1779' into mbedtls-2.1 2018-07-20 14:47:37 +01:00
Simon Butcher ff5bd6220b Fix ChangeLog entry for issue 
The ChangeLog entry was under the wrong version, and under Changes, not
Bug Fixes.
 2018-07-19 19:59:02 +01:00
Simon Butcher eebee76f93 Merge remote-tracking branch 'public/pr/1846' into mbedtls-2.1 2018-07-19 19:48:40 +01:00
Simon Butcher f11daf6ff6 Merge remote-tracking branch 'public/pr/1850' into mbedtls-2.1 2018-07-19 16:14:44 +01:00
Ron Eldor 41273200a2 Update ChangeLog 
Remove extra entries added by a bad cherry-pick.
 2018-07-17 14:16:12 +03:00
Andres Amaya Garcia 01daf2a5ef Add ChangeLog entry for empty app data fix 2018-07-16 20:22:28 +01:00
Angus Gratton fd1c5e8453 Check for invalid short Alert messages 
(Short Change Cipher Spec & Handshake messages are already checked for.)
 2018-07-16 20:20:51 +01:00
Angus Gratton 1226dd7715 CBC mode: Allow zero-length message fragments (100% padding) 
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
 2018-07-16 20:20:44 +01:00
k-stachowiak b435e99693 Update change log 2018-07-16 12:27:34 +02:00
Manuel Pégourié-Gonnard 534fea790e Clarify attack conditions in the ChangeLog. 
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
 2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard 99b6a711c8 Add counter-measure to cache-based Lucky 13 
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
 2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard 69675d056a Fix Lucky 13 cache attack on MD/SHA padding 
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
 2018-07-12 10:20:33 +02:00
Simon Butcher 54cf322c05 Add fix for and credit to the ChangeLog 2018-07-10 23:02:15 +01:00
Simon Butcher 57e9fe2df4 Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1 2018-07-10 14:59:56 +01:00
Simon Butcher ec971d7434 Merge remote-tracking branch 'public/pr/1828' into mbedtls-2.1 2018-07-10 12:51:03 +01:00
Gilles Peskine 2347d4eb3b Add ChangeLog entry 2018-07-10 13:03:54 +02:00
k-stachowiak 9e070019ad Update change log 2018-07-09 14:44:26 +02:00
Philippe Antoine bbc7918b6b Fixes different off by ones 2018-07-09 10:33:08 +02:00
Ron Eldor 5c8e588444 Minor fixes 
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
 2018-07-05 14:59:23 +03:00
Simon Butcher 4b57a1f182 Add ChangeLog entry for fix 2018-07-02 12:18:35 +01:00
niisato 000e48af07 Add ChangeLog 2018-06-29 11:31:52 +01:00
Ron Eldor f27f8aeb19 Update ChangeLog 
Update ChangeLog with a less ambigous description.
 2018-06-28 16:08:09 +03:00
Ron Eldor 5c141d28ca Add entry in ChangeLog 
Add an entry in the ChangeLog, describing the fix.
 2018-06-28 16:08:01 +03:00
Simon Butcher b461ba5630 Adds referene in ChangeLog for issue 2018-06-28 12:14:07 +01:00
Simon Butcher 03c79a1973 Add ChangeLog entry for - key_app_writer writes invalid ASN.1 2018-06-28 12:00:55 +01:00
Simon Butcher e5828ce06c Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1 2018-06-28 11:38:18 +01:00
Ron Eldor d7593a5b73 Add entry in ChangeLog 
Add entry in ChangeLog for compilation error fix of
2018-06-28 08:51:37 +03:00
Ron Eldor 254530f2e0 Documentation error in mbedtls_ssl_get_session 
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves
2018-06-27 17:51:56 +03:00
Ron Eldor e6c2f4d168 Fix typo in ChangeLog 
Fix typo in ChangeLog discovered in PR review
 2018-06-24 17:21:08 +03:00
Ron Eldor 2c8a7ec0dd Remove unneeded namesapcing in header files 
Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue
2018-06-24 17:20:40 +03:00
Simon Butcher ba3e5e60f2 Merge remote-tracking branch 'public/pr/1558' into mbedtls-2.1 2018-06-22 15:07:52 +01:00
Simon Butcher b1c796ec48 Merge remote-tracking branch 'public/pr/1769' into mbedtls-2.1 2018-06-22 15:05:34 +01:00
Simon Butcher 584fad2ce6 Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse() 2018-06-22 12:19:56 +01:00
Simon Butcher ad761c45b9 Fix multiple quality issues in the source 
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
 2018-06-22 11:22:44 +01:00
Andres Amaya Garcia 45bc7db600 Add ChangeLog entry for mbedtls_ssl_write() docs 2018-06-21 19:35:46 +01:00
Ron Eldor 0bd06a3de0 Add tests for mbedtls_cipher_crypt API 
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves , by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
 2018-06-21 13:59:01 +03:00
Simon Butcher 6fc9ceece3 Change the library version to 2.1.13 2018-06-18 14:49:02 +01:00
Simon Butcher 494fb8f968 Add ChangeLog entry for clang version fix. Issue 2018-06-18 11:56:46 +01:00
Simon Butcher 0a715b1587 Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1 2018-06-17 18:02:57 +01:00
Simon Butcher 7505ef255b Merge remote-tracking branch 'public/pr/1712' into mbedtls-2.1 2018-06-17 18:01:54 +01:00
Simon Butcher db3fe7cbe4 Add ChangeLog entry for Microblaze fix 2018-06-15 09:39:19 +01:00
Simon Butcher 577d39b930 Compilation warning fixes on 32b platfrom with IAR 
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in 

This is based on work by Ron Eldor in PR .
 2018-06-14 09:10:23 +01:00
Simon Butcher a5fb40d9f9 Merge remote-tracking branch 'public/pr/1465' into mbedtls-2.1 2018-06-11 11:49:28 +01:00
Simon Butcher 0c362f68b3 Add ChangeLog entry for _WIN32_WINNT override fix 2018-06-08 16:27:04 +01:00
Simon Butcher fcc7a62bb1 Merge remote-tracking branch 'public/pr/1403' into mbedtls-2.1 2018-06-01 19:43:55 +01:00
Moran Peker 6981df59e7 Remove double declaration of mbedtls_ssl_list_ciphersuites 
Raised by TrinityTonic.
2018-05-23 18:42:36 +01:00
Simon Butcher a8002f8f39 Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1 2018-05-23 17:58:10 +01:00
Simon Butcher 7350ab18df Fix ChangeLog for PR following merge 2018-05-23 17:55:02 +01:00
Simon Butcher e64bf3968e Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1 2018-05-23 17:53:23 +01:00
Simon Butcher 13188782a0 Fix up ChangeLog following rebase to mbedtls-2.1.12 2018-05-11 16:41:07 +01:00
Andres AG 879e62697e Allow the entry_name size to be set in config.h 
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
 2018-05-11 16:38:38 +01:00
Jaeden Amero 3263f46a0e Merge remote-tracking branch 'upstream-restricted/pr/480' into mbedtls-2.1-restricted 2018-04-30 17:38:15 +01:00
Simon Butcher 50d802172f Fix the ChangeLog for clarity, english and credit 2018-04-30 17:23:10 +01:00
Jaeden Amero 6c0fba4350 Update version to 2.1.12 2018-04-27 13:13:54 +01:00
Jaeden Amero 4faad41346 Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed 
Remove trailing whitespace from ChangeLog.
 2018-04-26 11:09:15 +01:00
Jaeden Amero 7db991d56a Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed 
Resolve conflicts in ChangeLog
 2018-04-26 09:03:14 +01:00
Andrzej Kurek 128bcbea1a Changelog entry 2018-04-25 05:29:47 -04:00
Andrzej Kurek bb6661479f ssl_tls: Fix invalid buffer sizes during compression / decompression 
Adjust information passed to zlib to include already written data.
 2018-04-23 08:29:36 -04:00
Mohammad Azim Khan 3f1d5cb324 Same ciphersuite validation in server and client hello 2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard 1e2f4da801 Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed 
* restricted/pr/469:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Adjust 2.1 specific code to match the buffer verification tests
  Add a missing buffer size check
  Correct buffer size check
 2018-04-18 12:22:24 +02:00
Darryl Green ce52b58da0 Fix braces in mbedtls_memory_buffer_alloc_status() 2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak 8fc134fcb1 Update change log 2018-04-05 08:51:35 +02:00
fbrosson 0620206db3 Backport 2.1: Use "#!/usr/bin/env perl" as shebang line. 2018-04-04 22:29:59 +00:00
Gilles Peskine 24f4584473 Align ChangeLog entry for PR with development 2018-04-04 10:18:37 +02:00
Jaeden Amero 23d979bee0 Merge remote-tracking branch 'upstream-public/pr/1554' into mbedtls-2.1-proposed 2018-04-03 19:15:28 +01:00
AndrzejKurek 0de430678e pk_sign: fix overriding and ignoring return values 2018-04-03 19:38:45 +02:00
Jaeden Amero ac9939c096 Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed 2018-04-03 18:27:18 +01:00
Jaeden Amero ee6c822076 Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed 2018-04-03 12:07:19 +01:00
Gilles Peskine 225684015d Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed 2018-04-01 12:41:33 +02:00
Gilles Peskine 8b1cddcf26 Merge remote-tracking branch 'upstream-public/pr/1542' into mbedtls-2.1-proposed 2018-04-01 12:41:00 +02:00
Gilles Peskine 419e670702 Minor changelog improvement 2018-04-01 12:33:35 +02:00
Gilles Peskine 04450488ec Add ChangeLog entry to credit independent contribution 
Also: fixes
2018-03-31 23:06:09 +02:00
Andrzej Kurek a1149a70ae Add tests for "return plaintext data faster on unpadded decryption" 2018-03-30 05:00:19 -04:00
Darryl Green 093c170377 Improve documentation of mbedtls_ssl_write() 2018-03-29 16:56:09 +01:00
Jaeden Amero cbe731c653 Merge remote-tracking branch 'upstream-public/pr/1532' into mbedtls-2.1-proposed 2018-03-29 11:03:17 +01:00
Jaeden Amero 82e288adb6 Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed 2018-03-29 10:59:43 +01:00
Jaeden Amero 616485854e Merge remote-tracking branch 'upstream-public/pr/1469' into mbedtls-2.1-proposed 2018-03-28 15:36:01 +01:00
Jaeden Amero 478baecc06 Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed 2018-03-28 15:34:25 +01:00
Ivan Krylov 1110a6fa63 Add ChangeLog entry 2018-03-28 17:25:12 +03:00
Jaeden Amero 8b4cd26eaf Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed 2018-03-28 13:44:28 +01:00
Gilles Peskine f362b97415 Add ChangeLog entry 
Fixes . Fixes .
 2018-03-27 23:22:37 +02:00
Andres Amaya Garcia 47569d7384 Add ChangeLog entry for PBES2 when ASN1 disabled 2018-03-27 21:34:15 +01:00
Andres Amaya Garcia bc00667a90 Improve ChangeLog for DLEXT and AR_DASH changes 2018-03-27 20:07:52 +01:00
Andres Amaya Garcia 83bffd353e Add ChangeLog entry for library/makefile changes 2018-03-26 00:15:21 +01:00
Gilles Peskine eea857dc0d Add ChangeLog entry 2018-03-23 14:38:14 +01:00
Gilles Peskine d888bd2c65 Add changelog entries for improved testing 
Fixes
2018-03-23 02:29:49 +01:00
Gilles Peskine 2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted 
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
 2018-03-23 02:28:33 +01:00
Jethro Beekman 1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys. 
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
 2018-03-22 18:03:30 -07:00
mohammad1603 cee0890b19 Verify that f_send and f_recv send and receive the expected length 
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
 2018-03-22 15:01:02 -07:00
Andres Amaya Garcia 2a0aee3163 Add ChangeLog entry for redundant mutex initialization optimizations 2018-03-21 17:40:48 +00:00
Andres Amaya Garcia 09d787f2fc Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:24:32 +00:00
Jaeden Amero 1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Jaeden Amero 7f44963f45 Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed 2018-03-15 15:24:47 +00:00
Ron Eldor 82712a9c97 Write correct number of ciphersuites in log 
Change location of log, to fit the correct number of used ciphersuites
 2018-03-15 15:09:28 +00:00
Jaeden Amero 23f503f12d Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed 2018-03-14 18:32:21 +00:00
Jaeden Amero 5e50ff8f44 Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed 2018-03-14 18:16:29 +00:00
Jaeden Amero 10a1a60966 Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed 2018-03-14 18:03:41 +00:00
Jaeden Amero 0980d9a3ae Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed 2018-03-14 17:53:27 +00:00