yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-26 12:35:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
6859 commits 88 branches 205 tags 69 MiB
Commit graph

6859 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine f249e37e86 Add ChangeLog entry for wiping sensitive buffers 2018-09-13 22:11:23 +02:00
Gilles Peskine 1da7776bd7 HMAC_DRBG: clean stack buffers 
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
 2018-09-13 22:11:17 +02:00
Gilles Peskine d324c5954a CTR_DRBG: clean stack buffers 
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
 2018-09-13 22:10:46 +02:00
Simon Butcher d6a63f4ca5 Clarified ChangeLog entry 
ChangeLog entry for backport of #1890 was misleading, so corrected it.
 2018-09-13 11:59:03 +01:00
Simon Butcher eee169a082
Merge pull request #506 from sbutcher-arm/mbedtls-version-2.7.6 
Update library version number to 2.7.6
 2018-08-31 17:29:24 +01:00
Simon Butcher 34997fd291 Update library version number to 2.7.6 2018-08-31 16:07:23 +01:00
Simon Butcher a36fe37429 Revised and clarified ChangeLog 
Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
 2018-08-31 12:00:58 +01:00
Andrzej Kurek 77798b9f2d ssl-opt.sh: change expected output for large srv packet test with SSLv3 
This test also exercises a protection against BEAST
and should expect message splitting.
 2018-08-29 07:05:59 -04:00
Andrzej Kurek 0d50aeb4d4 Remove trailing whitespace 2018-08-29 07:05:44 -04:00
Andrzej Kurek fb764931ee ssl_server2: add buffer overhead for a termination character 
Switch to mbedtls style of memory allocation
 2018-08-29 07:05:44 -04:00
Andrzej Kurek d5ab1883b7 Add missing large and small packet tests for ssl_server2 2018-08-29 07:05:44 -04:00
Andrzej Kurek 6b3ec17463 Added buffer_size and response_size options for ssl-server2. 
Added appropriate tests.
 2018-08-29 07:05:44 -04:00
Simon Butcher 9877efb401 Merge remote-tracking branch 'restricted/pr/437' into mbedtls-2.7-restricted 2018-08-28 15:34:28 +01:00
Simon Butcher 242169bdc3 Merge remote-tracking branch 'restricted/pr/498' into mbedtls-2.7-restricted 2018-08-28 15:29:55 +01:00
Simon Butcher 6910201cd1 Merge remote-tracking branch 'restricted/pr/493' into mbedtls-2.7-restricted 2018-08-28 15:23:39 +01:00
Simon Butcher fbd0ccc0f0 Merge remote-tracking branch 'public/pr/1978' into mbedtls-2.7 2018-08-28 12:32:21 +01:00
Simon Butcher 4102b3d377 Merge remote-tracking branch 'public/pr/1888' into mbedtls-2.7 2018-08-28 12:25:12 +01:00
Simon Butcher cc4f58d08c Merge remote-tracking branch 'public/pr/1956' into mbedtls-2.7 2018-08-28 12:16:11 +01:00
Simon Butcher f7be6b029e Merge remote-tracking branch 'public/pr/1960' into mbedtls-2.7 2018-08-28 11:51:56 +01:00
Simon Butcher 040cff9895 Merge remote-tracking branch 'public/pr/1974' into mbedtls-2.7 2018-08-28 10:20:37 +01:00
Simon Butcher b6cf145b7a Merge remote-tracking branch 'public/pr/1981' into mbedtls-2.7 2018-08-28 10:18:32 +01:00
Hanno Becker 6728d3cfdb Improve documentation of mbedtls_x509_crt_parse() 2018-08-24 10:02:03 +01:00
Hanno Becker b37ca7a4eb Move ChangeLog entry from Bugfix to Changes section 2018-08-23 16:42:32 +01:00
Hanno Becker ca16cf67da Improve wording 2018-08-23 16:15:26 +01:00
Hanno Becker 063c50df8a pk_encrypt: Uniformize debugging output 2018-08-23 15:57:15 +01:00
Hanno Becker ca8c3b434c Improve documentation of mbedtls_x509_crt_parse() 
Fixes #1883.
 2018-08-23 15:52:01 +01:00
Hanno Becker 45d006a9cc Fix typos in programs/x509/cert_write.c 
Fixes #1922.
 2018-08-23 15:27:21 +01:00
Hanno Becker 6953ac2dbe Minor formatting improvements in pk_encrypt and pk_decrypt examples 2018-08-23 15:14:52 +01:00
Hanno Becker 20b5d14b28 Adapt ChangeLog 2018-08-23 15:14:51 +01:00
Hanno Becker a82a6e126d Correct memory leak in pk_decrypt example program 2018-08-23 15:14:50 +01:00
Hanno Becker 20fce25f28 Correct memory-leak in pk_encrypt example program 2018-08-23 15:14:50 +01:00
Hanno Becker 8b9d102160 Adapt ChangeLog 2018-08-23 14:58:02 +01:00
Hanno Becker 99f3916e31 Return from debugging functions if SSL context is unset 
The debugging functions
- mbedtls_debug_print_ret,
- mbedtls_debug_print_buf,
- mbedtls_debug_print_mpi, and
- mbedtls_debug_print_crt
return immediately if the SSL configuration bound to the
passed SSL context is NULL, has no debugging functions
configured, or if the debug threshold is below the debugging
level.
However, they do not check whether the provided SSL context
is not NULL before accessing the SSL configuration bound to it,
therefore leading to a segmentation fault if it is.
In contrast, the debugging function
- mbedtls_debug_print_msg
does check for ssl != NULL before accessing ssl->conf.

This commit unifies the checks by always returning immediately
if ssl == NULL.
 2018-08-23 14:57:39 +01:00
Hanno Becker dc6c0e49ad ssl-opt.sh: Preserve proxy log, too, if --preserve-logs is specified 2018-08-22 15:24:25 +01:00
Hanno Becker 4d646a60bd Adapt ChangeLog 2018-08-22 15:11:28 +01:00
Hanno Becker b554636236 ssl-opt.sh: Add DTLS session resumption tests 
Fixes #1969.
 2018-08-22 15:07:31 +01:00
Hanno Becker 6c794faa46 Fix bug in SSL ticket implementation removing keys of age < 1s 
Fixes #1968.
 2018-08-22 14:58:31 +01:00
Jaeden Amero e4d14208aa Merge remote-tracking branch 'upstream-public/pr/1953' into mbedtls-2.7 2018-08-17 15:31:58 +01:00
Hanno Becker 12f7ede56e Compute record expansion in steps to ease readability 2018-08-17 15:30:03 +01:00
Jaeden Amero ab397dd47c Merge remote-tracking branch 'upstream-public/pr/1944' into mbedtls-2.7 2018-08-17 14:27:06 +01:00
Hanno Becker f38db01c42 Adapt ChangeLog 2018-08-17 10:12:23 +01:00
Hanno Becker dbd3e88479 Fix mbedtls_ssl_get_record_expansion() for CBC modes 
`mbedtls_ssl_get_record_expansion()` is supposed to return the maximum
difference between the size of a protected record and the size of the
encapsulated plaintext.

Previously, it did not correctly estimate the maximum record expansion
in case of CBC ciphersuites in (D)TLS versions 1.1 and higher, in which
case the ciphertext is prefixed by an explicit IV.

This commit fixes this bug. Fixes #1914.
 2018-08-17 10:12:21 +01:00
Hanno Becker 517e84a0e3 Improve ChangeLog wording for the commmit that Fixes #1954. 2018-08-17 10:04:08 +01:00
Hanno Becker 3a333a58ba Add tests for empty CA list in CertificateRequest, TLS 1.0 & 1.1 2018-08-17 10:04:08 +01:00
Hanno Becker 4a4c04dc9c Adapt ChangeLog 2018-08-16 15:53:02 +01:00
Hanno Becker 78d5d8225e Fix overly strict bounds check in ssl_parse_certificate_request() 2018-08-16 15:53:02 +01:00
Mohammad Azim Khan 7e84affb45 Fix Wformat-overflow warning in ssl_mail_client.c 
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
 2018-08-16 14:34:15 +01:00
Hanno Becker 8058800d54 Adapt ChangeLog 2018-08-14 15:48:41 +01:00
Hanno Becker cd6a64a516 Reset session_in/out pointers in ssl_session_reset_int() 
Fixes #1941.
 2018-08-14 15:48:36 +01:00
Jaeden Amero 9eb78b4dab Merge remote-tracking branch 'upstream-public/pr/1900' into mbedtls-2.7 
Add a Changelog entry
 2018-08-10 11:26:15 +01:00