yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-08 10:09:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
8413 commits 88 branches 205 tags 69 MiB
Commit graph

8413 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine 50da016e5c Add changelog entry for mbedtls_mpi_write_binary fix 2018-11-29 12:46:05 +01:00
Gilles Peskine 056f19c79f Tweak RSA vulnerability changelog entry 
* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
 2018-11-29 12:45:01 +01:00
Ron Eldor b9b3813649 Separate REGEX of MACRO to groups 
Seperate the REGEX into identifier, condition and value, into groups,
to behandled differently.
 2018-11-27 16:37:49 +02:00
Andres Amaya Garcia 687d6739b2 Fix resource leak of file desc in test code 2018-11-26 21:23:28 +00:00
Gilles Peskine c4a8017e3e mbedtls_ctr_drbg_update_ret: correct doc for input length limit 
Unlike mbedtls_ctr_drbg_update, this function returns an error if the
length limit is exceeded, rather than silently truncating the input.
 2018-11-26 19:26:22 +01:00
Gilles Peskine 5da0505842 Add ChangeLog entry for deprecation of mbedtls_xxx_drbg_update 
Fixes ARMmbed/mbedtls#1798
 2018-11-26 19:26:22 +01:00
Gilles Peskine 8220466297 Streamline mbedtls_xxx_drbg_update_seed_file 
Refactor mbedtls_ctr_drbg_update_seed_file and
mbedtls_hmac_drbg_update_seed_file to make the error logic clearer.

The new code does not use fseek, so it works with non-seekable files.
 2018-11-26 19:26:22 +01:00
Gilles Peskine b7f71c8bc1 HMAC_DRBG: report all errors from HMAC functions 
Make sure that any error from mbedtls_md_hmac_xxx is propagated.
 2018-11-26 19:26:22 +01:00
Gilles Peskine e0e9c573ad HMAC_DRBG: deprecate mbedtls_hmac_drbg_update because it ignores errors 
Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a
new function mbedtls_hmac_drbg_update_ret which reports error.
 2018-11-26 19:26:21 +01:00
Gilles Peskine d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors 
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
 2018-11-26 19:26:00 +01:00
Gilles Peskine 1b09f4027e Add ChangeLog entry for wiping sensitive buffers 2018-11-26 16:19:22 +01:00
Gilles Peskine afa803775a HMAC_DRBG: clean stack buffers 
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
 2018-11-26 15:47:14 +01:00
Gilles Peskine d9aa84dc0d CTR_DRBG: clean stack buffers 
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
 2018-11-26 15:47:14 +01:00
Ron Eldor d5062dedeb Add conditional dependency to tests 
Add a way to check compile time defionitions values, for determining
whether to skip tests.
 2018-11-26 14:23:14 +02:00
Ron Eldor 822b834bdf Update ChangeLog 
Add an entry in ChangeLog describing the fix.
 2018-11-25 10:38:34 +02:00
Ron Eldor 6dbb9aabf8 Test AD too long only when CCM_ALT not defined 
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in #1996.
 2018-11-25 10:31:53 +02:00
Gilles Peskine c117d5928c check-files: detect merge artifacts 
Detect Git merge artifacts. These are lines starting with "<<<<<<",
"|||||||" or ">>>>>>>" followed by a space, or containing just
"=======". For "=======", exempt Markdown files, because this can be
used to underline a title, as a compromise between false negatives and
false positives.
 2018-11-23 21:11:52 +01:00
Gilles Peskine 043980585c Factor record_issue into its own method 2018-11-23 21:11:30 +01:00
Jaeden Amero 80a23a5bc4 check-files: Don't check same-named files 
The check-files script contains the strings "TODO" and "todo" in order to
search for files that contain TODO items. So, any check-files script would
need to be excluded from the list of files that gets checked for "TODO".
Normally, the script excludes itself from checks, but with the addition of
the crypto submodule, there is another copy of the script present from the
project root. We must avoid checking check-files scripts for TODO items.
This also helps if you run check-files from another working tree in your
working tree.
 2018-11-23 13:14:38 +00:00
Simon Butcher 3459c749fb Create a block list for Travis CI, and fix the Coverity email 2018-11-22 10:14:03 +00:00
Gilles Peskine 11cdb0559e mbedtls_mpi_write_binary: don't leak the exact size of the number 
In mbedtls_mpi_write_binary, avoid leaking the size of the number
through timing or branches, if possible. More precisely, if the number
fits in the output buffer based on its allocated size, the new code's
trace doesn't depend on the value of the number.
 2018-11-20 17:09:27 +01:00
Simon Butcher 556d7d9e3b
Merge pull request #532 from sbutcher-arm/version-2.14.0 
Bump Mbed TLS Version to 2.14.0
 2018-11-19 18:45:45 +00:00
Simon Butcher c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Simon Butcher b35e59d36d Refine the language in the ChangeLog 
Fix the language and descriptions in the ChangeLog following review of the
Release Notes for the next release.
 2018-11-19 15:49:26 +00:00
Manuel Pégourié-Gonnard f560a2d6fc Disable test that trigger bug in old GnuTLS 
This is temporary until we fix the GnuTLS version available in our CI.
 2018-11-19 13:24:23 +01:00
Ron Eldor 7a977881b4 Change buf size to a valid size 
Change the size of `buf` to a valid hash size, in `ecdsa_prim_random()`
 2018-11-19 13:51:00 +02:00
Simon Butcher 681edee803 Fix language and formatting in ChangeLog 
Changed the formatting and language in the ChangeLog to the house-style.
 2018-11-15 13:01:23 +00:00
Simon Butcher 06d80cf172 Fix merge of Changelog 128bit CTR_DRBG entry 
The entry describing support for 128-bit keys in CTR_DRBG was merged into the
wrong version.
 2018-11-12 14:30:19 +00:00
Simon Butcher de13963d66 Merge remote-tracking branch 'restricted/pr/520' into development-restricted-proposed 2018-11-12 14:30:16 +00:00
Simon Butcher cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Simon Butcher 2ab14bb2ca Clarified new platform errors in the ChangeLog 
Clarified new platform errors and error code deprecations in the ChangeLog.
 2018-11-09 20:09:33 +00:00
Simon Butcher e51d4b336b Merge remote-tracking branch 'public/pr/2054' into development-proposed 2018-11-09 19:57:53 +00:00
Ron Eldor 6aa9fb4916 Add ChangeLog entry 
Add the ChangeLog entry describing the change.
 2018-11-09 15:01:09 +00:00
Ron Eldor 9924bdc792 Deprecate hardware acceleration errors 
Deprecate the module-specific XXX_HW_ACCEL_FAILED and
XXX_FEATURE_UNAVAILABLE errors, as alternative implementations should now
return `MBEDTLS_ERR_PLATFORM_HW_FAILED` and
`MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED`.
 2018-11-09 15:01:07 +00:00
Ron Eldor bcca58c6cd Add common feature unavailable error 
Add a common error for the feature unavailable, in the
platform module.
 2018-11-09 13:57:37 +00:00
Simon Butcher d83448b736 Merge remote-tracking branch 'public/pr/2052' into development-restricted-proposed 2018-11-07 12:59:14 +00:00
Simon Butcher 53b45ec881 Merge remote-tracking branch 'public/pr/2079' into development-restricted-proposed 2018-11-07 12:58:44 +00:00
Simon Butcher bbc31b4827 Merge remote-tracking branch 'public/pr/2085' into development-restricted-proposed 2018-11-07 12:57:38 +00:00
Simon Butcher 93a9b497e0 Merge remote-tracking branch 'public/pr/2077' into development-restricted-proposed 2018-11-07 12:57:24 +00:00
Simon Butcher 361ce6c302 Merge remote-tracking branch 'public/pr/2127' into development-restricted-proposed 2018-11-07 12:57:01 +00:00
Simon Butcher c81813153c Merge remote-tracking branch 'public/pr/2140' into development-restricted-proposed 2018-11-07 12:56:05 +00:00
Simon Butcher 241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher 42ab4ae033 Merge remote-tracking branch 'public/pr/2167' into development-restricted-proposed 2018-11-07 12:54:45 +00:00
Hanno Becker f6d6e30820 Fix incomplete assertion in ssl_write_handshake_msg() 
ssl_write_handshake_msg() includes the assertion that
`ssl->handshake != NULL` when handling a record which is
(a) a handshake message, and NOT
(b) a HelloRequest.
However, it later calls `ssl_append_flight()` for any
record different from a HelloRequest handshake record,
that is, records satisfying !(a) || !(b), instead of
(a) && !(b) as covered by the assertion (specifically,
CCS or Alert records).

Since `ssl_append_flight()` assumes that `ssl->handshake != NULL`,
this rightfully triggers static analyzer warnings.

This commit expands the scope of the assertion to check
that `ssl->handshake != NULL` for any record which is not
a HelloRequest.
 2018-11-07 11:57:51 +00:00
Simon Butcher 51b6abbbf2 Merge remote-tracking branch 'public/pr/2165' into development-proposed 2018-11-06 22:55:14 +00:00
Hanno Becker f143a78011 Adapt ChangeLog 2018-11-06 17:59:28 +00:00
Hanno Becker fe936c35c1 Adapt ChangeLog 2018-11-06 13:35:47 +00:00
Hanno Becker 9772da8792 Add missing bracket 
Wasn't spotted earlier because it's guarded by `! HAVE_GETRANDOM`.
 2018-11-06 13:12:47 +00:00
Ron Eldor 7213744b07 Fix typo in comment 
Change from from lower case to upper case in XXX_ALT
comment in `MBEDTLS_ECP_RESTARTABLE` description.
 2018-11-05 22:31:32 +02:00
Hanno Becker e2dae7e1f5 Add explicit integer to enumeration casts to programs/pkey/gen_key.c 
Fixes #2170.
 2018-11-05 16:54:40 +00:00