yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 01:55:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
5895 commits 88 branches 205 tags 69 MiB
Commit graph

1213 commits

Author SHA1 Message Date
Gilles Peskine 880c6e74a1 Merge branch 'development' into development-restricted 2017-12-04 18:00:26 +00:00
Gilles Peskine d629411212 Merge branch 'pr_920' into development 2017-12-01 23:46:58 +01:00
Gilles Peskine 8acce85175 Added ChangeLog entry 2017-12-01 23:46:40 +01:00
Gilles Peskine ff01e009e6 Merge branch 'pr_1043' into development 2017-12-01 23:42:17 +01:00
Gilles Peskine b592f32291 Added ChangeLog entry 2017-12-01 23:40:28 +01:00
Gilles Peskine e3783da0b2 Merge remote-tracking branch 'upstream-public/pr/1172' into development 2017-12-01 22:36:21 +01:00
Gilles Peskine 02e28fe0fd Merge remote-tracking branch 'upstream-restricted/pr/425' into development-restricted 2017-12-01 17:58:12 +01:00
Gilles Peskine 0960f0663e Merge branch 'development' into development-restricted 2017-11-29 21:07:55 +01:00
Gilles Peskine 0884f4811b Merge remote-tracking branch 'upstream-public/pr/1141' into development 2017-11-29 20:50:59 +01:00
Gilles Peskine 183de312f9 Merge remote-tracking branch 'upstream-public/pr/895' into development 2017-11-29 20:49:21 +01:00
Gilles Peskine 7fb29b17c7 Merge branch 'development' into development-restricted 2017-11-28 18:46:09 +01:00
Gilles Peskine 4daffe236a Merge branch 'pr_1025' into development 
Merge PR #1025 + ChangeLog entry
 2017-11-28 18:23:53 +01:00
Gilles Peskine d742b74838 Add ChangeLog entry 2017-11-28 17:40:56 +01:00
Gilles Peskine ea8d697fa2 Merge remote-tracking branch 'upstream-public/pr/1089' into development 
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
 2017-11-28 17:32:32 +01:00
Gilles Peskine 4b117d9c92 Merge remote-tracking branch 'upstream-public/pr/1055' into development 2017-11-28 17:23:37 +01:00
Gilles Peskine f2421210a5 Merge remote-tracking branch 'upstream-public/pr/828' into development 2017-11-28 17:22:37 +01:00
Gilles Peskine 9c3573a962 Merge remote-tracking branch 'upstream-public/pr/988' into development 2017-11-28 17:08:03 +01:00
Gilles Peskine 41e974178f Merge remote-tracking branch 'upstream-restricted/pr/419' into development-restricted 
Resolved simple conflicts caused by the independent addition of
calls to mbedtls_zeroize with sometimes whitespace or comment
differences.
 2017-11-28 16:16:27 +01:00
Gilles Peskine 9c8ac0ce2c Merge remote-tracking branch 'upstream-restricted/pr/404' into development-restricted 2017-11-28 15:50:02 +01:00
Gilles Peskine 7ca6d1fdd4 Merge remote-tracking branch 'upstream-restricted/pr/399' into development-restricted 2017-11-28 14:17:53 +01:00
Gilles Peskine c753f5daf4 Merge remote-tracking branch 'upstream-restricted/pr/369' into development-restricted 2017-11-28 14:16:47 +01:00
Gilles Peskine 80441c666f Merge branch 'iotssl-1419-safermemcmp-volatile' into development-restricted 2017-11-28 13:52:33 +01:00
Gilles Peskine d4755deafa add changelog entry 2017-11-28 13:31:12 +01:00
Gilles Peskine 2507267cd4 Merge branch 'development' into development-restricted 2017-11-24 16:05:49 +01:00
Gilles Peskine e7707228b4 Merge remote-tracking branch 'upstream-public/pr/1062' into development 2017-11-24 15:35:50 +01:00
Gilles Peskine 7635cde35c Merge branch 'development' into development-restricted 2017-11-23 20:06:04 +01:00
Gilles Peskine 68306ed31f Merge remote-tracking branch 'upstream-public/pr/1094' into development 2017-11-23 20:02:46 +01:00
Gilles Peskine 1a2640c025 Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge' into development-restricted 2017-11-23 18:58:30 +01:00
Gilles Peskine dab611a7b1 ChangeLog entry for ssl_parse_client_psk_identity fix 2017-11-23 18:53:55 +01:00
Manuel Pégourié-Gonnard bfa8df4c7e Merge remote-tracking branch 'restricted/pr/416' into development-restricted 
* restricted/pr/416:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
 2017-11-23 12:10:01 +01:00
Darryl Green 36ba8b683a Add changelog for mbedtls_ecdsa_sign fix 2017-11-21 09:55:33 +00:00
Hanno Becker 7dc832bb53 Adapt ChangeLog 2017-11-20 08:52:25 +00:00
Gilles Peskine 91048a3aac RSA PSS: remove redundant check; changelog 
Remove a check introduced in the previous buffer overflow fix with keys of
size 8N+1 which the subsequent fix for buffer start calculations made
redundant.

Added a changelog entry for the buffer start calculation fix.
 2017-10-19 17:46:14 +02:00
Hanno Becker 509fef7de3 Add ChangeLog message for EC private exponent information leak 2017-10-19 10:10:18 +01:00
Hanno Becker a21e2a015b Adapt ChangeLog 2017-10-19 09:15:17 +01:00
Gilles Peskine 6a54b0240d RSA: Fix another buffer overflow in PSS signature verification 
Fix buffer overflow in RSA-PSS signature verification when the masking
operation results in an all-zero buffer. This could happen at any key size.
 2017-10-17 19:12:36 +02:00
Gilles Peskine 28a0c72795 RSA: Fix buffer overflow in PSS signature verification 
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.

Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
 2017-10-17 19:01:38 +02:00
Ron Eldor e1a9a4a826 Fix crash when calling mbedtls_ssl_cache_free twice 
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
 2017-10-17 18:15:41 +03:00
Hanno Becker 479e8e24e6 Adapt ChangeLog 2017-10-17 11:03:50 +01:00
Hanno Becker e2a73c13cf Enhancement of ChangeLog entry 2017-10-17 10:34:04 +01:00
Simon Butcher 6f63db7ed5 Fix changelog for ssl_server2.c usage fix 2017-10-12 23:22:17 +01:00
Gilles Peskine 085c10afdb Allow comments in test data files 2017-10-12 23:22:17 +01:00
Andres Amaya Garcia 735b37eeef Correctly handle leap year in x509_date_is_valid() 
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
 2017-10-12 23:21:37 +01:00
Ron Eldor 73a381772b Parse Signature Algorithm ext when renegotiating 
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
 2017-10-12 23:21:37 +01:00
Gilles Peskine 4552bf7558 Allow comments in test data files 2017-10-12 23:20:56 +01:00
Andres Amaya Garcia 106637fc2d Correctly handle leap year in x509_date_is_valid() 
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
 2017-10-12 19:54:46 +01:00
Hanno Becker 854244abbf Adapt ChangeLog 2017-10-12 16:26:37 +01:00
Ron Eldor 8dd73e62d2 Parse Signature Algorithm ext when renegotiating 
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
 2017-10-11 12:49:00 +01:00
Ron Eldor a84c1cb355 Address PR cpomments reviews 
1) move the change into Features from Changes, in the changLog
2) Change the feature alternative configuration MBEDTLS_ECDH_ALT
definition to function alternative defintions
MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT
 2017-10-10 19:04:27 +03:00
Ron Eldor 314adb6baa Address PR review comments 
1) update ChangLog to have new feature in Features instead of Changes
2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions:
MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT
 2017-10-10 18:49:02 +03:00
Simon Butcher 16373a5933 Fix changelog for ssl_server2.c usage fix 2017-10-06 11:59:13 +01:00
Simon Butcher 2c4f9460ea Update ChangeLog for fix to #836 2017-10-06 11:59:13 +01:00
Hanno Becker 1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. 
Add a reference to the relevant RFC, adapt ChangeLog.
 2017-10-06 11:58:50 +01:00
Gilles Peskine b04e2c3d81 Allow comments in test data files 2017-10-06 11:58:50 +01:00
Hanno Becker 7e304fcac9 Move deprecation to separate section in ChangeLog 2017-10-05 11:50:24 +01:00
Hanno Becker 1613715f6f Adapt ChangeLog 2017-10-05 10:30:11 +01:00
Hanno Becker 86e5230e54 Adapt ChangeLog 2017-10-05 09:08:53 +01:00
Simon Butcher 967a60502e Fix changelog for ssl_server2.c usage fix 2017-10-02 19:14:58 +01:00
Simon Butcher 83ce8201dc Update ChangeLog for fix to #836 2017-09-30 23:39:46 +01:00
Hanno Becker 2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. 
Add a reference to the relevant RFC, adapt ChangeLog.
 2017-09-30 23:35:21 +01:00
Gilles Peskine 26182edd0c Allow comments in test data files 2017-09-29 15:45:12 +02:00
Hanno Becker 041a6b030f Adapt ChangeLog 2017-09-28 14:52:26 +01:00
Ron Eldor 8b766218a8 Update ChangeLog 
Update ChangeLog according to Andres seggestion
 2017-09-24 15:44:56 +03:00
Ron Eldor 2981a0a740 Address Andres PR comments 
Address Andres' comments in the PR
 2017-09-24 15:41:09 +03:00
Jaeden Amero 1526330931 Allow alternate implementation of GCM 
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
 2017-09-22 17:42:44 +01:00
Janos Follath b174c84a3b Refine dhm_check_range() fix Changelog entry 2017-09-21 12:05:14 +01:00
Janos Follath aa325d7b7f DHM: Fix dhm_check_range() always returning 0 
Although the variable ret was initialised to an error, the
MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being
0 whenewer the bignum computation was successfull and stayed 0
independently of the actual check.
 2017-09-21 12:04:41 +01:00
Hanno Becker 930025da6d Adapt ChangeLog 2017-09-18 16:12:28 +01:00
Hanno Becker 81e96dd54a Adapt ChangeLog 2017-09-18 11:07:25 +01:00
Andres Amaya Garcia f569f701c2 Fix ChangeLog entry 2017-09-14 20:20:21 +01:00
Andres Amaya Garcia 06fc6650f4 Add ChangeLog entry 2017-09-14 20:20:15 +01:00
Ron Eldor 31162e4423 Set PEM buffer to zero before freeing it 
Set PEM buffer to zero before freeing it, to avoid private keys
being leaked to memory after releasing it.
 2017-09-05 15:34:35 +03:00
Hanno Becker f28dc2f900 Adapt ChangeLog 2017-09-04 13:07:52 +01:00
Ron Eldor f231eaae28 Add configuration file in md.h 
include `*config.h*` in md.h as MACROS in the header file get ignored.
Fix for #1001.
 2017-08-22 14:50:14 +03:00
Simon Butcher 72ea31b026 Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
Simon Butcher 01971d094e Fix language in Changelog for clarity 2017-08-10 10:48:01 +01:00
Ron Eldor 433f39c437 ECDH alternative implementation support 
Add alternative implementation support for ECDH at the higher layer
 2017-08-08 18:43:56 +03:00
Ron Eldor b68733bf62 ECDSA alternative support 
Support for alternative implementation of ECDSA, at the higher layer
 2017-08-07 18:00:22 +03:00
Hanno Becker 85b602e5d0 Improve documentation of PKCS1 decryption functions 
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
 2017-08-01 22:48:41 +01:00
Simon Butcher 3f2557e6f1 Fix style and missing item in ChangeLog 2017-08-01 18:06:12 +01:00
Simon Butcher a418e82a35 Add credit to Changelog to fix for #666 2017-07-28 23:52:10 +01:00
Simon Butcher 9fae22269b Fix ChangeLog for duplication after merge 2017-07-28 22:32:23 +01:00
Hanno Becker 61937d4a83 Rename time and index parameter to avoid name conflict. 
As noted in #557, several functions use 'index' resp. 'time'
as parameter names in their declaration and/or definition, causing name
conflicts with the functions in the C standard library of the same
name some compilers warn about.

This commit renames the arguments accordingly.
 2017-07-28 22:28:08 +01:00
Hanno Becker 7ec83df47f Adapt ChangeLog 2017-07-28 22:28:08 +01:00
Andres AG 6b171e4aec Fix potential integer overflow parsing DER CRT 
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
 2017-07-28 22:28:04 +01:00
Andres AG ce49a25033 Fix potential integer overflow parsing DER CRL 
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
 2017-07-28 22:28:04 +01:00
Ron Eldor a207e75089 Check return code of mbedtls_mpi_fill_random 
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
 2017-07-28 22:27:30 +01:00
Ron Eldor 7faf92a2fe Resource leak fix on windows platform 
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
 2017-07-28 22:27:30 +01:00
Ron Eldor 368d55c549 Wrong preproccessor condition fix 
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
 2017-07-28 22:27:30 +01:00
Ron Eldor d5a75f44a1 fix for issue 1118: check if iv is zero in gcm. 
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
 2017-07-28 22:27:29 +01:00
Janos Follath c08d9ddd55 Remove mutexes from ECP hardware acceleration 
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
 2017-07-28 22:27:29 +01:00
Simon Butcher b060cc21b1 Reorder and group sections in the ChangeLog 2017-07-28 01:04:34 +01:00
Simon Butcher 00d3cc61a6 Fix merge errors in ChangeLog 2017-07-27 21:44:34 +01:00
Andres AG 2e3ddfac5f Prevent signed integer overflow in CSR parsing 
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
 2017-07-27 21:44:34 +01:00
Andres AG 80164741e1 Fix potential integer overflow parsing DER CRT 
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
 2017-07-27 21:44:34 +01:00
Andres AG 4f753c1186 Fix potential integer overflow parsing DER CRL 
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
 2017-07-27 21:44:34 +01:00
Simon Butcher 256da0f0d8 Added missing credit to Changelog and format fixes 2017-07-27 21:44:34 +01:00
Ron Eldor 80697a0c11 Check return code of mbedtls_mpi_fill_random 
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
 2017-07-27 21:44:34 +01:00
Ron Eldor b2d6e591f9 Resource leak fix on windows platform 
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
 2017-07-27 21:44:34 +01:00
Ron Eldor 5843db932d Wrong preproccessor condition fix 
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
 2017-07-27 21:44:34 +01:00