yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-07-09 11:40:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
5997 commits 88 branches 205 tags 69 MiB
Commit graph

5997 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine d629411212 Merge branch 'pr_920' into development 2017-12-01 23:46:58 +01:00
Gilles Peskine 8acce85175 Added ChangeLog entry 2017-12-01 23:46:40 +01:00
Gilles Peskine ff01e009e6 Merge branch 'pr_1043' into development 2017-12-01 23:42:17 +01:00
Gilles Peskine b592f32291 Added ChangeLog entry 2017-12-01 23:40:28 +01:00
Gilles Peskine e3783da0b2 Merge remote-tracking branch 'upstream-public/pr/1172' into development 2017-12-01 22:36:21 +01:00
Gilles Peskine 02e28fe0fd Merge remote-tracking branch 'upstream-restricted/pr/425' into development-restricted 2017-12-01 17:58:12 +01:00
Gilles Peskine da519251d4 Add --no-yotta option to all.sh 
The Yotta tools break in some environments and it's useful to be able
to run the rest of all.sh nonetheless.
 2017-11-30 14:24:33 +01:00
Gilles Peskine 832f349f93 Fix build without MBEDTLS_FS_IO 
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by e7707228b4
    Merge remote-tracking branch 'upstream-public/pr/1062' into development
 2017-11-30 12:03:27 +01:00
Gilles Peskine 0960f0663e Merge branch 'development' into development-restricted 2017-11-29 21:07:55 +01:00
Gilles Peskine 0884f4811b Merge remote-tracking branch 'upstream-public/pr/1141' into development 2017-11-29 20:50:59 +01:00
Gilles Peskine 183de312f9 Merge remote-tracking branch 'upstream-public/pr/895' into development 2017-11-29 20:49:21 +01:00
Andres Amaya Garcia c5380649d9 Change value of MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE 
Change the value of the error MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE to
0x0023 to ensure the errors in the AES module are all in a continuous
range.
 2017-11-29 10:42:49 +00:00
Ron Eldor 0728d69d6d Change kB to KiB 
Change the style of the units to KiB, according to
https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/
 2017-11-29 12:08:35 +02:00
Gilles Peskine 7fb29b17c7 Merge branch 'development' into development-restricted 2017-11-28 18:46:09 +01:00
Gilles Peskine 4daffe236a Merge branch 'pr_1025' into development 
Merge PR #1025 + ChangeLog entry
 2017-11-28 18:23:53 +01:00
Gilles Peskine d742b74838 Add ChangeLog entry 2017-11-28 17:40:56 +01:00
Gilles Peskine ea8d697fa2 Merge remote-tracking branch 'upstream-public/pr/1089' into development 
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
 2017-11-28 17:32:32 +01:00
Gilles Peskine 4b117d9c92 Merge remote-tracking branch 'upstream-public/pr/1055' into development 2017-11-28 17:23:37 +01:00
Gilles Peskine f2421210a5 Merge remote-tracking branch 'upstream-public/pr/828' into development 2017-11-28 17:22:37 +01:00
Gilles Peskine 9c3573a962 Merge remote-tracking branch 'upstream-public/pr/988' into development 2017-11-28 17:08:03 +01:00
Gilles Peskine f16de7d525 Merge remote-tracking branch 'upstream-public/pr/995' into development 2017-11-28 16:59:20 +01:00
Gilles Peskine 41e974178f Merge remote-tracking branch 'upstream-restricted/pr/419' into development-restricted 
Resolved simple conflicts caused by the independent addition of
calls to mbedtls_zeroize with sometimes whitespace or comment
differences.
 2017-11-28 16:16:27 +01:00
Gilles Peskine 9c8ac0ce2c Merge remote-tracking branch 'upstream-restricted/pr/404' into development-restricted 2017-11-28 15:50:02 +01:00
Ron Eldor a0748019f1 Change KB to kB 
Change KB to kB, as this is the proper way to write kilo bytes
 2017-11-28 16:48:51 +02:00
Gilles Peskine 7ca6d1fdd4 Merge remote-tracking branch 'upstream-restricted/pr/399' into development-restricted 2017-11-28 14:17:53 +01:00
Gilles Peskine c753f5daf4 Merge remote-tracking branch 'upstream-restricted/pr/369' into development-restricted 2017-11-28 14:16:47 +01:00
Gilles Peskine 80441c666f Merge branch 'iotssl-1419-safermemcmp-volatile' into development-restricted 2017-11-28 13:52:33 +01:00
Gilles Peskine d4755deafa add changelog entry 2017-11-28 13:31:12 +01:00
Gilles Peskine 2507267cd4 Merge branch 'development' into development-restricted 2017-11-24 16:05:49 +01:00
Gilles Peskine e7707228b4 Merge remote-tracking branch 'upstream-public/pr/1062' into development 2017-11-24 15:35:50 +01:00
Gilles Peskine 7635cde35c Merge branch 'development' into development-restricted 2017-11-23 20:06:04 +01:00
Gilles Peskine 68306ed31f Merge remote-tracking branch 'upstream-public/pr/1094' into development 2017-11-23 20:02:46 +01:00
Gilles Peskine 1a2640c025 Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge' into development-restricted 2017-11-23 18:58:30 +01:00
Gilles Peskine dab611a7b1 ChangeLog entry for ssl_parse_client_psk_identity fix 2017-11-23 18:53:55 +01:00
Manuel Pégourié-Gonnard bfa8df4c7e Merge remote-tracking branch 'restricted/pr/416' into development-restricted 
* restricted/pr/416:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
 2017-11-23 12:10:01 +01:00
Darryl Green 36ba8b683a Add changelog for mbedtls_ecdsa_sign fix 2017-11-21 09:55:33 +00:00
Gilles Peskine 5eafc74154
Merge pull request #1159 from RonEld/1862 
Change Arm Trademarks
 2017-11-20 17:45:49 +01:00
Hanno Becker 7dc832bb53 Adapt ChangeLog 2017-11-20 08:52:25 +00:00
Hanno Becker 992b6872f3 Fix heap corruption in ssl_decrypt_buf 
Previously, MAC validation for an incoming record proceeded as follows:

1) Make a copy of the MAC contained in the record;
2) Compute the expected MAC in place, overwriting the presented one;
3) Compare both.

This resulted in a record buffer overflow if truncated MAC was used, as in this
case the record buffer only reserved 10 bytes for the MAC, but the MAC
computation routine in 2) always wrote a full digest.

For specially crafted records, this could be used to perform a controlled write of
up to 6 bytes past the boundary of the heap buffer holding the record, thereby
corrupting the heap structures and potentially leading to a crash or remote code
execution.

This commit fixes this by making the following change:
1) Compute the expected MAC in a temporary buffer that has the size of the
   underlying message digest.
2) Compare to this to the MAC contained in the record, potentially
   restricting to the first 10 bytes if truncated HMAC is used.

A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
 2017-11-20 08:52:25 +00:00
Darryl Green f5bcbede92 Add tests for invalid private parameters in mbedtls_ecdsa_sign() 2017-11-17 17:09:31 +00:00
Darryl Green c64a48bec7 Add checks for private parameter in mbedtls_ecdsa_sign() 2017-11-17 17:09:17 +00:00
Andres Amaya Garcia 5a6da63138 Fix indentation for mbedtls_x509_crt_check_key_usage() 2017-11-14 21:47:08 +00:00
Andres Amaya Garcia c81fcb9d36 Fix typos in documentation for mbedtls_x509_crt_check_extended_key_usage() 2017-11-14 21:43:14 +00:00
Manuel Pégourié-Gonnard 888fedea06 Merge branch 'development' into development-restricted 
* development: (30 commits)
  update README file (#1144)
  Fix typo in asn1.h
  Improve leap year test names in x509parse.data
  Correctly handle leap year in x509_date_is_valid()
  Renegotiation: Add tests for SigAlg ext parsing
  Parse Signature Algorithm ext when renegotiating
  Minor style fix
  config.pl get: be better behaved
  config.pl get: don't rewrite config.h; detect write errors
  Fixed "config.pl get" for options with no value
  Fix typo and bracketing in macro args
  Ensure failed test_suite output is sent to stdout
  Remove use of GNU sed features from ssl-opt.sh
  Fix typos in ssl-opt.sh comments
  Add ssl-opt.sh test to check gmt_unix_time is good
  Extend ssl-opt.h so that run_test takes function
  Always print gmt_unix_time in TLS client
  Restored note about using minimum functionality in makefiles
  Note in README that GNU make is required
  Fix changelog for ssl_server2.c usage fix
  ...
 2017-11-14 08:24:22 +01:00
Chris Xue 9a51c032ee Fix copy paste error in the error message of mbedtls_ecp_gen_key in gen_key.c 2017-11-05 19:10:51 +00:00
Ron Eldor 2ac96620f3 change URL 
Change URL from developer.mbed.org to os.mbed.com
 2017-11-01 14:19:50 +02:00
Ron Eldor 9d22619a13 Change Arm Trademarks to the issue template 
Change the Trademarks to the issue template document
 2017-10-30 18:39:47 +02:00
Ron Eldor c7acb913ce Change Arm Trademarks 
Change the Arm Trademarks according to updated Trademarks
 2017-10-30 17:24:50 +02:00
Ron Eldor 22360825ae Address PR review comments 
set `cache->chain` to NULL,
instead of setting the whole structure to zero.
 2017-10-29 17:53:52 +02:00
Hanno Becker 3319555b7c Improve documentation of mbedtls_rsa_import[_raw] 2017-10-25 17:04:10 +01:00