yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 13:35:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
13055 commits 88 branches 205 tags 69 MiB
Commit graph

13055 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine 1fb7aea9b3 Add command line option to hide warnings 2020-01-30 12:27:14 +01:00
Gilles Peskine 84b8fc8213 Use psa_hash_compute in psa_hmac_setup_internal 2020-01-30 12:27:14 +01:00
Gilles Peskine 7b8efaffaa Add missing dependencies on MBEDTLS_MD_C 
The PSA implementations of deterministic ECDSA, of all RSA signatures
and of RSA OAEP use the MD module.
 2020-01-30 12:27:14 +01:00
Gilles Peskine aead02cce9 Remove obsolete dependencies on MBEDTLS_MD_C 
The PSA implementation of hash algorithms, HMAC algorithms and KDF
algorithms using HMAC no longer use the MD module.
 2020-01-30 12:27:14 +01:00
Gilles Peskine 0a749c8fa3 Implement and test psa_hash_compute, psa_hash_compare 2020-01-30 12:27:12 +01:00
Gilles Peskine afc9db8bb7 Fix version number recognition heuristics 
The regexp was wrong, for example it matched "2.20x" but failed to
match "3.1".

Some test cases:
>>> def f(title):
...  version_number = re.search(_version_number_re, title)
...  if version_number:
...      return not re.search(_incomplete_version_number_re,
...                                  version_number.group(0))
...  else:
...   return False
...
>>> [(s, f(s.encode('ascii'))) for s in ['foo', 'foo 3', 'foo 3.', 'foo 3.1', 'foo 3.14', 'foo 3.2.1', 'foo 3.2.1alpha', 'foo 3.1.a', 'foo 3.a', 'foo 3.x.1']]
[('foo', False), ('foo 3', False), ('foo 3.', False), ('foo 3.1', True), ('foo 3.14', True), ('foo 3.2.1', True), ('foo 3.2.1alpha', True), ('foo 3.1.a', False), ('foo 3.a', False), ('foo 3.x.1', False)]
 2020-01-30 11:38:01 +01:00
Jaeden Amero 79ef1d4e55
Merge pull request #2987 from AndrzejKurek/iotssl-2958-datagram-transport-simulated 
Message transport mocks in ssl tests
 2020-01-30 10:23:27 +00:00
Manuel Pégourié-Gonnard 77cbeff04c Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1 
While the whole script makes (often implicit) assumptions about the version of
GnuTLS used, generally speaking it should work out of the box with the version
packaged on our reference testing platform, which is Ubuntu 16.04 so far.

With the update from Jan 8 2020 (3.4.10-4ubuntu1.6), the patches for rejecting
SHA-1 in certificate signatures were backported, so we should avoid presenting
SHA-1 signed certificates to a GnuTLS peer in ssl-opt.sh.
 2020-01-30 11:22:57 +01:00
Manuel Pégourié-Gonnard f712e163b0
Merge pull request #179 from mpg/sha512-no-sha384 
Add option to build SHA-512 without SHA-384
 2020-01-30 10:32:20 +01:00
Manuel Pégourié-Gonnard 2b9ebce4e1 Remove deprecated modules from config.py full 2020-01-30 10:16:15 +01:00
Andres Amaya Garcia 835b299e5e Fix wording of deprecated docs for SSL2 and SSL3 features 2020-01-30 10:16:15 +01:00
Andres Amaya Garcia e58532e1db Favour DEPRECATED_REMOVED over DEPRECATED_WARNING 2020-01-30 10:16:15 +01:00
Andres Amaya Garcia 88c2cc7213 Deprecate MBEDTLS_SSL_PROTO_SSL3 2020-01-30 10:16:15 +01:00
Andres Amaya Garcia 09634248cb Deprecate MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 2020-01-30 10:16:13 +01:00
Manuel Pégourié-Gonnard d020bfc396
Merge pull request #2949 from zfields/patch-1 
[cmake] Propagate public headers
 2020-01-30 09:53:16 +01:00
Janos Follath 8b38978b85
Merge pull request #349 from gilles-peskine-arm/coverity-20200115-crypto 
Fix minor defects found by Coverity
 2020-01-29 15:05:11 +00:00
Janos Follath ba1150f822 Merge pull request #2995 from gilles-peskine-arm/coverity-20200115-tls into development 2020-01-29 14:51:24 +00:00
Manuel Pégourié-Gonnard 74ca84a7a9 Fix some whitespace issues 2020-01-29 09:46:49 +01:00
Gilles Peskine 907e95aa20 Clarify that what we're dropping is pkcs11-helper support 
The PKCS11 module does not directly interface with PKCS#11 (also known
as Cryptoki), but with the pkcs11-helper library.
 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 312431b398 Fix typo in doxy docs for ssl_pkcs11_sign() 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia b37268d916 Add missing docs to PKCS#11 public funcs 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 9fc82efc6c Wrap PKCS1 module with DEPRECATED_REMOVED 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 99fc3876ed Fix deprecated docs for PKCS1 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 0d6e108b13 Deprecate MBEDTLS_PKCS11_C functions 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia 2047cd9ed6 Add ChangeLog entry for MBEDTLS_PKCS11_C deprecation 2020-01-29 09:40:32 +01:00
Andres Amaya Garcia be3a4406d2 Deprecate MBEDTLS_PKCS11_C feature 2020-01-29 09:38:31 +01:00
Ercan Ozturk d437309ae2 Fix debug message by using the correct function name called 2020-01-28 21:51:04 -08:00
Jack Lloyd 2e9eef4f7b Final review comments 2020-01-28 14:43:52 -05:00
Gilles Peskine a26079613a Create a new level-2 section if needed 
Automatically create a level-2 section for unreleased changes if needed.
 2020-01-28 19:58:17 +01:00
Gilles Peskine da14e8225e Remove useless blank line removal in ChangeLog.write 
The parsing functions eliminate blank lines, so there shouldn't be any
at this stage.
 2020-01-28 19:27:54 +01:00
Gilles Peskine 37d670a1e1 Document read_main_file and simplify the logic a little 2020-01-28 19:27:54 +01:00
Gilles Peskine 974349d40e Style: follow PEP8 2020-01-28 19:00:59 +01:00
Gilles Peskine d8b6c77388 Use OrderedDict instead of reinventing it 2020-01-28 18:57:47 +01:00
Jaeden Amero c0c92fea3d
Merge pull request #3008 from jp-bennett/development 
Allow loading symlinked certificates
 2020-01-28 15:55:33 +00:00
Jaeden Amero bfc73bcfd2
Merge pull request #2988 from piotr-now/iotssl-2954-custom-io-callbacks-to-ssl-unit-test 
Changes in custom IO callbacks used in unit tests
 2020-01-28 14:46:13 +00:00
Piotr Nowicki d796e19d3b Fix memory allocation fail in TCP mock socket 
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
 2020-01-28 13:04:21 +01:00
Janos Follath 4c987e2c83
Merge pull request #2993 from yanesca/bump-version-2.20.0 
Bump version to Mbed TLS 2.20.0
 2020-01-28 11:31:57 +00:00
Manuel Pégourié-Gonnard 042c5e4217
Merge pull request #3000 from gilles-peskine-arm/changelog-2.20.0 
Add changelog entries for the crypto changes in 2.20.0
 2020-01-28 09:38:30 +01:00
Manuel Pégourié-Gonnard 358462df85
Merge pull request #354 from mpg/fix-ecdsa-pointer-inc 
Fix incrementing pointer instead of value
 2020-01-28 09:26:28 +01:00
Jack Lloyd 60239753d2 Avoid memory leak when RSA-CRT is not enabled in build 2020-01-27 17:53:36 -05:00
Zachary J. Fields 96134effea
Update ChangeLog 2020-01-27 16:12:02 -06:00
Janos Follath 4c736fb6a8 Update Mbed Crypto SO version 
The recent update changed the Mbed Crypto SO version, get Mbed TLS in
sync.
 2020-01-27 16:37:14 +00:00
Janos Follath ceceedb532 Update Mbed Crypto to 3.0.1 2020-01-27 16:23:55 +00:00
Janos Follath 1146b4e060
Merge pull request #348 from yanesca/bump-version-to-mbed-tls-2.20.0 
Bump version to Mbed TLS 2.20.0 and crypto SO version to 4
 2020-01-27 15:56:45 +00:00
Gilles Peskine e3b285d2c8 Add crypto security fixes merged after mbedcrypto-3.0.0 2020-01-27 14:24:19 +01:00
Jaeden Amero 62236d7651 Add ChangeLog entry 
Add a ChangeLog entry for Jonathan Bennett's contribution which allows
loading symlinked certificates.
 2020-01-24 18:20:56 +00:00
Jonathan Bennett fdc16f36b4 Allow loading symlinked certificates 
When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes #3005.

This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink.
 2020-01-24 09:12:03 -06:00
Manuel Pégourié-Gonnard ee4ba54d8d Fix incrementing pointer instead of value 
This was introduced by a hasty search-and-replace that didn't account for C's
operator precedence when changing those variables to pointer types.
 2020-01-24 12:11:56 +01:00
Manuel Pégourié-Gonnard 2b9b780ac0 Rename internal macro for consistency 
Other modules have similar internal macros using _LENGTH in the name.
 2020-01-24 11:01:02 +01:00
Manuel Pégourié-Gonnard b7f7092f57 Remove preprocessor directive for consistency 
Other cases in this switch statement aren't guarded either.
 2020-01-24 10:59:08 +01:00