yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 04:55:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
mbedtls/library
History
Manuel Pégourié-Gonnard 3ea75b3a9b Fix SSLv3 MAC computation 
In a previous PR (Fix heap corruption in implementation of truncated HMAC
extension #425) the place where MAC is computed was changed from the end of
the SSL I/O buffer to a local buffer (then (part of) the content of the local
buffer is either copied to the output buffer of compare to the input buffer).

Unfortunately, this change was made only for TLS 1.0 and later, leaving SSL
3.0 in an inconsistent state due to ssl_mac() still writing to the old,
hard-coded location, which, for MAC verification, resulted in later comparing
the end of the input buffer (containing the computed MAC) to the local buffer
(uninitialised), most likely resulting in MAC verification failure, hence no
interop (even with ourselves).

This commit completes the move to using a local buffer by using this strategy
for SSL 3.0 too. Fortunately ssl_mac() was static so it's not a problem to
change its signature.
2017-12-19 10:25:22 +01:00
..
.gitignore Minor gitginore fixes 2015-01-28 15:34:01 +00:00
aes.c Rename website and repository 2015-03-06 13:17:10 +00:00
aesni.c Rename website and repository 2015-03-06 13:17:10 +00:00
arc4.c Rename website and repository 2015-03-06 13:17:10 +00:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 12:54:32 +01:00
asn1write.c Merge memory leak fix into branch 'mbedtls-1.3' 2016-01-02 00:28:19 +00:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-25 21:27:17 +00:00
bignum.c Zeroize stack before returning from mpi_fill_random 2017-10-25 16:11:06 +01:00
blowfish.c Rename website and repository 2015-03-06 13:17:10 +00:00
camellia.c Rename website and repository 2015-03-06 13:17:10 +00:00
ccm.c Fix for MSVC Compiler warnings 2016-11-10 15:40:53 +00:00
certs.c Rename website and repository 2015-03-06 13:17:10 +00:00
cipher.c Fix integer overflows in buffer bound checks 2017-02-25 21:25:44 +00:00
cipher_wrap.c Rename website and repository 2015-03-06 13:17:10 +00:00
CMakeLists.txt Update version to 1.3.21 2017-08-10 11:52:14 +01:00
ctr_drbg.c Zeroize tmp buf in ctr_drbg_write_seed_file() 2017-07-12 11:04:28 +01:00
debug.c Revert "Avoid formatting debug message uselessly" 2015-08-10 17:36:47 +02:00
des.c Rename website and repository 2015-03-06 13:17:10 +00:00
dhm.c Merge remote-tracking branch 'upstream-restricted/pr/405' into mbedtls-1.3-restricted 2017-11-28 16:22:41 +01:00
ecdh.c Rename website and repository 2015-03-06 13:17:10 +00:00
ecdsa.c Add checks for private parameter in ecdsa_sign() 2017-11-20 15:53:43 +00:00
ecp.c Fix information leak in ecp_gen_keypair_base 2017-10-25 16:11:06 +01:00
ecp_curves.c ECP: Prevent freeing a buffer on stack 2017-02-28 20:24:52 +00:00
entropy.c Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-28 18:43:57 +01:00
entropy_poll.c Fix -Wshadow warnings 2015-08-31 11:07:51 +02:00
error.c Only return VERIFY_FAILED from a single point 2017-07-28 13:15:57 +01:00
gcm.c Backport 1.3: check if iv is zero in gcm. 2017-07-20 00:33:27 +02:00
havege.c Rename website and repository 2015-03-06 13:17:10 +00:00
hmac_drbg.c Zeroize tmp bufs in hmac_drbg.c functions 2017-07-12 10:36:30 +01:00
Makefile Make ar invocation more portable 2016-01-08 15:28:40 +01:00
md.c Add POLARSSL_DEPRECATED_{WARNING,REMOVED} 2015-03-23 14:11:11 +01:00
md2.c Modify zeroize internal buffers in md modules 2017-09-20 11:47:49 +01:00
md4.c Modify zeroize internal buffers in md modules 2017-09-20 11:47:49 +01:00
md5.c Modify zeroize internal buffers in md modules 2017-09-20 11:47:49 +01:00
md_wrap.c Rename website and repository 2015-03-06 13:17:10 +00:00
memory_buffer_alloc.c Rename website and repository 2015-03-06 13:17:10 +00:00
net.c Merge remote-tracking branch 'upstream-public/pr/917' into mbedtls-1.3 2017-11-29 20:55:03 +01:00
oid.c Fix typo in an OID name 2015-10-27 15:12:39 +01:00
padlock.c Fix bug in Via Padlock support 2015-04-02 10:53:59 +01:00
pbkdf2.c Add POLARSSL_DEPRECATED_{WARNING,REMOVED} 2015-03-23 14:11:11 +01:00
pem.c Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-11-28 18:43:57 +01:00
pk.c Change PK module preprocessor check on word size 2017-08-04 13:49:29 +01:00
pk_wrap.c Change PK module preprocessor check on word size 2017-08-04 13:49:29 +01:00
pkcs5.c Add missing 'const' on selftest data 2015-03-11 09:13:42 +00:00
pkcs11.c Rename website and repository 2015-03-06 13:17:10 +00:00
pkcs12.c Fix stack buffer overflow in pkcs12 2015-09-30 16:46:07 +02:00
pkparse.c Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 2017-12-18 11:45:06 +01:00
pkwrite.c Fix other occurrences of same bounds check issue 2015-10-27 11:47:37 +01:00
platform.c Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
ripemd160.c Modify zeroize internal buffers in md modules 2017-09-20 11:47:49 +01:00
rsa.c RSA PSS: remove redundant check; changelog 2017-10-19 17:50:35 +02:00
sha1.c Modify zeroize internal buffers in md modules 2017-09-20 11:47:49 +01:00
sha256.c Modify zeroize internal buffers in md modules 2017-09-20 11:47:49 +01:00
sha512.c Modify zeroize internal buffers in md modules 2017-09-20 11:47:49 +01:00
ssl_cache.c Rename website and repository 2015-03-06 13:17:10 +00:00
ssl_ciphersuites.c Remember suitable hash function for any signature algorithm. 2017-05-24 10:47:54 +01:00
ssl_cli.c Fix mbedtls_ssl_read 2017-06-08 15:59:38 +01:00
ssl_srv.c Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge-1.3' into mbedtls-1.3-restricted 2017-11-23 19:11:58 +01:00
ssl_tls.c Fix SSLv3 MAC computation 2017-12-19 10:25:22 +01:00
threading.c Rename website and repository 2015-03-06 13:17:10 +00:00
timing.c Increase tolerance of timing selftest 2015-08-19 14:48:34 +02:00
version.c Rename website and repository 2015-03-06 13:17:10 +00:00
version_features.c Update features list 2016-10-13 22:11:15 +01:00
x509.c Correctly handle leap year in x509_date_is_valid() 2017-10-12 21:08:46 +01:00
x509_create.c Fix other occurrences of same bounds check issue 2015-10-27 11:47:37 +01:00
x509_crl.c Fix potential integer overflow parsing DER CRL 2017-07-27 11:49:08 +01:00
x509_crt.c Fix implementation-defined integer conversion 2017-07-28 13:15:57 +01:00
x509_csr.c Prevent signed integer overflow in CSR parsing 2017-07-27 11:50:58 +01:00
x509write_crt.c Minor style and typo corrections 2017-10-05 08:37:56 +01:00
x509write_csr.c Minor style and typo corrections 2017-10-05 08:37:56 +01:00
xtea.c Rename website and repository 2015-03-06 13:17:10 +00:00