yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 20:15:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,203 Commits 88 Branches 205 Tags 69 MiB
25422e1f02
Commit Graph

1216 Commits

Author SHA1 Message Date
Simon Butcher
f11daf6ff6 Merge remote-tracking branch 'public/pr/1850' into mbedtls-2.1 2018-07-19 16:14:44 +01:00
Ron Eldor
41273200a2 Update ChangeLog 
Remove extra entries added by a bad cherry-pick.
 2018-07-17 14:16:12 +03:00
Andres Amaya Garcia
01daf2a5ef Add ChangeLog entry for empty app data fix 2018-07-16 20:22:28 +01:00
Angus Gratton
fd1c5e8453 Check for invalid short Alert messages 
(Short Change Cipher Spec & Handshake messages are already checked for.)
 2018-07-16 20:20:51 +01:00
Angus Gratton
1226dd7715 CBC mode: Allow zero-length message fragments (100% padding) 
Fixes https://github.com/ARMmbed/mbedtls/issues/1632
 2018-07-16 20:20:44 +01:00
k-stachowiak
b435e99693 Update change log 2018-07-16 12:27:34 +02:00
Manuel Pégourié-Gonnard
534fea790e Clarify attack conditions in the ChangeLog. 
Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
 2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
99b6a711c8 Add counter-measure to cache-based Lucky 13 
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
 2018-07-12 10:20:33 +02:00
Manuel Pégourié-Gonnard
69675d056a Fix Lucky 13 cache attack on MD/SHA padding 
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
 2018-07-12 10:20:33 +02:00
Simon Butcher
54cf322c05 Add fix for #1550 and credit to the ChangeLog 2018-07-10 23:02:15 +01:00
Simon Butcher
57e9fe2df4 Merge remote-tracking branch 'public/pr/1808' into mbedtls-2.1 2018-07-10 14:59:56 +01:00
Simon Butcher
ec971d7434 Merge remote-tracking branch 'public/pr/1828' into mbedtls-2.1 2018-07-10 12:51:03 +01:00
Gilles Peskine
2347d4eb3b Add ChangeLog entry 2018-07-10 13:03:54 +02:00
k-stachowiak
9e070019ad Update change log 2018-07-09 14:44:26 +02:00
Philippe Antoine
bbc7918b6b Fixes different off by ones 2018-07-09 10:33:08 +02:00
Ron Eldor
5c8e588444 Minor fixes 
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
 2018-07-05 14:59:23 +03:00
Simon Butcher
4b57a1f182 Add ChangeLog entry for #992 fix 2018-07-02 12:18:35 +01:00
niisato
000e48af07 Add ChangeLog 2018-06-29 11:31:52 +01:00
Ron Eldor
f27f8aeb19 Update ChangeLog 
Update ChangeLog with a less ambigous description.
 2018-06-28 16:08:09 +03:00
Ron Eldor
5c141d28ca Add entry in ChangeLog 
Add an entry in the ChangeLog, describing the fix.
 2018-06-28 16:08:01 +03:00
Simon Butcher
b461ba5630 Adds referene in ChangeLog for issue #1623 2018-06-28 12:14:07 +01:00
Simon Butcher
03c79a1973 Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1 2018-06-28 12:00:55 +01:00
Simon Butcher
e5828ce06c Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1 2018-06-28 11:38:18 +01:00
Ron Eldor
d7593a5b73 Add entry in ChangeLog 
Add entry in ChangeLog for compilation error fix of #1719
 2018-06-28 08:51:37 +03:00
Ron Eldor
254530f2e0 Documentation error in mbedtls_ssl_get_session 
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
 2018-06-27 17:51:56 +03:00
Ron Eldor
e6c2f4d168 Fix typo in ChangeLog 
Fix typo in ChangeLog discovered in PR review
 2018-06-24 17:21:08 +03:00
Ron Eldor
2c8a7ec0dd Remove unneeded namesapcing in header files 
Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue #857
 2018-06-24 17:20:40 +03:00
Simon Butcher
ba3e5e60f2 Merge remote-tracking branch 'public/pr/1558' into mbedtls-2.1 2018-06-22 15:07:52 +01:00
Simon Butcher
b1c796ec48 Merge remote-tracking branch 'public/pr/1769' into mbedtls-2.1 2018-06-22 15:05:34 +01:00
Simon Butcher
584fad2ce6 Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse() 2018-06-22 12:19:56 +01:00
Simon Butcher
ad761c45b9 Fix multiple quality issues in the source 
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
 2018-06-22 11:22:44 +01:00
Andres Amaya Garcia
45bc7db600 Add ChangeLog entry for mbedtls_ssl_write() docs 2018-06-21 19:35:46 +01:00
Ron Eldor
0bd06a3de0 Add tests for mbedtls_cipher_crypt API 
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
 2018-06-21 13:59:01 +03:00
Simon Butcher
6fc9ceece3 Change the library version to 2.1.13 2018-06-18 14:49:02 +01:00
Simon Butcher
494fb8f968 Add ChangeLog entry for clang version fix. Issue #1072 2018-06-18 11:56:46 +01:00
Simon Butcher
0a715b1587 Merge remote-tracking branch 'public/pr/1656' into mbedtls-2.1 2018-06-17 18:02:57 +01:00
Simon Butcher
7505ef255b Merge remote-tracking branch 'public/pr/1712' into mbedtls-2.1 2018-06-17 18:01:54 +01:00
Simon Butcher
db3fe7cbe4 Add ChangeLog entry for Microblaze fix 2018-06-15 09:39:19 +01:00
Simon Butcher
577d39b930 Compilation warning fixes on 32b platfrom with IAR 
Fix compilation warnings with IAR toolchain, on 32 bit platform.
Reported by rahmanih in #683

This is based on work by Ron Eldor in PR #750.
 2018-06-14 09:10:23 +01:00
Simon Butcher
a5fb40d9f9 Merge remote-tracking branch 'public/pr/1465' into mbedtls-2.1 2018-06-11 11:49:28 +01:00
Simon Butcher
0c362f68b3 Add ChangeLog entry for _WIN32_WINNT override fix 2018-06-08 16:27:04 +01:00
Simon Butcher
fcc7a62bb1 Merge remote-tracking branch 'public/pr/1403' into mbedtls-2.1 2018-06-01 19:43:55 +01:00
Moran Peker
6981df59e7 Remove double declaration of mbedtls_ssl_list_ciphersuites 
Raised by TrinityTonic. #1359
 2018-05-23 18:42:36 +01:00
Simon Butcher
a8002f8f39 Merge remote-tracking branch 'public/pr/1611' into mbedtls-2.1 2018-05-23 17:58:10 +01:00
Simon Butcher
7350ab18df Fix ChangeLog for PR #1582 following merge 2018-05-23 17:55:02 +01:00
Simon Butcher
e64bf3968e Merge remote-tracking branch 'public/pr/1582' into mbedtls-2.1 2018-05-23 17:53:23 +01:00
Simon Butcher
13188782a0 Fix up ChangeLog following rebase to mbedtls-2.1.12 2018-05-11 16:41:07 +01:00
Andres AG
879e62697e Allow the entry_name size to be set in config.h 
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
 2018-05-11 16:38:38 +01:00
Jaeden Amero
3263f46a0e Merge remote-tracking branch 'upstream-restricted/pr/480' into mbedtls-2.1-restricted 2018-04-30 17:38:15 +01:00
Simon Butcher
50d802172f Fix the ChangeLog for clarity, english and credit 2018-04-30 17:23:10 +01:00
Jaeden Amero
6c0fba4350 Update version to 2.1.12 2018-04-27 13:13:54 +01:00
Jaeden Amero
4faad41346 Merge remote-tracking branch 'upstream-restricted/pr/472' into mbedtls-2.1-restricted-proposed 
Remove trailing whitespace from ChangeLog.
 2018-04-26 11:09:15 +01:00
Jaeden Amero
7db991d56a Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed 
Resolve conflicts in ChangeLog
 2018-04-26 09:03:14 +01:00
Andrzej Kurek
128bcbea1a Changelog entry 2018-04-25 05:29:47 -04:00
Andrzej Kurek
bb6661479f ssl_tls: Fix invalid buffer sizes during compression / decompression 
Adjust information passed to zlib to include already written data.
 2018-04-23 08:29:36 -04:00
Mohammad Azim Khan
3f1d5cb324 Same ciphersuite validation in server and client hello 2018-04-20 19:52:49 +01:00
Manuel Pégourié-Gonnard
1e2f4da801 Merge remote-tracking branch 'restricted/pr/469' into mbedtls-2.1-restricted-proposed 
* restricted/pr/469:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Adjust 2.1 specific code to match the buffer verification tests
  Add a missing buffer size check
  Correct buffer size check
 2018-04-18 12:22:24 +02:00
Darryl Green
ce52b58da0 Fix braces in mbedtls_memory_buffer_alloc_status() 2018-04-17 16:46:41 +02:00
Krzysztof Stachowiak
8fc134fcb1 Update change log 2018-04-05 08:51:35 +02:00
fbrosson
0620206db3 Backport 2.1: Use "#!/usr/bin/env perl" as shebang line. 2018-04-04 22:29:59 +00:00
Gilles Peskine
24f4584473 Align ChangeLog entry for PR #1396 with development 2018-04-04 10:18:37 +02:00
Jaeden Amero
23d979bee0 Merge remote-tracking branch 'upstream-public/pr/1554' into mbedtls-2.1-proposed 2018-04-03 19:15:28 +01:00
AndrzejKurek
0de430678e pk_sign: fix overriding and ignoring return values 2018-04-03 19:38:45 +02:00
Jaeden Amero
ac9939c096 Merge remote-tracking branch 'upstream-public/pr/1461' into mbedtls-2.1-proposed 2018-04-03 18:27:18 +01:00
Jaeden Amero
ee6c822076 Merge remote-tracking branch 'upstream-public/pr/1396' into mbedtls-2.1-proposed 2018-04-03 12:07:19 +01:00
Gilles Peskine
225684015d Merge remote-tracking branch 'upstream-public/pr/1501' into mbedtls-2.1-proposed 2018-04-01 12:41:33 +02:00
Gilles Peskine
8b1cddcf26 Merge remote-tracking branch 'upstream-public/pr/1542' into mbedtls-2.1-proposed 2018-04-01 12:41:00 +02:00
Gilles Peskine
419e670702 Minor changelog improvement 2018-04-01 12:33:35 +02:00
Gilles Peskine
04450488ec Add ChangeLog entry to credit independent contribution 
Also: fixes #1437
 2018-03-31 23:06:09 +02:00
Andrzej Kurek
a1149a70ae Add tests for "return plaintext data faster on unpadded decryption" 2018-03-30 05:00:19 -04:00
Darryl Green
093c170377 Improve documentation of mbedtls_ssl_write() 2018-03-29 16:56:09 +01:00
Jaeden Amero
cbe731c653 Merge remote-tracking branch 'upstream-public/pr/1532' into mbedtls-2.1-proposed 2018-03-29 11:03:17 +01:00
Jaeden Amero
82e288adb6 Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed 2018-03-29 10:59:43 +01:00
Jaeden Amero
616485854e Merge remote-tracking branch 'upstream-public/pr/1469' into mbedtls-2.1-proposed 2018-03-28 15:36:01 +01:00
Jaeden Amero
478baecc06 Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed 2018-03-28 15:34:25 +01:00
Ivan Krylov
1110a6fa63 Add ChangeLog entry 2018-03-28 17:25:12 +03:00
Jaeden Amero
8b4cd26eaf Merge remote-tracking branch 'upstream-public/pr/1481' into mbedtls-2.1-proposed 2018-03-28 13:44:28 +01:00
Gilles Peskine
f362b97415 Add ChangeLog entry 
Fixes #1299. Fixes #1475.
 2018-03-27 23:22:37 +02:00
Andres Amaya Garcia
47569d7384 Add ChangeLog entry for PBES2 when ASN1 disabled 2018-03-27 21:34:15 +01:00
Andres Amaya Garcia
bc00667a90 Improve ChangeLog for DLEXT and AR_DASH changes 2018-03-27 20:07:52 +01:00
Andres Amaya Garcia
83bffd353e Add ChangeLog entry for library/makefile changes 2018-03-26 00:15:21 +01:00
Gilles Peskine
eea857dc0d Add ChangeLog entry 2018-03-23 14:38:14 +01:00
Gilles Peskine
d888bd2c65 Add changelog entries for improved testing 
Fixes #1040
 2018-03-23 02:29:49 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted 
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
 2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys. 
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
 2018-03-22 18:03:30 -07:00
mohammad1603
cee0890b19 Verify that f_send and f_recv send and receive the expected length 
Verify that f_send and f_recv send and receive the expected length

Conflicts:
	ChangeLog
 2018-03-22 15:01:02 -07:00
Andres Amaya Garcia
2a0aee3163 Add ChangeLog entry for redundant mutex initialization optimizations 2018-03-21 17:40:48 +00:00
Andres Amaya Garcia
09d787f2fc Add ChangeLog entry for dylib builds using Makefile 2018-03-21 11:24:32 +00:00
Jaeden Amero
1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Jaeden Amero
7f44963f45 Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed 2018-03-15 15:24:47 +00:00
Ron Eldor
82712a9c97 Write correct number of ciphersuites in log 
Change location of log, to fit the correct number of used ciphersuites
 2018-03-15 15:09:28 +00:00
Jaeden Amero
23f503f12d Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed 2018-03-14 18:32:21 +00:00
Jaeden Amero
5e50ff8f44 Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed 2018-03-14 18:16:29 +00:00
Jaeden Amero
10a1a60966 Merge branch 'mbedtls-2.1-proposed' into mbedtls-2.1-restricted-proposed 2018-03-14 18:03:41 +00:00
Jaeden Amero
0980d9a3ae Merge remote-tracking branch 'upstream-public/pr/1450' into mbedtls-2.1-proposed 2018-03-14 17:53:27 +00:00
Jaeden Amero
4e3629590f Merge remote-tracking branch 'upstream-public/pr/1452' into mbedtls-2.1-proposed 2018-03-14 17:38:21 +00:00
Krzysztof Stachowiak
d3cec99377 Update change log 2018-03-14 14:39:01 +01:00
Krzysztof Stachowiak
a7a8332402 Update change log 2018-03-14 14:35:12 +01:00
Manuel Pégourié-Gonnard
b0661769ab x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
Gilles Peskine
df6f3dd9b0 Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed 2018-03-13 17:28:42 +01:00