yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 23:35:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,309 Commits 88 Branches 205 Tags 69 MiB
546d7bf7e8
Commit Graph

7309 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
1cc1fb0599 Fix Lucky 13 cache attack on MD/SHA padding 
The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
 2018-07-05 10:47:00 +02:00
Ron Eldor
382c1db6c0 Minor fixes 
1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
 2018-07-04 17:42:47 +03:00
Simon Butcher
d50f7865ea Update the CONTRIBUTING.md file for LTS branches 
The CONTRIBUTING.md referred to 'legacy' branches instead of LTS branches, and
also referenced mbedtls-1.3 which is no longer maintained, and omitted
mbedtls-2.7 which is.
 2018-07-03 16:11:44 +01:00
Ron Eldor
21f9afed2b Remove the namespacing from config-no-entropy.h 
Remove the `mbedtls` namespacing from the `config-no-entropy.h` file,
as it is being imported to the include folder.
 2018-07-03 16:07:29 +03:00
Ron Eldor
5ffc220f16 Documentation error in mbedtls_ssl_get_session 
Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
 2018-07-03 16:04:41 +03:00
Andrzej Kurek
991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp 
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
 2018-07-02 09:08:21 -04:00
Simon Butcher
05fa46e6b7 Add ChangeLog entry for #992 fix 2018-07-02 12:08:32 +01:00
Ron Eldor
13dfb4e0a9 Revert changes in the configs folder 
Revert the changes in the `configs` folder to
align with the `README.txt` file.
 2018-07-01 10:42:54 +03:00
Ron Eldor
3fa6c2760e Move definition to cipher.h 
Define `MBEDTLS_CIPHER_MODE_STREAM` for `MBEDTLS_CIPHER_NULL_CIPHER`
as well, in cipher.h. Remove redundant definition in `cipher_internal.h`
 2018-07-01 10:22:53 +03:00
Ron Eldor
da2a31237e Add entry in ChangeLog 
Add entry in ChangeLog for compilation error fix of #1719
 2018-07-01 10:22:53 +03:00
Ron Eldor
ab8d58cb2d Move definition of MBEDTLS_CIPHER_MODE_STREAM 
Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
 2018-07-01 10:20:43 +03:00
Gilles Peskine
a931265509 Fix ssl-opt.sh not starting when lsof is not available 
$START_DELAY was used before it was defined.
 2018-06-29 15:48:13 +02:00
Nicholas Wilson
61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00
Gilles Peskine
104d85865d Add ChangeLog entry 2018-06-28 17:36:02 +02:00
Ruini Xue
5a9cb61d69 Use preserve mode to copy headers. 2018-06-28 23:21:26 +08:00
Ron Eldor
643df7c8a1 Update ssl-opt.sh test to run condition 
1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
 2018-06-28 16:17:00 +03:00
Simon Butcher
1ab9b57148 Add a ChangeLog entry for memory leak in mbedtls_x509_csr_parse() 2018-06-28 12:13:14 +01:00
Simon Butcher
034e1398f0 Merge remote-tracking branch 'public/pr/1621' into development 2018-06-28 12:09:15 +01:00
Simon Butcher
4b6b08e7d2 Merge remote-tracking branch 'public/pr/1006' into development 2018-06-28 12:08:59 +01:00
Simon Butcher
1d97cab5f5 Merge remote-tracking branch 'public/pr/1645' into development 2018-06-28 12:06:16 +01:00
Simon Butcher
bea00bd89c Merge remote-tracking branch 'public/pr/1783' into development 2018-06-28 12:04:19 +01:00
Simon Butcher
9e02b973f1 Add ChangeLog entry for #1257 - key_app_writer writes invalid ASN.1 2018-06-28 11:59:15 +01:00
k-stachowiak
b056dd86d0 Remove a redundant dependency clause 2018-06-28 12:58:56 +02:00
Simon Butcher
19c01efda1 Merge remote-tracking branch 'public/pr/1258' into development 2018-06-28 11:44:59 +01:00
Simon Butcher
fd0c240135 Merge remote-tracking branch 'public/pr/1793' into development 2018-06-28 11:25:16 +01:00
Ron Eldor
58093c8bec Add ECC extensions test in ssl-opts.sh 
Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
 2018-06-28 13:22:05 +03:00
Andrzej Kurek
05be06cc2d Make the C++ test mandatory by removing the --no-cxx flag from all.sh 
Remove the cmake test
 2018-06-28 05:10:51 -04:00
Andrzej Kurek
45a6719594 Add a CXX build to all.sh to execute the C++ dummy test by default 2018-06-28 05:10:02 -04:00
Andrzej Kurek
037ec4b416 Replace tabs with spaces 2018-06-28 05:07:08 -04:00
Andrzej Kurek
89c048c101 Tests: add a test for cpp linking 
Change the name of header_test to cpp_dumy_build
Update the test description to better reflect its contents
 2018-06-28 05:07:08 -04:00
Andrzej Kurek
0211c32c9a Change the cpp test to be optional 
Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
 2018-06-28 05:07:08 -04:00
Andrzej Kurek
40741f8ce5 Add a test with a cpp executable including all mbed TLS headers 
In case of any problems with the 'extern "C"' directives,
building the executable will fail
 2018-06-28 05:05:40 -04:00
Ron Eldor
84e62f88a2 Update ChangeLog 
Update ChangeLog with a less ambigous description.
 2018-06-28 11:09:09 +03:00
Ron Eldor
d56654f987 Update the forum link in the README file 
Update the forum link in the readme file as well.
 2018-06-27 14:36:37 +03:00
Simon Butcher
6665b67ddf Merge remote-tracking branch 'public/pr/1390' into development 2018-06-27 10:51:47 +01:00
Simon Butcher
9fa21bffe6 Merge remote-tracking branch 'public/pr/1533' into development 2018-06-27 10:50:58 +01:00
Simon Butcher
95a1c1f8ab Merge remote-tracking branch 'public/pr/1617' into development 2018-06-27 10:49:59 +01:00
Ron Eldor
bf4709978c Adjust to new RSA infrastructure 
Don't access the rsa cotext parameters directly, but use
the local `mbedtls_mpi` variable that were exported.
 2018-06-27 11:51:46 +03:00
Ron Eldor
a522147f58 Fix compilation errors after updating 
Fix compilation errorsthat happened after new code introduced
by updating the branch. Replaced `exit` label with `cleanup`.
 2018-06-27 09:19:38 +03:00
Ron Eldor
49221234c8 Update the Mbed TLS forum link 
Update the link to the new Mbed TLS forum
 2018-06-26 16:48:46 +03:00
k-stachowiak
7972334090 Enable ARIA self test in the unit testing 2018-06-25 15:29:52 +02:00
niisato
164b9cd025 update ChangeLog 2018-06-25 20:47:14 +09:00
niisato
b7d39db047 update ChangeLog 2018-06-25 20:45:03 +09:00
niisato
99a3e80721 update change log. 2018-06-25 20:21:43 +09:00
niisato
15550854a3 add ChangeLog to this commit. 2018-06-25 20:07:48 +09:00
Nicholas Wilson
2682edf205 Fix build using -std=c99 
In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
 2018-06-25 12:00:26 +01:00
Nicholas Wilson
512b4ee9c7 Use gmtime_r to fix thread-safety issue, and use mbedtls_time on Windows 2018-06-25 11:59:54 +01:00
niisato
8ee2422ef8 about a issue Replace "new" variable #1782 2018-06-25 19:05:48 +09:00
Manuel Pégourié-Gonnard
51d7cfe026 Fix coverity warnings in benchmark.c 
Functions time with TIME_AND_TSC() didn't have their return values checked.
I'm not sure whether Coverity complained about existing uses, but it did about
new ones, since we consistently check their return values everywhere but here,
which it rightfully finds suspicious.

So, let's check return values. This probably adds a few cycles to existing
loop overhead, but on my machine (x86_64) the added overhead is less than the
random-looking variation between various runs, so it's acceptable.

Some calls had their own particular error checking; remove that in favour of
the new general solution.
 2018-06-25 11:19:51 +02:00
Simon Butcher
6c34442c87 Add fix for #1550 and credit to the ChangeLog 2018-06-24 16:20:56 +01:00