yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 19:35:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,492 Commits 88 Branches 205 Tags 69 MiB
f15cbdab67
Commit Graph

801 Commits

Author SHA1 Message Date
Gilles Peskine
f15cbdab67 Merge remote-tracking branch 'upstream-public/pr/1109' into mbedtls-1.3 2017-11-28 18:41:31 +01:00
Gilles Peskine
43a6b83419 Merge remote-tracking branch 'upstream-public/pr/1081' into mbedtls-1.3 2017-11-28 18:41:02 +01:00
Gilles Peskine
f945a2245e Merge remote-tracking branch 'upstream-public/pr/944' into mbedtls-1.3 2017-11-28 18:38:17 +01:00
Gilles Peskine
8083849575 Add ChangeLog entry 2017-11-28 15:27:48 +01:00
Gilles Peskine
e298532394 Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3 2017-11-24 15:38:42 +01:00
Andres AG
7c02d13746 Correctly handle leap year in x509_date_is_valid() 
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
 2017-10-12 21:08:46 +01:00
Ron Eldor
4491a791be Parse Signature Algorithm ext when renegotiating 
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
 2017-10-11 14:06:26 +01:00
Andres Amaya Garcia
10345fbe2a Add ChangeLog entry 2017-10-07 22:24:07 +01:00
Hanno Becker
a6cffa5edd Adapt ChangeLog 2017-10-05 08:58:00 +01:00
Simon Butcher
7d661f83e1 Fix changelog for ssl_server2.c usage fix 2017-10-02 19:22:17 +01:00
Hanno Becker
ce2c02cca2 Enhance documentation of ssl_set_hostname 
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure

Also, adapt ChangeLog.
 2017-10-01 00:00:56 +01:00
Hanno Becker
ea65d0377c Adapt ChangeLog 2017-09-28 16:54:41 +01:00
Hanno Becker
234d503b3a Adapt ChangeLog 2017-09-28 14:45:35 +01:00
Ron Eldor
bc3fa39f0e Backport 1.3:Add configuration file in md.h 
include *`config.h`* in md.h as MACROS in the header file get ignored.Backport to
Backport of #1055 to mbedtls-1.3
 2017-09-07 16:58:41 +03:00
Simon Butcher
a75a459143 Removed duplication in Changelog 2017-08-10 23:38:10 +01:00
Simon Butcher
03bd0229ab Update version to 1.3.21 2017-08-10 11:52:14 +01:00
Simon Butcher
9ee5910f65 Fix language in Changelog for clarity 2017-08-10 10:49:32 +01:00
Hanno Becker
1af21bfa38 Improve documentation of PKCS1 decryption functions 
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- rsa_pkcs1_decrypt
- rsa_rsaes_pkcs1_v15_decrypt
- rsa_rsaes_oaep_decrypt
 2017-08-01 23:05:31 +01:00
Hanno Becker
e7f5abc111 Adapt ChangeLog 2017-07-28 22:08:29 +01:00
Hanno Becker
56fa40f4f5 Adapt ChangeLog 2017-07-28 22:02:58 +01:00
Ron Eldor
b34be244e6 Backport 1.3: check if iv is zero in gcm. 
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
 2017-07-28 13:16:50 +01:00
Hanno Becker
2625f4aa93 Correct indentation and labelling in ChangeLog 2017-07-28 13:15:57 +01:00
Janos Follath
1fbc5fb027 Fix typos 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
df745670e1 Add ChangeLog entry for the security issue 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
d0e755716f Only return VERIFY_FAILED from a single point 
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
8af7bfa982 Improve behaviour on fatal errors 
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
 2017-07-28 13:15:57 +01:00
Andres AG
3df4e4e1d0 Prevent signed integer overflow in CSR parsing 
Modify the function x509_csr_parse_der() so that it checks the parsed
CSR version integer before it increments the value. This prevents a
potential signed integer overflow, as these have undefined behaviour in
the C standard.
 2017-07-27 11:50:58 +01:00
Andres AG
47f3059780 Fix potential integer overflow parsing DER CRT 
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
 2017-07-27 11:50:04 +01:00
Andres AG
26124be17a Fix potential integer overflow parsing DER CRL 
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
 2017-07-27 11:49:08 +01:00
Ron Eldor
57501ef056 Backport 1.3: Check rc of mbedtls_mpi_fill_random 
Add MPI_CHK to check for error value of mpi_fill_random.
Backport from Report and fix suggestion by guidovranken in #740
 2017-07-20 01:26:53 +02:00
Ron Eldor
454da1fa6f Backport 1.3: Resource leak fix on windows 
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
 2017-07-20 01:08:17 +02:00
Ron Eldor
7771824235 Backport 1.3: Wrong preproccessor condition fix 
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
 2017-07-20 00:49:43 +02:00
Ron Eldor
4f1e64ed4b Backport 1.3: check if iv is zero in gcm. 
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
 2017-07-20 00:33:27 +02:00
Simon Butcher
8a2855ee3c Update the version number to 1.3.20 2017-06-20 23:46:46 +01:00
Janos Follath
3aab1a8796 Improve Changelog 2017-06-16 14:28:37 +01:00
Manuel Pégourié-Gonnard
b870179c3c Merge remote-tracking branch 'restricted/iotssl-1398_backport-1.3' into mbedtls-1.3-restricted 
* restricted/iotssl-1398_backport-1.3:
  Add ChangeLog entry
  Ensure application data records are not kept when fully processed
  Add hard assertion to ssl_read_record
  Fix mbedtls_ssl_read
  Simplify retaining of messages for future processing
 2017-06-09 17:06:43 +02:00
Manuel Pégourié-Gonnard
249c30c7c5 Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted 
* mbedtls-1.3:
  Add entry to ChangeLog
  Don't parse or write extensions in SSLv3
 2017-06-09 16:52:44 +02:00
Hanno Becker
cc608e86b5 Add entry to ChangeLog 2017-06-09 15:40:48 +01:00
Manuel Pégourié-Gonnard
6d61e9751b Improve ChangeLog description of X509 MD5 changes 2017-06-09 14:52:09 +02:00
Manuel Pégourié-Gonnard
7d810939b5 Merge remote-tracking branch 'restricted/1205' into mbedtls-1.3-restricted 
* restricted/1205:
  Fix name, documentation & location of config flag
  Restrict MD5 in x509 certificates
 2017-06-09 14:49:04 +02:00
Manuel Pégourié-Gonnard
67df3e62e7 Merge near-duplicate ChangeLog entries 
As agreed with Gilles on the PR discussion page
 2017-06-09 14:48:03 +02:00
Hanno Becker
b9c09af596 Add ChangeLog entry 2017-06-09 11:31:43 +01:00
Manuel Pégourié-Gonnard
89306daef5 Fix location of ChangeLog entry 
This one was meant to be in the security section, must have been moved while
resolving a merge conflict.
 2017-06-08 20:42:33 +02:00
Manuel Pégourié-Gonnard
e0cb1cd68b ChangeLog cosmetics 2017-06-08 20:35:13 +02:00
Manuel Pégourié-Gonnard
ce8f919a58 Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-1.3-restricted' into mbedtls-1.3-restricted 
* restricted/iotssl-1138-rsa-padding-check-1.3-restricted:
  Fix backporting error
  RSA PKCS1v1.5 verification: check padding length
 2017-06-08 20:34:40 +02:00
Manuel Pégourié-Gonnard
9105b18f72 Merge remote-tracking branch 'restricted/IOTSSL-1366/mbedtls-1.3' into mbedtls-1.3-restricted 
* restricted/IOTSSL-1366/mbedtls-1.3:
  More length checks in RSA PKCS1v15 verify
  More length checks in RSA PKCS1v15 verify
 2017-06-08 20:27:19 +02:00
Manuel Pégourié-Gonnard
ca3ff06cea Merge remote-tracking branch 'hanno/mpi_read_file_underflow_backport-1.3' into mbedtls-1.3 
* hanno/mpi_read_file_underflow_backport-1.3:
  Fix potential stack underflow in mpi_read_file.
 2017-06-08 19:54:29 +02:00
Manuel Pégourié-Gonnard
f1ab79079d Merge remote-tracking branch 'hanno/sliding_exponentiation_backport-1.3' into mbedtls-1.3 
* hanno/sliding_exponentiation_backport-1.3:
  Adapt ChangeLog
  Abort modular inversion when modulus is one.
  Correct sign in modular exponentiation algorithm.
 2017-06-08 19:53:47 +02:00
Manuel Pégourié-Gonnard
674df30480 Merge remote-tracking branch 'janos/mbedtls-1.3-iotssl-1156-ecdsa-sample-and-doc-clarification' into mbedtls-1.3 
* janos/mbedtls-1.3-iotssl-1156-ecdsa-sample-and-doc-clarification:
  Clarify the use of ECDSA API
 2017-06-08 10:18:15 +02:00
Janos Follath
5d96a3dcde Clarify the use of ECDSA API 
In the ecdsa.c sample application we don't use hashing, we use ecdsa
directly on a buffer containing plain text. Although the text explains
that it should be the message hash it still can be confusing.

Any misunderstandings here are potentially very dangerous, because ECDSA
truncates the message hash if necessary and this can lead to trivial
signature forgeries if the API is misused and the message is passed
directly to the function without hashing.

This commit adds a hash computation step to the ecdsa.c sample
application and clarification to the doxygen documentation of the
ECDSA functions involved.
 2017-06-07 17:05:00 +01:00