yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 15:35:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,175 Commits 88 Branches 205 Tags 69 MiB
fa4a88a8eb
Commit Graph

3175 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Butcher
c988f32add Added max length checking of hostname 2015-09-29 23:27:20 +01:00
Simon Butcher
21823f9a69 Refined credits in ChangeLog for fuzzing issue 
Changed GDS to Gotham Digital Science
 2015-09-22 10:20:58 +01:00
Manuel Pégourié-Gonnard
df048c59cf Bump version to 1.3.13 2015-09-17 11:53:14 +02:00
Manuel Pégourié-Gonnard
c54931aa4b Fix GNUism in bump_version.sh 2015-09-17 11:51:55 +02:00
Manuel Pégourié-Gonnard
a701d2f5e9 Fix bug in server parsing point formats extension 
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15

Backport of f7022d1
 2015-09-17 11:46:56 +02:00
Simon Butcher
9c4859ff15 Merge pull request #295 from ARMmbed/mbedtls-1.3-restricted 
Merge of mbedtls-1.3-restricted
 2015-09-17 00:46:07 +01:00
Manuel Pégourié-Gonnard
a1cdcd2364 Add counter-measure against RSA-CRT attack 
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

backport of 5f50104
 2015-09-09 12:23:47 +02:00
Manuel Pégourié-Gonnard
bb564e0fb4 Fix possible client crash on API misuse 2015-09-03 10:44:32 +02:00
Manuel Pégourié-Gonnard
b0282eaf14 More deprecated removal in all.sh 2015-09-02 12:12:44 +02:00
Manuel Pégourié-Gonnard
4d9e36a086 Rm deprecated things full config test 2015-09-02 11:26:55 +02:00
Manuel Pégourié-Gonnard
5f6b2b67c4 Changelog entry for the previous commits 2015-09-01 19:40:02 +02:00
Manuel Pégourié-Gonnard
8f63e95dae Fix typos that made tests be skipped 2015-09-01 18:44:47 +02:00
Manuel Pégourié-Gonnard
1c38550bbd Skip to trusted certs early in the chain 
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

see #220

backport of fdbdd72
 2015-09-01 18:34:15 +02:00
Manuel Pégourié-Gonnard
15f1088ef6 Add tests for verify callback 
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.

backport of 560fea3
 2015-09-01 18:29:59 +02:00
Manuel Pégourié-Gonnard
8fbb5a32c6 Fix snprintf usage again 
Sigh, switching between branches is error-prone
 2015-08-31 12:38:12 +02:00
Manuel Pégourié-Gonnard
c728f9486b Fix snprintf usage on windows 
Introduced in 6432c7e
 2015-08-31 12:30:16 +02:00
Manuel Pégourié-Gonnard
6512554f42 Fix handling of long PSK identities 
backport from c3b5d83

see #238
 2015-08-31 11:43:47 +02:00
Manuel Pégourié-Gonnard
ee7db9cb6d Fix hash buffer size in pkey programs 
backport from 102a620
 2015-08-31 11:32:03 +02:00
Manuel Pégourié-Gonnard
6432c7e782 Fix memory corruption in rsa sign/verify programs 
backport from d74c697

see #210
 2015-08-31 11:30:07 +02:00
Manuel Pégourié-Gonnard
e217ceea38 Fix warning with MD/SHA ALT implementation 
backport of 8b2641d

see #239
 2015-08-31 11:22:47 +02:00
Manuel Pégourié-Gonnard
a67fd79e8f Fix -Wshadow warnings 
Backport of ea35666 and 824ba72

see #240
 2015-08-31 11:07:51 +02:00
Manuel Pégourié-Gonnard
5efed09c5f Fix possible unlock before lock in RSA 
Backport of 1385a28 and 4d04cdc

see #257
 2015-08-31 10:21:10 +02:00
Manuel Pégourié-Gonnard
89789be80f Fix handling of new config option 
fixes #256
 2015-08-27 09:54:16 +02:00
Manuel Pégourié-Gonnard
3a5ee1c411 Increase tolerance of timing selftest 
Forgot to move that one to 20% in previous commit
 2015-08-19 14:48:34 +02:00
Manuel Pégourié-Gonnard
25f44a6020 Relax timing_self_test for windows idiosyncrasies 
Also widen accepted error to +/- 20 % while at it
 2015-08-19 10:22:54 +02:00
Manuel Pégourié-Gonnard
ce11699cf2 Fix pkwrite test that were failing on mingw32 
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
 2015-08-19 10:20:25 +02:00
Paul Bakker
3edec6c4ed Prepare for 1.3.12 release 2015-08-11 13:22:10 +01:00
Manuel Pégourié-Gonnard
027ead91e5 Disable padlock asm with ASan 
Causes errors with some versions of ASan
 2015-08-10 17:44:53 +02:00
Manuel Pégourié-Gonnard
705de2f98d Revert "Avoid formatting debug message uselessly" 
This reverts commit 925a72628b.

Reason: introduced an ABI change in the maintenance branch.
 2015-08-10 17:36:47 +02:00
Manuel Pégourié-Gonnard
84690c35ee Make ssl-opt.sh more tolerant to start timeouts 
Rather than flat-out die when we can't see the server started with lsof, just
stop waiting and try to go ahead with the test. Maybe it'll work if there was
a problem with lsof, most probably it will fail, but at least we'll have the
log, and the results of the following tests.

Note: date +%s isn't POSIX, but it works at least on Linux, Darwin/FreeBSD and
OpenBSD, which should be good enough for a test script.
 2015-08-10 17:06:22 +02:00
Manuel Pégourié-Gonnard
cc86ac5d56 Fix compile error with armcc5 --gnu 2015-08-10 12:10:39 +02:00
Manuel Pégourié-Gonnard
b5d77d3fd9 Accept a trailing space at end of PEM lines 
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
 2015-08-10 12:01:50 +02:00
Manuel Pégourié-Gonnard
1b1254fa05 Fix missing -static-libgcc when building dlls 2015-08-10 11:56:54 +02:00
Manuel Pégourié-Gonnard
a64b15ee73 Fix bug with cmake and old version of GCC 2015-08-10 11:35:02 +02:00
Manuel Pégourié-Gonnard
501084c764 Add warning/errors about deprecated config items 2015-07-15 11:18:40 +02:00
Manuel Pégourié-Gonnard
e92617b586 Run timing selftest on all platforms 2015-07-06 17:19:27 +02:00
Manuel Pégourié-Gonnard
3ab7b96f35 Make hardclock selftest optional 2015-07-06 17:17:55 +02:00
Manuel Pégourié-Gonnard
5574546524 Document thread-safety of the RSA functions 2015-07-03 17:51:10 +02:00
Manuel Pégourié-Gonnard
f0f399d66c Up default server DHM size to 2048 bits 2015-07-03 17:45:57 +02:00
Manuel Pégourié-Gonnard
f0dd045bbe Backport dh_genprime update from 2.0 2015-07-03 17:14:06 +02:00
Manuel Pégourié-Gonnard
56e245d959 Only do dynamic alloc when necessary 2015-06-29 19:52:44 +02:00
Manuel Pégourié-Gonnard
925a72628b Avoid formatting debug message uselessly 2015-06-29 19:47:17 +02:00
Manuel Pégourié-Gonnard
6461f368d8 Use good DH params with OpenSSL in tests 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
006f655218 Add forgotten programs in Makefile 
Closes #209
 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
9ea1b23cc4 Up min size of DHM params to 1024 bits on client 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
6c3ccf5fd0 Fix thread-safety issue in debug.c 
Closes #203
 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
8e8ae3d961 Fix potential NULL dereference on bad usage 2015-06-23 18:57:28 +02:00
Manuel Pégourié-Gonnard
b26b75e17b Clean up RSA PMS checking code 2015-06-23 18:52:09 +02:00
Paul Bakker
19eef51487 Prepare for 1.3.11 release 2015-06-04 14:49:19 +02:00
Manuel Pégourié-Gonnard
721e6bbf71 Fix all.sh for recent config.pl change 2015-06-03 13:38:20 +01:00