yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
8026 commits 1 branch 0 tags 94 MiB
Commit graph

8026 commits

This branch
This branch
All branches
Author SHA1 Message Date
Janos Follath
172ba63463 Add guard for MBEDTLS_ECP_INTERNAL_ALT 
MBEDTLS_ECP_RESTARTABLE and MBEDTLS_ECP_INTERNAL_ALT are mutually
exclusive, can't work and shouldn't be compiled together.
 2018-12-07 13:13:42 +00:00
Janos Follath
683c582530 Clarify alternative ECP calling conventions 
Function calls to alternative implementations have to follow certain
rules in order to preserve correct functionality. To avoid accidentally
breaking these rules we state them explicitly in the ECP module for
ourselves and every contributor to see.
 2018-12-07 13:13:30 +00:00
Janos Follath
d2af46f1e6 Fix typo in ECP alternative documentation 2018-12-07 11:05:21 +00:00
Janos Follath
855def157f Add changelog entry for ECC hardware bugfix 2018-12-07 11:05:03 +00:00
Janos Follath
af6f2694a4 Fix ECC hardware double initialization 
We initialized the ECC hardware before calling
mbedtls_ecp_mul_shortcuts(). This in turn calls
mbedtls_ecp_mul_restartable(), which initializes and frees the hardware
too. This issue has been introduced by recent changes and caused some
accelerators to hang.

We move the initialization after the mbedtle_ecp_mul_shortcuts() calls
to avoid double initialization.
 2018-12-07 11:03:47 +00:00
Simon Butcher
fabc6001ff Clarify attribution for the Bleichenbacher's Cat fix 2018-12-01 22:43:08 +00:00
Simon Butcher
51b8a2fa87 Merge remote-tracking branch 'restricted/pr/512' into development 2018-11-29 16:56:02 +00:00
Simon Butcher
b9eb7866eb Merge remote-tracking branch 'restricted/pr/535' into development 2018-11-29 16:54:51 +00:00
Simon Butcher
658618b6b2 Merge remote-tracking branch 'restricted/pr/516' into development 2018-11-29 16:53:51 +00:00
Gilles Peskine
50da016e5c Add changelog entry for mbedtls_mpi_write_binary fix 2018-11-29 12:46:05 +01:00
Gilles Peskine
056f19c79f Tweak RSA vulnerability changelog entry 
* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
 2018-11-29 12:45:01 +01:00
Gilles Peskine
c4a8017e3e mbedtls_ctr_drbg_update_ret: correct doc for input length limit 
Unlike mbedtls_ctr_drbg_update, this function returns an error if the
length limit is exceeded, rather than silently truncating the input.
 2018-11-26 19:26:22 +01:00
Gilles Peskine
5da0505842 Add ChangeLog entry for deprecation of mbedtls_xxx_drbg_update 
Fixes ARMmbed/mbedtls#1798
 2018-11-26 19:26:22 +01:00
Gilles Peskine
8220466297 Streamline mbedtls_xxx_drbg_update_seed_file 
Refactor mbedtls_ctr_drbg_update_seed_file and
mbedtls_hmac_drbg_update_seed_file to make the error logic clearer.

The new code does not use fseek, so it works with non-seekable files.
 2018-11-26 19:26:22 +01:00
Gilles Peskine
b7f71c8bc1 HMAC_DRBG: report all errors from HMAC functions 
Make sure that any error from mbedtls_md_hmac_xxx is propagated.
 2018-11-26 19:26:22 +01:00
Gilles Peskine
e0e9c573ad HMAC_DRBG: deprecate mbedtls_hmac_drbg_update because it ignores errors 
Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a
new function mbedtls_hmac_drbg_update_ret which reports error.
 2018-11-26 19:26:21 +01:00
Gilles Peskine
d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors 
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
 2018-11-26 19:26:00 +01:00
Gilles Peskine
1b09f4027e Add ChangeLog entry for wiping sensitive buffers 2018-11-26 16:19:22 +01:00
Gilles Peskine
afa803775a HMAC_DRBG: clean stack buffers 
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
 2018-11-26 15:47:14 +01:00
Gilles Peskine
d9aa84dc0d CTR_DRBG: clean stack buffers 
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
 2018-11-26 15:47:14 +01:00
Gilles Peskine
11cdb0559e mbedtls_mpi_write_binary: don't leak the exact size of the number 
In mbedtls_mpi_write_binary, avoid leaking the size of the number
through timing or branches, if possible. More precisely, if the number
fits in the output buffer based on its allocated size, the new code's
trace doesn't depend on the value of the number.
 2018-11-20 17:09:27 +01:00
Simon Butcher
556d7d9e3b
Merge pull request #532 from sbutcher-arm/version-2.14.0 
Bump Mbed TLS Version to 2.14.0
 2018-11-19 18:45:45 +00:00
Simon Butcher
c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Simon Butcher
b35e59d36d Refine the language in the ChangeLog 
Fix the language and descriptions in the ChangeLog following review of the
Release Notes for the next release.
 2018-11-19 15:49:26 +00:00
Simon Butcher
681edee803 Fix language and formatting in ChangeLog 
Changed the formatting and language in the ChangeLog to the house-style.
 2018-11-15 13:01:23 +00:00
Simon Butcher
06d80cf172 Fix merge of Changelog 128bit CTR_DRBG entry 
The entry describing support for 128-bit keys in CTR_DRBG was merged into the
wrong version.
 2018-11-12 14:30:19 +00:00
Simon Butcher
de13963d66 Merge remote-tracking branch 'restricted/pr/520' into development-restricted-proposed 2018-11-12 14:30:16 +00:00
Simon Butcher
cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Simon Butcher
2ab14bb2ca Clarified new platform errors in the ChangeLog 
Clarified new platform errors and error code deprecations in the ChangeLog.
 2018-11-09 20:09:33 +00:00
Simon Butcher
e51d4b336b Merge remote-tracking branch 'public/pr/2054' into development-proposed 2018-11-09 19:57:53 +00:00
Ron Eldor
6aa9fb4916 Add ChangeLog entry 
Add the ChangeLog entry describing the change.
 2018-11-09 15:01:09 +00:00
Ron Eldor
9924bdc792 Deprecate hardware acceleration errors 
Deprecate the module-specific XXX_HW_ACCEL_FAILED and
XXX_FEATURE_UNAVAILABLE errors, as alternative implementations should now
return `MBEDTLS_ERR_PLATFORM_HW_FAILED` and
`MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED`.
 2018-11-09 15:01:07 +00:00
Ron Eldor
bcca58c6cd Add common feature unavailable error 
Add a common error for the feature unavailable, in the
platform module.
 2018-11-09 13:57:37 +00:00
Simon Butcher
d83448b736 Merge remote-tracking branch 'public/pr/2052' into development-restricted-proposed 2018-11-07 12:59:14 +00:00
Simon Butcher
53b45ec881 Merge remote-tracking branch 'public/pr/2079' into development-restricted-proposed 2018-11-07 12:58:44 +00:00
Simon Butcher
bbc31b4827 Merge remote-tracking branch 'public/pr/2085' into development-restricted-proposed 2018-11-07 12:57:38 +00:00
Simon Butcher
93a9b497e0 Merge remote-tracking branch 'public/pr/2077' into development-restricted-proposed 2018-11-07 12:57:24 +00:00
Simon Butcher
361ce6c302 Merge remote-tracking branch 'public/pr/2127' into development-restricted-proposed 2018-11-07 12:57:01 +00:00
Simon Butcher
c81813153c Merge remote-tracking branch 'public/pr/2140' into development-restricted-proposed 2018-11-07 12:56:05 +00:00
Simon Butcher
241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher
42ab4ae033 Merge remote-tracking branch 'public/pr/2167' into development-restricted-proposed 2018-11-07 12:54:45 +00:00
Simon Butcher
51b6abbbf2 Merge remote-tracking branch 'public/pr/2165' into development-proposed 2018-11-06 22:55:14 +00:00
Hanno Becker
f143a78011 Adapt ChangeLog 2018-11-06 17:59:28 +00:00
Ron Eldor
7213744b07 Fix typo in comment 
Change from from lower case to upper case in XXX_ALT
comment in `MBEDTLS_ECP_RESTARTABLE` description.
 2018-11-05 22:31:32 +02:00
Ron Eldor
2981d8f161 Change to positive flow for all cases 
Use the `rs_ctx` only when `MBEDTLS_ECP_RESTARTABLE` is defined.
 2018-11-05 18:08:46 +02:00
Ron Eldor
93ace0199b Revert positive flow check 
Revert changes for checking whether `MBEDTLS_ECP_RESTARTABLE`
is defined, since it broke the CI. The context is used whether the
restartable feature is defined or not.
 2018-11-05 17:50:07 +02:00
Ron Eldor
b430d9f262 Change to positive checks 
1. Checge to check for `MBEDTLS_ECP_RESTARTABLE` for all definitions
of `rs_ctx`.
2. Remove checks for `_ALT` when using `rs_ctx` as they cannot coexist
with the Restartable configuration.
 2018-11-05 17:18:29 +02:00
Ron Eldor
19779c4739 Some style and documentation fixes 
1. Change description of of hte `MBEDTLS_ECP_RESTARTABLE`
in the configuration file.
2. Change check for compilation of `rs_ctx` to positive flow.
 2018-11-05 16:58:13 +02:00
Ron Eldor
5ed8c1eded Avoid using restartable and alternative ECP imp. 
1. Add a check that MBEDTLS_ECP_RESTARTABLE is not defined
   along any EC* alternative implementation.
2. Add a closing comment foran `#endif`.
 2018-11-05 14:04:26 +02:00
Hanno Becker
d3445da3ef Adapt ChangeLog 2018-11-05 11:54:06 +00:00