yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4500 commits 1 branch 0 tags 94 MiB
Commit graph

844 commits

Author SHA1 Message Date
Simon Butcher
62aab15085 Merge branch 'development' into iotssl-513-alerts 2015-10-27 16:05:34 +00:00
Simon Butcher
5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
Manuel Pégourié-Gonnard
e0b2feae34 Mention performance fix in ChangeLog 2015-10-27 10:24:54 +01:00
Manuel Pégourié-Gonnard
65eefc8707 Fix missing check for RSA key length on EE certs 
- also adapt tests to use lesser requirement for compatibility with old
  testing material
 2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
d21eb2ae81 Fix attribution in ChangeLog 2015-10-23 15:35:02 +02:00
Manuel Pégourié-Gonnard
fbdf06c1a4 Fix handling of non-fatal alerts 
fixes #308
 2015-10-23 13:11:31 +02:00
Manuel Pégourié-Gonnard
e5f3072aed Fix #ifdef inconsistency 
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
 2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
66fc07362e Fix typo in an OID name 
fixes #314
 2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a Disable reportedly broken assembly of Sparc(64) 
fixes #292
 2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
22c3b7b9da Fix potential buffer overflow in asn1write 2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard
261faed725 Fix potential heap corruption on Windows 
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
 2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard
173c790722 Fix potential double-free in ssl_conf_psk() 2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard
1ef96c2231 Update ChangeLog for the EC J-PAKE branch 2015-10-20 15:04:57 +02:00
Manuel Pégourié-Gonnard
4104864e54 ECHDE-PSK does not use a certificate 
fixes #270
 2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2 
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
 2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
ca056c7748 Fix CVE number in ChangeLog 2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted 
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
 2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
899ac849d0 Merge branch 'development' into development-restricted 
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
 2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
0431735299 Fix compile error in net.c with musl libc 
fixes #278
 2015-10-05 12:17:49 +01:00
Simon Butcher
475cf0a98a Merge fix of IOTSSL-496 - Potential heap overflow 
Fix for potential overflow in ssl_write_certificate_request()
 2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard
0223ab9d38 Fix macroization of inline in C++ 
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
 2015-10-05 11:41:36 +01:00
Simon Butcher
fec73a8eec Merge of fix for IOTSSL-481 - Double free 
Potential double free in mbedtls_ssl_conf_psk()
 2015-10-05 10:40:31 +01:00
Simon Butcher
c48b66bfb6 Changed attribution for Guido Vranken 2015-10-05 10:18:17 +01:00
Simon Butcher
6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Simon Butcher
a45aa1399b Merge of IOTSSL-476 - Random malloc in pem_read() 2015-10-05 00:26:36 +01:00
Simon Butcher
e7f96f22ee Merge fix IOTSSL-475 Potential buffer overflow 
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
 2015-10-04 23:43:05 +01:00
Simon Butcher
d5ba4672b2 Merge fix for IOTSSL-474 PKCS12 Overflow 
Fix stack buffer overflow in PKCS12
 2015-10-04 22:47:59 +01:00
Simon Butcher
5b8d1d65f7 Fix for IOTSSL-473 Double free error 
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
 2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard
ef388f168d Merge branch 'development' into development-restricted 
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
 2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
bc1babb387 Fix potential overflow in CertificateRequest 2015-10-02 11:20:28 +02:00
Simon Butcher
54eec9d1dd Merge pull request #301 from Tilka/typo 
Fix a fairly common typo in comments
 2015-10-01 02:07:24 +01:00
Simon Butcher
a12e3c00bf Updated ChangeLog with credit 2015-10-01 01:59:33 +01:00
Manuel Pégourié-Gonnard
0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher
5624ec824e Reordered TLS extension fields in client 
Session ticket placed at end
 2015-09-29 01:06:06 +01:00
Simon Butcher
04799a4274 Fixed copy and paste error 
Accidental additional assignment in ssl_write_alpn_ext()
 2015-09-29 00:31:09 +01:00
Manuel Pégourié-Gonnard
d02a1daca7 Fix stack buffer overflow in pkcs12 2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard
24417f06fe Fix potential double-free in mbedtls_ssl_conf_psk() 2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard
58fb49531d Fix potential buffer overflow in mpi_read_string() 
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
 2015-09-28 15:59:54 +02:00
Tillmann Karras
588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Simon Butcher
8f98842e38 Refined credits in ChangeLog for fuzzing issue 
Changed GDS to Gotham Digital Science
 2015-09-22 10:10:36 +01:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher
ac58c53ab1 Merge remote-tracking branch 'origin/development' 2015-09-16 23:25:25 +01:00
Simon Butcher
7dd82f8fd5 Merge branch 'development' with bugfix branch 
Conflicts:
	ChangeLog
 2015-09-16 16:21:38 +01:00
Simon Butcher
5793e7ef01 Merge 'development' into iotssl-411-port-reuse 
Conflicts:
	ChangeLog
 2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
f7022d1131 Fix bug in server parsing point formats extension 
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15
 2015-09-16 11:32:18 +02:00
Simon Butcher
a1a1128f7d Updated ChangeLog for fix #275 2015-09-14 21:30:40 +01:00
Simon Butcher
d69f14bed8 Updated Changelog for new version 2015-09-11 20:00:20 +01:00
Simon Butcher
8a52a7468d Added PR to Changelog for NWilson 2015-09-11 19:44:34 +01:00
Manuel Pégourié-Gonnard
c2ed8029ff Fix ChangeLog - misplaced entries 2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard
14c2574a9d Update Changelog 2015-09-08 15:12:45 +02:00
Simon Butcher
e5a21b4493 Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted 
Add counter-measure against RSA-CRT attack
 2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard
5f50104c52 Add counter-measure against RSA-CRT attack 
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
 2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d Fix possible client crash on API misuse 2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
0a0c22e0ef Add ChangeLog entry about license change 2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
b2beb84be6 Changelog entry fro the previous commit 2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard
1385a289f4 Fix possible mutex lock/unlock mismatch 
fixes #257
 2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard
c98204e68f Fix missing break in switch for SSL presets 
closes #235
 2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard
ed46c436c0 Fix error when loading libmbedtls.so 2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard
e33316c607 Add test build of shared libs for windows 2015-08-07 13:22:37 +02:00
Manuel Pégourié-Gonnard
32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
9983993e27 Fix bug with make install without tests 
closes #232
 2015-08-03 10:42:10 +02:00
Manuel Pégourié-Gonnard
2006408545 Fix Make bug when installing programs 2015-08-03 10:40:38 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines 
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
 2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Simon Butcher
10a6f02f83 Merge branch 'development' into IOTSSL-442-hello-noext 
Conflicts:
	ChangeLog
 2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard
52a5079cf2 Fix bug with install target in make 
closes #223
 2015-07-27 10:36:12 +02:00
Manuel Pégourié-Gonnard
6f42417ba8 Fix typo in that broke installation in cmake 
closes #221
 2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654 Fix bug with extension-less ServerHello 
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
 2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
bcb0460224 Fix bug with cmake and old version of GCC 2015-07-19 16:00:04 +02:00
Manuel Pégourié-Gonnard
4f3368e31e Fix bug in benchmark.c with DHM params 2015-07-19 15:01:28 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
abc729e664 Simplify net_accept() with UDP sockets 
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
 2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
91895853ac Move from naked int to a structure in net.c 
Provides more flexibility for future changes/extensions.
 2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard
a25ffc3b0f Update Changelog for target split 2015-06-25 12:01:16 +02:00
Manuel Pégourié-Gonnard
53585eeb17 Remove test DHM params from certs.c 
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
c0d749418b Make 'port' a string in NET module 
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
1cd10adc7c Update prototype of x509write_set_key_usage() 
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE 
First one means we have time() but it may not return the actual wall clock
time, second means it does.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
88d37859b6 Update Changelog for the profiles branch 2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
7ee5ddd798 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
 2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
f2ec505c34 Ack external bugfix in Changelog 2015-06-03 09:50:07 +01:00
Manuel Pégourié-Gonnard
3e87a9f57f FIx misplaced Changelog entry (oops) 2015-06-03 09:48:26 +01:00
Manuel Pégourié-Gonnard
bc6ff23dc6 Update changelog for i/o lengths 2015-06-02 16:33:08 +01:00
Manuel Pégourié-Gonnard
9693668c23 Tune Changelog (typos, ordering) 2015-06-02 15:14:15 +01:00
Manuel Pégourié-Gonnard
d22514e8f6 Fix contributor's name in Changelog 2015-06-02 12:59:59 +01:00
Manuel Pégourié-Gonnard
0574bb0bdb Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Mark unused constant as such
  Update ChangeLog for recent external bugfix
  Serious bug fix in entropy.c
  Fix memleak with repeated [gc]cm_setkey()
  fix minor bug in path_cnt checks

Conflicts:
	include/mbedtls/cipher.h
	library/ccm.c
	library/entropy.c
	library/gcm.c
	library/x509_crt.c
 2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard
5866848092 Update ChangeLog for recent external bugfix 2015-06-02 09:08:35 +01:00
Manuel Pégourié-Gonnard
cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
eb0d8706ce Add option for even smaller SHA-256 2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard
2a1524ccb5 Manually merge 1.3 changelog 2015-05-27 17:59:46 +02:00
Manuel Pégourié-Gonnard
61977614d8 Fix memleak with repeated [gc]cm_setkey() 2015-05-27 17:40:16 +02:00
Manuel Pégourié-Gonnard
1b8de57827 Remove a few redundant memset after calloc. 
Using the following semantic patch provided by Mansour Moufid:

@@
expression x;
@@
  x = mbedtls_calloc(...)
  ...
- memset(x, 0, ...);
 2015-05-27 16:58:55 +02:00