yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 02:55:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
991 commits 88 branches 205 tags 69 MiB
Commit graph

361 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard a6118741a7 Update changelog for the last few commits 2014-10-23 15:37:34 +02:00
Manuel Pégourié-Gonnard 9711920304 Fix ssl_read wrt non-Application Data 2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard 3fdfcedebb Fix net_accept() regarding non-blocking sockets 2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard 982eda385f Don't print uninitialised buffer in ssl_mail_client 2014-10-23 15:20:26 +02:00
Manuel Pégourié-Gonnard 0b0b522932 Fix compiler warnings on iOS 2014-10-23 15:17:27 +02:00
Manuel Pégourié-Gonnard 7d75ea4787 x509_crt_parse() did not increase total_failed on PEM error 2014-10-23 15:13:39 +02:00
Manuel Pégourié-Gonnard 86792a6cf3 Fix ssl_close_notify() with non-blocking I/O 2014-10-23 15:02:45 +02:00
Manuel Pégourié-Gonnard 066c1f60bb Fix potential bad read in parsing ServerHello 2014-10-23 14:58:09 +02:00
Manuel Pégourié-Gonnard 6b44038913 Fix memory leak parsing some X.509 certs 2014-10-23 14:53:46 +02:00
Paul Bakker 695266cb51 Updated to version 1.2.11 2014-07-11 11:26:03 +02:00
Paul Bakker bbc843f0b8 Fix base64_decode() to return and check length correctly 2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard 03917bf7d5 Disable broken Sparc64 bn_mul assembly 2014-07-08 18:29:01 +02:00
Manuel Pégourié-Gonnard 4564af9e3d Fix asm format of bn_mul.h for more portability 
Found by Barry K. Nathan.

Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html:

"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
 2014-07-08 18:28:59 +02:00
Barry K. Nathan 22ca9c0197 Fix preprocessor checks for bn_mul PPC asm 
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
 2014-07-08 18:28:57 +02:00
Paul Bakker 5bad6afd8c Fix length checking for AEAD ciphersuites 2014-07-08 18:28:54 +02:00
Paul Bakker 312da33ef1 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-07-08 18:28:52 +02:00
Paul Bakker 75ee01097f Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-07-08 18:28:47 +02:00
Markus Pfeiffer 55bdbc1834 Make compilation on DragonFly work 2014-07-08 18:28:44 +02:00
Paul Bakker 358d325017 Fix bug with mpi_fill_random() on big-endian 2014-07-08 18:28:42 +02:00
Paul Bakker 95a11f8c16 On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-07-08 18:28:40 +02:00
Paul Bakker b0af56334c rsa_check_pubkey() now allows an E up to N 2014-07-08 18:28:36 +02:00
Paul Bakker 838ed3c74d Improve interop by not writing ext_len in ClientHello when 0 
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
 2014-07-08 18:28:33 +02:00
Paul Bakker 243d61894c Reject certificates with times not in UTC 2014-07-08 14:40:58 +02:00
Paul Bakker f48de9579f Use UTC to heck certificate validity 2014-07-08 14:39:41 +02:00
Paul Bakker dedce0c35c Prevent potential NULL pointer dereference in ssl_read_record() 2014-07-08 14:36:12 +02:00
Paul Bakker 6995efe8be Potential memory leak in mpi_exp_mod() when error occurs during 
calculation of RR.
 2014-07-08 14:32:35 +02:00
Paul Bakker 3cbaf1e379 Add ssl_close_notify() to servers that missed it 2014-07-08 14:30:35 +02:00
Paul Bakker 358a841b34 x509_get_current_time() uses localtime_r() to prevent thread issues 2014-07-08 12:14:37 +02:00
Paul Bakker 24aaf44120 Make sure no random pointer occur during failed malloc()'s 2014-07-08 11:39:19 +02:00
Paul Bakker bc8984931c Improvements to tests/Makefile when using shared library 2014-07-08 11:32:12 +02:00
Paul Bakker 1e9423704a Support for seed file writing and reading in Entropy 2014-07-08 11:20:25 +02:00
Paul Bakker b000f82d76 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard 57291a7019 Work around a compiler bug on OS X. 2014-07-08 11:13:42 +02:00
Manuel Pégourié-Gonnard 3baeb15c79 Update changelog for cmake changes 2014-07-08 11:10:54 +02:00
Alex Wilson e63560470e Don't try to use MIPS32 asm macros on MIPS64 
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
 2014-07-08 11:06:05 +02:00
Manuel Pégourié-Gonnard be04673c49 Forbid sequence number wrapping 2014-07-08 11:04:19 +02:00
Paul Bakker 50a5c53398 Reject certs and CRLs from the future 2014-07-08 10:59:10 +02:00
Manuel Pégourié-Gonnard 963918b88f Countermeasure against "triple handshake" attack 2014-07-07 17:46:35 +02:00
Paul Bakker 57ca5702fd Fixed CMake symlinking on out-of-source builds 2014-07-07 17:46:32 +02:00
Manuel Pégourié-Gonnard 6d841c2c5c Fix verion-major intolerance 2014-07-07 17:46:31 +02:00
Paul Bakker e96bfbc6bd Fixed testing with out-of-source builds using cmake 2014-07-07 17:46:30 +02:00
Manuel Pégourié-Gonnard c675e4bde5 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-07-07 17:46:29 +02:00
Paul Bakker af0ccc8fa0 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-07-07 17:46:29 +02:00
Paul Bakker 0b6355d088 Updated ChangeLog 2014-07-07 16:01:53 +02:00
Paul Bakker d15718cbe0 Updated ChangeLog 2014-07-07 16:01:23 +02:00
Paul Bakker d83584e9aa Fixed potential overflow in certificate size in ssl_write_certificate() 2014-07-07 16:01:11 +02:00
Paul Bakker 78e819698b Added missing MPI_CHK() around some statements 2014-07-07 16:01:10 +02:00
Paul Bakker 40cc914567 Fixed x509_crt_parse_path() bug on Windows platforms 2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard b9f6d507dd crypt_and_hash: check MAC earlier 2014-07-07 14:35:02 +02:00
Paul Bakker a1caf6e1e8 SSL now gracefully handles missing RNG 2014-07-07 14:20:52 +02:00
Paul Bakker c941adba31 Fixed X.509 hostname comparison (with non-regular characters) 2014-07-07 14:17:24 +02:00
Paul Bakker e46b17766c Make get_pkcs_padding() constant-time 2014-07-07 14:04:31 +02:00
Paul Bakker 9ccb2116a7 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2014-07-07 13:43:31 +02:00
Paul Bakker 6b06502c4b Changed RSA blinding to a slower but thread-safe version 2013-10-07 12:06:29 +02:00
Paul Bakker adace27ec9 Prepped for 1.2.10 release 2013-10-04 17:07:26 +02:00
Paul Bakker 178e74454f Fixed MS VC project files 2013-10-04 13:20:40 +02:00
Paul Bakker 495830dd1f Fixed ssl_pkcs11_decrypt() prototype 2013-10-04 11:01:48 +02:00
Paul Bakker 62087eed22 Fixed memory leak in rsa.c introduced in 43f9799 2013-10-04 10:57:12 +02:00
Paul Bakker 60ad84f43f Fixed release date for 1.2.9 2013-10-01 10:13:52 +02:00
Paul Bakker e45574e7de Prepped for 1.2.9 release 2013-09-25 18:42:42 +02:00
Paul Bakker 43f9799ce6 RSA blinding on CRT operations to counter timing attacks 2013-09-23 11:23:31 +02:00
Paul Bakker 88a2264def Fixed potential file descriptor leaks 2013-09-11 13:31:55 +02:00
Paul Bakker f65fbee52b x509_verify() now case insensitive for cn (RFC 6125 6.4) 
(cherry picked from commit a5943858d8)

Conflicts:
	ChangeLog
	library/x509parse.c
	tests/suites/test_suite_x509parse.data
 2013-09-11 13:31:55 +02:00
Paul Bakker a565aceea1 Fixed potential memory leak when failing to resume a session 2013-09-11 13:31:53 +02:00
Paul Bakker 78020fe72c Added fixes to ChangeLog 2013-09-11 13:31:06 +02:00
Paul Bakker 21360ca4d4 ssl_write_certificate_request() can handle empty ca_chain 2013-06-21 15:11:10 +02:00
Paul Bakker 016ea076e7 Added Security note (Advisory 2013-03) in ChangeLog 2013-06-19 11:50:30 +02:00
Paul Bakker 1d419500b0 Prepared for PolarSSL release 1.2.8 2013-06-19 11:48:04 +02:00
Paul Bakker 2be71faae4 Fixed values for 2-key Triple DES in cipher layer 2013-06-18 16:33:27 +02:00
Paul Bakker 6fa5488779 Centralized module option values in config.h 
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
 2013-06-17 15:44:03 +02:00
Paul Bakker 19bd297dc8 PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated 
old PBKDF2 module.
 2013-06-14 12:06:45 +02:00
Paul Bakker 52b845be34 Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler 2013-06-14 11:37:37 +02:00
Paul Bakker cbfcaa9206 x509parse_crtpath() is now reentrant and uses more portable stat() 
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
 2013-06-13 09:20:25 +02:00
Paul Bakker 4087c47043 Added mechanism to provide alternative cipher / hash implementations 
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
 2013-06-12 16:57:46 +02:00
Paul Bakker cf6e95d9a8 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis 
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
 2013-06-12 13:18:15 +02:00
Paul Bakker 65a1909dc6 Internally split up x509parse_key() 
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
 2013-06-06 21:17:08 +02:00
Paul Bakker 1922a4e6aa ssl_parse_certificate() now calls x509parse_crt_der() directly 2013-06-06 15:11:16 +02:00
Paul Bakker 6417186365 x509parse_crt() now better handles PEM error situations 
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
 2013-06-06 15:01:18 +02:00
Paul Bakker 08f06cf49f Disabled the HAVEGE random generator by default 
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
 2013-06-06 14:05:26 +02:00
Paul Bakker eae09db9e5 Fixed const correctness issues that have no impact on the ABI 2013-06-06 12:35:54 +02:00
Paul Bakker f92263021c Fixed offset for cert_type list in ssl_parse_certificate_request() 2013-06-06 11:24:37 +02:00
Paul Bakker 7c3c3899cf Secure renegotiation extension should only be sent in case client supports secure renegotiation 2013-06-06 11:22:13 +02:00
Paul Bakker 822e958bb2 Prepared for PolarSSL 1.2.7 release 2013-04-13 11:56:17 +02:00
Paul Bakker a62729888b Ability to specify allowed ciphersuites based on the protocol version. 
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int **' and is now malloced in ssl_init() and freed in
ssl_free().

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
 2013-04-12 13:13:43 +02:00
Paul Bakker d4c5944212 Fixed MPI assembly for ARM when -O2 is used 
GCC with -O2 or higher also needs to now about 'cc' in the clobber list.
(cherry picked from commit eff2e6d414)

Conflicts:
	ChangeLog
 2013-04-12 09:40:38 +02:00
Paul Bakker 90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker fb1cbd3cea Fixed assembly code for ARM (Thumb and regular) for some compilers 2013-03-06 18:14:52 +01:00
Paul Bakker e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain) 
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
 2013-03-06 18:01:03 +01:00
Paul Bakker a35aa54967 Fixed whitespaces in ChangeLog 2013-03-06 18:01:03 +01:00
Paul Bakker 78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages 
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
 2013-03-06 18:01:03 +01:00
Paul Bakker 37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker 8804f69d46 Removed timing differences due to bad padding from RSA decrypt for 
PKCS#1 v1.5 operations
 2013-03-06 18:01:03 +01:00
Paul Bakker a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions 
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
 2013-03-06 18:01:02 +01:00
Paul Bakker e3e4a59622 Added bugfix line for previous fixes for MS Visual Studio 2013-03-06 18:01:02 +01:00
Paul Bakker 3d2dc0f8e5 Corrected GCM counter incrementation to use only 32-bits instead of 128-bits 
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
 2013-02-28 10:55:39 +01:00
Paul Bakker e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf() 
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
 2013-02-27 14:48:00 +01:00
Paul Bakker c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Paul Bakker c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker 40865c8e5d Added sending of alert messages in case of decryption failures as per RFC 
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
 2013-02-02 19:04:13 +01:00