yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 03:31:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
2193 commits 88 branches 205 tags 69 MiB
Commit graph

227 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 8866591cc5 Don't special-case NULL cipher in ssl_tls.c 2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard 126a66f668 Simplify switching on mode in ssl_tls.c 2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard 8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Paul Bakker f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker 376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard 8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard 0fae60bb71 Implement RSA-PSK key exchange 2013-10-14 19:34:48 +02:00
Paul Bakker b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard 1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard bd1ae24449 Factor PSK pms computation to ssl_tls.c 2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard 3ce3bbdc00 Add support for ECDHE_PSK key exchange 2013-10-11 18:16:35 +02:00
Paul Bakker beccd9f226 Explicit void pointer cast for buggy MS compiler 2013-10-11 15:20:27 +02:00
Paul Bakker 1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker ca9c87ed2b Removed possible cache-timing difference for pad check 2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard 8372454615 Rework SNI to fix memory issues 2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard 705fcca409 Adapt support for SNI to recent changes 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard d09453c88c Check our ECDSA cert(s) against supported curves 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard f71e587c5e Fix memory leak in ssl cipher usage 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 834ea8587f Change internal structs for multi-cert support 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 1a483833b3 SSL_TLS doesn't depend on PK any more 
(But PK does depend on RSA or ECP.)
 2013-09-20 12:29:15 +02:00
Paul Bakker 5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Paul Bakker 6db455e6e3 PSK callback added to SSL server 2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard a310459f5c Fix a few things that broke with RSA compiled out 2013-09-18 15:37:44 +02:00
Paul Bakker b6b0956631 Rm of memset instead of x509_crt_init() 2013-09-18 14:32:52 +02:00
Paul Bakker c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker ddf26b4e38 Renamed x509parse_* functions to new form 
e.g. x509parse_crtfile -> x509_crt_parse_file
 2013-09-18 13:46:23 +02:00
Paul Bakker 7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker 2292d1fad0 Fixed warnings in case POLARSSL_X509_PARSE_C is not defined 2013-09-15 17:06:49 +02:00
Manuel Pégourié-Gonnard f7dc378ead Make CBC an option, step 1: ssl ciphersuites 2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard bfb355c33b Fix memory leak on missed session reuse 2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard d13a4099dd GCM ciphersuites using only cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard b8bd593741 Restrict cipher_update() for GCM 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard 226d5da1fc GCM ciphersuites partially using cipher layer 2013-09-05 17:06:10 +02:00
Paul Bakker 45125bc160 Changes to handle merged enhancements 2013-09-04 16:48:22 +02:00
Paul Bakker ea6ad3f6e5 ARC4 ciphersuites using only cipher layer 2013-09-02 14:57:01 +02:00
Paul Bakker cca5b81d18 All CBC ciphersuites via the cipher layer 2013-08-31 17:40:26 +02:00
Paul Bakker da02a7f45e AES_CBC ciphersuites now run purely via cipher layer 2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard c852a68b96 More robust selection of ctx_enc size 2013-08-28 13:13:30 +02:00
Paul Bakker 577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development 
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
 2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard 2fb15f694c Un-rename ssl_set_own_cert_alt() 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard a20c58c6f1 Use convert functions for SSL_SIG_* and SSL_HASH_* 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 0d42049440 Merge code for RSA and ECDSA in SSL 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 070cc7fd21 Use the new PK RSA-alt interface 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 8df2769178 Introduce pk_sign() and use it in ssl 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Paul Bakker 0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker fb08fd2e23 Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available 2013-08-27 15:06:54 +02:00
Manuel Pégourié-Gonnard 38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker 75c1a6f97c Fixed potential heap buffer overflow on large hostname setting 2013-08-19 14:25:29 +02:00
Paul Bakker 5fd4917d97 Add missing ifdefs in ssl modules 2013-08-19 13:30:28 +02:00
Paul Bakker 1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker 05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker 606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Paul Bakker a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard 56dc9e8bba Authenticate session tickets. 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 990c51a557 Encrypt session tickets 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 779e42982c Start adding ticket keys (only key_name for now) 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard c086cce3d3 Don't cache empty session ID nor resumed session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 7cd5924cec Rework NewSessionTicket handling in state machine 
Fixes bug: NewSessionTicket was ommited in resumed sessions.
 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 7a358b8580 ssl_srv: write & parse session ticket ext & msg 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard a5cc6025e7 Parse NewSessionTicket message 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 75d440192c Introduce ticket field in session structure 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 5f280cc6cf Implement saving peer cert as part of session. 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 747180391d Add ssl_get_session() to save session on client 2013-08-14 14:08:03 +02:00
Paul Bakker 8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard 277f7f23e2 Implement hmac truncation 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard e048b67d0a Misc minor fixes 
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
 2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard ed4af8b57c Move negotiated max fragment length to session 
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
 2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard 581e6b6d6c Prepare migrating max fragment length to session 
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
 2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard 6b4f237f6a Forbid setting max_frag_len > MAX_CONTENT_LEN 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard 30dc7ef3ad Reset max_fragment_length in ssl_session_reset() 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard 787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard 8b46459ae5 Add ssl_set_max_frag_len() 2013-07-18 11:18:13 +02:00
Paul Bakker 61d113bb7b Init and free new contexts in the right place for SSL to prevent 
memory leaks
 2013-07-16 17:48:58 +02:00
Paul Bakker fa9b10050b Also compiles / runs without time-based functions in OS 
Can now run without need of time() / localtime() and gettimeofday()
 2013-07-03 17:22:32 +02:00
Paul Bakker 6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker abf2f8fcf9 zlib compression/decompression skipped on empty blocks 2013-06-30 14:57:46 +02:00
Paul Bakker e5bffc319d Removed redundant includes 2013-06-30 14:53:06 +02:00
Paul Bakker d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker 9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly 
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
 2013-06-30 14:34:05 +02:00
Paul Bakker 2fbefde1d8 Client and server now filter sent and accepted ciphersuites on minimum 
and maximum protocol version
 2013-06-29 18:35:40 +02:00
Paul Bakker b6c5d2e1a6 Cleanup up non-prototyped functions (static) and const-correctness 
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
 2013-06-25 16:25:17 +02:00
Paul Bakker 90995b5ce3 Added mechanism to provide alternative cipher / hash implementations 
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043)
 2013-06-25 15:06:51 +02:00
Paul Bakker 89ecb2d074 ssl_parse_certificate() now calls x509parse_crt_der() directly 
(cherry picked from commit 1922a4e6aa)
 2013-06-24 19:09:25 +02:00
Paul Bakker 3c2122ff9d Fixed const correctness issues that have no impact on the ABI 
(cherry picked from commit eae09db9e5)

Conflicts:
	library/gcm.c
 2013-06-24 19:09:24 +02:00
Paul Bakker 48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based 
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
 2013-04-19 20:47:26 +02:00
Paul Bakker ed27a041e4 More granular define selections within code to allow for smaller code 
sizes
 2013-04-18 23:12:34 +02:00
Paul Bakker d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS 
Client side handling of the pure PSK ciphersuites is now in the base
code.
 2013-04-18 23:12:33 +02:00
Paul Bakker f7abd422dc Removed extra spaces on end of lines 2013-04-16 18:09:45 +02:00
Paul Bakker 8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version. 
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
 2013-04-16 18:09:45 +02:00
Paul Bakker b7149bcc90 Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF 2013-03-20 15:30:09 +01:00
Paul Bakker 41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS 
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
 2013-03-20 14:39:14 +01:00
Paul Bakker 68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker c9118b433b Renamed hash structures to ctx 2013-03-13 11:48:39 +01:00
Paul Bakker 92be97b8e6 Align data with future location based on IV size 2013-03-13 11:46:00 +01:00