yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-04 17:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
2415 commits 88 branches 205 tags 69 MiB
Commit graph

1446 commits

Author SHA1 Message Date
Paul Bakker 14b16c62e9 Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker) 
Move strlen out of for loop.
Remove redundant null checks before free.
 2014-05-28 11:34:33 +02:00
Peter Vaskovic 8ebfe084ab Fix minor format string inconsistency. 2014-05-28 11:12:51 +02:00
Peter Vaskovic c2bbac968b Fix misplaced parenthesis. 2014-05-28 11:06:31 +02:00
Peter Vaskovic 541529e770 Remove unused arrays. 2014-05-28 11:04:48 +02:00
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites 
Conflicts:
	library/ssl_tls.c
 2014-05-22 15:30:31 +02:00
Paul Bakker 0f651c7422 Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-05-22 15:12:19 +02:00
Brian White 12895d15f8 Fix less-than-zero checks on unsigned numbers 2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard 82a5de7bf7 Enforce alignment even if buffer is not aligned 2014-05-22 13:52:49 +02:00
Manuel Pégourié-Gonnard fe671f4aeb Add markers around generated code in error.c 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard 8ff17c544c Add missing DEBUG_RET on cipher failures 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard 61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard 2e5ee32033 Implement CCM and CCM_8 ciphersuites 2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard 5efd772ef0 Small readability improvement 2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard 6768da9438 Register CCM ciphersuites (not implemented yet) 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 41936957b3 Add AES-CCM and CAMELLIA-CCM to the cipher layer 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard de7bb44004 Use cipher_auth_{en,de}crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 4562ffe2e6 Add cipher_auth_{en,de}crypt() 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 8764d271fa Use cipher_crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 3c1d150b3d Add cipher_crypt() 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard 0f6b66dba1 CCM operations allow input == output 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard aed6065793 CCM source cosmetics/tune-ups 
- source a bit shorter
- generated code slightly smaller
- preserving performance
 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard ce77d55023 Implement ccm_auth_decrypt() 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard 002323340a Refactor to prepare for CCM decryption 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard 637eb3d31d Add ccm_encrypt_and_tag() 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard 9fe0d13e8d Add ccm_init/free() 2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker 5593f7caae Fix typo in debug_print_msg() 2014-05-06 10:29:28 +02:00
Paul Bakker da13016d84 Prepped for 1.3.7 release 2014-05-01 14:27:19 +02:00
Paul Bakker c37b0ac4b2 Fix typo in bignum.c 2014-05-01 14:19:23 +02:00
Paul Bakker b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker 9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Paul Bakker c3f89aa26c Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result) 2014-05-01 10:56:03 +02:00
Paul Bakker 9bb04b6389 Removed redundant code in mpi_fill_random() 2014-05-01 09:47:02 +02:00
Paul Bakker 2ca1dc8958 Updated error.c and version_features.c based on changes 2014-05-01 09:46:38 +02:00
Markus Pfeiffer a26a005acf Make compilation on DragonFly work 2014-04-30 16:52:28 +02:00
Paul Bakker 2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard c16f4e1f78 Move RC4 ciphersuites down the list 2014-04-30 16:27:06 +02:00
Paul Bakker 8eab8d368b Merge more portable AES-NI 2014-04-30 16:21:08 +02:00
Paul Bakker 33dc46b080 Fix bug with mpi_fill_random() on big-endian 2014-04-30 16:20:39 +02:00
Paul Bakker f96f7b607a On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-04-30 16:02:38 +02:00
Paul Bakker 6384440b13 Better support for the different Attribute Types from IETF PKIX (RFC 5280) 2014-04-30 15:34:12 +02:00
Paul Bakker 1a1fbba1ae Sanity length checks in ssl_read_record() and ssl_fetch_input() 
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
 2014-04-30 14:48:51 +02:00
Paul Bakker 24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Paul Bakker 0f90d7d2b5 version_check_feature() added to check for compile-time options at run-time 2014-04-30 11:49:44 +02:00
Paul Bakker a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0 
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
 2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard 3d41370645 Fix hash dependencies in X.509 tests 2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard 3a306b9067 Fix misplaced #endif in ssl_tls.c 2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard b1fd397be6 Adapt AES-NI code to "old" binutil versions 2014-04-26 17:17:31 +02:00
Paul Bakker c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker 92478c37a6 Debug module only outputs full lines instead of parts 2014-04-25 16:58:15 +02:00
Paul Bakker eaebbd5eaa debug_set_log_mode() added to determine raw or full logging 2014-04-25 16:58:14 +02:00
Paul Bakker 61885c7f7f Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites 
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
 2014-04-25 12:59:51 +02:00
Paul Bakker 4ffcd2f9c3 Typo in PKCS#11 module 2014-04-25 11:44:12 +02:00
Paul Bakker 10a9dd35ea Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c 2014-04-25 11:27:16 +02:00
Paul Bakker 0767e67d17 Add support for 'emailAddress' to x509_string_to_names() 2014-04-18 14:11:37 +02:00
Paul Bakker c70e425a73 Only iterate over actual certificates in ssl_write_certificate_request() 2014-04-18 13:50:19 +02:00
Paul Bakker f4cf80b86f Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code 2014-04-17 17:24:29 +02:00
Paul Bakker 4f42c11846 Remove arbitrary maximum length for cipher_list and content length 2014-04-17 15:37:39 +02:00
Paul Bakker d893aef867 Force default value to curve parameter 2014-04-17 14:45:34 +02:00
Paul Bakker 93389cc620 Remove const indicator 2014-04-17 14:44:38 +02:00
Paul Bakker 874bd64b28 Check setsockopt() return value in net_bind() 2014-04-17 12:43:05 +02:00
Paul Bakker 3d8fb63e11 Added missing MPI_CHK around mpi functions 2014-04-17 12:42:41 +02:00
Paul Bakker a9c16d2825 Removed unused cur variable in x509_string_to_names() 2014-04-17 12:42:18 +02:00
Paul Bakker 0e4f9115dc Fix iteration counter 2014-04-17 12:39:05 +02:00
Paul Bakker 784b04ff9a Prepared for version 1.3.6 2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard 9655e4597a Reject certificates with times not in UTC 2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard 0776a43788 Use UTC to heck certificate validity 2014-04-11 13:59:31 +02:00
Paul Bakker 52c5af7d2d Merge support for verifying the extendedKeyUsage extension in X.509 2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard 78848375c0 Declare EC constants as 'const' 2014-04-11 13:58:41 +02:00
Paul Bakker 1630058dde Potential buffer overwrite in pem_write_buffer() fixed 
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
 2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard 0408fd1fbb Add extendedKeyUsage checking in SSL modules 2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard 7afb8a0dca Add x509_crt_check_extended_key_usage() 2014-04-11 11:09:00 +02:00
Paul Bakker d6ad8e949b Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C 2014-04-09 17:24:14 +02:00
Paul Bakker a77de8c841 Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off 2014-04-09 16:39:35 +02:00
Paul Bakker 043a2e26d0 Merge verification of the keyUsage extension in X.509 certificates 2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard a9db85df73 Add tests for keyUsage with client auth 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 490047cc44 Code cosmetics 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 312010e6e9 Factor common parent checking code 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard f93a3c4335 Check the CA bit on trusted CAs too 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 99d4f19111 Add keyUsage checking for CAs 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 3fed0b3264 Factor some common code in x509_verify{,_child} 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard 7f2a07d7b2 Check keyUsage in SSL client and server 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard 603116c570 Add x509_crt_check_key_usage() 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard 2abed84225 Specific return code for PK sig length mismatch 2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard 35e95ddca4 Add special return code for ecdsa length mismatch 2014-04-09 15:49:59 +02:00
Paul Bakker ddd427a8fc Fixed spacing in entropy_gather() 2014-04-09 15:49:57 +02:00
Paul Bakker 75342a65e4 Fixed typos in code 2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard 0f79babd4b Disable timing_selftest() for now 2014-04-09 15:49:51 +02:00
Paul Bakker 17b85cbd69 Merged additional tests and improved code coverage 
Conflicts:
	ChangeLog
 2014-04-08 14:38:48 +02:00
Paul Bakker 0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Paul Bakker 4224bc0a4f Prevent potential NULL pointer dereference in ssl_read_record() 2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard 8c045ef8e4 Fix embarrassing X.509 bug introduced in 9533765 2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard f6521de17b Add ALPN tests to ssl-opt.sh 
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
 2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard 89e35798ae Implement ALPN server-side 2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard 0b874dc580 Implement ALPN client-side 2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard 0148875cfc Add tests and fix bugs for RSA-alt contexts 2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard 7e250d4812 Add ALPN interface 2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard 79e58421be Also test net_usleep in timing_selttest() 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard 3fec220a33 Add test for dhm_parse_dhmfile 2014-04-04 16:42:44 +02:00