yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 16:25:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
4593 commits 88 branches 205 tags 69 MiB
Commit graph

1483 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 3bd5eb7567 Reintroduce line deleted by accident 2016-01-04 15:48:43 +00:00
Simon Butcher a02fe7c2cc Various fixes to doxygen API generation 
* Fixed incorrect file definitions
 * Corrected function naming in X.509 module definition
 2016-01-04 15:48:12 +00:00
Simon Butcher 6189175900 Fix for MPI divide on MSVC 
Resolves multiple platform issues when building bignum.c with Microsoft
Visual Studio.
 2016-01-03 20:32:46 +00:00
Simon Butcher aa4114910a Merge 'iotssl-558-2.1-md5-tls-sigs-restricted' 2015-12-23 18:52:18 +00:00
Simon Butcher e82ac57ef6 Merge remote-tracking branch 'origin/misc-2.1' into mbedtls-2.1 2015-12-22 19:36:17 +00:00
Manuel Pégourié-Gonnard 7da96958a6 Make documentation more explicit on TLS errors 
fixes #358
 2015-12-10 15:07:46 +01:00
Manuel Pégourié-Gonnard b39528e2e8 Disable MD5 in handshake signatures by default 2015-12-04 15:13:36 +01:00
Manuel Pégourié-Gonnard 013198f30f DTLS: avoid dropping too many records 
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
 2015-12-03 19:22:55 +01:00
Simon Butcher ef43d41f67 Changed version number to 2.1.3 
Changed for library
 2015-11-04 22:08:33 +00:00
Manuel Pégourié-Gonnard 7a40dc686f Disable reportedly broken assembly of Sparc(64) 
fixes #292
 2015-11-02 05:57:49 +09:00
Manuel Pégourié-Gonnard 9f44a80ea3 Try to prevent some misuse of RSA functions 
fixes #331
 2015-10-30 10:57:43 +01:00
Manuel Pégourié-Gonnard 93080dfacf Fix missing check for RSA key length on EE certs 
- also adapt tests to use lesser requirement for compatibility with old
  testing material
 2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard f9945bc283 Fix #ifdef inconsistency 
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.

Conflicts:
	ChangeLog
 2015-10-28 13:16:33 +01:00
Manuel Pégourié-Gonnard 1cb668cf0f ECHDE-PSK does not use a certificate 
fixes #270
 2015-10-28 13:15:12 +01:00
Manuel Pégourié-Gonnard d113b8e89d Move all KEY_EXCHANGE__ definitions in one place 2015-10-28 13:15:01 +01:00
Manuel Pégourié-Gonnard a6925c502d Fix typo in documentation 2015-10-27 10:28:49 +01:00
Simon Butcher 759b6d9df6 Corrected misleading fn description in ssl_cache.h 
Mistake in comments spotted by Andris Mednis
 2015-10-27 10:28:24 +01:00
Manuel Pégourié-Gonnard c4e7d8a381 Bump version to 2.1.2 
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
 2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard c80a74f734 Merge branch 'development' into development-restricted 
* development:
  Add 'inline' workaround where needed
 2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard 2ac9c60838 Add 'inline' workaround where needed 
Was previously using the workaround from md.h
 2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard a97ab2c8a6 Merge branch 'development' into development-restricted 
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
 2015-10-05 15:48:09 +01:00
Simon Butcher 7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard 2d7083435d Fix references to non-standard SIZE_T_MAX 
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
 2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard 899ac849d0 Merge branch 'development' into development-restricted 
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
 2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard cb6af00e2a Add missing warning in doc 
Found by Nicholas Wilson

fixes #288
 2015-10-05 12:12:39 +01:00
Manuel Pégourié-Gonnard 5a2e389811 Remove inline workaround when not useful 
This header doesn't have nay inline function any more
 2015-10-05 11:55:39 +01:00
Manuel Pégourié-Gonnard 0223ab9d38 Fix macroization of inline in C++ 
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
 2015-10-05 11:41:36 +01:00
Simon Butcher 6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Manuel Pégourié-Gonnard ef388f168d Merge branch 'development' into development-restricted 
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
 2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard 0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher 9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Simon Butcher 89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras 588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard 8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher 5793e7ef01 Merge 'development' into iotssl-411-port-reuse 
Conflicts:
	ChangeLog
 2015-09-16 15:25:53 +01:00
Simon Butcher 1a57af1607 Update ssl.h 
Typo
 2015-09-11 17:14:16 +01:00
Simon Butcher 4f6882a8a3 Update config.h 
Typo in RFC x-ref comment.
 2015-09-11 17:12:46 +01:00
Manuel Pégourié-Gonnard ddfe5d20d1 Tune dependencies 
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
 2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard 62c74bb78a Stop wasting resources 
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
 2015-09-09 11:22:52 +02:00
Nicholas Wilson 2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile 
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
 2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard 222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard 3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard 26d227ddfc Add config flag for support of client port reuse 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard 5f5e0ec3f1 Improve mbedtls_ssl_write() documentation 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len() 
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard bb83844a1d Clarify that there are two SSL I/O buffers 2015-08-31 12:46:01 +02:00
Manuel Pégourié-Gonnard 46c4fa16ab Fix missing casts on return 
closes #236
 2015-08-12 09:27:55 +02:00
Manuel Pégourié-Gonnard e2b0efe24b Separate license from comments in config.h 2015-08-11 10:38:37 +02:00
Manuel Pégourié-Gonnard ac50fc5e2f Fix typo in doc 2015-08-10 13:07:09 +02:00
Manuel Pégourié-Gonnard 854dab96fe Fix the fix for armcc5 --gnu 
Only exclude armcc5, not armcc6.
 2015-08-10 12:11:31 +02:00
Manuel Pégourié-Gonnard 32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard 43569a93cc Use #ifdef rather than patch for target_config.h 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard 63e7ebaaa1 Add material for generating yotta module 2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard e14dec68ea Fix stupid typo in previous commit 2015-08-04 22:49:33 +02:00
Manuel Pégourié-Gonnard f659f0c214 Disable Padlock code with ASan 
We're getting build errors with Clang 3.5.0 on our Debian Jessie buildslave:

library/padlock.c:99:10: error: inline assembly requires more registers than available
 2015-08-04 22:19:05 +02:00
Manuel Pégourié-Gonnard e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard 10c767488b Adjust rename/compat list 2015-07-15 11:07:26 +02:00
Paul Bakker 4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard 1409616d9c Fix one renaming in the list 
Found by Simon while testing the upgrade guide
 2015-07-09 09:17:18 +01:00
Manuel Pégourié-Gonnard 20af64dc2c Still need to #define inline for MSVC 
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
 2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard 052a6c9cfe Add mbedtls_md_clone() 2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard 16d412f465 Add md/shaXXX_clone() API 
Will be used in the SSL/TLS modules
 2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard 7893103154 Remove 1024 bits DHM params and add one 4096 bit 2015-07-03 17:06:39 +02:00
Manuel Pégourié-Gonnard 7c3b4ab6f2 Fix typos in comments 2015-07-02 17:59:52 +02:00
Manuel Pégourié-Gonnard 5791109707 Make the hardclock test optional 
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
 2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard 9bd0afdb22 Add guards for closed socket in net.c 
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
 2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard 2505528be4 Rm obsolete defines for inline wiht MSVC 
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
 2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard abc729e664 Simplify net_accept() with UDP sockets 
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
 2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard 3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free() 
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
 2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard 91895853ac Move from naked int to a structure in net.c 
Provides more flexibility for future changes/extensions.
 2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard b74c245a20 Rework debug to not need dynamic alloc 
But introduces dependency on variadic macros
 2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard 9db2887672 Actually enable fixed snprintf on windows 2015-06-26 11:04:08 +02:00
Manuel Pégourié-Gonnard dc54ff8578 Improve documentation about SSL ticket encryption 2015-06-25 12:44:46 +02:00
Manuel Pégourié-Gonnard 216a1831de Fix whitespace in CMakeLists.txt 
- all spaces no tabs
- indent with 4 spaces everywhere
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 53585eeb17 Remove test DHM params from certs.c 
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard 0761733c1b Fix potential NULL dereference 
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard c0d749418b Make 'port' a string in NET module 
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard e244f9ffc0 Improve doc about length of strings written 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard d23f593737 Avoid static buffer in debug module 
Caused issues in threading situations
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 1cd10adc7c Update prototype of x509write_set_key_usage() 
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 7320eb46d4 Remove references to some Montgomery curves 
After all it looks like those won't become standard.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard e7e89844d6 Fix and document corner-cases of time checking 2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard cdc26ae099 Add mbedtls_ssl_set_hs_authmode 
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
 2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 1685368408 Rationalize snprintf() usage in X.509 modules 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 6c0c8e0d3d Include fixed snprintf for Windows in platform.c 
Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too.
 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 8ba88f0460 Fix stupid typo in documentation 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 7580ba475d Add a concept of entropy source strength. 
The main goal is, we want and error if cycle counter is the only source.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 3f77dfbd52 Add MBEDTLS_ENTROPY_HARDWARE_ALT 
Makes it easier for an external module to plug its hardware entropy collector.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard bf82ff0209 Fix entropy thresholds 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE 
First one means we have time() but it may not return the actual wall clock
time, second means it does.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00