yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-12 08:05:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
3420 commits 88 branches 205 tags 69 MiB
Commit graph

250 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 48ed550b92 Fix name, documentation & location of config flag 2017-06-08 17:27:20 +02:00
Ron Eldor a9ec0cd77f Restrict MD5 in x509 certificates 
Remove support for X509 certificates signed with MD5.
Issue raised by Harm Verhagen
 2017-06-07 10:58:36 +03:00
Janos Follath 441d6f9833 Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature 
In a USENIX WOOT '16 paper the authors warn about a security risk
of random Initialisation Vectors (IV) repeating values.

The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and
it isn't compliant with RFC5116. Furthermore, strictly speaking it
is a different cipher suite from the TLS (RFC5246) point of view.

Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above
problems.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
 2016-10-13 14:14:16 +01:00
Janos Follath 17da9dd829 Add option for relaxed X509 time verification. 
The certificates are not valid according to the RFC, but are in wide
distribution across the internet. Hence the request to add a
compile-time flag to accept these certificates if wanted by the
application.

If POLARSSL_RELAXED_X509_DATE is enabled it will allow dates without
seconds, and allow dates with timezones (but doesn't actually use
the timezone).

Patch provided by OpenVPN.
 2016-09-30 09:04:18 +01:00
Janos Follath 4dfecabb97 Update default configuration 
Change the default settings for SSL and modify the tests accordingly.
 2016-03-14 13:40:43 +00:00
Simon Butcher 14400c8fb0 Merge memory leak fix into branch 'mbedtls-1.3' 
Merge of fix for memory leak in RSA-SSA signing - #372
 2016-01-02 00:28:19 +00:00
Manuel Pégourié-Gonnard ded3ae500b Add missing warning in doc 
Found by Nicholas Wilson

fixes #288
 2015-10-05 14:18:16 +01:00
Manuel Pégourié-Gonnard 9ea1b23cc4 Up min size of DHM params to 1024 bits on client 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard 23ce09b18f Deprecate HAVE_INT8 and HAVE_INT16 2015-04-09 14:51:51 +02:00
Manuel Pégourié-Gonnard a98af5e2b2 Deprecate using NET_C without HAVE_IPV6 2015-04-09 14:40:46 +02:00
Manuel Pégourié-Gonnard a82135c5cf Document POLARSSL_CAMELLIA_SMALL_MEMORY 2015-04-03 17:58:26 +02:00
Manuel Pégourié-Gonnard c70581c272 Add POLARSSL_DEPRECATED_{WARNING,REMOVED} 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard e658176dfa Mark a few additional deprecations 2015-03-20 17:26:50 +00:00
Manuel Pégourié-Gonnard 71432849ed Use proper doxygen markup to mark deprecations 2015-03-20 17:26:50 +00:00
Manuel Pégourié-Gonnard fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard fb57e644a7 Fix whitespace issues 2015-03-06 11:56:40 +00:00
Rich Evans 16f8cd8e87 implemented macro overriding for polarssl_* library functions 2015-02-13 13:50:26 +00:00
Rich Evans 4cc8a22d88 add initial symbols to config and checks to check_config to allow use of macros to define standard functions 2015-02-13 13:50:26 +00:00
Rich Evans 98081c5ec6 reformat and arrange additions to config alphabetically 2015-02-13 13:50:26 +00:00
Rich Evans c39cb4986b add POLARSSL_PLATFORM_EXIT_ALT 2015-02-13 13:50:26 +00:00
Rich Evans 46b0a8d15a add platform_set_snprintf 2015-02-13 13:50:25 +00:00
Manuel Pégourié-Gonnard 860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard bbbb3cfba5 Fix depend that was checked but not documented 2015-01-28 16:44:37 +00:00
Manuel Pégourié-Gonnard 0a155b826c Fix bug with compatibility memory define/header 2015-01-23 17:28:27 +00:00
Manuel Pégourié-Gonnard 085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard 9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard 19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard b4fe3cb1fa Rename to mbed TLS in the documentation/comments 2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard 967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard 037170465a Switch from an enable to a disable flag 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 6b298e6cc1 Update comment from draft to RFC 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 769c6b6351 Make session-hash depend on TLS versions 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret 
(But not the actual thing yet.)
 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Manuel Pégourié-Gonnard 481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard dfc7df0bec Add SSL_CIPHERSUITES config option 2014-07-04 14:59:02 +02:00
Paul Bakker 237a847f1c Fix typos in comments 2014-06-25 14:45:24 +02:00
Manuel Pégourié-Gonnard bf31977c42 Update BIGNUM_C comments 2014-06-25 13:00:17 +02:00
Manuel Pégourié-Gonnard dc16aa7eac Improve comments on POLARSSL_ERROR_STRERROR_DUMMY 2014-06-25 12:55:12 +02:00
Manuel Pégourié-Gonnard 01edb1044c Add POLARSSL_REMOVE_RC4_CIPHERSUITES 2014-06-25 11:27:59 +02:00