yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 01:31:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
4022 commits 88 branches 205 tags 69 MiB
Commit graph

558 commits

Author SHA1 Message Date
Simon Butcher 5b8d1d65f7 Fix for IOTSSL-473 Double free error 
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
 2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard ef388f168d Merge branch 'development' into development-restricted 
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
 2015-10-02 12:44:39 +02:00
Simon Butcher 9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Simon Butcher 89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras 588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Simon Butcher 5793e7ef01 Merge 'development' into iotssl-411-port-reuse 
Conflicts:
	ChangeLog
 2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard ea5370d4a2 Don't allow reconnect during handshake 
Especially for resumed handshake, it's entirely possible for an epoch=0
ClientHello to be retransmitted or arrive so late that the server is already
at epoch=1. There is no good way to detect whether it's that or a reconnect.

However:
- a late ClientHello seems more likely that client going down and then up
  again in the middle of a handshake
- even if that's the case, we'll time out on that handshake soon enough
- we don't want to break handshake flows that used to work
So the safest option is to not treat that as a reconnect.
 2015-09-15 15:17:54 +02:00
Simon Butcher d0bf6a3891 Update ssl_tls.c 
Clarification in comments
 2015-09-11 17:34:49 +01:00
Simon Butcher 74ca8d07ad Update ssl_tls.c 
Clarification in comments to ssl_handle_possible_reconnect()
 2015-09-11 17:22:40 +01:00
Simon Butcher 0789aed39d Update ssl_tls.c 
Typo
 2015-09-11 17:15:17 +01:00
Manuel Pégourié-Gonnard ddfe5d20d1 Tune dependencies 
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
 2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard 2ed05a049a Fix typos 2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard 62c74bb78a Stop wasting resources 
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
 2015-09-09 11:22:52 +02:00
Nicholas Wilson 2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile 
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
 2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard 3f09b6d4c2 Fix API 2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard 11331fc25b First working dirty version 
- uses too much resources
- wrong API
 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 9650205df7 Start detecting epoch 0 ClientHellos 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Simon Butcher ed51594337 Merge pull request #265 from ARMmbed/iotssl-460-bugfixes 
Iotssl 460 bugfixes
 2015-09-02 23:36:36 +01:00
Manuel Pégourié-Gonnard f81ee2eba8 Add NULL checks to top-level SSL functions 
On normal use these should never be useful, but if the application has issues,
it's best for us to return an error than to crash.
 2015-09-01 17:43:40 +02:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len() 
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard c6b5d833ec Fix handling of long PSK identities 
fixes #238
 2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard ea35666f50 Fix -Wshadow warnings 
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).

fixes #240
 2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard c98204e68f Fix missing break in switch for SSL presets 
closes #235
 2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard 0a8857435c DTLS: treat bad MAC on Finished as an error 
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
 2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard cb0d212c97 Fix level of some debug messages 2015-07-22 11:52:11 +02:00
Manuel Pégourié-Gonnard 001f2b6246 Use xxx_clone() instead of memcpy() in SSL 2015-07-06 16:54:51 +02:00
Manuel Pégourié-Gonnard c0bf01e8d2 Undo overzealous renaming of internal variables 
The rename script couldn't know it was a local variable with the same name as
on of the global functions
 2015-07-06 16:26:23 +02:00
Manuel Pégourié-Gonnard b9d64e5bbe Fix missing calls to md/shaxxx_free() 2015-07-06 14:18:56 +02:00
Manuel Pégourié-Gonnard 9de64f5af1 Fix MSVC warnings in library and programs 2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard 0761733c1b Fix potential NULL dereference 
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard 79c4e3ee59 Rm obsolete comments 2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard 14bf7063b9 Add SSL "assertions" to help static analyzers 
scan-build was reporting NULL dereferences
 2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard cdc26ae099 Add mbedtls_ssl_set_hs_authmode 
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
 2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard 898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard b31c5f68b1 Add SSL presets. 
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
 2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard 7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard 36a8b575a9 Create API for mbedtls_ssl_conf_sig_hashes(). 
Not implemented yet.
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard 9d412d872c Small internal changes in curve checking 
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard b541da6ef3 Fix define for ssl_conf_curves() 
This is a security feature, it shouldn't be optional.
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 6e3ee3ad43 Add mbedtls_ssl_conf_cert_profile() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard bd990d6629 Add ssl_conf_dhm_min_bitlen() 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard 3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard 6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard 1b8de57827 Remove a few redundant memset after calloc. 
Using the following semantic patch provided by Mansour Moufid:

@@
expression x;
@@
  x = mbedtls_calloc(...)
  ...
- memset(x, 0, ...);
 2015-05-27 16:58:55 +02:00