yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 15:45:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
949 commits 88 branches 205 tags 69 MiB
Commit graph

518 commits

Author SHA1 Message Date
Paul Bakker 95a11f8c16 On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-07-08 18:28:40 +02:00
Paul Bakker ccebf6ef8a Sanity length checks in ssl_read_record() and ssl_fetch_input() 
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
 2014-07-08 18:28:38 +02:00
Paul Bakker b0af56334c rsa_check_pubkey() now allows an E up to N 2014-07-08 18:28:36 +02:00
Paul Bakker 838ed3c74d Improve interop by not writing ext_len in ClientHello when 0 
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
 2014-07-08 18:28:33 +02:00
Paul Bakker 676093e253 Check setsockopt() return value in net_bind() 2014-07-08 18:28:29 +02:00
Paul Bakker 7890e62a1f Added missing MPI_CHK around mpi functions 2014-07-08 18:28:29 +02:00
Paul Bakker 243d61894c Reject certificates with times not in UTC 2014-07-08 14:40:58 +02:00
Paul Bakker f48de9579f Use UTC to heck certificate validity 2014-07-08 14:39:41 +02:00
Paul Bakker dedce0c35c Prevent potential NULL pointer dereference in ssl_read_record() 2014-07-08 14:36:12 +02:00
Paul Bakker 6995efe8be Potential memory leak in mpi_exp_mod() when error occurs during 
calculation of RR.
 2014-07-08 14:32:35 +02:00
Paul Bakker 358a841b34 x509_get_current_time() uses localtime_r() to prevent thread issues 2014-07-08 12:14:37 +02:00
Paul Bakker 24aaf44120 Make sure no random pointer occur during failed malloc()'s 2014-07-08 11:39:19 +02:00
Manuel Pégourié-Gonnard c2262b58f6 Tune debug_print_ret format 2014-07-08 11:26:20 +02:00
Paul Bakker ef3cf7088f Provide no info from entropy_func() on future entropy 2014-07-08 11:25:51 +02:00
Paul Bakker 1e9423704a Support for seed file writing and reading in Entropy 2014-07-08 11:20:25 +02:00
Paul Bakker 22a0ce0cef Fix warning on MinGW and MSVC12 2014-07-08 11:17:50 +02:00
Paul Bakker 8cb73200e1 MinGW32 static build should link to windows libs and libz 2014-07-08 11:15:55 +02:00
Paul Bakker b000f82d76 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard a9f86e03ed Make the compiler work-around more specific 2014-07-08 11:13:59 +02:00
Manuel Pégourié-Gonnard 57291a7019 Work around a compiler bug on OS X. 2014-07-08 11:13:42 +02:00
hasufell 97a11c107e CMake: allow to build both shared and static at once 
This allows for more fine-grained control. Possible combinations:
  * static off, shared on
  * static on, shared off
  * static on, shared on

The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.

Default is: only build static lib.
 2014-07-08 11:10:09 +02:00
Manuel Pégourié-Gonnard be04673c49 Forbid sequence number wrapping 2014-07-08 11:04:19 +02:00
Paul Bakker 50a5c53398 Reject certs and CRLs from the future 2014-07-08 10:59:10 +02:00
Paul Bakker 0d844dd650 Add x509parse_time_future() 2014-07-07 17:46:36 +02:00
Manuel Pégourié-Gonnard 963918b88f Countermeasure against "triple handshake" attack 2014-07-07 17:46:35 +02:00
Manuel Pégourié-Gonnard 397858b81d Avoid "unreachable code" warning 2014-07-07 17:46:33 +02:00
Manuel Pégourié-Gonnard 6d841c2c5c Fix verion-major intolerance 2014-07-07 17:46:31 +02:00
Manuel Pégourié-Gonnard c675e4bde5 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-07-07 17:46:29 +02:00
Paul Bakker 1e7c3d2500 net_is_block() renamed to net_would_block() and corrected behaviour on 
non-blocking sockets

net_would_block() now does not return 1 if the socket is blocking.
 2014-07-07 17:46:28 +02:00
Paul Bakker 1dc45f15a6 Added MPI_CHK around unguarded mpi calls 2014-07-07 17:46:25 +02:00
Paul Bakker 7837026b91 Remove a few dead stores 2014-07-07 16:01:34 +02:00
Manuel Pégourié-Gonnard d220f8b709 Fix potential memory leak in bignum selftest 2014-07-07 16:01:33 +02:00
Manuel Pégourié-Gonnard 7fd620b331 Fix misplaced initialisation. 
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
 2014-07-07 16:01:31 +02:00
Manuel Pégourié-Gonnard b55f578982 Fix missing error checking in gcm 2014-07-07 16:01:30 +02:00
Paul Bakker 4091141368 Add a length check in ssl_derive_keys() 2014-07-07 16:01:28 +02:00
Paul Bakker d83584e9aa Fixed potential overflow in certificate size in ssl_write_certificate() 2014-07-07 16:01:11 +02:00
Paul Bakker 78e819698b Added missing MPI_CHK() around some statements 2014-07-07 16:01:10 +02:00
Paul Bakker 40cc914567 Fixed x509_crt_parse_path() bug on Windows platforms 2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard 9975c5d217 Check PKCS 1.5 padding in a more constant-time way 
(Avoid branches that depend on secret data.)
 2014-07-07 14:38:09 +02:00
Manuel Pégourié-Gonnard d237d261e5 Check OAEP padding in a more constant-time way 2014-07-07 14:37:56 +02:00
Manuel Pégourié-Gonnard 3411464a64 RSA-OAEP decrypt: reorganise code 2014-07-07 14:37:39 +02:00
Paul Bakker a1caf6e1e8 SSL now gracefully handles missing RNG 2014-07-07 14:20:52 +02:00
Paul Bakker c941adba31 Fixed X.509 hostname comparison (with non-regular characters) 2014-07-07 14:17:24 +02:00
Paul Bakker 835481930a Makefile now produces a .so.X with SOVERSION in it 2014-07-07 14:13:54 +02:00
Manuel Pégourié-Gonnard 5c8434cf52 Safer buffer comparisons in the SSL modules 2014-07-07 14:10:07 +02:00
Paul Bakker c3ec63df42 Minor change that makes life easier for static analyzers / compilers 2014-07-07 14:06:22 +02:00
Paul Bakker e46b17766c Make get_pkcs_padding() constant-time 2014-07-07 14:04:31 +02:00
Paul Bakker 52cb87beb7 Forced cast to prevent MSVC compiler warning 2014-07-07 13:46:10 +02:00
Paul Bakker 4c9301a7af Convert SOCKET to int to prevent compiler warnings under MSVC. 
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
 2014-07-07 13:44:30 +02:00
Paul Bakker 9ccb2116a7 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2014-07-07 13:43:31 +02:00
Paul Bakker ff6e24710a RSA blinding: check highly unlikely cases 2014-07-07 13:34:41 +02:00
Paul Bakker 6b06502c4b Changed RSA blinding to a slower but thread-safe version 2013-10-07 12:06:29 +02:00
Paul Bakker adace27ec9 Prepped for 1.2.10 release 2013-10-04 17:07:26 +02:00
Paul Bakker 2f1481ec73 Additional fixed to rsa.c with regards to blinding 2013-10-04 16:46:21 +02:00
Paul Bakker 62087eed22 Fixed memory leak in rsa.c introduced in 43f9799 2013-10-04 10:57:12 +02:00
Paul Bakker e45574e7de Prepped for 1.2.9 release 2013-09-25 18:42:42 +02:00
Paul Bakker 915ee19887 Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2 2013-09-23 17:30:26 +02:00
Paul Bakker 43f9799ce6 RSA blinding on CRT operations to counter timing attacks 2013-09-23 11:23:31 +02:00
Paul Bakker 88a2264def Fixed potential file descriptor leaks 2013-09-11 13:31:55 +02:00
Paul Bakker f65fbee52b x509_verify() now case insensitive for cn (RFC 6125 6.4) 
(cherry picked from commit a5943858d8)

Conflicts:
	ChangeLog
	library/x509parse.c
	tests/suites/test_suite_x509parse.data
 2013-09-11 13:31:55 +02:00
Paul Bakker a565aceea1 Fixed potential memory leak when failing to resume a session 2013-09-11 13:31:53 +02:00
Paul Bakker a13d744d2e Fixed potential heap buffer overflow on large hostname setting 
(cherry picked from commit 75c1a6f97c)

Conflicts:
	library/ssl_tls.c
 2013-09-11 11:41:41 +02:00
Paul Bakker fe7c24caa6 Fixed potential negative value misinterpretation in load_file() 
(cherry picked from commit 42c3ccf36e)

Conflicts:
	library/x509parse.c
 2013-09-11 11:41:41 +02:00
Paul Bakker 433fad261e Removed errant printf in x509parse_self_test() 
(cherry picked from commit dc4baf11ab)
 2013-09-11 11:32:46 +02:00
Paul Bakker 21360ca4d4 ssl_write_certificate_request() can handle empty ca_chain 2013-06-21 15:11:10 +02:00
Paul Bakker 1d419500b0 Prepared for PolarSSL release 1.2.8 2013-06-19 11:48:04 +02:00
Paul Bakker da7fdbd534 Fixed minor comment typo 2013-06-19 11:15:43 +02:00
Paul Bakker 14a222cef2 Moved PKCS#12 PBE functions to cipher / md layer where possible 
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).

In addition this allows for some PASSWORD_MISMATCH checking
 2013-06-18 16:35:48 +02:00
Paul Bakker 2be71faae4 Fixed values for 2-key Triple DES in cipher layer 2013-06-18 16:33:27 +02:00
Paul Bakker b495d3a2c7 x509parse_crt() and x509parse_crt_der() return X509 password related codes 
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED

Rationale: For PKCS#8 encrypted keys the same are returned
 2013-06-17 15:58:04 +02:00
Paul Bakker 1fc7dfe2e2 Removed redundant free()s 2013-06-17 15:57:02 +02:00
Paul Bakker ff3a4b010b Added missing free() 2013-06-17 15:56:12 +02:00
Paul Bakker 1fd4321ba2 PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates 
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
 2013-06-17 15:14:42 +02:00
Paul Bakker 19bd297dc8 PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated 
old PBKDF2 module.
 2013-06-14 12:06:45 +02:00
Paul Bakker 52b845be34 Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler 2013-06-14 11:37:37 +02:00
Paul Bakker 67812d396c Fixed location of brackets in pkcs12.c 2013-06-14 11:35:09 +02:00
Paul Bakker cbfcaa9206 x509parse_crtpath() is now reentrant and uses more portable stat() 
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
 2013-06-13 09:20:25 +02:00
Paul Bakker d6d4109adc Changed x509parse_crt_der() to support adding to chain. 
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
 2013-06-13 09:02:09 +02:00
Paul Bakker 4087c47043 Added mechanism to provide alternative cipher / hash implementations 
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
 2013-06-12 16:57:46 +02:00
Paul Bakker cf6e95d9a8 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis 
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
 2013-06-12 13:18:15 +02:00
Paul Bakker 65a1909dc6 Internally split up x509parse_key() 
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
 2013-06-06 21:17:08 +02:00
Paul Bakker 1922a4e6aa ssl_parse_certificate() now calls x509parse_crt_der() directly 2013-06-06 15:11:16 +02:00
Paul Bakker 6417186365 x509parse_crt() now better handles PEM error situations 
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
 2013-06-06 15:01:18 +02:00
Paul Bakker 9255e8300e pem_read_buffer() already update use_len after header and footer are read 
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
 2013-06-06 15:00:55 +02:00
Paul Bakker eae09db9e5 Fixed const correctness issues that have no impact on the ABI 2013-06-06 12:35:54 +02:00
Paul Bakker f92263021c Fixed offset for cert_type list in ssl_parse_certificate_request() 2013-06-06 11:24:37 +02:00
Paul Bakker 7c3c3899cf Secure renegotiation extension should only be sent in case client supports secure renegotiation 2013-06-06 11:22:13 +02:00
Paul Bakker 822e958bb2 Prepared for PolarSSL 1.2.7 release 2013-04-13 11:56:17 +02:00
Paul Bakker f42e5cceab Cleanup of the GCM code 
Removed unused variable 'v'

orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
(cherry picked from commit 0ecdb23eed)

Conflicts:
	library/gcm.c
 2013-04-12 13:21:29 +02:00
Paul Bakker 8a4ec44c7c Blowfish has default of 128-bit keysize in cipher layer 
(cherry picked from commit bfe671f2d5)
 2013-04-12 13:18:53 +02:00
Paul Bakker a62729888b Ability to specify allowed ciphersuites based on the protocol version. 
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int **' and is now malloced in ssl_init() and freed in
ssl_free().

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
 2013-04-12 13:13:43 +02:00
Paul Bakker 90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain) 
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
 2013-03-06 18:01:03 +01:00
Paul Bakker 78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages 
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
 2013-03-06 18:01:03 +01:00
Paul Bakker 37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker 926c8e49fe Fixed possible NULL pointer exception in ssl_get_ciphersuite() 2013-03-06 18:01:03 +01:00
Paul Bakker 8804f69d46 Removed timing differences due to bad padding from RSA decrypt for 
PKCS#1 v1.5 operations
 2013-03-06 18:01:03 +01:00
Paul Bakker a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions 
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
 2013-03-06 18:01:02 +01:00
Paul Bakker 8ddb645ad3 Added conversion to int for a t_uint value to prevent compiler warnings 
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
 2013-03-06 18:00:54 +01:00