yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 21:11:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
3813 commits 88 branches 205 tags 69 MiB
Commit graph

2186 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 14bf7063b9 Add SSL "assertions" to help static analyzers 
scan-build was reporting NULL dereferences
 2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard b9c93d0d0a Fix earlier incomplete change in RSA PMS reading 
Probably a bad merge from the 1.3 branch
 2015-06-23 18:43:53 +02:00
Manuel Pégourié-Gonnard 19389753c8 Avoid dead stores (makes scan-build happier) 2015-06-23 13:46:44 +02:00
Manuel Pégourié-Gonnard c0d749418b Make 'port' a string in NET module 
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard d23f593737 Avoid static buffer in debug module 
Caused issues in threading situations
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 96fb685e31 Some more init calls 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 496f24e949 Deduplicate SHA-2 wrappers 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard ab5932192a Call init functions in MD alloc wrappers 
When someone defines MBEDTLS_MD5_ALT for example, the init function may need
to do more that just zeroizing the context
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard 1cd10adc7c Update prototype of x509write_set_key_usage() 
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard b80d16d171 Fix return convention of x509_wildcard_verify() 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 7320eb46d4 Remove references to some Montgomery curves 
After all it looks like those won't become standard.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9386664543 Move from inttypes.h to stdint.h 
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
 2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard e7e89844d6 Fix and document corner-cases of time checking 2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard 57e10d71be Fix potential NULL dereference. 
Introduced when moving from gmtime_r() to gmtime().
Found with fbinfer.
 2015-06-22 23:40:44 +02:00
Manuel Pégourié-Gonnard f9b85d96a9 Fix potential resource leak in X.509 parse dir 
Found with fbinfer.
 2015-06-22 18:39:57 +02:00
Manuel Pégourié-Gonnard bcf13bab5d Fix issue with MemSan and entropy 
Due to the recent change about entropy sources strength, it is no longer
acceptable to just disable the platform source. So, instead "fix" it so that
it is clear to MemSan that memory is initialized.

I tried __attribute__((no_sanitize_memory)) and MemSan's blacklist file, but
couldn't seem to get them to work.
 2015-06-22 18:25:41 +02:00
Manuel Pégourié-Gonnard cdc26ae099 Add mbedtls_ssl_set_hs_authmode 
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
 2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 9dbaf400ef Rationalize other snprintf() uses 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 1685368408 Rationalize snprintf() usage in X.509 modules 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard 6c0c8e0d3d Include fixed snprintf for Windows in platform.c 
Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too.
 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard f9cbd73191 Update generated files 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 7580ba475d Add a concept of entropy source strength. 
The main goal is, we want and error if cycle counter is the only source.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 3f77dfbd52 Add MBEDTLS_ENTROPY_HARDWARE_ALT 
Makes it easier for an external module to plug its hardware entropy collector.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard bf82ff0209 Fix entropy thresholds 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard 60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE 
First one means we have time() but it may not return the actual wall clock
time, second means it does.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard 097c7bb05b Rename relevant global symbols from size to bitlen 
Just applying rename.pl with this file:

mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
 2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard fb317c5221 Rename parameter in a x509 helper 2015-06-18 16:41:13 +02:00
Manuel Pégourié-Gonnard 39a48f4934 Internal renamings in PK 
+ an unrelated comment in SSL
 2015-06-18 16:06:55 +02:00
Manuel Pégourié-Gonnard 12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard 898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard b8186a5e54 Rename len to bitlen in function parameters 
Clarify a few comments too.
 2015-06-18 14:58:58 +02:00
Manuel Pégourié-Gonnard b31c5f68b1 Add SSL presets. 
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
 2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard 7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard 36a8b575a9 Create API for mbedtls_ssl_conf_sig_hashes(). 
Not implemented yet.
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard 9d412d872c Small internal changes in curve checking 
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
 2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard a83e4e2bf5 Extra check in verify_with_profile() 
This could happen if someone doesn't set the SSL configuration properly. In
that case we don't want to segfault...
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard b541da6ef3 Fix define for ssl_conf_curves() 
This is a security feature, it shouldn't be optional.
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 6e3ee3ad43 Add mbedtls_ssl_conf_cert_profile() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard cbb1f6e5cb Implement cert profile checking 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard f8ea856296 Change data structure of profiles to bitfields 
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too

Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 88db5da117 Add pre-defined profiles for cert verification 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 9505164ef4 Create cert profile API (unimplemented yet) 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard bd990d6629 Add ssl_conf_dhm_min_bitlen() 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard 7ee5ddd798 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
 2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard ba56136b5c Avoid in-out length in base64 2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard 3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard f79b425226 Avoid in-out length parameter in bignum 2015-06-02 15:41:48 +01:00
ptahpeteh 249bece013 Fix compile bug: incompatible declaration of polarssl_exit in platform.c 
This causes a compile-time error: 

platform.c(157): error:  #147: declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h")
 2015-06-02 15:26:09 +02:00
Manuel Pégourié-Gonnard c730ed3f2d Rename boolean functions to be clearer 2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard 9d51583772 Fix cipher identifier in des_ede3_info 2015-06-02 10:00:04 +01:00
Manuel Pégourié-Gonnard 0574bb0bdb Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Mark unused constant as such
  Update ChangeLog for recent external bugfix
  Serious bug fix in entropy.c
  Fix memleak with repeated [gc]cm_setkey()
  fix minor bug in path_cnt checks

Conflicts:
	include/mbedtls/cipher.h
	library/ccm.c
	library/entropy.c
	library/gcm.c
	library/x509_crt.c
 2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard 468b06dab0 Merge remote-tracking branch 'ptahpeteh/patch-1' into mbedtls-1.3 
* ptahpeteh/patch-1:
  Serious bug fix in entropy.c
 2015-06-02 09:03:06 +01:00
ptahpeteh 638fa0bb0f Serious bug fix in entropy.c 
Bug: mutex access within entropy_contex after it has been zeroed leads to app crash.
 2015-06-01 12:28:29 +02:00
Manuel Pégourié-Gonnard f78e4de6f4 Fix warnings from -pedantic 2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard f8b6fdedd9 Remove include that is no longer needed 2015-05-29 10:23:32 +02:00
Manuel Pégourié-Gonnard 864108daab Move from gmtime_r to gmtime + mutexes 
* gmtime_r is not standard so -std=c99 warns about it
* Anyway we need global mutexes in the threading layer, so better depend only
  on that, rather that global mutexes + some _r functions
 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard ba19432d2e Move from asm to __asm by default 
- GCC with -std=c99 warns about asm but likes __asm
_ armcc5 has __asm but not asm
 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard 2a84dfd747 Make ssl_cookie.c thread-safe 2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard 41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard bfffa908a6 Implement md_file in the MD layer 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard eb0d8706ce Add option for even smaller SHA-256 2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard a7a3a5fe37 Make SHA-2 implementation smaller 
Adjust the size/performance trade-off:
* Reduces size of sha256_process() from 7.4KB to 2KB on ARMv7-M
* Reduces performance by less than 14% on Cortex-M4
* Seems to even improve performance on my Core i7
 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard 6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard 6c967b95ff Fix typo in memory_buffer_alloc 2015-05-27 20:18:39 +02:00
Manuel Pégourié-Gonnard 944cfe8899 Allow use of global mutexes with threading_alt 2015-05-27 20:12:05 +02:00
Manuel Pégourié-Gonnard 61977614d8 Fix memleak with repeated [gc]cm_setkey() 2015-05-27 17:40:16 +02:00
Manuel Pégourié-Gonnard 43b08574a6 Avoid memory leak with repeated [gc]ccm_setkey() 2015-05-27 17:23:30 +02:00
Manuel Pégourié-Gonnard 3a89559d71 Fix compile errors in pkcs11.c 2015-05-27 17:09:21 +02:00
Manuel Pégourié-Gonnard 1b8de57827 Remove a few redundant memset after calloc. 
Using the following semantic patch provided by Mansour Moufid:

@@
expression x;
@@
  x = mbedtls_calloc(...)
  ...
- memset(x, 0, ...);
 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard b2a18a2a98 Remove references to malloc in strings/names 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard 200e73179e Adapt memory_buffer_alloc to calloc 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard b9ef1182f3 Adapt the platform layer from malloc to calloc 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard 7551cb9ee9 Replace malloc with calloc 
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
 2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard 5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard 50518f4195 Rename _wrap headers to _internal 
Makes it clearer that the user is not supposed to include them
 2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard 1e9c4db524 Implement key rotation 2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard 887674a33b Internal changes in preparation for key rotation 
- two sets of keys
- separate function for key generation/update
 2015-05-25 12:19:00 +02:00
Manuel Pégourié-Gonnard a0adc1bbe4 Make cipher used in ssl tickets configurable 2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard 1041a39338 Use AES-GCM-256 for session ticket protection 2015-05-20 20:19:42 +02:00
Manuel Pégourié-Gonnard 8eff512274 Fix possible signedness issue in time comparison 2015-05-20 11:41:36 +02:00
Manuel Pégourié-Gonnard 0849a0a910 Make ssl ticket functions thread-safe 2015-05-20 11:34:54 +02:00
Manuel Pégourié-Gonnard e057d3bf6b Relax some dependencies 
- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY

Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b596abfdc0 Refine cli/srv ifdefs for session tickets 
- Only the server needs to generate/parse tickets
- Only the client needs to store them

Also adjust prototype of ssl_conf_session_tickets() while at it.
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard cf141ca7e7 Fix #ifdefs on ssl_cli.c or ssl_srv.c 
Nothing to do with the current branch except I'm going to refine such #ifdefs
for tickets next and I want to start from a clean state
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 0c0f11f4b3 Update dependencies & includes for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard d59675d92c Move to callback for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b0394bebdb Further adapt prototypes of ticket functions 
Moving everything in ticket_keys structure, that will soon become
ticket_context.
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 69f17280d3 Adapt prototypes of ticket handling functions 
This is an intermediate step. The ssl_config argument will be replace by a
ticket context next.
 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard a4a473516e Rename & move ticket functions to ticket module 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard fd6d8978f9 Add new submodule ssl_ticket 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 53ebe138c6 Fix copyright lines still mentioning Brainspark 2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard 0b104b056b Adapt prototype of net_accept() for explicit size 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d9e6a3ac10 Rename pk_init_ctx() -> pk_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard d4f04dba42 net.c now depends on select() unconditionally 2015-05-14 21:58:34 +02:00