yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 10:21:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
7154 commits 88 branches 205 tags 69 MiB
Commit graph

7154 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine d3eb0619a6 ssl_write_server_key_exchange refactor: minor cleanup 
Clean up some debug messages and improve some comments.
 2018-04-24 09:36:36 +02:00
Gilles Peskine ebd30ae205 ssl_write_server_key_exchange refactor: ssl_resume_server_key_exchange 
Continue clarifying the control flow. This gets rid of the last goto
introduced by the initial code for asynchronous signature support.
 2018-04-24 09:36:36 +02:00
Gilles Peskine d04d292b64 Get rid of useless handshake field out_async_start 
The location where the signature goes is now tracked via
ssl->out_msglen, which makes ssl->handshake->out_async_start redundant.
 2018-04-24 09:36:36 +02:00
Gilles Peskine ab50f83a93 Improve documentation of async operation start callbacks 2018-04-24 09:36:36 +02:00
Gilles Peskine 7ab013a08a ssl_write_server_key_exchange refactor: move signature_len out 
Move the writing of signature_len out of
ssl_prepare_server_key_exchange. This simplifies the control flow (one
less goto).
 2018-04-24 09:36:36 +02:00
Gilles Peskine 1004c19ed0 ssl_write_server_key_exchange refactor: don't use p in the signing phase 
This is in preparation of further splitting ssl_write_server_key_exchange
into several functions.
 2018-04-24 09:36:36 +02:00
Gilles Peskine 184a3faa8a ssl_write_server_key_exchange refactor: create ssl_prepare_server_key_exchange 
This is in the process of splitting ssl_write_server_key_exchange
into several functions.
 2018-04-24 09:36:36 +02:00
Gilles Peskine 3ce9b900d2 ssl_write_server_key_exchange refactor: remove dig_signed_len 
Simplify the redundant varaible dig_signed_len away.

This is in preparation for splitting ssl_write_server_key_exchange
into several functions.
 2018-04-24 09:36:36 +02:00
Gilles Peskine 3665f1db9d SSL asynchronous signature: test cases 
Add test cases for SSL asynchronous signature to ssl-opt.sh:

* Delay=0,1 to test the sequences of calls to f_async_resume
* Test fallback when the async callbacks don't support that key
* Test error injection at each stage
* Test renegotiation
 2018-04-24 09:36:36 +02:00
Gilles Peskine 4bf9a28d1d SSL asynchronous signature: first implementation 
Implement SSL asynchronous private operation for the case of a
signature operation in a server.

This is a first implementation. It is functional, but the code is not
clean, with heavy reliance on goto.
 2018-04-24 09:36:06 +02:00
Gilles Peskine ebd652fe2d ssl_write_server_key_exchange: calculate hashlen explicitly 
The pk layer can infer the hash length from the hash type. Calculate
it explicitly here anyway because it's needed for debugging purposes,
and it's needed for the upcoming feature allowing the signature
operation to be offloaded to an external cryptographic processor, as
the offloading code will need to know what length hash to copy.
 2018-04-24 09:34:38 +02:00
Gilles Peskine e1efdf912f ssl_write_server_key_exchange: don't hard-code max hash size 2018-04-24 09:32:29 +02:00
Gilles Peskine e198df53a0 ssl_pick_cert: use the public key for can_do 
This is in preparation for support of external private key operations,
where there is no private key object.
 2018-04-24 09:32:29 +02:00
Gilles Peskine 9eb5e9a16e SSL asynchronous private key operation callbacks: test server 
New options in ssl_server2 to use the asynchronous private key
operation feature.

Features: resume delay to call resume more than once; error injection
at each stage; renegotiation support.
 2018-04-24 09:32:29 +02:00
Gilles Peskine 8bf79f6dc6 SSL asynchronous private key operation callbacks: interface 
New compile-time option MBEDTLS_SSL_ASYNC_PRIVATE_C, enabling
callbacks to replace private key operations. These callbacks allow the
SSL stack to make an asynchronous call to an external cryptographic
module instead of calling the cryptography layer inside the library.
The call is asynchronous in that it may return the new status code
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, in which case the SSL stack returns
and can be later called where it left off.

This commit introduces the configuration option. Later commits will
implement the feature proper.
 2018-04-24 09:32:28 +02:00
Gilles Peskine 59e83d96db Add conf parameter to mbedtls_ssl_handshake_free 
This function is declared in ssl_internal.h, so this is not a public
API change.

This is in preparation for mbedtls_ssl_handshake_free needing to call
methods from the config structure.
 2018-04-24 09:32:28 +02:00
Gilles Peskine fe1c0937d7 ssl_write_server_key_exchange refactor: remove redundant variable n 
Remove redundant variable n, which counts in parallel to p. Having
both adds the burden of keeping them in synch for no benefit.
 2018-04-24 09:32:28 +02:00
Gilles Peskine 81d4e899a4 Don't rely on private key metadata in SSL 
In SSL, don't use mbedtls_pk_ec or mbedtls_pk_rsa on a private
signature or decryption key (as opposed to a public key or a key used
for DH/ECDH). Extract the data (it's the same data) from the public
key object instead. This way the code works even if the private key is
opaque or if there is no private key object at all.

Specifically, with an EC key, when checking whether the curve in a
server key matches the handshake parameters, rely only on the offered
certificate and not on the metadata of the private key.
 2018-04-24 09:26:03 +02:00
Rose Zadik d35340550d
Update ecp.h 
fixed omittion
 2018-04-23 16:12:42 +01:00
Rose Zadik c32efb3f64
Update ecp.h 
Resolved last review comment
 2018-04-23 09:38:29 +01:00
Rose Zadik d76ac587d3
Update ecp.h 
Changes based on review comments. Waiting for responses on 2 remaining comments
 2018-04-23 06:29:34 +01:00
Rose Zadik abc9ec73b0
Update ecdsa.h 
Merged change to MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH from other commit for merging, as requested (lines 282+283).
 2018-04-23 06:16:40 +01:00
Mohammad Azim Khan 1d3b508b82 Same ciphersuite validation in server and client hello 2018-04-20 18:54:18 +01:00
Andrzej Kurek 5462e02874 ssl_tls: Fix invalid buffer sizes during compression / decompression 
Adjust information passed to zlib to include already written data.
 2018-04-20 07:58:53 -04:00
Rose Zadik f089fa3341
Update ecp.h 
minor spacing/comment format fixes
 2018-04-20 10:41:16 +01:00
Rose Zadik b2e111a288
Update ecp.h 
Changes based on review comments. 
2 comments still open pending decisions
 2018-04-20 10:13:48 +01:00
Gilles Peskine 5450d1f597 Merge branch 'crypto_alt_revision' into development-restricted-proposed 2018-04-19 21:02:40 +02:00
Gilles Peskine 81021ca2da Improve ChangeLog entry 2018-04-19 20:59:06 +02:00
Gilles Peskine f2b76cd45c Merge remote-tracking branch 'upstream-restricted/pr/461' into development-restricted-proposed 2018-04-19 17:41:39 +02:00
Rose Zadik 93f9919c26
Update cipher.h 
Fixed typo.
 2018-04-19 14:41:33 +01:00
Rose Zadik c441f74900
Update cipher.h 
minor fix
 2018-04-19 14:38:20 +01:00
Rose Zadik 4c368e82cc
Update cipher.h 
Additional changes based on review comments
 2018-04-19 14:24:11 +01:00
Rose Zadik 826f264920
Update cipher.h 
Additional changes based on review comments
 2018-04-19 14:01:29 +01:00
Rose Zadik f56cb34d60
Update ecp.h 
Updated based on review comment. 
One comment remains open (waiting for input)
 2018-04-19 12:49:10 +01:00
Manuel Pégourié-Gonnard 7aeb470f61 Merge remote-tracking branch 'public/pr/1234' into development-proposed 
* public/pr/1234:
  Doxygen: don't traverse symbolic links
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 64f5adf9f9 Merge remote-tracking branch 'public/pr/1380' into development-proposed 
* public/pr/1380:
  Update ChangeLog for #1380
  Generate RSA keys according to FIPS 186-4
  Generate primes according to FIPS 186-4
  Avoid small private exponents during RSA key generation
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 4acb0055e3 Merge remote-tracking branch 'public/pr/1518' into development-proposed 
* public/pr/1518:
  Update platform.h
  Update platform.h
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 66d396826a Merge remote-tracking branch 'public/pr/1516' into development-proposed 
* public/pr/1516:
  Update sha512.h
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard bb93c04aab Merge remote-tracking branch 'public/pr/1515' into development-proposed 
* public/pr/1515:
  Update sha256.h
  Update sha256.h
 2018-04-18 16:13:52 +02:00
Gilles Peskine b80f04eb67 Merge remote-tracking branch 'upstream-public/pr/1514' into development-proposed 2018-04-18 16:13:30 +02:00
Gilles Peskine 2e1934ac0c Fix comment formatting to pacify check-names.sh 2018-04-18 16:08:26 +02:00
Manuel Pégourié-Gonnard a9377336be Merge remote-tracking branch 'public/pr/1513' into development-proposed 
* public/pr/1513:
  Update rsa.h
  Update rsa.h
  Update rsa.h
 2018-04-18 11:58:53 +02:00
Manuel Pégourié-Gonnard 0392bff1b9 Merge remote-tracking branch 'public/pr/1512' into development-proposed 
* public/pr/1512:
  Update md.h
  Update md.h
 2018-04-18 11:57:50 +02:00
Manuel Pégourié-Gonnard b3a8fe7285 Merge remote-tracking branch 'public/pr/1509' into development-proposed 
* public/pr/1509:
  Update ecdh.h
  Update ecdh.h
 2018-04-18 11:56:49 +02:00
Manuel Pégourié-Gonnard 01d72df113 Merge remote-tracking branch 'public/pr/1508' into development-proposed 
* public/pr/1508:
  Update ctr_drbg.h
  Update ctr_drbg.h
 2018-04-18 11:55:30 +02:00
Manuel Pégourié-Gonnard 7153496395 Merge remote-tracking branch 'public/pr/1507' into development-proposed 
* public/pr/1507:
  Update cmac.h
  Update cmac.h
 2018-04-18 11:54:42 +02:00
Manuel Pégourié-Gonnard c265a25f4f Merge remote-tracking branch 'public/pr/1503' into development-proposed 
* public/pr/1503:
  Update aes.h
  Update aes.h
 2018-04-18 11:48:10 +02:00
Rose Zadik fa1fe36e08
Update dhm.h 
Minor fix based on review comments
 2018-04-18 10:09:31 +01:00
Rose Zadik ee96359d89
Update dhm.h 
Changes based on review comments
 2018-04-18 09:46:12 +01:00
Andrzej Kurek f13ca9536c Test suites: print error on failed platform_setup 
Return encountered errors instead of covering them
Fix return value on the broken snprintf implementation
 2018-04-18 04:14:31 -04:00