yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 12:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
1860 commits 88 branches 205 tags 69 MiB
Commit graph

326 commits

Author SHA1 Message Date
Paul Bakker e6c2ddb0b8 Updated ChangeLog with deterministic ECDSA 2014-01-27 11:59:29 +01:00
Paul Bakker 42099c3155 Revert "Add pk_rsa_set_padding() and rsa_set_padding()" 
This reverts commit b4fae579e8.

Conflicts:
	library/pk.c
	tests/suites/test_suite_pk.data
	tests/suites/test_suite_pk.function
 2014-01-27 11:59:29 +01:00
Paul Bakker d75ba40cc3 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-01-24 16:12:18 +01:00
Paul Bakker 556efba51c Added AES CFB8 mode 2014-01-24 15:38:12 +01:00
Paul Bakker 5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker 0ac99ca7bc Merged support for secp224k1, secp192k1 and secp25k1 2014-01-22 13:10:48 +01:00
Paul Bakker 3eb9673e19 Updated ChangeLog with recent changes 2014-01-22 13:08:19 +01:00
Paul Bakker a8fd3e31ed Removed POLARSSL_THREADING_DUMMY option 2013-12-31 11:54:08 +01:00
Paul Bakker 6992eb762c Fixed potential overflow in certificate size in ssl_write_certificate() 2013-12-31 11:38:33 +01:00
Paul Bakker 6ea1a95ce8 Added missing MPI_CHK() around some statements 2013-12-31 11:17:14 +01:00
Paul Bakker 5bc07a3d30 Prepped for 1.3.3 2013-12-31 10:57:44 +01:00
Paul Bakker c73879139e Merged ECP memory usage optimizations 2013-12-31 10:33:47 +01:00
Paul Bakker 956c9e063d Reduced the input / output overhead with 200+ bytes and covered corner 
case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
 2013-12-30 15:00:51 +01:00
Paul Bakker f9c4953e39 Added version of the SSL pthread server example 2013-12-30 14:55:54 +01:00
Paul Bakker 23116fdb53 Merged AES-NI support for AES, AES-GCM and AES key scheduling 2013-12-30 14:10:35 +01:00
Paul Bakker 1a56fc96a3 Fixed x509_crt_parse_path() bug on Windows platforms 2013-12-19 13:52:33 +01:00
Paul Bakker 5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Paul Bakker 5ab68ba679 Merged storing curves fully in ROM 2013-12-17 13:11:18 +01:00
Paul Bakker fdf946928d Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites 2013-12-17 13:10:27 +01:00
Paul Bakker f70fe81a6e Fixed memory leak in benchmark application 2013-12-17 13:09:12 +01:00
Paul Bakker 6f0636a09f Potential memory leak in ssl_ticket_keys_init() 2013-12-17 13:09:12 +01:00
Paul Bakker 48d78a5e60 Merged support for Curve25519 2013-12-05 16:12:40 +01:00
Manuel Pégourié-Gonnard 9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Paul Bakker b14817d10a Updated ChangeLog for splitting off curves from ecp.c 2013-12-02 22:03:23 +01:00
Paul Bakker 9dc53a9967 Merged client ciphersuite order preference option 2013-12-02 14:56:27 +01:00
Paul Bakker 014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Paul Bakker 4040d7e95c Merged more constant-time checking in RSA 2013-12-02 14:53:23 +01:00
Paul Bakker c3d0d07a7a Merged change from readdir_r() to readdir() + threading 2013-12-02 14:52:50 +01:00
Paul Bakker 7aa0375b78 Updated ChangeLog to reflect recent changes 2013-11-26 17:37:31 +01:00
Paul Bakker a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters) 
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
 2013-11-21 17:30:23 +01:00
Paul Bakker f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker e1121b6217 Update ChangeLog for renegotiation changes 2013-10-31 15:57:22 +01:00
Paul Bakker 7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard 178d9bac3c Fix ECDSA corner case: missing reduction mod N 
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
 2013-10-29 13:40:17 +01:00
Paul Bakker 60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker 93c6aa4014 Fixed that selfsign copies issuer_name to subject_name 2013-10-28 22:29:11 +01:00
Paul Bakker 50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker 7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker 1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker 3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Paul Bakker 08bb187bb6 Merged Public Key framwork tests 2013-10-28 14:11:09 +01:00
Paul Bakker 68037da3cd Update Changelog for minor fixes 2013-10-28 14:02:40 +01:00
Paul Bakker 45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker 677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Paul Bakker 5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker 376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker a7ea6a5a18 config.h is more script-friendly 2013-10-15 11:55:10 +02:00