yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-24 14:21:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
855 commits 88 branches 205 tags 69 MiB
Commit graph

280 commits

Author SHA1 Message Date
Paul Bakker b000f82d76 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard 57291a7019 Work around a compiler bug on OS X. 2014-07-08 11:13:42 +02:00
Manuel Pégourié-Gonnard 3baeb15c79 Update changelog for cmake changes 2014-07-08 11:10:54 +02:00
Alex Wilson e63560470e Don't try to use MIPS32 asm macros on MIPS64 
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
 2014-07-08 11:06:05 +02:00
Manuel Pégourié-Gonnard be04673c49 Forbid sequence number wrapping 2014-07-08 11:04:19 +02:00
Paul Bakker 50a5c53398 Reject certs and CRLs from the future 2014-07-08 10:59:10 +02:00
Manuel Pégourié-Gonnard 963918b88f Countermeasure against "triple handshake" attack 2014-07-07 17:46:35 +02:00
Paul Bakker 57ca5702fd Fixed CMake symlinking on out-of-source builds 2014-07-07 17:46:32 +02:00
Manuel Pégourié-Gonnard 6d841c2c5c Fix verion-major intolerance 2014-07-07 17:46:31 +02:00
Paul Bakker e96bfbc6bd Fixed testing with out-of-source builds using cmake 2014-07-07 17:46:30 +02:00
Manuel Pégourié-Gonnard c675e4bde5 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-07-07 17:46:29 +02:00
Paul Bakker af0ccc8fa0 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-07-07 17:46:29 +02:00
Paul Bakker 0b6355d088 Updated ChangeLog 2014-07-07 16:01:53 +02:00
Paul Bakker d15718cbe0 Updated ChangeLog 2014-07-07 16:01:23 +02:00
Paul Bakker d83584e9aa Fixed potential overflow in certificate size in ssl_write_certificate() 2014-07-07 16:01:11 +02:00
Paul Bakker 78e819698b Added missing MPI_CHK() around some statements 2014-07-07 16:01:10 +02:00
Paul Bakker 40cc914567 Fixed x509_crt_parse_path() bug on Windows platforms 2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard b9f6d507dd crypt_and_hash: check MAC earlier 2014-07-07 14:35:02 +02:00
Paul Bakker a1caf6e1e8 SSL now gracefully handles missing RNG 2014-07-07 14:20:52 +02:00
Paul Bakker c941adba31 Fixed X.509 hostname comparison (with non-regular characters) 2014-07-07 14:17:24 +02:00
Paul Bakker e46b17766c Make get_pkcs_padding() constant-time 2014-07-07 14:04:31 +02:00
Paul Bakker 9ccb2116a7 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2014-07-07 13:43:31 +02:00
Paul Bakker 6b06502c4b Changed RSA blinding to a slower but thread-safe version 2013-10-07 12:06:29 +02:00
Paul Bakker adace27ec9 Prepped for 1.2.10 release 2013-10-04 17:07:26 +02:00
Paul Bakker 178e74454f Fixed MS VC project files 2013-10-04 13:20:40 +02:00
Paul Bakker 495830dd1f Fixed ssl_pkcs11_decrypt() prototype 2013-10-04 11:01:48 +02:00
Paul Bakker 62087eed22 Fixed memory leak in rsa.c introduced in 43f9799 2013-10-04 10:57:12 +02:00
Paul Bakker 60ad84f43f Fixed release date for 1.2.9 2013-10-01 10:13:52 +02:00
Paul Bakker e45574e7de Prepped for 1.2.9 release 2013-09-25 18:42:42 +02:00
Paul Bakker 43f9799ce6 RSA blinding on CRT operations to counter timing attacks 2013-09-23 11:23:31 +02:00
Paul Bakker 88a2264def Fixed potential file descriptor leaks 2013-09-11 13:31:55 +02:00
Paul Bakker f65fbee52b x509_verify() now case insensitive for cn (RFC 6125 6.4) 
(cherry picked from commit a5943858d8)

Conflicts:
	ChangeLog
	library/x509parse.c
	tests/suites/test_suite_x509parse.data
 2013-09-11 13:31:55 +02:00
Paul Bakker a565aceea1 Fixed potential memory leak when failing to resume a session 2013-09-11 13:31:53 +02:00
Paul Bakker 78020fe72c Added fixes to ChangeLog 2013-09-11 13:31:06 +02:00
Paul Bakker 21360ca4d4 ssl_write_certificate_request() can handle empty ca_chain 2013-06-21 15:11:10 +02:00
Paul Bakker 016ea076e7 Added Security note (Advisory 2013-03) in ChangeLog 2013-06-19 11:50:30 +02:00
Paul Bakker 1d419500b0 Prepared for PolarSSL release 1.2.8 2013-06-19 11:48:04 +02:00
Paul Bakker 2be71faae4 Fixed values for 2-key Triple DES in cipher layer 2013-06-18 16:33:27 +02:00
Paul Bakker 6fa5488779 Centralized module option values in config.h 
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
 2013-06-17 15:44:03 +02:00
Paul Bakker 19bd297dc8 PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated 
old PBKDF2 module.
 2013-06-14 12:06:45 +02:00
Paul Bakker 52b845be34 Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler 2013-06-14 11:37:37 +02:00
Paul Bakker cbfcaa9206 x509parse_crtpath() is now reentrant and uses more portable stat() 
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
 2013-06-13 09:20:25 +02:00
Paul Bakker 4087c47043 Added mechanism to provide alternative cipher / hash implementations 
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
 2013-06-12 16:57:46 +02:00
Paul Bakker cf6e95d9a8 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis 
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
 2013-06-12 13:18:15 +02:00
Paul Bakker 65a1909dc6 Internally split up x509parse_key() 
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
 2013-06-06 21:17:08 +02:00
Paul Bakker 1922a4e6aa ssl_parse_certificate() now calls x509parse_crt_der() directly 2013-06-06 15:11:16 +02:00
Paul Bakker 6417186365 x509parse_crt() now better handles PEM error situations 
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
 2013-06-06 15:01:18 +02:00
Paul Bakker 08f06cf49f Disabled the HAVEGE random generator by default 
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
 2013-06-06 14:05:26 +02:00
Paul Bakker eae09db9e5 Fixed const correctness issues that have no impact on the ABI 2013-06-06 12:35:54 +02:00
Paul Bakker f92263021c Fixed offset for cert_type list in ssl_parse_certificate_request() 2013-06-06 11:24:37 +02:00