yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 01:31:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
1447 commits 88 branches 205 tags 69 MiB
Commit graph

312 commits

Author SHA1 Message Date
Paul Bakker 5b55b79021 Better handling of ciphersuite version range and forced version in 
ssl_server2
 2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard e048b67d0a Misc minor fixes 
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
 2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard 0c017a55e0 Add max_frag_len option in ssl_server2 
Also reformat code and output more information in ssl_client2
 2013-07-18 14:07:36 +02:00
Paul Bakker 8e714d7aca Modified LONG_RESPONSE and comments in ssl_server2 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard bd7ce63115 Adapt ssl_server2 to test sending long messages 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard 787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard 0df6b1f068 ssl_client2: add max_frag_len option 2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard be50680a8c Fix use of x509_cert.rsa in programs 2013-07-17 15:59:43 +02:00
Paul Bakker 82024bf7b9 ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT' 2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker 44618dd798 SSL Test and Benchmark now handle missing POLARSSL_TIMING_C 2013-07-04 11:30:32 +02:00
Paul Bakker fa9b10050b Also compiles / runs without time-based functions in OS 
Can now run without need of time() / localtime() and gettimeofday()
 2013-07-03 17:22:32 +02:00
Paul Bakker 6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker 9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly 
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
 2013-06-30 14:34:05 +02:00
Paul Bakker 62534dd1d8 programs/util/strerror now handles decimal and hexidecimal input 2013-06-30 12:45:07 +02:00
Paul Bakker 03a8a79516 Programs adapted to use polarssl_strerror() instead of error_strerror() 2013-06-30 12:18:08 +02:00
Paul Bakker 5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker c1516be99d ssl_server2 and ssl_client2 adapted to support maximum protocol version 2013-06-29 18:35:41 +02:00
Paul Bakker 3c5ef71322 Cleanup up non-prototyped functions (static) and const-correctness in programs 2013-06-25 16:37:45 +02:00
Paul Bakker ef3f8c747e Fixed const correctness issues in programs and tests 
(cherry picked from commit e0225e4d7f)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c
 2013-06-24 19:09:24 +02:00
Paul Bakker 777a5757d6 ca_path and ca_file arguments added to support chain validation in 
cert_app
 2013-05-21 16:20:04 +02:00
Paul Bakker bcbe2d8d81 Prettier printing of the lists for longer ciphersuite names 2013-04-19 09:10:20 +02:00
Paul Bakker ed27a041e4 More granular define selections within code to allow for smaller code 
sizes
 2013-04-18 23:12:34 +02:00
Paul Bakker fbb17804d8 Added pre-shared key handling for the server side of SSL / TLS 
Server side handling of the pure PSK ciphersuites is now in the base
code.
 2013-04-18 23:12:33 +02:00
Paul Bakker d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS 
Client side handling of the pure PSK ciphersuites is now in the base
code.
 2013-04-18 23:12:33 +02:00
Paul Bakker c70b982056 OID functionality moved to a separate module. 
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
 2013-04-07 22:00:46 +02:00
Paul Bakker 41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS 
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
 2013-03-20 14:39:14 +01:00
Paul Bakker 00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker 68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker 8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases 
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
 2013-02-02 12:43:08 +01:00
Paul Bakker a95919b4c7 Added ECP files to Makefiles as well 2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard b4a310b472 Added a selftest about SPA resistance 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard 52a422f6a1 Added ecp-bench specialized benchmark 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard e870c0a5d6 Added benchmark for DHM 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard 4b8c3f2a1c Moved tests from selftest to tests/test_suite_ecp 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard efaa31e9ae Implemented multiplication 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard b505c2796c Got first tests working, fixed ecp_copy() 2013-01-16 16:31:49 +01:00
Paul Bakker 91ebfb5272 Made auth_mode as an command line option 2012-11-23 14:04:08 +01:00
Paul Bakker 1f9d02dc90 Added more notes / comments on own_cert, trust_ca purposes 2012-11-20 10:30:55 +01:00
Paul Bakker 25338d74ac Added proper gitignores for Linux CMake use 2012-11-18 22:56:39 +01:00
Paul Bakker 90f309ffe7 Added proper gitignores for linux compilation 2012-11-17 00:04:49 +01:00
Paul Bakker 75242c30fb Added checking of CA peer cert to ssl_client1 as sane default 2012-11-17 00:03:46 +01:00
Paul Bakker 580153573b - Do not free uninitialized ssl context 2012-11-14 12:15:41 +00:00
Paul Bakker 645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker 21654f392e - Smaller default values 2012-10-24 14:29:17 +00:00
Paul Bakker 520ea911f6 - Fixed to support 4096 bit DHM params as well 2012-10-24 14:17:01 +00:00
Paul Bakker f1ab0ec1ff - Changed default compiler flags to include -O2 2012-10-23 12:12:53 +00:00
Paul Bakker 1d56958963 - Updated examples to use appropriate sizes for larger RSA keys (up to 16k) 2012-10-03 20:35:44 +00:00
Paul Bakker 3ad34d4110 - Added key_app_writer to CMakeLists.txt 2012-10-03 20:34:37 +00:00
Paul Bakker 3fad7b3fdd - Changed saved value to RCF 3526 2048 MODP group 2012-10-03 19:50:54 +00:00
Paul Bakker 5da01caa50 - Added warning about example use 2012-10-03 19:48:33 +00:00
Paul Bakker 1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker 5d19f86fdd - Added comment 2012-09-28 07:33:00 +00:00
Paul Bakker cbbd9998da - SSL/TLS now has default group 2012-09-28 07:32:06 +00:00
Paul Bakker 915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker 819370c7b7 - Removed lowercasing of parameters 2012-09-28 07:04:41 +00:00
Paul Bakker 5ef9db2ae3 - Added rsa_check_privkey() check to rsa_sign 2012-09-27 13:19:22 +00:00
Paul Bakker db2509c9cd - Added password and password_file options for reading private keys 2012-09-27 12:44:31 +00:00
Paul Bakker d43241060b - Removed clutter from my_dhm values 2012-09-26 08:29:38 +00:00
Paul Bakker 0a59707523 - Added simple SSL session cache implementation 
- Revamped session resumption handling
 2012-09-25 21:55:46 +00:00
Paul Bakker 4811b56524 - Added util/CMakelists.txt 2012-09-25 11:45:38 +00:00
Paul Bakker 29b64761fd - Added predefined DHM groups from RFC 5114 2012-09-25 09:36:44 +00:00
Paul Bakker b60b95fd7f - Added first version of ssl_server2 example application 2012-09-25 09:05:17 +00:00
Paul Bakker 0f409a1911 - Added missing subdirectory line for util 2012-09-25 08:19:18 +00:00
Paul Bakker d0f6fa7bdc - Sending of handshake_failures during renegotiation added 
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
 2012-09-17 09:18:12 +00:00
Paul Bakker 48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker f518b16f97 - Added PKCS#5 PBKDF2 key derivation function 2012-08-23 13:03:18 +00:00
Paul Bakker 835b29e7c3 - Should not be debug_level 5 in repo (reset to 0) 2012-08-23 08:31:59 +00:00
Paul Bakker 3d58fe8af6 - Added Blowfish to benchmarks 2012-07-04 17:15:31 +00:00
Paul Bakker 26c4e3cb0b - Made crypt_and_cipher more robust with other ciphers / hashes 2012-07-04 17:08:33 +00:00
Paul Bakker a9379c0ed1 - Added base blowfish algorithm 2012-07-04 11:02:11 +00:00
Paul Bakker 92eeea4627 - Modified CMakeLists to support zlib 2012-07-03 15:10:33 +00:00
Paul Bakker 2770fbd651 - Added DEFLATE compression support as per RFC3749 (requires zlib) 2012-07-03 13:30:23 +00:00
Paul Bakker 8d914583f3 - Added X509 CA Path support 2012-06-04 12:46:42 +00:00
Paul Bakker e6ee41f932 - Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL) 
- Handle encryption with private key and decryption with public key as per RFC 2313
 2012-05-19 08:43:48 +00:00
Paul Bakker 4248823f43 - Updated to handle x509parse_crtfile() positive return values 2012-05-16 08:21:05 +00:00
Paul Bakker 62f88dc473 Makefile more compatible with WINDOWS environment 2012-05-10 21:26:28 +00:00
Paul Bakker cd5b529d6d - Added automatic WINDOWS define in Makefile 2012-05-10 20:49:10 +00:00
Paul Bakker 4d2c1243b1 - Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present. 2012-05-10 14:12:46 +00:00
Paul Bakker 01cc394848 - Added commandline error code convertor (util/strerror) 2012-05-08 08:36:15 +00:00
Paul Bakker 88f17b8549 - Fixed for new DHM handling (TLS 1.2) 2012-04-26 18:52:13 +00:00
Paul Bakker ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker 0b22e3e989 - Print return codes properly 2012-04-18 14:23:29 +00:00
Paul Bakker 6f3578cfc8 - Report proper error number 2012-04-16 06:46:01 +00:00
Paul Bakker 10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker 570267f01a - print error string in useful format 2012-04-10 08:22:46 +00:00
Paul Bakker c7ffd36a97 - Added automatic debug flags to CFLAGS if DEBUG is set in shell 2012-04-05 12:08:29 +00:00
Paul Bakker b78c74551f - Use standard IV of 12 2012-03-20 15:05:59 +00:00
Paul Bakker 89e80c9a43 - Added base Galois/Counter mode (GCM) for AES 2012-03-20 13:50:09 +00:00
Paul Bakker 12f5dbb8b4 - Fixed MD type to SHA1 2012-03-05 13:37:13 +00:00
Paul Bakker 92101f2d02 - Keep requests for future use 2012-02-16 14:09:31 +00:00
Paul Bakker 89f3fc5bf1 - Removed superfluous debugging info 2012-02-16 13:36:38 +00:00
Paul Bakker bdb912db69 - Added preliminary ASN.1 buffer writing support 
- Added preliminary X509 Certificate Request writing support
 - Added key_app_writer example application
 - Added cert_req example application
 2012-02-13 23:11:30 +00:00
Paul Bakker 57b12982b3 - Multi-domain certificates support wildcards as well 2012-02-11 17:38:38 +00:00
Paul Bakker a8cd239d6b - Added support for wildcard certificates 
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
 2012-02-11 16:09:32 +00:00
Paul Bakker fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00
Paul Bakker 13eb9f01cf - Added error exit code 2012-02-06 15:35:10 +00:00
Paul Bakker 1052784054 - Fixed typo 2012-01-14 18:00:00 +00:00
Paul Bakker fb3a83f9e3 - Added appropriate error handling to ctr_drbg_init() 2011-12-15 20:05:53 +00:00
Paul Bakker 3f9b650b4b - Fixed renumber error code for POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR 2011-12-15 19:50:22 +00:00
Paul Bakker b1dee1cfd2 - Changed commands to lowercase where it was not the case 2011-12-11 11:29:51 +00:00
Paul Bakker 69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it. 
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
 2011-12-10 21:55:01 +00:00
Paul Bakker b8ba90b316 - Enlarged default CRL size buffer 2011-12-05 14:34:12 +00:00
Paul Bakker fc754a9178 - Addedd writing and updating of seedfiles as functions to CTR_DRBG 2011-12-05 13:23:51 +00:00
Paul Bakker 508ad5ab6d - Moved all examples programs to use the new entropy and CTR_DRBG 2011-12-04 17:09:26 +00:00
Paul Bakker 4dc6457274 - Added public key of server1.key 2011-12-04 17:09:08 +00:00
Paul Bakker 310c25e564 - Fixed minor bug by zeroizing result memory 2011-12-04 17:06:56 +00:00
Paul Bakker 6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker a17bcc3033 - Fixed typo 2011-12-03 21:45:50 +00:00
Paul Bakker 6083fd252d - Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources 2011-12-03 21:45:14 +00:00
Paul Bakker 02faf45d8b - Added random generator benchmarks 2011-11-29 11:23:58 +00:00
Paul Bakker a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker 0e04d0e9a3 - Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator 2011-11-27 14:46:59 +00:00
Paul Bakker 5c356d6f8f - Fixed typo 2011-11-25 13:17:45 +00:00
Paul Bakker 14cb63a40c - cert_app now prints all certificates in the file given, not just the first 2011-11-25 12:44:31 +00:00
Paul Bakker cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker 61da752077 - Changed read from server loop to read more than a single read. 2011-11-11 10:28:58 +00:00
Paul Bakker 436e4c59c3 - Removed redundant "ok" printing 2011-11-11 10:28:24 +00:00
Paul Bakker d3b486a743 - Fixed typo in usage 2011-10-12 10:15:05 +00:00
Paul Bakker b892b1326c - Prevented compiler warning 2011-10-12 09:19:43 +00:00
Paul Bakker 5a8352294b - Added Windows dependent header code 2011-10-12 09:19:31 +00:00
Paul Bakker d246ed30bd - Fixed rsa_encrypt and rsa_decrypt example programs to use public key for encryption and private key for decryption (Fixes ticket #34) 2011-10-06 13:18:27 +00:00
Paul Bakker 7eb013face - Added ssl_session_reset() to allow re-use of already set non-connection specific context information 2011-10-06 12:37:39 +00:00
Paul Bakker b81b3abb45 - Added safeguard not to build in WIN32 environment. 2011-08-25 09:47:36 +00:00
Paul Bakker 7bc05ff4a6 - Added rsa_encrypt and rsa_decrypt example programs 2011-08-09 10:30:36 +00:00
Paul Bakker ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker a585beb87e - Introduced windows DLL build and SYS_LDFLAGS 2011-06-21 08:59:44 +00:00
Paul Bakker 25b5fe5ac6 - Fixed dual use of n 2011-05-26 14:02:58 +00:00
Paul Bakker 5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker 2c0994e973 - Fixed typedness and size_t printing 2011-05-25 13:51:57 +00:00
Paul Bakker dcca6b74dc - Removed debug information 2011-05-25 11:16:50 +00:00
Paul Bakker 135b98ef69 - Adapted to compile without POLARSSL_SELF_TEST defined 2011-05-25 11:13:47 +00:00
Paul Bakker e22d7030c6 - Fixed warnings with cast 2011-05-23 16:02:34 +00:00
Paul Bakker 1496d38028 - Added the ssl_mail_client example application 2011-05-23 12:07:29 +00:00
Paul Bakker cb79ae0b9b - Fixed description in header 2011-05-20 12:44:16 +00:00
Paul Bakker 896ac22071 - Added ssl_fork_server example program 2011-05-20 12:33:05 +00:00
Paul Bakker f357131a7b - Gather data until server gives EOF 2011-05-20 12:32:35 +00:00
Paul Bakker 831a755d9e - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake. 
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
 2011-05-18 13:32:51 +00:00
Paul Bakker 91b4159834 - Added missing rsa_init() statement 2011-05-05 12:01:31 +00:00
Paul Bakker 6c591fab72 - mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases. 2011-05-05 11:49:20 +00:00
Paul Bakker 494c0b8d36 - Changed define from WIN32 to _WIN32 to also support 64-bit windows platforms 2011-04-24 15:30:07 +00:00
Paul Bakker 23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker af5c85fc10 - Improved portability with Microsoft Visual C 2011-04-18 03:47:52 +00:00
Paul Bakker 1ffc1b9885 - Added rsa_sign_pss and rsa_verify_pss to CMakeLists.txt 2011-03-25 14:26:42 +00:00
Paul Bakker 31acc6b0aa - Fixed uppercase type for gen_random 2011-03-25 14:24:09 +00:00
Paul Bakker 2291f6c19d - Added test application for RSASSA-PSS signing and verification 2011-03-25 14:07:53 +00:00
Paul Bakker e77db2e119 - Added bugfix info for previous checkin 2011-03-25 14:01:32 +00:00
Paul Bakker 9dcc32236b - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21) 2011-03-08 14:16:06 +00:00