yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-25 17:57:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
mbedtls/library
History
Hanno Becker 627fbee41a Don't offer SHA-1 in CertificateRequest message in TLS 1.2 
mbedtls_ssL_set_calc_verify_md() is used to select valid hashes when
writing the server's CertificateRequest message, as well as to verify
and act on the client's choice when reading its CertificateVerify
message.

If enabled at compile-time and configured via mbedtls_ssl_conf_sig_hashes()
the current code also offers SHA-1 in TLS 1.2. However, the SHA-1-based
handshake transcript in TLS 1.2 is different from the SHA-1 handshake
transcript used in TLS < 1.2, and we only maintain the latter
(through ssl_update_checksum_md5sha1()), but not the former.
Concretely, this will lead to CertificateVerify verification failure
if the client picks SHA-1 for the CertificateVerify message in a TLS 1.2
handshake.

This commit removes SHA-1 from the list of supported hashes in
the CertificateRequest message, and adapts two tests in ssl-opt.sh
which expect SHA-1 to be listed in the CertificateRequest message.
2019-07-17 10:19:27 +01:00
..
.gitignore
aes.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
aesni.c
arc4.c
aria.c
asn1parse.c [FIXUP] Fix bug in ASN.1 traversal of silently ignored tag 2019-06-25 10:41:34 +01:00
asn1write.c Fix ASN1 bitstring writing 2019-02-11 21:13:33 +00:00
base64.c
bignum.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
blowfish.c
camellia.c
ccm.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
certs.c Re-generate library/certs.c from script 2019-05-30 10:58:12 +01:00
chacha20.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
chachapoly.c
cipher.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
cipher_wrap.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
cmac.c
CMakeLists.txt Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
ctr_drbg.c
debug.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
des.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
dhm.c Allow DHM self test to run without MBEDTLS_PEM_PARSE_C 2019-05-30 10:58:12 +01:00
ecdh.c Fix mbedtls_ecdh_get_params with new ECDH context 2019-02-22 12:51:51 +01:00
ecdsa.c
ecjpake.c Fix #2370, minor typos and spelling mistakes 2019-02-18 14:50:57 +00:00
ecp.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ecp_curves.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
entropy.c
entropy_poll.c
error.c Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
gcm.c
havege.c Prevent building the HAVEGE module on platforms where it doesn't work 2019-06-17 15:12:51 +02:00
hkdf.c
hmac_drbg.c
Makefile Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
md.c
md2.c
md4.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
md5.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
md_wrap.c
memory_buffer_alloc.c
net_sockets.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
nist_kw.c
oid.c Address review comments 2019-06-18 11:05:44 +01:00
padlock.c
pem.c
pk.c
pk_wrap.c
pkcs5.c
pkcs11.c
pkcs12.c
pkparse.c Fix unused variable warnings in pkparse.c 2019-06-18 11:31:59 +02:00
pkwrite.c
platform.c
platform_util.c
poly1305.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
ripemd160.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
rsa.c
rsa_internal.c Bignum: Deprecate mbedtls_mpi_is_prime() 2018-10-09 16:36:53 +01:00
sha1.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha256.c Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
sha512.c Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
ssl_cache.c Remove ciphersuite from SSL session if single suite hardcoded 2019-07-08 11:23:24 +01:00
ssl_ciphersuites.c Restore static inline qualif'n of some helpers in ssl_ciphersuites.h 2019-07-08 11:23:25 +01:00
ssl_cli.c Merge remote-tracking branch 'origin/pr/602' into baremetal 2019-07-15 19:24:11 +01:00
ssl_cookie.c
ssl_srv.c Merge remote-tracking branch 'origin/pr/602' into baremetal 2019-07-15 19:24:11 +01:00
ssl_ticket.c Move session save/load function to ssl_tls.c 2019-06-03 09:51:08 +02:00
ssl_tls.c Don't offer SHA-1 in CertificateRequest message in TLS 1.2 2019-07-17 10:19:27 +01:00
threading.c
timing.c timing: Remove redundant include file 2019-06-20 16:33:02 +01:00
version.c
version_features.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
x509.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
x509_create.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509_crl.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509_crt.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
x509_csr.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509write_crt.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509write_csr.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
xtea.c