yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-11-22 11:15:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
mbedtls/library
History
Hanno Becker 627fbee41a Don't offer SHA-1 in CertificateRequest message in TLS 1.2 
mbedtls_ssL_set_calc_verify_md() is used to select valid hashes when
writing the server's CertificateRequest message, as well as to verify
and act on the client's choice when reading its CertificateVerify
message.

If enabled at compile-time and configured via mbedtls_ssl_conf_sig_hashes()
the current code also offers SHA-1 in TLS 1.2. However, the SHA-1-based
handshake transcript in TLS 1.2 is different from the SHA-1 handshake
transcript used in TLS < 1.2, and we only maintain the latter
(through ssl_update_checksum_md5sha1()), but not the former.
Concretely, this will lead to CertificateVerify verification failure
if the client picks SHA-1 for the CertificateVerify message in a TLS 1.2
handshake.

This commit removes SHA-1 from the list of supported hashes in
the CertificateRequest message, and adapts two tests in ssl-opt.sh
which expect SHA-1 to be listed in the CertificateRequest message.
2019-07-17 10:19:27 +01:00
..
.gitignore
aes.c
aesni.c
arc4.c
aria.c
asn1parse.c [FIXUP] Fix bug in ASN.1 traversal of silently ignored tag 2019-06-25 10:41:34 +01:00
asn1write.c
base64.c
bignum.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
blowfish.c
camellia.c
ccm.c
certs.c Re-generate library/certs.c from script 2019-05-30 10:58:12 +01:00
chacha20.c
chachapoly.c
cipher.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
cipher_wrap.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
cmac.c
CMakeLists.txt Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
ctr_drbg.c
debug.c Consistently use (type *) instead of (type*) for pointer conversion 2019-06-25 09:10:57 +01:00
des.c Improve macro hygiene 2019-04-24 10:51:54 +02:00
dhm.c Allow DHM self test to run without MBEDTLS_PEM_PARSE_C 2019-05-30 10:58:12 +01:00
ecdh.c
ecdsa.c
ecjpake.c
ecp.c
ecp_curves.c
entropy.c
entropy_poll.c
error.c Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
gcm.c
havege.c Prevent building the HAVEGE module on platforms where it doesn't work 2019-06-17 15:12:51 +02:00
hkdf.c
hmac_drbg.c
Makefile Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
md.c
md2.c
md4.c
md5.c
md_wrap.c New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
memory_buffer_alloc.c
net_sockets.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
nist_kw.c
oid.c Address review comments 2019-06-18 11:05:44 +01:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c
pk.c Merge remote-tracking branch 'public/pr/1721' into development-restricted 2018-12-20 12:37:13 +00:00
pk_wrap.c
pkcs5.c
pkcs11.c
pkcs12.c
pkparse.c Fix unused variable warnings in pkparse.c 2019-06-18 11:31:59 +02:00
pkwrite.c PK parse/write: support keylen=0 correctly 2018-12-19 17:03:28 +01:00
platform.c
platform_util.c
poly1305.c
ripemd160.c
rsa.c
rsa_internal.c
sha1.c
sha256.c
sha512.c
ssl_cache.c Remove ciphersuite from SSL session if single suite hardcoded 2019-07-08 11:23:24 +01:00
ssl_ciphersuites.c Restore static inline qualif'n of some helpers in ssl_ciphersuites.h 2019-07-08 11:23:25 +01:00
ssl_cli.c Merge remote-tracking branch 'origin/pr/602' into baremetal 2019-07-15 19:24:11 +01:00
ssl_cookie.c
ssl_srv.c Merge remote-tracking branch 'origin/pr/602' into baremetal 2019-07-15 19:24:11 +01:00
ssl_ticket.c Move session save/load function to ssl_tls.c 2019-06-03 09:51:08 +02:00
ssl_tls.c Don't offer SHA-1 in CertificateRequest message in TLS 1.2 2019-07-17 10:19:27 +01:00
threading.c
timing.c timing: Remove redundant include file 2019-06-20 16:33:02 +01:00
version.c
version_features.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
x509.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
x509_create.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509_crl.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509_crt.c Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed 2019-07-03 10:31:46 +02:00
x509_csr.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509write_crt.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
x509write_csr.c Move declarations of internal X.509 functions to separate header 2019-06-25 09:10:57 +01:00
xtea.c