yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 00:25:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/pr/1771' into mbedtls-2.1

Browse Source
This commit is contained in:
Simon Butcher 2018-06-28 11:38:18 +01:00
commit e5828ce06c
23 changed files with 70 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ChangeLog
View File

@ -1461,7 +1461,7 @@ Features
issuer_key_identifier, etc)
* Optional blinding for RSA, DHM and EC
* Support for multiple active certificate / key pairs in SSL servers for
the same host (Not to be confused with SNI!)
the same host (Not to be confused with SNI!)
Changes
* Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
@ -1692,7 +1692,7 @@ Changes
PKCS#8 private key formats
* Added mechanism to provide alternative implementations for all
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
config.h)
config.h)
* PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module
@ -1704,7 +1704,7 @@ Bugfix
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
certificates
certificates
* x509parse_crtpath() is now reentrant and uses more portable stat()
* Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
* Fixed values for 2-key Triple DES in cipher layer
@ -1862,7 +1862,7 @@ Bugfix
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
#52)
* Handle encryption with private key and decryption with public key as per
RFC 2313
RFC 2313
* Handle empty certificate subject names
* Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_add_abs() now correctly handles adding short numbers to long numbers
@ -1893,7 +1893,7 @@ Bugfix
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
certificates
certificates
* Fixed values for 2-key Triple DES in cipher layer
* ssl_write_certificate_request() can handle empty ca_chain
@ -1974,16 +1974,16 @@ Bugfix
Features
* Added ssl_session_reset() to allow better multi-connection pools of
SSL contexts without needing to set all non-connection-specific
data and pointers again. Adapted ssl_server to use this functionality.
data and pointers again. Adapted ssl_server to use this functionality.
* Added ssl_set_max_version() to allow clients to offer a lower maximum
supported version to a server to help buggy server implementations.
(Closes ticket #36)
(Closes ticket #36)
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
introspection functions (Closes ticket #40)
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
* Added a generic entropy accumulator that provides support for adding
custom entropy sources and added some generic and platform dependent
entropy sources
entropy sources
Changes
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
@ -2116,7 +2116,7 @@ Bugfixes
* Corrected parsing of UTCTime dates before 1990 and
after 1950
* Support more exotic OID's when parsing certificates
(found by Mads Kiilerich)
(found by Mads Kiilerich)
* Support more exotic name representations when parsing
certificates (found by Mads Kiilerich)
* Replaced the expired test certificates
@ -2146,7 +2146,7 @@ Note: Most of these features have been donated by Fox-IT
status, objects and configuration
+ Added verification callback on certificate chain
verification to allow external blacklisting
+ Additional example programs to show usage
+ Additional example programs to show usage
* Added support for PKCS#11 through the use of the
libpkcs11-helper library

2
include/mbedtls/ssl.h Executable file → Normal file
View File

@ -1587,7 +1587,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
*
* \param ssl SSL context
* \param hostname the server hostname, may be NULL to clear hostname
*
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
*
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on

1
library/asn1write.c
View File

@ -205,7 +205,6 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
int ret;
size_t len = 0;
// TODO negative values and values larger than 128
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//

7
library/ssl_cli.c
View File

@ -1890,8 +1890,6 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
// TODO: Retrieve PSK identity hint and callback to app
//
*p += len;
ret = 0;
@ -2464,9 +2462,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
goto exit;
}
// TODO: handshake_failure alert for an anonymous server to request
// client authentication
/*
* struct {
* ClientCertificateType certificate_types<1..2^8-1>;
@ -2538,7 +2533,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
/* Ignored, see comments about hash in write_certificate_verify */
// TODO: should check the signature part against our pk_key though
size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
#if defined(MBEDTLS_DEBUG_C)
@ -2580,7 +2574,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* Ignore certificate_authorities, we only have one cert anyway */
// TODO: should not send cert if no CA matches
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );

2
library/ssl_tls.c
View File

@ -3744,7 +3744,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
return( ret );
}
// TODO: what's the purpose of these lines? is in_len used?
ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
}
@ -5170,7 +5169,6 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
// TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
#if defined(MBEDTLS_SSL_RENEGOTIATION)

9
library/x509_crt.c
View File

@ -522,9 +522,6 @@ static int x509_get_subject_alt_name( unsigned char **p,
/*
* X.509 v3 extensions
*
* TODO: Perform all of the basic constraints tests required by the RFC
* TODO: Set values for undetected extensions to a sane default?
*
*/
static int x509_get_crt_ext( unsigned char **p,
const unsigned char *end,
@ -1638,12 +1635,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
if( ca == NULL )
return( flags );
/*
* TODO: What happens if no CRL is present?
* Suggestion: Revocation state should be unknown if no CRL is present.
* For backwards compatibility this is not yet implemented.
*/
while( crl_list != NULL )
{
if( crl_list->version == 0 ||

1
library/x509_csr.c
View File

@ -214,7 +214,6 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
// TODO Parse Attributes / extension requests
p += len;

0
tests/scripts/run-test-suites.pl Normal file → Executable file
View File

1
tests/suites/test_suite_ssl.function
View File

@ -53,3 +53,4 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
mbedtls_ssl_free( &ssl );
}
/* END_CASE */

8
yotta/data/example-authcrypt/README.md
View File

@ -38,11 +38,11 @@ To build and run this example you must have:
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
Use the following settings:
Use the following settings:
* 115200 baud (not 9600).
* 8N1.
* No flow control.
* 115200 baud (not 9600).
* 8N1.
* No flow control.
7. Press the Reset button on the board.

8
yotta/data/example-benchmark/README.md
View File

@ -38,11 +38,11 @@ To build and run this example you must have:
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
Use the following settings:
Use the following settings:
* 115200 baud (not 9600).
* 8N1.
* No flow control.
* 115200 baud (not 9600).
* 8N1.
* No flow control.
7. Press the Reset button on the board.

8
yotta/data/example-hashing/README.md
View File

@ -38,11 +38,11 @@ To build and run this example you must have:
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
Use the following settings:
Use the following settings:
* 115200 baud (not 9600).
* 8N1.
* No flow control.
* 115200 baud (not 9600).
* 8N1.
* No flow control.
7. Press the Reset button on the board.

8
yotta/data/example-selftest/README.md
View File

@ -38,11 +38,11 @@ To build and run this example you must have:
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
Use the following settings:
Use the following settings:
* 115200 baud (not 9600).
* 8N1.
* No flow control.
* 115200 baud (not 9600).
* 8N1.
* No flow control.
7. Press the Reset button on the board.

8
yotta/data/example-tls-client/README.md
View File

@ -44,11 +44,11 @@ To build and run this example you must have:
7. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
Use the following settings:
Use the following settings:
* 115200 baud (not 9600).
* 8N1.
* No flow control.
* 115200 baud (not 9600).
* 8N1.
* No flow control.
8. Press the Reset button on the board.