yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 01:24:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,956 Commits 88 Branches 205 Tags 69 MiB
67505bf9e8
Commit Graph

1735 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
e5b0fc1847 Make malloc-init script a bit happier 2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard
f631bbc1da Make x509_string_cmp() iterative 2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
d681443f69 Fix potential stack overflow 2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard
b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
e959979621 Fix ECDSA sign buffer size 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
b31b61b9e8 Fix potential undefined behaviour in Camellia 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard
7c13d69cb5 Fix dependency issues 2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard
a1efcb084f Implement pk_check_pair() for RSA-alt 2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard
27e3edbe2c Check key/cert pair in ssl_set_own_cert() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
e10e06d863 Blind RSA operations even without CRT 2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard
d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard
f9d778d635 Merge branch 'etm' into dtls 
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
 2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls 
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
 2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
9d7821d774 Fix warning in reduced config 2014-11-06 01:19:52 +01:00
Manuel Pégourié-Gonnard
fedba98ede Merge branch 'fb-scsv' into dtls 
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
 2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
1a03473576 Keep EtM state across renegotiations 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
08558e5b46 Fix for the RFC erratum 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
313d796e80 Implement EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
ada3030485 Implement extended master secret 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret 
(But not the actual thing yet.)
 2014-11-05 16:00:49 +01:00
Paul Bakker
f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
6b875fc7e5 Fix potential memory leak (from clang-analyzer) 2014-10-21 16:33:00 +02:00
Manuel Pégourié-Gonnard
df3acd82e2 Limit HelloRequest retransmission if not enforced 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
26a4cf63ec Add retransmission of HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
74a1378175 Avoid false positive in ssl-opt.sh with memcheck 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
8e704f0f74 DTLS depends on TIMING_C for now 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
b0643d152d Add ssl_set_dtls_badmac_limit() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
23cad339c4 Fail cleanly on unhandled case 2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard
fc572dd4f6 Retransmit only on last message from prev flight 
Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion.
 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
8a7cf2543a Add a few #ifdefs 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc Add test for server-initiated renego 
Just assuming the HelloRequest isn't lost for now
 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
46fb942046 Fix warning about function that should be static 2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard
f1e9b09a0c Fix missing #ifdef's 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
4e2f245752 Fix timer issues 
- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read
 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
df9a0a8460 Drop unexpected ApplicationData 
This is likely to happen on resumption if client speaks first at the
application level.
 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
6b65141718 Implement ssl_read() timeout (DTLS only for now) 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
2707430a4d Fix types and comments about read_timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
6c1fa3a184 Fix misplaced initialisation of timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
c8d8e97cbd Move to milliseconds in recv_timeout() 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
905dd2425c Add ssl_set_handshake_timeout() 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
0ac247fd88 Implement timeout back-off (fixed range for now) 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
db2858ce96 Preparation for timers 
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
08a1d4bce1 Fix bug with client auth with DTLS 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
23b7b703aa Fix issue with renego & resend 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
f03c7aa469 Add replay detection in parse_client_hello() 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
8464a46b6b Make DTLS_ANTI_REPLAY depends on PROTO_DTLS 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
b47368a00a Add replay detection 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
7a7e140d4e Add functions for replay protection 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
ea22ce577e Rm unneeded counter increment with DTLS 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
abf16240dd Add ability to resend last flight 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
cd32a50d67 Fix NewSesssionTicket vs ChangeCipherSpec bug 
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
767c69561b Drop out-of-sequence ChangeCipherSpec messages 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
93017de47e Minor optim: don't resend on duplicated HVR 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
c715aed744 Fix epoch swapping 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
6a2bdfaf73 Actually resend flights 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
ffa67be698 Infrastructure for buffering & resending flights 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
9d9b003a9a Add net_recv_timeout() 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
8fa6dfd560 Introduce f_recv_timeout callback 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
e6bdc4497c Merge I/O contexts into one 2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard
f4acfe1808 Document previous API changes in this branch 2014-10-21 16:32:23 +02:00
Manuel Pégourié-Gonnard
d92d6a1b5b ssl_parse_server_key_exchange() cleanups 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
5ee96546de Add length checks in parse_certificate_verify() 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
72226214b1 Merge checks in ssl_parse_certificate_verify() 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
ca6440b246 Small cleanups in parse_finished() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
624bcb5260 No memmove: done, rm temporary things 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
000d5aec13 No memmove: parse_new_session_ticket() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
0b3400dafa No memmove: ssl_parse_server_hello() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
069eb79043 No memmove: ssl_parse_hello_verify_request() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
04c1b4ece1 No memmove: certificate_request + server_hello_done 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f4830b5092 No memmove: ssl_parse_server_key_exchange() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
4528f3f5c0 No memmove: parse_certificate_verify() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
2114d724dc No memmove: ssl_parse_client_key_exchange() 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
f49a7daa1a No memmove: ssl_parse_certificate() 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
4abc32734e No memmove: ssl_parse_finished() 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
4a1753657c Fix missing return in error check 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
19d438f4ff Get rid of memmove for DTLS in parse_client_hello() 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
167a37632d Split two functions out of ssl_read_record() 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
990f9e428a Handle late handshake messages gracefully 2014-10-21 16:30:26 +02:00