yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-24 07:05:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
789 Commits 88 Branches 205 Tags 69 MiB
835481930a
Commit Graph

789 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul Bakker
835481930a Makefile now produces a .so.X with SOVERSION in it 2014-07-07 14:13:54 +02:00
Manuel Pégourié-Gonnard
5c8434cf52 Safer buffer comparisons in the SSL modules 2014-07-07 14:10:07 +02:00
Manuel Pégourié-Gonnard
79f1ff84ed Make all hash checking in programs constant-time 2014-07-07 14:07:23 +02:00
Paul Bakker
2a8c2881f4 Check HMAC in constant-time in crypt_and_hash 2014-07-07 14:06:58 +02:00
Paul Bakker
c3ec63df42 Minor change that makes life easier for static analyzers / compilers 2014-07-07 14:06:22 +02:00
Paul Bakker
e46b17766c Make get_pkcs_padding() constant-time 2014-07-07 14:04:31 +02:00
Paul Bakker
52cb87beb7 Forced cast to prevent MSVC compiler warning 2014-07-07 13:46:10 +02:00
Paul Bakker
4c9301a7af Convert SOCKET to int to prevent compiler warnings under MSVC. 
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
 2014-07-07 13:44:30 +02:00
Paul Bakker
9ccb2116a7 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2014-07-07 13:43:31 +02:00
Paul Bakker
ff6e24710a RSA blinding: check highly unlikely cases 2014-07-07 13:34:41 +02:00
Paul Bakker
6b06502c4b Changed RSA blinding to a slower but thread-safe version 2013-10-07 12:06:29 +02:00
Paul Bakker
adace27ec9 Prepped for 1.2.10 release 2013-10-04 17:07:26 +02:00
Paul Bakker
2f1481ec73 Additional fixed to rsa.c with regards to blinding 2013-10-04 16:46:21 +02:00
Paul Bakker
178e74454f Fixed MS VC project files 2013-10-04 13:20:40 +02:00
Paul Bakker
495830dd1f Fixed ssl_pkcs11_decrypt() prototype 2013-10-04 11:01:48 +02:00
Paul Bakker
62087eed22 Fixed memory leak in rsa.c introduced in 43f9799 2013-10-04 10:57:12 +02:00
Paul Bakker
60ad84f43f Fixed release date for 1.2.9 2013-10-01 10:13:52 +02:00
Paul Bakker
e45574e7de Prepped for 1.2.9 release 2013-09-25 18:42:42 +02:00
Paul Bakker
915ee19887 Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2 2013-09-23 17:30:26 +02:00
Paul Bakker
43f9799ce6 RSA blinding on CRT operations to counter timing attacks 2013-09-23 11:23:31 +02:00
Paul Bakker
88a2264def Fixed potential file descriptor leaks 2013-09-11 13:31:55 +02:00
Paul Bakker
f65fbee52b x509_verify() now case insensitive for cn (RFC 6125 6.4) 
(cherry picked from commit a5943858d8)

Conflicts:
	ChangeLog
	library/x509parse.c
	tests/suites/test_suite_x509parse.data
 2013-09-11 13:31:55 +02:00
Paul Bakker
34b225f0ee Added C++ style extern in x509write header file 2013-09-11 13:31:55 +02:00
Paul Bakker
a565aceea1 Fixed potential memory leak when failing to resume a session 2013-09-11 13:31:53 +02:00
Paul Bakker
78020fe72c Added fixes to ChangeLog 2013-09-11 13:31:06 +02:00
Paul Bakker
a13d744d2e Fixed potential heap buffer overflow on large hostname setting 
(cherry picked from commit 75c1a6f97c)

Conflicts:
	library/ssl_tls.c
 2013-09-11 11:41:41 +02:00
Paul Bakker
fe7c24caa6 Fixed potential negative value misinterpretation in load_file() 
(cherry picked from commit 42c3ccf36e)

Conflicts:
	library/x509parse.c
 2013-09-11 11:41:41 +02:00
Paul Bakker
433fad261e Removed errant printf in x509parse_self_test() 
(cherry picked from commit dc4baf11ab)
 2013-09-11 11:32:46 +02:00
Paul Bakker
21360ca4d4 ssl_write_certificate_request() can handle empty ca_chain 2013-06-21 15:11:10 +02:00
Paul Bakker
016ea076e7 Added Security note (Advisory 2013-03) in ChangeLog 2013-06-19 11:50:30 +02:00
Paul Bakker
1d419500b0 Prepared for PolarSSL release 1.2.8 2013-06-19 11:48:04 +02:00
Paul Bakker
da7fdbd534 Fixed minor comment typo 2013-06-19 11:15:43 +02:00
Paul Bakker
602c31be23 Updated PKCS#12 define dependencies 2013-06-18 16:49:18 +02:00
Paul Bakker
db7ea6f162 Made x509parse PKCS#12 and PKCS#5 tests dependent on defines 2013-06-18 16:47:59 +02:00
Paul Bakker
14a222cef2 Moved PKCS#12 PBE functions to cipher / md layer where possible 
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).

In addition this allows for some PASSWORD_MISMATCH checking
 2013-06-18 16:35:48 +02:00
Paul Bakker
2be71faae4 Fixed values for 2-key Triple DES in cipher layer 2013-06-18 16:33:27 +02:00
Paul Bakker
b495d3a2c7 x509parse_crt() and x509parse_crt_der() return X509 password related codes 
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED

Rationale: For PKCS#8 encrypted keys the same are returned
 2013-06-17 15:58:04 +02:00
Paul Bakker
1fc7dfe2e2 Removed redundant free()s 2013-06-17 15:57:02 +02:00
Paul Bakker
ff3a4b010b Added missing free() 2013-06-17 15:56:12 +02:00
Paul Bakker
6fa5488779 Centralized module option values in config.h 
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
 2013-06-17 15:44:03 +02:00
Paul Bakker
1fd4321ba2 PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates 
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
 2013-06-17 15:14:42 +02:00
Paul Bakker
19bd297dc8 PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated 
old PBKDF2 module.
 2013-06-14 12:06:45 +02:00
Paul Bakker
52b845be34 Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler 2013-06-14 11:37:37 +02:00
Paul Bakker
67812d396c Fixed location of brackets in pkcs12.c 2013-06-14 11:35:09 +02:00
Paul Bakker
cbfcaa9206 x509parse_crtpath() is now reentrant and uses more portable stat() 
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
 2013-06-13 09:20:25 +02:00
Paul Bakker
d6d4109adc Changed x509parse_crt_der() to support adding to chain. 
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
 2013-06-13 09:02:09 +02:00
Paul Bakker
4087c47043 Added mechanism to provide alternative cipher / hash implementations 
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
 2013-06-12 16:57:46 +02:00
Paul Bakker
9691bbe9b3 Make sure polarssl/config.h is included at the start 2013-06-12 16:33:17 +02:00
Paul Bakker
cf6e95d9a8 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis 
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
 2013-06-12 13:18:15 +02:00
Paul Bakker
65a1909dc6 Internally split up x509parse_key() 
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
 2013-06-06 21:17:08 +02:00