yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 23:45:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,157 Commits 88 Branches 205 Tags 69 MiB
bb4bbbbbb4
Commit Graph

7157 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
9d12b4c849 SSL asynchronous signature: turn off by default 2018-04-24 09:36:36 +02:00
Gilles Peskine
60ee4cadce SSL asynchronous signature: basic test of recovery after error 
Add test cases where the server goes through an async operation which
fails, then the server makes a successful connection.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
f9f15ae5a1 ssl_write_server_key_exchange refactor: don't use p at all 
Use ssl->out_msglen as the cursor in ssl->out_msg throughout, rather
than switching a between pointer and an offset.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
d3eb0619a6 ssl_write_server_key_exchange refactor: minor cleanup 
Clean up some debug messages and improve some comments.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
ebd30ae205 ssl_write_server_key_exchange refactor: ssl_resume_server_key_exchange 
Continue clarifying the control flow. This gets rid of the last goto
introduced by the initial code for asynchronous signature support.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
d04d292b64 Get rid of useless handshake field out_async_start 
The location where the signature goes is now tracked via
ssl->out_msglen, which makes ssl->handshake->out_async_start redundant.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
ab50f83a93 Improve documentation of async operation start callbacks 2018-04-24 09:36:36 +02:00
Gilles Peskine
7ab013a08a ssl_write_server_key_exchange refactor: move signature_len out 
Move the writing of signature_len out of
ssl_prepare_server_key_exchange. This simplifies the control flow (one
less goto).
 2018-04-24 09:36:36 +02:00
Gilles Peskine
1004c19ed0 ssl_write_server_key_exchange refactor: don't use p in the signing phase 
This is in preparation of further splitting ssl_write_server_key_exchange
into several functions.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
184a3faa8a ssl_write_server_key_exchange refactor: create ssl_prepare_server_key_exchange 
This is in the process of splitting ssl_write_server_key_exchange
into several functions.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
3ce9b900d2 ssl_write_server_key_exchange refactor: remove dig_signed_len 
Simplify the redundant varaible dig_signed_len away.

This is in preparation for splitting ssl_write_server_key_exchange
into several functions.
 2018-04-24 09:36:36 +02:00
Gilles Peskine
3665f1db9d SSL asynchronous signature: test cases 
Add test cases for SSL asynchronous signature to ssl-opt.sh:

* Delay=0,1 to test the sequences of calls to f_async_resume
* Test fallback when the async callbacks don't support that key
* Test error injection at each stage
* Test renegotiation
 2018-04-24 09:36:36 +02:00
Gilles Peskine
4bf9a28d1d SSL asynchronous signature: first implementation 
Implement SSL asynchronous private operation for the case of a
signature operation in a server.

This is a first implementation. It is functional, but the code is not
clean, with heavy reliance on goto.
 2018-04-24 09:36:06 +02:00
Gilles Peskine
ebd652fe2d ssl_write_server_key_exchange: calculate hashlen explicitly 
The pk layer can infer the hash length from the hash type. Calculate
it explicitly here anyway because it's needed for debugging purposes,
and it's needed for the upcoming feature allowing the signature
operation to be offloaded to an external cryptographic processor, as
the offloading code will need to know what length hash to copy.
 2018-04-24 09:34:38 +02:00
Gilles Peskine
e1efdf912f ssl_write_server_key_exchange: don't hard-code max hash size 2018-04-24 09:32:29 +02:00
Gilles Peskine
e198df53a0 ssl_pick_cert: use the public key for can_do 
This is in preparation for support of external private key operations,
where there is no private key object.
 2018-04-24 09:32:29 +02:00
Gilles Peskine
9eb5e9a16e SSL asynchronous private key operation callbacks: test server 
New options in ssl_server2 to use the asynchronous private key
operation feature.

Features: resume delay to call resume more than once; error injection
at each stage; renegotiation support.
 2018-04-24 09:32:29 +02:00
Gilles Peskine
8bf79f6dc6 SSL asynchronous private key operation callbacks: interface 
New compile-time option MBEDTLS_SSL_ASYNC_PRIVATE_C, enabling
callbacks to replace private key operations. These callbacks allow the
SSL stack to make an asynchronous call to an external cryptographic
module instead of calling the cryptography layer inside the library.
The call is asynchronous in that it may return the new status code
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, in which case the SSL stack returns
and can be later called where it left off.

This commit introduces the configuration option. Later commits will
implement the feature proper.
 2018-04-24 09:32:28 +02:00
Gilles Peskine
59e83d96db Add conf parameter to mbedtls_ssl_handshake_free 
This function is declared in ssl_internal.h, so this is not a public
API change.

This is in preparation for mbedtls_ssl_handshake_free needing to call
methods from the config structure.
 2018-04-24 09:32:28 +02:00
Gilles Peskine
fe1c0937d7 ssl_write_server_key_exchange refactor: remove redundant variable n 
Remove redundant variable n, which counts in parallel to p. Having
both adds the burden of keeping them in synch for no benefit.
 2018-04-24 09:32:28 +02:00
Gilles Peskine
81d4e899a4 Don't rely on private key metadata in SSL 
In SSL, don't use mbedtls_pk_ec or mbedtls_pk_rsa on a private
signature or decryption key (as opposed to a public key or a key used
for DH/ECDH). Extract the data (it's the same data) from the public
key object instead. This way the code works even if the private key is
opaque or if there is no private key object at all.

Specifically, with an EC key, when checking whether the curve in a
server key matches the handshake parameters, rely only on the offered
certificate and not on the metadata of the private key.
 2018-04-24 09:26:03 +02:00
Rose Zadik
d35340550d
Update ecp.h 
fixed omittion
 2018-04-23 16:12:42 +01:00
Rose Zadik
c32efb3f64
Update ecp.h 
Resolved last review comment
 2018-04-23 09:38:29 +01:00
Rose Zadik
d76ac587d3
Update ecp.h 
Changes based on review comments. Waiting for responses on 2 remaining comments
 2018-04-23 06:29:34 +01:00
Rose Zadik
abc9ec73b0
Update ecdsa.h 
Merged change to MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH from other commit for merging, as requested (lines 282+283).
 2018-04-23 06:16:40 +01:00
Mohammad Azim Khan
1d3b508b82 Same ciphersuite validation in server and client hello 2018-04-20 18:54:18 +01:00
Andrzej Kurek
5462e02874 ssl_tls: Fix invalid buffer sizes during compression / decompression 
Adjust information passed to zlib to include already written data.
 2018-04-20 07:58:53 -04:00
Rose Zadik
f089fa3341
Update ecp.h 
minor spacing/comment format fixes
 2018-04-20 10:41:16 +01:00
Rose Zadik
b2e111a288
Update ecp.h 
Changes based on review comments. 
2 comments still open pending decisions
 2018-04-20 10:13:48 +01:00
Gilles Peskine
5450d1f597 Merge branch 'crypto_alt_revision' into development-restricted-proposed 2018-04-19 21:02:40 +02:00
Gilles Peskine
81021ca2da Improve ChangeLog entry 2018-04-19 20:59:06 +02:00
Gilles Peskine
f2b76cd45c Merge remote-tracking branch 'upstream-restricted/pr/461' into development-restricted-proposed 2018-04-19 17:41:39 +02:00
Rose Zadik
93f9919c26
Update cipher.h 
Fixed typo.
 2018-04-19 14:41:33 +01:00
Rose Zadik
c441f74900
Update cipher.h 
minor fix
 2018-04-19 14:38:20 +01:00
Rose Zadik
4c368e82cc
Update cipher.h 
Additional changes based on review comments
 2018-04-19 14:24:11 +01:00
Rose Zadik
826f264920
Update cipher.h 
Additional changes based on review comments
 2018-04-19 14:01:29 +01:00
Rose Zadik
f56cb34d60
Update ecp.h 
Updated based on review comment. 
One comment remains open (waiting for input)
 2018-04-19 12:49:10 +01:00
Manuel Pégourié-Gonnard
7aeb470f61 Merge remote-tracking branch 'public/pr/1234' into development-proposed 
* public/pr/1234:
  Doxygen: don't traverse symbolic links
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard
64f5adf9f9 Merge remote-tracking branch 'public/pr/1380' into development-proposed 
* public/pr/1380:
  Update ChangeLog for #1380
  Generate RSA keys according to FIPS 186-4
  Generate primes according to FIPS 186-4
  Avoid small private exponents during RSA key generation
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard
4acb0055e3 Merge remote-tracking branch 'public/pr/1518' into development-proposed 
* public/pr/1518:
  Update platform.h
  Update platform.h
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard
66d396826a Merge remote-tracking branch 'public/pr/1516' into development-proposed 
* public/pr/1516:
  Update sha512.h
 2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard
bb93c04aab Merge remote-tracking branch 'public/pr/1515' into development-proposed 
* public/pr/1515:
  Update sha256.h
  Update sha256.h
 2018-04-18 16:13:52 +02:00
Gilles Peskine
b80f04eb67 Merge remote-tracking branch 'upstream-public/pr/1514' into development-proposed 2018-04-18 16:13:30 +02:00
Gilles Peskine
2e1934ac0c Fix comment formatting to pacify check-names.sh 2018-04-18 16:08:26 +02:00
Manuel Pégourié-Gonnard
a9377336be Merge remote-tracking branch 'public/pr/1513' into development-proposed 
* public/pr/1513:
  Update rsa.h
  Update rsa.h
  Update rsa.h
 2018-04-18 11:58:53 +02:00
Manuel Pégourié-Gonnard
0392bff1b9 Merge remote-tracking branch 'public/pr/1512' into development-proposed 
* public/pr/1512:
  Update md.h
  Update md.h
 2018-04-18 11:57:50 +02:00
Manuel Pégourié-Gonnard
b3a8fe7285 Merge remote-tracking branch 'public/pr/1509' into development-proposed 
* public/pr/1509:
  Update ecdh.h
  Update ecdh.h
 2018-04-18 11:56:49 +02:00
Manuel Pégourié-Gonnard
01d72df113 Merge remote-tracking branch 'public/pr/1508' into development-proposed 
* public/pr/1508:
  Update ctr_drbg.h
  Update ctr_drbg.h
 2018-04-18 11:55:30 +02:00
Manuel Pégourié-Gonnard
7153496395 Merge remote-tracking branch 'public/pr/1507' into development-proposed 
* public/pr/1507:
  Update cmac.h
  Update cmac.h
 2018-04-18 11:54:42 +02:00
Manuel Pégourié-Gonnard
c265a25f4f Merge remote-tracking branch 'public/pr/1503' into development-proposed 
* public/pr/1503:
  Update aes.h
  Update aes.h
 2018-04-18 11:48:10 +02:00