yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-30 08:34:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,060 Commits 88 Branches 205 Tags 69 MiB
c086cce3d3
Commit Graph

150 Commits

Author SHA1 Message Date
Paul Bakker
72823091c2 Removed redundant free()s 
(cherry picked from commit 1fc7dfe2e2)
 2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates 
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
 2013-06-25 15:06:52 +02:00
Paul Bakker
2c8cdd201f x509parse_crtpath() is now reentrant and uses more portable stat() 
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
(cherry picked from commit cbfcaa9206)
 2013-06-25 15:06:51 +02:00
Paul Bakker
42c6581110 Changed x509parse_crt_der() to support adding to chain. 
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
(cherry picked from commit d6d4109adc)
 2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis 
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a8)

Conflicts:
	scripts/generate_errors.pl
 2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876 Internally split up x509parse_key() 
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6)

Conflicts:
	library/x509parse.c
 2013-06-25 15:06:50 +02:00
Paul Bakker
5ed3b34e22 x509parse_crt() now better handles PEM error situations 
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
(cherry picked from commit 6417186365)
 2013-06-24 19:09:25 +02:00
Paul Bakker
00b2860e8d pem_read_buffer() already update use_len after header and footer are read 
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e)
 2013-06-24 19:09:25 +02:00
Paul Bakker
3c2122ff9d Fixed const correctness issues that have no impact on the ABI 
(cherry picked from commit eae09db9e5)

Conflicts:
	library/gcm.c
 2013-06-24 19:09:24 +02:00
Paul Bakker
f6a19bd728 Possible resource leak on FILE* removed in X509 parse 2013-05-14 13:26:51 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module. 
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
 2013-04-07 22:00:46 +02:00
Paul Bakker
2ca8ad10a1 Made x509parse.c also work with missing hash header files 2013-02-19 13:17:38 +01:00
Paul Bakker
3497d8c7bf Do not check sig on trust-ca (might not be top) 2012-11-24 11:53:17 +01:00
Paul Bakker
9a73632fd9 - Merged changesets 1399 up to and including 1415 into 1.2 branch 2012-11-14 12:39:52 +00:00
Paul Bakker
97872aceb6 - Merged 1397 in branch for 1.2 2012-11-02 12:53:26 +00:00
Paul Bakker
4a2bd0da0f - Merged fixes 1394 and 1395 from trunk to PolarSSL 1.2 branch 2012-11-02 11:06:08 +00:00
Paul Bakker
3338b792da - Fixed WIN32 version of x509parse_crtpath() 2012-10-01 21:13:10 +00:00
Paul Bakker
5c2364c2ba - Moved from unsigned long to uint32_t throughout code 2012-10-01 14:41:15 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
b00ca42f2a - Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob 2012-09-25 12:10:00 +00:00
Paul Bakker
94a6796179 - Correctly handle MS certificate's key usage bits 2012-08-23 13:03:52 +00:00
Paul Bakker
535e97dbab - Better checking for reading over buffer boundaries 
- Zeroize altSubjectName chain memory before use
 2012-08-23 10:49:55 +00:00
Paul Bakker
cefb396a77 - Handle empty certificate subject names 2012-06-27 11:51:09 +00:00
Paul Bakker
e4791f3936 - Bugfix for Windows in cert path handling 2012-06-04 21:29:15 +00:00
Paul Bakker
8d914583f3 - Added X509 CA Path support 2012-06-04 12:46:42 +00:00
Paul Bakker
4d2c1243b1 - Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present. 2012-05-10 14:12:46 +00:00
Paul Bakker
430ffbe564 - Fixed potential heap corruption in x509_name allocation 2012-05-01 08:14:20 +00:00
Paul Bakker
ad8d354a1a - Updated RFC ref 2012-02-16 15:28:14 +00:00
Paul Bakker
8afa70dcd5 - Clean Subject Alternative Name data 2012-02-11 18:42:45 +00:00
Paul Bakker
57b12982b3 - Multi-domain certificates support wildcards as well 2012-02-11 17:38:38 +00:00
Paul Bakker
a8cd239d6b - Added support for wildcard certificates 
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
 2012-02-11 16:09:32 +00:00
Paul Bakker
b15b851d6d - Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47, found by Hugo Leisink) 2012-01-13 13:44:06 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it. 
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
 2011-12-10 21:55:01 +00:00
Paul Bakker
9304880e8a - Fixed correct printing of serial number '00' 2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706 - Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs 2011-12-05 14:22:49 +00:00
Paul Bakker
4f229e5d83 - Fixed define for Windows time functions 2011-12-04 22:11:35 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
03c7c25243 - * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets 2011-11-25 12:37:37 +00:00
Paul Bakker
cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker
cebdf17159 - Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) 2011-11-11 15:01:31 +00:00
Paul Bakker
efc302964c - Extracted ASN.1 parsing code from the X.509 parsing code. Added new module. 2011-11-10 14:43:23 +00:00
Paul Bakker
2a1c5f5382 - Minor code cleanup 2011-10-19 14:15:17 +00:00
Paul Bakker
fae618fa8b - Updated tests to reflect recent changes 2011-10-12 11:53:52 +00:00
Paul Bakker
b5a11ab80b - Added a separate CRL entry extension parsing function 2011-10-12 09:58:41 +00:00
Paul Bakker
fbc09f3cb6 - Added an EXPLICIT tag number parameter to x509_get_ext() 2011-10-12 09:56:41 +00:00
Paul Bakker
3329d1f805 - Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers 2011-10-12 09:55:01 +00:00
Paul Bakker
c4909d95f1 - Inceased maximum size of ASN1 length reads to 32-bits 2011-10-12 09:52:22 +00:00
Paul Bakker
5c721f98fd - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL 
- Minor Fix in ASN.1 comments of PrivateKeyInfo
 2011-07-27 16:51:09 +00:00
Paul Bakker
ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker
684ddce18c - Minor fixer to remove compiler warnings for ARMCC 2011-07-01 09:25:54 +00:00
Paul Bakker
27fdf46d16 - Removed deprecated casts to int for now unsigned values 2011-06-09 13:55:13 +00:00
Paul Bakker
5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker
9d781407bc - A error_strerror function() has been added to translate between error codes and their description. 
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
 2011-05-09 16:17:09 +00:00
Paul Bakker
335db3f121 - Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO 2011-04-25 15:28:35 +00:00
Paul Bakker
f4f6968a86 - Improved compile-time compatibility with mingw32 64-bit versions 2011-04-24 16:08:12 +00:00
Paul Bakker
23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker
eaa89f8366 - Do not depend on dhm code if POLARSSL_DHM_C not defined 2011-04-04 21:36:15 +00:00
Paul Bakker
66b78b2d16 - Added missing rsa_init() call in x509parse_self_test() 2011-03-25 14:22:50 +00:00
Paul Bakker
53019ae6f7 - RSASSA-PSS verification now properly handles salt lengths other than hlen 2011-03-25 13:58:48 +00:00
Paul Bakker
400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950 
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
 2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5 - Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding 
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
 - Added tests for encrypted keyfiles
 2011-02-12 14:30:57 +00:00
Paul Bakker
d61e7d98cb - Cleaned up warning-generating code 2011-01-18 16:17:47 +00:00
Paul Bakker
0f5f72e949 - Fixed doxygen syntax to standard '\' instead of '@' 2011-01-18 14:58:55 +00:00
Paul Bakker
3cccddb238 - Fixed identification of non-critical CA certificates 2011-01-16 21:46:31 +00:00
Paul Bakker
b619499eb3 - x509parse_time_expired() checks time now in addition to the existing date check 2011-01-16 21:40:22 +00:00
Paul Bakker
a056efc8f9 - Fixed serial length check 2011-01-16 21:38:35 +00:00
Paul Bakker
dd47699ba5 - Moved storing of a printable serial into a separate function 2011-01-16 21:34:59 +00:00
Paul Bakker
76fd75a3de - Improved certificate validation and validation against the available CRLs 2011-01-16 21:12:10 +00:00
Paul Bakker
74111d30b7 - Improved X509 certificate parsing to include extended certificate fields, such as Key Usage 2011-01-15 16:57:55 +00:00
Paul Bakker
b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751 - Added reading of DHM context from memory and file 2011-01-06 15:48:19 +00:00
Paul Bakker
b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker
fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker
27d661657b - Added x509_get_sig_alg() to allow easy future X509 signature algorithm determination expansion 2010-03-17 06:56:01 +00:00
Paul Bakker
ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker
9120018f3d - Added support for GeneralizedTime in X509 certificates 2010-02-18 21:26:15 +00:00
Paul Bakker
fe1aea7877 - Fixed typo in MD4 define 2009-10-03 20:09:14 +00:00
Paul Bakker
de4d2eae95 - Added handling of missing POLARSSL_MD5_C define and POLARSSL_SHA1_c define 2009-10-03 19:58:52 +00:00
Paul Bakker
77b385e91a - Updated copyright messages on all relevant files 2009-07-28 17:23:11 +00:00
Paul Bakker
c6ce838d8f - Better handling of extension parsing 2009-07-27 21:34:45 +00:00
Paul Bakker
9be19375e5 - Fill base data for x509_crl_entry in CRL correctly 
- Internal structure of sequences is not optional anymore (as per RFC)
 - nextUpdate handles optionality correct if no revokedCertificates are present.
 - x509parse_crl_info handles the case of no entries correctly
 2009-07-27 20:21:53 +00:00
Paul Bakker
635f4b4cf9 - Updated error check on optional nextUpdate in CRL 2009-07-20 20:34:41 +00:00
Paul Bakker
1e27bb24bc - Added newline at end of CRL info 2009-07-19 20:25:25 +00:00
Paul Bakker
1973e4c582 - Fixed selftest of X509parse code 2009-07-10 22:32:40 +00:00
Paul Bakker
40ea7de46d - Added CRL revocation support to x509parse_verify() 
- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code
 2009-05-03 10:18:48 +00:00
Paul Bakker
7d06ad2b52 - Fixed formatting 2009-05-02 15:53:56 +00:00
Paul Bakker
d98030e7d6 - Added prelimenary CRL parsing and info support 2009-05-02 15:13:40 +00:00
Paul Bakker
2b245ebd9f - Moved file loading to load_file 2009-04-19 18:44:26 +00:00
Paul Bakker
7c6d4a4e6b - Fixed new logic on certificate chains in x509parse_verify() 2009-03-28 20:35:47 +00:00
Paul Bakker
e9581d66b0 - Fixed logic error on end of 'full' chain 2009-03-28 20:29:25 +00:00
Paul Bakker
320a4b59a8 - Added input handling for x509parse_crt() 
- Prevented memory leak by only adding new certificate if needed in x509parse_crt()
 - Add certificate before parsing if chain is 'full' in x509parse_crt()
 2009-03-28 18:52:39 +00:00
Paul Bakker
026c03b7f4 - Made changes for better compatibility with old-style C compilers 2009-03-28 17:53:03 +00:00
Paul Bakker
4593aeadaf - Added support for RFC4055 SHA2 and SHA4 signature algorithms for 
use with PKCS#1 v1.5 signing and verification.
 - Added extra certificates to test-ca and test code to further test
   functionality of SHA2 and SHA4 signing and verification.
 - Updated other program files accordingly
 2009-02-09 22:32:35 +00:00
Paul Bakker
3681b118ec - Enlarged debug buffer to facilitate long certificate values and filenames 2009-02-07 17:14:21 +00:00
Paul Bakker
785a9eeece - Added email address to header license information 2009-01-25 14:15:10 +00:00
Paul Bakker
e0ccd0a7c3 - Updated Copyright notices 2009-01-04 16:27:10 +00:00
Paul Bakker
40e46940df - First replacement of xyssl by polarssl where needed 2009-01-03 21:51:57 +00:00
Paul Bakker
5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00