yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-27 09:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,460 Commits 88 Branches 205 Tags 69 MiB
e4875e015f
Commit Graph

1476 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
013198f30f DTLS: avoid dropping too many records 
When the peer retransmits a flight with many record in the same datagram, and
we already saw one of the records in that datagram, we used to drop the whole
datagram, resulting in interoperability failure (spurious handshake timeouts,
due to ignoring record retransmitted by the peer) with some implementations
(issues with Chrome were reported).

So in those cases, we want to only drop the current record, and look at the
following records (if any) in the same datagram. OTOH, this is not something
we always want to do, as sometime the header of the current record is not
reliable enough.

This commit introduces a new return code for ssl_parse_header() that allows to
distinguish if we should drop only the current record or the whole datagram,
and uses it in mbedtls_ssl_read_record()

fixes #345
 2015-12-03 19:22:55 +01:00
Simon Butcher
ef43d41f67 Changed version number to 2.1.3 
Changed for library
 2015-11-04 22:08:33 +00:00
Manuel Pégourié-Gonnard
7a40dc686f Disable reportedly broken assembly of Sparc(64) 
fixes #292
 2015-11-02 05:57:49 +09:00
Manuel Pégourié-Gonnard
9f44a80ea3 Try to prevent some misuse of RSA functions 
fixes #331
 2015-10-30 10:57:43 +01:00
Manuel Pégourié-Gonnard
93080dfacf Fix missing check for RSA key length on EE certs 
- also adapt tests to use lesser requirement for compatibility with old
  testing material
 2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard
f9945bc283 Fix #ifdef inconsistency 
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.

Conflicts:
	ChangeLog
 2015-10-28 13:16:33 +01:00
Manuel Pégourié-Gonnard
1cb668cf0f ECHDE-PSK does not use a certificate 
fixes #270
 2015-10-28 13:15:12 +01:00
Manuel Pégourié-Gonnard
d113b8e89d Move all KEY_EXCHANGE__ definitions in one place 2015-10-28 13:15:01 +01:00
Manuel Pégourié-Gonnard
a6925c502d Fix typo in documentation 2015-10-27 10:28:49 +01:00
Simon Butcher
759b6d9df6 Corrected misleading fn description in ssl_cache.h 
Mistake in comments spotted by Andris Mednis
 2015-10-27 10:28:24 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2 
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
 2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
c80a74f734 Merge branch 'development' into development-restricted 
* development:
  Add 'inline' workaround where needed
 2015-10-05 16:30:53 +01:00
Manuel Pégourié-Gonnard
2ac9c60838 Add 'inline' workaround where needed 
Was previously using the workaround from md.h
 2015-10-05 16:18:23 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted 
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
 2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
2d7083435d Fix references to non-standard SIZE_T_MAX 
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
 2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard
899ac849d0 Merge branch 'development' into development-restricted 
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
 2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
cb6af00e2a Add missing warning in doc 
Found by Nicholas Wilson

fixes #288
 2015-10-05 12:12:39 +01:00
Manuel Pégourié-Gonnard
5a2e389811 Remove inline workaround when not useful 
This header doesn't have nay inline function any more
 2015-10-05 11:55:39 +01:00
Manuel Pégourié-Gonnard
0223ab9d38 Fix macroization of inline in C++ 
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
 2015-10-05 11:41:36 +01:00
Simon Butcher
6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Manuel Pégourié-Gonnard
ef388f168d Merge branch 'development' into development-restricted 
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
 2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher
9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Simon Butcher
89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras
588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher
5793e7ef01 Merge 'development' into iotssl-411-port-reuse 
Conflicts:
	ChangeLog
 2015-09-16 15:25:53 +01:00
Simon Butcher
1a57af1607 Update ssl.h 
Typo
 2015-09-11 17:14:16 +01:00
Simon Butcher
4f6882a8a3 Update config.h 
Typo in RFC x-ref comment.
 2015-09-11 17:12:46 +01:00
Manuel Pégourié-Gonnard
ddfe5d20d1 Tune dependencies 
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
 2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard
62c74bb78a Stop wasting resources 
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
 2015-09-09 11:22:52 +02:00
Nicholas Wilson
2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile 
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
 2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard
222cb8db22 Tune related documentation while at it 2015-09-08 15:43:59 +02:00
Manuel Pégourié-Gonnard
3a2a4485d4 Update documentation 2015-09-08 15:36:09 +02:00
Manuel Pégourié-Gonnard
be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard
26d227ddfc Add config flag for support of client port reuse 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
5f5e0ec3f1 Improve mbedtls_ssl_write() documentation 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
a2cda6bfaf Add mbedtls_ssl_get_max_frag_len() 
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
 2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
bb83844a1d Clarify that there are two SSL I/O buffers 2015-08-31 12:46:01 +02:00
Manuel Pégourié-Gonnard
46c4fa16ab Fix missing casts on return 
closes #236
 2015-08-12 09:27:55 +02:00
Manuel Pégourié-Gonnard
e2b0efe24b Separate license from comments in config.h 2015-08-11 10:38:37 +02:00
Manuel Pégourié-Gonnard
ac50fc5e2f Fix typo in doc 2015-08-10 13:07:09 +02:00
Manuel Pégourié-Gonnard
854dab96fe Fix the fix for armcc5 --gnu 
Only exclude armcc5, not armcc6.
 2015-08-10 12:11:31 +02:00
Manuel Pégourié-Gonnard
32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
43569a93cc Use #ifdef rather than patch for target_config.h 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
63e7ebaaa1 Add material for generating yotta module 2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard
e14dec68ea Fix stupid typo in previous commit 2015-08-04 22:49:33 +02:00
Manuel Pégourié-Gonnard
f659f0c214 Disable Padlock code with ASan 
We're getting build errors with Clang 3.5.0 on our Debian Jessie buildslave:

library/padlock.c:99:10: error: inline assembly requires more registers than available
 2015-08-04 22:19:05 +02:00
Manuel Pégourié-Gonnard
e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
10c767488b Adjust rename/compat list 2015-07-15 11:07:26 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
1409616d9c Fix one renaming in the list 
Found by Simon while testing the upgrade guide
 2015-07-09 09:17:18 +01:00
Manuel Pégourié-Gonnard
20af64dc2c Still need to #define inline for MSVC 
I only tested with VS2015 earlier, but previous versions apparently still
don't know that standard C99 keyword though it's documented on MSDN...
 2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard
052a6c9cfe Add mbedtls_md_clone() 2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard
16d412f465 Add md/shaXXX_clone() API 
Will be used in the SSL/TLS modules
 2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard
7893103154 Remove 1024 bits DHM params and add one 4096 bit 2015-07-03 17:06:39 +02:00
Manuel Pégourié-Gonnard
7c3b4ab6f2 Fix typos in comments 2015-07-02 17:59:52 +02:00
Manuel Pégourié-Gonnard
5791109707 Make the hardclock test optional 
Known to fail on VMs (such as the buildbots), see eg
http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/
 2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard
9bd0afdb22 Add guards for closed socket in net.c 
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.

This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
 2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard
2505528be4 Rm obsolete defines for inline wiht MSVC 
The "inline" keyword is supported since Visual Studio 2005 according to MSDN,
and we require Visual Studio 2010 or higher.
 2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard
abc729e664 Simplify net_accept() with UDP sockets 
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
 2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free() 
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
 2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard
91895853ac Move from naked int to a structure in net.c 
Provides more flexibility for future changes/extensions.
 2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard
a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard
b74c245a20 Rework debug to not need dynamic alloc 
But introduces dependency on variadic macros
 2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard
9db2887672 Actually enable fixed snprintf on windows 2015-06-26 11:04:08 +02:00
Manuel Pégourié-Gonnard
dc54ff8578 Improve documentation about SSL ticket encryption 2015-06-25 12:44:46 +02:00
Manuel Pégourié-Gonnard
216a1831de Fix whitespace in CMakeLists.txt 
- all spaces no tabs
- indent with 4 spaces everywhere
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
53585eeb17 Remove test DHM params from certs.c 
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
0761733c1b Fix potential NULL dereference 
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.
 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
c0d749418b Make 'port' a string in NET module 
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
e244f9ffc0 Improve doc about length of strings written 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
d23f593737 Avoid static buffer in debug module 
Caused issues in threading situations
 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
1cd10adc7c Update prototype of x509write_set_key_usage() 
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
7320eb46d4 Remove references to some Montgomery curves 
After all it looks like those won't become standard.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
e7e89844d6 Fix and document corner-cases of time checking 2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard
cdc26ae099 Add mbedtls_ssl_set_hs_authmode 
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
 2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard
1685368408 Rationalize snprintf() usage in X.509 modules 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
6c0c8e0d3d Include fixed snprintf for Windows in platform.c 
Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the
broken MS version by default too.
 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
8ba88f0460 Fix stupid typo in documentation 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
7580ba475d Add a concept of entropy source strength. 
The main goal is, we want and error if cycle counter is the only source.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
3f77dfbd52 Add MBEDTLS_ENTROPY_HARDWARE_ALT 
Makes it easier for an external module to plug its hardware entropy collector.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
bf82ff0209 Fix entropy thresholds 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE 
First one means we have time() but it may not return the actual wall clock
time, second means it does.
 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
097c7bb05b Rename relevant global symbols from size to bitlen 
Just applying rename.pl with this file:

mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
 2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard
fb317c5221 Rename parameter in a x509 helper 2015-06-18 16:41:13 +02:00
Manuel Pégourié-Gonnard
39a48f4934 Internal renamings in PK 
+ an unrelated comment in SSL
 2015-06-18 16:06:55 +02:00
Manuel Pégourié-Gonnard
12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard
797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
b8186a5e54 Rename len to bitlen in function parameters 
Clarify a few comments too.
 2015-06-18 14:58:58 +02:00