mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 23:35:40 +01:00

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	1c38550bbd	Skip to trusted certs early in the chain This helps in the case where an intermediate certificate is directly trusted. In that case we want to ignore what comes after it in the chain, not only for performance but also to avoid false negatives (eg an old root being no longer trusted while the newer intermediate is directly trusted). see #220 backport of `fdbdd72`	2015-09-01 18:34:15 +02:00
Nicholas Wilson	bc07c3a1f0	fix minor bug in path_cnt checks If the top certificate occurs twice in trust_ca (for example) it would not be good for the second instance to be checked with check_path_cnt reduced twice!	2015-05-13 10:40:30 +01:00
Manuel Pégourié-Gonnard	159c524df8	Fix undefined behaviour in x509	2015-04-30 11:21:18 +02:00
Manuel Pégourié-Gonnard	39a183a629	Add x509_crt_verify_info()	2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard	fe44643b0e	Rename website and repository	2015-03-06 13:17:10 +00:00
Mansour Moufid	99b9259f76	Fix whitespace of `369e6c20`.	2015-02-16 10:43:52 +00:00
Mansour Moufid	c531b4af3c	Apply the semantic patch rm-malloc-cast.cocci. for dir in library programs; do spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \ --in-place; done	2015-02-16 10:43:52 +00:00
Rich Evans	fac657fd52	modify library/x509*.c to use polarssl_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	00ab47026b	cleanup library and some basic tests. Includes, add guards to includes	2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard	555fbf8758	Support composite RDNs in X.509 certs parsing	2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard	860b51642d	Fix url again	2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard	7cbe1318d8	Fix more stdio inclusion issues	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	acdb9b9525	Fix unchecked error code on Windows	2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard	085ab040aa	Fix website url to use https.	2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard	9698f5852c	Remove maintainer line.	2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard	19f6b5dfaa	Remove redundant "all rights reserved"	2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard	a658a4051b	Update copyright	2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard	b4fe3cb1fa	Rename to mbed TLS in the documentation/comments	2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard	967a2a5f8c	Change name to mbed TLS in the copyright notice	2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard	9439f93ea4	Use pk_load_file() in X509 Saves a bit of ROM. X509 depends on PK anyway.	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	fd6c85c3eb	Set a compile-time limit to X.509 chain length	2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard	e5b0fc1847	Make malloc-init script a bit happier	2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard	f631bbc1da	Make x509_string_cmp() iterative	2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard	8a5e3d4a40	Forbid repeated X.509 extensions	2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard	b134060f90	Fix memory leak with crafted X.509 certs	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	ef9a6aec51	Allow comparing name with mismatched encodings	2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard	88421246d8	Rename a function	2014-10-17 12:42:30 +02:00
Paul Bakker	5a5fa92bfe	x509_crt_parse() did not increase total_failed on PEM error Result was that PEM errors in files with multiple certificates were not detectable by the user.	2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard	d249b7ab9a	Restore ability to trust non-CA selfsigned EE cert	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	c4eff16516	Restore ability to use v1 CA if trusted locally	2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard	1c082f34f3	Update description and references for X.509 files	2014-06-23 11:52:59 +02:00
Paul Bakker	66d5d076f7	Fix formatting in various code to match spacing from coding style	2014-06-17 17:06:47 +02:00
Paul Bakker	d8bb82665e	Fix code styling for return statements	2014-06-17 14:06:49 +02:00
Paul Bakker	3461772559	Introduce polarssl_zeroize() instead of memset() for zeroization	2014-06-14 16:46:03 +02:00
Paul Bakker	c2ff2083ee	Merge parsing and verification of RSASSA-PSS in X.509 modules	2014-06-12 22:02:47 +02:00
Manuel Pégourié-Gonnard	d1539b1e88	Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT	2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard	53882023e7	Also verify CRLs signed with RSASSA-PSS	2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard	46db4b070c	Use pk_verify_ext() in x509_crt.c	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	bf696d030b	Make sig_opts non-optional in X509 structures This simplifies the code.	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	dddbb1d1eb	Rm sig_params from various X509 structures	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	9113603b6b	Use sig_opts in x509_sig_alg_gets()	2014-06-05 15:41:39 +02:00
Manuel Pégourié-Gonnard	f75f2f7c46	Add sig_opts member to X509 structures	2014-06-05 15:14:59 +02:00
Manuel Pégourié-Gonnard	920e1cd5e2	Add basic PSS cert verification Still todo: - handle MGF-hash != sign-hash - check effective salt len == announced salt len - add support in the PK layer so that we don't have to bypass it here	2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard	cac31eed9e	Factor common code for printing sig_alg	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	cf975a3857	Factor out some common code	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	9df5c96214	Fix dependencies	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	e76b750b69	Finish parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	f346bab139	Start parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	59a75d5b9d	Basic parsing of certs signed with RSASSA-PSS	2014-06-02 16:10:29 +02:00
Paul Bakker	14b16c62e9	Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker) Move strlen out of for loop. Remove redundant null checks before free.	2014-05-28 11:34:33 +02:00

1 2 3

103 Commits