Commit graph

1885 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 796c6f3aff Countermeasure against "triple handshake" attack 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard fdf3f0e671 Avoid "unreachable code" warning 2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard 2a2ae642d8 Fix forgotten curves in #ifdef 2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard 6b1e207081 Fix verion-major intolerance 2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard c9093085ed Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
This reverts commit ab50d8d30c, reversing
changes made to e31b1d992a.
2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard 6df09578bb Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic"
This reverts commit 9eae7aae80.
2014-02-12 09:29:05 +01:00
Paul Bakker f2561b3f69 Ability to provide alternate timing implementation 2014-02-06 15:32:26 +01:00
Paul Bakker 47703a0a80 More entropy functions made thread-safe (add_source, update_manual, gather) 2014-02-06 15:01:20 +01:00
Paul Bakker 9eae7aae80 Mutex call in x509_crt.c depended on PTHREAD specific instead of generic
threading
2014-02-06 14:51:53 +01:00
Paul Bakker 6a28e722c9 Merged platform compatibility layer 2014-02-06 13:44:19 +01:00
Paul Bakker 0910f32ee3 Fixed compile warning (in test-ref-configs) 2014-02-06 13:41:18 +01:00
Paul Bakker 119602bdde Typo fix in memory_buffer_alloc.c 2014-02-06 13:20:19 +01:00
Paul Bakker defc0ca337 Migrated the Memory layer to the Platform layer
Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make
sure current code will not break on new version.
2014-02-06 13:20:17 +01:00
Paul Bakker 7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Paul Bakker 747a83a0f7 Platform abstraction layer for memory, printf and fprintf 2014-02-06 13:15:25 +01:00
Paul Bakker ab50d8d30c Merged RSA-PSS support in Certificate, CSR and CRL 2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard f07031aa98 debug_ecp: don't print Z, always 1 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard f6dc5e1d16 Remove temporary debug code 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard c3f6b62ccc Print curve name instead of size in debugging
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard ab24010b54 Enforce our choice of allowed curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 7f38ed0bfa ssl_set_curves is no longer ECDHE only 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard cd49f76898 Make ssl_set_curves() work client-side too. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard ac7194133e Renamings and other fixes 2014-02-06 10:28:38 +01:00
Gergely Budai e40c469ad3 The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[]. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard de05390c85 Rename ecdh_curve_list to curve_list 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 5de2580563 Make ssl_set_ecdh_curves() a compile-time option 2014-02-06 10:28:38 +01:00
Gergely Budai 987bfb510b Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard fbf0915404 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-02-05 17:01:24 +01:00
Paul Bakker 5fb8efe71e Merged HMAC-DRBG code 2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard 6e8e34d61e Fix ecp_gen_keypair()
Too few tries caused failures for some curves (esp. secp224k1)
2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard b05db2a6aa Save memory by not storing the HMAC key 2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard cf38367f45 Fix HMAC_DRBG and RIPEMD160 error codes 2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard 446ee6618f Add LCOV_EXCLUDE_LINE on some IO errors 2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard b3b205e081 Clean up details in ctr_drbg_selftest() 2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard 79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard 48bc3e81da Add hmac_drbg_{write,update}_seed_file() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard efc8d8078b Use safer names for macros 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 6e897c2a59 Add more checks and references 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard d742a032f4 Use md_hmac_reset() when possible 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 658dbed080 Add automatic periodic reseeding 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard af786ff6cc Add hmac_drbg_set_prediction_resistance() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 8fc484d1df Add hmac_drbg_reseed() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 4e669c614d Add hmac_drbg_set_entropy_len() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard fe34a5fb83 Add entropy callbacks to HMAC_DRBG 2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard 8208d167da Add hmac_random_with_add() 2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard 7845fc06c9 Use new HMAC_DRBG module for deterministic ECDSA 2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard 490bdf3928 Add minimalistic HMAC_DRBG implementation
(copied from ECDSA)
2014-01-30 10:58:48 +01:00
Paul Bakker 2aca241425 Ready for release 1.3.4 2014-01-27 11:59:30 +01:00
Paul Bakker 42099c3155 Revert "Add pk_rsa_set_padding() and rsa_set_padding()"
This reverts commit b4fae579e8.

Conflicts:
	library/pk.c
	tests/suites/test_suite_pk.data
	tests/suites/test_suite_pk.function
2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard 27b93ade6e Factor common code for printing sig_alg 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 5cac583482 Factor out some common code 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 41cae8e1f9 Parse CSRs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 5eeb32b552 Parse CRLs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard ce7c6fd433 Fix dependencies 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard b7de86d834 More checks for length match in rsassa-pss params 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 3c1e8b539c Finish parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard d9fd87be33 Start parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard b1d4eb16e4 Basic parsing of certs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Paul Bakker 556efba51c Added AES CFB8 mode 2014-01-24 15:38:12 +01:00
Paul Bakker 80025417eb net_is_block() renamed to net_would_block() and corrected behaviour on
non-blocking sockets

net_would_block() now does not return 1 if the socket is blocking.
2014-01-23 21:00:57 +01:00
Paul Bakker c2024f4592 Added MPI_CHK around unguarded mpi calls 2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard 8e205fc0bc Fix potential buffer overflow in suported_curves_ext 2014-01-23 17:27:10 +01:00
Paul Bakker 9f3c7d7278 Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det() 2014-01-23 16:11:14 +01:00
Paul Bakker 18e9f3282b Added missing static to md_info_by_size() in ecdsa.c 2014-01-23 16:08:38 +01:00
Paul Bakker bf98c3dd11 Merged deterministic ECDSA
Conflicts:
	library/ecdsa.c
2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard dfab4c1193 Add forgotten #ifdef and depends_on 2014-01-22 16:01:06 +01:00
Paul Bakker 5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker 61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Paul Bakker 0ac99ca7bc Merged support for secp224k1, secp192k1 and secp25k1 2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard b4fae579e8 Add pk_rsa_set_padding() and rsa_set_padding() 2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard 7c59363a85 Remove a few dead stores 2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard 9e987edf9f Fix potential memory leak in bignum selftest 2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard fd6a191381 Fix misplaced initialisation.
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard 073f0fa2fb Fix missing error checking in gcm 2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard 280f95bd00 Add #ifs arround ssl_ciphersuite_uses_XXX() 2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard 7cfdcb8c7f Add a length check in ssl_derive_keys() 2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard 9af7d3a35b Add fast reduction for the other Koblitz curves 2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard 8887d8d37c Add mod_p256k1
Makes secp256k1 about 4x faster
2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard ea499a7321 Add support for secp192k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 0a56c2c698 Fix bug in ecdh_calc_secret()
Only affects curves with nbits != pbits (currently only secp224k1)
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 5304812b2d Fix theoretical compliance issue in ECDSA
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 18e3ec9b4d Add support for secp224k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard e4d47a655b Add RIPEMD-160 to the generic MD layer 2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard ff40c3ac34 Add HMAC support to RIPEMD-160 2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard cab4a8807c Add RIPEMD-160 (core functions) 2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard 9bcff3905b Add OIDs and TLS IDs for prime Koblitz curves 2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard f51c8fc353 Add support for secp256k1 arithmetic 2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard 65ad3e4daf Use deterministic ECDSA in the PK layer 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard 5e6edcfd96 Add fallback for md_alg == NONE to ecdsa_sign_det() 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard 937340bce0 Add ecdsa_write_signature_det() 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard f42bca6da0 Little HMAC_DRBG refactoring 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard 4daaef7e27 Add ecdsa_sign_det() with test vectors 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard 461d416892 Add minified HMAC_DRBG for deterministic ECDSA 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard e7072f8d11 Fix theoretical compliance issue in ECDSA
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard c9573998ca Fix unchecked error codes in ecp_gen_keypair() 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard 79f73b96d9 Remove bias in EC private key generation 2014-01-06 10:19:35 +01:00
Paul Bakker c78c8422c2 Added failure stub for uninitialized POLARSSL_THREADING_ALT functions 2013-12-31 11:55:27 +01:00
Paul Bakker a8fd3e31ed Removed POLARSSL_THREADING_DUMMY option 2013-12-31 11:54:08 +01:00
Paul Bakker 4de44aa0ae Rewrote check to prevent read of uninitialized data in
rsa_rsassa_pss_verify()
2013-12-31 11:43:01 +01:00
Paul Bakker 6992eb762c Fixed potential overflow in certificate size in ssl_write_certificate() 2013-12-31 11:38:33 +01:00
Paul Bakker 6ea1a95ce8 Added missing MPI_CHK() around some statements 2013-12-31 11:17:14 +01:00
Paul Bakker 5bc07a3d30 Prepped for 1.3.3 2013-12-31 10:57:44 +01:00
Paul Bakker 00f5c52bfe Added cast to socket() return value to prevent Windows warning 2013-12-31 10:45:16 +01:00
Paul Bakker c73879139e Merged ECP memory usage optimizations 2013-12-31 10:33:47 +01:00
Paul Bakker 53e1513fea Initialize ebx and edx in padlock functions 2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard 26bc1c0f5d Fix a few unchecked return codes in EC 2013-12-30 19:33:33 +01:00
Paul Bakker 93759b048f Made AES-NI bit-size specific key expansion functions static 2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard 9e4191c3e7 Add another option to reduce EC memory usage
Also document speed/memory trade-offs better.
2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard 70896a023e Add statistics about number of allocated blocks 2013-12-30 19:16:05 +01:00
Paul Bakker ec4bea7eee Forced cast to unsigned int for %u format in ecp_selftest() 2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard 1f789b8348 Lessen peak memory usage in EC by freeing earlier
Cuts peak usage by 25% :)
2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard 72c172a13d Save some small memory allocations inside ecp_mul() 2013-12-30 16:04:55 +01:00
Paul Bakker f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker 92bcadb110 Removed 'z' length modifier from low-value size_t in ecp_selftest() 2013-12-30 15:37:17 +01:00
Paul Bakker e7f5133590 Fixed superfluous return value in aesni.c 2013-12-30 15:32:02 +01:00
Paul Bakker 0d0de92156 Only specify done label in aes.c when AES-NI is possible 2013-12-30 15:29:04 +01:00
Paul Bakker 956c9e063d Reduced the input / output overhead with 200+ bytes and covered corner
case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard d4588cfb6a aesni_gcm_mult() now returns void 2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard bfa3c9a85f Remove temporary code 2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard 23c2f6fee5 Add AES-NI key expansion for 192 bits 2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard 4a5b995c26 Add AES-NI key expansion for 256 bits 2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard 47a3536a31 Add AES-NI key expansion for 128 bits 2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard 01e31bbffb Add support for key inversion using AES-NI 2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard 80637c7520 Use aesni_gcm_mult() if available 2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard d333f67f8c Add aesni_gcm_mult() 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 9d57482280 Add comments on GCM multiplication 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 8eaf20b18d Allow detection of CLMUL 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 5b685653ef Add aesni_crypt_ecb() and use it 2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard 92ac76f9db Add files for (upcoming) AES-NI support 2013-12-25 13:03:26 +01:00
Paul Bakker 1e5369c7fa Variables in proper block or within proper defines in ssl_decrypt_buf() 2013-12-19 16:40:57 +01:00
Paul Bakker 0c0476f92d Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED 2013-12-19 16:20:53 +01:00
Paul Bakker 1a56fc96a3 Fixed x509_crt_parse_path() bug on Windows platforms 2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard 1321135758 Fix MingW version issue 2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard ee5db1d6b9 Fix typo in previous commit 2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard 6a398d4234 Add missing header for windows 2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard 173402bb61 net_prepare() returns int 2013-12-17 15:57:05 +01:00
Paul Bakker 5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard fd6b4cc1db Add forgotten SO_REUSEADDR option 2013-12-17 13:59:01 +01:00
Paul Bakker 5ab68ba679 Merged storing curves fully in ROM 2013-12-17 13:11:18 +01:00
Paul Bakker fdf946928d Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites 2013-12-17 13:10:27 +01:00
Paul Bakker 77e257e958 Fixed bad check for maximum size of fragment length index 2013-12-17 13:09:12 +01:00
Paul Bakker 6c21276342 Place olen initalization after reference check in cipher_update() 2013-12-17 13:09:12 +01:00
Paul Bakker 6f0636a09f Potential memory leak in ssl_ticket_keys_init() 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard 6e315a9009 Adapt net_accept() to IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 389ce63735 Add IPv6 support to net_bind() 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 10934de1ca Adapt net_connect() for IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 2e5c3163db Factor our some code in net.c 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 5538970d32 Add server support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard d18cc57962 Add client-side support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard cdff3cfda3 Add ecdh_get_params() to import from an EC key 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard 25781b22e3 Add ECDH_RSA and ECDH_ECDSA ciphersuites
(not implemented yet)
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard 69ab354239 Fix bug from stupid typo 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 14a96c5d8b Avoid wasting memory with some curves 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 95b45b7bb2 Rename macros 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard baee5d4157 Add previously forgotten #ifdef's 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 81e1b102dc Rm a few unneeded variables 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 1f82b041e7 Adapt ecp_group_free() to static constants 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 73cc01d7fa Remove last non-static parts of known EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 731d08b406 Start using constants from ROM for EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard c72ac7c3ef Fix SSLv3 handling of SHA-384 suites
Fixes memory corruption, introduced in
a5bdfcd (Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Paul Bakker fef3c5a652 Fixed typo in POLARSSL_PKCS1_V15 in rsa.c 2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard 93f41dbdfd Fix possible issue in corner-case for ecp_mul_mx() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 7a949d3f5b Update comments 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard d962273594 Add #ifdef's for curve types 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 7c94d8bcab WIP #ifdef's 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard b6f45a616c Avoid potential leak in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard a60fe8943d Add mpi_safe_cond_swap() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 97871ef236 Some operations are not supported with Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 3d7053a2bb Add ecp_mod_p255(): Curve25519 about 4x faster now 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 357ff65a51 Details in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard fe0af405f9 Adapt ecp_gen_keypair() to Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard a0179b8c4a Change ecp_mul to handle Curve25519 too 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 312d2e8ea2 Adapt key checking functions for Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 661536677b Add Curve25519 to known groups 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard 3afa07f05b Add coordinate randomization for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard d9ea82e7d9 Add basic arithmetic for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard 3c0b4ea97e Rename a few functions 2013-12-05 15:58:37 +01:00
Paul Bakker 498fd354c6 Added missing inline definition for other platforms to ecp_curves.c 2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard d5e0fbe1a3 Remove now useless function 2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard 3ee90003c9 Make internal functions static again + cosmetics 2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard 9854fe986b Convert curve constants to binary
Makes source longer but resulting binary smaller
2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard 32b04c1237 Split ecp.c 2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard 43863eeffc Declare internal variables static in ecp.c 2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard d35e191434 Drop useless include in ecp.c 2013-12-02 16:34:24 +01:00
Paul Bakker 9dc53a9967 Merged client ciphersuite order preference option 2013-12-02 14:56:27 +01:00
Paul Bakker 014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Paul Bakker 4040d7e95c Merged more constant-time checking in RSA 2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard 1a9f2c7245 Add option to respect client ciphersuite order 2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard 011a8db2e7 Complete refactoring of ciphersuite choosing 2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard 3252560e68 Move some functions up 2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard 59b81d73b4 Refactor ciphersuite selection for version > 2 2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard 0267e3dc9b Add ecp_curve_info_from_name() 2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard 104ee1d1f6 Add ecp_genkey(), prettier wrapper 2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard 27290daf3b Check PKCS 1.5 padding in a more constant-time way
(Avoid branches that depend on secret data.)
2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard ab44d7ecc3 Check OAEP padding in a more constant-time way 2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard a5cfc35db2 RSA-OAEP decrypt: reorganise code 2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard 5ad68e42e5 Mutex x509_crt_parse_path() when pthreads is used 2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard 964bf9b92f Quit using readdir_r()
Prone to buffer overflows on some platforms.
2013-11-28 18:07:39 +01:00
Paul Bakker 76f03118c4 Only compile with -Wmissing-declarations and -Wmissing-prototypes in
library, not tests and programs
2013-11-28 17:20:04 +01:00
Paul Bakker 88cd22646c Merged ciphersuite version improvements 2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard da1ff38715 Don't accept CertificateRequest with PSK suites 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard dc953e8c41 Add missing defines/cases for RSA_PSK key exchange 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard c57b654a3e Use t_uint rather than uintXX_t when appropriate 2013-11-26 15:19:56 +01:00
Paul Bakker 3209ce3692 Merged ECP improvements 2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard 20b9af7998 Fix min_version (TLS 1.0) for ECDHE-PSK suites 2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard a5bdfcde53 Relax some SHA2 ciphersuite's version requirements
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)

Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard 96c7a92b08 Change mpi_safe_cond_assign() for more const-ness 2013-11-25 18:28:53 +01:00
Paul Bakker e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker 45f457d872 Reverted API change for mpi_is_prime() 2013-11-25 14:26:52 +01:00
Paul Bakker 8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard ddf7615d49 gen_prime: check small primes early (3x speed-up) 2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard 378fb4b70a Split mpi_is_prime() and make its first arg const 2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard 0160eacc82 gen_prime: ensure X = 2 mod 3 -> 2.5x speedup 2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard 711507a726 gen_prime: ensure X = 3 mod 4 always (2x speed-up) 2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard 3e3d2b818c Fix bug in mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 918148193d Enhance ecp_selftest 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard d728350cee Make memory access pattern constant 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard aade42fd88 Change method for making M odd in ecp_mul()
- faster
- avoids M >= N (if m = N-1 or N-2)
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 36daa13d76 Misc details 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 469a209334 Rm subtraction from ecp_add_mixed() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 01fca5e882 Do point inversion without leaking information 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 71c2c21601 Add mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 44aab79022 Update bibliographic references 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 7f762319ad Use mpi_shrink() in ecp_precompute() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 5868163e07 Add mpi_shrink() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard e282012219 Spare some memory 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard edc1a1f482 Small code cleanups 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard ff27b7c968 Tighten ecp_mul() validity checks 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 09ceaf49d0 Rm multiplication using NAF
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 04a0225388 Optimize w in the comb method 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard 70c14372c6 Add coordinate randomization back 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard c30200e4ce Fix bound issues 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard 101a39f55f Improve comb method (less precomputed points) 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard d1c1ba90ca First version of ecp_mul_comb() 2013-11-21 21:56:20 +01:00
Paul Bakker a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters)
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Steffan Karger c245834bc4 Link against ZLIB when zlib is used
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:45:48 +01:00
Steffan Karger 28d81a009c Fix pkcs11.c to conform to PolarSSL 1.3 API.
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Paul Bakker 08b028ff0f Prevent unlikely NULL dereference 2013-11-19 10:42:37 +01:00
Paul Bakker b076314ff8 Makefile now produces a .so.X with SOVERSION in it 2013-11-05 11:27:12 +01:00
Paul Bakker f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker 0333b978fa Handshake key_cert should be set on first addition to the key_cert chain 2013-11-04 17:08:28 +01:00
Paul Bakker 993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Paul Bakker 37ce0ff185 Added defines around renegotiation code for SSL_SRV and SSL_CLI 2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard 31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard 6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard 9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard 214eed38c7 Make ssl_renegotiate the only interface
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard caed0541a0 Allow ssl_renegotiate() to be called in a loop
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard e5e1bb972c Fix misplaced initialisation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker 0d7702c3ee Minor change that makes life easier for static analyzers / compilers 2013-10-29 16:18:35 +01:00
Paul Bakker 6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker 7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard 178d9bac3c Fix ECDSA corner case: missing reduction mod N
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker 60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker 50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker 6a6087e71d Added missing inline definition for MSCV and ARM environments 2013-10-28 18:53:08 +01:00
Paul Bakker 7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker 1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker 3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard 1001e32d6f Fix return value of ecdsa_from_keypair() 2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard 21ef42f257 Don't select a PSK ciphersuite if no key available 2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard 3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Paul Bakker 45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker 677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard e68bf171eb Make get_zeros_padding() constant-time 2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard 6c32990114 Make get_one_and_zeros_padding() constant-time 2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard d17df51277 Make get_zeros_and_len_padding() constant-time 2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard f8ab069d6a Make get_pkcs_padding() constant-time 2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard a8a25ae1b9 Fix bad error codes 2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard 7109624aef Skip MAC computation/check when GCM is used 2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard 8866591cc5 Don't special-case NULL cipher in ssl_tls.c 2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard 126a66f668 Simplify switching on mode in ssl_tls.c 2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard 98d9a2c061 Fix missing or wrong ciphersuite definitions 2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard 6fb0f745be Rank GCM before CBC in ciphersuite_preference 2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard 8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard e0dca4ad78 Cipher layer: check iv_len more carefully 2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard dae7093875 gcm_selftest depends on AES 2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard 87181d1deb Add Camellia-GCM to th cipher layer 2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard 13e0d449f7 Add Camellia-GCM test vectors
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard 9fcceac943 Add a comment about modules coupling 2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard b21c81fb41 Use less memory in fix_negative() 2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard cae6f3ed45 Reorganize code in ecp.c 2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard 5779cbe582 Make mod_p{224,256,384] a bit faster
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard c04c530a98 Make NIST curves optimisation an option 2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard 0f9149cb0a Add mod_p384 2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard ec655c908c Add mod_p256 2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard 210b458ddc Document and slightly reorganize mod_pXXX 2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard 2a08c0debc mod_p224 now working with 8-bit and 16-bit ints 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard a47e7058ea mod_p224 now endian-neutral 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard e783f06f73 Start working on mod_p224
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard cc67aee9c8 Make ecp_mod_p521 a bit faster 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard c9e387ca9e Optimize ecp_modp()
Makes it 22% faster, for a 5% gain on ecp_mul()
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard d1e7a45fdd Rework ecp_mod_p192()
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Paul Bakker 6888167e73 Forced cast to prevent MSVC compiler warning 2013-10-15 13:24:01 +02:00
Paul Bakker 5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker 376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker bbc1007c50 Convert SOCKET to int to prevent compiler warnings under MSVC.
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard 59b9fe28f0 Fix bug in psk_identity_hint parsing 2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard bac0e3b7d2 Dependency fixes 2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard 09258b9537 Refactor parse_server_key_exchange a bit 2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard 8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard ef0eb1ebd8 Add two missing RSA-PSK ciphersuites 2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard 0fae60bb71 Implement RSA-PSK key exchange 2013-10-14 19:34:48 +02:00
Paul Bakker be089b0483 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2013-10-14 15:51:50 +02:00
Paul Bakker b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard 057e0cf263 Fix ciphersuites dependencies on MD5 and SHA1 2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard 1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard 72fb62daa2 More *-PSK refactoring 2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard bd1ae24449 Factor PSK pms computation to ssl_tls.c 2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard b59d699a65 Fix bugs in ECDHE_PSK key exchange 2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard 225d6aa786 Add ECDHE_PSK ciphersuites 2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard 3ce3bbdc00 Add support for ECDHE_PSK key exchange 2013-10-11 18:16:35 +02:00
Paul Bakker b887f1119e Removed return from error_strerror() 2013-10-11 15:24:31 +02:00
Paul Bakker beccd9f226 Explicit void pointer cast for buggy MS compiler 2013-10-11 15:20:27 +02:00
Paul Bakker 5191e92ecc Added missing x509write_crt_set_version() 2013-10-11 10:54:28 +02:00
Paul Bakker b7c13123de threading_set_own() renamed to threading_set_alt() 2013-10-11 10:51:32 +02:00
Paul Bakker 4aa40d4f51 Better support for MSVC 2013-10-11 10:49:24 +02:00
Paul Bakker b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Paul Bakker 1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker d61cc3b246 Possible naming collision in dhm_context 2013-10-11 09:38:49 +02:00
Paul Bakker fcc172138c Fixed const-correctness issues 2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard ae102995a7 RSA blinding: lock for a smaller amount of time 2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard 4d89c7e184 RSA blinding: check highly unlikely cases 2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard 971f8b84bb Fix compile errors with RSA_NO_CRT 2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard 9654fb156f Fix missing MSVC define 2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard 0cd6f98c0f Don't special-case a = -3, not worth it 2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard b8012fca5f Adjust dependencies 2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard 48ac3db551 Add OIDs for brainpool curves 2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard 0ace4b3154 Use much less variables in ecp_double_jac_gen() 2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard 1c4aa24df1 Add brainpool support for ecp_mul() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard cd7458aafd Support brainpool curves in ecp_check_pubkey() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard a070ada6d4 Add brainpool curves to ecp_use_kown_dp() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard cec4a53c98 Add domain parameters for Brainpool curves 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard 8195c1a567 Add identifiers for Brainpool curves 2013-10-10 12:56:00 +02:00
Paul Bakker c9965dca27 RSA blinding threading support 2013-09-29 15:02:11 +02:00
Paul Bakker 1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker f4e7dc50ea entropy_func() threading support 2013-09-29 15:02:07 +02:00
Paul Bakker 1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker c55988406f SSL Cache threading support 2013-09-28 15:24:59 +02:00
Paul Bakker 2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Paul Bakker bf796acf07 Added implementation for memory_buffer_set_verify() 2013-09-28 11:08:44 +02:00
Paul Bakker caa3af47c0 Handle missing curve extension correctly in ssl_parse_client_hello() 2013-09-28 11:08:43 +02:00
Paul Bakker f18084a201 Ready for 1.3.0 release 2013-09-26 10:07:09 +02:00
Paul Bakker ca9c87ed2b Removed possible cache-timing difference for pad check 2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard cb99bdb27e Client: if no cert, send empty cert list 2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard 641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard 8372454615 Rework SNI to fix memory issues 2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard 482a2828e4 Offer both EC and RSA in certs.c, RSA first 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard 4618459fa1 Update EC certificates in certs.c 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard 705fcca409 Adapt support for SNI to recent changes 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard d09453c88c Check our ECDSA cert(s) against supported curves 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard f24b4a7316 Interface change in ECP info functions
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard f71e587c5e Fix memory leak in ssl cipher usage 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 834ea8587f Change internal structs for multi-cert support 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 164d894b9a Fix: session start time wasn't set server side 2013-09-23 23:00:50 +02:00
Paul Bakker 3cf63edc44 Typo in Windows error code in x509_crt.c 2013-09-23 15:10:16 +02:00
Paul Bakker c27c4e2efb Support faulty X509 v1 certificates with extensions
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard fe28646f72 Fix references to x509parse in config.h 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 1a483833b3 SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard 34ced2dffe Fix mis-sized buffer
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard 4fee79b885 Fix some more depend issues 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard 387a211fad Fix some dependencies in tests 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard 1032c1d3ec Fix some dependencies and warnings in small config 2013-09-19 10:49:00 +02:00
Paul Bakker 5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Paul Bakker 6db455e6e3 PSK callback added to SSL server 2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard ff29f9c825 Compute public key if absent when reading EC key 2013-09-18 16:13:02 +02:00
Manuel Pégourié-Gonnard da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard dace82f805 Refactor cipher information management 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard a310459f5c Fix a few things that broke with RSA compiled out 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 161ef968db Cache pre-computed points for ecp_mul()
Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a
preparation for fixed-point mult (a few prototypes changed in constness).
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard a79d123a55 Make ecp_supported_curves constant 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard 51451f8d26 Replace EC flag with ssl_ciphersuite_uses_ec() 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard 15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard c83e418149 Prepare for ECDH point blinding just in case 2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard c972770f78 Prepare ecp_group for future extensions 2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard 456d3b9b0b Make ECP error codes more specific 2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard 568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard 7038039f2e Dissociate TLS and internal EC curve identifiers
Allows to add new curves before they get a TLS number
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard a97c015f89 Rm useless/wrong DHM lenght test 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard 4cf0686d6d Remove spurious '+ 3' in ecdsa_write_signature() 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard dd0f57f186 Check key size in cipher_setkey() 2013-09-18 14:34:32 +02:00
Paul Bakker b6b0956631 Rm of memset instead of x509_crt_init() 2013-09-18 14:32:52 +02:00
Paul Bakker c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker 9556d3d650 Renamed x509_crt_write.c and x509_csr_write.c 2013-09-18 13:50:13 +02:00
Paul Bakker ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker 369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker 86d0c1949e Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker 5187656211 Renamed X509 / X509WRITE error codes to generic (non-cert-specific) 2013-09-17 14:36:05 +02:00
Paul Bakker 36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker e9e6ae338b Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug 2013-09-16 22:55:51 +02:00
Paul Bakker da7711594e Changed pk_parse_get_pubkey() to pk_parse_subpubkey() 2013-09-16 22:45:03 +02:00
Paul Bakker d1a983fe77 Removed x509parse key functions and moved them to compat-1.2.h 2013-09-16 22:26:53 +02:00
Paul Bakker 7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker 77e23fb0e0 Move *_pemify() function to PEM module 2013-09-15 20:03:26 +02:00
Paul Bakker 40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker 3e41fe8938 Remove printf when RSA selftest is skipped 2013-09-15 17:42:50 +02:00
Paul Bakker dce7fdcbc9 Fixed warnings in case POLARSSL_PEM_C is not defined 2013-09-15 17:15:26 +02:00
Paul Bakker 2292d1fad0 Fixed warnings in case POLARSSL_X509_PARSE_C is not defined 2013-09-15 17:06:49 +02:00
Paul Bakker 4606c7317b Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C 2013-09-15 17:04:23 +02:00
Paul Bakker c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker 1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard 92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard 989ed38de2 Make CBC an option, step 2: cipher layer 2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard f7dc378ead Make CBC an option, step 1: ssl ciphersuites 2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard b72b4edec1 Fix memory leak in DHM 2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard 4fe9200f47 Fix memory leak in GCM by adding gcm_free() 2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard 735b8fcb0b Fix blunder in 8a109f1 2013-09-13 12:57:23 +02:00
Paul Bakker 9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard bb323ffc7c Complete EC support in x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 53c642504e Use PK internally for x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 6de63e480d Add EC support to x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard 7f1f0926e4 Add test for x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard 0088c69fbf Complete x509write_csr support for EC key
No automated test yet (complicated by the fact that ECDSA signatures are not
deterministic), tested using cert_req (and openssl for verification).
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard edda9041fc Adapt asn1_write_algorithm_identifier() to params 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard 3837daec9e Add EC support to x509write_pubkey 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard e1f821a6eb Adapt x509write_pubkey interface to use PK
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 8053da4057 x509write_csr() now fully using PK internally 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard d4eb5b5196 Add references 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 27d87fa6c4 Fix many off-by-one errors 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 6dcf0bfcf4 Use x509write_pubkey_der() when applicable 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 5353a03eb9 x509write_csr using PK internally (WIP) 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 85dfe08b31 Merge duplicated else/#else branch 2013-09-12 11:57:00 +02:00
Paul Bakker 18f0341aed Typo in comments in ctr_drbg.c 2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard da7317ed00 Use asn1_free_named_data_list() when relevant 2013-09-10 15:52:52 +02:00
Paul Bakker c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker 36b7e1efe7 Merged GCM refactoring into development
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Paul Bakker 2a6a3a7e69 Better checking on cipher_info_from_values() 2013-09-10 14:29:28 +02:00
Paul Bakker a0558e0484 Check that the cipher GCM receives is a 128-bit-based cipher 2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard 8a109f106d Optimize RSA blinding by caching-updating values 2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard ea53a55c0f Refactor to prepare for RSA blinding optimisation 2013-09-10 13:55:35 +02:00
Paul Bakker 1c3853b953 oid_get_oid_by_*() now give back oid length as well 2013-09-10 11:43:44 +02:00
Paul Bakker 003dbad250 Fixed file descriptor leak in x509parse_crtpath() 2013-09-09 17:26:14 +02:00
Paul Bakker a5943858d8 x509_verify() now case insensitive for cn (RFC 6125 6.4) 2013-09-09 17:21:45 +02:00
Paul Bakker f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker d4bf870ff5 Allow spaces after the comma when converting X509 names 2013-09-09 13:59:11 +02:00
Paul Bakker 52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Paul Bakker 5f45e62afe Migrated from x509_req_name to asn1_named_data structure 2013-09-09 12:02:36 +02:00
Paul Bakker c547cc992e Added generic asn1_free_named_data_list() 2013-09-09 12:01:23 +02:00
Paul Bakker 59ba59fa30 Generalized x509_set_extension() behaviour to asn1_store_named_data() 2013-09-09 11:34:44 +02:00
Paul Bakker 43aff2aec4 Moved GCM to use cipher layer instead of AES directly 2013-09-09 00:10:27 +02:00
Paul Bakker f46b6955e3 Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode) 2013-09-09 00:08:26 +02:00
Paul Bakker 5e0efa7ef5 Added POLARSSL_MODE_ECB to the cipher layer 2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard 9f5a3c4a0a Fix possible memory error. 2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard bfb355c33b Fix memory leak on missed session reuse 2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard bc4b7f08ba Fix possible race in ssl_list_ciphersuites()
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
2013-09-08 20:07:48 +02:00
Paul Bakker 9c208aabc8 Use ASN1_UTC_TIME in some cases 2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard 032c34e206 Don't use DH blinding for ephemeral DH 2013-09-07 13:06:27 +02:00
Paul Bakker 15162a054a Writing of X509v3 extensions supported
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker 329def30c5 Added asn1_write_bool() 2013-09-06 16:34:38 +02:00
Paul Bakker 9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard d13a4099dd GCM ciphersuites using only cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard b8bd593741 Restrict cipher_update() for GCM 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard 226d5da1fc GCM ciphersuites partially using cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard 1af50a240b Cipher: test multiple cycles
GCM-cipher: just trust the user to call update_ad at the right time
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard ed8a02bfae Simplify DH blinding a bit 2013-09-04 17:18:28 +02:00
Paul Bakker 45125bc160 Changes to handle merged enhancements 2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard 143b5028a5 Implement DH blinding 2013-09-04 16:29:59 +02:00
Paul Bakker c049955b32 Merged new cipher layer enhancements 2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard 2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard ce4112538c Fix RC4 key length in cipher 2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard 83f3fc0d77 Add AES-192-GCM 2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard 43a4780b03 Ommit AEAD functions if GCM not defined 2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard 2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard a235b5b5bd Fix iv_len interface.
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard 9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard 07de4b1d08 Implement randomized coordinates in ecp_mul() 2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard c75c56fef7 Fix off-by-one error in ecdsa_write_signature()
Made some signature fail with 521-bit curve
2013-09-02 16:25:37 +02:00
Paul Bakker ea6ad3f6e5 ARC4 ciphersuites using only cipher layer 2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard e09d2f8261 Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker eb851f6cd5 Merged current cipher enhancements for ARC4 and AES-GCM 2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard 9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Paul Bakker cca5b81d18 All CBC ciphersuites via the cipher layer 2013-08-31 17:40:26 +02:00
Paul Bakker da02a7f45e AES_CBC ciphersuites now run purely via cipher layer 2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard 20d6a17af9 Make GCM tag check "constant-time" 2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard 07f8fa5a69 GCM in the cipher layer, step 1
- no support for additional data
- no support for tag
2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard b5e85885de Handle NULL as a stream cipher for more uniformity 2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard 37e230c022 Add arc4 support in the cipher layer 2013-08-30 17:11:28 +02:00
Paul Bakker f451bac000 Blinding RSA only active when f_rng is provided 2013-08-30 15:48:53 +02:00
Paul Bakker 48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker aab30c130c RSA blinding added for CRT operations 2013-08-30 11:03:09 +02:00
Paul Bakker 548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker 9659dae046 Some extra code defined out 2013-08-28 16:21:34 +02:00
Manuel Pégourié-Gonnard c852a68b96 More robust selection of ctx_enc size 2013-08-28 13:13:30 +02:00
Manuel Pégourié-Gonnard cffe4a65bd Move "constant" code outside a loop 2013-08-28 13:13:20 +02:00
Paul Bakker 577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard 57a8783364 Make more room for ciphersuites 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard db77175e99 Make ecdsa_verify() return value more explicit 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard 9cc6f5c61b Fix some hash debugging 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard 4bd1284f59 Fix ECDSA hash selection bug with TLS 1.0 and 1.1 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard 9c9812a299 Fix bug introduced in dbf69cf
(Was writing outside array bounds.)
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard df0142bd17 Fix some dependencies in tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard 2fb15f694c Un-rename ssl_set_own_cert_alt() 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard e511ffca50 Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard ee98f8e7a3 Add EC certificates in certs.c 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard f484282e96 Rm a few unneeded tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard d11eb7c789 Fix sig_alg extension on client.
Temporary solution on server.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard bfe32efb9b pk_{sign,verify}() now accept hash_len = 0 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard a20c58c6f1 Use convert functions for SSL_SIG_* and SSL_HASH_* 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard c40b4c3708 Add configuration item for the PK module 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 0d42049440 Merge code for RSA and ECDSA in SSL 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 070cc7fd21 Use the new PK RSA-alt interface 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 12c1ff0ecb Add RSA-alt to the PK layer 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard a2d3f22007 Add and use pk_encrypt(), pk_decrypt() 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 8df2769178 Introduce pk_sign() and use it in ssl 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 583b608401 Fix some return values 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 76c18a1a77 Add client support for ECDSA client auth 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard abae74c4a0 Add server support for ECDHE_ECDSA key exchange 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 09edda888e Check key type against selected key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard 20846b1a50 Add client support for ECDHE_ECDSA key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard efebb0a394 Refactor ssl_parse_server_key_exchange() a bit 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard 32ea60a127 Declare ECDSA key exchange and ciphersuites
Also fix bug in ssl_list_ciphersuites().

For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard 0b03200e96 Add server-side support for ECDSA client auth 2013-08-27 22:21:19 +02:00
Paul Bakker 0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker fb08fd2e23 Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available 2013-08-27 15:06:54 +02:00
Paul Bakker 9852d00de6 Moved asn1write funtions to use asn1_write_raw_buffer() 2013-08-26 17:56:37 +02:00
Paul Bakker 7accbced87 Doxygen documentation added to asn1write.h 2013-08-26 17:37:18 +02:00
Paul Bakker f3df61ad10 Generalized PEM writing in x509write module for RSA keys as well 2013-08-26 17:37:18 +02:00
Paul Bakker 135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker 624d03a3f7 Fixed length of key_usage bitstring to 7 bits 2013-08-26 17:37:18 +02:00
Paul Bakker 1c0e550e21 Added support for Netscape Certificate Types in CSR writing
Further generalization of extension adding / replacing in the CSR
structure
2013-08-26 17:37:18 +02:00
Paul Bakker e5eae76bf0 Generalized the x509write_csr_set_key_usage() function and key_usage
storage
2013-08-26 17:37:18 +02:00
Paul Bakker 6db915b5a9 Added asn1_write_raw_buffer() 2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard 0a20171d52 Fix compiler warning from gcc -Os 2013-08-26 14:31:43 +02:00
Manuel Pégourié-Gonnard 70f1768b9d Make two format strings literal
Fixes clang warning
2013-08-26 14:31:33 +02:00
Manuel Pégourié-Gonnard c6554aab3d Check length of session tickets we write 2013-08-26 14:26:33 +02:00
Manuel Pégourié-Gonnard 38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker fde4270186 Added support for writing key_usage extension 2013-08-25 14:47:27 +02:00
Paul Bakker 598e450538 Added asn1_write_bitstring() and asn1_write_octet_string() 2013-08-25 14:46:39 +02:00
Paul Bakker 0e06c0fdb4 Assigned error codes to the error defines 2013-08-25 11:21:30 +02:00
Paul Bakker 82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker 2130796658 Switched order of storing x509_req_names to match inputed order 2013-08-25 10:51:18 +02:00
Paul Bakker 8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard fff80f8879 PK: use NULL for unimplemented operations 2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard f73da02962 PK: change pk_verify arguments (md_info "optional") 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard ab46694558 Change pk_set_type to pk_init_ctx for consistency 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard ac4cd36297 PK rsa_verify: check signature length 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 15699380e5 Small PK cleanups
- better error codes
- rm now-useless include
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 3fb5c5ee1c PK: rename members for consistency CIPHER, MD
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 09162ddcaa PK: reuse some eckey functions for ecdsa
Also add some forgotten 'static' while at it.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard c6ac8870d5 Nicer interface between PK and debug.
Finally get rid of pk_context.type member, too.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard b3d9187cea PK: add nice interface functions
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 765db07dfb PK: use alloc and free function pointers 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 3053f5bcb4 Get rid of pk_wrap_rsa() 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard f8c948a674 Add name and get_size() members in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 835eb59c6a PK: fix support for ECKEY_DH 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard f18c3e0378 Add a PK can_do() method and simplify code 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard d73b3c13be PK: use wrappers and function pointers for verify 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard f499993cb2 Add ecdsa_from_keypair()
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard cc0a9d040d Fix const-correctness of rsa_*_verify() 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard f84b4d6498 Check sig_pk for signature verification 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard 96d5912088 Implement EC cert and crl verification 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard 211a64c79f Add eckey to ecdsa conversion in the PK layer 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard b4d69c41f8 Prepare for EC cert & crl validation 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard e09631b7c4 Create ecp_group_copy() and use it 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard 8eebd012b9 Add an ecdsa_genkey() function 2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard b694b4896c Add ecdsa_{read,write}_signature() 2013-08-20 20:04:16 +02:00
Paul Bakker 3a074a7996 Actually skip certificate if we do not understand hash type 2013-08-20 12:45:03 +02:00
Paul Bakker dc4baf11ab Removed errant printf in x509parse_self_test() 2013-08-20 12:44:33 +02:00
Paul Bakker 42c3ccf36e Fixed potential negative value misinterpretation in load_file() 2013-08-19 14:29:31 +02:00
Paul Bakker 75c1a6f97c Fixed potential heap buffer overflow on large hostname setting 2013-08-19 14:25:29 +02:00
Paul Bakker 694d3aeb47 Fixed potential heap buffer overflow on large file reading 2013-08-19 14:23:38 +02:00
Paul Bakker 5fd4917d97 Add missing ifdefs in ssl modules 2013-08-19 13:30:28 +02:00
Paul Bakker 04376b1419 Fixed memory leak in ssl_parse_server_key_exchange from missing
md_free_ctx()
2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard 298aae4524 Adapt core OID functions to embeded null bytes 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard c13c0d4524 Add a length check in rsa_get_pubkey() 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard 56a487a17f Minor ecdsa cleanups
- point_format is of no use
- d was init'ed and free'd twice
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard 686bfae244 Fix memory error in x509_get_attr_type_value 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard ba77bbf840 Fix memory error in asn1_get_alg() 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard 06dab806ce Fix memory error in asn1_get_bitstring_null()
When *len is 0, **p would be read, which is out of bounds.
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard 0b2726732e Fix ifdef conditions for EC-related extensions.
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard 5734b2d358 Actually use the point format selected for ECDH 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard 7b19c16b74 Handle suported_point_formats in ServerHello 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard 6b8846d929 Stop advertising support for compressed points
(We can only write them, not read them.)
2013-08-16 13:56:16 +02:00
Paul Bakker 1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker 05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker 606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Paul Bakker f0e39acb58 Fixed unitialized n when resuming a session 2013-08-15 11:40:48 +02:00
Paul Bakker a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard 56dc9e8bba Authenticate session tickets. 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 990c51a557 Encrypt session tickets 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 779e42982c Start adding ticket keys (only key_name for now) 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 306827e3bc Prepare ticket structure for securing 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 593058e35e Don't renew ticket when the current one is OK 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard c086cce3d3 Don't cache empty session ID nor resumed session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 7cd5924cec Rework NewSessionTicket handling in state machine
Fixes bug: NewSessionTicket was ommited in resumed sessions.
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 3ffa3db80b Fix server session ID handling with ticket 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 72882b2079 Relax limit on ClientHello size 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 609bc81a76 ssl_srv: read & write ticket, unsecure for now 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 94f6a79cde Auxiliary functions to (de)serialize ssl_session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 7a358b8580 ssl_srv: write & parse session ticket ext & msg 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 6377e41ef5 Complete client support for session tickets 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard a5cc6025e7 Parse NewSessionTicket message 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 60182ef989 ssl_cli: write & parse session ticket extension 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 75d440192c Introduce ticket field in session structure 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 5f280cc6cf Implement saving peer cert as part of session. 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 747180391d Add ssl_get_session() to save session on client 2013-08-14 14:08:03 +02:00
Paul Bakker 48e93c84b7 Made padding modes configurable from config.h 2013-08-14 14:02:48 +02:00
Paul Bakker 1a45d91cf2 Restructured cipher_set_padding_mode() to use switch statement 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard ebdc413f44 Add 'no padding' mode 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard 0e7d2c0f95 Add zero padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard 8d4291b52a Add zeros-and-length (ANSI X.923) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard 679f9e90ad Add one-and-zeros (ISO/IEC 7816-4) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard b7d24bc7ca Fix bug in get_pkcs_padding(): cannot be 0-length 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard ac56a1aec4 Make cipher_set_padding() actually work
(Only one padding mode recognized yet.)
2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard d5fdcaf9e5 Add cipher_set_padding() (no effect yet)
Fix pattern in tests/.gitignore along the way.
2013-08-14 14:02:46 +02:00
Paul Bakker 0f2f0bfc87 CAMELLIA-based PSK and DHE-PSK ciphersuites added 2013-07-26 15:04:03 +02:00
Paul Bakker b548d773b3 Fixed memory leak in ecdh_compute_shared() in case of error 2013-07-26 14:22:19 +02:00
Paul Bakker cca998a4c5 Fixed memory leak in ecdsa_sign() / ecdsa_verify() in case of error 2013-07-26 14:22:16 +02:00
Paul Bakker 1e6a175362 Support for AIX header locations in net.c module 2013-07-26 14:10:22 +02:00
Paul Bakker 52cf16caeb Fixed multiple use of GCM-context bug due to split-up of GCM functions 2013-07-26 13:56:22 +02:00
Paul Bakker d9ca94a677 Updated merged pk.c and x509parse.c changes with new memory allocation functions 2013-07-25 11:25:09 +02:00
Paul Bakker 8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard 277f7f23e2 Implement hmac truncation 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard 57c2852807 Added truncated hmac negociation (without effect) 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard e048b67d0a Misc minor fixes
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard ed4af8b57c Move negotiated max fragment length to session
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard 581e6b6d6c Prepare migrating max fragment length to session
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard 6b4f237f6a Forbid setting max_frag_len > MAX_CONTENT_LEN 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard 30dc7ef3ad Reset max_fragment_length in ssl_session_reset() 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard 7bb7899121 Send max_fragment_length extension (server) 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard f11a6d78c7 Rework server extensions writing 2013-07-18 11:23:38 +02:00
Manuel Pégourié-Gonnard de600e571a Read max_fragment_length extension (client) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard a052849640 Send max_fragment_length extension (client) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard 48f8d0dbbd Read max_fragment_length extension (server) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard 787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard 8b46459ae5 Add ssl_set_max_frag_len() 2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard c2c90031ec Fix pk_set_type() behaviour for unkown type 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard 14d8564402 Fix overflow check in oid_get_numeric_string()
(The fix in 791eed3 was wrong.)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard fd5164e283 Fix some more ifdef's RSA/EC, in pk and debug 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard ab2d9836b4 Fix some ifdef's in x509parse
While at it:
- move _rsa variants systematically after generic functions
- unsplit x509parse_key_pkcs8_encrypted_der() (reverts a5d9974)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard 96f3a4e1b3 Rm ecp_keypair.alg
Avoid duplicating information already present in pk_context.
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard 8b863cd641 Merge EC & RSA versions of x509_parse_key() 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard 6e88202a95 Merge EC & RSA versions of parse_pkcs8_unencrypted 2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard a2d4e644ac Some more EC pubkey parsing refactoring
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard 1c808a011c Refactor some EC key parsing code 2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard 991d0f5aca Remove rsa member from x509_cert structure 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard ff56da3a26 Fix direct uses of x509_cert.rsa, now use pk_rsa() 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard 893879adbd Adapt debug_print_crt() for EC keys 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard 5b18fb04ca Fix bug in x509_get_{ecpubkey,subpubkey}()
- 'p' was not properly updated
- also add a few more checks while at it
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard 360a583029 Adapt x509parse_cert_info() for EC 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard 674b2243eb Prepare transition from x509_cert.rsa to pk 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard a155513e7b Rationalize use of x509_get_alg variants 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard 7a287c409e Rename x509_get_algid() to x509_get_pk_alg() 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard 7c5819eb1e Fix warnings (enum value missing from switch/case) 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard 1e60cd09b0 Expand oid_get_sig_alg() for ECDSA-based algs 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard 244569f4b1 Use generic x509_get_pubkey() for RSA functions 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard 4fa0476675 Use new x509_get_pubkey() in x509parse_public_key() 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard c296c5925e Introduce generic x509_get_pubkey() 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard 094ad9e512 Rename x509_get_pubkey to _rsa and split it up 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard f16ac763f6 Simplify length mismatch check in x509_get_pubkey 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard 20c12f6b5f Factor more code into x509_get_pubkey() 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard 788db112a5 Get rid of x509_cert.pkoid
Unused, comment did not match reality, and will soon be superseeded by the
'type' field of the pk_context which will replace rsa_context.
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard 374e4b87d4 pk_set_type() cannot be used to reset key type 2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard 0a64e8f1fd Rework algorithmIdentifier parsing 2013-07-17 15:59:39 +02:00
Paul Bakker f4a1427ae7 base64_decode() also forcefully returns on dst == NULL 2013-07-16 17:48:58 +02:00
Paul Bakker 61d113bb7b Init and free new contexts in the right place for SSL to prevent
memory leaks
2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard 7d4e5b739e Simplify password check in pem_read_buffer() 2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard 791eed3f33 Fix portability issue in oid_get_numeric_string() 2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard de44a4aecf Rename ecp_check_prvkey with a 'i' for consistency 2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard 81c313ccc6 Add #ifdef's on RSA and EC in PK 2013-07-09 10:49:09 +02:00
Manuel Pégourié-Gonnard 1f73a65c06 Fix ommission in pk_free(). 2013-07-09 10:42:13 +02:00
Manuel Pégourié-Gonnard 7a6c946446 Fix error code in pk.h 2013-07-09 10:37:27 +02:00
Manuel Pégourié-Gonnard 8838099330 Add x509parse_{,public}_key{,file}()
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard 12e0ed9115 Add pk_context and associated functions 2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard d4ec21dd47 Add a check for multiple curve specification 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard 80300ad0d9 Add checks for pk_alg.
Used to be implicitly done by oid_get_pk_alg().
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard 9c1cf459dd Implement x509parse_key_pkcs8_encrypted_der_ec() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard a5d9974423 Split up x509_parse_pkcs8_encrypted_der() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard 416fa8fde5 Implement x509parse_key_pkcs8_unencrypted_der_ec() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard f8648d51b1 Fix undocumented feature of pem_read_buffer()
Used to work only for RSAPrivateKey content, now accepts ECPrivateKey too,
and may even work with similar enough structures when they appear.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard e366342233 Implement x509parse_key_sec1_der() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard 15e8b82724 Fill in x509parse_key_ec using stub function 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard 73c0cda346 Complete x509parse_public_key_ec()
Warning: due to a bug in oid_descriptor_from_buf(), keys associated to some
curves (secp224r1, secp384r1, secp521r1) are incorrectly rejected,
since their namedCurve OID contains a nul byte.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard f838eeda09 Add x509_get_ecparams() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard f0b30d0542 Add oid_get_ec_grp() and associated data 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard 5a9b82e234 Make oid_get_pk_alg handle EC algorithms 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard dffba8f63e Fix bug in oid_get_numeric_string()
Overflow check was done too early, causing many false positives.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard 444b42710a Optionally allow parameters in x509_get_tag() 2013-07-08 17:32:26 +02:00