Commit graph

195 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard 0928640095 Update generated files 2015-02-13 15:18:33 +00:00
Rich Evans 00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard 2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard 860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard 607d663b41 Add debug info for cert/suite selection 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard e94e6e5b9c Fix stdio (non-)inclusion issues. 2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard df6411d8d8 Merge branch 'development' into dtls
* development:
  Fix website url to use https.
  Remove maintainer line.
  Remove redundant "all rights reserved"
2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard 085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard 9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard 19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard 967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard 3a173f497b Merge branch 'development' into dtls
* development:
  Fix error code description.
  generate_errors.pl now errors on duplicate codes
  Avoid nested if's without braces.
  Move renego SCSV after actual ciphersuites
  Fix send_close_notify usage.
  Rename variable for clarity
  Improve script portability

Conflicts:
	library/ssl_srv.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard 11c919208d Fix error code description. 2015-01-22 13:22:12 +00:00
Manuel Pégourié-Gonnard bfccdd3c92 Merge commit '36adc36' into dtls
* commit '36adc36':
  Add support for getrandom()
  Use library default for trunc-hmac in ssl_client2
  Make truncated hmac a runtime option server-side
  Fix portability issue in script
  Specific error for suites in common but none good
  Prefer SHA-1 certificates for pre-1.2 clients
  Some more refactoring/tuning.
  Minor refactoring

Conflicts:
	include/polarssl/error.h
	include/polarssl/ssl.h
	library/error.c
2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard 9d9b003a9a Add net_recv_timeout() 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard 562eb787ec Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard 2c9ee81f6e Start adding srv support for hello verify request
Dummy fixed content for now.

Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard 6591962f06 Allow delay on renego on client
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard bee8ded03a Fix warning depending on configuration 2014-06-25 12:22:59 +02:00
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Manuel Pégourié-Gonnard fe671f4aeb Add markers around generated code in error.c 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker 2ca1dc8958 Updated error.c and version_features.c based on changes 2014-05-01 09:46:38 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard 2abed84225 Specific return code for PK sig length mismatch 2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard 35e95ddca4 Add special return code for ecdsa length mismatch 2014-04-09 15:49:59 +02:00
Paul Bakker 75342a65e4 Fixed typos in code 2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard 7afdb88216 Test and fix x509_oid functions 2014-04-04 16:34:30 +02:00
Paul Bakker 66ff70dd48 Support for seed file writing and reading in Entropy 2014-03-26 11:58:07 +01:00
Manuel Pégourié-Gonnard 9a6e93e7a4 Reserve -1 as an error code (used in programs) 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 83cdffc437 Forbid sequence number wrapping 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard cf38367f45 Fix HMAC_DRBG and RIPEMD160 error codes 2014-02-01 10:24:53 +01:00
Paul Bakker a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker 6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard a8a25ae1b9 Fix bad error codes 2013-10-27 13:48:15 +01:00
Paul Bakker b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Paul Bakker b887f1119e Removed return from error_strerror() 2013-10-11 15:24:31 +02:00
Paul Bakker 2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Manuel Pégourié-Gonnard 4fee79b885 Fix some more depend issues 2013-09-20 10:58:59 +02:00
Paul Bakker 6db455e6e3 PSK callback added to SSL server 2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard 456d3b9b0b Make ECP error codes more specific 2013-09-18 14:35:53 +02:00
Paul Bakker 5187656211 Renamed X509 / X509WRITE error codes to generic (non-cert-specific) 2013-09-17 14:36:05 +02:00
Paul Bakker 36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker 40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker 1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Paul Bakker 0e06c0fdb4 Assigned error codes to the error defines 2013-08-25 11:21:30 +02:00
Manuel Pégourié-Gonnard 15699380e5 Small PK cleanups
- better error codes
- rm now-useless include
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard b3d9187cea PK: add nice interface functions
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Paul Bakker 606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Manuel Pégourié-Gonnard a5cc6025e7 Parse NewSessionTicket message 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 374e4b87d4 pk_set_type() cannot be used to reset key type 2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard 7a6c946446 Fix error code in pk.h 2013-07-09 10:37:27 +02:00
Paul Bakker d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker 9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker fd3eac5786 Cleaned up ECP error codes 2013-06-29 23:31:33 +02:00
Paul Bakker e2ab84f4a1 Renamed error_strerror() to the less conflicting polarssl_strerror()
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker 38b50d73a1 Moved PKCS#12 PBE functions to cipher / md layer where possible
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).

In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2)
2013-06-25 15:06:53 +02:00
Paul Bakker 28144decef PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker b0c19a4b3d PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module.
(cherry picked from commit 19bd297dc8)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker f1f21fe825 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a8)

Conflicts:
	scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker 00b2860e8d pem_read_buffer() already update use_len after header and footer are read
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e)
2013-06-24 19:09:25 +02:00
Paul Bakker 3c2122ff9d Fixed const correctness issues that have no impact on the ABI
(cherry picked from commit eae09db9e5)

Conflicts:
	library/gcm.c
2013-06-24 19:09:24 +02:00
Paul Bakker 73a899a9eb Changed error code message to also cover missing pre-shared key 2013-04-18 23:12:34 +02:00
Paul Bakker c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker 41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker 00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker 8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker cf4365f560 Updated error codes for ECP 2013-01-16 17:00:43 +01:00
Paul Bakker 9a73632fd9 - Merged changesets 1399 up to and including 1415 into 1.2 branch 2012-11-14 12:39:52 +00:00
Paul Bakker 1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker d14277d7de - Added PBKDF2 error code 2012-09-26 15:19:05 +00:00
Paul Bakker 83f00bba9c - Updated strerror codes for SSL Compression and Blowfish 2012-07-04 11:08:50 +00:00
Paul Bakker 3aac1daf1d - Added exception error parsing when FATAL ssl message is received 2012-05-08 13:12:27 +00:00
Paul Bakker 05ef835b6a - Added support for Hardware Acceleration hooking in SSL/TLS 2012-05-08 09:17:57 +00:00
Paul Bakker d8ef167833 - Updated for latest GCM error 2012-04-18 14:17:32 +00:00
Paul Bakker 030277ab1e - Updated error.c to include GCM errors 2012-04-17 12:24:26 +00:00
Paul Bakker bdb912db69 - Added preliminary ASN.1 buffer writing support
- Added preliminary X509 Certificate Request writing support
 - Added key_app_writer example application
 - Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker 8913f82c26 - Fixed compiler warning for unreferenced ret in md_file() when POLARSSL_FS_IO not declared 2012-01-14 18:07:41 +00:00
Paul Bakker 43655f46b0 - Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES) 2011-12-15 20:11:16 +00:00
Paul Bakker 69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker 6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker 6083fd252d - Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources 2011-12-03 21:45:14 +00:00
Paul Bakker 880ac7eb95 - Added handling for CTR_DRBG module 2011-11-27 14:50:49 +00:00
Paul Bakker dceecd80f7 - Adapted error generation to include ASN.1 changes and have Windows snprintf macro 2011-11-15 16:38:34 +00:00
Paul Bakker 9db7742adb - Fixed error file after changed codes 2011-07-13 11:47:32 +00:00
Paul Bakker 9c021adeff - Added regular error codes for generic message digest layer 2011-06-09 15:55:11 +00:00
Paul Bakker ff61a78a27 - Added and updated cipher error codes and documentation 2011-06-09 15:42:02 +00:00
Paul Bakker 831a755d9e - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker 9d781407bc - A error_strerror function() has been added to translate between error codes and their description.
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00