Commit graph

1393 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 59a75d5b9d Basic parsing of certs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker 0f651c7422 Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-05-22 15:12:19 +02:00
Brian White 12895d15f8 Fix less-than-zero checks on unsigned numbers 2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard 82a5de7bf7 Enforce alignment even if buffer is not aligned 2014-05-22 13:52:49 +02:00
Manuel Pégourié-Gonnard fe671f4aeb Add markers around generated code in error.c 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard 8ff17c544c Add missing DEBUG_RET on cipher failures 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard 61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard 2e5ee32033 Implement CCM and CCM_8 ciphersuites 2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard 5efd772ef0 Small readability improvement 2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard 6768da9438 Register CCM ciphersuites (not implemented yet) 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 41936957b3 Add AES-CCM and CAMELLIA-CCM to the cipher layer 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard de7bb44004 Use cipher_auth_{en,de}crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 4562ffe2e6 Add cipher_auth_{en,de}crypt() 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 8764d271fa Use cipher_crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 3c1d150b3d Add cipher_crypt() 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard 0f6b66dba1 CCM operations allow input == output 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard aed6065793 CCM source cosmetics/tune-ups
- source a bit shorter
- generated code slightly smaller
- preserving performance
2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard ce77d55023 Implement ccm_auth_decrypt() 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard 002323340a Refactor to prepare for CCM decryption 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard 637eb3d31d Add ccm_encrypt_and_tag() 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard 9fe0d13e8d Add ccm_init/free() 2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker 5593f7caae Fix typo in debug_print_msg() 2014-05-06 10:29:28 +02:00
Paul Bakker da13016d84 Prepped for 1.3.7 release 2014-05-01 14:27:19 +02:00
Paul Bakker c37b0ac4b2 Fix typo in bignum.c 2014-05-01 14:19:23 +02:00
Paul Bakker b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker 9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Paul Bakker c3f89aa26c Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result) 2014-05-01 10:56:03 +02:00
Paul Bakker 9bb04b6389 Removed redundant code in mpi_fill_random() 2014-05-01 09:47:02 +02:00
Paul Bakker 2ca1dc8958 Updated error.c and version_features.c based on changes 2014-05-01 09:46:38 +02:00
Markus Pfeiffer a26a005acf Make compilation on DragonFly work 2014-04-30 16:52:28 +02:00
Paul Bakker 2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard c16f4e1f78 Move RC4 ciphersuites down the list 2014-04-30 16:27:06 +02:00
Paul Bakker 8eab8d368b Merge more portable AES-NI 2014-04-30 16:21:08 +02:00
Paul Bakker 33dc46b080 Fix bug with mpi_fill_random() on big-endian 2014-04-30 16:20:39 +02:00
Paul Bakker f96f7b607a On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-04-30 16:02:38 +02:00
Paul Bakker 6384440b13 Better support for the different Attribute Types from IETF PKIX (RFC 5280) 2014-04-30 15:34:12 +02:00
Paul Bakker 1a1fbba1ae Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-04-30 14:48:51 +02:00
Paul Bakker 24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Paul Bakker 0f90d7d2b5 version_check_feature() added to check for compile-time options at run-time 2014-04-30 11:49:44 +02:00
Paul Bakker a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard 3d41370645 Fix hash dependencies in X.509 tests 2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard 3a306b9067 Fix misplaced #endif in ssl_tls.c 2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard b1fd397be6 Adapt AES-NI code to "old" binutil versions 2014-04-26 17:17:31 +02:00
Paul Bakker c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker 92478c37a6 Debug module only outputs full lines instead of parts 2014-04-25 16:58:15 +02:00
Paul Bakker eaebbd5eaa debug_set_log_mode() added to determine raw or full logging 2014-04-25 16:58:14 +02:00
Paul Bakker 61885c7f7f Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00