yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 07:21:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
3019 commits 88 branches 205 tags 69 MiB
Commit graph

1719 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard fdddac90a6 Fix stupid bug in rsa_copy() 2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard f84f799bcf Tune debug_print_ret format 2014-03-26 12:58:46 +01:00
Paul Bakker b13d3ffb80 Provide no info from entropy_func() on future entropy 2014-03-26 12:51:25 +01:00
Paul Bakker 66ff70dd48 Support for seed file writing and reading in Entropy 2014-03-26 11:58:07 +01:00
Paul Bakker 3f0be61a27 Merged support for parsing EC keys that use SpecifiedECDomain 2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard 9592485d0c Fix some MSVC12 conversion warnings 2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard 3b6269aa08 Fix warnings on MinGW 2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard 6fac3515d0 Make support for SpecifiedECDomain optional 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard 5246ee5c59 Work around compressed EC public key in some cases 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard eab20d2a9c Implement parsing SpecifiedECParameters 2014-03-19 15:51:12 +01:00
Paul Bakker 6c1f69b879 MinGW32 static build should link to windows libs and libz 2014-03-17 15:11:13 +01:00
Paul Bakker 3d6504a935 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard 2eea29238c Make the compiler work-around more specific 2014-03-14 18:23:26 +01:00
Paul Bakker a4b0343edf Merged massive SSL Testing improvements 2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard bb8661e006 Work around a compiler bug on OS X. 2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard d701c9aec9 Fix memory leak in server with expired tickets 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 84c30c7e83 Fix memory leak in ssl_cache 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 145dfcbfc2 Fix bug with NewSessionTicket and non-blocking I/O 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 96ea2f2557 Add tests for SNI 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 8520dac292 Add tests for auth_mode 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard da6b4d3e8c Change RSA embedded cert to a localhost cert 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard dfbf9c711d Fix bug in m_sleep() 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 274a12e17c Fix bug with ssl_cache and max_entries=0 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard f7c52014ec Add basic tests for session resumption 2014-03-14 08:41:00 +01:00
hasufell 3c6409b066 CMake: allow to build both shared and static at once 
This allows for more fine-grained control. Possible combinations:
  * static off, shared on
  * static on, shared off
  * static on, shared on

The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.

Default is: only build static lib.
 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 9a6e93e7a4 Reserve -1 as an error code (used in programs) 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 844a4c0aef Fix RSASSA-PSS example programs 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 83cdffc437 Forbid sequence number wrapping 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 3c599f11b0 Avoid possible segfault on bad server ciphersuite 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 9533765b25 Reject certs and CRLs from the future 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 6304f786e0 Add x509_time_future() 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 29dcc0b93c Fix depend issues in test suites for cipher modes 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 1ec220b002 Add missing #ifdefs in aes.h 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 648656a628 Fix error code in dhm_selftest() 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 796c6f3aff Countermeasure against "triple handshake" attack 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard fdf3f0e671 Avoid "unreachable code" warning 2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard 2a2ae642d8 Fix forgotten curves in #ifdef 2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard 6b1e207081 Fix verion-major intolerance 2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard c9093085ed Revert "Merged RSA-PSS support in Certificate, CSR and CRL" 
This reverts commit ab50d8d30c, reversing
changes made to e31b1d992a.
 2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard 6df09578bb Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic" 
This reverts commit 9eae7aae80.
 2014-02-12 09:29:05 +01:00
Paul Bakker f2561b3f69 Ability to provide alternate timing implementation 2014-02-06 15:32:26 +01:00
Paul Bakker 47703a0a80 More entropy functions made thread-safe (add_source, update_manual, gather) 2014-02-06 15:01:20 +01:00
Paul Bakker 9eae7aae80 Mutex call in x509_crt.c depended on PTHREAD specific instead of generic 
threading
 2014-02-06 14:51:53 +01:00
Paul Bakker 6a28e722c9 Merged platform compatibility layer 2014-02-06 13:44:19 +01:00
Paul Bakker 0910f32ee3 Fixed compile warning (in test-ref-configs) 2014-02-06 13:41:18 +01:00
Paul Bakker 119602bdde Typo fix in memory_buffer_alloc.c 2014-02-06 13:20:19 +01:00
Paul Bakker defc0ca337 Migrated the Memory layer to the Platform layer 
Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make
sure current code will not break on new version.
 2014-02-06 13:20:17 +01:00
Paul Bakker 7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Paul Bakker 747a83a0f7 Platform abstraction layer for memory, printf and fprintf 2014-02-06 13:15:25 +01:00
Paul Bakker ab50d8d30c Merged RSA-PSS support in Certificate, CSR and CRL 2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard f07031aa98 debug_ecp: don't print Z, always 1 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard f6dc5e1d16 Remove temporary debug code 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard c3f6b62ccc Print curve name instead of size in debugging 
Also refactor server-side curve selection
 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard ab24010b54 Enforce our choice of allowed curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 7f38ed0bfa ssl_set_curves is no longer ECDHE only 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard cd49f76898 Make ssl_set_curves() work client-side too. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard ac7194133e Renamings and other fixes 2014-02-06 10:28:38 +01:00
Gergely Budai e40c469ad3 The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[]. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard de05390c85 Rename ecdh_curve_list to curve_list 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 5de2580563 Make ssl_set_ecdh_curves() a compile-time option 2014-02-06 10:28:38 +01:00
Gergely Budai 987bfb510b Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard fbf0915404 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-02-05 17:01:24 +01:00
Paul Bakker 5fb8efe71e Merged HMAC-DRBG code 2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard 6e8e34d61e Fix ecp_gen_keypair() 
Too few tries caused failures for some curves (esp. secp224k1)
 2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard b05db2a6aa Save memory by not storing the HMAC key 2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard cf38367f45 Fix HMAC_DRBG and RIPEMD160 error codes 2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard 446ee6618f Add LCOV_EXCLUDE_LINE on some IO errors 2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard b3b205e081 Clean up details in ctr_drbg_selftest() 2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard 79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard 48bc3e81da Add hmac_drbg_{write,update}_seed_file() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard efc8d8078b Use safer names for macros 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 6e897c2a59 Add more checks and references 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard d742a032f4 Use md_hmac_reset() when possible 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 658dbed080 Add automatic periodic reseeding 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard af786ff6cc Add hmac_drbg_set_prediction_resistance() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 8fc484d1df Add hmac_drbg_reseed() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard 4e669c614d Add hmac_drbg_set_entropy_len() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard fe34a5fb83 Add entropy callbacks to HMAC_DRBG 2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard 8208d167da Add hmac_random_with_add() 2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard 7845fc06c9 Use new HMAC_DRBG module for deterministic ECDSA 2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard 490bdf3928 Add minimalistic HMAC_DRBG implementation 
(copied from ECDSA)
 2014-01-30 10:58:48 +01:00
Paul Bakker 2aca241425 Ready for release 1.3.4 2014-01-27 11:59:30 +01:00
Paul Bakker 42099c3155 Revert "Add pk_rsa_set_padding() and rsa_set_padding()" 
This reverts commit b4fae579e8.

Conflicts:
	library/pk.c
	tests/suites/test_suite_pk.data
	tests/suites/test_suite_pk.function
 2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard 27b93ade6e Factor common code for printing sig_alg 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 5cac583482 Factor out some common code 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 41cae8e1f9 Parse CSRs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 5eeb32b552 Parse CRLs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard ce7c6fd433 Fix dependencies 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard b7de86d834 More checks for length match in rsassa-pss params 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard 3c1e8b539c Finish parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard d9fd87be33 Start parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard b1d4eb16e4 Basic parsing of certs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Paul Bakker 556efba51c Added AES CFB8 mode 2014-01-24 15:38:12 +01:00
Paul Bakker 80025417eb net_is_block() renamed to net_would_block() and corrected behaviour on 
non-blocking sockets

net_would_block() now does not return 1 if the socket is blocking.
 2014-01-23 21:00:57 +01:00
Paul Bakker c2024f4592 Added MPI_CHK around unguarded mpi calls 2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard 8e205fc0bc Fix potential buffer overflow in suported_curves_ext 2014-01-23 17:27:10 +01:00
Paul Bakker 9f3c7d7278 Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det() 2014-01-23 16:11:14 +01:00
Paul Bakker 18e9f3282b Added missing static to md_info_by_size() in ecdsa.c 2014-01-23 16:08:38 +01:00
Paul Bakker bf98c3dd11 Merged deterministic ECDSA 
Conflicts:
	library/ecdsa.c
 2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard dfab4c1193 Add forgotten #ifdef and depends_on 2014-01-22 16:01:06 +01:00
Paul Bakker 5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker 61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Paul Bakker 0ac99ca7bc Merged support for secp224k1, secp192k1 and secp25k1 2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard b4fae579e8 Add pk_rsa_set_padding() and rsa_set_padding() 2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard 7c59363a85 Remove a few dead stores 2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard 9e987edf9f Fix potential memory leak in bignum selftest 2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard fd6a191381 Fix misplaced initialisation. 
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
 2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard 073f0fa2fb Fix missing error checking in gcm 2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard 280f95bd00 Add #ifs arround ssl_ciphersuite_uses_XXX() 2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard 7cfdcb8c7f Add a length check in ssl_derive_keys() 2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard 9af7d3a35b Add fast reduction for the other Koblitz curves 2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard 8887d8d37c Add mod_p256k1 
Makes secp256k1 about 4x faster
 2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard ea499a7321 Add support for secp192k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 0a56c2c698 Fix bug in ecdh_calc_secret() 
Only affects curves with nbits != pbits (currently only secp224k1)
 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 5304812b2d Fix theoretical compliance issue in ECDSA 
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard 18e3ec9b4d Add support for secp224k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard e4d47a655b Add RIPEMD-160 to the generic MD layer 2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard ff40c3ac34 Add HMAC support to RIPEMD-160 2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard cab4a8807c Add RIPEMD-160 (core functions) 2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard 9bcff3905b Add OIDs and TLS IDs for prime Koblitz curves 2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard f51c8fc353 Add support for secp256k1 arithmetic 2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard 65ad3e4daf Use deterministic ECDSA in the PK layer 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard 5e6edcfd96 Add fallback for md_alg == NONE to ecdsa_sign_det() 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard 937340bce0 Add ecdsa_write_signature_det() 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard f42bca6da0 Little HMAC_DRBG refactoring 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard 4daaef7e27 Add ecdsa_sign_det() with test vectors 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard 461d416892 Add minified HMAC_DRBG for deterministic ECDSA 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard e7072f8d11 Fix theoretical compliance issue in ECDSA 
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard c9573998ca Fix unchecked error codes in ecp_gen_keypair() 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard 79f73b96d9 Remove bias in EC private key generation 2014-01-06 10:19:35 +01:00
Paul Bakker c78c8422c2 Added failure stub for uninitialized POLARSSL_THREADING_ALT functions 2013-12-31 11:55:27 +01:00
Paul Bakker a8fd3e31ed Removed POLARSSL_THREADING_DUMMY option 2013-12-31 11:54:08 +01:00
Paul Bakker 4de44aa0ae Rewrote check to prevent read of uninitialized data in 
rsa_rsassa_pss_verify()
 2013-12-31 11:43:01 +01:00
Paul Bakker 6992eb762c Fixed potential overflow in certificate size in ssl_write_certificate() 2013-12-31 11:38:33 +01:00
Paul Bakker 6ea1a95ce8 Added missing MPI_CHK() around some statements 2013-12-31 11:17:14 +01:00
Paul Bakker 5bc07a3d30 Prepped for 1.3.3 2013-12-31 10:57:44 +01:00
Paul Bakker 00f5c52bfe Added cast to socket() return value to prevent Windows warning 2013-12-31 10:45:16 +01:00
Paul Bakker c73879139e Merged ECP memory usage optimizations 2013-12-31 10:33:47 +01:00
Paul Bakker 53e1513fea Initialize ebx and edx in padlock functions 2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard 26bc1c0f5d Fix a few unchecked return codes in EC 2013-12-30 19:33:33 +01:00
Paul Bakker 93759b048f Made AES-NI bit-size specific key expansion functions static 2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard 9e4191c3e7 Add another option to reduce EC memory usage 
Also document speed/memory trade-offs better.
 2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard 70896a023e Add statistics about number of allocated blocks 2013-12-30 19:16:05 +01:00
Paul Bakker ec4bea7eee Forced cast to unsigned int for %u format in ecp_selftest() 2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard 1f789b8348 Lessen peak memory usage in EC by freeing earlier 
Cuts peak usage by 25% :)
 2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard 72c172a13d Save some small memory allocations inside ecp_mul() 2013-12-30 16:04:55 +01:00
Paul Bakker f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker 92bcadb110 Removed 'z' length modifier from low-value size_t in ecp_selftest() 2013-12-30 15:37:17 +01:00
Paul Bakker e7f5133590 Fixed superfluous return value in aesni.c 2013-12-30 15:32:02 +01:00
Paul Bakker 0d0de92156 Only specify done label in aes.c when AES-NI is possible 2013-12-30 15:29:04 +01:00
Paul Bakker 956c9e063d Reduced the input / output overhead with 200+ bytes and covered corner 
case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
 2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard d4588cfb6a aesni_gcm_mult() now returns void 2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard bfa3c9a85f Remove temporary code 2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard 23c2f6fee5 Add AES-NI key expansion for 192 bits 2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard 4a5b995c26 Add AES-NI key expansion for 256 bits 2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard 47a3536a31 Add AES-NI key expansion for 128 bits 2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard 01e31bbffb Add support for key inversion using AES-NI 2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard 80637c7520 Use aesni_gcm_mult() if available 2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard d333f67f8c Add aesni_gcm_mult() 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 9d57482280 Add comments on GCM multiplication 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 8eaf20b18d Allow detection of CLMUL 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard 5b685653ef Add aesni_crypt_ecb() and use it 2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard 92ac76f9db Add files for (upcoming) AES-NI support 2013-12-25 13:03:26 +01:00
Paul Bakker 1e5369c7fa Variables in proper block or within proper defines in ssl_decrypt_buf() 2013-12-19 16:40:57 +01:00
Paul Bakker 0c0476f92d Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED 2013-12-19 16:20:53 +01:00
Paul Bakker 1a56fc96a3 Fixed x509_crt_parse_path() bug on Windows platforms 2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard 1321135758 Fix MingW version issue 2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard ee5db1d6b9 Fix typo in previous commit 2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard 6a398d4234 Add missing header for windows 2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard 173402bb61 net_prepare() returns int 2013-12-17 15:57:05 +01:00
Paul Bakker 5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard fd6b4cc1db Add forgotten SO_REUSEADDR option 2013-12-17 13:59:01 +01:00
Paul Bakker 5ab68ba679 Merged storing curves fully in ROM 2013-12-17 13:11:18 +01:00
Paul Bakker fdf946928d Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites 2013-12-17 13:10:27 +01:00
Paul Bakker 77e257e958 Fixed bad check for maximum size of fragment length index 2013-12-17 13:09:12 +01:00
Paul Bakker 6c21276342 Place olen initalization after reference check in cipher_update() 2013-12-17 13:09:12 +01:00
Paul Bakker 6f0636a09f Potential memory leak in ssl_ticket_keys_init() 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard 6e315a9009 Adapt net_accept() to IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 389ce63735 Add IPv6 support to net_bind() 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 10934de1ca Adapt net_connect() for IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 2e5c3163db Factor our some code in net.c 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard 5538970d32 Add server support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard d18cc57962 Add client-side support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard cdff3cfda3 Add ecdh_get_params() to import from an EC key 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard 25781b22e3 Add ECDH_RSA and ECDH_ECDSA ciphersuites 
(not implemented yet)
 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard 69ab354239 Fix bug from stupid typo 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 14a96c5d8b Avoid wasting memory with some curves 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 95b45b7bb2 Rename macros 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard baee5d4157 Add previously forgotten #ifdef's 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 81e1b102dc Rm a few unneeded variables 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 1f82b041e7 Adapt ecp_group_free() to static constants 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 73cc01d7fa Remove last non-static parts of known EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard 731d08b406 Start using constants from ROM for EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard c72ac7c3ef Fix SSLv3 handling of SHA-384 suites 
Fixes memory corruption, introduced in
a5bdfcd (Relax some SHA2 ciphersuite's version requirements)
 2013-12-17 10:18:25 +01:00
Paul Bakker fef3c5a652 Fixed typo in POLARSSL_PKCS1_V15 in rsa.c 2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard 93f41dbdfd Fix possible issue in corner-case for ecp_mul_mx() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 7a949d3f5b Update comments 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard d962273594 Add #ifdef's for curve types 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 7c94d8bcab WIP #ifdef's 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard b6f45a616c Avoid potential leak in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard a60fe8943d Add mpi_safe_cond_swap() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 97871ef236 Some operations are not supported with Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 3d7053a2bb Add ecp_mod_p255(): Curve25519 about 4x faster now 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 357ff65a51 Details in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard fe0af405f9 Adapt ecp_gen_keypair() to Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard a0179b8c4a Change ecp_mul to handle Curve25519 too 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 312d2e8ea2 Adapt key checking functions for Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard 661536677b Add Curve25519 to known groups 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard 3afa07f05b Add coordinate randomization for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard d9ea82e7d9 Add basic arithmetic for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard 3c0b4ea97e Rename a few functions 2013-12-05 15:58:37 +01:00
Paul Bakker 498fd354c6 Added missing inline definition for other platforms to ecp_curves.c 2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard d5e0fbe1a3 Remove now useless function 2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard 3ee90003c9 Make internal functions static again + cosmetics 2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard 9854fe986b Convert curve constants to binary 
Makes source longer but resulting binary smaller
 2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard 32b04c1237 Split ecp.c 2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard 43863eeffc Declare internal variables static in ecp.c 2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard d35e191434 Drop useless include in ecp.c 2013-12-02 16:34:24 +01:00
Paul Bakker 9dc53a9967 Merged client ciphersuite order preference option 2013-12-02 14:56:27 +01:00
Paul Bakker 014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Paul Bakker 4040d7e95c Merged more constant-time checking in RSA 2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard 1a9f2c7245 Add option to respect client ciphersuite order 2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard 011a8db2e7 Complete refactoring of ciphersuite choosing 2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard 3252560e68 Move some functions up 2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard 59b81d73b4 Refactor ciphersuite selection for version > 2 2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard 0267e3dc9b Add ecp_curve_info_from_name() 2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard 104ee1d1f6 Add ecp_genkey(), prettier wrapper 2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard 27290daf3b Check PKCS 1.5 padding in a more constant-time way 
(Avoid branches that depend on secret data.)
 2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard ab44d7ecc3 Check OAEP padding in a more constant-time way 2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard a5cfc35db2 RSA-OAEP decrypt: reorganise code 2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard 5ad68e42e5 Mutex x509_crt_parse_path() when pthreads is used 2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard 964bf9b92f Quit using readdir_r() 
Prone to buffer overflows on some platforms.
 2013-11-28 18:07:39 +01:00
Paul Bakker 76f03118c4 Only compile with -Wmissing-declarations and -Wmissing-prototypes in 
library, not tests and programs
 2013-11-28 17:20:04 +01:00
Paul Bakker 88cd22646c Merged ciphersuite version improvements 2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard da1ff38715 Don't accept CertificateRequest with PSK suites 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard dc953e8c41 Add missing defines/cases for RSA_PSK key exchange 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard c57b654a3e Use t_uint rather than uintXX_t when appropriate 2013-11-26 15:19:56 +01:00
Paul Bakker 3209ce3692 Merged ECP improvements 2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard 20b9af7998 Fix min_version (TLS 1.0) for ECDHE-PSK suites 2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard a5bdfcde53 Relax some SHA2 ciphersuite's version requirements 
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)

Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
 2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard 96c7a92b08 Change mpi_safe_cond_assign() for more const-ness 2013-11-25 18:28:53 +01:00
Paul Bakker e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker 45f457d872 Reverted API change for mpi_is_prime() 2013-11-25 14:26:52 +01:00
Paul Bakker 8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard ddf7615d49 gen_prime: check small primes early (3x speed-up) 2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard 378fb4b70a Split mpi_is_prime() and make its first arg const 2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard 0160eacc82 gen_prime: ensure X = 2 mod 3 -> 2.5x speedup 2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard 711507a726 gen_prime: ensure X = 3 mod 4 always (2x speed-up) 2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard 3e3d2b818c Fix bug in mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 918148193d Enhance ecp_selftest 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard d728350cee Make memory access pattern constant 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard aade42fd88 Change method for making M odd in ecp_mul() 
- faster
- avoids M >= N (if m = N-1 or N-2)
 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 36daa13d76 Misc details 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 469a209334 Rm subtraction from ecp_add_mixed() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 01fca5e882 Do point inversion without leaking information 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 71c2c21601 Add mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 44aab79022 Update bibliographic references 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 7f762319ad Use mpi_shrink() in ecp_precompute() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 5868163e07 Add mpi_shrink() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard e282012219 Spare some memory 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard edc1a1f482 Small code cleanups 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard ff27b7c968 Tighten ecp_mul() validity checks 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 09ceaf49d0 Rm multiplication using NAF 
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard 04a0225388 Optimize w in the comb method 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard 70c14372c6 Add coordinate randomization back 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard c30200e4ce Fix bound issues 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard 101a39f55f Improve comb method (less precomputed points) 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard d1c1ba90ca First version of ecp_mul_comb() 2013-11-21 21:56:20 +01:00
Paul Bakker a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters) 
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
 2013-11-21 17:30:23 +01:00
Steffan Karger c245834bc4 Link against ZLIB when zlib is used 
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
 2013-11-20 16:45:48 +01:00
Steffan Karger 28d81a009c Fix pkcs11.c to conform to PolarSSL 1.3 API. 
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
 2013-11-20 16:13:27 +01:00
Paul Bakker 08b028ff0f Prevent unlikely NULL dereference 2013-11-19 10:42:37 +01:00
Paul Bakker b076314ff8 Makefile now produces a .so.X with SOVERSION in it 2013-11-05 11:27:12 +01:00
Paul Bakker f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker 0333b978fa Handshake key_cert should be set on first addition to the key_cert chain 2013-11-04 17:08:28 +01:00
Paul Bakker 993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Paul Bakker 37ce0ff185 Added defines around renegotiation code for SSL_SRV and SSL_CLI 2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard 31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard 6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard 9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard 214eed38c7 Make ssl_renegotiate the only interface 
ssl_write_hello_request() is no private
 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard caed0541a0 Allow ssl_renegotiate() to be called in a loop 
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard e5e1bb972c Fix misplaced initialisation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker 0d7702c3ee Minor change that makes life easier for static analyzers / compilers 2013-10-29 16:18:35 +01:00
Paul Bakker 6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker 7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard 178d9bac3c Fix ECDSA corner case: missing reduction mod N 
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
 2013-10-29 13:40:17 +01:00
Paul Bakker 60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker 50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker 6a6087e71d Added missing inline definition for MSCV and ARM environments 2013-10-28 18:53:08 +01:00
Paul Bakker 7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker 1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker 3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard 1001e32d6f Fix return value of ecdsa_from_keypair() 2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard 21ef42f257 Don't select a PSK ciphersuite if no key available 2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard 3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Paul Bakker 45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker 677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard e68bf171eb Make get_zeros_padding() constant-time 2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard 6c32990114 Make get_one_and_zeros_padding() constant-time 2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard d17df51277 Make get_zeros_and_len_padding() constant-time 2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard f8ab069d6a Make get_pkcs_padding() constant-time 2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard a8a25ae1b9 Fix bad error codes 2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard 7109624aef Skip MAC computation/check when GCM is used 2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard 8866591cc5 Don't special-case NULL cipher in ssl_tls.c 2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard 126a66f668 Simplify switching on mode in ssl_tls.c 2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard 98d9a2c061 Fix missing or wrong ciphersuite definitions 2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard 6fb0f745be Rank GCM before CBC in ciphersuite_preference 2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard 8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard e0dca4ad78 Cipher layer: check iv_len more carefully 2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard dae7093875 gcm_selftest depends on AES 2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard 87181d1deb Add Camellia-GCM to th cipher layer 2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard 13e0d449f7 Add Camellia-GCM test vectors 
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
 2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard 9fcceac943 Add a comment about modules coupling 2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard b21c81fb41 Use less memory in fix_negative() 2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard cae6f3ed45 Reorganize code in ecp.c 2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard 5779cbe582 Make mod_p{224,256,384] a bit faster 
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
 2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard c04c530a98 Make NIST curves optimisation an option 2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard 0f9149cb0a Add mod_p384 2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard ec655c908c Add mod_p256 2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard 210b458ddc Document and slightly reorganize mod_pXXX 2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard 2a08c0debc mod_p224 now working with 8-bit and 16-bit ints 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard a47e7058ea mod_p224 now endian-neutral 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard e783f06f73 Start working on mod_p224 
(Prototype, works only on 32-bit and little-endian 64-bit.)
 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard cc67aee9c8 Make ecp_mod_p521 a bit faster 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard c9e387ca9e Optimize ecp_modp() 
Makes it 22% faster, for a 5% gain on ecp_mul()
 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard d1e7a45fdd Rework ecp_mod_p192() 
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
 2013-10-23 13:24:55 +02:00
Paul Bakker 6888167e73 Forced cast to prevent MSVC compiler warning 2013-10-15 13:24:01 +02:00
Paul Bakker 5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker 376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker bbc1007c50 Convert SOCKET to int to prevent compiler warnings under MSVC. 
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
 2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard 59b9fe28f0 Fix bug in psk_identity_hint parsing 2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard bac0e3b7d2 Dependency fixes 2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard 09258b9537 Refactor parse_server_key_exchange a bit 2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard 8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard ef0eb1ebd8 Add two missing RSA-PSK ciphersuites 2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard 0fae60bb71 Implement RSA-PSK key exchange 2013-10-14 19:34:48 +02:00
Paul Bakker be089b0483 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2013-10-14 15:51:50 +02:00
Paul Bakker b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard 057e0cf263 Fix ciphersuites dependencies on MD5 and SHA1 2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard 1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard 72fb62daa2 More *-PSK refactoring 2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard bd1ae24449 Factor PSK pms computation to ssl_tls.c 2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard b59d699a65 Fix bugs in ECDHE_PSK key exchange 2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard 225d6aa786 Add ECDHE_PSK ciphersuites 2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard 3ce3bbdc00 Add support for ECDHE_PSK key exchange 2013-10-11 18:16:35 +02:00
Paul Bakker b887f1119e Removed return from error_strerror() 2013-10-11 15:24:31 +02:00
Paul Bakker beccd9f226 Explicit void pointer cast for buggy MS compiler 2013-10-11 15:20:27 +02:00
Paul Bakker 5191e92ecc Added missing x509write_crt_set_version() 2013-10-11 10:54:28 +02:00
Paul Bakker b7c13123de threading_set_own() renamed to threading_set_alt() 2013-10-11 10:51:32 +02:00
Paul Bakker 4aa40d4f51 Better support for MSVC 2013-10-11 10:49:24 +02:00
Paul Bakker b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Paul Bakker 1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker d61cc3b246 Possible naming collision in dhm_context 2013-10-11 09:38:49 +02:00
Paul Bakker fcc172138c Fixed const-correctness issues 2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard ae102995a7 RSA blinding: lock for a smaller amount of time 2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard 4d89c7e184 RSA blinding: check highly unlikely cases 2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard 971f8b84bb Fix compile errors with RSA_NO_CRT 2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard 9654fb156f Fix missing MSVC define 2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard 0cd6f98c0f Don't special-case a = -3, not worth it 2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard b8012fca5f Adjust dependencies 2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard 48ac3db551 Add OIDs for brainpool curves 2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard 0ace4b3154 Use much less variables in ecp_double_jac_gen() 2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard 1c4aa24df1 Add brainpool support for ecp_mul() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard cd7458aafd Support brainpool curves in ecp_check_pubkey() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard a070ada6d4 Add brainpool curves to ecp_use_kown_dp() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard cec4a53c98 Add domain parameters for Brainpool curves 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard 8195c1a567 Add identifiers for Brainpool curves 2013-10-10 12:56:00 +02:00
Paul Bakker c9965dca27 RSA blinding threading support 2013-09-29 15:02:11 +02:00
Paul Bakker 1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker f4e7dc50ea entropy_func() threading support 2013-09-29 15:02:07 +02:00
Paul Bakker 1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker c55988406f SSL Cache threading support 2013-09-28 15:24:59 +02:00
Paul Bakker 2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Paul Bakker bf796acf07 Added implementation for memory_buffer_set_verify() 2013-09-28 11:08:44 +02:00
Paul Bakker caa3af47c0 Handle missing curve extension correctly in ssl_parse_client_hello() 2013-09-28 11:08:43 +02:00
Paul Bakker f18084a201 Ready for 1.3.0 release 2013-09-26 10:07:09 +02:00
Paul Bakker ca9c87ed2b Removed possible cache-timing difference for pad check 2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard cb99bdb27e Client: if no cert, send empty cert list 2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard 641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard 8372454615 Rework SNI to fix memory issues 2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard 482a2828e4 Offer both EC and RSA in certs.c, RSA first 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard 4618459fa1 Update EC certificates in certs.c 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard 705fcca409 Adapt support for SNI to recent changes 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard d09453c88c Check our ECDSA cert(s) against supported curves 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard f24b4a7316 Interface change in ECP info functions 
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard f71e587c5e Fix memory leak in ssl cipher usage 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 834ea8587f Change internal structs for multi-cert support 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard 164d894b9a Fix: session start time wasn't set server side 2013-09-23 23:00:50 +02:00
Paul Bakker 3cf63edc44 Typo in Windows error code in x509_crt.c 2013-09-23 15:10:16 +02:00
Paul Bakker c27c4e2efb Support faulty X509 v1 certificates with extensions 
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
 2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard fe28646f72 Fix references to x509parse in config.h 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 1a483833b3 SSL_TLS doesn't depend on PK any more 
(But PK does depend on RSA or ECP.)
 2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard 34ced2dffe Fix mis-sized buffer 
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
 2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard 4fee79b885 Fix some more depend issues 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard 387a211fad Fix some dependencies in tests 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard 1032c1d3ec Fix some dependencies and warnings in small config 2013-09-19 10:49:00 +02:00
Paul Bakker 5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Paul Bakker 6db455e6e3 PSK callback added to SSL server 2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard ff29f9c825 Compute public key if absent when reading EC key 2013-09-18 16:13:02 +02:00
Manuel Pégourié-Gonnard da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard dace82f805 Refactor cipher information management 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard a310459f5c Fix a few things that broke with RSA compiled out 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 161ef968db Cache pre-computed points for ecp_mul() 
Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a
preparation for fixed-point mult (a few prototypes changed in constness).
 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard a79d123a55 Make ecp_supported_curves constant 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard 51451f8d26 Replace EC flag with ssl_ciphersuite_uses_ec() 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard 15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard c83e418149 Prepare for ECDH point blinding just in case 2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard c972770f78 Prepare ecp_group for future extensions 2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard 456d3b9b0b Make ECP error codes more specific 2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard 568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard 7038039f2e Dissociate TLS and internal EC curve identifiers 
Allows to add new curves before they get a TLS number
 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard a97c015f89 Rm useless/wrong DHM lenght test 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard 4cf0686d6d Remove spurious '+ 3' in ecdsa_write_signature() 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard dd0f57f186 Check key size in cipher_setkey() 2013-09-18 14:34:32 +02:00
Paul Bakker b6b0956631 Rm of memset instead of x509_crt_init() 2013-09-18 14:32:52 +02:00
Paul Bakker c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker 9556d3d650 Renamed x509_crt_write.c and x509_csr_write.c 2013-09-18 13:50:13 +02:00
Paul Bakker ddf26b4e38 Renamed x509parse_* functions to new form 
e.g. x509parse_crtfile -> x509_crt_parse_file
 2013-09-18 13:46:23 +02:00
Paul Bakker 369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker 86d0c1949e Generalized function names of x509 functions not parse-specific 
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
 2013-09-18 12:01:42 +02:00
Paul Bakker 5187656211 Renamed X509 / X509WRITE error codes to generic (non-cert-specific) 2013-09-17 14:36:05 +02:00
Paul Bakker 36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker e9e6ae338b Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug 2013-09-16 22:55:51 +02:00
Paul Bakker da7711594e Changed pk_parse_get_pubkey() to pk_parse_subpubkey() 2013-09-16 22:45:03 +02:00
Paul Bakker d1a983fe77 Removed x509parse key functions and moved them to compat-1.2.h 2013-09-16 22:26:53 +02:00
Paul Bakker 7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker 77e23fb0e0 Move *_pemify() function to PEM module 2013-09-15 20:03:26 +02:00
Paul Bakker 40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker 3e41fe8938 Remove printf when RSA selftest is skipped 2013-09-15 17:42:50 +02:00
Paul Bakker dce7fdcbc9 Fixed warnings in case POLARSSL_PEM_C is not defined 2013-09-15 17:15:26 +02:00
Paul Bakker 2292d1fad0 Fixed warnings in case POLARSSL_X509_PARSE_C is not defined 2013-09-15 17:06:49 +02:00
Paul Bakker 4606c7317b Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C 2013-09-15 17:04:23 +02:00
Paul Bakker c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker 1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard 92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard 989ed38de2 Make CBC an option, step 2: cipher layer 2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard f7dc378ead Make CBC an option, step 1: ssl ciphersuites 2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard b72b4edec1 Fix memory leak in DHM 2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard 4fe9200f47 Fix memory leak in GCM by adding gcm_free() 2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard 735b8fcb0b Fix blunder in 8a109f1 2013-09-13 12:57:23 +02:00
Paul Bakker 9013af76a3 Merged major refactoring of x509write module into development 
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
 2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard bb323ffc7c Complete EC support in x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 53c642504e Use PK internally for x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 6de63e480d Add EC support to x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard 7f1f0926e4 Add test for x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard 0088c69fbf Complete x509write_csr support for EC key 
No automated test yet (complicated by the fact that ECDSA signatures are not
deterministic), tested using cert_req (and openssl for verification).
 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard edda9041fc Adapt asn1_write_algorithm_identifier() to params 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard 3837daec9e Add EC support to x509write_pubkey 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard e1f821a6eb Adapt x509write_pubkey interface to use PK 
key_app_writer will be fixed later
 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 8053da4057 x509write_csr() now fully using PK internally 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard d4eb5b5196 Add references 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 27d87fa6c4 Fix many off-by-one errors 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 6dcf0bfcf4 Use x509write_pubkey_der() when applicable 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 5353a03eb9 x509write_csr using PK internally (WIP) 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 85dfe08b31 Merge duplicated else/#else branch 2013-09-12 11:57:00 +02:00
Paul Bakker 18f0341aed Typo in comments in ctr_drbg.c 2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard da7317ed00 Use asn1_free_named_data_list() when relevant 2013-09-10 15:52:52 +02:00
Paul Bakker c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker 36b7e1efe7 Merged GCM refactoring into development 
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
 2013-09-10 14:41:05 +02:00
Paul Bakker 2a6a3a7e69 Better checking on cipher_info_from_values() 2013-09-10 14:29:28 +02:00
Paul Bakker a0558e0484 Check that the cipher GCM receives is a 128-bit-based cipher 2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard 8a109f106d Optimize RSA blinding by caching-updating values 2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard ea53a55c0f Refactor to prepare for RSA blinding optimisation 2013-09-10 13:55:35 +02:00
Paul Bakker 1c3853b953 oid_get_oid_by_*() now give back oid length as well 2013-09-10 11:43:44 +02:00
Paul Bakker 003dbad250 Fixed file descriptor leak in x509parse_crtpath() 2013-09-09 17:26:14 +02:00
Paul Bakker a5943858d8 x509_verify() now case insensitive for cn (RFC 6125 6.4) 2013-09-09 17:21:45 +02:00
Paul Bakker f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker d4bf870ff5 Allow spaces after the comma when converting X509 names 2013-09-09 13:59:11 +02:00
Paul Bakker 52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Paul Bakker 5f45e62afe Migrated from x509_req_name to asn1_named_data structure 2013-09-09 12:02:36 +02:00
Paul Bakker c547cc992e Added generic asn1_free_named_data_list() 2013-09-09 12:01:23 +02:00
Paul Bakker 59ba59fa30 Generalized x509_set_extension() behaviour to asn1_store_named_data() 2013-09-09 11:34:44 +02:00
Paul Bakker 43aff2aec4 Moved GCM to use cipher layer instead of AES directly 2013-09-09 00:10:27 +02:00
Paul Bakker f46b6955e3 Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode) 2013-09-09 00:08:26 +02:00
Paul Bakker 5e0efa7ef5 Added POLARSSL_MODE_ECB to the cipher layer 2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard 9f5a3c4a0a Fix possible memory error. 2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard bfb355c33b Fix memory leak on missed session reuse 2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard bc4b7f08ba Fix possible race in ssl_list_ciphersuites() 
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
 2013-09-08 20:07:48 +02:00
Paul Bakker 9c208aabc8 Use ASN1_UTC_TIME in some cases 2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard 032c34e206 Don't use DH blinding for ephemeral DH 2013-09-07 13:06:27 +02:00
Paul Bakker 15162a054a Writing of X509v3 extensions supported 
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
 2013-09-06 19:27:21 +02:00
Paul Bakker 329def30c5 Added asn1_write_bool() 2013-09-06 16:34:38 +02:00
Paul Bakker 9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard d13a4099dd GCM ciphersuites using only cipher layer 2013-09-05 17:06:10 +02:00