Paul Bakker
e2ab84f4a1
Renamed error_strerror() to the less conflicting polarssl_strerror()
...
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8
Client and server now filter sent and accepted ciphersuites on minimum
...
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
b9d3cfa114
Split up GCM into a start/update/finish cycle
2013-06-26 15:08:29 +02:00
Paul Bakker
de65623f3e
PolarSSL 1.2.6 and PolarSSL 1.2.7 changes added to ChangeLog
2013-06-24 19:09:24 +02:00
Paul Bakker
248fff5369
PolarSSL 1.1.6 and PolarSSL 1.1.7 changed added to ChangeLog
2013-06-24 19:09:24 +02:00
Paul Bakker
73d4431ccd
Fixed parse error in ssl_parse_certificate_request()
2013-05-22 13:56:26 +02:00
Paul Bakker
b91c2b5782
PSK and DHE-PSK addition to ChangeLog
2013-04-19 20:47:26 +02:00
Paul Bakker
8f4ddaeea9
Ability to specify allowed ciphersuites based on the protocol version.
...
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b
)
Conflicts:
ChangeLog
library/ssl_srv.c
library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker
eff2e6d414
Fixed MPI assembly for ARM when -O2 is used
...
GCC with -O2 or higher also needs to now about 'cc' in the clobber list.
2013-04-11 17:13:22 +02:00
Paul Bakker
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
41c83d3f67
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
...
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
68884e3c09
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-03-13 14:48:32 +01:00
Paul Bakker
9b5798dc75
Modified ChangeLog to include explanations of last SSL module changes
2013-03-13 13:53:00 +01:00
Paul Bakker
90f042d4cb
Prepared for PolarSSL 1.2.6 release
2013-03-11 11:38:44 +01:00
Paul Bakker
fb1cbd3cea
Fixed assembly code for ARM (Thumb and regular) for some compilers
2013-03-06 18:14:52 +01:00
Paul Bakker
e81beda60f
The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
...
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.
As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
a35aa54967
Fixed whitespaces in ChangeLog
2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993
Re-added support for parsing and handling SSLv2 Client Hello messages
...
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.
It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b
Fixed net_bind() for specified IP addresses on little endian systems
2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5
Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt()
2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b
Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
...
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()
The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
e3e4a59622
Added bugfix line for previous fixes for MS Visual Studio
2013-03-06 18:01:02 +01:00
Paul Bakker
3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Paul Bakker
9d2bb658fc
Added PolarSSL 1.1.5 ChangeLog from 1.1 branch
2013-01-25 16:07:49 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae
Correctly handle CertificateRequest with empty DN list in <= TLS 1.1
2013-01-22 14:21:49 +01:00
Paul Bakker
21dca69ef0
Handle future version properly in ssl_write_certificate_request()
2013-01-03 11:41:08 +01:00
Paul Bakker
40628bad98
Memory leak when using RSA_PKCS_V21 operations fixed
2013-01-03 10:50:31 +01:00
Paul Bakker
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
Paul Bakker
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
Paul Bakker
7c90da9e75
Amended ChangeLog for client authentication fix
2012-11-23 14:02:40 +01:00
Paul Bakker
e667c98fb1
Added p_hw_data to ssl_context for context specific hardware acceleration data
2012-11-20 13:50:22 +01:00
Paul Bakker
1492633e54
Updated date for release
2012-11-20 10:58:09 +01:00
Manuel Pégourié-Gonnard
e44ec108be
Fixed segfault in mpi_shift_r()
...
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
34d8dbcc6d
- Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0)
2012-11-14 12:11:38 +00:00
Paul Bakker
b815682a48
- Updated Changelog for 1.2.1
2012-11-13 12:52:17 +00:00
Paul Bakker
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
Paul Bakker
f02c5642d0
- Allow R and A to point to same mpi in mpi_div_mpi
2012-11-13 10:25:21 +00:00
Paul Bakker
d9374b05d6
- Moved mpi_inv_mod() outside POLARSSL_GENPRIME
2012-11-02 11:02:58 +00:00
Paul Bakker
7a2538ee38
- Fixes for MSVC6
2012-11-02 10:59:36 +00:00
Paul Bakker
c9c5df98de
- Updated for PolarSSL 1.2.0
2012-10-31 13:55:27 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
4f024b7ba9
- Fixed for SPARC64
2012-10-30 07:29:57 +00:00
Paul Bakker
d5834bb394
- Added release text for 1.1.4 to ChangeLog
2012-10-02 14:38:56 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
995a215eac
- Added credits
2012-09-25 08:19:56 +00:00
Paul Bakker
d4c2bd79fe
- Added bug
2012-09-16 21:35:30 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
ec636f3bdd
- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
2012-09-09 19:17:02 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
535e97dbab
- Better checking for reading over buffer boundaries
...
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
3c16db9a10
- Fixed potential memory zeroization on miscrafted RSA key
2012-07-05 13:58:08 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
4f9a7bb7fd
- Added Thumb assembly optimizations
2012-07-02 08:36:36 +00:00
Paul Bakker
cefb396a77
- Handle empty certificate subject names
2012-06-27 11:51:09 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
e6ee41f932
- Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
...
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
5b37784f6d
- Updated with tickets
2012-05-16 07:57:36 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
6b906e5095
- Const correctness mpi_get_bit()
...
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
fad3893ead
- Added release notes for 1.1.2 and 1.1.3 to trunk
2012-05-08 09:04:04 +00:00
Paul Bakker
01cc394848
- Added commandline error code convertor (util/strerror)
2012-05-08 08:36:15 +00:00
Paul Bakker
430ffbe564
- Fixed potential heap corruption in x509_name allocation
2012-05-01 08:14:20 +00:00
Paul Bakker
4cf2b7f8bf
- Added name
2012-04-20 13:59:39 +00:00
Paul Bakker
84bef1db2c
- Fixed DHM length to correct one
2012-04-20 13:42:02 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
915940ef80
- Added TLS1.2
2012-04-18 14:21:32 +00:00
Paul Bakker
452d532955
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
2012-04-05 12:07:34 +00:00
Paul Bakker
7beceb2e2b
2012-03-22 14:19:49 +00:00
Paul Bakker
37824581b7
- Added Changelog for bugfix in mpi_cmp_mpi()
2012-03-22 14:10:22 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
bdb912db69
- Added preliminary ASN.1 buffer writing support
...
- Added preliminary X509 Certificate Request writing support
- Added key_app_writer example application
- Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
048d04ef4b
- AES code only check for Padlock once
2012-02-12 17:31:04 +00:00
Paul Bakker
1504af585c
- Removed redundant POLARSSL_DEBUG_MSG define
2012-02-11 16:17:43 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
99955bf86a
- Final changes for 1.1.1 release
2012-01-23 09:31:41 +00:00
Paul Bakker
2ec0a56649
- Fixed issue with Intel compiler on 64-bit platforms
2012-01-21 05:41:23 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00