Commit graph

117 commits

Author SHA1 Message Date
Paul Bakker 6838bd1d73 Clarified threading issues 2013-09-30 15:24:33 +02:00
Paul Bakker 2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Manuel Pégourié-Gonnard cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Paul Bakker c27c4e2efb Support faulty X509 v1 certificates with extensions
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard fe28646f72 Fix references to x509parse in config.h 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 09fff7ee25 Cosmetics in config.h 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 1a483833b3 SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard 1032c1d3ec Fix some dependencies and warnings in small config 2013-09-19 10:49:00 +02:00
Paul Bakker f20ba4b7b6 Minor typo in config.h 2013-09-16 22:46:20 +02:00
Paul Bakker 7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker 4606c7317b Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C 2013-09-15 17:04:23 +02:00
Manuel Pégourié-Gonnard 92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard f7dc378ead Make CBC an option, step 1: ssl ciphersuites 2013-09-13 15:37:03 +02:00
Paul Bakker 9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard 0237620a78 Fix some dependencies declaration 2013-09-12 11:57:02 +02:00
Paul Bakker dcbfdcc177 Updated doxygen documentation in header files and HTML pages 2013-09-10 16:16:50 +02:00
Paul Bakker eba3ccf785 Typo in config.h 2013-09-09 15:56:09 +02:00
Paul Bakker 48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker 577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard 51be559c53 Fix PKCS#11 deps: now goes through PK 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard c40b4c3708 Add configuration item for the PK module 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 32ea60a127 Declare ECDSA key exchange and ciphersuites
Also fix bug in ssl_list_ciphersuites().

For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Paul Bakker 0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker fb08fd2e23 Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available 2013-08-27 15:06:54 +02:00
Manuel Pégourié-Gonnard 4846f5ecbc ecdsa now depends on ASN.1 parse & write 2013-08-20 20:04:16 +02:00
Paul Bakker 04784f57e4 Added config check for SSL/TLS module that depends on cipher layer 2013-08-19 13:31:39 +02:00
Paul Bakker 59da0a46a4 Added config check for POLARSSL_SSL_SESSION_TICKETS 2013-08-19 13:27:17 +02:00
Paul Bakker 1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker 05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker 606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Paul Bakker a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Paul Bakker 48e93c84b7 Made padding modes configurable from config.h 2013-08-14 14:02:48 +02:00
Paul Bakker fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker ecd54fb897 Disable POLARSSL_TIMING_C by default (only required for HAVEGE) 2013-07-03 17:22:31 +02:00
Paul Bakker 6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker 9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker 5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker e2ab84f4a1 Renamed error_strerror() to the less conflicting polarssl_strerror()
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker b0713c7e1f Updated PKCS#12 define dependencies
(cherry picked from commit 602c31be23)
2013-06-25 15:06:54 +02:00
Paul Bakker 9bcf16c55d Centralized module option values in config.h
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
(cherry picked from commit 6fa5488779)

Conflicts:
	include/polarssl/config.h
2013-06-25 15:06:53 +02:00
Paul Bakker b0c19a4b3d PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module.
(cherry picked from commit 19bd297dc8)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker 90995b5ce3 Added mechanism to provide alternative cipher / hash implementations
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043)
2013-06-25 15:06:51 +02:00
Paul Bakker f1f21fe825 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a8)

Conflicts:
	scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker 2a84424a35 Disabled the HAVEGE random generator by default
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
(cherry picked from commit 08f06cf49f)
2013-06-24 19:09:24 +02:00
Paul Bakker 45bda90caa Comments for extra PSK ciphersuites added to config.h 2013-04-19 22:28:21 +02:00
Paul Bakker 48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker e07f41d4be Introduced defines to control availability of specific SSL Key Exchange
methods.

Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
2013-04-19 09:08:57 +02:00
Paul Bakker 7ad00f9808 Sanity checks added to config.h
At the end of config.h sanity checks have been added to check for
prerequisites in the different module dependencies
2013-04-18 23:12:34 +02:00