mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-01 08:15:50 +00:00

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	d9e6a3ac10	Rename pk_init_ctx() -> pk_setup()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	d4f04dba42	net.c now depends on select() unconditionally	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	a63bc94a2d	Remove timing_m_sleep() -> net_usleep()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	e94bfe6cd6	Improve entropy selftest: check default sources	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	151dc77732	Fix some old names that remained - most in doxygen doc that was never renamed - some re-introduced in comments/doc/strings by me	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	8473f87984	Rename cipher_init_ctx() to cipher_setup()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	0de074fbc1	Use rarely used conf function to cover them	2015-05-14 12:58:01 +02:00
Manuel Pégourié-Gonnard	66dc5555f0	mbedtls_ssl_conf_arc4_support() depends on ARC4_C	2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard	6ab9b009cd	Fix warnings from armcc	2015-05-14 11:37:52 +02:00
Manuel Pégourié-Gonnard	545102ef1d	No timer -> to timeout (optional for TLS)	2015-05-13 17:31:48 +02:00
Manuel Pégourié-Gonnard	286a136e63	SSL timer fixes: not DTLS only, start cancelled	2015-05-13 17:18:59 +02:00
Nicholas Wilson	bc07c3a1f0	fix minor bug in path_cnt checks If the top certificate occurs twice in trust_ca (for example) it would not be good for the second instance to be checked with check_path_cnt reduced twice!	2015-05-13 10:40:30 +01:00
Manuel Pégourié-Gonnard	e3c41ad8a4	Use the new timer callback API in programs	2015-05-13 10:04:32 +02:00
Manuel Pégourié-Gonnard	2e01291739	Prepare the SSL modules for using timer callbacks	2015-05-13 09:43:39 +02:00
Manuel Pégourié-Gonnard	ca3bdc5632	Add mbedtls_timing_set/get_delay()	2015-05-12 20:45:34 +02:00
Manuel Pégourié-Gonnard	8903fe0fd3	Define timing_selftest() even with TIMING_ALT	2015-05-12 19:30:45 +02:00
Manuel Pégourié-Gonnard	a27b1979dc	Update generated file	2015-05-12 16:09:34 +02:00
Manuel Pégourié-Gonnard	31993f271d	Add per-function override for AES	2015-05-12 15:41:08 +02:00
Manuel Pégourié-Gonnard	70a5010783	Create function-level MBETLS_DES_xxx_ALT	2015-05-12 15:17:15 +02:00
Manuel Pégourié-Gonnard	0fe1f6d97e	Remove debug line from selftest Happened to cause a warning about %x vs uint32_t with arm-none-eabi-gcc 4.9 in addition to being useless	2015-05-12 13:22:02 +02:00
Manuel Pégourié-Gonnard	eecb43cf0b	Manually merge doc fixes from 1.3	2015-05-12 12:56:41 +02:00
Manuel Pégourié-Gonnard	48647b9255	Merge remote-tracking branch 'nw/misc' into mbedtls-1.3 * nw/misc: Typos and doc additions	2015-05-12 12:48:12 +02:00
Manuel Pégourié-Gonnard	0ece0f94f2	Fix checks for nul-termination	2015-05-12 12:43:54 +02:00
Manuel Pégourié-Gonnard	24083d61a0	Fix bug in certs.c Revealed by the recent PEM changes	2015-05-12 12:26:14 +02:00
Manuel Pégourié-Gonnard	ec4b08957f	Fix issue in ssl_free() vs ssl_config_free() Just an overlook from moving things recently	2015-05-12 12:22:36 +02:00
Manuel Pégourié-Gonnard	49f5eb9b41	Better NULL checks in debug In case we exit early, like before ssl_setup() was called	2015-05-12 12:19:09 +02:00
Manuel Pégourié-Gonnard	43b37cbc92	Fix use of pem_read_buffer() in PK, DHM and X509	2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard	2088ba6d30	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Update Changelog for recent contribution Perf: rewrite of ecp_double_jac Conflicts: library/ecp.c	2015-05-12 10:36:26 +02:00
Manuel Pégourié-Gonnard	7010e4688f	Merge remote-tracking branch 'peterdettman/perf-ecp-double-jac' into mbedtls-1.3 * peterdettman/perf-ecp-double-jac: Perf: rewrite of ecp_double_jac	2015-05-11 20:26:47 +02:00
Manuel Pégourié-Gonnard	e6ef16f98c	Change X.509 verify flags to uint32_t	2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard	4cba1a737d	Avoid debug flooding with non-blocking reads	2015-05-11 18:52:25 +02:00
Manuel Pégourié-Gonnard	e3a062ba1f	Rename ecp_use_known_dp -> mbedtls_ecp_group_load()	2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard	56cc88a796	Rm ecp_add() and add ecp_muladd()	2015-05-11 18:40:45 +02:00
Manuel Pégourié-Gonnard	6dde596a03	Remove ecp_sub()	2015-05-11 18:18:32 +02:00
Manuel Pégourié-Gonnard	aff37e5aa1	Remove ecp_group_read_string()	2015-05-11 18:11:57 +02:00
Manuel Pégourié-Gonnard	55fab2de5d	Fix a few more #ifdef's	2015-05-11 17:54:38 +02:00
Manuel Pégourié-Gonnard	8b431fbbec	Fix dependency issues	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	ccc302692a	Fix bug introduced when splitting init functions	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	06939cebef	Fix order of ssl_conf vs ssl_setup in programs Except ssl_phtread_server that will be done later	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	01e5e8c1f8	Change a few ssl_conf return types to void	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	6729e79482	Rename ssl_set_xxx() to ssl_conf_xxx()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	22bfa4bb53	Add ssl_set_hs_ca_chain()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	1897af9e93	Make conf const inside ssl_context (finally)	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	17a40cd255	Change ssl_own_cert to work on ssl_config	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	1af6c8500b	Add ssl_set_hs_own_cert()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	8f618a8e65	Rework ssl_set_own_cert() internals	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	120fdbdb3d	Change ssl_set_psk() to act on ssl_config	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	4b68296626	Use a specific function in the PSK callback	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	0a4fb09534	Make xxx_drbg_random() thread-safe	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	750e4d7769	Move ssl_set_rng() to act on config	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	5cb3308e5f	Merge contexts for session cache	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	ae31914990	Rename ssl_legacy_renegotiation() to ssl_set_...	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	662c6e8cdd	Disable truncated HMAC by default	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	1028b74cff	Upgrade default DHM params size	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	8836994f6b	Move WANT_READ/WANT_WRITE codes to SSL	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	1b511f93c6	Rename ssl_set_bio_timeout() to set_bio() Initially thought it was best to keep the old function around and add a new one, but this so many ssl_set_xxx() functions are changing anyway...	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	97fd52c529	Split ssl_set_read_timeout() out of bio_timeout()	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	bc2b771af4	Move ssl_set_ca_chain() to work on config	2015-05-11 12:33:26 +02:00
Nicholas Wilson	d0fa5ccbb0	Typos and doc additions	2015-05-11 10:44:11 +01:00
Manuel Pégourié-Gonnard	ba26c24769	Change how hostname is stored internally	2015-05-07 10:19:14 +01:00
Manuel Pégourié-Gonnard	2b49445876	Move session ticket keys to conf This is temporary, they will soon be replaced by callbacks. !!! In this intermediate step security is removed !!!	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	684b0592cb	Move ssl_set_fallback() to work on conf Initially thought it would be per-connection, but since max_version is in conf too, and you need to lower that for a fallback connection, the fallback flag should be in the same place	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	6bf89d6ad9	Move ssl_set_max_fragment_len to work on conf	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	17eab2b65c	Move set_cbc_record_splitting() to conf	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	d36e33fc07	Move easy ssl_set_xxx() functions to work on conf mbedtls_ssl_set_alpn_protocols mbedtls_ssl_set_arc4_support mbedtls_ssl_set_authmode mbedtls_ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites_for_version mbedtls_ssl_set_curves mbedtls_ssl_set_dbg mbedtls_ssl_set_dh_param mbedtls_ssl_set_dh_param_ctx mbedtls_ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_cookies mbedtls_ssl_set_encrypt_then_mac mbedtls_ssl_set_endpoint mbedtls_ssl_set_extended_master_secret mbedtls_ssl_set_handshake_timeout mbedtls_ssl_legacy_renegotiation mbedtls_ssl_set_max_version mbedtls_ssl_set_min_version mbedtls_ssl_set_psk_cb mbedtls_ssl_set_renegotiation mbedtls_ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_period mbedtls_ssl_set_session_cache mbedtls_ssl_set_session_ticket_lifetime mbedtls_ssl_set_sni mbedtls_ssl_set_transport mbedtls_ssl_set_truncated_hmac mbedtls_ssl_set_verify	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	419d5ae419	Make endpoint+transport args of config_defaults()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	def0bbe3ab	Allocate ssl_config out of ssl_setup()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	cd523e2a5e	Introduce mbedtls_ssl_config_{init,defaults,free}()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	7ca4e4dc79	Move things to conf substructure A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet.	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	9f145de4dc	Fix merge issue from 1.3 branch	2015-05-04 15:03:50 +02:00
Manuel Pégourié-Gonnard	e36d56419e	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: fix bug in ssl_mail_client Adapt compat.sh to GnuTLS 3.4 Fix undefined behaviour in x509 Conflicts: programs/ssl/ssl_mail_client.c tests/compat.sh	2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard	159c524df8	Fix undefined behaviour in x509	2015-04-30 11:21:18 +02:00
Manuel Pégourié-Gonnard	da61ed3346	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Include changes from the 1.2 branch Remove unused headers in o_p_test Add countermeasure against cache-based lucky 13 Make results of (ext)KeyUsage accessible Fix missing NULL check in MPI Fix detection of getrandom() Fix "make install" handling of symlinks Fix bugs in programs displaying verify flags Conflicts: Makefile include/polarssl/ssl.h library/entropy_poll.c library/ssl_srv.c library/ssl_tls.c programs/test/o_p_test.c programs/test/ssl_cert_test.c programs/x509/cert_app.c	2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard	7d1e95c991	Add countermeasure against cache-based lucky 13	2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard	e16b62c3a9	Make results of (ext)KeyUsage accessible	2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard	770b5e1e9e	Fix missing NULL check in MPI	2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard	d97828e7af	Fix detection of getrandom()	2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard	8a81e84638	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Add countermeasure against cache-based lucky 13 Conflicts: library/ssl_tls.c	2015-04-29 02:13:42 +02:00
Manuel Pégourié-Gonnard	1e2eae02cb	Adapt pthread implementation to recent changes	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	eab147c4d0	Rename pkcs11_xxx_init() to bind()	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	69a69cc5ae	memory_buffer_alloc_init() now returns void	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	41d479e7df	Split ssl_init() -> ssl_setup()	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	47fede0d6d	Add countermeasure against cache-based lucky 13	2015-04-29 01:35:48 +02:00
Manuel Pégourié-Gonnard	8d128efd48	Split mbedtls_ctr_drbg_init() -> seed()	2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard	f9e9481bc5	Split mbedtls_hmac_drbg_init() -> seed{,_buf}()	2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard	c34e8dd265	Split mbedtls_gcm_init() -> gcm_setkey()	2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard	6963ff0969	Split mbedtls_ccm_init() -> setkey()	2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard	bdd7828ca0	Always check return status of mutex_(un)lock()	2015-04-24 14:43:24 +02:00
Manuel Pégourié-Gonnard	331ba5778a	Fix some additional renaming issues	2015-04-20 12:33:57 +01:00
Manuel Pégourié-Gonnard	e6028c93f5	Fix some X509 macro names For some reason, during the great renaming, some names that should have been prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_	2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard	e6efa6f54e	manually merge `9f98251` make extKeyUsage accessible	2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard	b5f48ad82f	manually merge `39a183a` add x509_crt_verify_info()	2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard	144bc224e9	Merge branch 'mbedtls-1.3' into development * commit 'a2fce21': Fix potential NULL dereference on bad usage Conflicts: library/ssl_tls.c	2015-04-17 20:39:07 +02:00
Manuel Pégourié-Gonnard	53c76c07de	Merge branch 'mbedtls-1.3' into development * commit 'ce60fbe': Fix potential timing difference with RSA PMS Update Changelog for recent merge Added more constant-time code and removed biases in the prime number generation routines. Conflicts: library/bignum.c library/ssl_srv.c	2015-04-17 20:19:32 +02:00
Manuel Pégourié-Gonnard	de9b363fbd	Merge branch mbedtls-1.3 into development * commit '95f0089': Update Changelog for DH params Add test case for dh params with privateValueLength accept PKCS#3 DH parameters with privateValueLength included Conflicts: library/dhm.c	2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard	9f98251e72	Make results of (ext)KeyUsage accessible	2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard	39a183a629	Add x509_crt_verify_info()	2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard	a2fce21ae5	Fix potential NULL dereference on bad usage	2015-04-15 21:04:19 +02:00
Manuel Pégourié-Gonnard	ce60fbeb30	Fix potential timing difference with RSA PMS	2015-04-15 16:56:28 +02:00
Manuel Pégourié-Gonnard	aac657a1d3	Merge remote-tracking branch 'pj/development' into mbedtls-1.3 * pj/development: Added more constant-time code and removed biases in the prime number generation routines.	2015-04-15 14:12:59 +02:00
Daniel Kahn Gillmor	2ed81733a6	accept PKCS#3 DH parameters with privateValueLength included library/dhm.c: accept (and ignore) optional privateValueLength for PKCS#3 DH parameters. PKCS#3 defines the ASN.1 encoding of a DH parameter set like this: ---------------- DHParameter ::= SEQUENCE { prime INTEGER, -- p base INTEGER, -- g privateValueLength INTEGER OPTIONAL } The fields of type DHParameter have the following meanings: o prime is the prime p. o base is the base g. o privateValueLength is the optional private-value length l. ---------------- See: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc This optional parameter was added in PKCS#3 version 1.4, released November 1, 1993. dhm.c currently doesn't cope well with PKCS#3 files that have this optional final parameter included. i see errors like: ------------ dhm_parse_dhmfile returned -0x33E6 Last error was: -0x33E6 - DHM - The ASN.1 data is not formatted correctly : ASN1 - Actual length differs from expected lengt ------------ You can generate PKCS#3 files with this final parameter with recent versions of certtool from GnuTLS: certtool --generate-dh-params > dh.pem	2015-04-15 13:27:13 +02:00
Manuel Pégourié-Gonnard	862d503c01	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Fix typos in Changelog Fix macro name from wrong branch Fix bug in pk_parse_key() Fixed typos Updated Travis CI config for mbedtls project Conflicts: include/mbedtls/ecp.h include/polarssl/compat-1.2.h include/polarssl/openssl.h include/polarssl/platform.h library/pkparse.c programs/pkey/mpi_demo.c	2015-04-15 11:30:46 +02:00
Manuel Pégourié-Gonnard	e6c8366b46	Fix bug in pk_parse_key()	2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard	e1e5871a55	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Fix bug in pk_parse_key() Update generated file Conflicts: library/pkparse.c library/version_features.c	2015-04-15 10:50:34 +02:00
Manuel Pégourié-Gonnard	924cd100a6	Fix bug in pk_parse_key()	2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard	975d5fa206	Remove option HAVE_LONGLONG	2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard	7b53889f05	Remove support for HAVE_INT8 and HAVE_INT16	2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard	b31424c86a	Make HAVE_IPV6 non-optional	2015-04-09 16:42:38 +02:00
Manuel Pégourié-Gonnard	dbd60f72b1	Update generated file	2015-04-09 16:35:54 +02:00
Manuel Pégourié-Gonnard	8408a94969	Remove MBEDTLS_ from internal macros	2015-04-09 13:52:55 +02:00
Manuel Pégourié-Gonnard	e546ad4afd	Fix comment generated by generate_errors.pl	2015-04-08 20:27:02 +02:00
Manuel Pégourié-Gonnard	2cf5a7c98e	The Great Renaming A simple execution of tmp/invoke-rename.pl	2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard	df791a51f6	Simplify net_htonx()	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	932e3934bd	Fix typos & Co	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	62edcc8176	Document POLARSSL_CAMELLIA_SMALL_MEMORY	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	07ec1ddd10	Fix bug with ssl_set_curves() check on client	2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard	a5cc2aa769	Fix bug in POLARSSL_PLATFORM_STD_EXIT support	2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard	29f777ef54	Fix bug with ssl_set_curves() check on client	2015-04-03 17:57:59 +02:00
Manuel Pégourié-Gonnard	32a7fe3fec	Fix bug in POLARSSL_PLATFORM_STD_EXIT support	2015-04-03 17:56:30 +02:00
Manuel Pégourié-Gonnard	998930ae0d	Replace non-ascii characters in source files	2015-04-03 13:48:06 +02:00
Manuel Pégourié-Gonnard	eadda3f3ad	Add missing #ifdef in ecdsa.c	2015-04-03 13:15:34 +02:00
Manuel Pégourié-Gonnard	2bc16df2f4	Update generated file	2015-04-03 13:04:56 +02:00
Manuel Pégourié-Gonnard	f1d2f7c456	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Fix bug in Via Padlock support Fix portability issue in Makefile	2015-04-02 12:44:00 +01:00
Manuel Pégourié-Gonnard	cf201201e6	Fix bug in Via Padlock support	2015-04-02 10:53:59 +01:00
Manuel Pégourié-Gonnard	427b672551	Add XXX_PROCESS_ALT mecchanism	2015-03-31 18:32:50 +02:00
Manuel Pégourié-Gonnard	26c9f90cae	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Add missing depends in x509 programs Simplify ifdef checks in programs/x509 Fix thread safety issue in RSA operations Add test certificate for bitstring in DN Add support for X.520 uniqueIdentifier Accept bitstrings in X.509 names	2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard	8c8be1ebbb	Change default min TLS version to TLS 1.0	2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard	d16df8f60a	Cleanup unused bit in ssl Became unused when removing deprecated ssl_set_own_cert_xxx() functions	2015-03-31 14:04:51 +02:00
Manuel Pégourié-Gonnard	348bcb3694	Make RSA_ALT support optionnal	2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard	8fce937a1a	Simplify ecdsa_context	2015-03-31 13:06:41 +02:00
Manuel Pégourié-Gonnard	49ce6f0973	Fix constness of asn1_write_mpi()	2015-03-31 13:05:39 +02:00
Manuel Pégourié-Gonnard	dfdcac9d51	Merge ecdsa_write_signature{,_det}() together	2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard	63e931902b	Make a helpful constant public	2015-03-31 11:15:48 +02:00
Manuel Pégourié-Gonnard	b8cfe3f0d9	pk_sign() now requires non-NONE md_alg for ECDSA	2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard	fa44f20b9f	Change authmode default to Required on client	2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard	1d0ca1a336	Move key_usage to more that 8 bits	2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard	1022fed36e	Remove redundant sig_oid2 in x509 structures	2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard	a252af760f	Minor source simplification	2015-03-27 16:15:55 +01:00
Manuel Pégourié-Gonnard	88fca3ef0e	Fix thread safety issue in RSA operations The race was due to mpi_exp_mod storing a Montgomery coefficient in the context (RM, RP, RQ). The fix was verified with -fsanitize-thread using ssl_pthread_server and two concurrent clients. A more fine-grained fix should be possible, locking just enough time to check if those values are OK and set them if not, rather than locking for the whole mpi_exp_mod() operation, but it will be for later.	2015-03-27 15:12:05 +01:00
Manuel Pégourié-Gonnard	9409e0cea2	Add support for X.520 uniqueIdentifier	2015-03-27 13:03:54 +01:00
Manuel Pégourié-Gonnard	dd5dbcae90	Accept bitstrings in X.509 names	2015-03-27 13:03:09 +01:00
Manuel Pégourié-Gonnard	957b1ee96e	Fix per-C99 initializer issues	2015-03-27 11:56:40 +01:00
Manuel Pégourié-Gonnard	a958d69a70	Rename test_ca_list to test_cas_pem	2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard	2f165060f0	Start introducing test_cas NULL-terminated list	2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard	75f901006b	Add len constants to certs.c	2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard	e960818735	Check return value of the TLS PRF	2015-03-26 11:47:47 +01:00
Manuel Pégourié-Gonnard	b7fcca33b9	Make tls1_prf and tls12_prf more efficient Repeatedly allocating a context and setting the key was a waste	2015-03-26 11:41:28 +01:00
Manuel Pégourié-Gonnard	6890c6b64e	Factor tls_prf_sha{256,384} together	2015-03-26 11:11:49 +01:00
Manuel Pégourié-Gonnard	147fa097e2	Reintroduce md_init_ctx compatibility wrapper	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	abb674467b	Rename md_init_ctx() to md_setup()	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	a77edade0c	Clean up unneeded things	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	4063ceb281	Make hmac_ctx optional Note from future self: actually md_init_ctx will be re-introduced with the same signature later, and a new function with the additional argument will be added.	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	dfb3dc8b53	Make ipad/opad dynamic and more opaque	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	4da88c50c1	Remove specific xxx_hmac functions	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	7da726bb53	Remove calls to xxx_hmac() from SSL modules	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	0a8896ad6f	Remove references to xxx_hmac() from MD layer	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	8379a82a76	Implement hmac in the MD layer	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	ca878dbaa5	Make md_info_t an opaque structure - more freedom for us to change it in the future - enforces hygiene - performance impact of making accessors no longer inline should really be negligible	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	9325b26b42	Fix warning with mingw32 Apparently it thinks getsockopt()'s should be a char , while it's a void according to POSIX. Casting to void * avoids the warning.	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	9a65e80e4f	Properly mark ssl_set_bio() as deprecated	2015-03-25 18:09:46 +01:00
Manuel Pégourié-Gonnard	e424d0814d	Refresh generated file after merge	2015-03-23 14:31:50 +01:00
Manuel Pégourié-Gonnard	8a80318df2	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Update generated file Update Changelog for deprecation config flags Fix tests to work with DEPRECATED_REMOVED Add POLARSSL_DEPRECATED_{WARNING,REMOVED} Suppress clang warning we don't want	2015-03-23 14:31:25 +01:00
Manuel Pégourié-Gonnard	bf8f7febd8	Update generated file	2015-03-23 14:24:06 +01:00
Manuel Pégourié-Gonnard	c70581c272	Add POLARSSL_DEPRECATED_{WARNING,REMOVED}	2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard	85b6600ab2	Suppress clang warning we don't want	2015-03-23 12:03:49 +01:00
Manuel Pégourié-Gonnard	849b174e57	Disable RC4 by default in the library	2015-03-20 19:14:19 +00:00
Manuel Pégourié-Gonnard	391af97a71	Re-remove file after merge failure (my fault)	2015-03-20 18:31:01 +00:00
Manuel Pégourié-Gonnard	9395298d12	Fix use of deprecated function in the library	2015-03-20 18:23:52 +00:00
Manuel Pégourié-Gonnard	47723147f5	Remove functions deprecated in 1.3	2015-03-20 18:21:12 +00:00
Manuel Pégourié-Gonnard	9658391073	Fix use of deprecated function in the library	2015-03-20 18:19:32 +00:00
Manuel Pégourié-Gonnard	7c4e60fa7d	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Mark a few additional deprecations Use proper doxygen markup to mark deprecations Add -fdata-sections in memory.sh too	2015-03-20 17:30:31 +00:00
Manuel Pégourié-Gonnard	71432849ed	Use proper doxygen markup to mark deprecations	2015-03-20 17:26:50 +00:00
Manuel Pégourié-Gonnard	a78b218042	Fix contness of debug_print_buf()	2015-03-19 17:16:11 +00:00
Manuel Pégourié-Gonnard	6e0643762d	Reverse meaning of OID_CMP	2015-03-19 16:54:56 +00:00
Manuel Pégourié-Gonnard	852a6d3d8f	Rename ssl.renegotiation to ssl.renego_status	2015-03-19 16:15:20 +00:00
Manuel Pégourié-Gonnard	240b092a6c	Drop dummy self_test functions	2015-03-19 15:30:28 +00:00
Manuel Pégourié-Gonnard	8d92cedd11	Fix constness issue in pkcs5_pbes2()	2015-03-19 15:21:13 +00:00
Manuel Pégourié-Gonnard	0db107e4ba	Fix pk_can_do() constness issue	2015-03-19 14:01:57 +00:00
Manuel Pégourié-Gonnard	fa8aebcbcc	Fix a constness issue	2015-03-19 13:38:17 +00:00
Manuel Pégourié-Gonnard	35f1d7f0aa	Update signature of mpi_mul_mpi()	2015-03-19 12:42:40 +00:00
Manuel Pégourié-Gonnard	8ee08a259a	Update generated file	2015-03-13 16:33:40 +00:00
Manuel Pégourié-Gonnard	cc0d084820	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Actually use armcc for the armcc test ^^' Add more -O level variety in all.sh Document recent make changes build: Makefile: cleanup CFLAGS build: Makefile: cleanup LDFLAGS build: Makefile: simplify root Makefile build: Makefile: remove bashism Conflicts: programs/Makefile	2015-03-13 16:32:40 +00:00
Alon Bar-Lev	f7a9f30348	build: Makefile: cleanup CFLAGS CFLAGS are reserved for external interaction via make variable, the following should work: $ make CFLAGS="-O3" $ CFLAGS="-O3" make 1. Move internal flags to LOCAL_CFLAGS 2. Respect external CFLAGS 3. CFLAGS should be last compiler flags. 4. Default CFLAGS is -O optimization, remove OFLAGS. 5. Add WARNING_CFLAGS to control warning setting and enable to remove if compiler does not support flags. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-03-13 13:34:25 +00:00
Alon Bar-Lev	ada4105ba2	build: Makefile: cleanup LDFLAGS LDFLAGS are reserved for external interaction via make variable, the following should work: $ make LDFLAGS="-L/xxx" $ LDFLAGS="-L/xxx" make 1. Move internal flags to LOCAL_LDFLAGS 2. Respect external LDFLAGS 3. LDFLAGS should be last linkage flags. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-03-13 13:34:25 +00:00
Manuel Pégourié-Gonnard	a06d7fe3fe	Avoid possible spurious warning with gcc -Os Outline: if( condition ) foo = value; /* stuff that does not change condition / if( condition ) / use foo / else / don't use foo */ For some reason, it appears to only kick in with -Os with gcc 4.9.3	2015-03-13 11:14:31 +00:00
Pascal Junod	b99183dfc6	Added more constant-time code and removed biases in the prime number generation routines.	2015-03-11 16:49:45 +01:00
Manuel Pégourié-Gonnard	b6b16bddc3	Drop pbkdf2 module (superseded by pkcs5)	2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard	f9c1387b9d	Drop POLARSSL_ERROR_STRERROR_BC	2015-03-11 10:59:38 +00:00
Manuel Pégourié-Gonnard	57a26da593	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Use link-time garbage collection in memory.sh scripts/memory.sh only work on Linux Add missing 'const' on selftest data Use only headers for doxygen (no doc in C files) Add missing extern "C" guard in aesni.h Fix compile error with renego disabled Remove slow PKCS5 test Stop checking key-cert match systematically Make tests/*.sh runnable from anywhere Update visual C files	2015-03-11 10:30:21 +00:00
Manuel Pégourié-Gonnard	28122e4329	Add missing 'const' on selftest data	2015-03-11 09:13:42 +00:00
Manuel Pégourié-Gonnard	51bccd3889	Fix compile error with renego disabled	2015-03-10 16:09:08 +00:00
Manuel Pégourié-Gonnard	73ed39d4b1	Remove slow PKCS5 test	2015-03-10 15:59:22 +00:00
Manuel Pégourié-Gonnard	f427f8854a	Stop checking key-cert match systematically	2015-03-10 15:35:29 +00:00
Manuel Pégourié-Gonnard	69849f8595	Drop renego state from context if no renego support	2015-03-10 11:54:02 +00:00
Manuel Pégourié-Gonnard	d2b35ec3d3	Fix bug in no-renego option	2015-03-10 11:40:43 +00:00
Manuel Pégourié-Gonnard	9db41f0996	Refresh generated file	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	7f8099773e	Rename include directory to mbedtls	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	129db08c90	Rm polarssl compat targets from Makefiles	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	ed99d70309	Rename macro to avoid possible future collision	2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard	2f5a1b4e55	Rename SSL_RENEGOTIATION macro - new name is more explicit - avoids collision with POLARSSL_SSL_RENEGOTIATION config flag when prefixing will be applied	2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard	9b6699066e	Fix typos in macro names	2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard	e4d4890350	Finish renaming website	2015-03-06 13:40:52 +00:00
Manuel Pégourié-Gonnard	998897be3d	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Rename website and repository Move private macro from header to C file Add some missing 'static' on a few objects Fix whitespace issues Minor portability fix in benchmark	2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard	fe44643b0e	Rename website and repository	2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard	1dd1674559	Move private macro from header to C file	2015-03-06 12:01:27 +00:00
Manuel Pégourié-Gonnard	385069f17d	Add some missing 'static' on a few objects	2015-03-06 12:01:27 +00:00
Manuel Pégourié-Gonnard	cabf4b83ab	Merge branch 'development' into dtls * development: Fix -fPIC when cross-compiling to windows	2015-02-18 18:14:53 +00:00
Manuel Pégourié-Gonnard	02ba5785bf	Fix -fPIC when cross-compiling to windows	2015-02-18 13:42:26 +00:00
Manuel Pégourié-Gonnard	4e41c99ed8	Merge branch 'development' into dtls * development: Avoid possible dangling pointers Conflicts: library/ssl_tls.c	2015-02-18 10:39:49 +00:00
Manuel Pégourié-Gonnard	f7db5e0a4a	Avoid possible dangling pointers If the allocation fails, we don't really want ssl->in_ctr = 8 lying around.	2015-02-18 10:32:41 +00:00
Manuel Pégourié-Gonnard	cd4cd1dd26	Merge branch 'development' into dtls * development: Fix the fix to ssl_set_psk() Update Changelog Finish fixing memleak in ssl_server2 arg parsing Fix another potential memory leak found by find-mem-leak.cocci. Add a rule for another type of memory leak to find-mem-leak.cocci. Fix a potential memory leak found by find-mem-leak.cocci. Add a semantic patch to find potential memory leaks. Fix whitespace of `369e6c20`. Apply the semantic patch rm-malloc-cast.cocci. Add a semantic patch to remove casts of malloc.	2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard	f45850c493	Fix the fix to ssl_set_psk() - possible for the first malloc to fail and the second to succeed - missing = NULL assignment	2015-02-18 10:23:52 +00:00
Manuel Pégourié-Gonnard	ac08b543db	Merge remote-tracking branch 'rasp/mem-leak' into development * rasp/mem-leak: Fix another potential memory leak found by find-mem-leak.cocci. Add a rule for another type of memory leak to find-mem-leak.cocci. Fix a potential memory leak found by find-mem-leak.cocci. Add a semantic patch to find potential memory leaks. Fix whitespace of `369e6c20`. Apply the semantic patch rm-malloc-cast.cocci. Add a semantic patch to remove casts of malloc. Conflicts: programs/ssl/ssl_server2.c	2015-02-18 10:07:22 +00:00
Mansour Moufid	f81088bb80	Fix a potential memory leak found by find-mem-leak.cocci.	2015-02-17 13:10:21 -05:00
Manuel Pégourié-Gonnard	b251a20a7e	Merge branch 'development' into dtls * development: Fix missing/misplaced #include's	2015-02-17 15:48:15 +00:00
Manuel Pégourié-Gonnard	981732bb8e	Fix missing/misplaced #include's	2015-02-17 15:47:31 +00:00
Manuel Pégourié-Gonnard	394608ee00	Fix misplaced includes	2015-02-17 15:20:11 +00:00
Manuel Pégourié-Gonnard	d901d17817	Merge branch 'development' into dtls * development: (100 commits) Update Changelog for the mem-measure branch Fix issues introduced when rebasing Fix compile error in memory_buffer_alloc_selftest Code cosmetics Add curve25519 to ecc-heap.sh Add curve25519 to the benchmark program Fix compile issue when buffer_alloc not available New script ecc-heap.sh Fix unused variable issue in some configs Rm usunused member in private struct Add heap usage for PK in benchmark Use memory_buffer_alloc() in benchmark if available Only define mode_func if mode is enabled (CBC etc) PKCS8 encrypted key depend on PKCS5 or PKCS12 Disable SRV_C for client measurement Output stack+heap usage with massif Enable NIST_OPTIM by default for config-suite-b Refactor memory.sh Adapt memory.sh to config-suite-b Adapt mini-client for config-suite-b.h ... Conflicts: ChangeLog include/polarssl/net.h library/Makefile library/error.c library/ssl_tls.c programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/Makefile	2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard	491a3fe057	Fix compile error in memory_buffer_alloc_selftest	2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard	0da7b040d1	Rm usunused member in private struct	2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard	50da0482e0	Add heap usage for PK in benchmark	2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard	b8ca723154	Only define mode_func if mode is enabled (CBC etc)	2015-02-16 17:23:59 +00:00
Manuel Pégourié-Gonnard	a2424a045a	PKCS8 encrypted key depend on PKCS5 or PKCS12	2015-02-16 17:22:47 +00:00
Manuel Pégourié-Gonnard	aff2976d10	Merge branch 'build' into development * build: build: make: support windows cross compile	2015-02-16 15:26:09 +00:00
Manuel Pégourié-Gonnard	09eb14c01e	Revert "Require unix-utils in path for windows make" This reverts commit `5d46cca09a`. In preparation of merging an external contribution that superseedes this Conflicts: ChangeLog	2015-02-16 15:25:31 +00:00
Manuel Pégourié-Gonnard	f812054d00	Revert "Replace SONAME with SOVERSION in makefile" This reverts commit `418080010a`. In preparation of merging one external contribution that supersedes this.	2015-02-16 15:24:17 +00:00
Mansour Moufid	99b9259f76	Fix whitespace of `369e6c20`.	2015-02-16 10:43:52 +00:00
Mansour Moufid	c531b4af3c	Apply the semantic patch rm-malloc-cast.cocci. for dir in library programs; do spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \ --in-place; done	2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard	d48bf6892c	Write literal byte more clearly	2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard	85fadb749c	Make loop bound more obvious Helps static analyzers and does not decrease human readability.	2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard	6fdc4cae53	Fix potential signedness issue	2015-02-16 09:13:40 +00:00
Mansour Moufid	bd1d44e251	Fix whitespace of `369e6c20`.	2015-02-15 17:51:07 -05:00
Mansour Moufid	369e6c20b3	Apply the semantic patch rm-malloc-cast.cocci. for dir in library programs; do spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \ --in-place; done	2015-02-15 17:49:11 -05:00
Alon Bar-Lev	18ba0cce8b	build: make: support windows cross compile Add WINDOWS_BUILD macro to enable Windows build on *NIX host. Add optional suffix for executables. Fix shared object suffix logic to support multiple suffixes. Fix soname handling to always match output. WINDOWS macro sets WINDOWS_BUILD. WINDOWS_BUILD sets .exe executable suffix. WINDOWS_BUILD shared mode creates dll import library. WINDOWS_BUILD shared mode link against dll. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-02-14 01:20:17 +02:00
Manuel Pégourié-Gonnard	0928640095	Update generated files	2015-02-13 15:18:33 +00:00
Manuel Pégourié-Gonnard	ac1f76c362	Merge remote-tracking branch 'rich/platform' into development * rich/platform: Remove dependency on sscanf in lib x509 Fix extra guard in memory_buffer_alloc rebase from development implemented macro overriding for polarssl_* library functions fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined add initial symbols to config and checks to check_config to allow use of macros to define standard functions reformat and arrange additions to config alphabetically add missing checks to check_config add macro definition of assert using polarssl_exit modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit add POLARSSL_PLATFORM_EXIT_ALT modify scripts/* and tests/* to use polarssl_snprintf modify programs/.c to use polarssl_snprintf modify library/debug.c to use polarssl_snprintf modify library/x509.c to use polarssl_snprintf modify library/net.c to use polarssl_snprintf modify oid.c to use polarssl_snprintf add platform_set_snprintf Conflicts: library/memory_buffer_alloc.c programs/pkey/pk_sign.c programs/pkey/pk_verify.c programs/pkey/rsa_sign_pss.c programs/pkey/rsa_verify_pss.c programs/ssl/ssl_client2.c programs/ssl/ssl_pthread_server.c programs/test/benchmark.c programs/test/ssl_cert_test.c	2015-02-13 15:11:24 +00:00
Rich Evans	7d5a55a365	Remove dependency on sscanf in lib x509	2015-02-13 13:50:26 +00:00
Rich Evans	c8ada6d410	Fix extra guard in memory_buffer_alloc	2015-02-13 13:50:26 +00:00
Rich Evans	77d3638497	modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit	2015-02-13 13:50:26 +00:00
Rich Evans	c39cb4986b	add POLARSSL_PLATFORM_EXIT_ALT	2015-02-13 13:50:26 +00:00
Rich Evans	2387c7d105	modify library/debug.c to use polarssl_snprintf	2015-02-13 13:50:26 +00:00
Rich Evans	fac657fd52	modify library/x509*.c to use polarssl_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	a18b11f285	modify library/net.c to use polarssl_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	8f3a9436a9	modify oid.c to use polarssl_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	46b0a8d15a	add platform_set_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	36796df815	Added missing stdio in lib x509.c needed for sscanf	2015-02-13 13:50:05 +00:00
Rich Evans	d08a605dac	Remove platform guard in mem buffer alloc	2015-02-13 13:50:05 +00:00
Manuel Pégourié-Gonnard	3cfb34564f	Avoid warning from mingw for shared library	2015-02-13 13:34:08 +00:00
Manuel Pégourié-Gonnard	418080010a	Replace SONAME with SOVERSION in makefile - avoids duplication - fixes warning about redefined rule with WINDOWS=1	2015-02-13 13:15:13 +00:00
Manuel Pégourié-Gonnard	5d46cca09a	Require unix-utils in path for windows make	2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard	d72704b0d5	Remove work-around for alleged compiler bug It turns out the problem was with the way the reporter was invoking its toolchain, not the toolchain itself.	2015-02-12 09:38:54 +00:00
Manuel Pégourié-Gonnard	2ee8d24ca2	Simplify some constant-time code Some people recommend using bit operations to avoid the compiler producing a branch on `ret != 0`, but: - this makes the code less readable, - here I got a warning from some compilers about unsigned unary minus - and anyway modern compilers don't produce a branch here, checked on x64 and arm with various -O values.	2015-02-11 15:29:15 +00:00
Manuel Pégourié-Gonnard	06d7519697	Fix msvc warning	2015-02-11 14:54:11 +00:00
Manuel Pégourié-Gonnard	fba22fdc7e	Avoid warning from ar	2015-02-11 14:24:47 +00:00
Manuel Pégourié-Gonnard	6d71e4e6c3	Fix one more warning on windows	2015-02-11 12:54:35 +00:00
Manuel Pégourié-Gonnard	dda5213982	Fix harmless warnings with mingw in timing.c	2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard	38433535e3	Fix hardclock() with mingw64	2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard	a273371fc4	Fix "int vs enum" warnings from armcc v5 enumerated type mixed with another type	2015-02-10 17:34:48 +01:00
Manuel Pégourié-Gonnard	7f84905552	Fix two warnings from armcc v5 assignment in condition	2015-02-10 17:34:35 +01:00
Manuel Pégourié-Gonnard	45ec8da7e5	Fix missing include in i386-specific file	2015-02-10 13:50:47 +00:00
Manuel Pégourié-Gonnard	0c851ee1c8	Fix missing include in non-default things	2015-02-10 12:47:52 +00:00
Rich Evans	ce2f237697	change test function includes to use one convention	2015-02-10 11:28:46 +00:00
Rich Evans	00ab47026b	cleanup library and some basic tests. Includes, add guards to includes	2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard	f7d2bbaa62	Merge branch 'development' into dtls * development: Add missing guards for gnuTLS Prepare for mbed TLS 1.3.10 release Fix potential timing issue in RSA pms handling Conflicts: ChangeLog doxygen/input/doc_mainpage.h doxygen/mbedtls.doxyfile include/polarssl/version.h library/CMakeLists.txt library/ssl_srv.c tests/suites/test_suite_version.data visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw	2015-02-09 11:42:40 +00:00
Paul Bakker	daae3b749b	Prepare for mbed TLS 1.3.10 release	2015-02-08 15:49:54 +01:00
Peter Dettman	ce661b2cb8	Perf: rewrite of ecp_double_jac - Improve optimization for special case A == -3. - Add optimization for special case A == 0. - Use alternative base formula, saving several additions. - Reduce temp variables to 4 (from 6).	2015-02-07 14:43:51 +07:00
Manuel Pégourié-Gonnard	6674cce892	Fix potential timing issue in RSA pms handling	2015-02-06 11:36:56 +00:00
Manuel Pégourié-Gonnard	4eaf8f02bb	Merge branch 'development' into dtls * development: Support composite RDNs in X.509 certs parsing	2015-02-05 11:01:37 +00:00
Manuel Pégourié-Gonnard	555fbf8758	Support composite RDNs in X.509 certs parsing	2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard	3d2c4b70f2	Fix url in new files	2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard	2a0718d947	Merge branch 'development' into dtls * development: (46 commits) Fix url again Fix small bug in base64_encode() Fix depend that was checked but not documented Fix dependency that was not checked Minor gitginore fixes Move some ignore patterns to subdirectories Ignore CMake/MSVC-related build files. Re-categorize changelog entry Fix misattribution Minor nits with stdout/stderr. Add cmake compatibility targets Add script for polarssl symlink creation Fix more stdio inclusion issues Add debug info for cert/suite selection Fix possible portability issue Fix bug in ssl_get_verify_result() aescrypt2.c local char array not initial Update Changelog Fix mips64 bignum implementation Fix usage string of ssl_client2 ... Conflicts: include/polarssl/ssl.h library/CMakeLists.txt library/Makefile programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c visualc/VS2010/PolarSSL.sln visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw	2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard	860b51642d	Fix url again	2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard	65fc6a886a	Fix small bug in base64_encode()	2015-01-28 16:49:26 +00:00
Manuel Pégourié-Gonnard	78dbeeffd3	Minor gitginore fixes	2015-01-28 15:34:01 +00:00
Manuel Pégourié-Gonnard	3f738ca40a	Move some ignore patterns to subdirectories	2015-01-28 15:33:23 +00:00
Manuel Pégourié-Gonnard	2a9c8b62bf	Add cmake compatibility targets	2015-01-28 15:21:25 +00:00
Manuel Pégourié-Gonnard	7cbe1318d8	Fix more stdio inclusion issues	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	607d663b41	Add debug info for cert/suite selection	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	ceedb8292e	Fix possible portability issue The & 0xFF should not be necessary on platforms with 8-bit chars, but one user reported having problems with his compiler on such a platform.	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	e89163c0a8	Fix bug in ssl_get_verify_result()	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	e94e6e5b9c	Fix stdio (non-)inclusion issues.	2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard	9014b6f227	Rename project in CMake TODO: to create symlinks to the old names!	2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard	145422f74d	Make now creates libmbedtls.so with polarssl link	2015-01-27 11:36:50 +01:00
Manuel Pégourié-Gonnard	04a81d5c65	Fix issue in previous commit Even with shared we need to build the static library since programs are using it.	2015-01-27 11:36:41 +01:00
Manuel Pégourié-Gonnard	acdb9b9525	Fix unchecked error code on Windows	2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard	cfa9a45dd6	Rename in cmake help strings	2015-01-23 13:33:31 +00:00
Manuel Pégourié-Gonnard	c26a092b50	Rename static lib name with make	2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard	c5d68e5b70	Fix dependency declaration	2015-01-23 12:37:21 +00:00
Manuel Pégourié-Gonnard	dba564bc79	Fix files that are not in development	2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard	df6411d8d8	Merge branch 'development' into dtls * development: Fix website url to use https. Remove maintainer line. Remove redundant "all rights reserved"	2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard	085ab040aa	Fix website url to use https.	2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard	9698f5852c	Remove maintainer line.	2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard	19f6b5dfaa	Remove redundant "all rights reserved"	2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard	a34aa70b23	Update version_features	2015-01-23 10:27:36 +00:00
Manuel Pégourié-Gonnard	177b73045a	Regenerate version_features	2015-01-23 10:26:11 +00:00
Manuel Pégourié-Gonnard	eab72e2ced	Merge branch 'development' into dtls * development: Update copyright Fix issue in compat.sh Rename doxyfile Rename to mbed TLS in tests/ Rename to mbed TLS in examples Remove old test certificates. Rename to mbed TLS in the documentation/comments Change name to mbed TLS in the copyright notice Conflicts: doxygen/input/doc_mainpage.h doxygen/mbedtls.doxyfile include/polarssl/version.h tests/compat.sh	2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard	a658a4051b	Update copyright	2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard	b4fe3cb1fa	Rename to mbed TLS in the documentation/comments	2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard	967a2a5f8c	Change name to mbed TLS in the copyright notice	2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard	3a173f497b	Merge branch 'development' into dtls * development: Fix error code description. generate_errors.pl now errors on duplicate codes Avoid nested if's without braces. Move renego SCSV after actual ciphersuites Fix send_close_notify usage. Rename variable for clarity Improve script portability Conflicts: library/ssl_srv.c programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard	11c919208d	Fix error code description.	2015-01-22 13:22:12 +00:00
Manuel Pégourié-Gonnard	59c6f2ef21	Avoid nested if's without braces. Creates a potential for confusing code if we later want to add an else clause.	2015-01-22 11:06:40 +00:00
Manuel Pégourié-Gonnard	5d9cde25da	Move renego SCSV after actual ciphersuites	2015-01-22 10:49:41 +00:00
Manuel Pégourié-Gonnard	67505bf9e8	Merge branch 'development' into dtls * development: Adapt tests to new defaults/errors. Fix typos/cosmetics in Changelog Disable RC4 by default in example programs. Add ssl_set_arc4_support() Set min version to TLS 1.0 in programs Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c tests/compat.sh	2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard	bfccdd3c92	Merge commit '36adc36' into dtls * commit '36adc36': Add support for getrandom() Use library default for trunc-hmac in ssl_client2 Make truncated hmac a runtime option server-side Fix portability issue in script Specific error for suites in common but none good Prefer SHA-1 certificates for pre-1.2 clients Some more refactoring/tuning. Minor refactoring Conflicts: include/polarssl/error.h include/polarssl/ssl.h library/error.c	2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard	0017c2be48	Merge commit '9835bc0' into dtls * commit '9835bc0': Fix racy test. Fix stupid error in previous commit Don't check errors on ssl_close_notify() Fix char signedness issue Fix issue with non-blocking I/O & record splitting Fix warning Conflicts: programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard	8fbb01ec84	Merge commit 'b2eaac1' into dtls * commit 'b2eaac1': Stop assuming chars are signed Add tests for CBC record splitting Fix tests that were failing with record splitting Allow disabling record splitting at runtime Add 1/n-1 record splitting Enhance doc on ssl_write() Conflicts: include/polarssl/ssl.h programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard	b89c4f35a1	Fixes for the renego-option merge	2015-01-21 13:24:10 +00:00
Manuel Pégourié-Gonnard	0af1ba3521	Merge commit 'f6080b8' into dtls * commit 'f6080b8': Fix warning in reduced configs Adapt to "negative" switch for renego Add tests for periodic renegotiation Make renego period configurable Auto-renegotiate before sequence number wrapping Update Changelog for compile-option renegotiation Switch from an enable to a disable flag Save 48 bytes if SSLv3 is not defined Make renegotiation a compile-time option Add tests for renego security enforcement Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard	edb7ed3a43	Merge commit 'd7e2483' into dtls * commit 'd7e2483': (57 commits) Skip signature_algorithms ext if PSK only Fix bug in ssl_client2 reconnect option Cosmetics in ssl_server2 Improve debugging message. Fix net_usleep for durations greater than 1 second Use pk_load_file() in X509 Create ticket keys only if enabled Fix typo in #ifdef Clarify documentation a bit Fix comment on resumption Update comment from draft to RFC Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c Add recursion.pl to all.sh Allow x509_crt_verify_child() in recursion.pl Set a compile-time limit to X.509 chain length Fix 3DES -> DES in all.sh (+ time estimates) Add curves.pl to all.sh Rework all.sh to use MSan instead of valgrind Fix depends on individual curves in tests Add script to test depends on individual curves ... Conflicts: CMakeLists.txt programs/ssl/ssl_client2.c	2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard	f9c8a606b5	Merge commit '8b9bcec' into dtls * commit '8b9bcec': Stop assuming chars are signed Fix len miscalculation in buffer-based allocator Fix NULL dereference in buffer-based allocator Add test_suite_memory_buffer_alloc Add memory_buffer_alloc_self_test() Fix missing bound check Add test for ctr_drbg_update() input sanitizing Refactor for clearer correctness/security Stop assuming chars are signed Conflicts: library/ssl_tls.c	2015-01-20 16:38:39 +00:00
Paul Bakker	5b8f7eaa3e	Merge new security defaults for programs (RC4 disabled, SSL3 disabled)	2015-01-14 16:26:54 +01:00
Paul Bakker	36adc3631c	Merge support for getrandom() call	2015-01-14 16:19:59 +01:00
Paul Bakker	c82b7e2003	Merge option to disable truncated hmac on the server-side	2015-01-14 16:16:55 +01:00
Paul Bakker	e522d0fa57	Merge smarter certificate selection for pre-TLS-1.2 clients	2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard	a852cf4833	Fix issue with non-blocking I/O & record splitting	2015-01-13 20:56:15 +01:00
Manuel Pégourié-Gonnard	d5746b36f9	Fix warning	2015-01-13 20:33:24 +01:00
Paul Bakker	f3561154ff	Merge support for 1/n-1 record splitting	2015-01-13 16:31:34 +01:00
Paul Bakker	f6080b8557	Merge support for enabling / disabling renegotiation support at compile-time	2015-01-13 16:18:23 +01:00
Paul Bakker	d7e2483bfc	Merge miscellaneous fixes into development	2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard	5dd28ea432	Fix len miscalculation in buffer-based allocator	2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard	547ff6618f	Fix NULL dereference in buffer-based allocator	2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard	5ba1d52f96	Add memory_buffer_alloc_self_test()	2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard	5cb4b31057	Fix missing bound check	2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard	bd47a58221	Add ssl_set_arc4_support() Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting.	2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard	352143fa1e	Refactor for clearer correctness/security	2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard	f3c500fe47	Fix bug on OS X (BSD?) in net_accept() for UDP	2015-01-12 19:02:15 +01:00
Manuel Pégourié-Gonnard	18292456c5	Add support for getrandom()	2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard	e117a8fc0d	Make truncated hmac a runtime option server-side Reading the documentation of ssl_set_truncated_hmac() may give the impression I changed the default for clients but I didn't, the old documentation was wrong.	2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard	f01768c55e	Specific error for suites in common but none good	2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard	df331a55d2	Prefer SHA-1 certificates for pre-1.2 clients	2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard	6458e3b743	Some more refactoring/tuning.	2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard	846ba473af	Minor refactoring	2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard	cfa477ef2f	Allow disabling record splitting at runtime	2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard	d76314c44c	Add 1/n-1 record splitting	2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard	d94232389e	Skip signature_algorithms ext if PSK only	2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard	eaecbd3ba8	Fix warning in reduced configs	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	837f0fe831	Make renego period configurable	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	b445805283	Auto-renegotiate before sequence number wrapping	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	6186019d5d	Save 48 bytes if SSLv3 is not defined	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	615e677c0b	Make renegotiation a compile-time option	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	60346be2a3	Improve debugging message. This actually prints only the payload, not the potential IV and/or MAC, so (to me at least) it's much less confusing	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	e423246e7f	Fix net_usleep for durations greater than 1 second	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	9439f93ea4	Use pk_load_file() in X509 Saves a bit of ROM. X509 depends on PK anyway.	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	2457fa0915	Create ticket keys only if enabled	2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard	d16d1cb96a	Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c	2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard	fd6c85c3eb	Set a compile-time limit to X.509 chain length	2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard	6ed2d92629	Make x509_crl_parse() iterative	2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard	426d4ae7ff	Split x509_crl_parse_der() out of x509_crl_parse()	2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard	8c9223df84	Add text view to debug_print_buf()	2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard	0975ad928d	Merge branch 'etm' into dtls * etm: Fix some more warnings in reduced configs Fix typo causing MSVC errors	2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard	8e4b3374d7	Fix some more warnings in reduced configs	2014-11-17 15:06:13 +01:00
Manuel Pégourié-Gonnard	98aa19148c	Adjust warnings in different modes	2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard	e5b0fc1847	Make malloc-init script a bit happier	2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard	f631bbc1da	Make x509_string_cmp() iterative	2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard	8a5e3d4a40	Forbid repeated X.509 extensions	2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard	d681443f69	Fix potential stack overflow	2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard	b134060f90	Fix memory leak with crafted X.509 certs	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	0369a5291b	Fix uninitialised pointer dereference	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	e959979621	Fix ECDSA sign buffer size	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	b31b61b9e8	Fix potential undefined behaviour in Camellia	2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard	7c13d69cb5	Fix dependency issues	2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard	a1efcb084f	Implement pk_check_pair() for RSA-alt	2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard	27e3edbe2c	Check key/cert pair in ssl_set_own_cert()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	70bdadf54b	Add pk_check_pair()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	30668d688d	Add ecp_check_pub_priv()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	2f8d1f9fc3	Add rsa_check_pub_priv()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	e10e06d863	Blind RSA operations even without CRT	2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard	d056ce0e3e	Use seq_num as AEAD nonce by default	2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard	f9d778d635	Merge branch 'etm' into dtls * etm: Fix warning in reduced config Update Changelog for EtM Keep EtM state across renegotiations Adjust minimum length for EtM Don't send back EtM extension if not using CBC Fix for the RFC erratum Implement EtM Preparation for EtM Implement initial negotiation of EtM Conflicts: include/polarssl/check_config.h	2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard	56d985d0a6	Merge branch 'session-hash' into dtls * session-hash: Update Changelog for session-hash Make session-hash depend on TLS versions Forbid extended master secret with SSLv3 compat.sh: allow git version of gnutls compat.sh: make options a bit more robust Implement extended master secret Add negotiation of Extended Master Secret Conflicts: include/polarssl/check_config.h programs/ssl/ssl_server2.c	2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard	9d7821d774	Fix warning in reduced config	2014-11-06 01:19:52 +01:00
Manuel Pégourié-Gonnard	fedba98ede	Merge branch 'fb-scsv' into dtls * fb-scsv: Update Changelog for FALLBACK_SCSV Implement FALLBACK_SCSV server-side Implement FALLBACK_SCSV client-side	2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard	1a03473576	Keep EtM state across renegotiations	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	b575b54cb9	Forbid extended master secret with SSLv3	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	169dd6a514	Adjust minimum length for EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	78e745fc0a	Don't send back EtM extension if not using CBC	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	08558e5b46	Fix for the RFC erratum	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	313d796e80	Implement EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	0098e7dc70	Preparation for EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	699cafaea2	Implement initial negotiation of EtM Not implemented yet: - actually using EtM - conditions on renegotiation	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	01b2699198	Implement FALLBACK_SCSV server-side	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	ada3030485	Implement extended master secret	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	1cbd39dbeb	Implement FALLBACK_SCSV client-side	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	367381fddd	Add negotiation of Extended Master Secret (But not the actual thing yet.)	2014-11-05 16:00:49 +01:00
Paul Bakker	f2a459df05	Preparation for PolarSSL 1.4.0	2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard	6b875fc7e5	Fix potential memory leak (from clang-analyzer)	2014-10-21 16:33:00 +02:00
Manuel Pégourié-Gonnard	df3acd82e2	Limit HelloRequest retransmission if not enforced	2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard	26a4cf63ec	Add retransmission of HelloRequest	2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard	74a1378175	Avoid false positive in ssl-opt.sh with memcheck	2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard	8e704f0f74	DTLS depends on TIMING_C for now	2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard	b0643d152d	Add ssl_set_dtls_badmac_limit()	2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard	9b35f18f66	Add ssl_get_record_expansion()	2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard	37e08e1689	Fix max_fragment_length with DTLS	2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard	23cad339c4	Fail cleanly on unhandled case	2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard	fc572dd4f6	Retransmit only on last message from prev flight Be a good network citizen, try to avoid causing congestion by causing a retransmission explosion.	2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard	8a7cf2543a	Add a few #ifdefs	2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard	ba958b8bdc	Add test for server-initiated renego Just assuming the HelloRequest isn't lost for now	2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard	46fb942046	Fix warning about function that should be static	2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard	f1e9b09a0c	Fix missing #ifdef's	2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard	4e2f245752	Fix timer issues - timer not firing when constantly receiving bad messages - timer not reset on failed reads - timer incorrectly restarted on resend during read	2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard	df9a0a8460	Drop unexpected ApplicationData This is likely to happen on resumption if client speaks first at the application level.	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	6b65141718	Implement ssl_read() timeout (DTLS only for now)	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	2707430a4d	Fix types and comments about read_timeout	2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard	6c1fa3a184	Fix misplaced initialisation of timeout	2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard	c8d8e97cbd	Move to milliseconds in recv_timeout()	2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard	905dd2425c	Add ssl_set_handshake_timeout()	2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard	0ac247fd88	Implement timeout back-off (fixed range for now)	2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard	579950c2bb	Fix bug with non-blocking I/O and cookies	2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard	7de3c9eecb	Count timeout per flight, not per message	2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard	db2858ce96	Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.	2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard	08a1d4bce1	Fix bug with client auth with DTLS	2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard	23b7b703aa	Fix issue with renego & resend	2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard	f03c7aa469	Add replay detection in parse_client_hello()	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	2739313cea	Make anti-replay a runtime option	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	8464a46b6b	Make DTLS_ANTI_REPLAY depends on PROTO_DTLS	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	246c13a05f	Fix epoch checking	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	b47368a00a	Add replay detection	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	4956fd7437	Test and fix anti-replay functions	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	7a7e140d4e	Add functions for replay protection	2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard	ea22ce577e	Rm unneeded counter increment with DTLS	2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard	abf16240dd	Add ability to resend last flight	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	cd32a50d67	Fix NewSesssionTicket vs ChangeCipherSpec bug Since we were cheating on state, ssl_read_record() wasn't able to drop out-of-sequence ChangeCipherSpec messages. Cheat a bit less.	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	767c69561b	Drop out-of-sequence ChangeCipherSpec messages	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	93017de47e	Minor optim: don't resend on duplicated HVR	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	c715aed744	Fix epoch swapping	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	6a2bdfaf73	Actually resend flights	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	5d8ba53ace	Expand and fix resend infrastructure	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	ffa67be698	Infrastructure for buffering & resending flights	2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard	9d9b003a9a	Add net_recv_timeout()	2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard	8fa6dfd560	Introduce f_recv_timeout callback	2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard	e6bdc4497c	Merge I/O contexts into one	2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard	f4acfe1808	Document previous API changes in this branch	2014-10-21 16:32:23 +02:00
Manuel Pégourié-Gonnard	d92d6a1b5b	ssl_parse_server_key_exchange() cleanups	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	5ee96546de	Add length checks in parse_certificate_verify()	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	72226214b1	Merge checks in ssl_parse_certificate_verify()	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	ca6440b246	Small cleanups in parse_finished()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	624bcb5260	No memmove: done, rm temporary things	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	000d5aec13	No memmove: parse_new_session_ticket()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	0b3400dafa	No memmove: ssl_parse_server_hello()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	069eb79043	No memmove: ssl_parse_hello_verify_request()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	04c1b4ece1	No memmove: certificate_request + server_hello_done	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	f4830b5092	No memmove: ssl_parse_server_key_exchange()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	4528f3f5c0	No memmove: parse_certificate_verify()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	2114d724dc	No memmove: ssl_parse_client_key_exchange()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	f49a7daa1a	No memmove: ssl_parse_certificate()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	4abc32734e	No memmove: ssl_parse_finished()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	f899583f94	Prepare moving away from memmove() on incoming HS	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	4a1753657c	Fix missing return in error check	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	19d438f4ff	Get rid of memmove for DTLS in parse_client_hello()	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	63eca930d7	Drop invalid records with DTLS	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	167a37632d	Split two functions out of ssl_read_record()	2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard	990f9e428a	Handle late handshake messages gracefully	2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard	60ca5afaec	Drop records from wrong epoch	2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard	1aa586e41d	Check handshake message_seq field	2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard	9d1d7196e4	Check length before reading handshake header	2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard	d9ba0d96b6	Prepare for checking incoming handshake seqnum	2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard	ac03052f22	Fix segfault with some very short fragments	2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard	64dffc5d14	Make handshake reassembly work with openssl	2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard	502bf30fb5	Handle reassembly of handshake messages Works only with GnuTLS for now, OpenSSL packs other records in the same datagram after the last fragmented one, which we don't handle yet. Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with valgrind that gnutls-serv retransmits some messages, and we don't handle duplicated messages yet.	2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard	ed79a4bb14	Prepare for DTLS handshake reassembly	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	edcbe549fd	Reorder checks in ssl_read_record	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	0557bd5fa4	Fix message_seq with server-initiated renego	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	c392b240c4	Fix server-initiated renegotiation with DTLS	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	30d16eb429	Fix client-initiated renegotiation with DTLS	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	b35fe5638a	Fix HelloVerifyRequest version handling	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	562eb787ec	Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	bef8f09899	Make cookie timeout configurable	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	e90308178f	Add timestamp/serial to cookies, with timeout	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	445a1ec6cd	Change internal names	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	29ad7e8fc0	Add check for missing ssl_set_client_transport_id()	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	a64acd4f84	Add separate SSL_COOKIE_C define	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	7d38d215b1	Allow disabling HelloVerifyRequest	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	e4de06145a	Fix cookie context usage	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	232edd46be	Move cookie callbacks implementation to own module	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	d485d194f9	Move to a callback interface for DTLS cookies	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	d7f9bc5091	Refactor cookie to prepare for external callbacks Also adds flexibility to the verification process.	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	82202f0a9c	Make DTLS_HELLO_VERIFY a compile option	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	98545f128a	Generate random key for HelloVerifyRequest	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	dd3cdb0fbc	Start using client IP in HelloVerifyRequest Dummy fixed key for now.	2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard	43c021874d	Add ssl_set_client_transport_id()	2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard	fb2d22371f	Reuse random when responding to a verify request	2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard	b760f001d7	Extract generate client random to a function	2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard	2c9ee81f6e	Start adding srv support for hello verify request Dummy fixed content for now. Also, seems to be a race condition in the way the socket is closed and reopened, leading to a few "random" failures in compat.sh. A fix is planned for later.	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	a0e1632b79	Do not use compression with DTLS	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	5d53cbef3a	Fix length check in ssl_write_ticket()	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	879a4f9623	Abort on DTLS epoch wrap	2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard	805e2300af	Fix error message and return code	2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard	67427c07b2	Fix checksum computation with HelloVerifyRequest	2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard	74848811b4	Implement HelloVerifyRequest on client	2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard	b2f3be8757	Support multiple records in one datagram	2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard	34c1011b3d	Fix a few warnings in reduced configs	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	fe98aceb70	Adapt ssl_fetch_input() for UDP	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	f5a1312eaa	Add UDP support to the NET module	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	d6b721c7ee	More ssl_parse_client_hello() adjustments	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	4128aa71ee	Add the 'cookie' field of DTLS ClientHello	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	8933a65d5c	Rework ssl_parse_client_hello() a bit - make it more linear - check lengths better - prepare for optional "cookie" field	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	e89bcf05da	Write new DTLS handshake fields correctly	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	ce441b3442	Add space for new DTLS fields in handshake	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	a59543af30	Minor refactoring in ssl_read_record()	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	f302fb52e1	Fix hmac computation for DTLS	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	5afb167e2c	Implement DTLS epochs	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	0619348288	Add explicit counter in DTLS record header	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	507e1e410a	Prep: allow {in,out}_len != {in,out}_hdr + 3	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	7ee6f0e6e5	Preparation: allow {in,out}_ctr != {in,out}_buf	2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard	abc7e3b4ba	Handle DTLS version encoding and fix some checks	2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard	864a81fdc0	More ssl_set_XXX() functions can return BAD_INPUT	2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard	b21ca2a69f	Adapt version-handling functions to DTLS	2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard	d66645130c	Add a ciphersuite NODTLS flag	2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard	0b1ff29328	Add basic flags for DTLS	2014-10-21 16:30:03 +02:00
Paul Bakker	82788fb63b	Fix minor style issues	2014-10-20 13:59:19 +02:00
Paul Bakker	9eac4f7c4e	Prepare for release 1.3.9	2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard	f7cdbc0e87	Fix potential bad read of length	2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard	ef9a6aec51	Allow comparing name with mismatched encodings	2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard	88421246d8	Rename a function	2014-10-17 12:42:30 +02:00
Manuel Pégourié-Gonnard	43c3b28ca6	Fix memory leak with crafted ClientHello	2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard	5d8618539f	Fix memory leak while parsing some X.509 certs	2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard	64938c63f0	Accept spaces at end of line/buffer in base64	2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard	7f4ed67a97	Fix compile error with armcc in mpi_is_prime()	2014-10-15 22:06:46 +02:00
Paul Bakker	5a5fa92bfe	x509_crt_parse() did not increase total_failed on PEM error Result was that PEM errors in files with multiple certificates were not detectable by the user.	2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard	480905d563	Fix selection of hash from sig_alg ClientHello ext.	2014-08-30 14:19:59 +02:00
Sander Niemeijer	ef5087d150	Added explicit casts to prevent compiler warnings when trying to build for iOS	2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard	8ef7088bb9	Use polarssl_zeroize() in asn1parse too	2014-08-21 18:15:09 +02:00
Peter Vaskovic	a676acf66b	Fix missing curly braces.	2014-08-21 17:56:25 +02:00
Manuel Pégourié-Gonnard	a13500fdf7	Fix bug with ssl_close_notify and non-blocking I/O	2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard	44ade654c5	Implement (partial) renego delay on client	2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard	f07f421759	Fix server-initiated renego with non-blocking I/O	2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard	6591962f06	Allow delay on renego on client Currently unbounded: will be fixed later	2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard	f26a1e8602	ssl_read() stops returning non-application data	2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard	55e4ff2ace	Tune comments	2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard	462906f955	Do no test net_usleep() when not defined	2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard	192253aaa9	Fix buffer size in pk_write_*_pem()	2014-08-14 11:34:35 +02:00
Alfred Klomp	b308dd72d9	timing.c: avoid referencing garbage value Found with Clang's `scan-build` tool. When get_timer() is called with `reset` set to 1, the value of t->start.tv_sec is used as a rvalue without being initialized first. This is relatively harmless because the result of get_timer() is not used by the callers when called in "reset mode". However, scan-build prints a warning. Silence the warning by only calculating the delta on non-reset runs, returning zero otherwise.	2014-08-14 11:34:35 +02:00
Alfred Klomp	7ee55624fb	gcm.c: remove dead store Found with Clang's `scan-build` tool. The value written to `hi` is never used, resulting in a warning. Remove the dead store to get rid of the warning.	2014-08-14 11:34:35 +02:00
Alfred Klomp	1b4eda3af9	pkcs5.c: fix dead store: return proper exit status Found with Clang's `scan-build` tool. The error value assigned to `ret` is not returned, meaning that the selftest always succeeds. Ensure the error value is propagated back to the caller.	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	8d77eeeaf6	Fix integer suffix rejected by some MSVC versions	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	9a6b442cee	Fix non-blocking sockets in net_accept()	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	a04fa4fa04	RSA-PSK key exchange requires TLS 1.x It's not clear if, with SSL3, one should include send the two length bytes for EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	8d4ad07706	SHA-2 ciphersuites now require TLS 1.x	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	2fbf311391	Fix dependency issue in memory_buffer_alloc	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	97884a31cb	Fix printf format warnings in memory_buffer_alloc	2014-08-14 11:34:33 +02:00
Manuel Pégourié-Gonnard	86bbc7fc30	Fix typo causing compile error with NULL cipher	2014-08-14 11:34:33 +02:00
Paul Bakker	8dcb2d7d7e	Support escaping of commas in x509_string_to_names()	2014-08-11 11:59:52 +02:00
Paul Bakker	21e081b068	Prevent (incorrect) compiler warning	2014-07-24 10:38:01 +02:00
Paul Bakker	6c343d7d9a	Fix mpi_write_string() to write "00" as hex output for empty MPI	2014-07-10 15:27:10 +02:00
Paul Bakker	5b11d026cd	Fix dependencies and includes without FS_IO and PLATFORM_C	2014-07-10 15:27:10 +02:00
Manuel Pégourié-Gonnard	b196fc23b1	Fix dhm_selftest() return value	2014-07-09 16:53:29 +02:00
Paul Bakker	968afaa06f	ssl_key_cert not available in all configurations	2014-07-09 11:34:48 +02:00
Paul Bakker	ec3a617d40	Make ready for release of 1.3.8 and soversion 7	2014-07-09 10:21:28 +02:00
Paul Bakker	84bbeb58df	Adapt cipher and MD layer with _init() and _free()	2014-07-09 10:19:24 +02:00
Paul Bakker	accaffe2c3	Restructure ssl_handshake_init() and small fixes	2014-07-09 10:19:24 +02:00
Paul Bakker	a317a98221	Adapt programs / test suites	2014-07-09 10:19:24 +02:00
Paul Bakker	8f870b047c	Add dhm_init()	2014-07-09 10:19:23 +02:00
Paul Bakker	fff0366bba	Add ctr_drbg_free()	2014-07-09 10:19:23 +02:00
Paul Bakker	5b4af39a36	Add _init() and _free() for hash modules	2014-07-09 10:19:23 +02:00
Paul Bakker	c7ea99af4f	Add _init() and _free() for cipher modules	2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard	d27680bd5e	Clarify code using PSK callback	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	0698f7c21a	Rm duplicate entry in oid_md_alg	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	14beb08542	Fix missing const	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	ba782bbc4b	Save some space in ECP curve tables	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	67dbe1ef44	Better length checking in ecp_point_read_binary()	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	08e81e0c8f	Change selection of hash algorithm for TLS 1.2	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	bd77254b18	md_list() starting with strongest hash	2014-07-08 13:03:02 +02:00
Paul Bakker	8fb99abaac	Merge changes for leaner memory footprint	2014-07-04 15:02:19 +02:00
Paul Bakker	b9e08b086b	Merge server-side enforced renegotiation requests	2014-07-04 15:01:37 +02:00
Paul Bakker	d598318661	Fix base64_decode() to return and check length correctly	2014-07-04 15:01:00 +02:00
Manuel Pégourié-Gonnard	481fcfde93	Make PSK_LEN configurable and adjust PMS size	2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard	dfc7df0bec	Add SSL_CIPHERSUITES config option	2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard	a9964dbcd5	Add ssl_set_renegotiation_enforced()	2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard	791684c058	Save RAM when only a few ciphersuites are defined	2014-06-30 19:07:01 +02:00
Manuel Pégourié-Gonnard	31855456f9	Fix clang's check mode again	2014-06-25 15:59:50 +02:00
Manuel Pégourié-Gonnard	bee8ded03a	Fix warning depending on configuration	2014-06-25 12:22:59 +02:00
Manuel Pégourié-Gonnard	01edb1044c	Add POLARSSL_REMOVE_RC4_CIPHERSUITES	2014-06-25 11:27:59 +02:00
Paul Bakker	2a45d1c8bb	Merge changes to config examples and configuration issues	2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard	dd0c0f33c0	Better usage of dhm_calc_secret in SSL	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	8df68632e8	Fix bug in DHE-PSK PMS computation	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	5c1f032653	Abort handshake if no point format in common	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	fd35af1579	Fix off-by-one error in point format parsing	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	87a8ffeaba	Padlock asm using \n\t too	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	0534fd4c1a	Change asm format to \n\t in aesni.c too	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	03576887c2	Remove misplaced debugging message	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	42b5374523	Switch CCM and GCM in default suite order The upcoming BCP document recommends GCM as the default.	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	d249b7ab9a	Restore ability to trust non-CA selfsigned EE cert	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	c4eff16516	Restore ability to use v1 CA if trusted locally	2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard	eaa76f7e20	Fix computation of minlen for encrypted packets	2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard	e800cd81d7	Re-arrange some code in ssl_derive_keys()	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	b46e6adb9c	Check input lengths in GCM	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	0bcc4e1df7	Fix length checking for AEAD ciphersuites	2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard	66e20c6318	Fix warning and typo->error.	2014-06-24 17:47:40 +02:00
Manuel Pégourié-Gonnard	ac2ccf897c	Fix CCM ciphersuites definition: PSK <-> DHE-PSK!	2014-06-24 15:48:01 +02:00
Manuel Pégourié-Gonnard	8f625632bb	Fix dependencies: GCM != AEAD != CCM	2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard	5bfd968e01	Fix warning with TLS 1.2 without RSA or ECDSA	2014-06-24 15:18:11 +02:00
Paul Bakker	1c98ff96b5	Merge more test improvements and tests Conflicts: tests/suites/test_suite_cipher.blowfish.data	2014-06-24 11:12:00 +02:00
Paul Bakker	91c301abbe	Zeroize values in PKCS#12 operations	2014-06-24 11:09:39 +02:00
Manuel Pégourié-Gonnard	398c57b0b3	Blowfish accepts variable key len in cipher layer	2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard	f3b47243df	Split x509_csr_parse_der() out of x509_csr_parse()	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	4d2a8eb6ff	SSL modules now using x509_crt_parse_der() Avoid uselessly trying to decode PEM.	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	b912616081	Rm unused functions in cipher_wrap You can't initialise a context with DES_CFB or DES_CTR.	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	1c082f34f3	Update description and references for X.509 files	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	edc3ab20e2	Small cleanup: less side-effects pkcs5_parse_pbkdf2_params() used to modify params.p, which does not look clean, even if the function is static and params.p isn't use afterwards.	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	90dac90f53	Small code simplification in pkcs5_pbes2()	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	66aca931bc	Add tests for pkcs5_pbes2	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	2a8afa98e2	pkcs5_self_test depends on SHA1	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	f3e5c22f4d	Refactor x509_string_to_names(): data in a table	2014-06-23 11:52:58 +02:00
Manuel Pégourié-Gonnard	81754a0c35	Create a 'flags' field in cipher_info	2014-06-23 11:33:18 +02:00
Paul Bakker	66d5d076f7	Fix formatting in various code to match spacing from coding style	2014-06-17 17:06:47 +02:00
Paul Bakker	db20c10423	Add #endif comments for #endif more than 10 lines from #if / #else	2014-06-17 14:34:44 +02:00
Paul Bakker	d8bb82665e	Fix code styling for return statements	2014-06-17 14:06:49 +02:00
Paul Bakker	3461772559	Introduce polarssl_zeroize() instead of memset() for zeroization	2014-06-14 16:46:03 +02:00
Paul Bakker	14877e6250	Remove unused 'ret' variable	2014-06-12 23:01:18 +02:00
Paul Bakker	c2ff2083ee	Merge parsing and verification of RSASSA-PSS in X.509 modules	2014-06-12 22:02:47 +02:00
Paul Bakker	508e573231	Merge tests for asn1write, XTEA and Entropy modules	2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard	3ac6a2b9a7	Same as previous commit with Camellia	2014-06-12 21:16:02 +02:00
Manuel Pégourié-Gonnard	afd5a08e33	Minor tune-up in aes code un-duplicate a check, and remove useless default case, mainly so that these lines don't appear as uncovered	2014-06-12 21:15:55 +02:00
Manuel Pégourié-Gonnard	e1ac0f8c5d	Add back timing selftest with new hardclock test	2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard	7792198a46	Normalize some error messages	2014-06-12 21:15:44 +02:00
Manuel Pégourié-Gonnard	4dd73925ab	Add entropy_self_test()	2014-06-10 15:38:43 +02:00
Paul Bakker	d6917f0eb3	Add LINK_WITH_PTHREAD to CMakeList for explicitly adding pthread linking	2014-06-09 23:46:41 +02:00
Manuel Pégourié-Gonnard	d1539b1e88	Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT	2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard	88aa6e0b58	Fix potential memory leak in RSASSA-PSS verify	2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard	0eaa8beb36	Fix signedness warning	2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard	53882023e7	Also verify CRLs signed with RSASSA-PSS	2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard	46db4b070c	Use pk_verify_ext() in x509_crt.c	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	bf696d030b	Make sig_opts non-optional in X509 structures This simplifies the code.	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	dddbb1d1eb	Rm sig_params from various X509 structures	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	9113603b6b	Use sig_opts in x509_sig_alg_gets()	2014-06-05 15:41:39 +02:00
Manuel Pégourié-Gonnard	f75f2f7c46	Add sig_opts member to X509 structures	2014-06-05 15:14:59 +02:00
Manuel Pégourié-Gonnard	20422e9a3a	Add pk_verify_ext()	2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard	5ec628a2b9	Add rsa_rsassa_pss_verify_ext()	2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard	920e1cd5e2	Add basic PSS cert verification Still todo: - handle MGF-hash != sign-hash - check effective salt len == announced salt len - add support in the PK layer so that we don't have to bypass it here	2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard	e6d1d82b66	Relax checks on RSA mode for public key operations	2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard	78117d57b0	Consider trailerField a constant	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	cac31eed9e	Factor common code for printing sig_alg	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	cf975a3857	Factor out some common code	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	39868ee301	Parse CSRs signed with RSASSA-PSS	2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard	8e42ff6bde	Parse CRLs signed with RSASSA-PSS	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	9df5c96214	Fix dependencies	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	9c9cf5b51e	More checks for length match in rsassa-pss params	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	e76b750b69	Finish parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	f346bab139	Start parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	59a75d5b9d	Basic parsing of certs signed with RSASSA-PSS	2014-06-02 16:10:29 +02:00
Peter Vaskovic	7015de7e67	Fix WSAStartup return value check. SOCKET_ERROR was not a valid return value. WSAStartup returns 0 on success, so check that instead.	2014-05-28 11:40:51 +02:00
Paul Bakker	14b16c62e9	Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker) Move strlen out of for loop. Remove redundant null checks before free.	2014-05-28 11:34:33 +02:00
Peter Vaskovic	8ebfe084ab	Fix minor format string inconsistency.	2014-05-28 11:12:51 +02:00
Peter Vaskovic	c2bbac968b	Fix misplaced parenthesis.	2014-05-28 11:06:31 +02:00
Peter Vaskovic	541529e770	Remove unused arrays.	2014-05-28 11:04:48 +02:00
Paul Bakker	b5212b436f	Merge CCM cipher mode and ciphersuites Conflicts: library/ssl_tls.c	2014-05-22 15:30:31 +02:00
Paul Bakker	0f651c7422	Stricter check on SSL ClientHello internal sizes compared to actual packet size	2014-05-22 15:12:19 +02:00
Brian White	12895d15f8	Fix less-than-zero checks on unsigned numbers	2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard	82a5de7bf7	Enforce alignment even if buffer is not aligned	2014-05-22 13:52:49 +02:00
Manuel Pégourié-Gonnard	fe671f4aeb	Add markers around generated code in error.c	2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard	8ff17c544c	Add missing DEBUG_RET on cipher failures	2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard	61edffef28	Normalize "should never happen" messages/errors	2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard	2e5ee32033	Implement CCM and CCM_8 ciphersuites	2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard	5efd772ef0	Small readability improvement	2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard	6768da9438	Register CCM ciphersuites (not implemented yet)	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	41936957b3	Add AES-CCM and CAMELLIA-CCM to the cipher layer	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	de7bb44004	Use cipher_auth_{en,de}crypt() in ssl_tls.c	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	4562ffe2e6	Add cipher_auth_{en,de}crypt()	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	8764d271fa	Use cipher_crypt() in ssl_tls.c	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	3c1d150b3d	Add cipher_crypt()	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	0f6b66dba1	CCM operations allow input == output	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	aed6065793	CCM source cosmetics/tune-ups - source a bit shorter - generated code slightly smaller - preserving performance	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	ce77d55023	Implement ccm_auth_decrypt()	2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard	002323340a	Refactor to prepare for CCM decryption	2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard	637eb3d31d	Add ccm_encrypt_and_tag()	2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard	9fe0d13e8d	Add ccm_init/free()	2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard	a6916fada8	Add (placeholder) CCM module	2014-05-06 11:28:09 +02:00
Paul Bakker	5593f7caae	Fix typo in debug_print_msg()	2014-05-06 10:29:28 +02:00
Paul Bakker	da13016d84	Prepped for 1.3.7 release	2014-05-01 14:27:19 +02:00
Paul Bakker	c37b0ac4b2	Fix typo in bignum.c	2014-05-01 14:19:23 +02:00
Paul Bakker	b9e4e2c97a	Fix formatting: fix some 'easy' > 80 length lines	2014-05-01 14:18:25 +02:00
Paul Bakker	9af723cee7	Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)	2014-05-01 13:03:14 +02:00
Paul Bakker	c3f89aa26c	Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result)	2014-05-01 10:56:03 +02:00
Paul Bakker	9bb04b6389	Removed redundant code in mpi_fill_random()	2014-05-01 09:47:02 +02:00
Paul Bakker	2ca1dc8958	Updated error.c and version_features.c based on changes	2014-05-01 09:46:38 +02:00
Markus Pfeiffer	a26a005acf	Make compilation on DragonFly work	2014-04-30 16:52:28 +02:00
Paul Bakker	2a024ac86a	Merge dependency fixes	2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard	cef4ad2509	Adapt sources to configurable config.h name	2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard	c16f4e1f78	Move RC4 ciphersuites down the list	2014-04-30 16:27:06 +02:00
Paul Bakker	8eab8d368b	Merge more portable AES-NI	2014-04-30 16:21:08 +02:00
Paul Bakker	33dc46b080	Fix bug with mpi_fill_random() on big-endian	2014-04-30 16:20:39 +02:00
Paul Bakker	f96f7b607a	On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings	2014-04-30 16:02:38 +02:00
Paul Bakker	6384440b13	Better support for the different Attribute Types from IETF PKIX (RFC 5280)	2014-04-30 15:34:12 +02:00
Paul Bakker	1a1fbba1ae	Sanity length checks in ssl_read_record() and ssl_fetch_input() Both are already covered in other places, but not in a clear fashion. So for instance Coverity thinks the value is still tainted.	2014-04-30 14:48:51 +02:00
Paul Bakker	24f37ccaed	rsa_check_pubkey() now allows an E up to N	2014-04-30 13:43:51 +02:00
Paul Bakker	0f90d7d2b5	version_check_feature() added to check for compile-time options at run-time	2014-04-30 11:49:44 +02:00
Paul Bakker	a70366317d	Improve interop by not writing ext_len in ClientHello / ServerHello when 0 The RFC also indicates that without any extensions, we should write a struct {} (empty) not an array of length zero.	2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard	3d41370645	Fix hash dependencies in X.509 tests	2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard	3a306b9067	Fix misplaced #endif in ssl_tls.c	2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard	b1fd397be6	Adapt AES-NI code to "old" binutil versions	2014-04-26 17:17:31 +02:00
Paul Bakker	c73079a78c	Add debug_set_threshold() and thresholding of messages	2014-04-25 16:58:16 +02:00
Paul Bakker	92478c37a6	Debug module only outputs full lines instead of parts	2014-04-25 16:58:15 +02:00
Paul Bakker	eaebbd5eaa	debug_set_log_mode() added to determine raw or full logging	2014-04-25 16:58:14 +02:00
Paul Bakker	61885c7f7f	Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites In case full SSL frames arrived, they were rejected because an overly strict padding check.	2014-04-25 12:59:51 +02:00
Paul Bakker	4ffcd2f9c3	Typo in PKCS#11 module	2014-04-25 11:44:12 +02:00
Paul Bakker	10a9dd35ea	Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c	2014-04-25 11:27:16 +02:00
Paul Bakker	0767e67d17	Add support for 'emailAddress' to x509_string_to_names()	2014-04-18 14:11:37 +02:00
Paul Bakker	c70e425a73	Only iterate over actual certificates in ssl_write_certificate_request()	2014-04-18 13:50:19 +02:00
Paul Bakker	f4cf80b86f	Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code	2014-04-17 17:24:29 +02:00
Paul Bakker	4f42c11846	Remove arbitrary maximum length for cipher_list and content length	2014-04-17 15:37:39 +02:00
Paul Bakker	d893aef867	Force default value to curve parameter	2014-04-17 14:45:34 +02:00
Paul Bakker	93389cc620	Remove const indicator	2014-04-17 14:44:38 +02:00
Paul Bakker	874bd64b28	Check setsockopt() return value in net_bind()	2014-04-17 12:43:05 +02:00
Paul Bakker	3d8fb63e11	Added missing MPI_CHK around mpi functions	2014-04-17 12:42:41 +02:00
Paul Bakker	a9c16d2825	Removed unused cur variable in x509_string_to_names()	2014-04-17 12:42:18 +02:00
Paul Bakker	0e4f9115dc	Fix iteration counter	2014-04-17 12:39:05 +02:00
Paul Bakker	784b04ff9a	Prepared for version 1.3.6	2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard	9655e4597a	Reject certificates with times not in UTC	2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard	0776a43788	Use UTC to heck certificate validity	2014-04-11 13:59:31 +02:00
Paul Bakker	52c5af7d2d	Merge support for verifying the extendedKeyUsage extension in X.509	2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard	78848375c0	Declare EC constants as 'const'	2014-04-11 13:58:41 +02:00
Paul Bakker	1630058dde	Potential buffer overwrite in pem_write_buffer() fixed Length indication when given a too small buffer was off. Added regression test in test_suite_pem to detect this.	2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard	0408fd1fbb	Add extendedKeyUsage checking in SSL modules	2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard	7afb8a0dca	Add x509_crt_check_extended_key_usage()	2014-04-11 11:09:00 +02:00
Paul Bakker	d6ad8e949b	Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C	2014-04-09 17:24:14 +02:00
Paul Bakker	a77de8c841	Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off	2014-04-09 16:39:35 +02:00
Paul Bakker	043a2e26d0	Merge verification of the keyUsage extension in X.509 certificates	2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard	a9db85df73	Add tests for keyUsage with client auth	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	490047cc44	Code cosmetics	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	312010e6e9	Factor common parent checking code	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	f93a3c4335	Check the CA bit on trusted CAs too	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	99d4f19111	Add keyUsage checking for CAs	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	3fed0b3264	Factor some common code in x509_verify{,_child}	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	7f2a07d7b2	Check keyUsage in SSL client and server	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	603116c570	Add x509_crt_check_key_usage()	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	2abed84225	Specific return code for PK sig length mismatch	2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard	35e95ddca4	Add special return code for ecdsa length mismatch	2014-04-09 15:49:59 +02:00
Paul Bakker	ddd427a8fc	Fixed spacing in entropy_gather()	2014-04-09 15:49:57 +02:00
Paul Bakker	75342a65e4	Fixed typos in code	2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard	0f79babd4b	Disable timing_selftest() for now	2014-04-09 15:49:51 +02:00
Paul Bakker	17b85cbd69	Merged additional tests and improved code coverage Conflicts: ChangeLog	2014-04-08 14:38:48 +02:00
Paul Bakker	0763a401a7	Merged support for the ALPN extension	2014-04-08 14:37:12 +02:00
Paul Bakker	4224bc0a4f	Prevent potential NULL pointer dereference in ssl_read_record()	2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard	8c045ef8e4	Fix embarrassing X.509 bug introduced in `9533765`	2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard	f6521de17b	Add ALPN tests to ssl-opt.sh Only self-op for now, required peer versions are a bit high: - OpenSSL 1.0.2-beta - GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)	2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard	89e35798ae	Implement ALPN server-side	2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard	0b874dc580	Implement ALPN client-side	2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard	0148875cfc	Add tests and fix bugs for RSA-alt contexts	2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard	7e250d4812	Add ALPN interface	2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard	79e58421be	Also test net_usleep in timing_selttest()	2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard	3fec220a33	Add test for dhm_parse_dhmfile	2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard	7afdb88216	Test and fix x509_oid functions	2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard	d6aebe108a	Add 'volatile' to hardclock()'s asm Prevents calls from being optimised away in timing_self_test(). (Should no be a problem for calls from other files.)	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	13a1ef8600	Misc selftest adjustements	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	470fc935b5	Add timing_self_test() with consistency tests	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	487588d0bf	Whitespace fixes	2014-04-04 16:33:01 +02:00
Paul Bakker	e4205dc50a	Merged printing of X509 extensions	2014-04-04 15:36:10 +02:00
Paul Bakker	5ff3f9134b	Small fix for EFI build under Windows in x509_crt.c	2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard	0db29b05b5	More compact code using macros	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	7b30cfc5b0	x509_crt_info() list output cosmectics	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	f6f4ab40d3	Print extended key usage in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	65c2ddc318	Print key_usage in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	bce2b30855	Print subject alt name in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	919f8f5829	Print NS Cert Type in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	b28487db1f	Start printing extensions in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	74bc68ac62	Fix default #define for malloc/free	2014-04-02 13:20:00 +02:00
Paul Bakker	75a2860f26	Potential memory leak in mpi_exp_mod() when error occurs during calculation of RR.	2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard	dd75c3183b	Remove potential timing leak in ecdsa_sign()	2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard	5b8c409f53	Fix a warning (theoretical uninitialised variable)	2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard	969ccc6289	Fix length checking of various ClientKeyExchange's	2014-03-27 21:10:56 +01:00
Paul Bakker	96d5265315	Made ready for release 1.3.5	2014-03-26 16:55:50 +01:00
Paul Bakker	5fff23b92a	x509_get_current_time() uses localtime_r() to prevent thread issues	2014-03-26 15:34:54 +01:00
Paul Bakker	4c284c9141	Removed LCOV directives from code	2014-03-26 15:33:05 +01:00
Paul Bakker	77f4f39ea6	Make sure no random pointer occur during failed malloc()'s	2014-03-26 15:30:20 +01:00
Paul Bakker	db1f05985e	Add a check for buffer overflow to pkcs11_sign() pkcs11_sign() reuses *sig to store the header and hash, but those might be larger than the actual sig, causing a buffer overflow. An overflow can occur when using raw sigs with hashlen > siglen, or when the RSA key is less than 664 bits long (or less when using hashes shorter than SHA512) As siglen is always within the 'low realm' < 32k, an overflow of asnlen + hashlen is not possible.	2014-03-26 15:14:21 +01:00
Paul Bakker	91c61bc4fd	Further tightened the padlen check to prevent underflow / overflow	2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard	c042cf0013	Fix broken tests due to changed error code Introduced in `5246ee5c59`	2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard	b2bf5a1bbb	Fix possible buffer overflow with PSK	2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard	fdddac90a6	Fix stupid bug in rsa_copy()	2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard	f84f799bcf	Tune debug_print_ret format	2014-03-26 12:58:46 +01:00
Paul Bakker	b13d3ffb80	Provide no info from entropy_func() on future entropy	2014-03-26 12:51:25 +01:00
Paul Bakker	66ff70dd48	Support for seed file writing and reading in Entropy	2014-03-26 11:58:07 +01:00
Paul Bakker	3f0be61a27	Merged support for parsing EC keys that use SpecifiedECDomain	2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard	9592485d0c	Fix some MSVC12 conversion warnings	2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard	3b6269aa08	Fix warnings on MinGW	2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard	6fac3515d0	Make support for SpecifiedECDomain optional	2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard	5246ee5c59	Work around compressed EC public key in some cases	2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard	eab20d2a9c	Implement parsing SpecifiedECParameters	2014-03-19 15:51:12 +01:00
Paul Bakker	6c1f69b879	MinGW32 static build should link to windows libs and libz	2014-03-17 15:11:13 +01:00
Paul Bakker	3d6504a935	ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr	2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard	2eea29238c	Make the compiler work-around more specific	2014-03-14 18:23:26 +01:00
Paul Bakker	a4b0343edf	Merged massive SSL Testing improvements	2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard	bb8661e006	Work around a compiler bug on OS X.	2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard	d701c9aec9	Fix memory leak in server with expired tickets	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	84c30c7e83	Fix memory leak in ssl_cache	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	145dfcbfc2	Fix bug with NewSessionTicket and non-blocking I/O	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	96ea2f2557	Add tests for SNI	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	8520dac292	Add tests for auth_mode	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	da6b4d3e8c	Change RSA embedded cert to a localhost cert	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	dfbf9c711d	Fix bug in m_sleep()	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	274a12e17c	Fix bug with ssl_cache and max_entries=0	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	f7c52014ec	Add basic tests for session resumption	2014-03-14 08:41:00 +01:00
hasufell	3c6409b066	CMake: allow to build both shared and static at once This allows for more fine-grained control. Possible combinations: * static off, shared on * static on, shared off * static on, shared on The static library is always called "libpolarssl.a" and is only used for linking of tests and internal programs if the shared lib is not being built. Default is: only build static lib.	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	9a6e93e7a4	Reserve -1 as an error code (used in programs)	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	844a4c0aef	Fix RSASSA-PSS example programs	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	83cdffc437	Forbid sequence number wrapping	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	3c599f11b0	Avoid possible segfault on bad server ciphersuite	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	9533765b25	Reject certs and CRLs from the future	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	6304f786e0	Add x509_time_future()	2014-03-13 19:25:06 +01:00

... 14 15 16 17 18 ...

2788 commits