mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-07 18:25:45 +00:00

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	d72704b0d5	Remove work-around for alleged compiler bug It turns out the problem was with the way the reporter was invoking its toolchain, not the toolchain itself.	2015-02-12 09:38:54 +00:00
Manuel Pégourié-Gonnard	2ee8d24ca2	Simplify some constant-time code Some people recommend using bit operations to avoid the compiler producing a branch on `ret != 0`, but: - this makes the code less readable, - here I got a warning from some compilers about unsigned unary minus - and anyway modern compilers don't produce a branch here, checked on x64 and arm with various -O values.	2015-02-11 15:29:15 +00:00
Manuel Pégourié-Gonnard	06d7519697	Fix msvc warning	2015-02-11 14:54:11 +00:00
Manuel Pégourié-Gonnard	fba22fdc7e	Avoid warning from ar	2015-02-11 14:24:47 +00:00
Manuel Pégourié-Gonnard	6d71e4e6c3	Fix one more warning on windows	2015-02-11 12:54:35 +00:00
Manuel Pégourié-Gonnard	dda5213982	Fix harmless warnings with mingw in timing.c	2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard	38433535e3	Fix hardclock() with mingw64	2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard	a273371fc4	Fix "int vs enum" warnings from armcc v5 enumerated type mixed with another type	2015-02-10 17:34:48 +01:00
Manuel Pégourié-Gonnard	7f84905552	Fix two warnings from armcc v5 assignment in condition	2015-02-10 17:34:35 +01:00
Manuel Pégourié-Gonnard	45ec8da7e5	Fix missing include in i386-specific file	2015-02-10 13:50:47 +00:00
Manuel Pégourié-Gonnard	0c851ee1c8	Fix missing include in non-default things	2015-02-10 12:47:52 +00:00
Rich Evans	ce2f237697	change test function includes to use one convention	2015-02-10 11:28:46 +00:00
Rich Evans	00ab47026b	cleanup library and some basic tests. Includes, add guards to includes	2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard	f7d2bbaa62	Merge branch 'development' into dtls * development: Add missing guards for gnuTLS Prepare for mbed TLS 1.3.10 release Fix potential timing issue in RSA pms handling Conflicts: ChangeLog doxygen/input/doc_mainpage.h doxygen/mbedtls.doxyfile include/polarssl/version.h library/CMakeLists.txt library/ssl_srv.c tests/suites/test_suite_version.data visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw	2015-02-09 11:42:40 +00:00
Paul Bakker	daae3b749b	Prepare for mbed TLS 1.3.10 release	2015-02-08 15:49:54 +01:00
Peter Dettman	ce661b2cb8	Perf: rewrite of ecp_double_jac - Improve optimization for special case A == -3. - Add optimization for special case A == 0. - Use alternative base formula, saving several additions. - Reduce temp variables to 4 (from 6).	2015-02-07 14:43:51 +07:00
Manuel Pégourié-Gonnard	6674cce892	Fix potential timing issue in RSA pms handling	2015-02-06 11:36:56 +00:00
Manuel Pégourié-Gonnard	4eaf8f02bb	Merge branch 'development' into dtls * development: Support composite RDNs in X.509 certs parsing	2015-02-05 11:01:37 +00:00
Manuel Pégourié-Gonnard	555fbf8758	Support composite RDNs in X.509 certs parsing	2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard	3d2c4b70f2	Fix url in new files	2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard	2a0718d947	Merge branch 'development' into dtls * development: (46 commits) Fix url again Fix small bug in base64_encode() Fix depend that was checked but not documented Fix dependency that was not checked Minor gitginore fixes Move some ignore patterns to subdirectories Ignore CMake/MSVC-related build files. Re-categorize changelog entry Fix misattribution Minor nits with stdout/stderr. Add cmake compatibility targets Add script for polarssl symlink creation Fix more stdio inclusion issues Add debug info for cert/suite selection Fix possible portability issue Fix bug in ssl_get_verify_result() aescrypt2.c local char array not initial Update Changelog Fix mips64 bignum implementation Fix usage string of ssl_client2 ... Conflicts: include/polarssl/ssl.h library/CMakeLists.txt library/Makefile programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c visualc/VS2010/PolarSSL.sln visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw	2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard	860b51642d	Fix url again	2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard	65fc6a886a	Fix small bug in base64_encode()	2015-01-28 16:49:26 +00:00
Manuel Pégourié-Gonnard	78dbeeffd3	Minor gitginore fixes	2015-01-28 15:34:01 +00:00
Manuel Pégourié-Gonnard	3f738ca40a	Move some ignore patterns to subdirectories	2015-01-28 15:33:23 +00:00
Manuel Pégourié-Gonnard	2a9c8b62bf	Add cmake compatibility targets	2015-01-28 15:21:25 +00:00
Manuel Pégourié-Gonnard	7cbe1318d8	Fix more stdio inclusion issues	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	607d663b41	Add debug info for cert/suite selection	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	ceedb8292e	Fix possible portability issue The & 0xFF should not be necessary on platforms with 8-bit chars, but one user reported having problems with his compiler on such a platform.	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	e89163c0a8	Fix bug in ssl_get_verify_result()	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	e94e6e5b9c	Fix stdio (non-)inclusion issues.	2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard	9014b6f227	Rename project in CMake TODO: to create symlinks to the old names!	2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard	145422f74d	Make now creates libmbedtls.so with polarssl link	2015-01-27 11:36:50 +01:00
Manuel Pégourié-Gonnard	04a81d5c65	Fix issue in previous commit Even with shared we need to build the static library since programs are using it.	2015-01-27 11:36:41 +01:00
Manuel Pégourié-Gonnard	acdb9b9525	Fix unchecked error code on Windows	2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard	cfa9a45dd6	Rename in cmake help strings	2015-01-23 13:33:31 +00:00
Manuel Pégourié-Gonnard	c26a092b50	Rename static lib name with make	2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard	c5d68e5b70	Fix dependency declaration	2015-01-23 12:37:21 +00:00
Manuel Pégourié-Gonnard	dba564bc79	Fix files that are not in development	2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard	df6411d8d8	Merge branch 'development' into dtls * development: Fix website url to use https. Remove maintainer line. Remove redundant "all rights reserved"	2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard	085ab040aa	Fix website url to use https.	2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard	9698f5852c	Remove maintainer line.	2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard	19f6b5dfaa	Remove redundant "all rights reserved"	2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard	a34aa70b23	Update version_features	2015-01-23 10:27:36 +00:00
Manuel Pégourié-Gonnard	177b73045a	Regenerate version_features	2015-01-23 10:26:11 +00:00
Manuel Pégourié-Gonnard	eab72e2ced	Merge branch 'development' into dtls * development: Update copyright Fix issue in compat.sh Rename doxyfile Rename to mbed TLS in tests/ Rename to mbed TLS in examples Remove old test certificates. Rename to mbed TLS in the documentation/comments Change name to mbed TLS in the copyright notice Conflicts: doxygen/input/doc_mainpage.h doxygen/mbedtls.doxyfile include/polarssl/version.h tests/compat.sh	2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard	a658a4051b	Update copyright	2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard	b4fe3cb1fa	Rename to mbed TLS in the documentation/comments	2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard	967a2a5f8c	Change name to mbed TLS in the copyright notice	2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard	3a173f497b	Merge branch 'development' into dtls * development: Fix error code description. generate_errors.pl now errors on duplicate codes Avoid nested if's without braces. Move renego SCSV after actual ciphersuites Fix send_close_notify usage. Rename variable for clarity Improve script portability Conflicts: library/ssl_srv.c programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard	11c919208d	Fix error code description.	2015-01-22 13:22:12 +00:00
Manuel Pégourié-Gonnard	59c6f2ef21	Avoid nested if's without braces. Creates a potential for confusing code if we later want to add an else clause.	2015-01-22 11:06:40 +00:00
Manuel Pégourié-Gonnard	5d9cde25da	Move renego SCSV after actual ciphersuites	2015-01-22 10:49:41 +00:00
Manuel Pégourié-Gonnard	67505bf9e8	Merge branch 'development' into dtls * development: Adapt tests to new defaults/errors. Fix typos/cosmetics in Changelog Disable RC4 by default in example programs. Add ssl_set_arc4_support() Set min version to TLS 1.0 in programs Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c tests/compat.sh	2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard	bfccdd3c92	Merge commit '36adc36' into dtls * commit '36adc36': Add support for getrandom() Use library default for trunc-hmac in ssl_client2 Make truncated hmac a runtime option server-side Fix portability issue in script Specific error for suites in common but none good Prefer SHA-1 certificates for pre-1.2 clients Some more refactoring/tuning. Minor refactoring Conflicts: include/polarssl/error.h include/polarssl/ssl.h library/error.c	2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard	0017c2be48	Merge commit '9835bc0' into dtls * commit '9835bc0': Fix racy test. Fix stupid error in previous commit Don't check errors on ssl_close_notify() Fix char signedness issue Fix issue with non-blocking I/O & record splitting Fix warning Conflicts: programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard	8fbb01ec84	Merge commit 'b2eaac1' into dtls * commit 'b2eaac1': Stop assuming chars are signed Add tests for CBC record splitting Fix tests that were failing with record splitting Allow disabling record splitting at runtime Add 1/n-1 record splitting Enhance doc on ssl_write() Conflicts: include/polarssl/ssl.h programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard	b89c4f35a1	Fixes for the renego-option merge	2015-01-21 13:24:10 +00:00
Manuel Pégourié-Gonnard	0af1ba3521	Merge commit 'f6080b8' into dtls * commit 'f6080b8': Fix warning in reduced configs Adapt to "negative" switch for renego Add tests for periodic renegotiation Make renego period configurable Auto-renegotiate before sequence number wrapping Update Changelog for compile-option renegotiation Switch from an enable to a disable flag Save 48 bytes if SSLv3 is not defined Make renegotiation a compile-time option Add tests for renego security enforcement Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard	edb7ed3a43	Merge commit 'd7e2483' into dtls * commit 'd7e2483': (57 commits) Skip signature_algorithms ext if PSK only Fix bug in ssl_client2 reconnect option Cosmetics in ssl_server2 Improve debugging message. Fix net_usleep for durations greater than 1 second Use pk_load_file() in X509 Create ticket keys only if enabled Fix typo in #ifdef Clarify documentation a bit Fix comment on resumption Update comment from draft to RFC Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c Add recursion.pl to all.sh Allow x509_crt_verify_child() in recursion.pl Set a compile-time limit to X.509 chain length Fix 3DES -> DES in all.sh (+ time estimates) Add curves.pl to all.sh Rework all.sh to use MSan instead of valgrind Fix depends on individual curves in tests Add script to test depends on individual curves ... Conflicts: CMakeLists.txt programs/ssl/ssl_client2.c	2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard	f9c8a606b5	Merge commit '8b9bcec' into dtls * commit '8b9bcec': Stop assuming chars are signed Fix len miscalculation in buffer-based allocator Fix NULL dereference in buffer-based allocator Add test_suite_memory_buffer_alloc Add memory_buffer_alloc_self_test() Fix missing bound check Add test for ctr_drbg_update() input sanitizing Refactor for clearer correctness/security Stop assuming chars are signed Conflicts: library/ssl_tls.c	2015-01-20 16:38:39 +00:00
Paul Bakker	5b8f7eaa3e	Merge new security defaults for programs (RC4 disabled, SSL3 disabled)	2015-01-14 16:26:54 +01:00
Paul Bakker	36adc3631c	Merge support for getrandom() call	2015-01-14 16:19:59 +01:00
Paul Bakker	c82b7e2003	Merge option to disable truncated hmac on the server-side	2015-01-14 16:16:55 +01:00
Paul Bakker	e522d0fa57	Merge smarter certificate selection for pre-TLS-1.2 clients	2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard	a852cf4833	Fix issue with non-blocking I/O & record splitting	2015-01-13 20:56:15 +01:00
Manuel Pégourié-Gonnard	d5746b36f9	Fix warning	2015-01-13 20:33:24 +01:00
Paul Bakker	f3561154ff	Merge support for 1/n-1 record splitting	2015-01-13 16:31:34 +01:00
Paul Bakker	f6080b8557	Merge support for enabling / disabling renegotiation support at compile-time	2015-01-13 16:18:23 +01:00
Paul Bakker	d7e2483bfc	Merge miscellaneous fixes into development	2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard	5dd28ea432	Fix len miscalculation in buffer-based allocator	2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard	547ff6618f	Fix NULL dereference in buffer-based allocator	2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard	5ba1d52f96	Add memory_buffer_alloc_self_test()	2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard	5cb4b31057	Fix missing bound check	2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard	bd47a58221	Add ssl_set_arc4_support() Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting.	2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard	352143fa1e	Refactor for clearer correctness/security	2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard	f3c500fe47	Fix bug on OS X (BSD?) in net_accept() for UDP	2015-01-12 19:02:15 +01:00
Manuel Pégourié-Gonnard	18292456c5	Add support for getrandom()	2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard	e117a8fc0d	Make truncated hmac a runtime option server-side Reading the documentation of ssl_set_truncated_hmac() may give the impression I changed the default for clients but I didn't, the old documentation was wrong.	2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard	f01768c55e	Specific error for suites in common but none good	2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard	df331a55d2	Prefer SHA-1 certificates for pre-1.2 clients	2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard	6458e3b743	Some more refactoring/tuning.	2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard	846ba473af	Minor refactoring	2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard	cfa477ef2f	Allow disabling record splitting at runtime	2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard	d76314c44c	Add 1/n-1 record splitting	2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard	d94232389e	Skip signature_algorithms ext if PSK only	2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard	eaecbd3ba8	Fix warning in reduced configs	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	837f0fe831	Make renego period configurable	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	b445805283	Auto-renegotiate before sequence number wrapping	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	6186019d5d	Save 48 bytes if SSLv3 is not defined	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	615e677c0b	Make renegotiation a compile-time option	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	60346be2a3	Improve debugging message. This actually prints only the payload, not the potential IV and/or MAC, so (to me at least) it's much less confusing	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	e423246e7f	Fix net_usleep for durations greater than 1 second	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	9439f93ea4	Use pk_load_file() in X509 Saves a bit of ROM. X509 depends on PK anyway.	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	2457fa0915	Create ticket keys only if enabled	2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard	d16d1cb96a	Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c	2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard	fd6c85c3eb	Set a compile-time limit to X.509 chain length	2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard	6ed2d92629	Make x509_crl_parse() iterative	2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard	426d4ae7ff	Split x509_crl_parse_der() out of x509_crl_parse()	2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard	8c9223df84	Add text view to debug_print_buf()	2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard	0975ad928d	Merge branch 'etm' into dtls * etm: Fix some more warnings in reduced configs Fix typo causing MSVC errors	2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard	8e4b3374d7	Fix some more warnings in reduced configs	2014-11-17 15:06:13 +01:00
Manuel Pégourié-Gonnard	98aa19148c	Adjust warnings in different modes	2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard	e5b0fc1847	Make malloc-init script a bit happier	2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard	f631bbc1da	Make x509_string_cmp() iterative	2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard	8a5e3d4a40	Forbid repeated X.509 extensions	2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard	d681443f69	Fix potential stack overflow	2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard	b134060f90	Fix memory leak with crafted X.509 certs	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	0369a5291b	Fix uninitialised pointer dereference	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	e959979621	Fix ECDSA sign buffer size	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	b31b61b9e8	Fix potential undefined behaviour in Camellia	2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard	7c13d69cb5	Fix dependency issues	2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard	a1efcb084f	Implement pk_check_pair() for RSA-alt	2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard	27e3edbe2c	Check key/cert pair in ssl_set_own_cert()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	70bdadf54b	Add pk_check_pair()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	30668d688d	Add ecp_check_pub_priv()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	2f8d1f9fc3	Add rsa_check_pub_priv()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	e10e06d863	Blind RSA operations even without CRT	2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard	d056ce0e3e	Use seq_num as AEAD nonce by default	2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard	f9d778d635	Merge branch 'etm' into dtls * etm: Fix warning in reduced config Update Changelog for EtM Keep EtM state across renegotiations Adjust minimum length for EtM Don't send back EtM extension if not using CBC Fix for the RFC erratum Implement EtM Preparation for EtM Implement initial negotiation of EtM Conflicts: include/polarssl/check_config.h	2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard	56d985d0a6	Merge branch 'session-hash' into dtls * session-hash: Update Changelog for session-hash Make session-hash depend on TLS versions Forbid extended master secret with SSLv3 compat.sh: allow git version of gnutls compat.sh: make options a bit more robust Implement extended master secret Add negotiation of Extended Master Secret Conflicts: include/polarssl/check_config.h programs/ssl/ssl_server2.c	2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard	9d7821d774	Fix warning in reduced config	2014-11-06 01:19:52 +01:00
Manuel Pégourié-Gonnard	fedba98ede	Merge branch 'fb-scsv' into dtls * fb-scsv: Update Changelog for FALLBACK_SCSV Implement FALLBACK_SCSV server-side Implement FALLBACK_SCSV client-side	2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard	1a03473576	Keep EtM state across renegotiations	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	b575b54cb9	Forbid extended master secret with SSLv3	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	169dd6a514	Adjust minimum length for EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	78e745fc0a	Don't send back EtM extension if not using CBC	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	08558e5b46	Fix for the RFC erratum	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	313d796e80	Implement EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	0098e7dc70	Preparation for EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	699cafaea2	Implement initial negotiation of EtM Not implemented yet: - actually using EtM - conditions on renegotiation	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	01b2699198	Implement FALLBACK_SCSV server-side	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	ada3030485	Implement extended master secret	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	1cbd39dbeb	Implement FALLBACK_SCSV client-side	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	367381fddd	Add negotiation of Extended Master Secret (But not the actual thing yet.)	2014-11-05 16:00:49 +01:00
Paul Bakker	f2a459df05	Preparation for PolarSSL 1.4.0	2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard	6b875fc7e5	Fix potential memory leak (from clang-analyzer)	2014-10-21 16:33:00 +02:00
Manuel Pégourié-Gonnard	df3acd82e2	Limit HelloRequest retransmission if not enforced	2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard	26a4cf63ec	Add retransmission of HelloRequest	2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard	74a1378175	Avoid false positive in ssl-opt.sh with memcheck	2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard	8e704f0f74	DTLS depends on TIMING_C for now	2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard	b0643d152d	Add ssl_set_dtls_badmac_limit()	2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard	9b35f18f66	Add ssl_get_record_expansion()	2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard	37e08e1689	Fix max_fragment_length with DTLS	2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard	23cad339c4	Fail cleanly on unhandled case	2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard	fc572dd4f6	Retransmit only on last message from prev flight Be a good network citizen, try to avoid causing congestion by causing a retransmission explosion.	2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard	8a7cf2543a	Add a few #ifdefs	2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard	ba958b8bdc	Add test for server-initiated renego Just assuming the HelloRequest isn't lost for now	2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard	46fb942046	Fix warning about function that should be static	2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard	f1e9b09a0c	Fix missing #ifdef's	2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard	4e2f245752	Fix timer issues - timer not firing when constantly receiving bad messages - timer not reset on failed reads - timer incorrectly restarted on resend during read	2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard	df9a0a8460	Drop unexpected ApplicationData This is likely to happen on resumption if client speaks first at the application level.	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	6b65141718	Implement ssl_read() timeout (DTLS only for now)	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	2707430a4d	Fix types and comments about read_timeout	2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard	6c1fa3a184	Fix misplaced initialisation of timeout	2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard	c8d8e97cbd	Move to milliseconds in recv_timeout()	2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard	905dd2425c	Add ssl_set_handshake_timeout()	2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard	0ac247fd88	Implement timeout back-off (fixed range for now)	2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard	579950c2bb	Fix bug with non-blocking I/O and cookies	2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard	7de3c9eecb	Count timeout per flight, not per message	2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard	db2858ce96	Preparation for timers Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.	2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard	08a1d4bce1	Fix bug with client auth with DTLS	2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard	23b7b703aa	Fix issue with renego & resend	2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard	f03c7aa469	Add replay detection in parse_client_hello()	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	2739313cea	Make anti-replay a runtime option	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	8464a46b6b	Make DTLS_ANTI_REPLAY depends on PROTO_DTLS	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	246c13a05f	Fix epoch checking	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	b47368a00a	Add replay detection	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	4956fd7437	Test and fix anti-replay functions	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	7a7e140d4e	Add functions for replay protection	2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard	ea22ce577e	Rm unneeded counter increment with DTLS	2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard	abf16240dd	Add ability to resend last flight	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	cd32a50d67	Fix NewSesssionTicket vs ChangeCipherSpec bug Since we were cheating on state, ssl_read_record() wasn't able to drop out-of-sequence ChangeCipherSpec messages. Cheat a bit less.	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	767c69561b	Drop out-of-sequence ChangeCipherSpec messages	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	93017de47e	Minor optim: don't resend on duplicated HVR	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	c715aed744	Fix epoch swapping	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	6a2bdfaf73	Actually resend flights	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	5d8ba53ace	Expand and fix resend infrastructure	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	ffa67be698	Infrastructure for buffering & resending flights	2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard	9d9b003a9a	Add net_recv_timeout()	2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard	8fa6dfd560	Introduce f_recv_timeout callback	2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard	e6bdc4497c	Merge I/O contexts into one	2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard	f4acfe1808	Document previous API changes in this branch	2014-10-21 16:32:23 +02:00
Manuel Pégourié-Gonnard	d92d6a1b5b	ssl_parse_server_key_exchange() cleanups	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	5ee96546de	Add length checks in parse_certificate_verify()	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	72226214b1	Merge checks in ssl_parse_certificate_verify()	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	ca6440b246	Small cleanups in parse_finished()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	624bcb5260	No memmove: done, rm temporary things	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	000d5aec13	No memmove: parse_new_session_ticket()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	0b3400dafa	No memmove: ssl_parse_server_hello()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	069eb79043	No memmove: ssl_parse_hello_verify_request()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	04c1b4ece1	No memmove: certificate_request + server_hello_done	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	f4830b5092	No memmove: ssl_parse_server_key_exchange()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	4528f3f5c0	No memmove: parse_certificate_verify()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	2114d724dc	No memmove: ssl_parse_client_key_exchange()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	f49a7daa1a	No memmove: ssl_parse_certificate()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	4abc32734e	No memmove: ssl_parse_finished()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	f899583f94	Prepare moving away from memmove() on incoming HS	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	4a1753657c	Fix missing return in error check	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	19d438f4ff	Get rid of memmove for DTLS in parse_client_hello()	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	63eca930d7	Drop invalid records with DTLS	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	167a37632d	Split two functions out of ssl_read_record()	2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard	990f9e428a	Handle late handshake messages gracefully	2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard	60ca5afaec	Drop records from wrong epoch	2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard	1aa586e41d	Check handshake message_seq field	2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard	9d1d7196e4	Check length before reading handshake header	2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard	d9ba0d96b6	Prepare for checking incoming handshake seqnum	2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard	ac03052f22	Fix segfault with some very short fragments	2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard	64dffc5d14	Make handshake reassembly work with openssl	2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard	502bf30fb5	Handle reassembly of handshake messages Works only with GnuTLS for now, OpenSSL packs other records in the same datagram after the last fragmented one, which we don't handle yet. Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with valgrind that gnutls-serv retransmits some messages, and we don't handle duplicated messages yet.	2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard	ed79a4bb14	Prepare for DTLS handshake reassembly	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	edcbe549fd	Reorder checks in ssl_read_record	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	0557bd5fa4	Fix message_seq with server-initiated renego	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	c392b240c4	Fix server-initiated renegotiation with DTLS	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	30d16eb429	Fix client-initiated renegotiation with DTLS	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	b35fe5638a	Fix HelloVerifyRequest version handling	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	562eb787ec	Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	bef8f09899	Make cookie timeout configurable	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	e90308178f	Add timestamp/serial to cookies, with timeout	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	445a1ec6cd	Change internal names	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	29ad7e8fc0	Add check for missing ssl_set_client_transport_id()	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	a64acd4f84	Add separate SSL_COOKIE_C define	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	7d38d215b1	Allow disabling HelloVerifyRequest	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	e4de06145a	Fix cookie context usage	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	232edd46be	Move cookie callbacks implementation to own module	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	d485d194f9	Move to a callback interface for DTLS cookies	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	d7f9bc5091	Refactor cookie to prepare for external callbacks Also adds flexibility to the verification process.	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	82202f0a9c	Make DTLS_HELLO_VERIFY a compile option	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	98545f128a	Generate random key for HelloVerifyRequest	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	dd3cdb0fbc	Start using client IP in HelloVerifyRequest Dummy fixed key for now.	2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard	43c021874d	Add ssl_set_client_transport_id()	2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard	fb2d22371f	Reuse random when responding to a verify request	2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard	b760f001d7	Extract generate client random to a function	2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard	2c9ee81f6e	Start adding srv support for hello verify request Dummy fixed content for now. Also, seems to be a race condition in the way the socket is closed and reopened, leading to a few "random" failures in compat.sh. A fix is planned for later.	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	a0e1632b79	Do not use compression with DTLS	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	5d53cbef3a	Fix length check in ssl_write_ticket()	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	879a4f9623	Abort on DTLS epoch wrap	2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard	805e2300af	Fix error message and return code	2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard	67427c07b2	Fix checksum computation with HelloVerifyRequest	2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard	74848811b4	Implement HelloVerifyRequest on client	2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard	b2f3be8757	Support multiple records in one datagram	2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard	34c1011b3d	Fix a few warnings in reduced configs	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	fe98aceb70	Adapt ssl_fetch_input() for UDP	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	f5a1312eaa	Add UDP support to the NET module	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	d6b721c7ee	More ssl_parse_client_hello() adjustments	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	4128aa71ee	Add the 'cookie' field of DTLS ClientHello	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	8933a65d5c	Rework ssl_parse_client_hello() a bit - make it more linear - check lengths better - prepare for optional "cookie" field	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	e89bcf05da	Write new DTLS handshake fields correctly	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	ce441b3442	Add space for new DTLS fields in handshake	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	a59543af30	Minor refactoring in ssl_read_record()	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	f302fb52e1	Fix hmac computation for DTLS	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	5afb167e2c	Implement DTLS epochs	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	0619348288	Add explicit counter in DTLS record header	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	507e1e410a	Prep: allow {in,out}_len != {in,out}_hdr + 3	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	7ee6f0e6e5	Preparation: allow {in,out}_ctr != {in,out}_buf	2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard	abc7e3b4ba	Handle DTLS version encoding and fix some checks	2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard	864a81fdc0	More ssl_set_XXX() functions can return BAD_INPUT	2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard	b21ca2a69f	Adapt version-handling functions to DTLS	2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard	d66645130c	Add a ciphersuite NODTLS flag	2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard	0b1ff29328	Add basic flags for DTLS	2014-10-21 16:30:03 +02:00
Paul Bakker	82788fb63b	Fix minor style issues	2014-10-20 13:59:19 +02:00
Paul Bakker	9eac4f7c4e	Prepare for release 1.3.9	2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard	f7cdbc0e87	Fix potential bad read of length	2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard	ef9a6aec51	Allow comparing name with mismatched encodings	2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard	88421246d8	Rename a function	2014-10-17 12:42:30 +02:00
Manuel Pégourié-Gonnard	43c3b28ca6	Fix memory leak with crafted ClientHello	2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard	5d8618539f	Fix memory leak while parsing some X.509 certs	2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard	64938c63f0	Accept spaces at end of line/buffer in base64	2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard	7f4ed67a97	Fix compile error with armcc in mpi_is_prime()	2014-10-15 22:06:46 +02:00
Paul Bakker	5a5fa92bfe	x509_crt_parse() did not increase total_failed on PEM error Result was that PEM errors in files with multiple certificates were not detectable by the user.	2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard	480905d563	Fix selection of hash from sig_alg ClientHello ext.	2014-08-30 14:19:59 +02:00
Sander Niemeijer	ef5087d150	Added explicit casts to prevent compiler warnings when trying to build for iOS	2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard	8ef7088bb9	Use polarssl_zeroize() in asn1parse too	2014-08-21 18:15:09 +02:00
Peter Vaskovic	a676acf66b	Fix missing curly braces.	2014-08-21 17:56:25 +02:00
Manuel Pégourié-Gonnard	a13500fdf7	Fix bug with ssl_close_notify and non-blocking I/O	2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard	44ade654c5	Implement (partial) renego delay on client	2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard	f07f421759	Fix server-initiated renego with non-blocking I/O	2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard	6591962f06	Allow delay on renego on client Currently unbounded: will be fixed later	2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard	f26a1e8602	ssl_read() stops returning non-application data	2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard	55e4ff2ace	Tune comments	2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard	462906f955	Do no test net_usleep() when not defined	2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard	192253aaa9	Fix buffer size in pk_write_*_pem()	2014-08-14 11:34:35 +02:00
Alfred Klomp	b308dd72d9	timing.c: avoid referencing garbage value Found with Clang's `scan-build` tool. When get_timer() is called with `reset` set to 1, the value of t->start.tv_sec is used as a rvalue without being initialized first. This is relatively harmless because the result of get_timer() is not used by the callers when called in "reset mode". However, scan-build prints a warning. Silence the warning by only calculating the delta on non-reset runs, returning zero otherwise.	2014-08-14 11:34:35 +02:00
Alfred Klomp	7ee55624fb	gcm.c: remove dead store Found with Clang's `scan-build` tool. The value written to `hi` is never used, resulting in a warning. Remove the dead store to get rid of the warning.	2014-08-14 11:34:35 +02:00
Alfred Klomp	1b4eda3af9	pkcs5.c: fix dead store: return proper exit status Found with Clang's `scan-build` tool. The error value assigned to `ret` is not returned, meaning that the selftest always succeeds. Ensure the error value is propagated back to the caller.	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	8d77eeeaf6	Fix integer suffix rejected by some MSVC versions	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	9a6b442cee	Fix non-blocking sockets in net_accept()	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	a04fa4fa04	RSA-PSK key exchange requires TLS 1.x It's not clear if, with SSL3, one should include send the two length bytes for EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	8d4ad07706	SHA-2 ciphersuites now require TLS 1.x	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	2fbf311391	Fix dependency issue in memory_buffer_alloc	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	97884a31cb	Fix printf format warnings in memory_buffer_alloc	2014-08-14 11:34:33 +02:00
Manuel Pégourié-Gonnard	86bbc7fc30	Fix typo causing compile error with NULL cipher	2014-08-14 11:34:33 +02:00
Paul Bakker	8dcb2d7d7e	Support escaping of commas in x509_string_to_names()	2014-08-11 11:59:52 +02:00
Paul Bakker	21e081b068	Prevent (incorrect) compiler warning	2014-07-24 10:38:01 +02:00
Paul Bakker	6c343d7d9a	Fix mpi_write_string() to write "00" as hex output for empty MPI	2014-07-10 15:27:10 +02:00
Paul Bakker	5b11d026cd	Fix dependencies and includes without FS_IO and PLATFORM_C	2014-07-10 15:27:10 +02:00
Manuel Pégourié-Gonnard	b196fc23b1	Fix dhm_selftest() return value	2014-07-09 16:53:29 +02:00
Paul Bakker	968afaa06f	ssl_key_cert not available in all configurations	2014-07-09 11:34:48 +02:00
Paul Bakker	ec3a617d40	Make ready for release of 1.3.8 and soversion 7	2014-07-09 10:21:28 +02:00
Paul Bakker	84bbeb58df	Adapt cipher and MD layer with _init() and _free()	2014-07-09 10:19:24 +02:00
Paul Bakker	accaffe2c3	Restructure ssl_handshake_init() and small fixes	2014-07-09 10:19:24 +02:00
Paul Bakker	a317a98221	Adapt programs / test suites	2014-07-09 10:19:24 +02:00
Paul Bakker	8f870b047c	Add dhm_init()	2014-07-09 10:19:23 +02:00
Paul Bakker	fff0366bba	Add ctr_drbg_free()	2014-07-09 10:19:23 +02:00
Paul Bakker	5b4af39a36	Add _init() and _free() for hash modules	2014-07-09 10:19:23 +02:00
Paul Bakker	c7ea99af4f	Add _init() and _free() for cipher modules	2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard	d27680bd5e	Clarify code using PSK callback	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	0698f7c21a	Rm duplicate entry in oid_md_alg	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	14beb08542	Fix missing const	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	ba782bbc4b	Save some space in ECP curve tables	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	67dbe1ef44	Better length checking in ecp_point_read_binary()	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	08e81e0c8f	Change selection of hash algorithm for TLS 1.2	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	bd77254b18	md_list() starting with strongest hash	2014-07-08 13:03:02 +02:00
Paul Bakker	8fb99abaac	Merge changes for leaner memory footprint	2014-07-04 15:02:19 +02:00
Paul Bakker	b9e08b086b	Merge server-side enforced renegotiation requests	2014-07-04 15:01:37 +02:00
Paul Bakker	d598318661	Fix base64_decode() to return and check length correctly	2014-07-04 15:01:00 +02:00
Manuel Pégourié-Gonnard	481fcfde93	Make PSK_LEN configurable and adjust PMS size	2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard	dfc7df0bec	Add SSL_CIPHERSUITES config option	2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard	a9964dbcd5	Add ssl_set_renegotiation_enforced()	2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard	791684c058	Save RAM when only a few ciphersuites are defined	2014-06-30 19:07:01 +02:00
Manuel Pégourié-Gonnard	31855456f9	Fix clang's check mode again	2014-06-25 15:59:50 +02:00
Manuel Pégourié-Gonnard	bee8ded03a	Fix warning depending on configuration	2014-06-25 12:22:59 +02:00
Manuel Pégourié-Gonnard	01edb1044c	Add POLARSSL_REMOVE_RC4_CIPHERSUITES	2014-06-25 11:27:59 +02:00
Paul Bakker	2a45d1c8bb	Merge changes to config examples and configuration issues	2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard	dd0c0f33c0	Better usage of dhm_calc_secret in SSL	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	8df68632e8	Fix bug in DHE-PSK PMS computation	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	5c1f032653	Abort handshake if no point format in common	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	fd35af1579	Fix off-by-one error in point format parsing	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	87a8ffeaba	Padlock asm using \n\t too	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	0534fd4c1a	Change asm format to \n\t in aesni.c too	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	03576887c2	Remove misplaced debugging message	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	42b5374523	Switch CCM and GCM in default suite order The upcoming BCP document recommends GCM as the default.	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	d249b7ab9a	Restore ability to trust non-CA selfsigned EE cert	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	c4eff16516	Restore ability to use v1 CA if trusted locally	2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard	eaa76f7e20	Fix computation of minlen for encrypted packets	2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard	e800cd81d7	Re-arrange some code in ssl_derive_keys()	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	b46e6adb9c	Check input lengths in GCM	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	0bcc4e1df7	Fix length checking for AEAD ciphersuites	2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard	66e20c6318	Fix warning and typo->error.	2014-06-24 17:47:40 +02:00
Manuel Pégourié-Gonnard	ac2ccf897c	Fix CCM ciphersuites definition: PSK <-> DHE-PSK!	2014-06-24 15:48:01 +02:00
Manuel Pégourié-Gonnard	8f625632bb	Fix dependencies: GCM != AEAD != CCM	2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard	5bfd968e01	Fix warning with TLS 1.2 without RSA or ECDSA	2014-06-24 15:18:11 +02:00
Paul Bakker	1c98ff96b5	Merge more test improvements and tests Conflicts: tests/suites/test_suite_cipher.blowfish.data	2014-06-24 11:12:00 +02:00
Paul Bakker	91c301abbe	Zeroize values in PKCS#12 operations	2014-06-24 11:09:39 +02:00
Manuel Pégourié-Gonnard	398c57b0b3	Blowfish accepts variable key len in cipher layer	2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard	f3b47243df	Split x509_csr_parse_der() out of x509_csr_parse()	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	4d2a8eb6ff	SSL modules now using x509_crt_parse_der() Avoid uselessly trying to decode PEM.	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	b912616081	Rm unused functions in cipher_wrap You can't initialise a context with DES_CFB or DES_CTR.	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	1c082f34f3	Update description and references for X.509 files	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	edc3ab20e2	Small cleanup: less side-effects pkcs5_parse_pbkdf2_params() used to modify params.p, which does not look clean, even if the function is static and params.p isn't use afterwards.	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	90dac90f53	Small code simplification in pkcs5_pbes2()	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	66aca931bc	Add tests for pkcs5_pbes2	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	2a8afa98e2	pkcs5_self_test depends on SHA1	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	f3e5c22f4d	Refactor x509_string_to_names(): data in a table	2014-06-23 11:52:58 +02:00
Manuel Pégourié-Gonnard	81754a0c35	Create a 'flags' field in cipher_info	2014-06-23 11:33:18 +02:00
Paul Bakker	66d5d076f7	Fix formatting in various code to match spacing from coding style	2014-06-17 17:06:47 +02:00
Paul Bakker	db20c10423	Add #endif comments for #endif more than 10 lines from #if / #else	2014-06-17 14:34:44 +02:00
Paul Bakker	d8bb82665e	Fix code styling for return statements	2014-06-17 14:06:49 +02:00
Paul Bakker	3461772559	Introduce polarssl_zeroize() instead of memset() for zeroization	2014-06-14 16:46:03 +02:00
Paul Bakker	14877e6250	Remove unused 'ret' variable	2014-06-12 23:01:18 +02:00
Paul Bakker	c2ff2083ee	Merge parsing and verification of RSASSA-PSS in X.509 modules	2014-06-12 22:02:47 +02:00
Paul Bakker	508e573231	Merge tests for asn1write, XTEA and Entropy modules	2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard	3ac6a2b9a7	Same as previous commit with Camellia	2014-06-12 21:16:02 +02:00
Manuel Pégourié-Gonnard	afd5a08e33	Minor tune-up in aes code un-duplicate a check, and remove useless default case, mainly so that these lines don't appear as uncovered	2014-06-12 21:15:55 +02:00
Manuel Pégourié-Gonnard	e1ac0f8c5d	Add back timing selftest with new hardclock test	2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard	7792198a46	Normalize some error messages	2014-06-12 21:15:44 +02:00
Manuel Pégourié-Gonnard	4dd73925ab	Add entropy_self_test()	2014-06-10 15:38:43 +02:00
Paul Bakker	d6917f0eb3	Add LINK_WITH_PTHREAD to CMakeList for explicitly adding pthread linking	2014-06-09 23:46:41 +02:00
Manuel Pégourié-Gonnard	d1539b1e88	Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT	2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard	88aa6e0b58	Fix potential memory leak in RSASSA-PSS verify	2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard	0eaa8beb36	Fix signedness warning	2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard	53882023e7	Also verify CRLs signed with RSASSA-PSS	2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard	46db4b070c	Use pk_verify_ext() in x509_crt.c	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	bf696d030b	Make sig_opts non-optional in X509 structures This simplifies the code.	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	dddbb1d1eb	Rm sig_params from various X509 structures	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	9113603b6b	Use sig_opts in x509_sig_alg_gets()	2014-06-05 15:41:39 +02:00
Manuel Pégourié-Gonnard	f75f2f7c46	Add sig_opts member to X509 structures	2014-06-05 15:14:59 +02:00
Manuel Pégourié-Gonnard	20422e9a3a	Add pk_verify_ext()	2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard	5ec628a2b9	Add rsa_rsassa_pss_verify_ext()	2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard	920e1cd5e2	Add basic PSS cert verification Still todo: - handle MGF-hash != sign-hash - check effective salt len == announced salt len - add support in the PK layer so that we don't have to bypass it here	2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard	e6d1d82b66	Relax checks on RSA mode for public key operations	2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard	78117d57b0	Consider trailerField a constant	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	cac31eed9e	Factor common code for printing sig_alg	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	cf975a3857	Factor out some common code	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	39868ee301	Parse CSRs signed with RSASSA-PSS	2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard	8e42ff6bde	Parse CRLs signed with RSASSA-PSS	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	9df5c96214	Fix dependencies	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	9c9cf5b51e	More checks for length match in rsassa-pss params	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	e76b750b69	Finish parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	f346bab139	Start parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	59a75d5b9d	Basic parsing of certs signed with RSASSA-PSS	2014-06-02 16:10:29 +02:00
Peter Vaskovic	7015de7e67	Fix WSAStartup return value check. SOCKET_ERROR was not a valid return value. WSAStartup returns 0 on success, so check that instead.	2014-05-28 11:40:51 +02:00
Paul Bakker	14b16c62e9	Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker) Move strlen out of for loop. Remove redundant null checks before free.	2014-05-28 11:34:33 +02:00
Peter Vaskovic	8ebfe084ab	Fix minor format string inconsistency.	2014-05-28 11:12:51 +02:00
Peter Vaskovic	c2bbac968b	Fix misplaced parenthesis.	2014-05-28 11:06:31 +02:00
Peter Vaskovic	541529e770	Remove unused arrays.	2014-05-28 11:04:48 +02:00
Paul Bakker	b5212b436f	Merge CCM cipher mode and ciphersuites Conflicts: library/ssl_tls.c	2014-05-22 15:30:31 +02:00
Paul Bakker	0f651c7422	Stricter check on SSL ClientHello internal sizes compared to actual packet size	2014-05-22 15:12:19 +02:00
Brian White	12895d15f8	Fix less-than-zero checks on unsigned numbers	2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard	82a5de7bf7	Enforce alignment even if buffer is not aligned	2014-05-22 13:52:49 +02:00
Manuel Pégourié-Gonnard	fe671f4aeb	Add markers around generated code in error.c	2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard	8ff17c544c	Add missing DEBUG_RET on cipher failures	2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard	61edffef28	Normalize "should never happen" messages/errors	2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard	2e5ee32033	Implement CCM and CCM_8 ciphersuites	2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard	5efd772ef0	Small readability improvement	2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard	6768da9438	Register CCM ciphersuites (not implemented yet)	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	41936957b3	Add AES-CCM and CAMELLIA-CCM to the cipher layer	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	de7bb44004	Use cipher_auth_{en,de}crypt() in ssl_tls.c	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	4562ffe2e6	Add cipher_auth_{en,de}crypt()	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	8764d271fa	Use cipher_crypt() in ssl_tls.c	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	3c1d150b3d	Add cipher_crypt()	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	0f6b66dba1	CCM operations allow input == output	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	aed6065793	CCM source cosmetics/tune-ups - source a bit shorter - generated code slightly smaller - preserving performance	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	ce77d55023	Implement ccm_auth_decrypt()	2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard	002323340a	Refactor to prepare for CCM decryption	2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard	637eb3d31d	Add ccm_encrypt_and_tag()	2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard	9fe0d13e8d	Add ccm_init/free()	2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard	a6916fada8	Add (placeholder) CCM module	2014-05-06 11:28:09 +02:00
Paul Bakker	5593f7caae	Fix typo in debug_print_msg()	2014-05-06 10:29:28 +02:00
Paul Bakker	da13016d84	Prepped for 1.3.7 release	2014-05-01 14:27:19 +02:00
Paul Bakker	c37b0ac4b2	Fix typo in bignum.c	2014-05-01 14:19:23 +02:00
Paul Bakker	b9e4e2c97a	Fix formatting: fix some 'easy' > 80 length lines	2014-05-01 14:18:25 +02:00
Paul Bakker	9af723cee7	Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)	2014-05-01 13:03:14 +02:00
Paul Bakker	c3f89aa26c	Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result)	2014-05-01 10:56:03 +02:00
Paul Bakker	9bb04b6389	Removed redundant code in mpi_fill_random()	2014-05-01 09:47:02 +02:00
Paul Bakker	2ca1dc8958	Updated error.c and version_features.c based on changes	2014-05-01 09:46:38 +02:00
Markus Pfeiffer	a26a005acf	Make compilation on DragonFly work	2014-04-30 16:52:28 +02:00
Paul Bakker	2a024ac86a	Merge dependency fixes	2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard	cef4ad2509	Adapt sources to configurable config.h name	2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard	c16f4e1f78	Move RC4 ciphersuites down the list	2014-04-30 16:27:06 +02:00
Paul Bakker	8eab8d368b	Merge more portable AES-NI	2014-04-30 16:21:08 +02:00
Paul Bakker	33dc46b080	Fix bug with mpi_fill_random() on big-endian	2014-04-30 16:20:39 +02:00
Paul Bakker	f96f7b607a	On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings	2014-04-30 16:02:38 +02:00
Paul Bakker	6384440b13	Better support for the different Attribute Types from IETF PKIX (RFC 5280)	2014-04-30 15:34:12 +02:00
Paul Bakker	1a1fbba1ae	Sanity length checks in ssl_read_record() and ssl_fetch_input() Both are already covered in other places, but not in a clear fashion. So for instance Coverity thinks the value is still tainted.	2014-04-30 14:48:51 +02:00
Paul Bakker	24f37ccaed	rsa_check_pubkey() now allows an E up to N	2014-04-30 13:43:51 +02:00
Paul Bakker	0f90d7d2b5	version_check_feature() added to check for compile-time options at run-time	2014-04-30 11:49:44 +02:00
Paul Bakker	a70366317d	Improve interop by not writing ext_len in ClientHello / ServerHello when 0 The RFC also indicates that without any extensions, we should write a struct {} (empty) not an array of length zero.	2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard	3d41370645	Fix hash dependencies in X.509 tests	2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard	3a306b9067	Fix misplaced #endif in ssl_tls.c	2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard	b1fd397be6	Adapt AES-NI code to "old" binutil versions	2014-04-26 17:17:31 +02:00
Paul Bakker	c73079a78c	Add debug_set_threshold() and thresholding of messages	2014-04-25 16:58:16 +02:00
Paul Bakker	92478c37a6	Debug module only outputs full lines instead of parts	2014-04-25 16:58:15 +02:00
Paul Bakker	eaebbd5eaa	debug_set_log_mode() added to determine raw or full logging	2014-04-25 16:58:14 +02:00
Paul Bakker	61885c7f7f	Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites In case full SSL frames arrived, they were rejected because an overly strict padding check.	2014-04-25 12:59:51 +02:00
Paul Bakker	4ffcd2f9c3	Typo in PKCS#11 module	2014-04-25 11:44:12 +02:00
Paul Bakker	10a9dd35ea	Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c	2014-04-25 11:27:16 +02:00
Paul Bakker	0767e67d17	Add support for 'emailAddress' to x509_string_to_names()	2014-04-18 14:11:37 +02:00
Paul Bakker	c70e425a73	Only iterate over actual certificates in ssl_write_certificate_request()	2014-04-18 13:50:19 +02:00
Paul Bakker	f4cf80b86f	Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code	2014-04-17 17:24:29 +02:00
Paul Bakker	4f42c11846	Remove arbitrary maximum length for cipher_list and content length	2014-04-17 15:37:39 +02:00
Paul Bakker	d893aef867	Force default value to curve parameter	2014-04-17 14:45:34 +02:00
Paul Bakker	93389cc620	Remove const indicator	2014-04-17 14:44:38 +02:00
Paul Bakker	874bd64b28	Check setsockopt() return value in net_bind()	2014-04-17 12:43:05 +02:00
Paul Bakker	3d8fb63e11	Added missing MPI_CHK around mpi functions	2014-04-17 12:42:41 +02:00
Paul Bakker	a9c16d2825	Removed unused cur variable in x509_string_to_names()	2014-04-17 12:42:18 +02:00
Paul Bakker	0e4f9115dc	Fix iteration counter	2014-04-17 12:39:05 +02:00
Paul Bakker	784b04ff9a	Prepared for version 1.3.6	2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard	9655e4597a	Reject certificates with times not in UTC	2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard	0776a43788	Use UTC to heck certificate validity	2014-04-11 13:59:31 +02:00
Paul Bakker	52c5af7d2d	Merge support for verifying the extendedKeyUsage extension in X.509	2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard	78848375c0	Declare EC constants as 'const'	2014-04-11 13:58:41 +02:00
Paul Bakker	1630058dde	Potential buffer overwrite in pem_write_buffer() fixed Length indication when given a too small buffer was off. Added regression test in test_suite_pem to detect this.	2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard	0408fd1fbb	Add extendedKeyUsage checking in SSL modules	2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard	7afb8a0dca	Add x509_crt_check_extended_key_usage()	2014-04-11 11:09:00 +02:00
Paul Bakker	d6ad8e949b	Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C	2014-04-09 17:24:14 +02:00
Paul Bakker	a77de8c841	Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off	2014-04-09 16:39:35 +02:00
Paul Bakker	043a2e26d0	Merge verification of the keyUsage extension in X.509 certificates	2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard	a9db85df73	Add tests for keyUsage with client auth	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	490047cc44	Code cosmetics	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	312010e6e9	Factor common parent checking code	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	f93a3c4335	Check the CA bit on trusted CAs too	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	99d4f19111	Add keyUsage checking for CAs	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	3fed0b3264	Factor some common code in x509_verify{,_child}	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	7f2a07d7b2	Check keyUsage in SSL client and server	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	603116c570	Add x509_crt_check_key_usage()	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	2abed84225	Specific return code for PK sig length mismatch	2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard	35e95ddca4	Add special return code for ecdsa length mismatch	2014-04-09 15:49:59 +02:00
Paul Bakker	ddd427a8fc	Fixed spacing in entropy_gather()	2014-04-09 15:49:57 +02:00
Paul Bakker	75342a65e4	Fixed typos in code	2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard	0f79babd4b	Disable timing_selftest() for now	2014-04-09 15:49:51 +02:00
Paul Bakker	17b85cbd69	Merged additional tests and improved code coverage Conflicts: ChangeLog	2014-04-08 14:38:48 +02:00
Paul Bakker	0763a401a7	Merged support for the ALPN extension	2014-04-08 14:37:12 +02:00
Paul Bakker	4224bc0a4f	Prevent potential NULL pointer dereference in ssl_read_record()	2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard	8c045ef8e4	Fix embarrassing X.509 bug introduced in `9533765`	2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard	f6521de17b	Add ALPN tests to ssl-opt.sh Only self-op for now, required peer versions are a bit high: - OpenSSL 1.0.2-beta - GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)	2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard	89e35798ae	Implement ALPN server-side	2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard	0b874dc580	Implement ALPN client-side	2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard	0148875cfc	Add tests and fix bugs for RSA-alt contexts	2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard	7e250d4812	Add ALPN interface	2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard	79e58421be	Also test net_usleep in timing_selttest()	2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard	3fec220a33	Add test for dhm_parse_dhmfile	2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard	7afdb88216	Test and fix x509_oid functions	2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard	d6aebe108a	Add 'volatile' to hardclock()'s asm Prevents calls from being optimised away in timing_self_test(). (Should no be a problem for calls from other files.)	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	13a1ef8600	Misc selftest adjustements	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	470fc935b5	Add timing_self_test() with consistency tests	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	487588d0bf	Whitespace fixes	2014-04-04 16:33:01 +02:00
Paul Bakker	e4205dc50a	Merged printing of X509 extensions	2014-04-04 15:36:10 +02:00
Paul Bakker	5ff3f9134b	Small fix for EFI build under Windows in x509_crt.c	2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard	0db29b05b5	More compact code using macros	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	7b30cfc5b0	x509_crt_info() list output cosmectics	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	f6f4ab40d3	Print extended key usage in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	65c2ddc318	Print key_usage in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	bce2b30855	Print subject alt name in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	919f8f5829	Print NS Cert Type in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	b28487db1f	Start printing extensions in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	74bc68ac62	Fix default #define for malloc/free	2014-04-02 13:20:00 +02:00
Paul Bakker	75a2860f26	Potential memory leak in mpi_exp_mod() when error occurs during calculation of RR.	2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard	dd75c3183b	Remove potential timing leak in ecdsa_sign()	2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard	5b8c409f53	Fix a warning (theoretical uninitialised variable)	2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard	969ccc6289	Fix length checking of various ClientKeyExchange's	2014-03-27 21:10:56 +01:00
Paul Bakker	96d5265315	Made ready for release 1.3.5	2014-03-26 16:55:50 +01:00
Paul Bakker	5fff23b92a	x509_get_current_time() uses localtime_r() to prevent thread issues	2014-03-26 15:34:54 +01:00
Paul Bakker	4c284c9141	Removed LCOV directives from code	2014-03-26 15:33:05 +01:00
Paul Bakker	77f4f39ea6	Make sure no random pointer occur during failed malloc()'s	2014-03-26 15:30:20 +01:00
Paul Bakker	db1f05985e	Add a check for buffer overflow to pkcs11_sign() pkcs11_sign() reuses *sig to store the header and hash, but those might be larger than the actual sig, causing a buffer overflow. An overflow can occur when using raw sigs with hashlen > siglen, or when the RSA key is less than 664 bits long (or less when using hashes shorter than SHA512) As siglen is always within the 'low realm' < 32k, an overflow of asnlen + hashlen is not possible.	2014-03-26 15:14:21 +01:00
Paul Bakker	91c61bc4fd	Further tightened the padlen check to prevent underflow / overflow	2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard	c042cf0013	Fix broken tests due to changed error code Introduced in `5246ee5c59`	2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard	b2bf5a1bbb	Fix possible buffer overflow with PSK	2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard	fdddac90a6	Fix stupid bug in rsa_copy()	2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard	f84f799bcf	Tune debug_print_ret format	2014-03-26 12:58:46 +01:00
Paul Bakker	b13d3ffb80	Provide no info from entropy_func() on future entropy	2014-03-26 12:51:25 +01:00
Paul Bakker	66ff70dd48	Support for seed file writing and reading in Entropy	2014-03-26 11:58:07 +01:00
Paul Bakker	3f0be61a27	Merged support for parsing EC keys that use SpecifiedECDomain	2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard	9592485d0c	Fix some MSVC12 conversion warnings	2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard	3b6269aa08	Fix warnings on MinGW	2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard	6fac3515d0	Make support for SpecifiedECDomain optional	2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard	5246ee5c59	Work around compressed EC public key in some cases	2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard	eab20d2a9c	Implement parsing SpecifiedECParameters	2014-03-19 15:51:12 +01:00
Paul Bakker	6c1f69b879	MinGW32 static build should link to windows libs and libz	2014-03-17 15:11:13 +01:00
Paul Bakker	3d6504a935	ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr	2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard	2eea29238c	Make the compiler work-around more specific	2014-03-14 18:23:26 +01:00
Paul Bakker	a4b0343edf	Merged massive SSL Testing improvements	2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard	bb8661e006	Work around a compiler bug on OS X.	2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard	d701c9aec9	Fix memory leak in server with expired tickets	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	84c30c7e83	Fix memory leak in ssl_cache	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	145dfcbfc2	Fix bug with NewSessionTicket and non-blocking I/O	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	96ea2f2557	Add tests for SNI	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	8520dac292	Add tests for auth_mode	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	da6b4d3e8c	Change RSA embedded cert to a localhost cert	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	dfbf9c711d	Fix bug in m_sleep()	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	274a12e17c	Fix bug with ssl_cache and max_entries=0	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	f7c52014ec	Add basic tests for session resumption	2014-03-14 08:41:00 +01:00
hasufell	3c6409b066	CMake: allow to build both shared and static at once This allows for more fine-grained control. Possible combinations: * static off, shared on * static on, shared off * static on, shared on The static library is always called "libpolarssl.a" and is only used for linking of tests and internal programs if the shared lib is not being built. Default is: only build static lib.	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	9a6e93e7a4	Reserve -1 as an error code (used in programs)	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	844a4c0aef	Fix RSASSA-PSS example programs	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	83cdffc437	Forbid sequence number wrapping	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	3c599f11b0	Avoid possible segfault on bad server ciphersuite	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	9533765b25	Reject certs and CRLs from the future	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	6304f786e0	Add x509_time_future()	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	29dcc0b93c	Fix depend issues in test suites for cipher modes	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	1ec220b002	Add missing #ifdefs in aes.h	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	648656a628	Fix error code in dhm_selftest()	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	796c6f3aff	Countermeasure against "triple handshake" attack	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	fdf3f0e671	Avoid "unreachable code" warning	2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard	2a2ae642d8	Fix forgotten curves in #ifdef	2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard	6b1e207081	Fix verion-major intolerance	2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard	c9093085ed	Revert "Merged RSA-PSS support in Certificate, CSR and CRL" This reverts commit `ab50d8d30c`, reversing changes made to `e31b1d992a`.	2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard	6df09578bb	Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic" This reverts commit `9eae7aae80`.	2014-02-12 09:29:05 +01:00
Paul Bakker	f2561b3f69	Ability to provide alternate timing implementation	2014-02-06 15:32:26 +01:00
Paul Bakker	47703a0a80	More entropy functions made thread-safe (add_source, update_manual, gather)	2014-02-06 15:01:20 +01:00
Paul Bakker	9eae7aae80	Mutex call in x509_crt.c depended on PTHREAD specific instead of generic threading	2014-02-06 14:51:53 +01:00
Paul Bakker	6a28e722c9	Merged platform compatibility layer	2014-02-06 13:44:19 +01:00
Paul Bakker	0910f32ee3	Fixed compile warning (in test-ref-configs)	2014-02-06 13:41:18 +01:00
Paul Bakker	119602bdde	Typo fix in memory_buffer_alloc.c	2014-02-06 13:20:19 +01:00
Paul Bakker	defc0ca337	Migrated the Memory layer to the Platform layer Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make sure current code will not break on new version.	2014-02-06 13:20:17 +01:00
Paul Bakker	7dc4c44267	Library files moved to use platform layer	2014-02-06 13:20:16 +01:00
Paul Bakker	747a83a0f7	Platform abstraction layer for memory, printf and fprintf	2014-02-06 13:15:25 +01:00
Paul Bakker	ab50d8d30c	Merged RSA-PSS support in Certificate, CSR and CRL	2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard	f07031aa98	debug_ecp: don't print Z, always 1	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	f6dc5e1d16	Remove temporary debug code	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	c3f6b62ccc	Print curve name instead of size in debugging Also refactor server-side curve selection	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	ab24010b54	Enforce our choice of allowed curves.	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	7f38ed0bfa	ssl_set_curves is no longer ECDHE only	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	cd49f76898	Make ssl_set_curves() work client-side too.	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	ac7194133e	Renamings and other fixes	2014-02-06 10:28:38 +01:00
Gergely Budai	e40c469ad3	The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	de05390c85	Rename ecdh_curve_list to curve_list	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	5de2580563	Make ssl_set_ecdh_curves() a compile-time option	2014-02-06 10:28:38 +01:00
Gergely Budai	987bfb510b	Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	fbf0915404	Fix bug in RSA PKCS#1 v1.5 "reversed" operations	2014-02-05 17:01:24 +01:00
Paul Bakker	5fb8efe71e	Merged HMAC-DRBG code	2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard	6e8e34d61e	Fix ecp_gen_keypair() Too few tries caused failures for some curves (esp. secp224k1)	2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard	b05db2a6aa	Save memory by not storing the HMAC key	2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard	cf38367f45	Fix HMAC_DRBG and RIPEMD160 error codes	2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard	446ee6618f	Add LCOV_EXCLUDE_LINE on some IO errors	2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard	b3b205e081	Clean up details in ctr_drbg_selftest()	2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard	79afaa0551	Add hmac_drbg_selftest()	2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard	48bc3e81da	Add hmac_drbg_{write,update}_seed_file()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	efc8d8078b	Use safer names for macros	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	6e897c2a59	Add more checks and references	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	d742a032f4	Use md_hmac_reset() when possible	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	658dbed080	Add automatic periodic reseeding	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	af786ff6cc	Add hmac_drbg_set_prediction_resistance()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	8fc484d1df	Add hmac_drbg_reseed()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	4e669c614d	Add hmac_drbg_set_entropy_len()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	fe34a5fb83	Add entropy callbacks to HMAC_DRBG	2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard	8208d167da	Add hmac_random_with_add()	2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard	7845fc06c9	Use new HMAC_DRBG module for deterministic ECDSA	2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard	490bdf3928	Add minimalistic HMAC_DRBG implementation (copied from ECDSA)	2014-01-30 10:58:48 +01:00
Paul Bakker	2aca241425	Ready for release 1.3.4	2014-01-27 11:59:30 +01:00
Paul Bakker	42099c3155	Revert "Add pk_rsa_set_padding() and rsa_set_padding()" This reverts commit `b4fae579e8`. Conflicts: library/pk.c tests/suites/test_suite_pk.data tests/suites/test_suite_pk.function	2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard	27b93ade6e	Factor common code for printing sig_alg	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	5cac583482	Factor out some common code	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	41cae8e1f9	Parse CSRs signed with RSASSA-PSS	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	5eeb32b552	Parse CRLs signed with RSASSA-PSS	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	ce7c6fd433	Fix dependencies	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	b7de86d834	More checks for length match in rsassa-pss params	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	3c1e8b539c	Finish parsing RSASSA-PSS parameters	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	d9fd87be33	Start parsing RSASSA-PSS parameters	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	b1d4eb16e4	Basic parsing of certs signed with RSASSA-PSS	2014-01-25 12:48:58 +01:00
Paul Bakker	556efba51c	Added AES CFB8 mode	2014-01-24 15:38:12 +01:00
Paul Bakker	80025417eb	net_is_block() renamed to net_would_block() and corrected behaviour on non-blocking sockets net_would_block() now does not return 1 if the socket is blocking.	2014-01-23 21:00:57 +01:00
Paul Bakker	c2024f4592	Added MPI_CHK around unguarded mpi calls	2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard	8e205fc0bc	Fix potential buffer overflow in suported_curves_ext	2014-01-23 17:27:10 +01:00
Paul Bakker	9f3c7d7278	Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det()	2014-01-23 16:11:14 +01:00
Paul Bakker	18e9f3282b	Added missing static to md_info_by_size() in ecdsa.c	2014-01-23 16:08:38 +01:00
Paul Bakker	bf98c3dd11	Merged deterministic ECDSA Conflicts: library/ecdsa.c	2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard	dfab4c1193	Add forgotten #ifdef and depends_on	2014-01-22 16:01:06 +01:00
Paul Bakker	5862eee4ca	Merged RIPEMD-160 support	2014-01-22 14:18:34 +01:00
Paul Bakker	61b699ed1b	Renamed RMD160 to RIPEMD160	2014-01-22 14:17:31 +01:00
Paul Bakker	0ac99ca7bc	Merged support for secp224k1, secp192k1 and secp25k1	2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard	b4fae579e8	Add pk_rsa_set_padding() and rsa_set_padding()	2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard	7c59363a85	Remove a few dead stores	2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard	9e987edf9f	Fix potential memory leak in bignum selftest	2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard	fd6a191381	Fix misplaced initialisation. If one of the calls to mpi_grow() before setting Apos would fail, then mpi_free( &Apos ) would be executed without Apos being initialised.	2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard	073f0fa2fb	Fix missing error checking in gcm	2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard	280f95bd00	Add #ifs arround ssl_ciphersuite_uses_XXX()	2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard	7cfdcb8c7f	Add a length check in ssl_derive_keys()	2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard	9af7d3a35b	Add fast reduction for the other Koblitz curves	2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard	8887d8d37c	Add mod_p256k1 Makes secp256k1 about 4x faster	2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard	ea499a7321	Add support for secp192k1	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	0a56c2c698	Fix bug in ecdh_calc_secret() Only affects curves with nbits != pbits (currently only secp224k1)	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	5304812b2d	Fix theoretical compliance issue in ECDSA The issue would happen for curves whose bitlength is not a multiple of eight (the only case is NIST P-521) with hashes that are longer than the bitlength of the curve: since the wides hash is 512 bits long, this can't happen. Fixing however as a matter of principle and readability.	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	18e3ec9b4d	Add support for secp224k1	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	e4d47a655b	Add RIPEMD-160 to the generic MD layer	2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard	ff40c3ac34	Add HMAC support to RIPEMD-160	2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard	cab4a8807c	Add RIPEMD-160 (core functions)	2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard	9bcff3905b	Add OIDs and TLS IDs for prime Koblitz curves	2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard	f51c8fc353	Add support for secp256k1 arithmetic	2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard	65ad3e4daf	Use deterministic ECDSA in the PK layer	2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard	5e6edcfd96	Add fallback for md_alg == NONE to ecdsa_sign_det()	2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard	937340bce0	Add ecdsa_write_signature_det()	2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard	f42bca6da0	Little HMAC_DRBG refactoring	2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard	4daaef7e27	Add ecdsa_sign_det() with test vectors	2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard	461d416892	Add minified HMAC_DRBG for deterministic ECDSA	2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard	e7072f8d11	Fix theoretical compliance issue in ECDSA The issue would happen for curves whose bitlength is not a multiple of eight (the only case is NIST P-521) with hashes that are longer than the bitlength of the curve: since the wides hash is 512 bits long, this can't happen. Fixing however as a matter of principle and readability.	2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard	c9573998ca	Fix unchecked error codes in ecp_gen_keypair()	2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard	79f73b96d9	Remove bias in EC private key generation	2014-01-06 10:19:35 +01:00
Paul Bakker	c78c8422c2	Added failure stub for uninitialized POLARSSL_THREADING_ALT functions	2013-12-31 11:55:27 +01:00
Paul Bakker	a8fd3e31ed	Removed POLARSSL_THREADING_DUMMY option	2013-12-31 11:54:08 +01:00
Paul Bakker	4de44aa0ae	Rewrote check to prevent read of uninitialized data in rsa_rsassa_pss_verify()	2013-12-31 11:43:01 +01:00
Paul Bakker	6992eb762c	Fixed potential overflow in certificate size in ssl_write_certificate()	2013-12-31 11:38:33 +01:00
Paul Bakker	6ea1a95ce8	Added missing MPI_CHK() around some statements	2013-12-31 11:17:14 +01:00
Paul Bakker	5bc07a3d30	Prepped for 1.3.3	2013-12-31 10:57:44 +01:00
Paul Bakker	00f5c52bfe	Added cast to socket() return value to prevent Windows warning	2013-12-31 10:45:16 +01:00
Paul Bakker	c73879139e	Merged ECP memory usage optimizations	2013-12-31 10:33:47 +01:00
Paul Bakker	53e1513fea	Initialize ebx and edx in padlock functions	2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard	26bc1c0f5d	Fix a few unchecked return codes in EC	2013-12-30 19:33:33 +01:00
Paul Bakker	93759b048f	Made AES-NI bit-size specific key expansion functions static	2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard	9e4191c3e7	Add another option to reduce EC memory usage Also document speed/memory trade-offs better.	2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard	70896a023e	Add statistics about number of allocated blocks	2013-12-30 19:16:05 +01:00
Paul Bakker	ec4bea7eee	Forced cast to unsigned int for %u format in ecp_selftest()	2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard	1f789b8348	Lessen peak memory usage in EC by freeing earlier Cuts peak usage by 25% :)	2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard	72c172a13d	Save some small memory allocations inside ecp_mul()	2013-12-30 16:04:55 +01:00
Paul Bakker	f0fc2a27b0	Properly put the pragma comment for the MSVC linker in defines	2013-12-30 15:42:43 +01:00
Paul Bakker	92bcadb110	Removed 'z' length modifier from low-value size_t in ecp_selftest()	2013-12-30 15:37:17 +01:00
Paul Bakker	e7f5133590	Fixed superfluous return value in aesni.c	2013-12-30 15:32:02 +01:00
Paul Bakker	0d0de92156	Only specify done label in aes.c when AES-NI is possible	2013-12-30 15:29:04 +01:00
Paul Bakker	956c9e063d	Reduced the input / output overhead with 200+ bytes and covered corner case The actual input / output buffer overhead is only 301 instead of 512. This requires a proper check on the padding_idx to prevent out of bounds reads. Previously a remote party could potentially trigger an access error and thus stop the application when sending a malicious packet having MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of . This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1 for 256 bytes (including fake padding check). Or 13 + 32 bytes over the buffer length. We now reset padding_idx to 0, if it's clear that it will never be a valid padding (padlen > msg_len \|\| msg_len + padlen + 256 > buffer_len)	2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard	d4588cfb6a	aesni_gcm_mult() now returns void	2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard	bfa3c9a85f	Remove temporary code	2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard	23c2f6fee5	Add AES-NI key expansion for 192 bits	2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard	4a5b995c26	Add AES-NI key expansion for 256 bits	2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard	47a3536a31	Add AES-NI key expansion for 128 bits	2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard	01e31bbffb	Add support for key inversion using AES-NI	2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard	80637c7520	Use aesni_gcm_mult() if available	2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard	d333f67f8c	Add aesni_gcm_mult()	2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard	9d57482280	Add comments on GCM multiplication	2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard	8eaf20b18d	Allow detection of CLMUL	2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard	5b685653ef	Add aesni_crypt_ecb() and use it	2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard	92ac76f9db	Add files for (upcoming) AES-NI support	2013-12-25 13:03:26 +01:00
Paul Bakker	1e5369c7fa	Variables in proper block or within proper defines in ssl_decrypt_buf()	2013-12-19 16:40:57 +01:00
Paul Bakker	0c0476f92d	Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED	2013-12-19 16:20:53 +01:00
Paul Bakker	1a56fc96a3	Fixed x509_crt_parse_path() bug on Windows platforms	2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard	1321135758	Fix MingW version issue	2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard	ee5db1d6b9	Fix typo in previous commit	2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard	6a398d4234	Add missing header for windows	2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard	173402bb61	net_prepare() returns int	2013-12-17 15:57:05 +01:00
Paul Bakker	5a607d26b7	Merged IPv6 support in the NET module	2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard	fd6b4cc1db	Add forgotten SO_REUSEADDR option	2013-12-17 13:59:01 +01:00
Paul Bakker	5ab68ba679	Merged storing curves fully in ROM	2013-12-17 13:11:18 +01:00
Paul Bakker	fdf946928d	Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites	2013-12-17 13:10:27 +01:00
Paul Bakker	77e257e958	Fixed bad check for maximum size of fragment length index	2013-12-17 13:09:12 +01:00
Paul Bakker	6c21276342	Place olen initalization after reference check in cipher_update()	2013-12-17 13:09:12 +01:00
Paul Bakker	6f0636a09f	Potential memory leak in ssl_ticket_keys_init()	2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard	6e315a9009	Adapt net_accept() to IPv6	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	389ce63735	Add IPv6 support to net_bind()	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	10934de1ca	Adapt net_connect() for IPv6	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	2e5c3163db	Factor our some code in net.c	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	5538970d32	Add server support for ECDH key exchanges	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	d18cc57962	Add client-side support for ECDH key exchanges	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	cdff3cfda3	Add ecdh_get_params() to import from an EC key	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	25781b22e3	Add ECDH_RSA and ECDH_ECDSA ciphersuites (not implemented yet)	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	69ab354239	Fix bug from stupid typo	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	14a96c5d8b	Avoid wasting memory with some curves	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	95b45b7bb2	Rename macros	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	baee5d4157	Add previously forgotten #ifdef's	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	81e1b102dc	Rm a few unneeded variables	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	1f82b041e7	Adapt ecp_group_free() to static constants	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	73cc01d7fa	Remove last non-static parts of known EC groups	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	731d08b406	Start using constants from ROM for EC groups	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	c72ac7c3ef	Fix SSLv3 handling of SHA-384 suites Fixes memory corruption, introduced in `a5bdfcd` (Relax some SHA2 ciphersuite's version requirements)	2013-12-17 10:18:25 +01:00
Paul Bakker	fef3c5a652	Fixed typo in POLARSSL_PKCS1_V15 in rsa.c	2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard	93f41dbdfd	Fix possible issue in corner-case for ecp_mul_mx()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	7a949d3f5b	Update comments	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	d962273594	Add #ifdef's for curve types	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	7c94d8bcab	WIP #ifdef's	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	b6f45a616c	Avoid potential leak in ecp_mul_mxz()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	a60fe8943d	Add mpi_safe_cond_swap()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	97871ef236	Some operations are not supported with Curve25519	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	3d7053a2bb	Add ecp_mod_p255(): Curve25519 about 4x faster now	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	357ff65a51	Details in ecp_mul_mxz()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	fe0af405f9	Adapt ecp_gen_keypair() to Curve25519	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	9a4a5ac4de	Fix bug in mpi_set_bit	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	a0179b8c4a	Change ecp_mul to handle Curve25519 too	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	312d2e8ea2	Adapt key checking functions for Curve25519	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	661536677b	Add Curve25519 to known groups	2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard	3afa07f05b	Add coordinate randomization for Curve25519	2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard	d9ea82e7d9	Add basic arithmetic for Curve25519	2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard	3c0b4ea97e	Rename a few functions	2013-12-05 15:58:37 +01:00
Paul Bakker	498fd354c6	Added missing inline definition for other platforms to ecp_curves.c	2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard	d5e0fbe1a3	Remove now useless function	2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard	3ee90003c9	Make internal functions static again + cosmetics	2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard	9854fe986b	Convert curve constants to binary Makes source longer but resulting binary smaller	2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard	32b04c1237	Split ecp.c	2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard	43863eeffc	Declare internal variables static in ecp.c	2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard	d35e191434	Drop useless include in ecp.c	2013-12-02 16:34:24 +01:00
Paul Bakker	9dc53a9967	Merged client ciphersuite order preference option	2013-12-02 14:56:27 +01:00
Paul Bakker	014f143c2a	Merged EC key generation support	2013-12-02 14:55:09 +01:00
Paul Bakker	4040d7e95c	Merged more constant-time checking in RSA	2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard	1a9f2c7245	Add option to respect client ciphersuite order	2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard	011a8db2e7	Complete refactoring of ciphersuite choosing	2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard	3252560e68	Move some functions up	2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard	59b81d73b4	Refactor ciphersuite selection for version > 2	2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard	0267e3dc9b	Add ecp_curve_info_from_name()	2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard	104ee1d1f6	Add ecp_genkey(), prettier wrapper	2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard	27290daf3b	Check PKCS 1.5 padding in a more constant-time way (Avoid branches that depend on secret data.)	2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard	ab44d7ecc3	Check OAEP padding in a more constant-time way	2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard	a5cfc35db2	RSA-OAEP decrypt: reorganise code	2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard	5ad68e42e5	Mutex x509_crt_parse_path() when pthreads is used	2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard	964bf9b92f	Quit using readdir_r() Prone to buffer overflows on some platforms.	2013-11-28 18:07:39 +01:00
Paul Bakker	76f03118c4	Only compile with -Wmissing-declarations and -Wmissing-prototypes in library, not tests and programs	2013-11-28 17:20:04 +01:00
Paul Bakker	88cd22646c	Merged ciphersuite version improvements	2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard	da1ff38715	Don't accept CertificateRequest with PSK suites	2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard	dc953e8c41	Add missing defines/cases for RSA_PSK key exchange	2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard	c57b654a3e	Use t_uint rather than uintXX_t when appropriate	2013-11-26 15:19:56 +01:00
Paul Bakker	3209ce3692	Merged ECP improvements	2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard	20b9af7998	Fix min_version (TLS 1.0) for ECDHE-PSK suites	2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard	a5bdfcde53	Relax some SHA2 ciphersuite's version requirements Changed: - PSK ciphersuites (RFC 5487, section 3) - ECDHE-PSK ciphersuites (RFC 5489, section 3) - Additional Camellia ciphersuites (RFC 6367, sec 3.3) Unchanged: - all GCM ciphersuites - Camellia ciphersuites from RFC 5932 (sec. 3.3.2) - ECC-SHA2 ciphersuites from RFC 5289 (unclear) - SHA2 from RFC 5246 (TLS 1.2, no precision)	2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard	96c7a92b08	Change mpi_safe_cond_assign() for more const-ness	2013-11-25 18:28:53 +01:00
Paul Bakker	e4c71f0e11	Merged Prime generation improvements	2013-11-25 14:27:28 +01:00
Paul Bakker	45f457d872	Reverted API change for mpi_is_prime()	2013-11-25 14:26:52 +01:00
Paul Bakker	8fc30b178c	Various const fixes	2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard	ddf7615d49	gen_prime: check small primes early (3x speed-up)	2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard	378fb4b70a	Split mpi_is_prime() and make its first arg const	2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard	0160eacc82	gen_prime: ensure X = 2 mod 3 -> 2.5x speedup	2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard	711507a726	gen_prime: ensure X = 3 mod 4 always (2x speed-up)	2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard	3e3d2b818c	Fix bug in mpi_safe_cond_assign()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	918148193d	Enhance ecp_selftest	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	d728350cee	Make memory access pattern constant	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	aade42fd88	Change method for making M odd in ecp_mul() - faster - avoids M >= N (if m = N-1 or N-2)	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	36daa13d76	Misc details	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	469a209334	Rm subtraction from ecp_add_mixed()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	01fca5e882	Do point inversion without leaking information	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	71c2c21601	Add mpi_safe_cond_assign()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	44aab79022	Update bibliographic references	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	7f762319ad	Use mpi_shrink() in ecp_precompute()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	5868163e07	Add mpi_shrink()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	e282012219	Spare some memory	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	edc1a1f482	Small code cleanups	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	ff27b7c968	Tighten ecp_mul() validity checks	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	09ceaf49d0	Rm multiplication using NAF Comb method is at most 1% slower for random points, and is way faster for fixed point (repeated).	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	04a0225388	Optimize w in the comb method	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	70c14372c6	Add coordinate randomization back	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	c30200e4ce	Fix bound issues	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	101a39f55f	Improve comb method (less precomputed points)	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	d1c1ba90ca	First version of ecp_mul_comb()	2013-11-21 21:56:20 +01:00
Paul Bakker	a9a028ebd0	SSL now gracefully handles missing RNG	2013-11-21 17:31:06 +01:00
Paul Bakker	f2b4d86452	Fixed X.509 hostname comparison (with non-regular characters) In situations with 'weird' certificate names or hostnames (containing non-western allowed names) the check would falsely report a name or wildcard match.	2013-11-21 17:30:23 +01:00
Steffan Karger	c245834bc4	Link against ZLIB when zlib is used Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>	2013-11-20 16:45:48 +01:00
Steffan Karger	28d81a009c	Fix pkcs11.c to conform to PolarSSL 1.3 API. This restores previous functionality, and thus still allows only RSA to be used through PKCS#11. Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>	2013-11-20 16:13:27 +01:00
Paul Bakker	08b028ff0f	Prevent unlikely NULL dereference	2013-11-19 10:42:37 +01:00
Paul Bakker	b076314ff8	Makefile now produces a .so.X with SOVERSION in it	2013-11-05 11:27:12 +01:00
Paul Bakker	f4dc186818	Prep for PolarSSL 1.3.2	2013-11-04 17:29:42 +01:00
Paul Bakker	0333b978fa	Handshake key_cert should be set on first addition to the key_cert chain	2013-11-04 17:08:28 +01:00
Paul Bakker	993e386a73	Merged renegotiation refactoring	2013-10-31 14:32:38 +01:00
Paul Bakker	37ce0ff185	Added defines around renegotiation code for SSL_SRV and SSL_CLI	2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard	31ff1d2e4f	Safer buffer comparisons in the SSL modules	2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard	6d8404d6ba	Server: enforce renegotiation	2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard	9c1e1898b6	Move some code around, improve documentation	2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard	214eed38c7	Make ssl_renegotiate the only interface ssl_write_hello_request() is no private	2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard	caed0541a0	Allow ssl_renegotiate() to be called in a loop Previously broken if waiting for network I/O in the middle of a re-handshake initiated by the client.	2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard	e5e1bb972c	Fix misplaced initialisation	2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard	f3dc2f6a1d	Add code for testing server-initiated renegotiation	2013-10-30 16:46:46 +01:00
Paul Bakker	0d7702c3ee	Minor change that makes life easier for static analyzers / compilers	2013-10-29 16:18:35 +01:00
Paul Bakker	6edcd41c0a	Addition conditions for UEFI environment under MSVC	2013-10-29 15:44:13 +01:00
Paul Bakker	7b0be68977	Support for serialNumber, postalAddress and postalCode in X509 names	2013-10-29 14:24:37 +01:00
Paul Bakker	fa6a620b75	Defines for UEFI environment under MSVC added	2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard	178d9bac3c	Fix ECDSA corner case: missing reduction mod N No security issue, can cause valid signatures to be rejected. Reported by DualTachyon on github.	2013-10-29 13:40:17 +01:00
Paul Bakker	60b1d10131	Fixed spelling / typos (from PowerDNS:codespell)	2013-10-29 10:02:51 +01:00
Paul Bakker	50dc850c52	Const correctness	2013-10-28 21:19:10 +01:00
Paul Bakker	6a6087e71d	Added missing inline definition for MSCV and ARM environments	2013-10-28 18:53:08 +01:00
Paul Bakker	7bc745b6a1	Merged constant-time padding checks	2013-10-28 14:40:26 +01:00
Paul Bakker	1642122f8b	Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer	2013-10-28 14:38:35 +01:00
Paul Bakker	3f917e230d	Merged optimizations for MODP NIST curves	2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard	1001e32d6f	Fix return value of ecdsa_from_keypair()	2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard	21ef42f257	Don't select a PSK ciphersuite if no key available	2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard	3daaf3d21d	X509 key identifiers depend on SHA1	2013-10-28 13:58:32 +01:00
Paul Bakker	45a2c8d99a	Prevent possible alignment warnings on casting from char * to 'aligned *'	2013-10-28 12:57:08 +01:00
Paul Bakker	677377f472	Server does not send out extensions not advertised by client	2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard	e68bf171eb	Make get_zeros_padding() constant-time	2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard	6c32990114	Make get_one_and_zeros_padding() constant-time	2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard	d17df51277	Make get_zeros_and_len_padding() constant-time	2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard	f8ab069d6a	Make get_pkcs_padding() constant-time	2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard	a8a25ae1b9	Fix bad error codes	2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard	7109624aef	Skip MAC computation/check when GCM is used	2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard	8866591cc5	Don't special-case NULL cipher in ssl_tls.c	2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard	126a66f668	Simplify switching on mode in ssl_tls.c	2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard	98d9a2c061	Fix missing or wrong ciphersuite definitions	2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard	6fb0f745be	Rank GCM before CBC in ciphersuite_preference	2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard	8d01eea7af	Add Camellia-GCM ciphersuites	2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard	e0dca4ad78	Cipher layer: check iv_len more carefully	2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard	dae7093875	gcm_selftest depends on AES	2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard	87181d1deb	Add Camellia-GCM to th cipher layer	2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard	13e0d449f7	Add Camellia-GCM test vectors https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4	2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard	9fcceac943	Add a comment about modules coupling	2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard	b21c81fb41	Use less memory in fix_negative()	2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard	cae6f3ed45	Reorganize code in ecp.c	2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard	5779cbe582	Make mod_p{224,256,384] a bit faster Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.	2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard	c04c530a98	Make NIST curves optimisation an option	2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard	0f9149cb0a	Add mod_p384	2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard	ec655c908c	Add mod_p256	2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard	210b458ddc	Document and slightly reorganize mod_pXXX	2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard	2a08c0debc	mod_p224 now working with 8-bit and 16-bit ints	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	a47e7058ea	mod_p224 now endian-neutral	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	e783f06f73	Start working on mod_p224 (Prototype, works only on 32-bit and little-endian 64-bit.)	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	cc67aee9c8	Make ecp_mod_p521 a bit faster	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	c9e387ca9e	Optimize ecp_modp() Makes it 22% faster, for a 5% gain on ecp_mul()	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	d1e7a45fdd	Rework ecp_mod_p192() On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve. The code is shorter too.	2013-10-23 13:24:55 +02:00
Paul Bakker	6888167e73	Forced cast to prevent MSVC compiler warning	2013-10-15 13:24:01 +02:00
Paul Bakker	5c17ccdf2a	Bumped version to 1.3.1	2013-10-15 13:12:41 +02:00
Paul Bakker	f34673e37b	Merged RSA-PSK key-exchange and ciphersuites	2013-10-15 12:46:41 +02:00
Paul Bakker	376e8153a0	Merged ECDHE-PSK ciphersuites	2013-10-15 12:45:36 +02:00
Paul Bakker	bbc1007c50	Convert SOCKET to int to prevent compiler warnings under MSVC. From kernel objects at msdn: Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24. Windows Internals by Russinovich and Solomon as well says that the high bits are zero.	2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard	59b9fe28f0	Fix bug in psk_identity_hint parsing	2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard	bac0e3b7d2	Dependency fixes	2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard	09258b9537	Refactor parse_server_key_exchange a bit	2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard	8a3c64d73f	Fix and simplify *-PSK ifdef's	2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard	ef0eb1ebd8	Add two missing RSA-PSK ciphersuites	2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard	0fae60bb71	Implement RSA-PSK key exchange	2013-10-14 19:34:48 +02:00
Paul Bakker	be089b0483	Introduced POLARSSL_HAVE_READDIR_R for systems without it	2013-10-14 15:51:50 +02:00
Paul Bakker	b9cfaa0c7f	Explicit conversions and minor changes to prevent MSVC compiler warnings	2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard	057e0cf263	Fix ciphersuites dependencies on MD5 and SHA1	2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard	1b62c7f93d	Fix dependencies and related issues	2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard	72fb62daa2	More *-PSK refactoring	2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard	bd1ae24449	Factor PSK pms computation to ssl_tls.c	2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard	b59d699a65	Fix bugs in ECDHE_PSK key exchange	2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard	225d6aa786	Add ECDHE_PSK ciphersuites	2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard	3ce3bbdc00	Add support for ECDHE_PSK key exchange	2013-10-11 18:16:35 +02:00
Paul Bakker	b887f1119e	Removed return from error_strerror()	2013-10-11 15:24:31 +02:00
Paul Bakker	beccd9f226	Explicit void pointer cast for buggy MS compiler	2013-10-11 15:20:27 +02:00
Paul Bakker	5191e92ecc	Added missing x509write_crt_set_version()	2013-10-11 10:54:28 +02:00
Paul Bakker	b7c13123de	threading_set_own() renamed to threading_set_alt()	2013-10-11 10:51:32 +02:00
Paul Bakker	4aa40d4f51	Better support for MSVC	2013-10-11 10:49:24 +02:00
Paul Bakker	b799dec4c0	Merged support for Brainpool curves and ciphersuites	2013-10-11 10:05:43 +02:00
Paul Bakker	1677033bc8	TLS compression only allocates working buffer once	2013-10-11 09:59:44 +02:00
Paul Bakker	d61cc3b246	Possible naming collision in dhm_context	2013-10-11 09:38:49 +02:00
Paul Bakker	fcc172138c	Fixed const-correctness issues	2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard	ae102995a7	RSA blinding: lock for a smaller amount of time	2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard	4d89c7e184	RSA blinding: check highly unlikely cases	2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard	971f8b84bb	Fix compile errors with RSA_NO_CRT	2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard	9654fb156f	Fix missing MSVC define	2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard	0cd6f98c0f	Don't special-case a = -3, not worth it	2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard	b8012fca5f	Adjust dependencies	2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard	48ac3db551	Add OIDs for brainpool curves	2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard	0ace4b3154	Use much less variables in ecp_double_jac_gen()	2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard	1c4aa24df1	Add brainpool support for ecp_mul()	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	cd7458aafd	Support brainpool curves in ecp_check_pubkey()	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	a070ada6d4	Add brainpool curves to ecp_use_kown_dp()	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	cec4a53c98	Add domain parameters for Brainpool curves	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	8195c1a567	Add identifiers for Brainpool curves	2013-10-10 12:56:00 +02:00
Paul Bakker	c9965dca27	RSA blinding threading support	2013-09-29 15:02:11 +02:00
Paul Bakker	1337affc91	Buffer allocator threading support	2013-09-29 15:02:11 +02:00
Paul Bakker	f4e7dc50ea	entropy_func() threading support	2013-09-29 15:02:07 +02:00
Paul Bakker	1ffefaca1e	Introduced entropy_free()	2013-09-29 15:01:42 +02:00
Paul Bakker	c55988406f	SSL Cache threading support	2013-09-28 15:24:59 +02:00
Paul Bakker	2466d93546	Threading abstraction layer added	2013-09-28 15:00:02 +02:00
Paul Bakker	bf796acf07	Added implementation for memory_buffer_set_verify()	2013-09-28 11:08:44 +02:00
Paul Bakker	caa3af47c0	Handle missing curve extension correctly in ssl_parse_client_hello()	2013-09-28 11:08:43 +02:00
Paul Bakker	f18084a201	Ready for 1.3.0 release	2013-09-26 10:07:09 +02:00
Paul Bakker	ca9c87ed2b	Removed possible cache-timing difference for pad check	2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard	a0fdf8b0a0	Simplify the way default certs are used	2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard	cb99bdb27e	Client: if no cert, send empty cert list	2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard	641de714b6	Use both RSA and ECDSA CA if available	2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard	8372454615	Rework SNI to fix memory issues	2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard	482a2828e4	Offer both EC and RSA in certs.c, RSA first	2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard	4618459fa1	Update EC certificates in certs.c	2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard	705fcca409	Adapt support for SNI to recent changes	2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard	d09453c88c	Check our ECDSA cert(s) against supported curves	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	f24b4a7316	Interface change in ECP info functions ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id() ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	f71e587c5e	Fix memory leak in ssl cipher usage	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	3ebb2cdb52	Add support for multiple server certificates	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	834ea8587f	Change internal structs for multi-cert support	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	cbf3ef3861	RSA and ECDSA key exchanges don't depend on CRL	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	164d894b9a	Fix: session start time wasn't set server side	2013-09-23 23:00:50 +02:00
Paul Bakker	3cf63edc44	Typo in Windows error code in x509_crt.c	2013-09-23 15:10:16 +02:00
Paul Bakker	c27c4e2efb	Support faulty X509 v1 certificates with extensions (POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)	2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard	fe28646f72	Fix references to x509parse in config.h	2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard	1a483833b3	SSL_TLS doesn't depend on PK any more (But PK does depend on RSA or ECP.)	2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard	34ced2dffe	Fix mis-sized buffer Reported by rgacogne on twitter. Also spotted by gcc-4.8 with -O2	2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard	a7496f00ff	Fix a few more warnings in small configurations	2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard	4fee79b885	Fix some more depend issues	2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard	387a211fad	Fix some dependencies in tests	2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard	1032c1d3ec	Fix some dependencies and warnings in small config	2013-09-19 10:49:00 +02:00
Paul Bakker	5ad403f5b5	Prepared for 1.3.0 RC0	2013-09-18 21:21:30 +02:00
Paul Bakker	6db455e6e3	PSK callback added to SSL server	2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard	ff29f9c825	Compute public key if absent when reading EC key	2013-09-18 16:13:02 +02:00
Manuel Pégourié-Gonnard	da179e4870	Add ecp_curve_list(), hide ecp_supported_curves	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	dace82f805	Refactor cipher information management	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	a310459f5c	Fix a few things that broke with RSA compiled out	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	161ef968db	Cache pre-computed points for ecp_mul() Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a preparation for fixed-point mult (a few prototypes changed in constness).	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	56cd319f0e	Add human-friendly name in ecp_curve_info	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	a79d123a55	Make ecp_supported_curves constant	2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard	51451f8d26	Replace EC flag with ssl_ciphersuite_uses_ec()	2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard	15d5de1969	Simplify usage of DHM blinding	2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard	c83e418149	Prepare for ECDH point blinding just in case	2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard	c972770f78	Prepare ecp_group for future extensions	2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard	456d3b9b0b	Make ECP error codes more specific	2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard	568c9cf878	Add ecp_supported_curves and simplify some code	2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard	7038039f2e	Dissociate TLS and internal EC curve identifiers Allows to add new curves before they get a TLS number	2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard	a97c015f89	Rm useless/wrong DHM lenght test	2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard	4cf0686d6d	Remove spurious '+ 3' in ecdsa_write_signature()	2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard	dd0f57f186	Check key size in cipher_setkey()	2013-09-18 14:34:32 +02:00
Paul Bakker	b6b0956631	Rm of memset instead of x509_crt_init()	2013-09-18 14:32:52 +02:00
Paul Bakker	c559c7a680	Renamed x509_cert structure to x509_crt for consistency	2013-09-18 14:32:52 +02:00
Paul Bakker	9556d3d650	Renamed x509_crt_write.c and x509_csr_write.c	2013-09-18 13:50:13 +02:00
Paul Bakker	ddf26b4e38	Renamed x509parse_* functions to new form e.g. x509parse_crtfile -> x509_crt_parse_file	2013-09-18 13:46:23 +02:00
Paul Bakker	369d2eb2a2	Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()	2013-09-18 12:01:43 +02:00
Paul Bakker	86d0c1949e	Generalized function names of x509 functions not parse-specific x509parse_serial_gets -> x509_serial_gets x509parse_dn_gets -> x509_dn_gets x509parse_time_expired -> x509_time_expired	2013-09-18 12:01:42 +02:00
Paul Bakker	5187656211	Renamed X509 / X509WRITE error codes to generic (non-cert-specific)	2013-09-17 14:36:05 +02:00
Paul Bakker	36713e8ed9	Fixed bunch of X509_PARSE related defines / dependencies	2013-09-17 13:25:29 +02:00
Paul Bakker	e9e6ae338b	Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug	2013-09-16 22:55:51 +02:00
Paul Bakker	da7711594e	Changed pk_parse_get_pubkey() to pk_parse_subpubkey()	2013-09-16 22:45:03 +02:00
Paul Bakker	d1a983fe77	Removed x509parse key functions and moved them to compat-1.2.h	2013-09-16 22:26:53 +02:00
Paul Bakker	7c6b2c320e	Split up X509 files into smaller modules	2013-09-16 21:41:54 +02:00
Paul Bakker	cff6842b39	POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C	2013-09-16 13:36:18 +02:00
Paul Bakker	77e23fb0e0	Move *_pemify() function to PEM module	2013-09-15 20:03:26 +02:00
Paul Bakker	40ce79f1e6	Moved DHM parsing from X509 module to DHM module	2013-09-15 17:43:54 +02:00
Paul Bakker	3e41fe8938	Remove printf when RSA selftest is skipped	2013-09-15 17:42:50 +02:00
Paul Bakker	dce7fdcbc9	Fixed warnings in case POLARSSL_PEM_C is not defined	2013-09-15 17:15:26 +02:00
Paul Bakker	2292d1fad0	Fixed warnings in case POLARSSL_X509_PARSE_C is not defined	2013-09-15 17:06:49 +02:00
Paul Bakker	4606c7317b	Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C	2013-09-15 17:04:23 +02:00
Paul Bakker	c7bb02be77	Moved PK key writing from X509 module to PK module	2013-09-15 14:54:56 +02:00
Paul Bakker	1a7550ac67	Moved PK key parsing from X509 module to PK module	2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard	92cb1d3a91	Make CBC an option, step 3: individual ciphers	2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard	989ed38de2	Make CBC an option, step 2: cipher layer	2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard	f7dc378ead	Make CBC an option, step 1: ssl ciphersuites	2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard	b72b4edec1	Fix memory leak in DHM	2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard	4fe9200f47	Fix memory leak in GCM by adding gcm_free()	2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard	735b8fcb0b	Fix blunder in `8a109f1`	2013-09-13 12:57:23 +02:00
Paul Bakker	9013af76a3	Merged major refactoring of x509write module into development This refactoring adds support for proper CSR writing and X509 certificate generation / signing	2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard	bb323ffc7c	Complete EC support in x509write_crt	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	31e59400d2	Add missing f_rng/p_rng arguments to x509write_crt	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	53c642504e	Use PK internally for x509write_crt	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	f38e71afd5	Convert x509write_crt interface to PK	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	6de63e480d	Add EC support to x509write_key	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	7f1f0926e4	Add test for x509write_key	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	0088c69fbf	Complete x509write_csr support for EC key No automated test yet (complicated by the fact that ECDSA signatures are not deterministic), tested using cert_req (and openssl for verification).	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	edda9041fc	Adapt asn1_write_algorithm_identifier() to params	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	3837daec9e	Add EC support to x509write_pubkey	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	e1f821a6eb	Adapt x509write_pubkey interface to use PK key_app_writer will be fixed later	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	ee73179b2f	Adapt x509write_csr prototypes for PK	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	8053da4057	x509write_csr() now fully using PK internally	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	d4eb5b5196	Add references	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	27d87fa6c4	Fix many off-by-one errors	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	6dcf0bfcf4	Use x509write_pubkey_der() when applicable	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	5353a03eb9	x509write_csr using PK internally (WIP)	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	85dfe08b31	Merge duplicated else/#else branch	2013-09-12 11:57:00 +02:00
Paul Bakker	18f0341aed	Typo in comments in ctr_drbg.c	2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard	da7317ed00	Use asn1_free_named_data_list() when relevant	2013-09-10 15:52:52 +02:00
Paul Bakker	c0dcf0ceb1	Merged blinding additions for EC, RSA and DHM into development	2013-09-10 14:44:27 +02:00
Paul Bakker	36b7e1efe7	Merged GCM refactoring into development GCM is now independent of AES and can be used as a mode for any cipher-layer supported 128-bit based block cipher	2013-09-10 14:41:05 +02:00
Paul Bakker	2a6a3a7e69	Better checking on cipher_info_from_values()	2013-09-10 14:29:28 +02:00
Paul Bakker	a0558e0484	Check that the cipher GCM receives is a 128-bit-based cipher	2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard	8a109f106d	Optimize RSA blinding by caching-updating values	2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard	ea53a55c0f	Refactor to prepare for RSA blinding optimisation	2013-09-10 13:55:35 +02:00
Paul Bakker	1c3853b953	oid_get_oid_by_*() now give back oid length as well	2013-09-10 11:43:44 +02:00
Paul Bakker	003dbad250	Fixed file descriptor leak in x509parse_crtpath()	2013-09-09 17:26:14 +02:00
Paul Bakker	a5943858d8	x509_verify() now case insensitive for cn (RFC 6125 6.4)	2013-09-09 17:21:45 +02:00
Paul Bakker	f9f377e652	CSR Parsing (without attributes / extensions) implemented	2013-09-09 15:35:10 +02:00
Paul Bakker	d4bf870ff5	Allow spaces after the comma when converting X509 names	2013-09-09 13:59:11 +02:00
Paul Bakker	52be08c299	Added support for writing Key Usage and NS Cert Type extensions	2013-09-09 12:38:45 +02:00
Paul Bakker	cd35803684	Changes x509_csr to x509write_csr	2013-09-09 12:38:45 +02:00
Paul Bakker	5f45e62afe	Migrated from x509_req_name to asn1_named_data structure	2013-09-09 12:02:36 +02:00
Paul Bakker	c547cc992e	Added generic asn1_free_named_data_list()	2013-09-09 12:01:23 +02:00
Paul Bakker	59ba59fa30	Generalized x509_set_extension() behaviour to asn1_store_named_data()	2013-09-09 11:34:44 +02:00
Paul Bakker	43aff2aec4	Moved GCM to use cipher layer instead of AES directly	2013-09-09 00:10:27 +02:00
Paul Bakker	f46b6955e3	Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode)	2013-09-09 00:08:26 +02:00
Paul Bakker	5e0efa7ef5	Added POLARSSL_MODE_ECB to the cipher layer	2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard	9f5a3c4a0a	Fix possible memory error.	2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard	bfb355c33b	Fix memory leak on missed session reuse	2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard	bc4b7f08ba	Fix possible race in ssl_list_ciphersuites() Thread A: executing for loop of ssl_list_ciphersuites() Thread B: call ssl_list_cipher_suites(), see init == 0 Thread A: return, start using the result Thread B: memset(0) on the list used by thread A	2013-09-08 20:07:48 +02:00
Paul Bakker	9c208aabc8	Use ASN1_UTC_TIME in some cases	2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard	032c34e206	Don't use DH blinding for ephemeral DH	2013-09-07 13:06:27 +02:00
Paul Bakker	15162a054a	Writing of X509v3 extensions supported Standard extensions already in: basicConstraints, subjectKeyIdentifier and authorityKeyIdentifier	2013-09-06 19:27:21 +02:00
Paul Bakker	329def30c5	Added asn1_write_bool()	2013-09-06 16:34:38 +02:00
Paul Bakker	9397dcb0e8	Base X509 certificate writing functinality	2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard	d13a4099dd	GCM ciphersuites using only cipher layer	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	b8bd593741	Restrict cipher_update() for GCM	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	226d5da1fc	GCM ciphersuites partially using cipher layer	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	1af50a240b	Cipher: test multiple cycles GCM-cipher: just trust the user to call update_ad at the right time	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	ed8a02bfae	Simplify DH blinding a bit	2013-09-04 17:18:28 +02:00
Paul Bakker	45125bc160	Changes to handle merged enhancements	2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard	143b5028a5	Implement DH blinding	2013-09-04 16:29:59 +02:00
Paul Bakker	c049955b32	Merged new cipher layer enhancements	2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard	2d627649bf	Change dhm_calc_secret() prototype	2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard	ce4112538c	Fix RC4 key length in cipher	2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard	83f3fc0d77	Add AES-192-GCM	2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard	43a4780b03	Ommit AEAD functions if GCM not defined	2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard	aa9ffc5e98	Split tag handling out of cipher_finish()	2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard	2adc40c346	Split cipher_update_ad() out or cipher_reset()	2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard	a235b5b5bd	Fix iv_len interface. cipher_info->iv_size == 0 is no longer ambiguous, and cipher_get_iv_size() always returns something useful to generate an IV.	2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard	9c853b910c	Split cipher_set_iv() out of cipher_reset()	2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard	07de4b1d08	Implement randomized coordinates in ecp_mul()	2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard	c75c56fef7	Fix off-by-one error in ecdsa_write_signature() Made some signature fail with 521-bit curve	2013-09-02 16:25:37 +02:00
Paul Bakker	ea6ad3f6e5	ARC4 ciphersuites using only cipher layer	2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard	e09d2f8261	Change ecp_mul() prototype to allow randomization (Also improve an error code while at it.)	2013-09-02 14:29:09 +02:00
Paul Bakker	eb851f6cd5	Merged current cipher enhancements for ARC4 and AES-GCM	2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard	9241be7ac5	Change cipher prototypes for GCM	2013-08-31 18:07:42 +02:00
Paul Bakker	cca5b81d18	All CBC ciphersuites via the cipher layer	2013-08-31 17:40:26 +02:00
Paul Bakker	da02a7f45e	AES_CBC ciphersuites now run purely via cipher layer	2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard	20d6a17af9	Make GCM tag check "constant-time"	2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard	07f8fa5a69	GCM in the cipher layer, step 1 - no support for additional data - no support for tag	2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard	b5e85885de	Handle NULL as a stream cipher for more uniformity	2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard	37e230c022	Add arc4 support in the cipher layer	2013-08-30 17:11:28 +02:00
Paul Bakker	f451bac000	Blinding RSA only active when f_rng is provided	2013-08-30 15:48:53 +02:00
Paul Bakker	48377d9834	Configuration option to enable/disable POLARSSL_PKCS1_V15 operations	2013-08-30 13:41:14 +02:00
Paul Bakker	aab30c130c	RSA blinding added for CRT operations	2013-08-30 11:03:09 +02:00
Paul Bakker	548957dd49	Refactored RSA to have random generator in every RSA operation Primarily so that rsa_private() receives an RNG for blinding purposes.	2013-08-30 10:30:02 +02:00

... 19 20 21 22 23 ...

2788 commits