Commit graph

1612 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard c6f03faeaf Update compat.sh ciphersuite versions 2013-11-26 14:29:13 +01:00
Manuel Pégourié-Gonnard a5bdfcde53 Relax some SHA2 ciphersuite's version requirements
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)

Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Paul Bakker e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker 45f457d872 Reverted API change for mpi_is_prime() 2013-11-25 14:26:52 +01:00
Paul Bakker 7d2c0c4eda Added Check and CheckFull options to CMakeLists 2013-11-25 13:30:11 +01:00
Paul Bakker 8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard 5e1e61124a Insert warning about time in dh_genprime 2013-11-22 21:16:10 +01:00
Manuel Pégourié-Gonnard ddf7615d49 gen_prime: check small primes early (3x speed-up) 2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard 378fb4b70a Split mpi_is_prime() and make its first arg const 2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard 0160eacc82 gen_prime: ensure X = 2 mod 3 -> 2.5x speedup 2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard 711507a726 gen_prime: ensure X = 3 mod 4 always (2x speed-up) 2013-11-22 17:35:28 +01:00
Paul Bakker 17d99fc6f2 Fixed error.fmt to match active error.c code 2013-11-21 17:34:13 +01:00
Paul Bakker a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters)
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Steffan Karger c245834bc4 Link against ZLIB when zlib is used
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:45:48 +01:00
Steffan Karger 28d81a009c Fix pkcs11.c to conform to PolarSSL 1.3 API.
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Steffan Karger 44cf68f262 compat-1.2.h: Make inline functions static
This makes it is possible to include the header from multiple .c files,
without getting tons of 'multiple declaration' compiler errors.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:13 +01:00
Paul Bakker d1bac4ae55 Removed core file 2013-11-19 17:37:08 +01:00
Paul Bakker 41d768e7a4 Removed debug-only include dirs in VS2010 project file 2013-11-19 15:41:58 +01:00
Paul Bakker 08b028ff0f Prevent unlikely NULL dereference 2013-11-19 10:42:37 +01:00
Paul Bakker 911807284d bump_version script also handled SOVERSION for library/Makefile 2013-11-05 11:28:32 +01:00
Paul Bakker b076314ff8 Makefile now produces a .so.X with SOVERSION in it 2013-11-05 11:27:12 +01:00
Paul Bakker f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker 0333b978fa Handshake key_cert should be set on first addition to the key_cert chain 2013-11-04 17:08:28 +01:00
Paul Bakker e1121b6217 Update ChangeLog for renegotiation changes 2013-10-31 15:57:22 +01:00
Paul Bakker d46a9f1a82 Added missing endif in compat-1.2.h 2013-10-31 14:34:19 +01:00
Paul Bakker 993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Paul Bakker 37ce0ff185 Added defines around renegotiation code for SSL_SRV and SSL_CLI 2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard 31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard 291f9af935 Make all hash checking in programs constant-time 2013-10-31 14:22:27 +01:00
Paul Bakker 424cd6943c Check HMAC in constant-time in crypt_and_hash 2013-10-31 14:22:08 +01:00
Manuel Pégourié-Gonnard 6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard 9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard 214eed38c7 Make ssl_renegotiate the only interface
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard caed0541a0 Allow ssl_renegotiate() to be called in a loop
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard e5e1bb972c Fix misplaced initialisation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard 53b3e0603b Add code for testing client-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker 0d7702c3ee Minor change that makes life easier for static analyzers / compilers 2013-10-29 16:18:35 +01:00
Paul Bakker 6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker 7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard 178d9bac3c Fix ECDSA corner case: missing reduction mod N
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker 60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker 93c6aa4014 Fixed that selfsign copies issuer_name to subject_name 2013-10-28 22:29:11 +01:00
Paul Bakker 50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker 6a6087e71d Added missing inline definition for MSCV and ARM environments 2013-10-28 18:53:08 +01:00
Paul Bakker 3292562a33 Fixed Makefile for test_suite_pk 2013-10-28 17:32:48 +01:00
Paul Bakker 7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker 1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00