Manuel Pégourié-Gonnard
59b81d73b4
Refactor ciphersuite selection for version > 2
2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b
Add ecp_curve_info_from_name()
2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6
Add ecp_genkey(), prettier wrapper
2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
27290daf3b
Check PKCS 1.5 padding in a more constant-time way
...
(Avoid branches that depend on secret data.)
2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard
ab44d7ecc3
Check OAEP padding in a more constant-time way
2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard
a5cfc35db2
RSA-OAEP decrypt: reorganise code
2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard
5ad68e42e5
Mutex x509_crt_parse_path() when pthreads is used
2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard
964bf9b92f
Quit using readdir_r()
...
Prone to buffer overflows on some platforms.
2013-11-28 18:07:39 +01:00
Paul Bakker
76f03118c4
Only compile with -Wmissing-declarations and -Wmissing-prototypes in
...
library, not tests and programs
2013-11-28 17:20:04 +01:00
Paul Bakker
88cd22646c
Merged ciphersuite version improvements
2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard
da1ff38715
Don't accept CertificateRequest with PSK suites
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41
Add missing defines/cases for RSA_PSK key exchange
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
c57b654a3e
Use t_uint rather than uintXX_t when appropriate
2013-11-26 15:19:56 +01:00
Paul Bakker
3209ce3692
Merged ECP improvements
2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard
20b9af7998
Fix min_version (TLS 1.0) for ECDHE-PSK suites
2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard
a5bdfcde53
Relax some SHA2 ciphersuite's version requirements
...
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)
Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard
96c7a92b08
Change mpi_safe_cond_assign() for more const-ness
2013-11-25 18:28:53 +01:00
Paul Bakker
e4c71f0e11
Merged Prime generation improvements
2013-11-25 14:27:28 +01:00
Paul Bakker
45f457d872
Reverted API change for mpi_is_prime()
2013-11-25 14:26:52 +01:00
Paul Bakker
8fc30b178c
Various const fixes
2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
ddf7615d49
gen_prime: check small primes early (3x speed-up)
2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard
378fb4b70a
Split mpi_is_prime() and make its first arg const
2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
0160eacc82
gen_prime: ensure X = 2 mod 3 -> 2.5x speedup
2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard
711507a726
gen_prime: ensure X = 3 mod 4 always (2x speed-up)
2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard
3e3d2b818c
Fix bug in mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
918148193d
Enhance ecp_selftest
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
d728350cee
Make memory access pattern constant
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
aade42fd88
Change method for making M odd in ecp_mul()
...
- faster
- avoids M >= N (if m = N-1 or N-2)
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
36daa13d76
Misc details
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
469a209334
Rm subtraction from ecp_add_mixed()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
01fca5e882
Do point inversion without leaking information
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601
Add mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
44aab79022
Update bibliographic references
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
7f762319ad
Use mpi_shrink() in ecp_precompute()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07
Add mpi_shrink()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
e282012219
Spare some memory
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
edc1a1f482
Small code cleanups
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968
Tighten ecp_mul() validity checks
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
09ceaf49d0
Rm multiplication using NAF
...
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
04a0225388
Optimize w in the comb method
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
70c14372c6
Add coordinate randomization back
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
c30200e4ce
Fix bound issues
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
101a39f55f
Improve comb method (less precomputed points)
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca
First version of ecp_mul_comb()
2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0
SSL now gracefully handles missing RNG
2013-11-21 17:31:06 +01:00
Paul Bakker
f2b4d86452
Fixed X.509 hostname comparison (with non-regular characters)
...
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Steffan Karger
c245834bc4
Link against ZLIB when zlib is used
...
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:45:48 +01:00
Steffan Karger
28d81a009c
Fix pkcs11.c to conform to PolarSSL 1.3 API.
...
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Paul Bakker
08b028ff0f
Prevent unlikely NULL dereference
2013-11-19 10:42:37 +01:00
Paul Bakker
b076314ff8
Makefile now produces a .so.X with SOVERSION in it
2013-11-05 11:27:12 +01:00
Paul Bakker
f4dc186818
Prep for PolarSSL 1.3.2
2013-11-04 17:29:42 +01:00
Paul Bakker
0333b978fa
Handshake key_cert should be set on first addition to the key_cert chain
2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185
Added defines around renegotiation code for SSL_SRV and SSL_CLI
2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7
Make ssl_renegotiate the only interface
...
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0
Allow ssl_renegotiate() to be called in a loop
...
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c
Fix misplaced initialisation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Paul Bakker
0d7702c3ee
Minor change that makes life easier for static analyzers / compilers
2013-10-29 16:18:35 +01:00
Paul Bakker
6edcd41c0a
Addition conditions for UEFI environment under MSVC
2013-10-29 15:44:13 +01:00
Paul Bakker
7b0be68977
Support for serialNumber, postalAddress and postalCode in X509 names
2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c
Fix ECDSA corner case: missing reduction mod N
...
No security issue, can cause valid signatures to be rejected.
Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131
Fixed spelling / typos (from PowerDNS:codespell)
2013-10-29 10:02:51 +01:00
Paul Bakker
50dc850c52
Const correctness
2013-10-28 21:19:10 +01:00
Paul Bakker
6a6087e71d
Added missing inline definition for MSCV and ARM environments
2013-10-28 18:53:08 +01:00
Paul Bakker
7bc745b6a1
Merged constant-time padding checks
2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d
Merged optimizations for MODP NIST curves
2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard
1001e32d6f
Fix return value of ecdsa_from_keypair()
2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard
21ef42f257
Don't select a PSK ciphersuite if no key available
2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d
X509 key identifiers depend on SHA1
2013-10-28 13:58:32 +01:00
Paul Bakker
45a2c8d99a
Prevent possible alignment warnings on casting from char * to 'aligned *'
2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472
Server does not send out extensions not advertised by client
2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard
e68bf171eb
Make get_zeros_padding() constant-time
2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard
6c32990114
Make get_one_and_zeros_padding() constant-time
2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard
d17df51277
Make get_zeros_and_len_padding() constant-time
2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a
Make get_pkcs_padding() constant-time
2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9
Fix bad error codes
2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
7109624aef
Skip MAC computation/check when GCM is used
2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard
8866591cc5
Don't special-case NULL cipher in ssl_tls.c
2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard
126a66f668
Simplify switching on mode in ssl_tls.c
2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard
98d9a2c061
Fix missing or wrong ciphersuite definitions
2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard
6fb0f745be
Rank GCM before CBC in ciphersuite_preference
2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard
8d01eea7af
Add Camellia-GCM ciphersuites
2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard
e0dca4ad78
Cipher layer: check iv_len more carefully
2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard
dae7093875
gcm_selftest depends on AES
2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard
87181d1deb
Add Camellia-GCM to th cipher layer
2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
13e0d449f7
Add Camellia-GCM test vectors
...
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
9fcceac943
Add a comment about modules coupling
2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard
b21c81fb41
Use less memory in fix_negative()
2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard
cae6f3ed45
Reorganize code in ecp.c
2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard
5779cbe582
Make mod_p{224,256,384] a bit faster
...
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard
c04c530a98
Make NIST curves optimisation an option
2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard
0f9149cb0a
Add mod_p384
2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard
ec655c908c
Add mod_p256
2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard
210b458ddc
Document and slightly reorganize mod_pXXX
2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard
2a08c0debc
mod_p224 now working with 8-bit and 16-bit ints
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
a47e7058ea
mod_p224 now endian-neutral
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
e783f06f73
Start working on mod_p224
...
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8
Make ecp_mod_p521 a bit faster
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
c9e387ca9e
Optimize ecp_modp()
...
Makes it 22% faster, for a 5% gain on ecp_mul()
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd
Rework ecp_mod_p192()
...
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Paul Bakker
6888167e73
Forced cast to prevent MSVC compiler warning
2013-10-15 13:24:01 +02:00
Paul Bakker
5c17ccdf2a
Bumped version to 1.3.1
2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Paul Bakker
bbc1007c50
Convert SOCKET to int to prevent compiler warnings under MSVC.
...
From kernel objects at msdn:
Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.
Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0
Fix bug in psk_identity_hint parsing
2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2
Dependency fixes
2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537
Refactor parse_server_key_exchange a bit
2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
ef0eb1ebd8
Add two missing RSA-PSK ciphersuites
2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard
0fae60bb71
Implement RSA-PSK key exchange
2013-10-14 19:34:48 +02:00
Paul Bakker
be089b0483
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2013-10-14 15:51:50 +02:00
Paul Bakker
b9cfaa0c7f
Explicit conversions and minor changes to prevent MSVC compiler warnings
2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
057e0cf263
Fix ciphersuites dependencies on MD5 and SHA1
2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2
More *-PSK refactoring
2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449
Factor PSK pms computation to ssl_tls.c
2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65
Fix bugs in ECDHE_PSK key exchange
2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
225d6aa786
Add ECDHE_PSK ciphersuites
2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00
Add support for ECDHE_PSK key exchange
2013-10-11 18:16:35 +02:00
Paul Bakker
b887f1119e
Removed return from error_strerror()
2013-10-11 15:24:31 +02:00
Paul Bakker
beccd9f226
Explicit void pointer cast for buggy MS compiler
2013-10-11 15:20:27 +02:00
Paul Bakker
5191e92ecc
Added missing x509write_crt_set_version()
2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de
threading_set_own() renamed to threading_set_alt()
2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51
Better support for MSVC
2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0
Merged support for Brainpool curves and ciphersuites
2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8
TLS compression only allocates working buffer once
2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246
Possible naming collision in dhm_context
2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c
Fixed const-correctness issues
2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard
ae102995a7
RSA blinding: lock for a smaller amount of time
2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard
4d89c7e184
RSA blinding: check highly unlikely cases
2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard
971f8b84bb
Fix compile errors with RSA_NO_CRT
2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard
9654fb156f
Fix missing MSVC define
2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard
0cd6f98c0f
Don't special-case a = -3, not worth it
2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard
b8012fca5f
Adjust dependencies
2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard
48ac3db551
Add OIDs for brainpool curves
2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard
0ace4b3154
Use much less variables in ecp_double_jac_gen()
2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard
1c4aa24df1
Add brainpool support for ecp_mul()
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cd7458aafd
Support brainpool curves in ecp_check_pubkey()
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
a070ada6d4
Add brainpool curves to ecp_use_kown_dp()
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cec4a53c98
Add domain parameters for Brainpool curves
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
8195c1a567
Add identifiers for Brainpool curves
2013-10-10 12:56:00 +02:00
Paul Bakker
c9965dca27
RSA blinding threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
1337affc91
Buffer allocator threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
f4e7dc50ea
entropy_func() threading support
2013-09-29 15:02:07 +02:00
Paul Bakker
1ffefaca1e
Introduced entropy_free()
2013-09-29 15:01:42 +02:00
Paul Bakker
c55988406f
SSL Cache threading support
2013-09-28 15:24:59 +02:00
Paul Bakker
2466d93546
Threading abstraction layer added
2013-09-28 15:00:02 +02:00
Paul Bakker
bf796acf07
Added implementation for memory_buffer_set_verify()
2013-09-28 11:08:44 +02:00
Paul Bakker
caa3af47c0
Handle missing curve extension correctly in ssl_parse_client_hello()
2013-09-28 11:08:43 +02:00
Paul Bakker
f18084a201
Ready for 1.3.0 release
2013-09-26 10:07:09 +02:00
Paul Bakker
ca9c87ed2b
Removed possible cache-timing difference for pad check
2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard
a0fdf8b0a0
Simplify the way default certs are used
2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard
cb99bdb27e
Client: if no cert, send empty cert list
2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard
641de714b6
Use both RSA and ECDSA CA if available
2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
8372454615
Rework SNI to fix memory issues
2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard
482a2828e4
Offer both EC and RSA in certs.c, RSA first
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
4618459fa1
Update EC certificates in certs.c
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
705fcca409
Adapt support for SNI to recent changes
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
d09453c88c
Check our ECDSA cert(s) against supported curves
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f24b4a7316
Interface change in ECP info functions
...
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f71e587c5e
Fix memory leak in ssl cipher usage
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52
Add support for multiple server certificates
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
834ea8587f
Change internal structs for multi-cert support
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861
RSA and ECDSA key exchanges don't depend on CRL
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
164d894b9a
Fix: session start time wasn't set server side
2013-09-23 23:00:50 +02:00
Paul Bakker
3cf63edc44
Typo in Windows error code in x509_crt.c
2013-09-23 15:10:16 +02:00
Paul Bakker
c27c4e2efb
Support faulty X509 v1 certificates with extensions
...
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
fe28646f72
Fix references to x509parse in config.h
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
1a483833b3
SSL_TLS doesn't depend on PK any more
...
(But PK does depend on RSA or ECP.)
2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard
34ced2dffe
Fix mis-sized buffer
...
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard
a7496f00ff
Fix a few more warnings in small configurations
2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
4fee79b885
Fix some more depend issues
2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
387a211fad
Fix some dependencies in tests
2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec
Fix some dependencies and warnings in small config
2013-09-19 10:49:00 +02:00
Paul Bakker
5ad403f5b5
Prepared for 1.3.0 RC0
2013-09-18 21:21:30 +02:00
Paul Bakker
6db455e6e3
PSK callback added to SSL server
2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard
ff29f9c825
Compute public key if absent when reading EC key
2013-09-18 16:13:02 +02:00
Manuel Pégourié-Gonnard
da179e4870
Add ecp_curve_list(), hide ecp_supported_curves
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
dace82f805
Refactor cipher information management
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a310459f5c
Fix a few things that broke with RSA compiled out
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
161ef968db
Cache pre-computed points for ecp_mul()
...
Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a
preparation for fixed-point mult (a few prototypes changed in constness).
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e
Add human-friendly name in ecp_curve_info
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a79d123a55
Make ecp_supported_curves constant
2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
51451f8d26
Replace EC flag with ssl_ciphersuite_uses_ec()
2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
c83e418149
Prepare for ECDH point blinding just in case
2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard
c972770f78
Prepare ecp_group for future extensions
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
456d3b9b0b
Make ECP error codes more specific
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
568c9cf878
Add ecp_supported_curves and simplify some code
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
7038039f2e
Dissociate TLS and internal EC curve identifiers
...
Allows to add new curves before they get a TLS number
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
a97c015f89
Rm useless/wrong DHM lenght test
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
4cf0686d6d
Remove spurious '+ 3' in ecdsa_write_signature()
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
dd0f57f186
Check key size in cipher_setkey()
2013-09-18 14:34:32 +02:00
Paul Bakker
b6b0956631
Rm of memset instead of x509_crt_init()
2013-09-18 14:32:52 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
9556d3d650
Renamed x509_crt_write.c and x509_csr_write.c
2013-09-18 13:50:13 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e
Generalized function names of x509 functions not parse-specific
...
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211
Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
2013-09-17 14:36:05 +02:00
Paul Bakker
36713e8ed9
Fixed bunch of X509_PARSE related defines / dependencies
2013-09-17 13:25:29 +02:00
Paul Bakker
e9e6ae338b
Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug
2013-09-16 22:55:51 +02:00
Paul Bakker
da7711594e
Changed pk_parse_get_pubkey() to pk_parse_subpubkey()
2013-09-16 22:45:03 +02:00
Paul Bakker
d1a983fe77
Removed x509parse key functions and moved them to compat-1.2.h
2013-09-16 22:26:53 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39
POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C
2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0
Move *_pemify() function to PEM module
2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6
Moved DHM parsing from X509 module to DHM module
2013-09-15 17:43:54 +02:00
Paul Bakker
3e41fe8938
Remove printf when RSA selftest is skipped
2013-09-15 17:42:50 +02:00
Paul Bakker
dce7fdcbc9
Fixed warnings in case POLARSSL_PEM_C is not defined
2013-09-15 17:15:26 +02:00
Paul Bakker
2292d1fad0
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
2013-09-15 17:06:49 +02:00
Paul Bakker
4606c7317b
Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C
2013-09-15 17:04:23 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2
Make CBC an option, step 2: cipher layer
2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
f7dc378ead
Make CBC an option, step 1: ssl ciphersuites
2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard
b72b4edec1
Fix memory leak in DHM
2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard
4fe9200f47
Fix memory leak in GCM by adding gcm_free()
2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard
735b8fcb0b
Fix blunder in 8a109f1
2013-09-13 12:57:23 +02:00
Paul Bakker
9013af76a3
Merged major refactoring of x509write module into development
...
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
bb323ffc7c
Complete EC support in x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2
Add missing f_rng/p_rng arguments to x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
53c642504e
Use PK internally for x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5
Convert x509write_crt interface to PK
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d
Add EC support to x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4
Add test for x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
0088c69fbf
Complete x509write_csr support for EC key
...
No automated test yet (complicated by the fact that ECDSA signatures are not
deterministic), tested using cert_req (and openssl for verification).
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
edda9041fc
Adapt asn1_write_algorithm_identifier() to params
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e
Add EC support to x509write_pubkey
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb
Adapt x509write_pubkey interface to use PK
...
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f
Adapt x509write_csr prototypes for PK
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
8053da4057
x509write_csr() now fully using PK internally
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
d4eb5b5196
Add references
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
27d87fa6c4
Fix many off-by-one errors
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
6dcf0bfcf4
Use x509write_pubkey_der() when applicable
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
5353a03eb9
x509write_csr using PK internally (WIP)
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
85dfe08b31
Merge duplicated else/#else branch
2013-09-12 11:57:00 +02:00
Paul Bakker
18f0341aed
Typo in comments in ctr_drbg.c
2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard
da7317ed00
Use asn1_free_named_data_list() when relevant
2013-09-10 15:52:52 +02:00
Paul Bakker
c0dcf0ceb1
Merged blinding additions for EC, RSA and DHM into development
2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7
Merged GCM refactoring into development
...
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Paul Bakker
2a6a3a7e69
Better checking on cipher_info_from_values()
2013-09-10 14:29:28 +02:00
Paul Bakker
a0558e0484
Check that the cipher GCM receives is a 128-bit-based cipher
2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard
8a109f106d
Optimize RSA blinding by caching-updating values
2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard
ea53a55c0f
Refactor to prepare for RSA blinding optimisation
2013-09-10 13:55:35 +02:00
Paul Bakker
1c3853b953
oid_get_oid_by_*() now give back oid length as well
2013-09-10 11:43:44 +02:00
Paul Bakker
003dbad250
Fixed file descriptor leak in x509parse_crtpath()
2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8
x509_verify() now case insensitive for cn (RFC 6125 6.4)
2013-09-09 17:21:45 +02:00
Paul Bakker
f9f377e652
CSR Parsing (without attributes / extensions) implemented
2013-09-09 15:35:10 +02:00
Paul Bakker
d4bf870ff5
Allow spaces after the comma when converting X509 names
2013-09-09 13:59:11 +02:00
Paul Bakker
52be08c299
Added support for writing Key Usage and NS Cert Type extensions
2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684
Changes x509_csr to x509write_csr
2013-09-09 12:38:45 +02:00
Paul Bakker
5f45e62afe
Migrated from x509_req_name to asn1_named_data structure
2013-09-09 12:02:36 +02:00
Paul Bakker
c547cc992e
Added generic asn1_free_named_data_list()
2013-09-09 12:01:23 +02:00
Paul Bakker
59ba59fa30
Generalized x509_set_extension() behaviour to asn1_store_named_data()
2013-09-09 11:34:44 +02:00
Paul Bakker
43aff2aec4
Moved GCM to use cipher layer instead of AES directly
2013-09-09 00:10:27 +02:00
Paul Bakker
f46b6955e3
Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode)
2013-09-09 00:08:26 +02:00
Paul Bakker
5e0efa7ef5
Added POLARSSL_MODE_ECB to the cipher layer
2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard
9f5a3c4a0a
Fix possible memory error.
2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard
bfb355c33b
Fix memory leak on missed session reuse
2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard
bc4b7f08ba
Fix possible race in ssl_list_ciphersuites()
...
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
2013-09-08 20:07:48 +02:00
Paul Bakker
9c208aabc8
Use ASN1_UTC_TIME in some cases
2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard
032c34e206
Don't use DH blinding for ephemeral DH
2013-09-07 13:06:27 +02:00
Paul Bakker
15162a054a
Writing of X509v3 extensions supported
...
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
329def30c5
Added asn1_write_bool()
2013-09-06 16:34:38 +02:00
Paul Bakker
9397dcb0e8
Base X509 certificate writing functinality
2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
d13a4099dd
GCM ciphersuites using only cipher layer
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
b8bd593741
Restrict cipher_update() for GCM
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
226d5da1fc
GCM ciphersuites partially using cipher layer
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b
Cipher: test multiple cycles
...
GCM-cipher: just trust the user to call update_ad at the right time
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae
Simplify DH blinding a bit
2013-09-04 17:18:28 +02:00
Paul Bakker
45125bc160
Changes to handle merged enhancements
2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard
143b5028a5
Implement DH blinding
2013-09-04 16:29:59 +02:00
Paul Bakker
c049955b32
Merged new cipher layer enhancements
2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard
2d627649bf
Change dhm_calc_secret() prototype
2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
ce4112538c
Fix RC4 key length in cipher
2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard
83f3fc0d77
Add AES-192-GCM
2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard
43a4780b03
Ommit AEAD functions if GCM not defined
2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98
Split tag handling out of cipher_finish()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346
Split cipher_update_ad() out or cipher_reset()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
a235b5b5bd
Fix iv_len interface.
...
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard
9c853b910c
Split cipher_set_iv() out of cipher_reset()
2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
07de4b1d08
Implement randomized coordinates in ecp_mul()
2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard
c75c56fef7
Fix off-by-one error in ecdsa_write_signature()
...
Made some signature fail with 521-bit curve
2013-09-02 16:25:37 +02:00
Paul Bakker
ea6ad3f6e5
ARC4 ciphersuites using only cipher layer
2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard
e09d2f8261
Change ecp_mul() prototype to allow randomization
...
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker
eb851f6cd5
Merged current cipher enhancements for ARC4 and AES-GCM
2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard
9241be7ac5
Change cipher prototypes for GCM
2013-08-31 18:07:42 +02:00
Paul Bakker
cca5b81d18
All CBC ciphersuites via the cipher layer
2013-08-31 17:40:26 +02:00
Paul Bakker
da02a7f45e
AES_CBC ciphersuites now run purely via cipher layer
2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard
20d6a17af9
Make GCM tag check "constant-time"
2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69
GCM in the cipher layer, step 1
...
- no support for additional data
- no support for tag
2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de
Handle NULL as a stream cipher for more uniformity
2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022
Add arc4 support in the cipher layer
2013-08-30 17:11:28 +02:00
Paul Bakker
f451bac000
Blinding RSA only active when f_rng is provided
2013-08-30 15:48:53 +02:00
Paul Bakker
48377d9834
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
2013-08-30 13:41:14 +02:00
Paul Bakker
aab30c130c
RSA blinding added for CRT operations
2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49
Refactored RSA to have random generator in every RSA operation
...
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80
Merged refactored x509write module into development
2013-08-28 16:32:51 +02:00
Paul Bakker
9659dae046
Some extra code defined out
2013-08-28 16:21:34 +02:00
Manuel Pégourié-Gonnard
c852a68b96
More robust selection of ctx_enc size
2013-08-28 13:13:30 +02:00
Manuel Pégourié-Gonnard
cffe4a65bd
Move "constant" code outside a loop
2013-08-28 13:13:20 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
57a8783364
Make more room for ciphersuites
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
db77175e99
Make ecdsa_verify() return value more explicit
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9cc6f5c61b
Fix some hash debugging
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
4bd1284f59
Fix ECDSA hash selection bug with TLS 1.0 and 1.1
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9c9812a299
Fix bug introduced in dbf69cf
...
(Was writing outside array bounds.)
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
df0142bd17
Fix some dependencies in tests
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
2fb15f694c
Un-rename ssl_set_own_cert_alt()
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50
Allow compiling without RSA or DH
...
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
ee98f8e7a3
Add EC certificates in certs.c
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
f484282e96
Rm a few unneeded tests
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
d11eb7c789
Fix sig_alg extension on client.
...
Temporary solution on server.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b
pk_{sign,verify}() now accept hash_len = 0
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
c40b4c3708
Add configuration item for the PK module
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440
Merge code for RSA and ECDSA in SSL
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21
Use the new PK RSA-alt interface
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
12c1ff0ecb
Add RSA-alt to the PK layer
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007
Add and use pk_encrypt(), pk_decrypt()
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178
Introduce pk_sign() and use it in ssl
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401
Fix some return values
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77
Add client support for ECDSA client auth
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
abae74c4a0
Add server support for ECDHE_ECDSA key exchange
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e
Check key type against selected key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50
Add client support for ECDHE_ECDSA key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394
Refactor ssl_parse_server_key_exchange() a bit
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127
Declare ECDSA key exchange and ciphersuites
...
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
0b03200e96
Add server-side support for ECDSA client auth
2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
2013-08-27 15:06:54 +02:00
Paul Bakker
9852d00de6
Moved asn1write funtions to use asn1_write_raw_buffer()
2013-08-26 17:56:37 +02:00
Paul Bakker
7accbced87
Doxygen documentation added to asn1write.h
2013-08-26 17:37:18 +02:00
Paul Bakker
f3df61ad10
Generalized PEM writing in x509write module for RSA keys as well
2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70
Move PEM conversion of DER data to x509write module
2013-08-26 17:37:18 +02:00
Paul Bakker
624d03a3f7
Fixed length of key_usage bitstring to 7 bits
2013-08-26 17:37:18 +02:00
Paul Bakker
1c0e550e21
Added support for Netscape Certificate Types in CSR writing
...
Further generalization of extension adding / replacing in the CSR
structure
2013-08-26 17:37:18 +02:00
Paul Bakker
e5eae76bf0
Generalized the x509write_csr_set_key_usage() function and key_usage
...
storage
2013-08-26 17:37:18 +02:00
Paul Bakker
6db915b5a9
Added asn1_write_raw_buffer()
2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard
0a20171d52
Fix compiler warning from gcc -Os
2013-08-26 14:31:43 +02:00
Manuel Pégourié-Gonnard
70f1768b9d
Make two format strings literal
...
Fixes clang warning
2013-08-26 14:31:33 +02:00
Manuel Pégourié-Gonnard
c6554aab3d
Check length of session tickets we write
2013-08-26 14:26:33 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5
Move verify_result from ssl_context to session
2013-08-26 14:26:02 +02:00
Paul Bakker
fde4270186
Added support for writing key_usage extension
2013-08-25 14:47:27 +02:00
Paul Bakker
598e450538
Added asn1_write_bitstring() and asn1_write_octet_string()
2013-08-25 14:46:39 +02:00
Paul Bakker
0e06c0fdb4
Assigned error codes to the error defines
2013-08-25 11:21:30 +02:00
Paul Bakker
82e2945ed2
Changed naming and prototype convention for x509write functions
...
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
2130796658
Switched order of storing x509_req_names to match inputed order
2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461
Rewrote x509 certificate request writing to use structure for storing
2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
fff80f8879
PK: use NULL for unimplemented operations
2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard
f73da02962
PK: change pk_verify arguments (md_info "optional")
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ab46694558
Change pk_set_type to pk_init_ctx for consistency
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ac4cd36297
PK rsa_verify: check signature length
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
15699380e5
Small PK cleanups
...
- better error codes
- rm now-useless include
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c
PK: rename members for consistency CIPHER, MD
...
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
09162ddcaa
PK: reuse some eckey functions for ecdsa
...
Also add some forgotten 'static' while at it.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
c6ac8870d5
Nicer interface between PK and debug.
...
Finally get rid of pk_context.type member, too.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
b3d9187cea
PK: add nice interface functions
...
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
765db07dfb
PK: use alloc and free function pointers
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3053f5bcb4
Get rid of pk_wrap_rsa()
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f8c948a674
Add name and get_size() members in PK
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
835eb59c6a
PK: fix support for ECKEY_DH
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f18c3e0378
Add a PK can_do() method and simplify code
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
d73b3c13be
PK: use wrappers and function pointers for verify
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f499993cb2
Add ecdsa_from_keypair()
...
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
cc0a9d040d
Fix const-correctness of rsa_*_verify()
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f84b4d6498
Check sig_pk for signature verification
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
96d5912088
Implement EC cert and crl verification
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
211a64c79f
Add eckey to ecdsa conversion in the PK layer
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
b4d69c41f8
Prepare for EC cert & crl validation
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
e09631b7c4
Create ecp_group_copy() and use it
2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
8eebd012b9
Add an ecdsa_genkey() function
2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard
b694b4896c
Add ecdsa_{read,write}_signature()
2013-08-20 20:04:16 +02:00
Paul Bakker
3a074a7996
Actually skip certificate if we do not understand hash type
2013-08-20 12:45:03 +02:00
Paul Bakker
dc4baf11ab
Removed errant printf in x509parse_self_test()
2013-08-20 12:44:33 +02:00
Paul Bakker
42c3ccf36e
Fixed potential negative value misinterpretation in load_file()
2013-08-19 14:29:31 +02:00
Paul Bakker
75c1a6f97c
Fixed potential heap buffer overflow on large hostname setting
2013-08-19 14:25:29 +02:00
Paul Bakker
694d3aeb47
Fixed potential heap buffer overflow on large file reading
2013-08-19 14:23:38 +02:00
Paul Bakker
5fd4917d97
Add missing ifdefs in ssl modules
2013-08-19 13:30:28 +02:00
Paul Bakker
04376b1419
Fixed memory leak in ssl_parse_server_key_exchange from missing
...
md_free_ctx()
2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard
298aae4524
Adapt core OID functions to embeded null bytes
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
c13c0d4524
Add a length check in rsa_get_pubkey()
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
56a487a17f
Minor ecdsa cleanups
...
- point_format is of no use
- d was init'ed and free'd twice
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
686bfae244
Fix memory error in x509_get_attr_type_value
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
ba77bbf840
Fix memory error in asn1_get_alg()
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
06dab806ce
Fix memory error in asn1_get_bitstring_null()
...
When *len is 0, **p would be read, which is out of bounds.
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
0b2726732e
Fix ifdef conditions for EC-related extensions.
...
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358
Actually use the point format selected for ECDH
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
7b19c16b74
Handle suported_point_formats in ServerHello
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
6b8846d929
Stop advertising support for compressed points
...
(We can only write them, not read them.)
2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
606b4ba20f
Session ticket expiration checked on server
2013-08-15 11:42:48 +02:00
Paul Bakker
f0e39acb58
Fixed unitialized n when resuming a session
2013-08-15 11:40:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
56dc9e8bba
Authenticate session tickets.
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
990c51a557
Encrypt session tickets
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
779e42982c
Start adding ticket keys (only key_name for now)
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
306827e3bc
Prepare ticket structure for securing
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37
Fix reusing session more than once
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
593058e35e
Don't renew ticket when the current one is OK
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
c086cce3d3
Don't cache empty session ID nor resumed session
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7cd5924cec
Rework NewSessionTicket handling in state machine
...
Fixes bug: NewSessionTicket was ommited in resumed sessions.
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
3ffa3db80b
Fix server session ID handling with ticket
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
72882b2079
Relax limit on ClientHello size
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
609bc81a76
ssl_srv: read & write ticket, unsecure for now
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
94f6a79cde
Auxiliary functions to (de)serialize ssl_session
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7a358b8580
ssl_srv: write & parse session ticket ext & msg
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
6377e41ef5
Complete client support for session tickets
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7
Parse NewSessionTicket message
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989
ssl_cli: write & parse session ticket extension
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
75d440192c
Introduce ticket field in session structure
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
5f280cc6cf
Implement saving peer cert as part of session.
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
747180391d
Add ssl_get_session() to save session on client
2013-08-14 14:08:03 +02:00
Paul Bakker
48e93c84b7
Made padding modes configurable from config.h
2013-08-14 14:02:48 +02:00
Paul Bakker
1a45d91cf2
Restructured cipher_set_padding_mode() to use switch statement
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
ebdc413f44
Add 'no padding' mode
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95
Add zero padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a
Add zeros-and-length (ANSI X.923) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad
Add one-and-zeros (ISO/IEC 7816-4) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
b7d24bc7ca
Fix bug in get_pkcs_padding(): cannot be 0-length
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
ac56a1aec4
Make cipher_set_padding() actually work
...
(Only one padding mode recognized yet.)
2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5
Add cipher_set_padding() (no effect yet)
...
Fix pattern in tests/.gitignore along the way.
2013-08-14 14:02:46 +02:00
Paul Bakker
0f2f0bfc87
CAMELLIA-based PSK and DHE-PSK ciphersuites added
2013-07-26 15:04:03 +02:00
Paul Bakker
b548d773b3
Fixed memory leak in ecdh_compute_shared() in case of error
2013-07-26 14:22:19 +02:00
Paul Bakker
cca998a4c5
Fixed memory leak in ecdsa_sign() / ecdsa_verify() in case of error
2013-07-26 14:22:16 +02:00
Paul Bakker
1e6a175362
Support for AIX header locations in net.c module
2013-07-26 14:10:22 +02:00
Paul Bakker
52cf16caeb
Fixed multiple use of GCM-context bug due to split-up of GCM functions
2013-07-26 13:56:22 +02:00
Paul Bakker
d9ca94a677
Updated merged pk.c and x509parse.c changes with new memory allocation functions
2013-07-25 11:25:09 +02:00
Paul Bakker
8c1ede655f
Changed prototype for ssl_set_truncated_hmac() to allow disabling
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
277f7f23e2
Implement hmac truncation
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
57c2852807
Added truncated hmac negociation (without effect)
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0
Add interface for truncated hmac
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
ed4af8b57c
Move negotiated max fragment length to session
...
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard
581e6b6d6c
Prepare migrating max fragment length to session
...
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard
6b4f237f6a
Forbid setting max_frag_len > MAX_CONTENT_LEN
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
30dc7ef3ad
Reset max_fragment_length in ssl_session_reset()
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
7bb7899121
Send max_fragment_length extension (server)
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
f11a6d78c7
Rework server extensions writing
2013-07-18 11:23:38 +02:00
Manuel Pégourié-Gonnard
de600e571a
Read max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
a052849640
Send max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
48f8d0dbbd
Read max_fragment_length extension (server)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
787b658bb3
Implement max_frag_len write restriction
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
8b46459ae5
Add ssl_set_max_frag_len()
2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
c2c90031ec
Fix pk_set_type() behaviour for unkown type
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
14d8564402
Fix overflow check in oid_get_numeric_string()
...
(The fix in 791eed3
was wrong.)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
fd5164e283
Fix some more ifdef's RSA/EC, in pk and debug
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
ab2d9836b4
Fix some ifdef's in x509parse
...
While at it:
- move _rsa variants systematically after generic functions
- unsplit x509parse_key_pkcs8_encrypted_der() (reverts a5d9974
)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
96f3a4e1b3
Rm ecp_keypair.alg
...
Avoid duplicating information already present in pk_context.
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
8b863cd641
Merge EC & RSA versions of x509_parse_key()
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
6e88202a95
Merge EC & RSA versions of parse_pkcs8_unencrypted
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac
Some more EC pubkey parsing refactoring
...
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
1c808a011c
Refactor some EC key parsing code
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
991d0f5aca
Remove rsa member from x509_cert structure
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
ff56da3a26
Fix direct uses of x509_cert.rsa, now use pk_rsa()
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
893879adbd
Adapt debug_print_crt() for EC keys
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
5b18fb04ca
Fix bug in x509_get_{ecpubkey,subpubkey}()
...
- 'p' was not properly updated
- also add a few more checks while at it
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
360a583029
Adapt x509parse_cert_info() for EC
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
674b2243eb
Prepare transition from x509_cert.rsa to pk
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
a155513e7b
Rationalize use of x509_get_alg variants
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7a287c409e
Rename x509_get_algid() to x509_get_pk_alg()
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7c5819eb1e
Fix warnings (enum value missing from switch/case)
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
1e60cd09b0
Expand oid_get_sig_alg() for ECDSA-based algs
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
244569f4b1
Use generic x509_get_pubkey() for RSA functions
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
4fa0476675
Use new x509_get_pubkey() in x509parse_public_key()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
c296c5925e
Introduce generic x509_get_pubkey()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
094ad9e512
Rename x509_get_pubkey to _rsa and split it up
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
f16ac763f6
Simplify length mismatch check in x509_get_pubkey
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
20c12f6b5f
Factor more code into x509_get_pubkey()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
788db112a5
Get rid of x509_cert.pkoid
...
Unused, comment did not match reality, and will soon be superseeded by the
'type' field of the pk_context which will replace rsa_context.
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
374e4b87d4
pk_set_type() cannot be used to reset key type
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
0a64e8f1fd
Rework algorithmIdentifier parsing
2013-07-17 15:59:39 +02:00
Paul Bakker
f4a1427ae7
base64_decode() also forcefully returns on dst == NULL
2013-07-16 17:48:58 +02:00
Paul Bakker
61d113bb7b
Init and free new contexts in the right place for SSL to prevent
...
memory leaks
2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
7d4e5b739e
Simplify password check in pem_read_buffer()
2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
791eed3f33
Fix portability issue in oid_get_numeric_string()
2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
de44a4aecf
Rename ecp_check_prvkey with a 'i' for consistency
2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
81c313ccc6
Add #ifdef's on RSA and EC in PK
2013-07-09 10:49:09 +02:00
Manuel Pégourié-Gonnard
1f73a65c06
Fix ommission in pk_free().
2013-07-09 10:42:13 +02:00
Manuel Pégourié-Gonnard
7a6c946446
Fix error code in pk.h
2013-07-09 10:37:27 +02:00
Manuel Pégourié-Gonnard
8838099330
Add x509parse_{,public}_key{,file}()
...
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
12e0ed9115
Add pk_context and associated functions
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
d4ec21dd47
Add a check for multiple curve specification
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
80300ad0d9
Add checks for pk_alg.
...
Used to be implicitly done by oid_get_pk_alg().
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
9c1cf459dd
Implement x509parse_key_pkcs8_encrypted_der_ec()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
a5d9974423
Split up x509_parse_pkcs8_encrypted_der()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
416fa8fde5
Implement x509parse_key_pkcs8_unencrypted_der_ec()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f8648d51b1
Fix undocumented feature of pem_read_buffer()
...
Used to work only for RSAPrivateKey content, now accepts ECPrivateKey too,
and may even work with similar enough structures when they appear.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
e366342233
Implement x509parse_key_sec1_der()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
15e8b82724
Fill in x509parse_key_ec using stub function
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
73c0cda346
Complete x509parse_public_key_ec()
...
Warning: due to a bug in oid_descriptor_from_buf(), keys associated to some
curves (secp224r1, secp384r1, secp521r1) are incorrectly rejected,
since their namedCurve OID contains a nul byte.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f838eeda09
Add x509_get_ecparams()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f0b30d0542
Add oid_get_ec_grp() and associated data
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
5a9b82e234
Make oid_get_pk_alg handle EC algorithms
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
dffba8f63e
Fix bug in oid_get_numeric_string()
...
Overflow check was done too early, causing many false positives.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
444b42710a
Optionally allow parameters in x509_get_tag()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
26833c2fc6
Add stubs for x509parse_key_ec and co.
2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
4250a1f818
Fix a comment and some whitespace
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83
Add ecp_check_prvkey, with test
...
Also group key checking and generation functions in ecp.h and ecp.c.
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
b8c6e0e3e9
Add ecp_keypair struct, init/free and constants
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
7c8934ea0e
Add ecdsa_init and ecdsa_free
2013-07-08 15:30:23 +02:00
Paul Bakker
1ef120f5fd
Updated buffer-allocator with free-block-list to speed up searches
2013-07-03 17:22:32 +02:00
Paul Bakker
41350a9a7e
Fixed spaces in memory_buffer_alloc.c
2013-07-03 17:22:32 +02:00
Paul Bakker
fa9b10050b
Also compiles / runs without time-based functions in OS
...
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
891998e0c3
Added extra debug information to memory_buffer_alloc_status()
2013-07-03 17:22:31 +02:00
Paul Bakker
bd5524471a
Removed memory leak in PKCS#12 code
2013-07-03 17:22:31 +02:00
Paul Bakker
4632083c78
Removed memory leaks in PKCS#5 functions
2013-07-03 17:22:31 +02:00
Paul Bakker
6e339b52e8
Memory-allocation abstraction layer and buffer-based allocator added
2013-07-03 17:22:31 +02:00
Paul Bakker
f863485fea
Remove memory leak in PKCS#5 self test
2013-07-03 13:31:52 +02:00
Paul Bakker
abf2f8fcf9
zlib compression/decompression skipped on empty blocks
2013-06-30 14:57:46 +02:00
Paul Bakker
e5bffc319d
Removed redundant includes
2013-06-30 14:53:06 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
3866b9f4b5
Removed redundant inclusion
2013-06-30 12:53:14 +02:00
Paul Bakker
fd3eac5786
Cleaned up ECP error codes
2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05
Made supported curves configurable
2013-06-29 23:26:34 +02:00
Paul Bakker
e2ab84f4a1
Renamed error_strerror() to the less conflicting polarssl_strerror()
...
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8
Client and server now filter sent and accepted ciphersuites on minimum
...
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
59c28a2723
SSL v2 handshake should also handle dynamic ciphersuites
2013-06-29 18:35:40 +02:00
Paul Bakker
f8d018a274
Made asn1_get_alg() and asn1_get_alg_null() as generic functions
...
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
2013-06-29 18:35:40 +02:00
Paul Bakker
ce6ae233cb
Macro-ized the final internal OID functions
2013-06-29 18:35:40 +02:00
Paul Bakker
47fce02bd8
Defines around module-dependent OIDs
2013-06-29 18:35:40 +02:00
Paul Bakker
7749a22974
Moved PKCS#12 cipher layer based PBE detection to use OID database
2013-06-29 18:32:16 +02:00
Paul Bakker
dd1150e846
Macro-ized single and double attribute functions in OID database
2013-06-28 17:20:22 +02:00
Paul Bakker
bd51ad538d
Re-ordered OID internals. Made macro for oid_XXX_from_asn1() functions
2013-06-28 16:54:23 +02:00
Paul Bakker
9b5e885611
PKCS#5 PBES2 now uses OID database for algorithm detection
2013-06-28 16:12:50 +02:00
Paul Bakker
c5a79cca53
Fixed compiler warnings for unused parameter ssl
2013-06-26 15:08:35 +02:00
Paul Bakker
b9d3cfa114
Split up GCM into a start/update/finish cycle
2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a
Made ctr_drbg_init_entropy_len() non-static and defined
2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6
Cleanup up non-prototyped functions (static) and const-correctness
...
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
169b7f4a13
Fixed gcm.c formatting (removed redundant spaces)
2013-06-25 15:06:54 +02:00
Paul Bakker
bda7cb76fa
Fixed minor comment typo
...
(cherry picked from commit da7fdbd534
)
2013-06-25 15:06:54 +02:00
Paul Bakker
38b50d73a1
Moved PKCS#12 PBE functions to cipher / md layer where possible
...
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).
In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2
)
2013-06-25 15:06:53 +02:00
Paul Bakker
0e34235644
Fixed values for 2-key Triple DES in cipher layer
...
(cherry picked from commit 2be71faae4
)
2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb
x509parse_crt() and x509parse_crt_der() return X509 password related codes
...
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c7
)
2013-06-25 15:06:53 +02:00
Paul Bakker
72823091c2
Removed redundant free()s
...
(cherry picked from commit 1fc7dfe2e2
)
2013-06-25 15:06:53 +02:00
Paul Bakker
cf445ffc4e
Added missing free()
...
(cherry picked from commit ff3a4b010b
)
2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef
PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
...
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2
)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
b0c19a4b3d
PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
...
old PBKDF2 module.
(cherry picked from commit 19bd297dc8
)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
fc4f46fa9a
Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
...
(cherry picked from commit 52b845be34
)
2013-06-25 15:06:52 +02:00
Paul Bakker
531e294313
Fixed location of brackets in pkcs12.c
...
(cherry picked from commit 67812d396c
)
2013-06-25 15:06:52 +02:00
Paul Bakker
2c8cdd201f
x509parse_crtpath() is now reentrant and uses more portable stat()
...
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
(cherry picked from commit cbfcaa9206
)
2013-06-25 15:06:51 +02:00
Paul Bakker
42c6581110
Changed x509parse_crt_der() to support adding to chain.
...
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
(cherry picked from commit d6d4109adc
)
2013-06-25 15:06:51 +02:00
Paul Bakker
90995b5ce3
Added mechanism to provide alternative cipher / hash implementations
...
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043
)
2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
...
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a8
)
Conflicts:
scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876
Internally split up x509parse_key()
...
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6
)
Conflicts:
library/x509parse.c
2013-06-25 15:06:50 +02:00
Paul Bakker
89ecb2d074
ssl_parse_certificate() now calls x509parse_crt_der() directly
...
(cherry picked from commit 1922a4e6aa
)
2013-06-24 19:09:25 +02:00
Paul Bakker
5ed3b34e22
x509parse_crt() now better handles PEM error situations
...
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
(cherry picked from commit 6417186365
)
2013-06-24 19:09:25 +02:00
Paul Bakker
00b2860e8d
pem_read_buffer() already update use_len after header and footer are read
...
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e
)
2013-06-24 19:09:25 +02:00
Paul Bakker
3c2122ff9d
Fixed const correctness issues that have no impact on the ABI
...
(cherry picked from commit eae09db9e5
)
Conflicts:
library/gcm.c
2013-06-24 19:09:24 +02:00
Paul Bakker
2013950545
Secure renegotiation extension should only be sent in case client supports secure renegotiation
...
(cherry picked from commit 7c3c3899cf
)
2013-06-24 19:09:24 +02:00
Paul Bakker
73d4431ccd
Fixed parse error in ssl_parse_certificate_request()
2013-05-22 13:56:26 +02:00
Paul Bakker
f6a19bd728
Possible resource leak on FILE* removed in X509 parse
2013-05-14 13:26:51 +02:00
Paul Bakker
c72d3f7d85
Possible resource leak on FILE* removed in CTR_DRBG
2013-05-14 13:22:41 +02:00
Paul Bakker
40afb4ba13
Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487
2013-04-19 22:03:30 +02:00
Paul Bakker
a1bf92ddb4
Added PSK NULL ciphers from RFC4785
2013-04-19 20:47:26 +02:00
Paul Bakker
48f7a5d724
DHE-PSK based ciphersuite support added and cleaner key exchange based
...
code selection
The base RFC 4279 DHE-PSK ciphersuites are now supported and added.
The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker
188c8de430
Only allow missing SereverKeyExchange message in bare PSK mode
2013-04-19 09:13:37 +02:00
Paul Bakker
e07f41d4be
Introduced defines to control availability of specific SSL Key Exchange
...
methods.
Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
2013-04-19 09:08:57 +02:00
Paul Bakker
ed27a041e4
More granular define selections within code to allow for smaller code
...
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
73a899a9eb
Changed error code message to also cover missing pre-shared key
2013-04-18 23:12:34 +02:00
Paul Bakker
fbb17804d8
Added pre-shared key handling for the server side of SSL / TLS
...
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
70df2fbaa5
Split parts of ssl_parse_client_key_exchange() into separate functions
...
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
2013-04-18 23:12:33 +02:00
Paul Bakker
d4a56ec6bf
Added pre-shared key handling for the client side of SSL / TLS
...
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
f7abd422dc
Removed extra spaces on end of lines
2013-04-16 18:09:45 +02:00
Paul Bakker
29e1f12f6b
split parts of ssl_parse_server_key_exchange() into separate functions
...
Made ssl_parse_server_dh_params(), ssl_parse_server_ecdh_params() and
ssl_parse_signature_algorihm() in preparation for PSK-related code
2013-04-16 18:09:45 +02:00
Paul Bakker
8f4ddaeea9
Ability to specify allowed ciphersuites based on the protocol version.
...
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b
)
Conflicts:
ChangeLog
library/ssl_srv.c
library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker
0ecdb23eed
Cleanup of the GCM code
...
Removed unused variable 'v'
orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
2013-04-09 11:36:42 +02:00
Paul Bakker
a280d0f2b9
Fixed compiler warning for possible uninitialized ret
2013-04-08 13:40:17 +02:00
Paul Bakker
27714b1aa1
Added Camellia ECDHE-based CBC ciphersuites
...
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker
bfe671f2d5
Blowfish has default of 128-bit keysize in cipher layer
2013-04-07 22:35:44 +02:00
Paul Bakker
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
37de6bec16
Const correctness added for asn1write functions
2013-04-07 13:11:31 +02:00
Paul Bakker
3b6a07b745
Prevented compiler warning on uninitialized end
2013-03-21 11:56:50 +01:00
Paul Bakker
d3edc86720
Moved writing of client extensions to separate functions in ssl_cli.c
2013-03-20 16:07:17 +01:00
Paul Bakker
a54e493bc0
Added ECDHE-based SHA256 and SHA384 ciphersuites
...
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
Paul Bakker
b7149bcc90
Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF
2013-03-20 15:30:09 +01:00
Paul Bakker
41c83d3f67
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
...
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743
Merge branch 'ecc-devel-mpg' into development
2013-03-13 16:31:01 +01:00
Paul Bakker
d589a0ddb6
Modified Makefiles to include new files and and config.h to PolarSSL standard
2013-03-13 16:30:17 +01:00
Paul Bakker
68884e3c09
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-03-13 14:48:32 +01:00
Paul Bakker
c9118b433b
Renamed hash structures to ctx
2013-03-13 11:48:39 +01:00
Paul Bakker
09d67258a2
Modified to work in-place
2013-03-13 11:46:00 +01:00
Paul Bakker
92be97b8e6
Align data with future location based on IV size
2013-03-13 11:46:00 +01:00
Paul Bakker
07eb38ba31
Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well
...
Added ssl_hw_record_activate()
2013-03-13 11:44:40 +01:00
Paul Bakker
c7878113cb
Do not set done in case of a fall-through
2013-03-13 11:44:40 +01:00
Paul Bakker
5bd422937a
Reverted commit 186751d9dd
and made out_hdr and out_msg back-to-back again
2013-03-13 11:44:40 +01:00
Paul Bakker
fae35f0601
Functions in cipher_wrap.c marked static
2013-03-13 10:33:51 +01:00
Paul Bakker
d1df02a8a3
Functions inside md_wrap.c now marked static
2013-03-13 10:31:31 +01:00
Paul Bakker
ac0fba5389
Added missing header for MD2 and made code compile with missing header
...
files
2013-03-13 10:28:40 +01:00
Paul Bakker
1bd3ae826c
Added md_process() to MD layer for generic internal access to hash
...
process functions
Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
2013-03-13 10:26:44 +01:00
Paul Bakker
90f042d4cb
Prepared for PolarSSL 1.2.6 release
2013-03-11 11:38:44 +01:00
Paul Bakker
e81beda60f
The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
...
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.
As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993
Re-added support for parsing and handling SSLv2 Client Hello messages
...
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.
It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b
Fixed net_bind() for specified IP addresses on little endian systems
2013-03-06 18:01:03 +01:00
Paul Bakker
926c8e49fe
Fixed possible NULL pointer exception in ssl_get_ciphersuite()
2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5
Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt()
2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b
Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
...
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()
The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3
Added conversion to int for a t_uint value to prevent compiler warnings
...
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1
Made x509parse.c also work with missing hash header files
2013-02-19 13:17:38 +01:00
Paul Bakker
86f04f400b
Fixed comment
2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
Manuel Pégourié-Gonnard
f35b739dff
Add a few check for context validity.
2013-02-11 22:12:39 +01:00
Manuel Pégourié-Gonnard
424fda5d7b
Add ecdh_calc_secret()
2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c
Add ecdh_{make,read}_public()
2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2
Add ecdh_read_params().
2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
13724765b2
Add ecdh_make_server_params (untested yet)
2013-02-10 15:01:54 +01:00
Manuel Pégourié-Gonnard
63533e44c2
Create ecdh_context structure
2013-02-10 14:22:44 +01:00
Manuel Pégourié-Gonnard
98f51815d6
Fix ecp_tls_read_point's signature
2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418
Fix ecp_tls_read_group's signature
2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
46106a9d75
Add tests for (and fix bug in) ecp_tls_write_group
2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675
Fix ecp_tls_write_point's signature
2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
b325887fad
Add ecp_tls_write_group()
2013-02-10 12:06:19 +01:00
Manuel Pégourié-Gonnard
7e86025f32
Rename ecp_*_binary to ecp_point_*_binary
2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22
Supress 'format' argument to ecp_read_binary.
...
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
0079405918
Add functions for read/write ECPoint records
2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Manuel Pégourié-Gonnard
3aeb5a7192
Add ECDSA signature primitive.
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
b309ab2936
Add ECDSA sign primitive
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
2aea1416f9
Add skeleton ecdsa.[ch]
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
6545ca7bed
Add ECDH primitives
2013-01-26 19:11:24 +01:00
Manuel Pégourié-Gonnard
0bad5c2381
Add skeleton ecdh.[ch]
2013-01-26 15:30:46 +01:00
Manuel Pégourié-Gonnard
45a035a9ac
Add ecp_gen_keypair()
2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae
Correctly handle CertificateRequest with empty DN list in <= TLS 1.1
2013-01-22 14:21:49 +01:00
Paul Bakker
cf4365f560
Updated error codes for ECP
2013-01-16 17:00:43 +01:00
Paul Bakker
a95919b4c7
Added ECP files to Makefiles as well
2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
5e402d88ea
Added ecp_read_binary().
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3
Added support for writing points compressed
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46
Added ecp_write_binary().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63
Added ecp_check_pubkey().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
3680c82c5a
Made choice of w safer and more optimal
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
cdd44324e9
Added ecp_normalize_many() for faster precompute()
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5
Made ecp_mul() faster and truly SPA resistant
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
7652a593d6
Added a precompute() function for fast mult
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
855560758c
Added function preparing for faster multiplication
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
b4a310b472
Added a selftest about SPA resistance
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e
Added ecp_sub() as a variant of ecp_add()
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c
Changed to jacobian coordinates everywhere
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
773ed546a2
Added a nbits member to ecp_group
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb
Multiplication by negative is now forbidden
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
8433824d5f
Added fast mod_p192
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4712325777
Clarifications in comments; code cosmetics & style
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
dada4da33f
Moved domain paramaters to ecp.c
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
62aad14139
Added slot for fast modp, with mod_p521
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
84d1aea1ac
Now reducing mod p after every single operation
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e0c16922f9
Point multiplication using Jacobian coordinates
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
7e0adfbcc5
Replaced add_generic with add_mixed
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
989c32bc3e
Replaced double_generic with double_jac
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
27b1ba8be0
Changed ecp_mul() to always add the same point
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
d070f51224
Started introducting Jacobian coordinates
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c
Moved tests from selftest to tests/test_suite_ecp
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
a5402fee04
Added ecp_use_known_dp()
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae
Implemented multiplication
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b4ab8a8137
Fixed memory leak due to typo
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
de532ee73f
Implemented generic doubling
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
ab38b70816
Fixed add_generic
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c
Got first tests working, fixed ecp_copy()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
d0dc6317e1
Added a few test cases for addition
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
847395a8a9
Added ecp_XXX_read_string()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
7cfcea349c
Documented error codes properly
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
ae180d0f20
Got started on ecp_add(): generic case done
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
883f313516
Added ecp_copy() (for points)
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
5179e463d5
Allowed point at infinity, supressed ecp_double()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
1e8c8ecd95
Implemented ecp_{point,group}_free()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
39d2adbbd0
Added (skeleton) ecp.[ch]
2013-01-16 16:31:48 +01:00
Paul Bakker
21dca69ef0
Handle future version properly in ssl_write_certificate_request()
2013-01-03 11:41:08 +01:00
Paul Bakker
02303e8be4
Moved md_init_ctx() calls around to minimize exit points
2013-01-03 11:08:31 +01:00
Paul Bakker
40628bad98
Memory leak when using RSA_PKCS_V21 operations fixed
2013-01-03 10:50:31 +01:00
Paul Bakker
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
Paul Bakker
bc3d98469f
Fixed multiple DN size
2012-11-26 16:12:02 +01:00
Paul Bakker
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
Paul Bakker
3497d8c7bf
Do not check sig on trust-ca (might not be top)
2012-11-24 11:53:17 +01:00
Paul Bakker
769075dfb6
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 11:26:46 +01:00
Paul Bakker
78ce507988
Fixed typo
2012-11-23 14:23:53 +01:00
Paul Bakker
926af7582a
Fixed client certificate handling with TLS 1.2
2012-11-23 13:38:07 +01:00
Manuel Pégourié-Gonnard
e44ec108be
Fixed segfault in mpi_shift_r()
...
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
90f309ffe7
Added proper gitignores for linux compilation
2012-11-17 00:04:49 +01:00
Paul Bakker
43ae298410
- Fixed argument types
2012-11-14 12:14:19 +00:00
Paul Bakker
34d8dbcc6d
- Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0)
2012-11-14 12:11:38 +00:00
Paul Bakker
e0f41f3086
- Updated version to 1.2.1
2012-11-13 12:55:02 +00:00
Paul Bakker
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
Paul Bakker
96c4ed8134
- Proper building of shared lib when SHARED defined
2012-11-13 10:37:52 +00:00
Paul Bakker
644db3893a
- Added SHARED define for building with -fPIC
2012-11-13 10:35:00 +00:00
Paul Bakker
f02c5642d0
- Allow R and A to point to same mpi in mpi_div_mpi
2012-11-13 10:25:21 +00:00
Paul Bakker
36c4a678a6
- Fixed off-by-one loop
2012-11-09 15:30:07 +00:00
Paul Bakker
096348fa79
- Fixed comments / typos
2012-11-07 20:05:38 +00:00
Paul Bakker
fc975dc592
- Small Windows VC6 fixes
2012-11-02 12:51:23 +00:00
Paul Bakker
d9374b05d6
- Moved mpi_inv_mod() outside POLARSSL_GENPRIME
2012-11-02 11:02:58 +00:00
Paul Bakker
7a2538ee38
- Fixes for MSVC6
2012-11-02 10:59:36 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
bb0139c924
- Moved to more flexible define structure
...
- Added exception for OpenBSD on Sparc64 (no privilege for call)
2012-10-31 09:53:08 +00:00
Paul Bakker
35a7fe52f3
- Prevent compiler warning
2012-10-31 09:07:14 +00:00
Paul Bakker
8611e73dd3
- Fixed infinite loop
2012-10-30 07:52:29 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
d2c167e9a8
- And fixed order
2012-10-30 07:49:19 +00:00
Paul Bakker
98fe5eaf47
- Removed snprintf altogether for critical code paths
2012-10-24 11:17:48 +00:00
Paul Bakker
331f5630e9
- Do not use sprintf(), use snprintf() instead.
2012-10-24 10:16:39 +00:00
Paul Bakker
ba26e9ebfd
- Cache now only allows a maximum of entries in cache for preventing memory overrun
2012-10-23 22:18:28 +00:00
Paul Bakker
f1ab0ec1ff
- Changed default compiler flags to include -O2
2012-10-23 12:12:53 +00:00
Paul Bakker
67f9d534ee
- Removed code breaking strict-aliasing
2012-10-23 11:49:05 +00:00
Paul Bakker
81420abcb6
- properly print minimum version
2012-10-23 10:31:15 +00:00
Paul Bakker
c110d025c2
- Added extra check to prevent crash on failed memory allocation
2012-10-19 12:15:08 +00:00
Paul Bakker
0be82f20a9
- Updated rsa_pkcs1_verify() and rsa_pkcs1_sign() to use appropriate buffer size for max MPIs
2012-10-03 20:36:33 +00:00
Paul Bakker
36fec23dc2
- Updated to 1.2.0
2012-10-02 15:40:44 +00:00
Paul Bakker
62261d6bd6
- Rewrote bignum type definition #ifdef tree to work better on all
...
systems
2012-10-02 12:19:31 +00:00
Paul Bakker
3338b792da
- Fixed WIN32 version of x509parse_crtpath()
2012-10-01 21:13:10 +00:00
Paul Bakker
d6f17b492f
- Moved definition to top to prevent MS VC compiler warning
2012-10-01 20:58:19 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
0e19e9ff1c
- Minor define change to prevent warning
2012-10-01 11:02:48 +00:00
Paul Bakker
993d11dd05
- Send ClientHello with 'minimal version'
2012-09-28 15:00:12 +00:00
Paul Bakker
23f3680898
- Added proper support for TLS 1.2 signature_algorithm extension on server
...
side
- Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
321df6fb80
- Expanded rsa_check_privkey() to check DP, DQ and QP as well
2012-09-27 13:21:34 +00:00
Paul Bakker
5531c6d92c
- Change buffer size on mpi_write_file() to cover larger size MPIs
2012-09-26 19:20:46 +00:00
Paul Bakker
49d75678a5
- Support INTEGRITY OS
2012-09-26 15:22:07 +00:00
Paul Bakker
d14277d7de
- Added PBKDF2 error code
2012-09-26 15:19:05 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
2d319fdfcb
- Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover.
2012-09-16 21:34:26 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
b5b20f19e7
- Extra sanity check for input added
2012-09-16 15:07:49 +00:00
Paul Bakker
5f70b25c9b
- Correctly handle SHA256 ciphersuites in SSLv3
...
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
ec636f3bdd
- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
2012-09-09 19:17:02 +00:00
Paul Bakker
94a6796179
- Correctly handle MS certificate's key usage bits
2012-08-23 13:03:52 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
535e97dbab
- Better checking for reading over buffer boundaries
...
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
bb51f0cb3d
- Only include md.h if needed by POLARSSL_PKCS1_V21
2012-08-23 07:46:58 +00:00
Paul Bakker
6a2f857b08
- Added DragonflyBSD support
2012-08-23 07:45:37 +00:00
Paul Bakker
3c16db9a10
- Fixed potential memory zeroization on miscrafted RSA key
2012-07-05 13:58:08 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
83f00bba9c
- Updated strerror codes for SSL Compression and Blowfish
2012-07-04 11:08:50 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
cefb396a77
- Handle empty certificate subject names
2012-06-27 11:51:09 +00:00
Paul Bakker
e4791f3936
- Bugfix for Windows in cert path handling
2012-06-04 21:29:15 +00:00
Paul Bakker
67820bd38e
- Only include padlock header when POLARSSL_PADLOCK_C is defined
2012-06-04 12:47:23 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
e6ee41f932
- Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
...
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
50546921ac
- Moved to prevent uninitialized exit var
2012-05-19 08:40:49 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
2a5c7a87af
- Add Windows required library
2012-05-10 21:54:28 +00:00
Paul Bakker
62f88dc473
Makefile more compatible with WINDOWS environment
2012-05-10 21:26:28 +00:00
Paul Bakker
cd5b529d6d
- Added automatic WINDOWS define in Makefile
2012-05-10 20:49:10 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
7e2c728178
- Updated to support NetBSD
2012-05-08 13:23:16 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
3aac1daf1d
- Added exception error parsing when FATAL ssl message is received
2012-05-08 13:12:27 +00:00
Paul Bakker
6b906e5095
- Const correctness mpi_get_bit()
...
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
430ffbe564
- Fixed potential heap corruption in x509_name allocation
2012-05-01 08:14:20 +00:00
Paul Bakker
aec37cb653
- Added extra sanity check to DHM values
2012-04-26 18:59:59 +00:00
Paul Bakker
279432a7c0
- Fixed size of clean
2012-04-26 10:09:35 +00:00
Paul Bakker
901c65620e
- Fill full buffer (Wrong parameter usage)
2012-04-20 13:25:38 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
d8ef167833
- Updated for latest GCM error
2012-04-18 14:17:32 +00:00
Paul Bakker
fc5183cf5d
- Added input checking and more efficient buffer overlap use
2012-04-18 14:17:01 +00:00
Paul Bakker
369e14bbf1
- Small code rewrite
2012-04-18 14:16:09 +00:00
Paul Bakker
030277ab1e
- Updated error.c to include GCM errors
2012-04-17 12:24:26 +00:00
Paul Bakker
13ed9ab921
- Removed unused variable
2012-04-16 09:43:49 +00:00
Paul Bakker
0a9251870a
- Report unexpected_message if unknown record type is received
2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
bf63b36127
- Updated comments
2012-04-12 20:44:34 +00:00
Paul Bakker
c3f177a77b
- Added client side support for signature_algorithm extension and affiliated handling
2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534
- Fixed too restrictive test
2012-04-10 07:48:40 +00:00
Paul Bakker
96d42da8fe
- Removed debug value
2012-04-05 13:22:07 +00:00
Paul Bakker
c7ffd36a97
- Added automatic debug flags to CFLAGS if DEBUG is set in shell
2012-04-05 12:08:29 +00:00
Paul Bakker
452d532955
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
2012-04-05 12:07:34 +00:00
Paul Bakker
6126481796
- Added compat for sun in net.c
2012-04-03 07:54:30 +00:00
Paul Bakker
56a7684023
- Added alternative for SHA1 signature structure to check for (without NULL)
2012-03-22 15:31:27 +00:00
Paul Bakker
0c8f73ba8b
- Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong
2012-03-22 14:08:57 +00:00
Paul Bakker
f9169629c9
- Removed unused variables
2012-03-20 15:05:51 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
b6ad62dd21
- Added missing x509write.c
2012-03-20 13:41:33 +00:00
Paul Bakker
02f61692ef
- Removed trailing char
2012-03-15 10:54:25 +00:00
Paul Bakker
f654371b2b
- Only include dependencies when required
2012-03-05 14:01:29 +00:00
Paul Bakker
ad8d354a1a
- Updated RFC ref
2012-02-16 15:28:14 +00:00
Paul Bakker
3cac5e012b
- x509_write_cert_req() now supports all available hash functions
2012-02-16 14:08:06 +00:00
Paul Bakker
058881547f
- Certificate Requests written now have the Email address written in IA5String
2012-02-16 10:26:57 +00:00
Paul Bakker
bdb912db69
- Added preliminary ASN.1 buffer writing support
...
- Added preliminary X509 Certificate Request writing support
- Added key_app_writer example application
- Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
048d04ef4b
- AES code only check for Padlock once
2012-02-12 17:31:04 +00:00
Paul Bakker
39dfdaca8f
- Fixed mpi_fill_random() to fill and create right size MPI
2012-02-12 17:17:27 +00:00
Paul Bakker
8afa70dcd5
- Clean Subject Alternative Name data
2012-02-11 18:42:45 +00:00
Paul Bakker
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
Paul Bakker
1504af585c
- Removed redundant POLARSSL_DEBUG_MSG define
2012-02-11 16:17:43 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3
- Made changes for 1.1.1 release
2012-01-23 09:44:43 +00:00
Paul Bakker
17caec12af
- Changed back statement
2012-01-22 20:37:32 +00:00
Paul Bakker
e88186d2ff
- Fixed selftest for CTR_DRBG
2012-01-22 20:29:47 +00:00
Paul Bakker
cf0360a14e
- Fixed compiler error on 64-bit systems not using GCC
...
- t_udbl optimization now also works on platforms that did not define POLARSSL_HAVE_LONGLONG
2012-01-20 10:08:14 +00:00
Paul Bakker
ec1b9842c4
- Fixed type of length in get_pkcs_padding()
2012-01-14 18:24:43 +00:00
Paul Bakker
87e5cdad5b
- Fixed warning for t if no debugging defined
2012-01-14 18:14:15 +00:00
Paul Bakker
ed375caa3b
- Fixed signed status of ret
2012-01-14 18:10:38 +00:00
Paul Bakker
8913f82c26
- Fixed compiler warning for unreferenced ret in md_file() when POLARSSL_FS_IO not declared
2012-01-14 18:07:41 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
394c56f854
- Support for FreeBSD _SOCKLEN_T_DECLARED
2011-12-20 12:19:03 +00:00
Paul Bakker
43655f46b0
- Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
2011-12-15 20:11:16 +00:00
Paul Bakker
28c7e7f6fa
- Added HAVEGE as a default entropy source
2011-12-15 19:49:30 +00:00
Paul Bakker
b1dee1cfd2
- Changed commands to lowercase where it was not the case
2011-12-11 11:29:51 +00:00
Paul Bakker
55d3fd9aff
- Enlarged maximum size of DHM a client accepts to 512 bytes
2011-12-11 11:13:05 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0
- Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work
2011-12-10 21:42:49 +00:00
Paul Bakker
bd4a9d0cda
- Changed entropy accumulator to have per-source thresholds
2011-12-10 17:02:19 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
9304880e8a
- Fixed correct printing of serial number '00'
2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706
- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs
2011-12-05 14:22:49 +00:00
Paul Bakker
6bcfc67cd2
- Prevented warning from unused parameter data
2011-12-05 13:54:00 +00:00
Paul Bakker
fc754a9178
- Addedd writing and updating of seedfiles as functions to CTR_DRBG
2011-12-05 13:23:51 +00:00
Paul Bakker
1c70d409ad
- Added better handling of missing session struct
2011-12-04 22:30:17 +00:00
Paul Bakker
4f229e5d83
- Fixed define for Windows time functions
2011-12-04 22:11:35 +00:00
Paul Bakker
4f5ae803fa
- Fixed MS Visual C++ name clash with int64 in sha4.h
2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d
- Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources
2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a
- Fixed const correctness
...
- Added ctr_drbg_update for non-fixed data lengths
- Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
23fd5ea667
- Fixed a potential loop bug
2011-11-29 15:56:12 +00:00
Paul Bakker
2bc7cf16fe
- Cleaned up and further documented CTR_DRBG code
2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
880ac7eb95
- Added handling for CTR_DRBG module
2011-11-27 14:50:49 +00:00
Paul Bakker
0e04d0e9a3
- Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
2011-11-27 14:46:59 +00:00
Paul Bakker
03c7c25243
- * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets
2011-11-25 12:37:37 +00:00
Paul Bakker
fe3256e54b
- Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44 )
2011-11-25 12:11:43 +00:00
Paul Bakker
b6d5f08051
- Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off
2011-11-25 11:52:11 +00:00
Paul Bakker
cce9d77745
- Lots of minimal changes to better support WINCE as a build target
2011-11-18 14:26:47 +00:00
Paul Bakker
33008eef64
- Cleaned up define
2011-11-18 12:58:25 +00:00
Paul Bakker
dceecd80f7
- Adapted error generation to include ASN.1 changes and have Windows snprintf macro
2011-11-15 16:38:34 +00:00
Paul Bakker
1fe7d9baf9
- Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41 )
2011-11-15 15:26:03 +00:00
Paul Bakker
cebdf17159
- Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38 )
2011-11-11 15:01:31 +00:00
Paul Bakker
2028156556
- Fixed typos in copied text (Fixed ticket #39 )
2011-11-11 10:34:04 +00:00
Paul Bakker
efc302964c
- Extracted ASN.1 parsing code from the X.509 parsing code. Added new module.
2011-11-10 14:43:23 +00:00
Paul Bakker
b125ed8fc6
- Fixed typo in doxygen tag
2011-11-10 13:33:51 +00:00
Paul Bakker
ca41010b68
- Expanded clobber list on i386 RDTSC call
2011-10-19 14:27:36 +00:00
Paul Bakker
2a1c5f5382
- Minor code cleanup
2011-10-19 14:15:17 +00:00
Paul Bakker
fae618fa8b
- Updated tests to reflect recent changes
2011-10-12 11:53:52 +00:00
Paul Bakker
b5a11ab80b
- Added a separate CRL entry extension parsing function
2011-10-12 09:58:41 +00:00
Paul Bakker
fbc09f3cb6
- Added an EXPLICIT tag number parameter to x509_get_ext()
2011-10-12 09:56:41 +00:00
Paul Bakker
3329d1f805
- Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers
2011-10-12 09:55:01 +00:00
Paul Bakker
c4909d95f1
- Inceased maximum size of ASN1 length reads to 32-bits
2011-10-12 09:52:22 +00:00
Paul Bakker
fa1c592860
- Fixed faulty HMAC-MD2 implementation (Fixes ticket #37 )
2011-10-06 14:18:49 +00:00
Paul Bakker
490ecc8c3e
- Added ssl_set_max_version() to set the client's maximum sent version number
2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Paul Bakker
adb7ce16c0
- Fixed unconverted t_dbl into t_udbl
2011-08-23 14:55:55 +00:00
Paul Bakker
33aac37d53
- Added correct SONAME to Makefile builds as well
2011-08-13 11:47:41 +00:00
Paul Bakker
8934a98f82
- Fixed memcpy() that had possible overlapping areas to memmove()
2011-08-05 11:11:53 +00:00
Paul Bakker
968bc9831b
- Preparations for v1.0.0 release of PolarSSL
2011-07-27 17:03:00 +00:00
Paul Bakker
5c721f98fd
- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
...
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
9db7742adb
- Fixed error file after changed codes
2011-07-13 11:47:32 +00:00
Paul Bakker
ed56b224de
- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )
2011-07-13 11:26:43 +00:00
Paul Bakker
3783d6d812
- Do not build shared version by default
2011-07-13 11:25:36 +00:00
Paul Bakker
b8213a1298
- Minor update in types to prevent compiler warning under VS2010
2011-07-11 08:16:18 +00:00
Paul Bakker
73206954d4
- Made des_key_check_weak() conform to other functions in return values.
...
- Added documentation for des_key_check_weak() and des_key_check_key_parity()
2011-07-06 14:37:33 +00:00
Paul Bakker
c43e326dca
- Generalized CMakefile
2011-07-06 14:36:44 +00:00
Paul Bakker
684ddce18c
- Minor fixer to remove compiler warnings for ARMCC
2011-07-01 09:25:54 +00:00
Paul Bakker
1fad5bfb19
- Added define for OpenBSD (sys/endian.h)
2011-07-01 09:07:24 +00:00
Paul Bakker
a585beb87e
- Introduced windows DLL build and SYS_LDFLAGS
2011-06-21 08:59:44 +00:00
Paul Bakker
39bb418d93
- Made second argument of f_send() prototype and of net_send() const
2011-06-21 07:36:43 +00:00
Paul Bakker
9c021adeff
- Added regular error codes for generic message digest layer
2011-06-09 15:55:11 +00:00
Paul Bakker
ff61a78a27
- Added and updated cipher error codes and documentation
2011-06-09 15:42:02 +00:00
Paul Bakker
343a870daa
- Expanded generic cipher layer with support for CTR and CFB128 modes of operation.
2011-06-09 14:27:58 +00:00
Paul Bakker
1ef71dffc7
- Updated unsignedness in some missed cases
2011-06-09 14:14:58 +00:00
Paul Bakker
27fdf46d16
- Removed deprecated casts to int for now unsigned values
2011-06-09 13:55:13 +00:00
Paul Bakker
887bd502d2
- Undid fix for ssl_write that introduced a true bug when buffers are running full.
2011-06-08 13:10:54 +00:00
Paul Bakker
828acb2234
- Updated for release 0.99-pre5
2011-05-27 09:25:42 +00:00
Paul Bakker
5690efccc4
- Fixed a whole bunch of dependencies on defines between files, examples and tests
2011-05-26 13:16:06 +00:00
Paul Bakker
192381aa89
- Made listen backlog number a define
2011-05-20 12:31:31 +00:00
Paul Bakker
2f5947e1f6
- Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter functions.
2011-05-18 15:47:11 +00:00
Paul Bakker
831a755d9e
- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
...
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
6c591fab72
- mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases.
2011-05-05 11:49:20 +00:00
Paul Bakker
f968857a82
- Removed conversions to int when not needed to prevent signed / unsigned situations
...
- Maximized mpi limb size
2011-05-05 10:00:45 +00:00
Paul Bakker
31cacd7cf8
- Re-organized object files
2011-04-25 15:31:41 +00:00
Paul Bakker
335db3f121
- Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO
2011-04-25 15:28:35 +00:00
Paul Bakker
f4f6968a86
- Improved compile-time compatibility with mingw32 64-bit versions
2011-04-24 16:08:12 +00:00
Paul Bakker
2eee902be3
- Better timer for Windows platforms
...
- Made alarmed volatile for better Windows compatibility
2011-04-24 15:28:55 +00:00
Paul Bakker
a755ca1bbe
- Renamed t_s_int, t_int and t_dbl to respectively t_sint, t_uint and t_udbl for clarity
2011-04-24 09:11:17 +00:00
Paul Bakker
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
Paul Bakker
e91d01e144
- Fixed typo
2011-04-19 15:55:50 +00:00
Paul Bakker
b6ecaf5276
- Added additional (configurable) cipher block modes. AES-CTR, Camellia-CTR, XTEA-CBC
2011-04-19 14:29:23 +00:00
Paul Bakker
af5c85fc10
- Improved portability with Microsoft Visual C
2011-04-18 03:47:52 +00:00
Paul Bakker
a493ad4539
- Dropped designated initializers as they are not supported on Microsoft Visual C
2011-04-18 03:29:41 +00:00
Paul Bakker
eaa89f8366
- Do not depend on dhm code if POLARSSL_DHM_C not defined
2011-04-04 21:36:15 +00:00
Paul Bakker
3efa575ff2
- Ready for release 0.99-pre4
2011-04-01 12:23:26 +00:00
Paul Bakker
99a03afc22
- Fixed possible uninitialized values
2011-04-01 11:39:39 +00:00
Paul Bakker
0216cc1bee
- Added flag to disable Chinese Remainder Theorem when using RSA private operation (POLARSSL_RSA_NO_CRT)
2011-03-26 13:40:23 +00:00
Paul Bakker
287781a965
- Added mpi_fill_random() for centralized filling of big numbers with random data (Fixed ticket #10 )
2011-03-26 13:18:49 +00:00
Paul Bakker
66b78b2d16
- Added missing rsa_init() call in x509parse_self_test()
2011-03-25 14:22:50 +00:00
Paul Bakker
53019ae6f7
- RSASSA-PSS verification now properly handles salt lengths other than hlen
2011-03-25 13:58:48 +00:00
Paul Bakker
1fd00bfe82
- Fixed bug in ssl_write() when flushing old data (Fixes ticket #18 )
2011-03-14 20:50:15 +00:00
Paul Bakker
be4e7dca08
- Debug print of MPI now removes leading zero octets and displays actual bit size of the value
2011-03-14 20:41:31 +00:00
Paul Bakker
9dcc32236b
- Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21)
2011-03-08 14:16:06 +00:00
Paul Bakker
fea43a2501
- Re-added removed dhm test values
2011-03-08 13:58:16 +00:00
Paul Bakker
646f65c9bd
- Fixed faulty test server key
2011-03-02 14:47:44 +00:00
Paul Bakker
345a6fee91
- Replaced function that fixes man-in-the-middle attack
...
- Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
- Released version 0.99-pre3
2011-02-28 21:20:02 +00:00
Paul Bakker
5a1494fb30
- Added pem to library
2011-02-25 09:48:49 +00:00
Paul Bakker
1946e42dd4
- Made ready for 0.99-pre2 release
2011-02-25 09:39:39 +00:00
Paul Bakker
c47840efd5
- Updated sanity checks
2011-02-20 16:37:30 +00:00
Paul Bakker
e2a39cc0fa
- Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12 )
2011-02-20 13:49:27 +00:00
Paul Bakker
9e7606fcd8
- Updated certificates for new test versions
2011-02-20 13:34:20 +00:00
Paul Bakker
400ff6f0fd
- Corrected parsing of UTCTime dates before 1990 and after 1950
...
- Support more exotic OID's when parsing certificates
- Support more exotic name representations when parsing certificates
- Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5
- Parsing of PEM files moved to separate module (Fixes ticket #13 ). Also possible to remove PEM support for systems only using DER encoding
...
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5 )
- Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
46eb13828e
- Makefiles now respect external CFLAGS and LDFLAGS. Closes ticket #2
2011-01-30 17:10:13 +00:00
Paul Bakker
cdf07e9979
- Information about missing or non-verified client certificate is not provided as well.
2011-01-30 17:05:13 +00:00
Paul Bakker
9fc4659b30
- Preparing for Release of 0.99 prerelease 1
2011-01-30 16:59:02 +00:00
Paul Bakker
e3166ce040
- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
...
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
dbee2cad7d
- Removed application code from library source file
2011-01-27 16:38:52 +00:00
Paul Bakker
f3b86c1e62
- Updated Doxygen documentation generation and documentation on small parts
2011-01-27 15:24:17 +00:00
Paul Bakker
562535d11b
- Split current md_starts() and md_hmac_starts() functionality into separate md_init_ctx() for allocating the context and the existing starts() functions to initialize the message digest for use.
2011-01-20 16:42:01 +00:00
Paul Bakker
a885d6835f
- Require different input and output buffer in cipher_update()
...
- Fixed style typos
2011-01-20 16:35:05 +00:00
Paul Bakker
e9426948fa
- Added extra compiler warnings by default
2011-01-18 16:28:42 +00:00
Paul Bakker
b06819bb5d
- Adapted CMake files for the PKCS#11 support
2011-01-18 16:18:38 +00:00
Paul Bakker
d61e7d98cb
- Cleaned up warning-generating code
2011-01-18 16:17:47 +00:00
Paul Bakker
43b7e35b25
- Support for PKCS#11 through the use of the pkcs11-helper library
2011-01-18 15:27:19 +00:00
Paul Bakker
0f5f72e949
- Fixed doxygen syntax to standard '\' instead of '@'
2011-01-18 14:58:55 +00:00
Paul Bakker
3cccddb238
- Fixed identification of non-critical CA certificates
2011-01-16 21:46:31 +00:00
Paul Bakker
b619499eb3
- x509parse_time_expired() checks time now in addition to the existing date check
2011-01-16 21:40:22 +00:00
Paul Bakker
a056efc8f9
- Fixed serial length check
2011-01-16 21:38:35 +00:00
Paul Bakker
dd47699ba5
- Moved storing of a printable serial into a separate function
2011-01-16 21:34:59 +00:00
Paul Bakker
72f6266f02
- Improved information provided about current Hashing, Cipher and Suite capabilities
2011-01-16 21:27:44 +00:00
Paul Bakker
76fd75a3de
- Improved certificate validation and validation against the available CRLs
2011-01-16 21:12:10 +00:00
Paul Bakker
43ca69c38a
- Added function for stringified SSL/TLS version
2011-01-15 17:35:19 +00:00
Paul Bakker
1f87fb6896
- Support for DES weak keys and parity bits added
2011-01-15 17:32:24 +00:00
Paul Bakker
74111d30b7
- Improved X509 certificate parsing to include extended certificate fields, such as Key Usage
2011-01-15 16:57:55 +00:00
Paul Bakker
b63b0afc05
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Paul Bakker
8123e9d8f1
- Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 15:37:30 +00:00
Paul Bakker
6d46812123
- Fixed typo
2011-01-06 15:35:45 +00:00
Paul Bakker
1737385e04
- Added generic message digest wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 14:20:01 +00:00
Paul Bakker
b94081bfc1
- Make A only smaller if it is larger than |X| - 1
2011-01-05 15:53:06 +00:00
Paul Bakker
9d3a7e4188
- Added CMake option USE_SHARED_POLARSSL_LIBRARY to allow for building of shared PolarSSL library
2011-01-05 15:24:43 +00:00
Paul Bakker
547f73d66f
- Added install targets to the CMake files
2011-01-05 15:07:54 +00:00
Paul Bakker
21eb2802fe
- Changed origins of random function and pointer in rsa_pkcs1_encrypt, rsa_init, rsa_gen_key.
...
Moved to parameters of function instead of context pointers as within ssl_cli, context pointer cannot be set easily.
2010-08-16 11:10:02 +00:00
Paul Bakker
61c324bbdd
- Enabled TLSv1.1 support in server as well
2010-07-29 21:09:03 +00:00
Paul Bakker
2e11f7d966
- Added support for TLS v1.1
...
- Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Paul Bakker
b96f154e51
- Fixed copyright message
2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc
- Updated Copyright to correct entity
2010-07-18 10:13:04 +00:00
Paul Bakker
ff7fe670bb
- Minor DHM code cleanup/comments
2010-07-18 09:45:05 +00:00
Paul Bakker
545570e208
- Added initialization for RSA where needed
2010-07-18 09:00:25 +00:00
Paul Bakker
b572adf5e6
- Removed dependency on rand() in rsa_pkcs1_encrypt(). Now using random fuction provided to context
...
- Expanded ssl_client2 arguments for more flexibility
- rsa_check_private() now supports PKCS1v2 keys as well
- Fixed deadlock in rsa_pkcs1_encrypt() on failing random generator
2010-07-18 08:29:32 +00:00
Paul Bakker
08f3c30547
- Enlarged buffer to allow better debugging.
2010-07-08 06:54:25 +00:00
Paul Bakker
3ac1b2d952
- Added runtime and compiletime version information
2010-06-18 22:47:29 +00:00
Paul Bakker
77a43580da
- Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
2010-06-15 21:32:46 +00:00
Paul Bakker
699fbbcf29
- Added missing const fixes
2010-03-24 07:15:41 +00:00
Paul Bakker
57b7914445
- String peer_cn in ssl context made const as well.
2010-03-24 06:51:15 +00:00
Paul Bakker
ad7eca201d
- Reverted Makefile (Unmerged CMake fault)
2010-03-24 06:46:47 +00:00
Paul Bakker
2908713af1
- Corrected behaviour
2010-03-21 21:03:34 +00:00
Paul Bakker
fc8c4360b8
- Updated copyright line to 2010
2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194
- Removed copyright line for Christophe Devine for clarity
2010-03-21 17:30:05 +00:00
Paul Bakker
7d3b661bfe
- Added reset functionality for HMAC context. Speed-up for some use-cases.
2010-03-21 16:23:13 +00:00
Paul Bakker
baad6504d4
- Changed ARC4 to use seperate input/output buffer
2010-03-21 15:42:15 +00:00
Paul Bakker
f3ccc68100
- Fixed cipher interface for encrypt/decrypt functions
2010-03-18 21:21:02 +00:00
Paul Bakker
27d661657b
- Added x509_get_sig_alg() to allow easy future X509 signature algorithm determination expansion
2010-03-17 06:56:01 +00:00
Paul Bakker
41d13f4af8
- Found algorithmic bug in mpi_is_prime()
2010-03-16 21:26:36 +00:00
Paul Bakker
4ed999c4b2
- Added fixes for compiler warnings on a Mac
2010-03-16 21:16:16 +00:00
Paul Bakker
ff60ee6c2a
- Added const-correctness to main codebase
2010-03-16 21:09:09 +00:00
Paul Bakker
9120018f3d
- Added support for GeneralizedTime in X509 certificates
2010-02-18 21:26:15 +00:00
Paul Bakker
1f76115340
- Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request()
2010-02-18 18:16:31 +00:00
Paul Bakker
fe1aea7877
- Fixed typo in MD4 define
2009-10-03 20:09:14 +00:00
Paul Bakker
de4d2eae95
- Added handling of missing POLARSSL_MD5_C define and POLARSSL_SHA1_c define
2009-10-03 19:58:52 +00:00
Paul Bakker
77b385e91a
- Updated copyright messages on all relevant files
2009-07-28 17:23:11 +00:00
Paul Bakker
c6ce838d8f
- Better handling of extension parsing
2009-07-27 21:34:45 +00:00
Paul Bakker
b3bb6c0c66
- Fixed include location of endian.h and name clash on Apples (found by Martin van Hensbergen)
2009-07-27 21:09:47 +00:00
Paul Bakker
2a1fadffd7
- Increased size of generated value X
2009-07-27 21:05:24 +00:00
Paul Bakker
2b222c830b
- Changed interface for AES and Camellia setkey functions to indicate invalid key lengths.
2009-07-27 21:03:45 +00:00
Paul Bakker
9be19375e5
- Fill base data for x509_crl_entry in CRL correctly
...
- Internal structure of sequences is not optional anymore (as per RFC)
- nextUpdate handles optionality correct if no revokedCertificates are present.
- x509parse_crl_info handles the case of no entries correctly
2009-07-27 20:21:53 +00:00
Paul Bakker
c2547b0034
- Surpress warning of unused 'mode' parameter in Camellia
2009-07-20 20:40:52 +00:00
Paul Bakker
635f4b4cf9
- Updated error check on optional nextUpdate in CRL
2009-07-20 20:34:41 +00:00
Paul Bakker
854963cee3
- Fixed include location of endian.h on FreeBSD (found by Gabriel)
2009-07-19 20:50:11 +00:00
Paul Bakker
38e2b482ff
- Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE.
2009-07-19 20:41:06 +00:00
Paul Bakker
fc22c441bc
- Renamed RSA_RAW to SIG_RSA_RAW for consistency in the code.
2009-07-19 20:36:27 +00:00
Paul Bakker
1e27bb24bc
- Added newline at end of CRL info
2009-07-19 20:25:25 +00:00
Paul Bakker
2fd71f0757
- Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared!
2009-07-11 20:40:58 +00:00
Paul Bakker
396c52f711
- Updated and cleaned CMakeList
2009-07-11 19:54:40 +00:00
Paul Bakker
37940d9ff6
- Added test coverage for X509parse
...
- Fixed segfault in rsa_check_privkey() and rsa_check_pubkey() and added test
2009-07-10 22:38:58 +00:00
Paul Bakker
1973e4c582
- Fixed selftest of X509parse code
2009-07-10 22:32:40 +00:00
Paul Bakker
367dae44b2
- Added CMake makefiles as alternative to regular Makefiles.
...
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and HMAC-SHA-family.
2009-06-28 21:50:27 +00:00
Paul Bakker
48eab260e9
- Corrected is_prime() results for 0, 1 and 2 (found by code coverage tests)
2009-06-25 21:25:49 +00:00
Paul Bakker
ce40a6d21d
- Fixed incorrect handling of negative first input value in mpi_mod_mpi() and mpi_mod_int(). Resulting change also affects mpi_write_string() (found by code coverage tests).
2009-06-23 19:46:08 +00:00
Paul Bakker
1ef7a53fa2
- Fixed incorrect handling of negative first input value in mpi_sub_abs() (found by code coverage tests).
2009-06-20 10:50:55 +00:00
Paul Bakker
f7ca7b99dd
- Fixed incorrect handling of one single negative input value in mpi_add_abs() (found by code coverage tests).
2009-06-20 10:31:06 +00:00
Paul Bakker
05feca6f7c
- Fixed incorrect handling of negative strings in mpi_read_string() (found by code coverage tests).
2009-06-20 08:22:43 +00:00
Paul Bakker
cde51572df
- Fixed missing support for SHA2 in rsa_pkcs1_sign()
2009-05-17 10:11:56 +00:00
Paul Bakker
c81f6c3f06
- Made Camellia use uint32_t for 64-bit compatibility
2009-05-03 13:09:15 +00:00
Paul Bakker
0fdf3cacf2
- Modified XTEA to use uint32_t instead of unsigned long
2009-05-03 12:54:07 +00:00
Paul Bakker
40ea7de46d
- Added CRL revocation support to x509parse_verify()
...
- Fixed an off-by-one allocation in ssl_set_hostname()
- Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker
7d06ad2b52
- Fixed formatting
2009-05-02 15:53:56 +00:00
Paul Bakker
d98030e7d6
- Added prelimenary CRL parsing and info support
2009-05-02 15:13:40 +00:00
Paul Bakker
34a9056f39
- POLARSSL_HAVE_ASM also used in padlock and timing code.
2009-04-19 21:17:09 +00:00
Paul Bakker
1d4f30ca4d
- Made net_htons() endian-clean for big endian.
2009-04-19 18:55:16 +00:00
Paul Bakker
2b245ebd9f
- Moved file loading to load_file
2009-04-19 18:44:26 +00:00
Paul Bakker
7c6d4a4e6b
- Fixed new logic on certificate chains in x509parse_verify()
2009-03-28 20:35:47 +00:00
Paul Bakker
e9581d66b0
- Fixed logic error on end of 'full' chain
2009-03-28 20:29:25 +00:00
Paul Bakker
320a4b59a8
- Added input handling for x509parse_crt()
...
- Prevented memory leak by only adding new certificate if needed in x509parse_crt()
- Add certificate before parsing if chain is 'full' in x509parse_crt()
2009-03-28 18:52:39 +00:00
Paul Bakker
ef75f25be7
- Proper sequence of ciphersuites
2009-03-28 18:43:23 +00:00
Paul Bakker
026c03b7f4
- Made changes for better compatibility with old-style C compilers
2009-03-28 17:53:03 +00:00
Paul Bakker
70b3eed2aa
- Moved mpi_gcd() outside of the POLARSSL_GENPRIME define. Is needed in rsa.c for normal use.
2009-03-14 18:01:25 +00:00
Paul Bakker
8cda68bcdc
- Updated certificates to PolarSSL certificates
2009-02-10 22:19:29 +00:00
Paul Bakker
4593aeadaf
- Added support for RFC4055 SHA2 and SHA4 signature algorithms for
...
use with PKCS#1 v1.5 signing and verification.
- Added extra certificates to test-ca and test code to further test
functionality of SHA2 and SHA4 signing and verification.
- Updated other program files accordingly
2009-02-09 22:32:35 +00:00
Paul Bakker
3681b118ec
- Enlarged debug buffer to facilitate long certificate values and filenames
2009-02-07 17:14:21 +00:00
Paul Bakker
2da561c2a1
- Moved debug message in ssl_free() before clearing of ssl context
2009-02-05 18:00:28 +00:00
Paul Bakker
4e0d7ca233
- Fixed a bug in mpi_gcd() that prevented correct funtioning when both input numbers are even.
2009-01-29 22:24:33 +00:00
Paul Bakker
785a9eeece
- Added email address to header license information
2009-01-25 14:15:10 +00:00
Paul Bakker
864801ef41
- Added license replacement script
2009-01-25 11:59:46 +00:00
Paul Bakker
fa049dba45
- Added POLARSSL_CAMELLIA_SMALL_MEMORY define for SBOX'es
2009-01-12 22:12:03 +00:00
Paul Bakker
060c56871c
- Fixed possible heap overflow in pkcs1_decrypt on data larger than output
...
buffer after padding. For instance the premaster decryption in
ssl_parse_client_key_exchange() in ssl_serv.c (Thanks to Christophe
Devine)
2009-01-12 21:48:39 +00:00
Paul Bakker
c32c6b56ca
- Minimally optimized camellia_feistel()
...
- Removed debug code
2009-01-11 21:36:43 +00:00
Paul Bakker
b5ef0bada4
- Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL
2009-01-11 20:25:36 +00:00
Paul Bakker
38119b18d6
- Added first version of Camellia
2009-01-10 23:31:23 +00:00
Paul Bakker
7a7c78fd02
- Added XTEA Algorithm (Not used in SSL)
2009-01-04 18:15:48 +00:00
Paul Bakker
e0ccd0a7c3
- Updated Copyright notices
2009-01-04 16:27:10 +00:00
Paul Bakker
40e46940df
- First replacement of xyssl by polarssl where needed
2009-01-03 21:51:57 +00:00
Paul Bakker
5121ce5bdb
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00