4286 Commits

Author	SHA1	Message	Date
Brian Murray	53e23b684f	Minor CMAC fixes for merge	2016-10-05 14:19:17 +01:00
Brian Murray	9ce2e091de	cleaned up indentation and braket issues in mbedtls_cmac_verify	2016-10-05 14:19:17 +01:00
Brian Murray	ae1cb12d82	Changed test function to inline to pass tests/scripts/check-names.sh	2016-10-05 14:19:17 +01:00
Brian Murray	0cf14c10d4	Fixed some build warnings	2016-10-05 14:19:17 +01:00
Brian Murray	6a3c0d2d67	Do not zeroize null pointer	2016-10-05 14:19:17 +01:00
Brian Murray	4b64ab6664	Removed unneed memsets and fixed spacing	2016-10-05 14:19:16 +01:00
Brian Murray	87e4040bb9	No CMAC minimum tag length is specified by NIST SP800-38B A ... Minor Typo Changes	2016-10-05 14:19:16 +01:00
Brian Murray	617634e656	cmac.c whitespace cleanup	2016-10-05 14:19:16 +01:00
Brian Murray	2cfa5072ed	better handling of failed calloc	2016-10-05 14:19:16 +01:00
Brian Murray	57863ad7ed	selftest supports cmac if only MBEDTLS_DES_C is defined ... Other minor typo fixes	2016-10-05 14:19:16 +01:00
Brian Murray	9044b0295c	More cleanup of CMAC self tests	2016-10-05 14:19:16 +01:00
Brian Murray	b439d4556d	Only compile AES CMAC PRF support if MBEDTLS_AES_C is defined and other cleanups	2016-10-05 14:19:16 +01:00
Brian Murray	0f6af73599	More cleanup of CMAC selftests	2016-10-05 14:19:15 +01:00
Brian Murray	00dc5f0fc8	Fixed CMAC tag length	2016-10-05 14:19:15 +01:00
Brian Murray	b0c3c43dec	CMAC support for cipher with 64bit blocks (DES/3DES)	2016-10-05 14:19:15 +01:00
Brian Murray	8262ac3b54	Added cmac.o to libary/Makefile	2016-10-05 14:19:15 +01:00
Manuel Pégourié-Gonnard	7b555f2928	cmac: more cosmetic changes	2016-10-05 14:19:15 +01:00
Manuel Pégourié-Gonnard	ab9c5fd9b3	cmac: avoid useless wrapping of function ... probably a leftover from an earlier stage	2016-10-05 14:19:15 +01:00
Manuel Pégourié-Gonnard	d18c70708e	cmac: reduce visibility of macros ... The #undef is usefull for people who want to to amalgamated releases	2016-10-05 14:19:15 +01:00
Manuel Pégourié-Gonnard	2c06306364	cmac: some more padding-related tune-ups ... - use one less temporary buffer - pedantic: in_len + 15 was a potential overflow - use a more explicit name instead of 'flag' - Mn was a bit misleading	2016-10-05 14:19:14 +01:00
Manuel Pégourié-Gonnard	d2c3d3eddb	cmac: clean up padding function and comments	2016-10-05 14:19:14 +01:00
Manuel Pégourié-Gonnard	475f06f609	cmac: make subkey gen more constant-time ... The previous version had secret-dependent memory accesses. While it was probably not an issue in practice cause the two bytes of the array are probably on the same cache line anyway, as a matter of principle this should be avoided.	2016-10-05 14:19:14 +01:00
Manuel Pégourié-Gonnard	d6cf75474b	cmac: zeroize sensitive intermediate values	2016-10-05 14:19:14 +01:00
Manuel Pégourié-Gonnard	a610b4c04b	cmac: factor multiply by u to its own function ... We're doing exactly the same operation for K1 and K2.	2016-10-05 14:19:14 +01:00
Manuel Pégourié-Gonnard	3da5402a89	cmac: fix whitespace/codingstyle issues	2016-10-05 14:19:14 +01:00
Manuel Pégourié-Gonnard	690083c21d	cmac: improve argument order and naming ... - always use the pattern "buffer, length" - avoid using unqualified "length" as a name when there are more than one	2016-10-05 14:19:14 +01:00
Robert Cragie	3d23b1d5ed	Line endings wrong	2016-10-05 14:19:14 +01:00
Robert Cragie	48f2ff9dbe	Use autogenerated version_features.c	2016-10-05 14:19:13 +01:00
Robert Cragie	84a4c67741	Added CMAC as proper low-level module and changed error returns	2016-10-05 14:19:13 +01:00
Robert Cragie	8324818e0a	Added MBEDTLS_CMAC_C	2016-10-05 14:19:13 +01:00
Robert Cragie	dc5c7b98ac	Add support for AES-128-CMAC and AES-CMAC-PRF-128	2016-10-05 14:19:13 +01:00
Janos Follath	5437a75b15	Add safety check to sample mutex implementation ... Due to inconsistent freeing strategy in pkparse.c the sample mutex implementation in threading.c could lead to undefined behaviour by destroying the same mutex several times. This fix prevents mutexes from being destroyed several times in the sample threading implementation.	2016-09-30 09:29:55 +01:00
Andres AG	4b76aecaf3	Add check for validity of date in x509_get_time()	2016-09-28 14:32:54 +01:00
Andres AG	5a87c9375d	Fix overread when verifying SERVER_HELLO in DTLS	2016-09-28 14:26:57 +01:00
Andres AG	788aa4a812	Rename net.{c,h} to net_sockets.{c,h} ... The library/net.c and its corresponding include/mbedtls/net.h file are renamed to library/net_sockets.c and include/mbedtls/net_sockets.h respectively. This is to avoid naming collisions in projects which also have files with the common name 'net'.	2016-09-26 23:23:52 +01:00
Andres AG	4bdbe09f90	Fix sig->tag update in mbedtls_x509_get_sig()	2016-09-19 17:09:45 +01:00
Andres AG	f9113194af	Allow the entry_name size to be set in config.h ... Allow the size of the entry_name character array in x509_crt.c to be configurable through a macro in config.h. entry_name holds a path/filename string. The macro introduced in MBEDTLS_X509_MAX_FILE_PATH_LEN.	2016-09-16 11:42:35 +01:00
Simon Butcher	669c635ec0	Fix unused variable warnings for null entropy config	2016-09-15 18:57:34 +01:00
Andres Amaya Garcia	a928e67278	Documentation and entropy self test changes (#610) ... Ensure that the entropy self test always fails whenever MBEDTLS_TEST_NULL_ENTROPY is defined. This is because the option is meant to be for testing and development purposes rather than production quality software. Also, this patch enhances the documentation for mbedtls_entropy_source_self_test() and mbedtls_entropy_self_test().	2016-09-13 13:30:02 +01:00
Paul Bakker	29f221f183	Fix guards in SSL for ECDH key exchanges	2016-09-05 01:48:31 +03:00
palaviv	a9f90f00aa	Removing in compile time unused entries from oid_ecp_grp list	2016-09-04 15:14:38 +01:00
palaviv	06f1828fa2	Removing in compile time unused entries from oid_sig_alg list	2016-09-04 15:14:38 +01:00
palaviv	4636fc6b0d	oid_x520_attr_type list is defined only when MBEDTLS_X509_USE_C or MBEDTLS_X509_CREATE_C	2016-09-04 15:14:38 +01:00
palaviv	5730320225	Removing in compile time unused entries from oid_md_alg list	2016-09-04 15:14:38 +01:00
Andres AG	e7723ec284	Make entropy bias self test poll multiple times ... Instead of polling the hardware entropy source a single time and comparing the output with itself, the source is polled at least twice and make sure that the separate outputs are different.	2016-08-30 16:50:48 +01:00
Andres AG	b34e42e69e	Add a new self test to entropy module ... The self test is a quick way to check at startup whether the entropy sources are functioning correctly. The self test only polls 8 bytes from the default entropy source and performs the following checks: - The bytes are not all 0x00 or 0xFF. - The hardware does not return an error when polled. - The entropy does not provide data in a patter. Only check pattern at byte, word and long word sizes.	2016-08-30 16:50:48 +01:00
Paul Bakker	4400ecc9fb	Fix output of PKCS#5 and RIPEMD-160 self tests	2016-08-25 16:36:35 +01:00
Paul Bakker	217efbcb4b	Allow compilation without MBEDTLS_SELF_TEST enabled	2016-08-25 15:42:28 +01:00
Paul Bakker	c7d6bd4b5f	Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths ... As a consequence also adds coverage for reading 3 and 4 byte lengths (which were not covered before)	2016-08-25 15:42:27 +01:00
Paul Bakker	7eb1243fb4	Add check for lengths over 65535 in mbedtls_asn1_write_len()	2016-08-25 15:42:27 +01:00
Matthias Weisser	3f21a35c36	Added checking for QNX operating system to make mbedtls build on QNX	2016-08-18 07:55:05 +02:00
Simon Butcher	23e9778684	Adds missing conditions for platform time ... In platform.c, made the time functions dependent on the configuration MBEDTLS_HAVE_TIME to fix a build break where the functions could be built but the mbedtls_time_t was not defined.	2016-07-13 14:47:07 +01:00
Simon Butcher	b5b6af2663	Puts platform time abstraction into its own header ... Separates platform time abstraction into it's own header from the general platform abstraction as both depend on different build options. (MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)	2016-07-13 14:46:18 +01:00
Simon Butcher	905cef6c2c	Changed library version number to 2.3.0	2016-06-27 19:36:45 +01:00
Simon Butcher	ab069c6b46	Merge branch 'development' into development-restricted	2016-06-23 21:42:26 +01:00
Brian J Murray	e7be5bdb96	Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502) ... * Fixed unchecked calls to mbedtls_md_setup in rsa.c: * style fixes	2016-06-23 20:57:03 +01:00
Jussi Kivilinna	4b541bec0f	Fix unused variable in AES selftest when CBC and CFB disabled (#393) ... This commit fixes following warning: > CC: aes.c > aes.c: In function 'mbedtls_aes_self_test': > aes.c:1225:19: error: unused variable 'iv' [-Werror=unused-variable] > unsigned char iv[16]; > ^ > cc1: all warnings being treated as errors	2016-06-22 16:48:16 +01:00
Janos Follath	1b8571cd25	Merge branch 'development' into development-restricted	2016-06-21 13:51:17 +01:00
Simon Butcher	1ceab6e43a	Adds a check and warning for the null entropy option ... If the option MBEDTLS_TEST_NULL_ENTROPY is enabled, the cmake generated makefile will generate an error unless a UNSAFE_BUILD switch is also enabled. Equally, a similar warning will always be generated if the Makefile is built, and another warning is generated on every compilation of entropy.c. This is to ensure the user is aware of what they're doing when they enable the null entropy option.	2016-06-21 10:14:00 +01:00
Janos Follath	15ab7ed0f3	Merge branch 'development' into development-restricted ... Conflicts: programs/pkey/rsa_decrypt.c programs/pkey/rsa_encrypt.c programs/test/selftest.c	2016-06-14 09:20:46 +01:00
Simon Butcher	124646e4b5	Updates version feature list for NV Seed	2016-06-12 11:56:03 +01:00
Simon Butcher	4157b6004d	Renames null entropy source function for clarity	2016-06-12 00:31:33 +01:00
Simon Butcher	ab5df40054	Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY ... Following review and for clarity, changed the name of the feature to 'null entropy'.	2016-06-11 02:31:21 +01:00
Paul Bakker	bddf9ab8ff	Update features file	2016-06-10 19:42:15 +01:00
Paul Bakker	fc9c7c8bf4	Initial entropy run should be context specific ... Otherwise test influence each other. Is a change to the context but only if the NV seed feature is enabled	2016-06-10 19:42:15 +01:00
Paul Bakker	d5c9f6d226	Automatically update NV seed on initial entropy run ... Update the NV entropy seed before generating any entropy for outside use. The reason this is triggered here and not in mbedtls_entropy_init(), is that not all entropy sources mights have been added at that time.	2016-06-10 19:42:14 +01:00
Paul Bakker	9988d6bbd9	Introduce mbedtls_nv_seed_poll() entropy polling function	2016-06-10 19:42:14 +01:00
Paul Bakker	cf0a9f96c5	Introduce platform-layer functions for reading/writing seed from NV ... Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write(). The platform-layer functions are only available when MBEDTLS_ENTROPY_NV_SEED is enabled.	2016-06-10 19:42:14 +01:00
Janos Follath	51bcd9355b	Update version features.	2016-06-09 13:55:37 +01:00
Janos Follath	53de78444c	Add entropy safety switch. ... Add a switch that turns entropy collecting off entirely, but enables mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS on platforms that don't have their entropy sources integrated yet.	2016-06-09 11:54:54 +01:00
Janos Follath	ce52d7823c	Address user reported coverity issues.	2016-06-07 14:52:35 +01:00
Simon Butcher	78da223f68	Revert accidental changes to file mode of rsa.c	2016-06-07 14:52:34 +01:00
Janos Follath	a338691b46	Merge branch 'development' into development-restricted	2016-06-07 09:24:41 +01:00
Simon Butcher	50cdede726	Revert accidental changes to file mode of rsa.c	2016-06-06 20:15:33 +01:00
Janos Follath	0febc80396	Address issues find by manual coverity scan.	2016-06-03 15:40:57 +01:00
Janos Follath	04b591ee79	Merge branch 'development' for weekly test report.	2016-05-31 10:18:41 +01:00
-~- redtangent ~-~	9fa2e86d93	Add missing mbedtls_time_t definitions (#493) ... Add missing mbedtls_time_t definitions to sample applications and the error.c generation script. Fixes #490.	2016-05-26 10:07:49 +01:00
Simon Butcher	9c22e7311c	Merge branch 'development'	2016-05-24 13:25:46 +01:00
Simon Butcher	65b1fa6b07	Fixes warnings found by Clang static analyser ... Also removes annotations in the code to avoid warnings which don't appear to be needed.	2016-05-23 23:18:26 +01:00
Simon Butcher	584a547873	Fix whitespace and formatting in ssl_srv.c	2016-05-23 16:24:52 +01:00
Simon Butcher	29176897a1	Adds additional casts to calloc calls ... Casts added to allow compilation of the library as C++	2016-05-23 14:29:33 +01:00
Simon Butcher	88ffc089bc	Adds casts to zeroize functions to allow building as C++	2016-05-23 14:29:32 +01:00
Simon Butcher	97e829038a	Fixes whitespace errors in x509_crl.c	2016-05-23 14:29:32 +01:00
Brian Murray	930a3701e7	fix indentation in output of selftest.c	2016-05-23 14:29:32 +01:00
Paul Bakker	38d188896c	Cleanup ifdef statements	2016-05-23 14:29:31 +01:00
Simon Butcher	cc4eabd22a	Reverts change in commit daf534d ... Commit daf534d from PR #457 breaks the build. This may reintroduce a clang-analyse warning, but this is the wrong fix for that. The fix removed a call to mbedtls_ecp_curve_info_from_grp_id() to find the curve info. This fix adds that back in.	2016-05-23 14:29:31 +01:00
Simon Butcher	da01266599	Corrects incorrectly named function in ctr_drbg.c comment	2016-05-23 14:29:31 +01:00
Simon Butcher	80119c5d28	Fixes minor typos in comments in pk.h and ctr_drbg.c ... Fixes typos in PRs #475 and #437	2016-05-23 14:29:30 +01:00
SimonB	99cff58958	Fixes memory leak in memory_buffer_alloc.c debug ... Debug symbols were being leaked in memory_buffer_alloc.c	2016-05-23 14:29:29 +01:00
Nicholas Wilson	1b666554c9	Silence a clang-analyze warning ... The check is already effectively performed later in the function, but implicitly, so Clang's analysis fail to notice the functions are in fact safe. Pulling the check up to the top helps Clang to verify the behaviour.	2016-05-23 14:29:29 +01:00
Nicholas Wilson	f0021645b0	Refactor slightly to silence a clang-analyze warning ... Since the buffer is used in a few places, it seems Clang isn't clever enough to realise that the first byte is never touched. So, even though the function has a correct null check for ssl->handshake, Clang complains. Pulling the handshake type out into its own variable is enough for Clang's analysis to kick in though.	2016-05-23 14:29:28 +01:00
Nicholas Wilson	b47fd5e8c9	Remove a dead store to silence clang-analyze	2016-05-23 14:29:28 +01:00
Nicholas Wilson	e735303026	Shut up a few clang-analyze warnings about use of uninitialized variables ... The functions are all safe, Clang just isn't clever enough to realise it.	2016-05-23 14:29:28 +01:00
Nicholas Wilson	91c68a5e15	Shut up a clang-analyzer warning ... The function appears to be safe, since grow() is called with sensible arguments in previous functions. Ideally Clang would be clever enough to realise this. Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will cause the grow to fail, the affected lines in montmul won't be reached. Having this sanity check can hardly hurt though.	2016-05-23 14:29:28 +01:00
Attila Molnar	2791ba1429	Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error	2016-05-23 14:29:28 +01:00
Alexey Skalozub	c8404607ea	Move K inside MBEDTLS_SHA512_PROCESS_ALT block ... It is used only by `mbedtls_sha512_process()`, and in case `MBEDTLS_SHA512_PROCESS_ALT` is defined, it still cannot be reused because of `static` declaration.	2016-05-23 14:29:28 +01:00
James Cowgill	5c1e24ca05	Fix build errors on x32 by using the generic 'add' instruction ... On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x registers (instead of %r?x registers). These registers must be accessed using "addl" instead of "addq", however the GNU assembler will acccept the generic "add" instruction and determine the correct opcode based on the registers passed to it.	2016-05-23 14:29:28 +01:00
Janos Follath	c6dab2b029	Fix non compliance SSLv3 in server extension handling. ... The server code parses the client hello extensions even when the protocol is SSLv3 and this behaviour is non compliant with rfc6101. Also the server sends extensions in the server hello and omitting them may prevent interoperability problems.	2016-05-23 14:27:02 +01:00
Simon Butcher	94bafdf834	Merge branch 'development'	2016-05-18 18:40:46 +01:00
Simon Butcher	db0feca55c	Fixes platform time_t abstraction ... Fixes platform abstraction in error.c and the file that it's generated from as well as DTLS samples.	2016-05-17 00:03:14 +01:00
Simon Butcher	c21bec8af4	Merge branch 'development'	2016-05-16 16:15:20 +01:00
Paul Bakker	21cc5741cf	Cleanup ifdef statements	2016-05-12 12:46:28 +01:00
Simon Butcher	2dd49d1e47	Reverts change in commit daf534d ... Commit daf534d from PR #457 breaks the build. This may reintroduce a clang-analyse warning, but this is the wrong fix for that. The fix removed a call to mbedtls_ecp_curve_info_from_grp_id() to find the curve info. This fix adds that back in.	2016-05-11 23:15:58 +01:00
Paul Bakker	9edf1eb062	Merge pull request #376 from jcowgill/x32 ... Support for x32	2016-05-11 20:40:08 +02:00
Paul Bakker	f4743a6f5e	Merge pull request #457 from NWilson/clang-analyze-fixes ... Clang analyze fixes	2016-05-11 20:20:42 +02:00
Paul Bakker	e1fbac4ac4	Merge pull request #409 from attilamolnar/fix-handle-leak ... Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error	2016-05-11 20:14:16 +02:00
Paul Bakker	aaee547547	Merge pull request #402 from pieceofsummer/sha512-process-alt-k ... Move K inside MBEDTLS_SHA512_PROCESS_ALT block	2016-05-11 20:12:45 +02:00
Simon Butcher	71c7ac5597	Corrects incorrectly named function in ctr_drbg.c comment	2016-05-10 23:47:30 +01:00
Simon Butcher	938f65c452	Merge 'development' into development	2016-05-10 20:58:54 +01:00
Simon Butcher	295639bfa1	Fixes minor typos in comments in pk.h and ctr_drbg.c ... Fixes typos in PRs #475 and #437	2016-05-10 19:39:36 +01:00
SimonB	4225611887	Fixes memory leak in memory_buffer_alloc.c debug ... Debug symbols were being leaked in memory_buffer_alloc.c	2016-05-05 14:24:17 +01:00
Simon Butcher	e4a46f696f	Merge branch 'development'	2016-04-27 18:44:37 +01:00
Simon Butcher	3fe6cd3a2d	Fixes time() abstraction for custom configs ... Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration.	2016-04-26 19:51:29 +01:00
SimonB	d5800b7761	Abstracts away time()/stdlib.h into platform ... Substitutes time() into a configurable platform interface to allow it to be easily substituted.	2016-04-26 14:49:59 +01:00
Alexey Skalozub	e17a8da17e	Rename MPI zeroize function to mbedtls_mpi_zeroize ... Avoid naming confusion	2016-04-25 16:01:07 +01:00
Alexey Skalozub	3d53f41638	Faster mbedtls_zeroize for MPI ... Writes in `sizeof(mbedtls_mpi_uint)` units perform faster than plain chars, also eliminates multiplication by `ciL`	2016-04-25 16:00:50 +01:00
Janos Follath	8a3170571e	Fix bug in ssl_write_supported_elliptic_curves_ext ... Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a crash later in ssl_write_supported_elliptic_curves_ext. #373	2016-04-22 00:41:54 +01:00
Simon Butcher	2300776816	Merge branch 'development'	2016-04-19 10:39:36 +01:00
Janos Follath	1ed9f99ef3	Fix null pointer dereference in the RSA module. ... Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt	2016-04-19 10:16:31 +01:00
Simon Butcher	3f5c875654	Adds test for odd bit length RSA key size ... Also tidy up ChangeLog following review.	2016-04-15 19:06:59 +01:00
Janos Follath	10c575be3e	Fix odd bitlength RSA key generation ... Fix issue that caused a hang up when generating RSA keys of odd bitlength.	2016-04-15 18:49:13 +01:00
Nicholas Wilson	42d47f0fb5	Silence a clang-analyze warning ... The check is already effectively performed later in the function, but implicitly, so Clang's analysis fail to notice the functions are in fact safe. Pulling the check up to the top helps Clang to verify the behaviour.	2016-04-13 11:57:36 +01:00
Nicholas Wilson	5d5e421d08	Refactor slightly to silence a clang-analyze warning ... Since the buffer is used in a few places, it seems Clang isn't clever enough to realise that the first byte is never touched. So, even though the function has a correct null check for ssl->handshake, Clang complains. Pulling the handshake type out into its own variable is enough for Clang's analysis to kick in though.	2016-04-13 11:57:36 +01:00
Nicholas Wilson	daf534dcf9	Remove a dead store to silence clang-analyze	2016-04-13 11:57:36 +01:00
Nicholas Wilson	409401c044	Shut up a few clang-analyze warnings about use of uninitialized variables ... The functions are all safe, Clang just isn't clever enough to realise it.	2016-04-13 11:56:22 +01:00
Nicholas Wilson	2cc69fffcf	Shut up a clang-analyzer warning ... The function appears to be safe, since grow() is called with sensible arguments in previous functions. Ideally Clang would be clever enough to realise this. Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will cause the grow to fail, the affected lines in montmul won't be reached. Having this sanity check can hardly hurt though.	2016-04-13 11:56:22 +01:00
Simon Butcher	078bcdd6f6	Merge branch 'IOTSSL-628-BufferOverread'	2016-03-16 22:53:11 +00:00
Simon Butcher	184990c1d4	Merge development into development-restricted	2016-03-16 13:56:00 +00:00
Simon Butcher	4b852db299	Merge branch 'iotssl-629-der-trailing-bytes' ... Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer following DER certificates to be included in the raw representation.	2016-03-12 23:28:26 +00:00
Simon Butcher	0203745e23	Swap C++ comments to C for style consistency in rsa.c	2016-03-09 21:06:20 +00:00
Janos Follath	c69fa50d4c	Removing 'if' branch from the fix. ... This new error shouldn't be distinguishable from other padding errors. Updating 'bad' instead of adding a new 'if' branch.	2016-03-09 21:06:19 +00:00
Janos Follath	b6eb1ca01c	Length check added	2016-03-09 21:06:19 +00:00
Manuel Pégourié-Gonnard	370717b571	Add precision about exploitability in ChangeLog ... Also fix some whitespace while at it.	2016-03-09 21:06:19 +00:00
Janos Follath	eddfe8f6f3	Included tests for the overflow	2016-03-09 21:06:19 +00:00
Janos Follath	b437b4b125	X509: Fix bug triggered by future CA among trusted ... Fix an issue that caused valid certificates being rejected whenever an expired or not yet valid version of the trusted certificate was before the valid version in the trusted certificate list.	2016-03-09 19:32:10 +00:00
Simon Butcher	e846b5128f	Use the SSL IO and time callback typedefs consistently ... The callback typedefs defined for mbedtls_ssl_set_bio() and mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were referenced in structures or in code.	2016-03-09 19:32:09 +00:00
Simon Butcher	c0957bdc13	Fix some minor typos in comments ... Fix spelling mistakes and typos.	2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard	0c6aad90f2	x509: remove obsolete TODO comment ... - basicContraints checks are done during verification - there is no need to set extensions that are not present to default values, as the code using the extension will check if it was present using ext_types. (And default values would not make sense anyway.)	2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard	986bbf24ce	x509: ... -	2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard	d1b7f2b8cf	ssl: ignore CertificateRequest's content for real ... - document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI.	2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard	56e9ae2bf2	Remove unnecessary TODO comment ... We don't implement anonymous key exchanges, and we don't intend to, so it can never happen that an unauthenticated server requests a certificate from us.	2016-03-09 19:32:09 +00:00
Manuel Pégourié-Gonnard	eeef947040	Clarify documentation about missing CRLs ... Also tune up some working while at it.	2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard	214a84889c	Update note about hardcoded verify_data_length	2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard	967994a05e	Remove unused code. ... After the record contents are decompressed, in_len is no longer accessed directly, only in_msglen is accessed. in_len is only read by ssl_parse_record_header() which happens before ssl_prepare_record_contents(). This is also made clear by the fact that in_len is not touched after decrypting anyway, so if it was accessed after that it would be wrong unless decryption is used - as this is not the case, it show in_len is not accessed.	2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard	9d6241269a	Add note about not implementing PSK id_hint	2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard	325ce093f9	Give better error messages for semi-portable parts ... Previously it was failing with errors about headers not found, which is suboptimal in terms of clarity. Now give a clean error with pointer to the documentation. Do the checks in the .c files rather than check_config.h as it keeps them closer to the platform-specific implementations.	2016-02-22 10:47:32 +01:00
Janos Follath	cc0e49ddde	x509: trailing bytes in DER: fix bug ... Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. #377	2016-02-17 14:41:36 +00:00
Janos Follath	c17cda1ab9	Moved underflow test to better reflect time constant behaviour.	2016-02-11 11:08:18 +00:00
Janos Follath	4ae5c294a4	Add Changelog entry and improve coding style	2016-02-10 11:27:43 +00:00
Janos Follath	ca214b9aaf	Updated relevant #ifdef	2016-02-09 16:53:08 +00:00
Janos Follath	b8afe1bb2c	Included test for integer underflow.	2016-02-09 14:51:35 +00:00
Attila Molnar	d19ea90f11	Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error	2016-01-26 11:39:26 +01:00
Simon Butcher	bdae02ce90	Corrected references for RSA and DHM ... The links in the references in rsa.c and dhm.c were no longer valid and needed updating.	2016-01-20 00:44:42 +00:00
Alexey Skalozub	8e75e68531	Remove redundant i increments ... Doesn't matter performance-wise, but still...	2016-01-13 21:59:27 +02:00
Alexey Skalozub	00b78a9c54	Move K inside MBEDTLS_SHA512_PROCESS_ALT block ... It is used only by `mbedtls_sha512_process()`, and in case `MBEDTLS_SHA512_PROCESS_ALT` is defined, it still cannot be reused because of `static` declaration.	2016-01-13 17:39:58 +02:00
Manuel Pégourié-Gonnard	3551901cd1	Make ar invocation more portable ... armar doesn't understand the syntax without dash. OTOH, the syntax with dash is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as bundled with OS X) and armar, so it looks like the most portable syntax. fixes #386	2016-01-07 13:55:05 +01:00
Manuel Pégourié-Gonnard	e9c1b1a3bf	Merge remote-tracking branch 'yanesca/iss309' into development ... * yanesca/iss309: Improved on the previous fix and added a test case to cover both types of carries. Removed recursion from fix #309. Improved on the fix of #309 and extended the test to cover subroutines. Tests and fix added for #309 (inplace mpi doubling).	2016-01-07 13:22:27 +01:00
Simon Butcher	bfafadb45d	Change version number to 2.2.1 ... Changed version for library files and yotta module	2016-01-04 22:26:36 +00:00
Simon Butcher	9803d07a63	Fix for MPI divide on MSVC ... Resolves multiple platform issues when building bignum.c with Microsoft Visual Studio.	2016-01-03 00:24:34 +00:00
Simon Butcher	1285ab5dc2	Fix for memory leak in RSA-SSA signing ... Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c	2016-01-01 21:42:47 +00:00
Simon Butcher	c4a6ce6a4c	Merge branch 'origin/iotssl-541-pathlen-bugfix'	2015-12-30 07:52:54 +00:00
Simon Butcher	c97b697939	Fix for unused variable warning	2015-12-27 23:48:17 +00:00
Simon Butcher	f5ba04541e	Fix for compiler warnings and style ... Changes for C90 compliance, and style following review	2015-12-27 23:01:55 +00:00
Simon Butcher	4c2bfdbff6	Merge 'iotssl-558-md5-tls-sigs-restricted'	2015-12-23 18:33:54 +00:00
Simon Butcher	9c2626c641	Merge 'iotssl-566-double-free-restricted'	2015-12-23 16:42:03 +00:00
Simon Butcher	fabce5e137	Merge branch 'misc' into development ... Fixes github #358, #362 and IOTSSL-536	2015-12-22 18:56:56 +00:00
James Cowgill	6c8edca2d4	Fix build errors on x32 by using the generic 'add' instruction ... On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x registers (instead of %r?x registers). These registers must be accessed using "addl" instead of "addq", however the GNU assembler will acccept the generic "add" instruction and determine the correct opcode based on the registers passed to it.	2015-12-17 01:40:26 +00:00
Simon Butcher	207990dcf5	Added description of change to the Changelog ... Also clarified some comments following review.	2015-12-16 01:51:30 +00:00
Manuel Pégourié-Gonnard	1e07562da4	Fix wrong length limit in GCM ... See for example page 8 of http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf The previous constant probably came from a typo as it was 2^26 - 2^5 instead of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than 2^32 as the ull suffix and cast to uint64_t show. fixes #362	2015-12-10 14:54:21 +01:00
Manuel Pégourié-Gonnard	7f17155ac6	Avoid seemingly-possible overflow ... By looking just at that test, it looks like 2 + dn_size could overflow. In fact that can't happen as that would mean we've read a CA cert of size is too big to be represented by a size_t. However, it's best for code to be more obviously free of overflow without having to reason about the bigger picture.	2015-12-10 14:36:25 +01:00
Manuel Pégourié-Gonnard	97b5209bc0	Fix potential double free in cert writing code ... In case an entry with the given OID already exists in the list passed to mbedtls_asn1_store_named_data() and there is not enough memory to allocate room for the new value, the existing entry will be freed but the preceding entry in the list will sill hold a pointer to it. (And the following entries in the list are no longer reachable.) This results in memory leak or a double free. The issue is we want to leave the list in a consistent state on allocation failure. (We could add a warning that the list is left in inconsistent state when the function returns NULL, but behaviour changes that require more care from the user are undesirable, especially in a stable branch.) The chosen solution is a bit inefficient in that there is a time where both blocks are allocated, but at least it's safe and this should trump efficiency here: this code is only used for generating certificates, which is unlikely to be done on very constrained devices, or to be in the critical loop of anything. Also, the sizes involved should be fairly small anyway. fixes #367	2015-12-10 11:23:55 +01:00
Manuel Pégourié-Gonnard	d80532481a	Fix levels of some debug messages ... Messages about returning an error code that will be propagated all the way up to the user should always be level 1.	2015-12-08 09:55:44 +01:00
Manuel Pégourié-Gonnard	47229c7cbb	Disable MD5 in handshake signatures by default	2015-12-04 15:02:56 +01:00
Manuel Pégourié-Gonnard	e2e25e7427	DTLS: avoid dropping too many records ... When the peer retransmits a flight with many record in the same datagram, and we already saw one of the records in that datagram, we used to drop the whole datagram, resulting in interoperability failure (spurious handshake timeouts, due to ignoring record retransmitted by the peer) with some implementations (issues with Chrome were reported). So in those cases, we want to only drop the current record, and look at the following records (if any) in the same datagram. OTOH, this is not something we always want to do, as sometime the header of the current record is not reliable enough. This commit introduces a new return code for ssl_parse_header() that allows to distinguish if we should drop only the current record or the whole datagram, and uses it in mbedtls_ssl_read_record() fixes #345	2015-12-03 16:13:17 +01:00
Manuel Pégourié-Gonnard	1630888aa0	Fix two more compiler warnings ... - declaration after statement - always true comparison due to limited range of operand	2015-12-01 10:27:00 +01:00
Manuel Pégourié-Gonnard	e3e8edfa51	Fix potential integer overflow in prev. commit ... Found by Clang's -Wshift-count-overflow	2015-12-01 09:34:36 +01:00
Simon Butcher	15b15d1361	Added integer divide by as separate function ... Added 64bit integer divided by 32bit integer, with remainder	2015-11-26 19:35:03 +00:00
Manuel Pégourié-Gonnard	f4569b14c4	Fix bug checking pathlen on first intermediate ... Remove check on the pathLenConstraint value when looking for a parent to the EE cert, as the constraint is on the number of intermediate certs below the parent, and that number is always 0 at that point, so the constraint is always satisfied. The check was actually off-by-one, which caused valid chains to be rejected under the following conditions: - the parent certificate is not a trusted root, and - it has pathLenConstraint == 0 (max_pathlen == 1 in our representation) fixes #280	2015-11-19 11:10:38 +01:00
Simon Butcher	8254ed2a9f	Change version number to 2.2.0 ... Changed for library and yotta module	2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard	bd3639852c	Merge branch 'iotssl-519-asn1write-overflows-restricted' into development-restricted ... * iotssl-519-asn1write-overflows-restricted: Fix other int casts in bounds checking Fix other occurrences of same bounds check issue Fix potential buffer overflow in asn1write	2015-11-02 11:07:30 +09:00
Manuel Pégourié-Gonnard	537e2a9b58	Merge branch 'iotssl-518-winpathlen-restricted' into development-restricted ... * iotssl-518-winpathlen-restricted: Fix potential heap corruption on Windows	2015-11-02 11:04:59 +09:00
Manuel Pégourié-Gonnard	f8b2442e2f	Merge branch 'iotssl-517-double-free-restricted' into development-restricted ... * iotssl-517-double-free-restricted: Fix potential double-free in ssl_conf_psk()	2015-11-02 11:03:32 +09:00
Manuel Pégourié-Gonnard	0a543a8bc5	Merge pull request #320 from Inikup/fix-issue-318 ... Fix boolean values according to DER specs	2015-11-02 05:52:42 +09:00
Manuel Pégourié-Gonnard	ba1d897987	Merge branch 'bugfixes' into development ... * bugfixes: Fix typo in an OID name Disable reportedly broken assembly of Sparc(64)	2015-11-02 05:50:41 +09:00
Manuel Pégourié-Gonnard	568f1e7cb3	Merge branch 'iotssl-515-max-pathlen' into development ... * iotssl-515-max-pathlen: Add Changelog entries for this branch Fix a style issue Fix whitespace at EOL issues Use symbolic constants in test data Fixed pathlen contraint enforcement. Additional corner cases for testing pathlen constrains. Just in case. Added test case for pathlen constrains in intermediate certificates	2015-11-02 05:49:08 +09:00
Janos Follath	6c92268093	Improved on the previous fix and added a test case to cover both types ... of carries.	2015-10-30 17:50:12 +01:00
Manuel Pégourié-Gonnard	fb84d38b45	Try to prevent some misuse of RSA functions ... fixes #331	2015-10-30 10:56:25 +01:00
Manuel Pégourié-Gonnard	e670f90e48	Fix whitespace at EOL issues	2015-10-30 09:23:19 +01:00
Simon Butcher	204606238c	Merge branch 'development' into misc	2015-10-27 16:57:34 +00:00
Simon Butcher	459a950f31	Fixed typo in comment	2015-10-27 16:09:03 +00:00
Simon Butcher	62aab15085	Merge branch 'development' into iotssl-513-alerts	2015-10-27 16:05:34 +00:00
Simon Butcher	5f7c34b8b0	Merge branch iotssl-521-keylen-check	2015-10-27 15:14:55 +00:00
Simon Butcher	e357a64355	Merge pull request #328 from ARMmbed/iotssl-461-ecjpake-finalization ... Iotssl 461 ecjpake finalization	2015-10-27 00:08:31 +00:00
Janos Follath	3fc644f246	Removed recursion from fix #309.	2015-10-25 14:24:10 +01:00
Janos Follath	8483e28e21	Merge remote-tracking branch 'upstream/development' into iss309	2015-10-25 12:36:03 +01:00
Janos Follath	6cbacec3b3	Improved on the fix of #309 and extended the test to cover subroutines.	2015-10-25 12:31:27 +01:00
Janos Follath	044a86bde8	Tests and fix added for #309 (inplace mpi doubling).	2015-10-25 10:58:03 +01:00
Manuel Pégourié-Gonnard	65eefc8707	Fix missing check for RSA key length on EE certs ... - also adapt tests to use lesser requirement for compatibility with old testing material	2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard	de9f953b9f	Optimize more common cases in ecp_muladd()	2015-10-23 15:50:37 +02:00
Manuel Pégourié-Gonnard	fbdf06c1a4	Fix handling of non-fatal alerts ... fixes #308	2015-10-23 13:11:31 +02:00
Manuel Pégourié-Gonnard	5c2a7ca989	Fix warning in some reduced configs	2015-10-23 08:48:41 +02:00
Manuel Pégourié-Gonnard	e5f3072aed	Fix #ifdef inconsistency ... fixes #310 Actually all key exchanges that use a certificate use signatures too, and there is no key exchange that uses signatures but no cert, so merge those two flags.	2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard	66fc07362e	Fix typo in an OID name ... fixes #314	2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard	bc5e508855	Fix other int casts in bounds checking ... Not a security issue as here we know the buffer is large enough (unless something else if badly wrong in the code), and the value cast to int is less than 2^16 (again, unless issues elsewhere). Still changing to a more correct check as a matter of principle	2015-10-21 12:51:16 +02:00
Manuel Pégourié-Gonnard	4dc9b394d3	Fix other occurrences of same bounds check issue ... Security impact is the same: not triggerrable remotely except in very specific use cases	2015-10-21 12:50:45 +02:00
Manuel Pégourié-Gonnard	22c3b7b9da	Fix potential buffer overflow in asn1write	2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard	261faed725	Fix potential heap corruption on Windows ... If len is large enough, when cast to an int it will be negative and then the test if( len > MAX_PATH - 3 ) will not behave as expected.	2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard	cdea97c1c3	Remove useless code ... closes #321	2015-10-20 20:06:36 +02:00
Manuel Pégourié-Gonnard	173c790722	Fix potential double-free in ssl_conf_psk()	2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard	4b20c0ee53	Fix potential stack buffer overflow in ecjpake ... Two causes: - the buffer is too short (missing 4 bytes for encoding id_len) - the test was wrong Would only happen when MBEDTLS_ECP_MAX_BITS == the bitsize of the curve actually used (does not happen in the default config). Could not be triggered remotely.	2015-10-20 16:20:56 +02:00
Manuel Pégourié-Gonnard	fadacb9d0b	Merge branch 'development' into iotssl-461-ecjpake-finalization ... * development: (73 commits) Bump yotta dependencies version Fix typo in documentation Corrected misleading fn description in ssl_cache.h Corrected URL/reference to MPI library Fix yotta dependencies Fix minor spelling mistake in programs/pkey/gen_key.c Bump version to 2.1.2 Fix CVE number in ChangeLog Add 'inline' workaround where needed Fix references to non-standard SIZE_T_MAX Fix yotta version dependencies again Upgrade yotta dependency versions Fix compile error in net.c with musl libc Add missing warning in doc Remove inline workaround when not useful Fix macroization of inline in C++ Changed attribution for Guido Vranken Merge of IOTSSL-476 - Random malloc in pem_read() Fix for IOTSSL-473 Double free error Fix potential overflow in CertificateRequest ... Conflicts: include/mbedtls/ssl_internal.h library/ssl_cli.c	2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard	5674a9797a	Fix compilers warnings in reduced configs	2015-10-19 15:14:03 +02:00
Manuel Pégourié-Gonnard	024b6df3b1	Improve key export API and documentation ... - "master secret" is the usual name - move key block arg closer to the related lengths - document lengths Also fix some trailing whitespace while at it	2015-10-19 13:52:53 +02:00
Manuel Pégourié-Gonnard	b7da194939	ecjpake: fix uninitialize member	2015-10-19 13:35:22 +02:00
Simon Butcher	334a87be0b	Corrected URL/reference to MPI library	2015-10-14 22:56:44 +01:00
Jonathan Leroy	87c96c2e53	Fix boolean values according to DER specs ... In BER encoding, any boolean with a non-zero value is considered as TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE. This commit makes `mbedtls_asn1_write_bool` function uses `255` instead of `1` for BOOLEAN values. With this fix, boolean values are now reconized by OS X keychain (tested on OS X 10.11). Fixes #318.	2015-10-14 09:41:56 +02:00
Janos Follath	5dd4fe1b30	Fixed pathlen contraint enforcement.	2015-10-12 09:02:20 +02:00
Robert Cragie	4d284d271b	Added feature MBEDTLS_SSL_EXPORT_KEYS	2015-10-08 16:56:26 +01:00
Robert Cragie	ae8535db38	Changed defs. back to MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED	2015-10-06 17:11:18 +01:00
Manuel Pégourié-Gonnard	c4e7d8a381	Bump version to 2.1.2 ... Yotta version bumped to 2.1.3, as we had to do one more patch release to the yotta registry to accommodate for dependencies updates.	2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard	a97ab2c8a6	Merge branch 'development' into development-restricted ... * development: Remove inline workaround when not useful Fix macroization of inline in C++	2015-10-05 15:48:09 +01:00
Simon Butcher	7776fc36d3	Fix for #279 macroisation of 'inline' keyword	2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard	2d7083435d	Fix references to non-standard SIZE_T_MAX ... Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.	2015-10-05 15:23:11 +01:00
Manuel Pégourié-Gonnard	899ac849d0	Merge branch 'development' into development-restricted ... * development: Upgrade yotta dependency versions Fix compile error in net.c with musl libc Add missing warning in doc	2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard	0431735299	Fix compile error in net.c with musl libc ... fixes #278	2015-10-05 12:17:49 +01:00
Simon Butcher	475cf0a98a	Merge fix of IOTSSL-496 - Potential heap overflow ... Fix for potential overflow in ssl_write_certificate_request()	2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard	0223ab9d38	Fix macroization of inline in C++ ... When compiling as C++, MSVC complains about our macroization of a keyword. Stop doing that as we know inline is always available in C++	2015-10-05 11:41:36 +01:00
Simon Butcher	fec73a8eec	Merge of fix for IOTSSL-481 - Double free ... Potential double free in mbedtls_ssl_conf_psk()	2015-10-05 10:40:31 +01:00
Simon Butcher	6418ffaadb	Merge fix for IOTSSL-480 - base64 overflow issue	2015-10-05 09:54:11 +01:00
Simon Butcher	a45aa1399b	Merge of IOTSSL-476 - Random malloc in pem_read()	2015-10-05 00:26:36 +01:00
Simon Butcher	e7f96f22ee	Merge fix IOTSSL-475 Potential buffer overflow ... Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB()) could result in far too few memory to be allocated, then overflowing the buffer in the subsequent for loop. Both integer overflows happen when slen is close to or greater than SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system). Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with respect to future code changes.	2015-10-04 23:43:05 +01:00
Simon Butcher	d5ba4672b2	Merge fix for IOTSSL-474 PKCS12 Overflow ... Fix stack buffer overflow in PKCS12	2015-10-04 22:47:59 +01:00
Simon Butcher	5b8d1d65f7	Fix for IOTSSL-473 Double free error ... Fix potential double-free in mbedtls_ssl_set_hs_psk(.)	2015-10-04 22:06:51 +01:00
Robert Cragie	39a60de410	Correct overwritten fixes	2015-10-02 13:57:59 +01:00
Robert Cragie	136884c29b	Use MBEDTLS_ECJPAKE_C def. for correct conditional compilation	2015-10-02 13:34:31 +01:00
Robert Cragie	4feb7ae8c2	Added key export API	2015-10-02 13:33:37 +01:00
Robert Cragie	e8377d66b7	Clean up compilation warnings	2015-10-02 13:32:17 +01:00
Robert Cragie	7cdad7708e	Add point format handling	2015-10-02 13:31:41 +01:00
Manuel Pégourié-Gonnard	ef388f168d	Merge branch 'development' into development-restricted ... * development: Updated ChangeLog with credit Fix a fairly common typo in comments Make config check include for configs examples more consistent	2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard	bc1babb387	Fix potential overflow in CertificateRequest	2015-10-02 11:20:28 +02:00
Manuel Pégourié-Gonnard	0aa45c209a	Fix potential overflow in base64_encode	2015-09-30 16:37:49 +02:00
Simon Butcher	5624ec824e	Reordered TLS extension fields in client ... Session ticket placed at end	2015-09-29 01:06:06 +01:00
Simon Butcher	04799a4274	Fixed copy and paste error ... Accidental additional assignment in ssl_write_alpn_ext()	2015-09-29 00:31:09 +01:00
Simon Butcher	0fc94e9f83	Revised bounds checking on TLS extensions ... Revisions following review feedback	2015-09-28 20:52:04 +01:00
Simon Butcher	9f81231fb8	Revised hostname length check from review	2015-09-28 19:22:33 +01:00
Manuel Pégourié-Gonnard	d02a1daca7	Fix stack buffer overflow in pkcs12	2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard	24417f06fe	Fix potential double-free in mbedtls_ssl_conf_psk()	2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard	58fb49531d	Fix potential buffer overflow in mpi_read_string() ... Found by Guido Vranken. Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB()) could result in far too few memory to be allocated, then overflowing the buffer in the subsequent for loop. Both integer overflows happen when slen is close to or greater than SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system). Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with respect to future code changes.	2015-09-28 15:59:54 +02:00
Simon Butcher	ed9976634f	Added bounds checking for TLS extensions ... IOTSSL-478 - Added checks to prevent buffer overflows.	2015-09-28 02:14:30 +01:00
Simon Butcher	89f77623b8	Added max length checking of hostname	2015-09-27 22:50:49 +01:00
Tillmann Karras	588ad50c5a	Fix a fairly common typo in comments	2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard	faee44ded1	Avoid false positives in bounds check ... The size of the buffer already accounts for the extra data before the actual message, so the allowed length is SSL_MAX_CONTENT_LEN starting from _msg	2015-09-24 22:19:58 +02:00
Manuel Pégourié-Gonnard	d0d8cb36a4	Cache ClientHello extension ... This extension is quite costly to generate, and we don't want to re-do it again when the server performs a DTLS HelloVerify. So, cache the result the first time and re-use if/when we build a new ClientHello. Note: re-send due to timeouts are different, as the whole message is cached already, so they don't need any special support.	2015-09-17 14:16:30 +02:00
Manuel Pégourié-Gonnard	77c0646ef2	Add cache for EC J-PAKE client extension ... Not used yet, just add the variables and cleanup code.	2015-09-17 13:59:49 +02:00
Manuel Pégourié-Gonnard	8cea8ad8b8	Bump version to 2.1.1	2015-09-17 11:58:45 +02:00
Simon Butcher	ac58c53ab1	Merge remote-tracking branch 'origin/development'	2015-09-16 23:25:25 +01:00
Manuel Pégourié-Gonnard	0f1660ab4f	Implement key exchange messages and PMS derivation ... This completes the first working version. No interop testing done yet.	2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard	25dbeb002d	Skip certificate-related messages with ECJPAKE	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	0a1324aaa1	Add client-side extension parsing	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	55c7f99112	Add server writing of the extension	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	bf57be690e	Add server extension parsing ... Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag for both), and ignore extension if we have no password.	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	e511b4e7cb	Ignore ECJPAKE suite if not configured on server	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	c1b46d0242	Fix bug in server parsing point formats extension ... This bug becomes noticeable when the extension following the "supported point formats" extension has a number starting with 0x01, which is the case of the EC J-PAKE extension, which explains what I noticed the bug now. This will be immediately backported to the stable branches, see the corresponding commits for impact analysis.	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	60884a1597	Improve debug formatting of ciphersuites	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	eef142d753	Depend on ECJPAKE key exchange, not module ... This is more consistent, as it doesn't make any sense for a user to be able to set up an EC J-PAKE password with TLS if the corresponding key exchange is disabled. Arguably this is what we should de for other key exchanges as well instead of depending on ECDH_C etc, but this is an independent issue, so let's just do the right thing with the new key exchange and fix the other ones later. (This is a marginal issue anyway, since people who disable all ECDH key exchange are likely to also disable ECDH_C in order to minimize footprint.)	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	ddf97a6c92	Skip ECJPAKE suite in ClientHello if no pw set up ... When we don't have a password, we want to skip the costly process of generating the extension. So for consistency don't offer the ciphersuite without the extension.	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	538cb7b0b4	Add the ECJPAKE ciphersuite	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	557535d8c4	Add ECJPAKE key exchange	2015-09-16 22:58:29 +02:00
Simon Butcher	7dd82f8fd5	Merge branch 'development' with bugfix branch ... Conflicts: ChangeLog	2015-09-16 16:21:38 +01:00
Simon Butcher	5793e7ef01	Merge 'development' into iotssl-411-port-reuse ... Conflicts: ChangeLog	2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard	294139b57a	Add client extension writing	2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard	b813accf84	Add mbedtls_ecjpake_check(), tells if set up ... This will be used in SSL to avoid the computation-heavy processing of EC J-PAKE hello extensions in case we don't have an EC J-PAKE password	2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard	7002f4a560	Add mbedtls_ssl_set_hs_ecjpake_password()	2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard	f7022d1131	Fix bug in server parsing point formats extension ... There is only one length byte but for some reason we skipped two, resulting in reading one byte past the end of the extension. Fortunately, even if that extension is at the very end of the ClientHello, it can't be at the end of the buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the buffer has some more room after that for MAC and so on. So there is no buffer overread. Possible consequences are: - nothing, if the next byte is 0x00, which is a comment first byte for other extensions, which is why the bug remained unnoticed - using a point format that was not offered by the peer if next byte is 0x01. In that case the peer will reject our ServerKeyExchange message and the handshake will fail. - thinking that we don't have a common point format even if we do, which will cause us to immediately abort the handshake. None of these are a security issue. The same bug was fixed client-side in fd35af15	2015-09-16 11:32:18 +02:00
Manuel Pégourié-Gonnard	76cfd3f97f	Add EC J-PAKE context in handshake structure	2015-09-15 18:24:08 +02:00
Manuel Pégourié-Gonnard	f472179d44	Adjust dependencies for EC extensions ... The Thread spec says we need those for EC J-PAKE too. However, we won't be using the information, so we can skip the parsing functions in an EC J-PAKE only config; keep the writing functions in order to comply with the spec.	2015-09-15 18:22:00 +02:00
Manuel Pégourié-Gonnard	ea5370d4a2	Don't allow reconnect during handshake ... Especially for resumed handshake, it's entirely possible for an epoch=0 ClientHello to be retransmitted or arrive so late that the server is already at epoch=1. There is no good way to detect whether it's that or a reconnect. However: - a late ClientHello seems more likely that client going down and then up again in the middle of a handshake - even if that's the case, we'll time out on that handshake soon enough - we don't want to break handshake flows that used to work So the safest option is to not treat that as a reconnect.	2015-09-15 15:17:54 +02:00
Simon Butcher	49641ad799	Merge pull request #275 from embedthis/fix-1 ... FIX: compiler warning with recvfrom on 64-bit	2015-09-14 19:59:28 +01:00
Simon Butcher	d0bf6a3891	Update ssl_tls.c ... Clarification in comments	2015-09-11 17:34:49 +01:00
Simon Butcher	74ca8d07ad	Update ssl_tls.c ... Clarification in comments to ssl_handle_possible_reconnect()	2015-09-11 17:22:40 +01:00
Simon Butcher	0789aed39d	Update ssl_tls.c ... Typo	2015-09-11 17:15:17 +01:00
Embedthis Software	a25cab8bea	FIX: compiler warning with recvfrom on 64-bit	2015-09-09 08:49:48 -07:00
Manuel Pégourié-Gonnard	ddfe5d20d1	Tune dependencies ... Don't depend on srv.c in config.h, but add explicit checks. This is more in line with other options that only make sense server-side, and also it allows to test full config minus srv.c more easily.	2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard	2ed05a049a	Fix typos	2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard	ab05d23b29	Update generated file	2015-09-09 11:50:00 +02:00
Manuel Pégourié-Gonnard	62c74bb78a	Stop wasting resources ... Use a custom function that minimally parses the message an creates a reply without the overhead of a full SSL context. Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's also depend on SRV_C as is doesn't make sense on client.	2015-09-09 11:22:52 +02:00
Nicholas Wilson	2088e2ebd9	fix const-ness of argument to mbedtls_ssl_conf_cert_profile ... Otherwise, it's impossible to pass in a pointer to mbedtls_x509_crt_profile_next!	2015-09-08 16:53:18 +01:00
Simon Butcher	e5a21b4493	Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted ... Add counter-measure against RSA-CRT attack	2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard	5f50104c52	Add counter-measure against RSA-CRT attack ... https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/	2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard	3f09b6d4c2	Fix API	2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard	be619c1264	Clean up error codes	2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard	11331fc25b	First working dirty version ... - uses too much resources - wrong API	2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard	9650205df7	Start detecting epoch 0 ClientHellos	2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard	d9802af1d0	Add tests for round 2 ... Also move one check earlier as it makes more sense	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	3059095e86	Complete tests for reading round one ... Also change the code to forbid public keys being 0	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	d0d8a935b2	Blind operations on the secret ... I'm not sure this is necessary, because it is only multiplied by xm2 which is already random and secret, but OTOH, xm2 is related to a public value, so let's add blinding with a random value that's only use for blinding, just to be extra sure.	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	c907081a20	Polish the source	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	f7368c983a	Polish API and documentation	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	e1927101fb	Unify round two	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	d8204a7bea	Provide symmetric API for the first round	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	e2d3a4e1b4	Unify loading of test vectors in tests	2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard	ce4567614b	Rename variable to prepare for cli/srv unification	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	6b798b9dae	Tune up some comments	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	e0ad57b0b3	Replace explicit IDs with table look-ups ... That's a first step towards merging symmetric version of different functions	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	5f18829609	Add derive_pms, completing first working version	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	6449391852	Store our role in the context	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	614bd5e919	Add write_client_params	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	ec0eece2ba	Add read_client_params	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	bed9e41761	Add writing of server params	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	8d31e80da4	Improve testing strategy ... - reference handshake tests that we get the right values (not much now, but much more later when we get to deriving the PMS) - random handshake in addition tests our generate/write functions against our read functions, that are tested by the reference handshake, and will be further tested in the test suite later against invalid inputs	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	1a7c5ef42b	Optimize some case of mbedtls_ecp_muladd() ... Those are used by EC-JPAKE	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	cb7cd03412	Add first draft or read_server_params	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	23dcbe3f16	Add support for passphrase in the context	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	4e8bc78ad9	Add context-using functions for Hello extensions ... Also re-order functions in the header so that they appear in the order they're use, ie free() last.	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	7af8bc1007	Start introducing mbedtls_ecjpake_context	2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard	3aed1851b3	Re-order functions. ... Use the same order for all read-write pair of functions	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	9028c5af9a	Improve const correctness of read() functions	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	082767ff0c	Add ecjpake_kkpp_read/write	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	4f2cd95e1d	Fix potential memory leaks	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	b1b250b68c	Add ecjpake_kkp_read/write()	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	967cd7192d	Add test vector for ZKP verification	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	6029a85572	Add ecjpake_zpk_read() ... Not really tested yet	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	c618195bc4	Fix base point in ecjpake_write_zkp()	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	d9a3f47ecd	Add mbedtls_ecp_gen_keypair_base()	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	8489f17277	First draft of ecjpake_write_zkp()	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	3dbf2fbb89	Implement hashing function for ZKP	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	4d8685b4ff	Add skeleton for EC J-PAKE module	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	7f2f062a5d	Fix possible client crash on API misuse	2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard	aac5502553	Bump version to 2.1.0	2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard	37ff14062e	Change main license to Apache 2.0	2015-09-04 14:21:07 +02:00
Simon Butcher	52754594b6	Merging iotssl-457-badtail with development branch	2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard	fdbdd72b8b	Skip to trusted certs early in the chain ... This helps in the case where an intermediate certificate is directly trusted. In that case we want to ignore what comes after it in the chain, not only for performance but also to avoid false negatives (eg an old root being no longer trusted while the newer intermediate is directly trusted). closes #220	2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard	4d04cdcd12	Fix RSA mutex fix ... Once the mutex is acquired, we must goto cleanup rather that return. Since cleanup adjusts the return value, adjust that in test cases. Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of errors. see #257	2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard	1385a289f4	Fix possible mutex lock/unlock mismatch ... fixes #257	2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard	e578b1c79a	Relax timing_self_test for windows idiosyncrasies	2015-08-18 20:11:48 +02:00
Manuel Pégourié-Gonnard	c98204e68f	Fix missing break in switch for SSL presets ... closes #235	2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard	91bbfb6fb7	Make timing selftest less sensitive ... - allow up to 12.5% security/error margin - use larger delays - this avoid the security/error margin being too low The test used to fail about 1 out of 6 times on some buildbots VMs, but never failed on the physical machines used for development.	2015-08-10 14:33:12 +02:00
Manuel Pégourié-Gonnard	ed46c436c0	Fix error when loading libmbedtls.so	2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard	111ce9f735	Fix build error with shared libraries for windows	2015-08-07 12:07:16 +02:00
Manuel Pégourié-Gonnard	8018c28600	Add -static-libgcc for Windows dll builds	2015-08-07 11:55:56 +02:00
Manuel Pégourié-Gonnard	620ee19823	Fix return of x509_self_test without SHA-1 ... No being able to run the test is not a failure	2015-08-07 10:57:47 +02:00
Manuel Pégourié-Gonnard	d1004f02e6	Fix printed output of some selftests	2015-08-07 10:57:41 +02:00
Manuel Pégourié-Gonnard	0a8857435c	DTLS: treat bad MAC on Finished as an error ... This is not required nor recommended by the protocol, and it's a layering violation, but it's a know flaw in the protocol that you can't detect a PSK auth error in any other way, so it is probably the right thing to do. closes #227	2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard	052d10c9d5	Accept a trailing space at end of PEM lines ... With certs being copy-pasted from webmails and all, this will probably become more and more common. closes #226	2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard	6fb8187279	Update date in copyright line	2015-07-28 17:11:58 +02:00
Simon Butcher	10a6f02f83	Merge branch 'development' into IOTSSL-442-hello-noext ... Conflicts: ChangeLog	2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard	6f42417ba8	Fix typo in that broke installation in cmake ... closes #221	2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard	4cc8c63226	Add test for extensionless ClientHello	2015-07-23 12:24:03 +02:00
Manuel Pégourié-Gonnard	a6e5bd5654	Fix bug with extension-less ServerHello ... https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug in_hslen include the length of the handshake header. (We might want to change that in the future, as it is a bit annoying.)	2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard	cb0d212c97	Fix level of some debug messages	2015-07-22 11:52:11 +02:00
Manuel Pégourié-Gonnard	b076116e14	Fix one debug message	2015-07-22 11:39:23 +02:00
Manuel Pégourié-Gonnard	1bab7d7064	Fix blank line in comments	2015-07-13 09:06:18 +01:00
Paul Bakker	4cb87f409d	Prepare for 2.0.0 release	2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard	fc2ccfe72c	Fix missing comma with ENTROPY_HARDWARE_ALT	2015-07-10 11:15:50 +01:00
Manuel Pégourié-Gonnard	a4f055fe0c	Some windows environments don't have _snprint_s ... Do an alternative version for them. That happens for example with our windows buildbot with mingw32-make.	2015-07-08 17:35:37 +02:00
Manuel Pégourié-Gonnard	20af64dc2c	Still need to #define inline for MSVC ... I only tested with VS2015 earlier, but previous versions apparently still don't know that standard C99 keyword though it's documented on MSDN...	2015-07-07 23:21:30 +02:00
Manuel Pégourié-Gonnard	e540b49a3f	Add one more debug message	2015-07-07 12:44:38 +02:00
Manuel Pégourié-Gonnard	b4b19f395f	Add a debug message	2015-07-07 11:41:21 +02:00
Manuel Pégourié-Gonnard	001f2b6246	Use xxx_clone() instead of memcpy() in SSL	2015-07-06 16:54:51 +02:00
Manuel Pégourié-Gonnard	c0bf01e8d2	Undo overzealous renaming of internal variables ... The rename script couldn't know it was a local variable with the same name as on of the global functions	2015-07-06 16:26:23 +02:00
Manuel Pégourié-Gonnard	052a6c9cfe	Add mbedtls_md_clone()	2015-07-06 16:06:02 +02:00
Manuel Pégourié-Gonnard	16d412f465	Add md/shaXXX_clone() API ... Will be used in the SSL/TLS modules	2015-07-06 15:48:34 +02:00
Manuel Pégourié-Gonnard	b9d64e5bbe	Fix missing calls to md/shaxxx_free()	2015-07-06 14:18:56 +02:00
Manuel Pégourié-Gonnard	71d296a15d	Add missing calls to _free() in md_wrap ... We can't just assume xxx_free() will only zeroize, because of alternative implementations	2015-07-06 11:36:25 +02:00
Manuel Pégourié-Gonnard	5791109707	Make the hardclock test optional ... Known to fail on VMs (such as the buildbots), see eg http://blog.badtrace.com/post/rdtsc-x86-instruction-to-detect-vms/	2015-07-01 19:22:12 +02:00
Manuel Pégourié-Gonnard	9bd0afdb22	Add guards for closed socket in net.c ... This is particularly problematic when calling FD_SET( -1, ... ), but let's check it in all functions. This was introduced with the new API and the fact the net_free() now sets the internal fd to -1 in order to mark it as closed: now using this information.	2015-07-01 19:03:27 +02:00
Manuel Pégourié-Gonnard	2505528be4	Rm obsolete defines for inline wiht MSVC ... The "inline" keyword is supported since Visual Studio 2005 according to MSDN, and we require Visual Studio 2010 or higher.	2015-07-01 17:22:36 +02:00
Manuel Pégourié-Gonnard	636741b176	Remove obsolete hacks for uin32_t ... We now require support for stdint.h from the compiler.	2015-07-01 17:13:05 +02:00
Manuel Pégourié-Gonnard	9de64f5af1	Fix MSVC warnings in library and programs	2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard	acecb653d5	Fix mbedtls_net_usleep() on Windows ... For some reason select() doesn't seem to work.	2015-07-01 12:00:56 +02:00
Manuel Pégourié-Gonnard	abc729e664	Simplify net_accept() with UDP sockets ... This is made possible by the new API where net_accept() gets a pointer to bind_ctx, so it can update it.	2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard	db2468d7aa	Update old comment	2015-06-30 17:19:48 +02:00
Manuel Pégourié-Gonnard	3d7d00ad23	Rename mbedtls_net_close() to mbedtls_net_free() ... close() may be more meaningful, but free() is symmetric with _init(), and more consistent with all other modules	2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard	91895853ac	Move from naked int to a structure in net.c ... Provides more flexibility for future changes/extensions.	2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard	16a17a496c	Fix net_accept() for UDP sockets on Windows ... On Windows, recvfrom() returns an error code if the destination buffer is too small to hold the next datagram.	2015-06-30 11:31:10 +02:00
Manuel Pégourié-Gonnard	a16e7c468c	Rename a debug function	2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard	80d627a5ae	Remove now useless function	2015-06-29 20:12:51 +02:00
Manuel Pégourié-Gonnard	b74c245a20	Rework debug to not need dynamic alloc ... But introduces dependency on variadic macros	2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard	fa67ebaebb	Fix X.509 keysize check with multiple CAs ... Assume we have two trusted CAs with the same name, the first uses ECDSA 256 bits, the second RSA 2048; cert is signed by the second. If we do the keysize check before we checked the key types match, we'll raise the badkey flags when checking the EC-256 CA and it will remain up even when we finally find the correct CA. So, move the check for the key size after signature verification, which implicitly checks the key type.	2015-06-27 14:41:38 +02:00
Manuel Pégourié-Gonnard	f659d2cd40	Tune up Windows snprintf() support ... When we build with Visual Studio in debug mode, the invalid parameter handler aborts the application (and offers to debug it) when n is 0. We want to just return -1 instead (as calls with n == 0 are expected and happen in our tests).	2015-06-26 17:45:00 +02:00
Manuel Pégourié-Gonnard	e1d34d1707	cmake: add shortcut 'lib' for all libraries ... Name chosen to match the existing make target.	2015-06-25 14:53:13 +02:00
Manuel Pégourié-Gonnard	574ae18088	Fix stupid typo that broke make SHARED=1	2015-06-25 14:30:51 +02:00
Manuel Pégourié-Gonnard	147be4f315	Rm old variable from (c)make files	2015-06-25 11:57:13 +02:00
Manuel Pégourié-Gonnard	752c501126	One soversion per library	2015-06-25 11:56:17 +02:00
Manuel Pégourié-Gonnard	c7781addcb	Split library in CMake	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	ba2c8763b6	cmake: adjust libraries linking	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	216a1831de	Fix whitespace in CMakeLists.txt ... - all spaces no tabs - indent with 4 spaces everywhere	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	cde2aba0af	Do no test net_usleep in timing_selftest ... Timing belongs in libcrypto (due to havege depending on it) while net.c was put in libtls (only test ssl servers use it)	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	53585eeb17	Remove test DHM params from certs.c ... certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	0761733c1b	Fix potential NULL dereference ... We document that either of recv or recv_timeout may be NULL, but for TLS we always used recv... Thanks Coverity for catching that. (Not remotely trigerrable: local configuration.) Also made me notice net_recv_timeout didn't do its job properly.	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	dba460f2f3	Add SSL "assertion" to help static analysis	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	1cf7b30dc8	Rewrite test to make Coverity happier ... With the default config, it noticed the accept_comp was always 0, so the rest of the test was dead code.	2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard	5c59a4fea5	Split libs with make + general make cleanups	2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard	21dcc1e748	fixup	2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard	463e09d64b	Prepare library split	2015-06-24 12:05:33 +02:00
Manuel Pégourié-Gonnard	bae389b4d4	Fix uninitialized access ... Found using Codenomicon Defensics.	2015-06-24 10:47:33 +02:00
Manuel Pégourié-Gonnard	bcc030849a	Avoid fclose( NULL ) ... Found by Coverity Scan.	2015-06-24 00:09:29 +02:00
Manuel Pégourié-Gonnard	fd474233c8	Change SSL debug API in the library	2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard	79c4e3ee59	Rm obsolete comments	2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard	b86145e6cd	Avoid potential NULL dereference. ... May happen with a faulty configuration (eg no allowed curve but trying to use ECDHE key exchange), but not trigger able remotely. (Found with Clang's scan-build.)	2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard	14bf7063b9	Add SSL "assertions" to help static analyzers ... scan-build was reporting NULL dereferences	2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard	b9c93d0d0a	Fix earlier incomplete change in RSA PMS reading ... Probably a bad merge from the 1.3 branch	2015-06-23 18:43:53 +02:00
Manuel Pégourié-Gonnard	19389753c8	Avoid dead stores (makes scan-build happier)	2015-06-23 13:46:44 +02:00
Manuel Pégourié-Gonnard	c0d749418b	Make 'port' a string in NET module ... - avoids dependency on snprintf - allows using "smtps" instead of "456" if desired	2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard	d23f593737	Avoid static buffer in debug module ... Caused issues in threading situations	2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard	96fb685e31	Some more init calls	2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard	496f24e949	Deduplicate SHA-2 wrappers	2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard	ab5932192a	Call init functions in MD alloc wrappers ... When someone defines MBEDTLS_MD5_ALT for example, the init function may need to do more that just zeroizing the context	2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard	1cd10adc7c	Update prototype of x509write_set_key_usage() ... Allow for future support of decipherOnly and encipherOnly. Some work will be required to ensure we still write only one byte when only one is needed.	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	655a964539	Adapt check_key_usage to new weird bits	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	9a702255f4	Add parsing/printing for new X.509 keyUsage flags	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	b80d16d171	Fix return convention of x509_wildcard_verify()	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	07894338a0	Rename M255 to Curve25519	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	7320eb46d4	Remove references to some Montgomery curves ... After all it looks like those won't become standard.	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	9386664543	Move from inttypes.h to stdint.h ... Some toolchains do not have inttypes.h, and we only need stdint.h which is a subset of it.	2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard	e7e89844d6	Fix and document corner-cases of time checking	2015-06-22 23:41:24 +02:00
Manuel Pégourié-Gonnard	57e10d71be	Fix potential NULL dereference. ... Introduced when moving from gmtime_r() to gmtime(). Found with fbinfer.	2015-06-22 23:40:44 +02:00
Manuel Pégourié-Gonnard	f9b85d96a9	Fix potential resource leak in X.509 parse dir ... Found with fbinfer.	2015-06-22 18:39:57 +02:00
Manuel Pégourié-Gonnard	bcf13bab5d	Fix issue with MemSan and entropy ... Due to the recent change about entropy sources strength, it is no longer acceptable to just disable the platform source. So, instead "fix" it so that it is clear to MemSan that memory is initialized. I tried __attribute__((no_sanitize_memory)) and MemSan's blacklist file, but couldn't seem to get them to work.	2015-06-22 18:25:41 +02:00
Manuel Pégourié-Gonnard	cdc26ae099	Add mbedtls_ssl_set_hs_authmode ... While at it, fix the following: - on server with RSA_PSK, we don't want to set flags (client auth happens via the PSK, no cert is expected). - use safer tests (eg == OPTIONAL vs != REQUIRED)	2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard	9dbaf400ef	Rationalize other snprintf() uses	2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard	1685368408	Rationalize snprintf() usage in X.509 modules	2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard	6c0c8e0d3d	Include fixed snprintf for Windows in platform.c ... Use _WIN32 to detect it rather that _MSC_VER as it turns out MSYS2 uses the broken MS version by default too.	2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard	f9cbd73191	Update generated files	2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard	7580ba475d	Add a concept of entropy source strength. ... The main goal is, we want and error if cycle counter is the only source.	2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard	3f77dfbd52	Add MBEDTLS_ENTROPY_HARDWARE_ALT ... Makes it easier for an external module to plug its hardware entropy collector.	2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard	bf82ff0209	Fix entropy thresholds	2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard	60c793bdc9	Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE ... First one means we have time() but it may not return the actual wall clock time, second means it does.	2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard	c0696c216b	Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen	2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard	097c7bb05b	Rename relevant global symbols from size to bitlen ... Just applying rename.pl with this file: mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen mbedtls_pk_get_size mbedtls_pk_get_bitlen MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS	2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard	fb317c5221	Rename parameter in a x509 helper	2015-06-18 16:41:13 +02:00
Manuel Pégourié-Gonnard	39a48f4934	Internal renamings in PK ... + an unrelated comment in SSL	2015-06-18 16:06:55 +02:00
Manuel Pégourié-Gonnard	12ad798c87	Rename ssl_session.length to id_len	2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard	898e0aa210	Rename key_length in cipher_info	2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard	b8186a5e54	Rename len to bitlen in function parameters ... Clarify a few comments too.	2015-06-18 14:58:58 +02:00
Manuel Pégourié-Gonnard	b31c5f68b1	Add SSL presets. ... No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.	2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard	7bfc122703	Implement sig_hashes	2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard	36a8b575a9	Create API for mbedtls_ssl_conf_sig_hashes(). ... Not implemented yet.	2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard	9d412d872c	Small internal changes in curve checking ... - switch from is_acceptable to the more usual check - add NULL check just in case user screwed up config	2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard	a83e4e2bf5	Extra check in verify_with_profile() ... This could happen if someone doesn't set the SSL configuration properly. In that case we don't want to segfault...	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	b541da6ef3	Fix define for ssl_conf_curves() ... This is a security feature, it shouldn't be optional.	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	6e3ee3ad43	Add mbedtls_ssl_conf_cert_profile()	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	cbb1f6e5cb	Implement cert profile checking	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	f8ea856296	Change data structure of profiles to bitfields ... - allows to express 'none' or 'all' more easily than lists - more compact and easier to declare statically - easier to check too Only drawback: if we ever have more than 32 curves, we'll need an ABI change to make that field a uint64_t.	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	88db5da117	Add pre-defined profiles for cert verification	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	9505164ef4	Create cert profile API (unimplemented yet)	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	bd990d6629	Add ssl_conf_dhm_min_bitlen()	2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard	7ee5ddd798	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Fix compile errors with NO_STD_FUNCTIONS Expand config.pl's notion of "full" Ack external bugfix in Changelog FIx misplaced Changelog entry (oops) Fix compile bug: incompatible declaration of polarssl_exit in platform.c Fix contributor's name in Changelog	2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard	dccb80b7e5	Fix compile errors with NO_STD_FUNCTIONS	2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard	ba56136b5c	Avoid in-out length in base64	2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard	3335205a21	Avoid in-out length in dhm_calc_secret()	2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard	f79b425226	Avoid in-out length parameter in bignum	2015-06-02 15:41:48 +01:00
ptahpeteh	249bece013	Fix compile bug: incompatible declaration of polarssl_exit in platform.c ... This causes a compile-time error: platform.c(157): error: #147: declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h")	2015-06-02 15:26:09 +02:00
Manuel Pégourié-Gonnard	c730ed3f2d	Rename boolean functions to be clearer	2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard	9d51583772	Fix cipher identifier in des_ede3_info	2015-06-02 10:00:04 +01:00
Manuel Pégourié-Gonnard	0574bb0bdb	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Mark unused constant as such Update ChangeLog for recent external bugfix Serious bug fix in entropy.c Fix memleak with repeated [gc]cm_setkey() fix minor bug in path_cnt checks Conflicts: include/mbedtls/cipher.h library/ccm.c library/entropy.c library/gcm.c library/x509_crt.c	2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard	468b06dab0	Merge remote-tracking branch 'ptahpeteh/patch-1' into mbedtls-1.3 ... * ptahpeteh/patch-1: Serious bug fix in entropy.c	2015-06-02 09:03:06 +01:00
ptahpeteh	638fa0bb0f	Serious bug fix in entropy.c ... Bug: mutex access within entropy_contex after it has been zeroed leads to app crash.	2015-06-01 12:28:29 +02:00
Manuel Pégourié-Gonnard	f78e4de6f4	Fix warnings from -pedantic	2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard	f8b6fdedd9	Remove include that is no longer needed	2015-05-29 10:23:32 +02:00
Manuel Pégourié-Gonnard	864108daab	Move from gmtime_r to gmtime + mutexes ... * gmtime_r is not standard so -std=c99 warns about it * Anyway we need global mutexes in the threading layer, so better depend only on that, rather that global mutexes + some _r functions	2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard	ba19432d2e	Move from asm to __asm by default ... - GCC with -std=c99 warns about asm but likes __asm _ armcc5 has __asm but not asm	2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard	cb46fd8216	Avoid non-standard strcasecmp()	2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard	2a84dfd747	Make ssl_cookie.c thread-safe	2015-05-28 17:28:39 +02:00
Manuel Pégourié-Gonnard	41b9c2b418	Remove individual mdX_file() and shaX_file()	2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard	bfffa908a6	Implement md_file in the MD layer	2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard	eb0d8706ce	Add option for even smaller SHA-256	2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard	a7a3a5fe37	Make SHA-2 implementation smaller ... Adjust the size/performance trade-off: * Reduces size of sha256_process() from 7.4KB to 2KB on ARMv7-M * Reduces performance by less than 14% on Cortex-M4 * Seems to even improve performance on my Core i7	2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard	6a8ca33fa5	Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED	2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard	6c967b95ff	Fix typo in memory_buffer_alloc	2015-05-27 20:18:39 +02:00
Manuel Pégourié-Gonnard	944cfe8899	Allow use of global mutexes with threading_alt	2015-05-27 20:12:05 +02:00
Manuel Pégourié-Gonnard	61977614d8	Fix memleak with repeated [gc]cm_setkey()	2015-05-27 17:40:16 +02:00
Manuel Pégourié-Gonnard	43b08574a6	Avoid memory leak with repeated [gc]ccm_setkey()	2015-05-27 17:23:30 +02:00
Manuel Pégourié-Gonnard	3a89559d71	Fix compile errors in pkcs11.c	2015-05-27 17:09:21 +02:00
Manuel Pégourié-Gonnard	1b8de57827	Remove a few redundant memset after calloc. ... Using the following semantic patch provided by Mansour Moufid: @@ expression x; @@ x = mbedtls_calloc(...) ... - memset(x, 0, ...);	2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard	b2a18a2a98	Remove references to malloc in strings/names	2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard	200e73179e	Adapt memory_buffer_alloc to calloc	2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard	b9ef1182f3	Adapt the platform layer from malloc to calloc	2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard	7551cb9ee9	Replace malloc with calloc ... - platform layer currently broken (not adapted yet) - memmory_buffer_alloc too	2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard	5e94ddebbc	Create ssl_internal.h and move some functions	2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard	50518f4195	Rename _wrap headers to _internal ... Makes it clearer that the user is not supposed to include them	2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard	1e9c4db524	Implement key rotation	2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard	887674a33b	Internal changes in preparation for key rotation ... - two sets of keys - separate function for key generation/update	2015-05-25 12:19:00 +02:00
Manuel Pégourié-Gonnard	a0adc1bbe4	Make cipher used in ssl tickets configurable	2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard	1041a39338	Use AES-GCM-256 for session ticket protection	2015-05-20 20:19:42 +02:00
Manuel Pégourié-Gonnard	8eff512274	Fix possible signedness issue in time comparison	2015-05-20 11:41:36 +02:00
Manuel Pégourié-Gonnard	0849a0a910	Make ssl ticket functions thread-safe	2015-05-20 11:34:54 +02:00
Manuel Pégourié-Gonnard	e057d3bf6b	Relax some dependencies ... - DTLS_HELLO_VERIFY no longer depends on SRV_C - SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY Not that much work for us, and easier on users (esp. since it allows just disabling SRV_C alone).	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	b596abfdc0	Refine cli/srv ifdefs for session tickets ... - Only the server needs to generate/parse tickets - Only the client needs to store them Also adjust prototype of ssl_conf_session_tickets() while at it.	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	cf141ca7e7	Fix #ifdefs on ssl_cli.c or ssl_srv.c ... Nothing to do with the current branch except I'm going to refine such #ifdefs for tickets next and I want to start from a clean state	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	0c0f11f4b3	Update dependencies & includes for session tickets	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	d59675d92c	Move to callback for session tickets	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	b0394bebdb	Further adapt prototypes of ticket functions ... Moving everything in ticket_keys structure, that will soon become ticket_context.	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	69f17280d3	Adapt prototypes of ticket handling functions ... This is an intermediate step. The ssl_config argument will be replace by a ticket context next.	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	a4a473516e	Rename & move ticket functions to ticket module	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	fd6d8978f9	Add new submodule ssl_ticket	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	53ebe138c6	Fix copyright lines still mentioning Brainspark	2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard	0b104b056b	Adapt prototype of net_accept() for explicit size	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	d9e6a3ac10	Rename pk_init_ctx() -> pk_setup()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	d4f04dba42	net.c now depends on select() unconditionally	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	a63bc94a2d	Remove timing_m_sleep() -> net_usleep()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	e94bfe6cd6	Improve entropy selftest: check default sources	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	151dc77732	Fix some old names that remained ... - most in doxygen doc that was never renamed - some re-introduced in comments/doc/strings by me	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	8473f87984	Rename cipher_init_ctx() to cipher_setup()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	0de074fbc1	Use rarely used conf function to cover them	2015-05-14 12:58:01 +02:00
Manuel Pégourié-Gonnard	66dc5555f0	mbedtls_ssl_conf_arc4_support() depends on ARC4_C	2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard	6ab9b009cd	Fix warnings from armcc	2015-05-14 11:37:52 +02:00
Manuel Pégourié-Gonnard	545102ef1d	No timer -> to timeout (optional for TLS)	2015-05-13 17:31:48 +02:00
Manuel Pégourié-Gonnard	286a136e63	SSL timer fixes: not DTLS only, start cancelled	2015-05-13 17:18:59 +02:00
Nicholas Wilson	bc07c3a1f0	fix minor bug in path_cnt checks ... If the top certificate occurs twice in trust_ca (for example) it would not be good for the second instance to be checked with check_path_cnt reduced twice!	2015-05-13 10:40:30 +01:00
Manuel Pégourié-Gonnard	e3c41ad8a4	Use the new timer callback API in programs	2015-05-13 10:04:32 +02:00
Manuel Pégourié-Gonnard	2e01291739	Prepare the SSL modules for using timer callbacks	2015-05-13 09:43:39 +02:00
Manuel Pégourié-Gonnard	ca3bdc5632	Add mbedtls_timing_set/get_delay()	2015-05-12 20:45:34 +02:00
Manuel Pégourié-Gonnard	8903fe0fd3	Define timing_selftest() even with TIMING_ALT	2015-05-12 19:30:45 +02:00
Manuel Pégourié-Gonnard	a27b1979dc	Update generated file	2015-05-12 16:09:34 +02:00
Manuel Pégourié-Gonnard	31993f271d	Add per-function override for AES	2015-05-12 15:41:08 +02:00
Manuel Pégourié-Gonnard	70a5010783	Create function-level MBETLS_DES_xxx_ALT	2015-05-12 15:17:15 +02:00
Manuel Pégourié-Gonnard	0fe1f6d97e	Remove debug line from selftest ... Happened to cause a warning about %x vs uint32_t with arm-none-eabi-gcc 4.9 in addition to being useless	2015-05-12 13:22:02 +02:00
Manuel Pégourié-Gonnard	eecb43cf0b	Manually merge doc fixes from 1.3	2015-05-12 12:56:41 +02:00
Manuel Pégourié-Gonnard	48647b9255	Merge remote-tracking branch 'nw/misc' into mbedtls-1.3 ... * nw/misc: Typos and doc additions	2015-05-12 12:48:12 +02:00
Manuel Pégourié-Gonnard	0ece0f94f2	Fix checks for nul-termination	2015-05-12 12:43:54 +02:00
Manuel Pégourié-Gonnard	24083d61a0	Fix bug in certs.c ... Revealed by the recent PEM changes	2015-05-12 12:26:14 +02:00
Manuel Pégourié-Gonnard	ec4b08957f	Fix issue in ssl_free() vs ssl_config_free() ... Just an overlook from moving things recently	2015-05-12 12:22:36 +02:00
Manuel Pégourié-Gonnard	49f5eb9b41	Better NULL checks in debug ... In case we exit early, like before ssl_setup() was called	2015-05-12 12:19:09 +02:00
Manuel Pégourié-Gonnard	43b37cbc92	Fix use of pem_read_buffer() in PK, DHM and X509	2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard	2088ba6d30	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Update Changelog for recent contribution Perf: rewrite of ecp_double_jac Conflicts: library/ecp.c	2015-05-12 10:36:26 +02:00
Manuel Pégourié-Gonnard	7010e4688f	Merge remote-tracking branch 'peterdettman/perf-ecp-double-jac' into mbedtls-1.3 ... * peterdettman/perf-ecp-double-jac: Perf: rewrite of ecp_double_jac	2015-05-11 20:26:47 +02:00
Manuel Pégourié-Gonnard	e6ef16f98c	Change X.509 verify flags to uint32_t	2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard	4cba1a737d	Avoid debug flooding with non-blocking reads	2015-05-11 18:52:25 +02:00
Manuel Pégourié-Gonnard	e3a062ba1f	Rename ecp_use_known_dp -> mbedtls_ecp_group_load()	2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard	56cc88a796	Rm ecp_add() and add ecp_muladd()	2015-05-11 18:40:45 +02:00
Manuel Pégourié-Gonnard	6dde596a03	Remove ecp_sub()	2015-05-11 18:18:32 +02:00
Manuel Pégourié-Gonnard	aff37e5aa1	Remove ecp_group_read_string()	2015-05-11 18:11:57 +02:00
Manuel Pégourié-Gonnard	55fab2de5d	Fix a few more #ifdef's	2015-05-11 17:54:38 +02:00
Manuel Pégourié-Gonnard	8b431fbbec	Fix dependency issues	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	ccc302692a	Fix bug introduced when splitting init functions	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	06939cebef	Fix order of ssl_conf vs ssl_setup in programs ... Except ssl_phtread_server that will be done later	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	01e5e8c1f8	Change a few ssl_conf return types to void	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	6729e79482	Rename ssl_set_xxx() to ssl_conf_xxx()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	22bfa4bb53	Add ssl_set_hs_ca_chain()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	1897af9e93	Make conf const inside ssl_context (finally)	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	17a40cd255	Change ssl_own_cert to work on ssl_config	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	1af6c8500b	Add ssl_set_hs_own_cert()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	8f618a8e65	Rework ssl_set_own_cert() internals	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	120fdbdb3d	Change ssl_set_psk() to act on ssl_config	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	4b68296626	Use a specific function in the PSK callback	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	0a4fb09534	Make xxx_drbg_random() thread-safe	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	750e4d7769	Move ssl_set_rng() to act on config	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	5cb3308e5f	Merge contexts for session cache	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	ae31914990	Rename ssl_legacy_renegotiation() to ssl_set_...	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	662c6e8cdd	Disable truncated HMAC by default	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	1028b74cff	Upgrade default DHM params size	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	8836994f6b	Move WANT_READ/WANT_WRITE codes to SSL	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	1b511f93c6	Rename ssl_set_bio_timeout() to set_bio() ... Initially thought it was best to keep the old function around and add a new one, but this so many ssl_set_xxx() functions are changing anyway...	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	97fd52c529	Split ssl_set_read_timeout() out of bio_timeout()	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	bc2b771af4	Move ssl_set_ca_chain() to work on config	2015-05-11 12:33:26 +02:00
Nicholas Wilson	d0fa5ccbb0	Typos and doc additions	2015-05-11 10:44:11 +01:00
Manuel Pégourié-Gonnard	ba26c24769	Change how hostname is stored internally	2015-05-07 10:19:14 +01:00
Manuel Pégourié-Gonnard	2b49445876	Move session ticket keys to conf ... This is temporary, they will soon be replaced by callbacks. !!! In this intermediate step security is removed !!!	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	684b0592cb	Move ssl_set_fallback() to work on conf ... Initially thought it would be per-connection, but since max_version is in conf too, and you need to lower that for a fallback connection, the fallback flag should be in the same place	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	6bf89d6ad9	Move ssl_set_max_fragment_len to work on conf	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	17eab2b65c	Move set_cbc_record_splitting() to conf	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	d36e33fc07	Move easy ssl_set_xxx() functions to work on conf ... mbedtls_ssl_set_alpn_protocols mbedtls_ssl_set_arc4_support mbedtls_ssl_set_authmode mbedtls_ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites_for_version mbedtls_ssl_set_curves mbedtls_ssl_set_dbg mbedtls_ssl_set_dh_param mbedtls_ssl_set_dh_param_ctx mbedtls_ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_cookies mbedtls_ssl_set_encrypt_then_mac mbedtls_ssl_set_endpoint mbedtls_ssl_set_extended_master_secret mbedtls_ssl_set_handshake_timeout mbedtls_ssl_legacy_renegotiation mbedtls_ssl_set_max_version mbedtls_ssl_set_min_version mbedtls_ssl_set_psk_cb mbedtls_ssl_set_renegotiation mbedtls_ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_period mbedtls_ssl_set_session_cache mbedtls_ssl_set_session_ticket_lifetime mbedtls_ssl_set_sni mbedtls_ssl_set_transport mbedtls_ssl_set_truncated_hmac mbedtls_ssl_set_verify	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	419d5ae419	Make endpoint+transport args of config_defaults()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	def0bbe3ab	Allocate ssl_config out of ssl_setup()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	cd523e2a5e	Introduce mbedtls_ssl_config_{init,defaults,free}()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	7ca4e4dc79	Move things to conf substructure ... A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet.	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	9f145de4dc	Fix merge issue from 1.3 branch	2015-05-04 15:03:50 +02:00
Manuel Pégourié-Gonnard	e36d56419e	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: fix bug in ssl_mail_client Adapt compat.sh to GnuTLS 3.4 Fix undefined behaviour in x509 Conflicts: programs/ssl/ssl_mail_client.c tests/compat.sh	2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard	159c524df8	Fix undefined behaviour in x509	2015-04-30 11:21:18 +02:00
Manuel Pégourié-Gonnard	da61ed3346	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Include changes from the 1.2 branch Remove unused headers in o_p_test Add countermeasure against cache-based lucky 13 Make results of (ext)KeyUsage accessible Fix missing NULL check in MPI Fix detection of getrandom() Fix "make install" handling of symlinks Fix bugs in programs displaying verify flags Conflicts: Makefile include/polarssl/ssl.h library/entropy_poll.c library/ssl_srv.c library/ssl_tls.c programs/test/o_p_test.c programs/test/ssl_cert_test.c programs/x509/cert_app.c	2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard	7d1e95c991	Add countermeasure against cache-based lucky 13	2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard	e16b62c3a9	Make results of (ext)KeyUsage accessible	2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard	770b5e1e9e	Fix missing NULL check in MPI	2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard	d97828e7af	Fix detection of getrandom()	2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard	8a81e84638	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Add countermeasure against cache-based lucky 13 Conflicts: library/ssl_tls.c	2015-04-29 02:13:42 +02:00
Manuel Pégourié-Gonnard	1e2eae02cb	Adapt pthread implementation to recent changes	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	eab147c4d0	Rename pkcs11_xxx_init() to bind()	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	69a69cc5ae	memory_buffer_alloc_init() now returns void	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	41d479e7df	Split ssl_init() -> ssl_setup()	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	47fede0d6d	Add countermeasure against cache-based lucky 13	2015-04-29 01:35:48 +02:00
Manuel Pégourié-Gonnard	8d128efd48	Split mbedtls_ctr_drbg_init() -> seed()	2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard	f9e9481bc5	Split mbedtls_hmac_drbg_init() -> seed{,_buf}()	2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard	c34e8dd265	Split mbedtls_gcm_init() -> gcm_setkey()	2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard	6963ff0969	Split mbedtls_ccm_init() -> setkey()	2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard	bdd7828ca0	Always check return status of mutex_(un)lock()	2015-04-24 14:43:24 +02:00
Manuel Pégourié-Gonnard	331ba5778a	Fix some additional renaming issues	2015-04-20 12:33:57 +01:00
Manuel Pégourié-Gonnard	e6028c93f5	Fix some X509 macro names ... For some reason, during the great renaming, some names that should have been prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_	2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard	e6efa6f54e	manually merge 9f98251 make extKeyUsage accessible	2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard	b5f48ad82f	manually merge 39a183a add x509_crt_verify_info()	2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard	144bc224e9	Merge branch 'mbedtls-1.3' into development ... * commit 'a2fce21': Fix potential NULL dereference on bad usage Conflicts: library/ssl_tls.c	2015-04-17 20:39:07 +02:00
Manuel Pégourié-Gonnard	53c76c07de	Merge branch 'mbedtls-1.3' into development ... * commit 'ce60fbe': Fix potential timing difference with RSA PMS Update Changelog for recent merge Added more constant-time code and removed biases in the prime number generation routines. Conflicts: library/bignum.c library/ssl_srv.c	2015-04-17 20:19:32 +02:00
Manuel Pégourié-Gonnard	de9b363fbd	Merge branch mbedtls-1.3 into development ... * commit '95f0089': Update Changelog for DH params Add test case for dh params with privateValueLength accept PKCS#3 DH parameters with privateValueLength included Conflicts: library/dhm.c	2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard	9f98251e72	Make results of (ext)KeyUsage accessible	2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard	39a183a629	Add x509_crt_verify_info()	2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard	a2fce21ae5	Fix potential NULL dereference on bad usage	2015-04-15 21:04:19 +02:00
Manuel Pégourié-Gonnard	ce60fbeb30	Fix potential timing difference with RSA PMS	2015-04-15 16:56:28 +02:00
Manuel Pégourié-Gonnard	aac657a1d3	Merge remote-tracking branch 'pj/development' into mbedtls-1.3 ... * pj/development: Added more constant-time code and removed biases in the prime number generation routines.	2015-04-15 14:12:59 +02:00
Daniel Kahn Gillmor	2ed81733a6	accept PKCS#3 DH parameters with privateValueLength included ... library/dhm.c: accept (and ignore) optional privateValueLength for PKCS#3 DH parameters. PKCS#3 defines the ASN.1 encoding of a DH parameter set like this: ---------------- DHParameter ::= SEQUENCE { prime INTEGER, -- p base INTEGER, -- g privateValueLength INTEGER OPTIONAL } The fields of type DHParameter have the following meanings: o prime is the prime p. o base is the base g. o privateValueLength is the optional private-value length l. ---------------- See: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc This optional parameter was added in PKCS#3 version 1.4, released November 1, 1993. dhm.c currently doesn't cope well with PKCS#3 files that have this optional final parameter included. i see errors like: ------------ dhm_parse_dhmfile returned -0x33E6 Last error was: -0x33E6 - DHM - The ASN.1 data is not formatted correctly : ASN1 - Actual length differs from expected lengt ------------ You can generate PKCS#3 files with this final parameter with recent versions of certtool from GnuTLS: certtool --generate-dh-params > dh.pem	2015-04-15 13:27:13 +02:00
Manuel Pégourié-Gonnard	862d503c01	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Fix typos in Changelog Fix macro name from wrong branch Fix bug in pk_parse_key() Fixed typos Updated Travis CI config for mbedtls project Conflicts: include/mbedtls/ecp.h include/polarssl/compat-1.2.h include/polarssl/openssl.h include/polarssl/platform.h library/pkparse.c programs/pkey/mpi_demo.c	2015-04-15 11:30:46 +02:00
Manuel Pégourié-Gonnard	e6c8366b46	Fix bug in pk_parse_key()	2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard	e1e5871a55	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Fix bug in pk_parse_key() Update generated file Conflicts: library/pkparse.c library/version_features.c	2015-04-15 10:50:34 +02:00
Manuel Pégourié-Gonnard	924cd100a6	Fix bug in pk_parse_key()	2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard	975d5fa206	Remove option HAVE_LONGLONG	2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard	7b53889f05	Remove support for HAVE_INT8 and HAVE_INT16	2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard	b31424c86a	Make HAVE_IPV6 non-optional	2015-04-09 16:42:38 +02:00
Manuel Pégourié-Gonnard	dbd60f72b1	Update generated file	2015-04-09 16:35:54 +02:00
Manuel Pégourié-Gonnard	8408a94969	Remove MBEDTLS_ from internal macros	2015-04-09 13:52:55 +02:00
Manuel Pégourié-Gonnard	e546ad4afd	Fix comment generated by generate_errors.pl	2015-04-08 20:27:02 +02:00
Manuel Pégourié-Gonnard	2cf5a7c98e	The Great Renaming ... A simple execution of tmp/invoke-rename.pl	2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard	df791a51f6	Simplify net_htonx()	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	932e3934bd	Fix typos & Co	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	62edcc8176	Document POLARSSL_CAMELLIA_SMALL_MEMORY	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	07ec1ddd10	Fix bug with ssl_set_curves() check on client	2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard	a5cc2aa769	Fix bug in POLARSSL_PLATFORM_STD_EXIT support	2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard	29f777ef54	Fix bug with ssl_set_curves() check on client	2015-04-03 17:57:59 +02:00
Manuel Pégourié-Gonnard	32a7fe3fec	Fix bug in POLARSSL_PLATFORM_STD_EXIT support	2015-04-03 17:56:30 +02:00
Manuel Pégourié-Gonnard	998930ae0d	Replace non-ascii characters in source files	2015-04-03 13:48:06 +02:00
Manuel Pégourié-Gonnard	eadda3f3ad	Add missing #ifdef in ecdsa.c	2015-04-03 13:15:34 +02:00
Manuel Pégourié-Gonnard	2bc16df2f4	Update generated file	2015-04-03 13:04:56 +02:00
Manuel Pégourié-Gonnard	f1d2f7c456	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Fix bug in Via Padlock support Fix portability issue in Makefile	2015-04-02 12:44:00 +01:00
Manuel Pégourié-Gonnard	cf201201e6	Fix bug in Via Padlock support	2015-04-02 10:53:59 +01:00
Manuel Pégourié-Gonnard	427b672551	Add XXX_PROCESS_ALT mecchanism	2015-03-31 18:32:50 +02:00
Manuel Pégourié-Gonnard	26c9f90cae	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Add missing depends in x509 programs Simplify ifdef checks in programs/x509 Fix thread safety issue in RSA operations Add test certificate for bitstring in DN Add support for X.520 uniqueIdentifier Accept bitstrings in X.509 names	2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard	8c8be1ebbb	Change default min TLS version to TLS 1.0	2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard	d16df8f60a	Cleanup unused bit in ssl ... Became unused when removing deprecated ssl_set_own_cert_xxx() functions	2015-03-31 14:04:51 +02:00
Manuel Pégourié-Gonnard	348bcb3694	Make RSA_ALT support optionnal	2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard	8fce937a1a	Simplify ecdsa_context	2015-03-31 13:06:41 +02:00
Manuel Pégourié-Gonnard	49ce6f0973	Fix constness of asn1_write_mpi()	2015-03-31 13:05:39 +02:00
Manuel Pégourié-Gonnard	dfdcac9d51	Merge ecdsa_write_signature{,_det}() together	2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard	63e931902b	Make a helpful constant public	2015-03-31 11:15:48 +02:00
Manuel Pégourié-Gonnard	b8cfe3f0d9	pk_sign() now requires non-NONE md_alg for ECDSA	2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard	fa44f20b9f	Change authmode default to Required on client	2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard	1d0ca1a336	Move key_usage to more that 8 bits	2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard	1022fed36e	Remove redundant sig_oid2 in x509 structures	2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard	a252af760f	Minor source simplification	2015-03-27 16:15:55 +01:00
Manuel Pégourié-Gonnard	88fca3ef0e	Fix thread safety issue in RSA operations ... The race was due to mpi_exp_mod storing a Montgomery coefficient in the context (RM, RP, RQ). The fix was verified with -fsanitize-thread using ssl_pthread_server and two concurrent clients. A more fine-grained fix should be possible, locking just enough time to check if those values are OK and set them if not, rather than locking for the whole mpi_exp_mod() operation, but it will be for later.	2015-03-27 15:12:05 +01:00
Manuel Pégourié-Gonnard	9409e0cea2	Add support for X.520 uniqueIdentifier	2015-03-27 13:03:54 +01:00
Manuel Pégourié-Gonnard	dd5dbcae90	Accept bitstrings in X.509 names	2015-03-27 13:03:09 +01:00
Manuel Pégourié-Gonnard	957b1ee96e	Fix per-C99 initializer issues	2015-03-27 11:56:40 +01:00
Manuel Pégourié-Gonnard	a958d69a70	Rename test_ca_list to test_cas_pem	2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard	2f165060f0	Start introducing test_cas NULL-terminated list	2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard	75f901006b	Add len constants to certs.c	2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard	e960818735	Check return value of the TLS PRF	2015-03-26 11:47:47 +01:00
Manuel Pégourié-Gonnard	b7fcca33b9	Make tls1_prf and tls12_prf more efficient ... Repeatedly allocating a context and setting the key was a waste	2015-03-26 11:41:28 +01:00
Manuel Pégourié-Gonnard	6890c6b64e	Factor tls_prf_sha{256,384} together	2015-03-26 11:11:49 +01:00
Manuel Pégourié-Gonnard	147fa097e2	Reintroduce md_init_ctx compatibility wrapper	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	abb674467b	Rename md_init_ctx() to md_setup()	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	a77edade0c	Clean up unneeded things	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	4063ceb281	Make hmac_ctx optional ... Note from future self: actually md_init_ctx will be re-introduced with the same signature later, and a new function with the additional argument will be added.	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	dfb3dc8b53	Make ipad/opad dynamic and more opaque	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	4da88c50c1	Remove specific xxx_hmac functions	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	7da726bb53	Remove calls to xxx_hmac() from SSL modules	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	0a8896ad6f	Remove references to xxx_hmac() from MD layer	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	8379a82a76	Implement hmac in the MD layer	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	ca878dbaa5	Make md_info_t an opaque structure ... - more freedom for us to change it in the future - enforces hygiene - performance impact of making accessors no longer inline should really be negligible	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	9325b26b42	Fix warning with mingw32 ... Apparently it thinks getsockopt()'s should be a char *, while it's a void * according to POSIX. Casting to void * avoids the warning.	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	9a65e80e4f	Properly mark ssl_set_bio() as deprecated	2015-03-25 18:09:46 +01:00
Manuel Pégourié-Gonnard	e424d0814d	Refresh generated file after merge	2015-03-23 14:31:50 +01:00
Manuel Pégourié-Gonnard	8a80318df2	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Update generated file Update Changelog for deprecation config flags Fix tests to work with DEPRECATED_REMOVED Add POLARSSL_DEPRECATED_{WARNING,REMOVED} Suppress clang warning we don't want	2015-03-23 14:31:25 +01:00
Manuel Pégourié-Gonnard	bf8f7febd8	Update generated file	2015-03-23 14:24:06 +01:00
Manuel Pégourié-Gonnard	c70581c272	Add POLARSSL_DEPRECATED_{WARNING,REMOVED}	2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard	85b6600ab2	Suppress clang warning we don't want	2015-03-23 12:03:49 +01:00
Manuel Pégourié-Gonnard	849b174e57	Disable RC4 by default in the library	2015-03-20 19:14:19 +00:00
Manuel Pégourié-Gonnard	391af97a71	Re-remove file after merge failure (my fault)	2015-03-20 18:31:01 +00:00
Manuel Pégourié-Gonnard	9395298d12	Fix use of deprecated function in the library	2015-03-20 18:23:52 +00:00
Manuel Pégourié-Gonnard	47723147f5	Remove functions deprecated in 1.3	2015-03-20 18:21:12 +00:00
Manuel Pégourié-Gonnard	9658391073	Fix use of deprecated function in the library	2015-03-20 18:19:32 +00:00
Manuel Pégourié-Gonnard	7c4e60fa7d	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Mark a few additional deprecations Use proper doxygen markup to mark deprecations Add -fdata-sections in memory.sh too	2015-03-20 17:30:31 +00:00
Manuel Pégourié-Gonnard	71432849ed	Use proper doxygen markup to mark deprecations	2015-03-20 17:26:50 +00:00
Manuel Pégourié-Gonnard	a78b218042	Fix contness of debug_print_buf()	2015-03-19 17:16:11 +00:00
Manuel Pégourié-Gonnard	6e0643762d	Reverse meaning of OID_CMP	2015-03-19 16:54:56 +00:00
Manuel Pégourié-Gonnard	852a6d3d8f	Rename ssl.renegotiation to ssl.renego_status	2015-03-19 16:15:20 +00:00
Manuel Pégourié-Gonnard	240b092a6c	Drop dummy self_test functions	2015-03-19 15:30:28 +00:00
Manuel Pégourié-Gonnard	8d92cedd11	Fix constness issue in pkcs5_pbes2()	2015-03-19 15:21:13 +00:00
Manuel Pégourié-Gonnard	0db107e4ba	Fix pk_can_do() constness issue	2015-03-19 14:01:57 +00:00
Manuel Pégourié-Gonnard	fa8aebcbcc	Fix a constness issue	2015-03-19 13:38:17 +00:00
Manuel Pégourié-Gonnard	35f1d7f0aa	Update signature of mpi_mul_mpi()	2015-03-19 12:42:40 +00:00
Manuel Pégourié-Gonnard	8ee08a259a	Update generated file	2015-03-13 16:33:40 +00:00
Manuel Pégourié-Gonnard	cc0d084820	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Actually use armcc for the armcc test ^^' Add more -O level variety in all.sh Document recent make changes build: Makefile: cleanup CFLAGS build: Makefile: cleanup LDFLAGS build: Makefile: simplify root Makefile build: Makefile: remove bashism Conflicts: programs/Makefile	2015-03-13 16:32:40 +00:00
Alon Bar-Lev	f7a9f30348	build: Makefile: cleanup CFLAGS ... CFLAGS are reserved for external interaction via make variable, the following should work: $ make CFLAGS="-O3" $ CFLAGS="-O3" make 1. Move internal flags to LOCAL_CFLAGS 2. Respect external CFLAGS 3. CFLAGS should be last compiler flags. 4. Default CFLAGS is -O optimization, remove OFLAGS. 5. Add WARNING_CFLAGS to control warning setting and enable to remove if compiler does not support flags. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-03-13 13:34:25 +00:00
Alon Bar-Lev	ada4105ba2	build: Makefile: cleanup LDFLAGS ... LDFLAGS are reserved for external interaction via make variable, the following should work: $ make LDFLAGS="-L/xxx" $ LDFLAGS="-L/xxx" make 1. Move internal flags to LOCAL_LDFLAGS 2. Respect external LDFLAGS 3. LDFLAGS should be last linkage flags. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-03-13 13:34:25 +00:00
Manuel Pégourié-Gonnard	a06d7fe3fe	Avoid possible spurious warning with gcc -Os ... Outline: if( condition ) foo = value; /* stuff that does not change condition */ if( condition ) /* use foo */ else /* don't use foo */ For some reason, it appears to only kick in with -Os with gcc 4.9.3	2015-03-13 11:14:31 +00:00
Pascal Junod	b99183dfc6	Added more constant-time code and removed biases in the prime number generation routines.	2015-03-11 16:49:45 +01:00
Manuel Pégourié-Gonnard	b6b16bddc3	Drop pbkdf2 module (superseded by pkcs5)	2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard	f9c1387b9d	Drop POLARSSL_ERROR_STRERROR_BC	2015-03-11 10:59:38 +00:00
Manuel Pégourié-Gonnard	57a26da593	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Use link-time garbage collection in memory.sh scripts/memory.sh only work on Linux Add missing 'const' on selftest data Use only headers for doxygen (no doc in C files) Add missing extern "C" guard in aesni.h Fix compile error with renego disabled Remove slow PKCS5 test Stop checking key-cert match systematically Make tests/*.sh runnable from anywhere Update visual C files	2015-03-11 10:30:21 +00:00
Manuel Pégourié-Gonnard	28122e4329	Add missing 'const' on selftest data	2015-03-11 09:13:42 +00:00
Manuel Pégourié-Gonnard	51bccd3889	Fix compile error with renego disabled	2015-03-10 16:09:08 +00:00
Manuel Pégourié-Gonnard	73ed39d4b1	Remove slow PKCS5 test	2015-03-10 15:59:22 +00:00
Manuel Pégourié-Gonnard	f427f8854a	Stop checking key-cert match systematically	2015-03-10 15:35:29 +00:00
Manuel Pégourié-Gonnard	69849f8595	Drop renego state from context if no renego support	2015-03-10 11:54:02 +00:00
Manuel Pégourié-Gonnard	d2b35ec3d3	Fix bug in no-renego option	2015-03-10 11:40:43 +00:00
Manuel Pégourié-Gonnard	9db41f0996	Refresh generated file	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	7f8099773e	Rename include directory to mbedtls	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	129db08c90	Rm polarssl compat targets from Makefiles	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	ed99d70309	Rename macro to avoid possible future collision	2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard	2f5a1b4e55	Rename SSL_RENEGOTIATION macro ... - new name is more explicit - avoids collision with POLARSSL_SSL_RENEGOTIATION config flag when prefixing will be applied	2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard	9b6699066e	Fix typos in macro names	2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard	e4d4890350	Finish renaming website	2015-03-06 13:40:52 +00:00
Manuel Pégourié-Gonnard	998897be3d	Merge branch 'mbedtls-1.3' into development ... * mbedtls-1.3: Rename website and repository Move private macro from header to C file Add some missing 'static' on a few objects Fix whitespace issues Minor portability fix in benchmark	2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard	fe44643b0e	Rename website and repository	2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard	1dd1674559	Move private macro from header to C file	2015-03-06 12:01:27 +00:00
Manuel Pégourié-Gonnard	385069f17d	Add some missing 'static' on a few objects	2015-03-06 12:01:27 +00:00
Manuel Pégourié-Gonnard	cabf4b83ab	Merge branch 'development' into dtls ... * development: Fix -fPIC when cross-compiling to windows	2015-02-18 18:14:53 +00:00
Manuel Pégourié-Gonnard	02ba5785bf	Fix -fPIC when cross-compiling to windows	2015-02-18 13:42:26 +00:00
Manuel Pégourié-Gonnard	4e41c99ed8	Merge branch 'development' into dtls ... * development: Avoid possible dangling pointers Conflicts: library/ssl_tls.c	2015-02-18 10:39:49 +00:00
Manuel Pégourié-Gonnard	f7db5e0a4a	Avoid possible dangling pointers ... If the allocation fails, we don't really want ssl->in_ctr = 8 lying around.	2015-02-18 10:32:41 +00:00
Manuel Pégourié-Gonnard	cd4cd1dd26	Merge branch 'development' into dtls ... * development: Fix the fix to ssl_set_psk() Update Changelog Finish fixing memleak in ssl_server2 arg parsing Fix another potential memory leak found by find-mem-leak.cocci. Add a rule for another type of memory leak to find-mem-leak.cocci. Fix a potential memory leak found by find-mem-leak.cocci. Add a semantic patch to find potential memory leaks. Fix whitespace of 369e6c20. Apply the semantic patch rm-malloc-cast.cocci. Add a semantic patch to remove casts of malloc.	2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard	f45850c493	Fix the fix to ssl_set_psk() ... - possible for the first malloc to fail and the second to succeed - missing = NULL assignment	2015-02-18 10:23:52 +00:00
Manuel Pégourié-Gonnard	ac08b543db	Merge remote-tracking branch 'rasp/mem-leak' into development ... * rasp/mem-leak: Fix another potential memory leak found by find-mem-leak.cocci. Add a rule for another type of memory leak to find-mem-leak.cocci. Fix a potential memory leak found by find-mem-leak.cocci. Add a semantic patch to find potential memory leaks. Fix whitespace of 369e6c20. Apply the semantic patch rm-malloc-cast.cocci. Add a semantic patch to remove casts of malloc. Conflicts: programs/ssl/ssl_server2.c	2015-02-18 10:07:22 +00:00
Mansour Moufid	f81088bb80	Fix a potential memory leak found by find-mem-leak.cocci.	2015-02-17 13:10:21 -05:00
Manuel Pégourié-Gonnard	b251a20a7e	Merge branch 'development' into dtls ... * development: Fix missing/misplaced #include's	2015-02-17 15:48:15 +00:00
Manuel Pégourié-Gonnard	981732bb8e	Fix missing/misplaced #include's	2015-02-17 15:47:31 +00:00
Manuel Pégourié-Gonnard	394608ee00	Fix misplaced includes	2015-02-17 15:20:11 +00:00
Manuel Pégourié-Gonnard	d901d17817	Merge branch 'development' into dtls ... * development: (100 commits) Update Changelog for the mem-measure branch Fix issues introduced when rebasing Fix compile error in memory_buffer_alloc_selftest Code cosmetics Add curve25519 to ecc-heap.sh Add curve25519 to the benchmark program Fix compile issue when buffer_alloc not available New script ecc-heap.sh Fix unused variable issue in some configs Rm usunused member in private struct Add heap usage for PK in benchmark Use memory_buffer_alloc() in benchmark if available Only define mode_func if mode is enabled (CBC etc) PKCS8 encrypted key depend on PKCS5 or PKCS12 Disable SRV_C for client measurement Output stack+heap usage with massif Enable NIST_OPTIM by default for config-suite-b Refactor memory.sh Adapt memory.sh to config-suite-b Adapt mini-client for config-suite-b.h ... Conflicts: ChangeLog include/polarssl/net.h library/Makefile library/error.c library/ssl_tls.c programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/Makefile	2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard	491a3fe057	Fix compile error in memory_buffer_alloc_selftest	2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard	0da7b040d1	Rm usunused member in private struct	2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard	50da0482e0	Add heap usage for PK in benchmark	2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard	b8ca723154	Only define mode_func if mode is enabled (CBC etc)	2015-02-16 17:23:59 +00:00
Manuel Pégourié-Gonnard	a2424a045a	PKCS8 encrypted key depend on PKCS5 or PKCS12	2015-02-16 17:22:47 +00:00
Manuel Pégourié-Gonnard	aff2976d10	Merge branch 'build' into development ... * build: build: make: support windows cross compile	2015-02-16 15:26:09 +00:00
Manuel Pégourié-Gonnard	09eb14c01e	Revert "Require unix-utils in path for windows make" ... This reverts commit 5d46cca09a. In preparation of merging an external contribution that superseedes this Conflicts: ChangeLog	2015-02-16 15:25:31 +00:00
Manuel Pégourié-Gonnard	f812054d00	Revert "Replace SONAME with SOVERSION in makefile" ... This reverts commit 418080010a. In preparation of merging one external contribution that supersedes this.	2015-02-16 15:24:17 +00:00
Mansour Moufid	99b9259f76	Fix whitespace of 369e6c20.	2015-02-16 10:43:52 +00:00
Mansour Moufid	c531b4af3c	Apply the semantic patch rm-malloc-cast.cocci. ... for dir in library programs; do spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \ --in-place; done	2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard	d48bf6892c	Write literal byte more clearly	2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard	85fadb749c	Make loop bound more obvious ... Helps static analyzers and does not decrease human readability.	2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard	6fdc4cae53	Fix potential signedness issue	2015-02-16 09:13:40 +00:00
Mansour Moufid	bd1d44e251	Fix whitespace of 369e6c20.	2015-02-15 17:51:07 -05:00
Mansour Moufid	369e6c20b3	Apply the semantic patch rm-malloc-cast.cocci. ... for dir in library programs; do spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \ --in-place; done	2015-02-15 17:49:11 -05:00
Alon Bar-Lev	18ba0cce8b	build: make: support windows cross compile ... Add WINDOWS_BUILD macro to enable Windows build on *NIX host. Add optional suffix for executables. Fix shared object suffix logic to support multiple suffixes. Fix soname handling to always match output. WINDOWS macro sets WINDOWS_BUILD. WINDOWS_BUILD sets .exe executable suffix. WINDOWS_BUILD shared mode creates dll import library. WINDOWS_BUILD shared mode link against dll. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-02-14 01:20:17 +02:00
Manuel Pégourié-Gonnard	0928640095	Update generated files	2015-02-13 15:18:33 +00:00
Manuel Pégourié-Gonnard	ac1f76c362	Merge remote-tracking branch 'rich/platform' into development ... * rich/platform: Remove dependency on sscanf in lib x509 Fix extra guard in memory_buffer_alloc rebase from development implemented macro overriding for polarssl_* library functions fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined add initial symbols to config and checks to check_config to allow use of macros to define standard functions reformat and arrange additions to config alphabetically add missing checks to check_config add macro definition of assert using polarssl_exit modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit add POLARSSL_PLATFORM_EXIT_ALT modify scripts/* and tests/* to use polarssl_snprintf modify programs/*.c to use polarssl_snprintf modify library/debug.c to use polarssl_snprintf modify library/x509*.c to use polarssl_snprintf modify library/net.c to use polarssl_snprintf modify oid.c to use polarssl_snprintf add platform_set_snprintf Conflicts: library/memory_buffer_alloc.c programs/pkey/pk_sign.c programs/pkey/pk_verify.c programs/pkey/rsa_sign_pss.c programs/pkey/rsa_verify_pss.c programs/ssl/ssl_client2.c programs/ssl/ssl_pthread_server.c programs/test/benchmark.c programs/test/ssl_cert_test.c	2015-02-13 15:11:24 +00:00
Rich Evans	7d5a55a365	Remove dependency on sscanf in lib x509	2015-02-13 13:50:26 +00:00
Rich Evans	c8ada6d410	Fix extra guard in memory_buffer_alloc	2015-02-13 13:50:26 +00:00
Rich Evans	77d3638497	modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit	2015-02-13 13:50:26 +00:00
Rich Evans	c39cb4986b	add POLARSSL_PLATFORM_EXIT_ALT	2015-02-13 13:50:26 +00:00
Rich Evans	2387c7d105	modify library/debug.c to use polarssl_snprintf	2015-02-13 13:50:26 +00:00
Rich Evans	fac657fd52	modify library/x509*.c to use polarssl_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	a18b11f285	modify library/net.c to use polarssl_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	8f3a9436a9	modify oid.c to use polarssl_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	46b0a8d15a	add platform_set_snprintf	2015-02-13 13:50:25 +00:00
Rich Evans	36796df815	Added missing stdio in lib x509.c needed for sscanf	2015-02-13 13:50:05 +00:00
Rich Evans	d08a605dac	Remove platform guard in mem buffer alloc	2015-02-13 13:50:05 +00:00
Manuel Pégourié-Gonnard	3cfb34564f	Avoid warning from mingw for shared library	2015-02-13 13:34:08 +00:00
Manuel Pégourié-Gonnard	418080010a	Replace SONAME with SOVERSION in makefile ... - avoids duplication - fixes warning about redefined rule with WINDOWS=1	2015-02-13 13:15:13 +00:00
Manuel Pégourié-Gonnard	5d46cca09a	Require unix-utils in path for windows make	2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard	d72704b0d5	Remove work-around for alleged compiler bug ... It turns out the problem was with the way the reporter was invoking its toolchain, not the toolchain itself.	2015-02-12 09:38:54 +00:00
Manuel Pégourié-Gonnard	2ee8d24ca2	Simplify some constant-time code ... Some people recommend using bit operations to avoid the compiler producing a branch on `ret != 0`, but: - this makes the code less readable, - here I got a warning from some compilers about unsigned unary minus - and anyway modern compilers don't produce a branch here, checked on x64 and arm with various -O values.	2015-02-11 15:29:15 +00:00
Manuel Pégourié-Gonnard	06d7519697	Fix msvc warning	2015-02-11 14:54:11 +00:00
Manuel Pégourié-Gonnard	fba22fdc7e	Avoid warning from ar	2015-02-11 14:24:47 +00:00
Manuel Pégourié-Gonnard	6d71e4e6c3	Fix one more warning on windows	2015-02-11 12:54:35 +00:00
Manuel Pégourié-Gonnard	dda5213982	Fix harmless warnings with mingw in timing.c	2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard	38433535e3	Fix hardclock() with mingw64	2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard	a273371fc4	Fix "int vs enum" warnings from armcc v5 ... enumerated type mixed with another type	2015-02-10 17:34:48 +01:00
Manuel Pégourié-Gonnard	7f84905552	Fix two warnings from armcc v5 ... assignment in condition	2015-02-10 17:34:35 +01:00
Manuel Pégourié-Gonnard	45ec8da7e5	Fix missing include in i386-specific file	2015-02-10 13:50:47 +00:00
Manuel Pégourié-Gonnard	0c851ee1c8	Fix missing include in non-default things	2015-02-10 12:47:52 +00:00
Rich Evans	ce2f237697	change test function includes to use one convention	2015-02-10 11:28:46 +00:00
Rich Evans	00ab47026b	cleanup library and some basic tests. Includes, add guards to includes	2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard	f7d2bbaa62	Merge branch 'development' into dtls ... * development: Add missing guards for gnuTLS Prepare for mbed TLS 1.3.10 release Fix potential timing issue in RSA pms handling Conflicts: ChangeLog doxygen/input/doc_mainpage.h doxygen/mbedtls.doxyfile include/polarssl/version.h library/CMakeLists.txt library/ssl_srv.c tests/suites/test_suite_version.data visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw	2015-02-09 11:42:40 +00:00
Paul Bakker	daae3b749b	Prepare for mbed TLS 1.3.10 release	2015-02-08 15:49:54 +01:00
Peter Dettman	ce661b2cb8	Perf: rewrite of ecp_double_jac ... - Improve optimization for special case A == -3. - Add optimization for special case A == 0. - Use alternative base formula, saving several additions. - Reduce temp variables to 4 (from 6).	2015-02-07 14:43:51 +07:00
Manuel Pégourié-Gonnard	6674cce892	Fix potential timing issue in RSA pms handling	2015-02-06 11:36:56 +00:00
Manuel Pégourié-Gonnard	4eaf8f02bb	Merge branch 'development' into dtls ... * development: Support composite RDNs in X.509 certs parsing	2015-02-05 11:01:37 +00:00
Manuel Pégourié-Gonnard	555fbf8758	Support composite RDNs in X.509 certs parsing	2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard	3d2c4b70f2	Fix url in new files	2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard	2a0718d947	Merge branch 'development' into dtls ... * development: (46 commits) Fix url again Fix small bug in base64_encode() Fix depend that was checked but not documented Fix dependency that was not checked Minor gitginore fixes Move some ignore patterns to subdirectories Ignore CMake/MSVC-related build files. Re-categorize changelog entry Fix misattribution Minor nits with stdout/stderr. Add cmake compatibility targets Add script for polarssl symlink creation Fix more stdio inclusion issues Add debug info for cert/suite selection Fix possible portability issue Fix bug in ssl_get_verify_result() aescrypt2.c local char array not initial Update Changelog Fix mips64 bignum implementation Fix usage string of ssl_client2 ... Conflicts: include/polarssl/ssl.h library/CMakeLists.txt library/Makefile programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c visualc/VS2010/PolarSSL.sln visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw	2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard	860b51642d	Fix url again	2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard	65fc6a886a	Fix small bug in base64_encode()	2015-01-28 16:49:26 +00:00
Manuel Pégourié-Gonnard	78dbeeffd3	Minor gitginore fixes	2015-01-28 15:34:01 +00:00
Manuel Pégourié-Gonnard	3f738ca40a	Move some ignore patterns to subdirectories	2015-01-28 15:33:23 +00:00
Manuel Pégourié-Gonnard	2a9c8b62bf	Add cmake compatibility targets	2015-01-28 15:21:25 +00:00
Manuel Pégourié-Gonnard	7cbe1318d8	Fix more stdio inclusion issues	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	607d663b41	Add debug info for cert/suite selection	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	ceedb8292e	Fix possible portability issue ... The & 0xFF should not be necessary on platforms with 8-bit chars, but one user reported having problems with his compiler on such a platform.	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	e89163c0a8	Fix bug in ssl_get_verify_result()	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	e94e6e5b9c	Fix stdio (non-)inclusion issues.	2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard	9014b6f227	Rename project in CMake ... TODO: to create symlinks to the old names!	2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard	145422f74d	Make now creates libmbedtls.so with polarssl link	2015-01-27 11:36:50 +01:00
Manuel Pégourié-Gonnard	04a81d5c65	Fix issue in previous commit ... Even with shared we need to build the static library since programs are using it.	2015-01-27 11:36:41 +01:00
Manuel Pégourié-Gonnard	acdb9b9525	Fix unchecked error code on Windows	2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard	cfa9a45dd6	Rename in cmake help strings	2015-01-23 13:33:31 +00:00
Manuel Pégourié-Gonnard	c26a092b50	Rename static lib name with make	2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard	c5d68e5b70	Fix dependency declaration	2015-01-23 12:37:21 +00:00
Manuel Pégourié-Gonnard	dba564bc79	Fix files that are not in development	2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard	df6411d8d8	Merge branch 'development' into dtls ... * development: Fix website url to use https. Remove maintainer line. Remove redundant "all rights reserved"	2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard	085ab040aa	Fix website url to use https.	2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard	9698f5852c	Remove maintainer line.	2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard	19f6b5dfaa	Remove redundant "all rights reserved"	2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard	a34aa70b23	Update version_features	2015-01-23 10:27:36 +00:00
Manuel Pégourié-Gonnard	177b73045a	Regenerate version_features	2015-01-23 10:26:11 +00:00
Manuel Pégourié-Gonnard	eab72e2ced	Merge branch 'development' into dtls ... * development: Update copyright Fix issue in compat.sh Rename doxyfile Rename to mbed TLS in tests/ Rename to mbed TLS in examples Remove old test certificates. Rename to mbed TLS in the documentation/comments Change name to mbed TLS in the copyright notice Conflicts: doxygen/input/doc_mainpage.h doxygen/mbedtls.doxyfile include/polarssl/version.h tests/compat.sh	2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard	a658a4051b	Update copyright	2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard	b4fe3cb1fa	Rename to mbed TLS in the documentation/comments	2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard	967a2a5f8c	Change name to mbed TLS in the copyright notice	2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard	3a173f497b	Merge branch 'development' into dtls ... * development: Fix error code description. generate_errors.pl now errors on duplicate codes Avoid nested if's without braces. Move renego SCSV after actual ciphersuites Fix send_close_notify usage. Rename variable for clarity Improve script portability Conflicts: library/ssl_srv.c programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard	11c919208d	Fix error code description.	2015-01-22 13:22:12 +00:00
Manuel Pégourié-Gonnard	59c6f2ef21	Avoid nested if's without braces. ... Creates a potential for confusing code if we later want to add an else clause.	2015-01-22 11:06:40 +00:00
Manuel Pégourié-Gonnard	5d9cde25da	Move renego SCSV after actual ciphersuites	2015-01-22 10:49:41 +00:00
Manuel Pégourié-Gonnard	67505bf9e8	Merge branch 'development' into dtls ... * development: Adapt tests to new defaults/errors. Fix typos/cosmetics in Changelog Disable RC4 by default in example programs. Add ssl_set_arc4_support() Set min version to TLS 1.0 in programs Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c tests/compat.sh	2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard	bfccdd3c92	Merge commit '36adc36' into dtls ... * commit '36adc36': Add support for getrandom() Use library default for trunc-hmac in ssl_client2 Make truncated hmac a runtime option server-side Fix portability issue in script Specific error for suites in common but none good Prefer SHA-1 certificates for pre-1.2 clients Some more refactoring/tuning. Minor refactoring Conflicts: include/polarssl/error.h include/polarssl/ssl.h library/error.c	2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard	0017c2be48	Merge commit '9835bc0' into dtls ... * commit '9835bc0': Fix racy test. Fix stupid error in previous commit Don't check errors on ssl_close_notify() Fix char signedness issue Fix issue with non-blocking I/O & record splitting Fix warning Conflicts: programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard	8fbb01ec84	Merge commit 'b2eaac1' into dtls ... * commit 'b2eaac1': Stop assuming chars are signed Add tests for CBC record splitting Fix tests that were failing with record splitting Allow disabling record splitting at runtime Add 1/n-1 record splitting Enhance doc on ssl_write() Conflicts: include/polarssl/ssl.h programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard	b89c4f35a1	Fixes for the renego-option merge	2015-01-21 13:24:10 +00:00
Manuel Pégourié-Gonnard	0af1ba3521	Merge commit 'f6080b8' into dtls ... * commit 'f6080b8': Fix warning in reduced configs Adapt to "negative" switch for renego Add tests for periodic renegotiation Make renego period configurable Auto-renegotiate before sequence number wrapping Update Changelog for compile-option renegotiation Switch from an enable to a disable flag Save 48 bytes if SSLv3 is not defined Make renegotiation a compile-time option Add tests for renego security enforcement Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard	edb7ed3a43	Merge commit 'd7e2483' into dtls ... * commit 'd7e2483': (57 commits) Skip signature_algorithms ext if PSK only Fix bug in ssl_client2 reconnect option Cosmetics in ssl_server2 Improve debugging message. Fix net_usleep for durations greater than 1 second Use pk_load_file() in X509 Create ticket keys only if enabled Fix typo in #ifdef Clarify documentation a bit Fix comment on resumption Update comment from draft to RFC Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c Add recursion.pl to all.sh Allow x509_crt_verify_child() in recursion.pl Set a compile-time limit to X.509 chain length Fix 3DES -> DES in all.sh (+ time estimates) Add curves.pl to all.sh Rework all.sh to use MSan instead of valgrind Fix depends on individual curves in tests Add script to test depends on individual curves ... Conflicts: CMakeLists.txt programs/ssl/ssl_client2.c	2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard	f9c8a606b5	Merge commit '8b9bcec' into dtls ... * commit '8b9bcec': Stop assuming chars are signed Fix len miscalculation in buffer-based allocator Fix NULL dereference in buffer-based allocator Add test_suite_memory_buffer_alloc Add memory_buffer_alloc_self_test() Fix missing bound check Add test for ctr_drbg_update() input sanitizing Refactor for clearer correctness/security Stop assuming chars are signed Conflicts: library/ssl_tls.c	2015-01-20 16:38:39 +00:00
Paul Bakker	5b8f7eaa3e	Merge new security defaults for programs (RC4 disabled, SSL3 disabled)	2015-01-14 16:26:54 +01:00
Paul Bakker	36adc3631c	Merge support for getrandom() call	2015-01-14 16:19:59 +01:00
Paul Bakker	c82b7e2003	Merge option to disable truncated hmac on the server-side	2015-01-14 16:16:55 +01:00
Paul Bakker	e522d0fa57	Merge smarter certificate selection for pre-TLS-1.2 clients	2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard	a852cf4833	Fix issue with non-blocking I/O & record splitting	2015-01-13 20:56:15 +01:00
Manuel Pégourié-Gonnard	d5746b36f9	Fix warning	2015-01-13 20:33:24 +01:00
Paul Bakker	f3561154ff	Merge support for 1/n-1 record splitting	2015-01-13 16:31:34 +01:00
Paul Bakker	f6080b8557	Merge support for enabling / disabling renegotiation support at compile-time	2015-01-13 16:18:23 +01:00
Paul Bakker	d7e2483bfc	Merge miscellaneous fixes into development	2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard	5dd28ea432	Fix len miscalculation in buffer-based allocator	2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard	547ff6618f	Fix NULL dereference in buffer-based allocator	2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard	5ba1d52f96	Add memory_buffer_alloc_self_test()	2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard	5cb4b31057	Fix missing bound check	2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard	bd47a58221	Add ssl_set_arc4_support() ... Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting.	2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard	352143fa1e	Refactor for clearer correctness/security	2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard	f3c500fe47	Fix bug on OS X (BSD?) in net_accept() for UDP	2015-01-12 19:02:15 +01:00
Manuel Pégourié-Gonnard	18292456c5	Add support for getrandom()	2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard	e117a8fc0d	Make truncated hmac a runtime option server-side ... Reading the documentation of ssl_set_truncated_hmac() may give the impression I changed the default for clients but I didn't, the old documentation was wrong.	2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard	f01768c55e	Specific error for suites in common but none good	2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard	df331a55d2	Prefer SHA-1 certificates for pre-1.2 clients	2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard	6458e3b743	Some more refactoring/tuning.	2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard	846ba473af	Minor refactoring	2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard	cfa477ef2f	Allow disabling record splitting at runtime	2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard	d76314c44c	Add 1/n-1 record splitting	2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard	d94232389e	Skip signature_algorithms ext if PSK only	2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard	eaecbd3ba8	Fix warning in reduced configs	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	837f0fe831	Make renego period configurable	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	b445805283	Auto-renegotiate before sequence number wrapping	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	6186019d5d	Save 48 bytes if SSLv3 is not defined	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	615e677c0b	Make renegotiation a compile-time option	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	60346be2a3	Improve debugging message. ... This actually prints only the payload, not the potential IV and/or MAC, so (to me at least) it's much less confusing	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	e423246e7f	Fix net_usleep for durations greater than 1 second	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	9439f93ea4	Use pk_load_file() in X509 ... Saves a bit of ROM. X509 depends on PK anyway.	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	2457fa0915	Create ticket keys only if enabled	2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard	d16d1cb96a	Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c	2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard	fd6c85c3eb	Set a compile-time limit to X.509 chain length	2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard	6ed2d92629	Make x509_crl_parse() iterative	2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard	426d4ae7ff	Split x509_crl_parse_der() out of x509_crl_parse()	2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard	8c9223df84	Add text view to debug_print_buf()	2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard	0975ad928d	Merge branch 'etm' into dtls ... * etm: Fix some more warnings in reduced configs Fix typo causing MSVC errors	2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard	8e4b3374d7	Fix some more warnings in reduced configs	2014-11-17 15:06:13 +01:00
Manuel Pégourié-Gonnard	98aa19148c	Adjust warnings in different modes	2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard	e5b0fc1847	Make malloc-init script a bit happier	2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard	f631bbc1da	Make x509_string_cmp() iterative	2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard	8a5e3d4a40	Forbid repeated X.509 extensions	2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard	d681443f69	Fix potential stack overflow	2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard	b134060f90	Fix memory leak with crafted X.509 certs	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	0369a5291b	Fix uninitialised pointer dereference	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	e959979621	Fix ECDSA sign buffer size	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	b31b61b9e8	Fix potential undefined behaviour in Camellia	2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard	7c13d69cb5	Fix dependency issues	2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard	a1efcb084f	Implement pk_check_pair() for RSA-alt	2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard	27e3edbe2c	Check key/cert pair in ssl_set_own_cert()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	70bdadf54b	Add pk_check_pair()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	30668d688d	Add ecp_check_pub_priv()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	2f8d1f9fc3	Add rsa_check_pub_priv()	2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard	e10e06d863	Blind RSA operations even without CRT	2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard	d056ce0e3e	Use seq_num as AEAD nonce by default	2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard	f9d778d635	Merge branch 'etm' into dtls ... * etm: Fix warning in reduced config Update Changelog for EtM Keep EtM state across renegotiations Adjust minimum length for EtM Don't send back EtM extension if not using CBC Fix for the RFC erratum Implement EtM Preparation for EtM Implement initial negotiation of EtM Conflicts: include/polarssl/check_config.h	2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard	56d985d0a6	Merge branch 'session-hash' into dtls ... * session-hash: Update Changelog for session-hash Make session-hash depend on TLS versions Forbid extended master secret with SSLv3 compat.sh: allow git version of gnutls compat.sh: make options a bit more robust Implement extended master secret Add negotiation of Extended Master Secret Conflicts: include/polarssl/check_config.h programs/ssl/ssl_server2.c	2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard	9d7821d774	Fix warning in reduced config	2014-11-06 01:19:52 +01:00
Manuel Pégourié-Gonnard	fedba98ede	Merge branch 'fb-scsv' into dtls ... * fb-scsv: Update Changelog for FALLBACK_SCSV Implement FALLBACK_SCSV server-side Implement FALLBACK_SCSV client-side	2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard	1a03473576	Keep EtM state across renegotiations	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	b575b54cb9	Forbid extended master secret with SSLv3	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	169dd6a514	Adjust minimum length for EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	78e745fc0a	Don't send back EtM extension if not using CBC	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	08558e5b46	Fix for the RFC erratum	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	313d796e80	Implement EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	0098e7dc70	Preparation for EtM	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	699cafaea2	Implement initial negotiation of EtM ... Not implemented yet: - actually using EtM - conditions on renegotiation	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	01b2699198	Implement FALLBACK_SCSV server-side	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	ada3030485	Implement extended master secret	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	1cbd39dbeb	Implement FALLBACK_SCSV client-side	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	367381fddd	Add negotiation of Extended Master Secret ... (But not the actual thing yet.)	2014-11-05 16:00:49 +01:00
Paul Bakker	f2a459df05	Preparation for PolarSSL 1.4.0	2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard	6b875fc7e5	Fix potential memory leak (from clang-analyzer)	2014-10-21 16:33:00 +02:00
Manuel Pégourié-Gonnard	df3acd82e2	Limit HelloRequest retransmission if not enforced	2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard	26a4cf63ec	Add retransmission of HelloRequest	2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard	74a1378175	Avoid false positive in ssl-opt.sh with memcheck	2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard	8e704f0f74	DTLS depends on TIMING_C for now	2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard	b0643d152d	Add ssl_set_dtls_badmac_limit()	2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard	9b35f18f66	Add ssl_get_record_expansion()	2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard	37e08e1689	Fix max_fragment_length with DTLS	2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard	23cad339c4	Fail cleanly on unhandled case	2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard	fc572dd4f6	Retransmit only on last message from prev flight ... Be a good network citizen, try to avoid causing congestion by causing a retransmission explosion.	2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard	8a7cf2543a	Add a few #ifdefs	2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard	ba958b8bdc	Add test for server-initiated renego ... Just assuming the HelloRequest isn't lost for now	2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard	46fb942046	Fix warning about function that should be static	2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard	f1e9b09a0c	Fix missing #ifdef's	2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard	4e2f245752	Fix timer issues ... - timer not firing when constantly receiving bad messages - timer not reset on failed reads - timer incorrectly restarted on resend during read	2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard	df9a0a8460	Drop unexpected ApplicationData ... This is likely to happen on resumption if client speaks first at the application level.	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	6b65141718	Implement ssl_read() timeout (DTLS only for now)	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	2707430a4d	Fix types and comments about read_timeout	2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard	6c1fa3a184	Fix misplaced initialisation of timeout	2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard	c8d8e97cbd	Move to milliseconds in recv_timeout()	2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard	905dd2425c	Add ssl_set_handshake_timeout()	2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard	0ac247fd88	Implement timeout back-off (fixed range for now)	2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard	579950c2bb	Fix bug with non-blocking I/O and cookies	2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard	7de3c9eecb	Count timeout per flight, not per message	2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard	db2858ce96	Preparation for timers ... Currently directly using timing.c, plan to use callbacks later to loosen coupling, but first just get things working.	2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard	08a1d4bce1	Fix bug with client auth with DTLS	2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard	23b7b703aa	Fix issue with renego & resend	2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard	f03c7aa469	Add replay detection in parse_client_hello()	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	2739313cea	Make anti-replay a runtime option	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	8464a46b6b	Make DTLS_ANTI_REPLAY depends on PROTO_DTLS	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	246c13a05f	Fix epoch checking	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	b47368a00a	Add replay detection	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	4956fd7437	Test and fix anti-replay functions	2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard	7a7e140d4e	Add functions for replay protection	2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard	ea22ce577e	Rm unneeded counter increment with DTLS	2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard	abf16240dd	Add ability to resend last flight	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	cd32a50d67	Fix NewSesssionTicket vs ChangeCipherSpec bug ... Since we were cheating on state, ssl_read_record() wasn't able to drop out-of-sequence ChangeCipherSpec messages. Cheat a bit less.	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	767c69561b	Drop out-of-sequence ChangeCipherSpec messages	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	93017de47e	Minor optim: don't resend on duplicated HVR	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	c715aed744	Fix epoch swapping	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	6a2bdfaf73	Actually resend flights	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	5d8ba53ace	Expand and fix resend infrastructure	2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard	ffa67be698	Infrastructure for buffering & resending flights	2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard	9d9b003a9a	Add net_recv_timeout()	2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard	8fa6dfd560	Introduce f_recv_timeout callback	2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard	e6bdc4497c	Merge I/O contexts into one	2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard	f4acfe1808	Document previous API changes in this branch	2014-10-21 16:32:23 +02:00
Manuel Pégourié-Gonnard	d92d6a1b5b	ssl_parse_server_key_exchange() cleanups	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	5ee96546de	Add length checks in parse_certificate_verify()	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	72226214b1	Merge checks in ssl_parse_certificate_verify()	2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard	ca6440b246	Small cleanups in parse_finished()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	624bcb5260	No memmove: done, rm temporary things	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	000d5aec13	No memmove: parse_new_session_ticket()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	0b3400dafa	No memmove: ssl_parse_server_hello()	2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard	069eb79043	No memmove: ssl_parse_hello_verify_request()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	04c1b4ece1	No memmove: certificate_request + server_hello_done	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	f4830b5092	No memmove: ssl_parse_server_key_exchange()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	4528f3f5c0	No memmove: parse_certificate_verify()	2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard	2114d724dc	No memmove: ssl_parse_client_key_exchange()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	f49a7daa1a	No memmove: ssl_parse_certificate()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	4abc32734e	No memmove: ssl_parse_finished()	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	f899583f94	Prepare moving away from memmove() on incoming HS	2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard	4a1753657c	Fix missing return in error check	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	19d438f4ff	Get rid of memmove for DTLS in parse_client_hello()	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	63eca930d7	Drop invalid records with DTLS	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	167a37632d	Split two functions out of ssl_read_record()	2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard	990f9e428a	Handle late handshake messages gracefully	2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard	60ca5afaec	Drop records from wrong epoch	2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard	1aa586e41d	Check handshake message_seq field	2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard	9d1d7196e4	Check length before reading handshake header	2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard	d9ba0d96b6	Prepare for checking incoming handshake seqnum	2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard	ac03052f22	Fix segfault with some very short fragments	2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard	64dffc5d14	Make handshake reassembly work with openssl	2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard	502bf30fb5	Handle reassembly of handshake messages ... Works only with GnuTLS for now, OpenSSL packs other records in the same datagram after the last fragmented one, which we don't handle yet. Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with valgrind that gnutls-serv retransmits some messages, and we don't handle duplicated messages yet.	2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard	ed79a4bb14	Prepare for DTLS handshake reassembly	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	edcbe549fd	Reorder checks in ssl_read_record	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	0557bd5fa4	Fix message_seq with server-initiated renego	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	c392b240c4	Fix server-initiated renegotiation with DTLS	2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard	30d16eb429	Fix client-initiated renegotiation with DTLS	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	b35fe5638a	Fix HelloVerifyRequest version handling	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	562eb787ec	Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	bef8f09899	Make cookie timeout configurable	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	e90308178f	Add timestamp/serial to cookies, with timeout	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	445a1ec6cd	Change internal names	2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard	29ad7e8fc0	Add check for missing ssl_set_client_transport_id()	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	a64acd4f84	Add separate SSL_COOKIE_C define	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	7d38d215b1	Allow disabling HelloVerifyRequest	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	e4de06145a	Fix cookie context usage	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	232edd46be	Move cookie callbacks implementation to own module	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	d485d194f9	Move to a callback interface for DTLS cookies	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	d7f9bc5091	Refactor cookie to prepare for external callbacks ... Also adds flexibility to the verification process.	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	82202f0a9c	Make DTLS_HELLO_VERIFY a compile option	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	98545f128a	Generate random key for HelloVerifyRequest	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	dd3cdb0fbc	Start using client IP in HelloVerifyRequest ... Dummy fixed key for now.	2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard	43c021874d	Add ssl_set_client_transport_id()	2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard	fb2d22371f	Reuse random when responding to a verify request	2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard	b760f001d7	Extract generate client random to a function	2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard	2c9ee81f6e	Start adding srv support for hello verify request ... Dummy fixed content for now. Also, seems to be a race condition in the way the socket is closed and reopened, leading to a few "random" failures in compat.sh. A fix is planned for later.	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	a0e1632b79	Do not use compression with DTLS	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	5d53cbef3a	Fix length check in ssl_write_ticket()	2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard	879a4f9623	Abort on DTLS epoch wrap	2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard	805e2300af	Fix error message and return code	2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard	67427c07b2	Fix checksum computation with HelloVerifyRequest	2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard	74848811b4	Implement HelloVerifyRequest on client	2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard	b2f3be8757	Support multiple records in one datagram	2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard	34c1011b3d	Fix a few warnings in reduced configs	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	fe98aceb70	Adapt ssl_fetch_input() for UDP	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	f5a1312eaa	Add UDP support to the NET module	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	d6b721c7ee	More ssl_parse_client_hello() adjustments	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	4128aa71ee	Add the 'cookie' field of DTLS ClientHello	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	8933a65d5c	Rework ssl_parse_client_hello() a bit ... - make it more linear - check lengths better - prepare for optional "cookie" field	2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard	e89bcf05da	Write new DTLS handshake fields correctly	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	ce441b3442	Add space for new DTLS fields in handshake	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	a59543af30	Minor refactoring in ssl_read_record()	2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard	f302fb52e1	Fix hmac computation for DTLS	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	5afb167e2c	Implement DTLS epochs	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	0619348288	Add explicit counter in DTLS record header	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	507e1e410a	Prep: allow {in,out}_len != {in,out}_hdr + 3	2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard	7ee6f0e6e5	Preparation: allow {in,out}_ctr != {in,out}_buf	2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard	abc7e3b4ba	Handle DTLS version encoding and fix some checks	2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard	864a81fdc0	More ssl_set_XXX() functions can return BAD_INPUT	2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard	b21ca2a69f	Adapt version-handling functions to DTLS	2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard	d66645130c	Add a ciphersuite NODTLS flag	2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard	0b1ff29328	Add basic flags for DTLS	2014-10-21 16:30:03 +02:00
Paul Bakker	82788fb63b	Fix minor style issues	2014-10-20 13:59:19 +02:00
Paul Bakker	9eac4f7c4e	Prepare for release 1.3.9	2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard	f7cdbc0e87	Fix potential bad read of length	2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard	ef9a6aec51	Allow comparing name with mismatched encodings	2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard	88421246d8	Rename a function	2014-10-17 12:42:30 +02:00
Manuel Pégourié-Gonnard	43c3b28ca6	Fix memory leak with crafted ClientHello	2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard	5d8618539f	Fix memory leak while parsing some X.509 certs	2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard	64938c63f0	Accept spaces at end of line/buffer in base64	2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard	7f4ed67a97	Fix compile error with armcc in mpi_is_prime()	2014-10-15 22:06:46 +02:00
Paul Bakker	5a5fa92bfe	x509_crt_parse() did not increase total_failed on PEM error ... Result was that PEM errors in files with multiple certificates were not detectable by the user.	2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard	480905d563	Fix selection of hash from sig_alg ClientHello ext.	2014-08-30 14:19:59 +02:00
Sander Niemeijer	ef5087d150	Added explicit casts to prevent compiler warnings when trying to build for iOS	2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard	8ef7088bb9	Use polarssl_zeroize() in asn1parse too	2014-08-21 18:15:09 +02:00
Peter Vaskovic	a676acf66b	Fix missing curly braces.	2014-08-21 17:56:25 +02:00
Manuel Pégourié-Gonnard	a13500fdf7	Fix bug with ssl_close_notify and non-blocking I/O	2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard	44ade654c5	Implement (partial) renego delay on client	2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard	f07f421759	Fix server-initiated renego with non-blocking I/O	2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard	6591962f06	Allow delay on renego on client ... Currently unbounded: will be fixed later	2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard	f26a1e8602	ssl_read() stops returning non-application data	2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard	55e4ff2ace	Tune comments	2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard	462906f955	Do no test net_usleep() when not defined	2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard	192253aaa9	Fix buffer size in pk_write_*_pem()	2014-08-14 11:34:35 +02:00
Alfred Klomp	b308dd72d9	timing.c: avoid referencing garbage value ... Found with Clang's `scan-build` tool. When get_timer() is called with `reset` set to 1, the value of t->start.tv_sec is used as a rvalue without being initialized first. This is relatively harmless because the result of get_timer() is not used by the callers when called in "reset mode". However, scan-build prints a warning. Silence the warning by only calculating the delta on non-reset runs, returning zero otherwise.	2014-08-14 11:34:35 +02:00
Alfred Klomp	7ee55624fb	gcm.c: remove dead store ... Found with Clang's `scan-build` tool. The value written to `hi` is never used, resulting in a warning. Remove the dead store to get rid of the warning.	2014-08-14 11:34:35 +02:00
Alfred Klomp	1b4eda3af9	pkcs5.c: fix dead store: return proper exit status ... Found with Clang's `scan-build` tool. The error value assigned to `ret` is not returned, meaning that the selftest always succeeds. Ensure the error value is propagated back to the caller.	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	8d77eeeaf6	Fix integer suffix rejected by some MSVC versions	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	9a6b442cee	Fix non-blocking sockets in net_accept()	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	a04fa4fa04	RSA-PSK key exchange requires TLS 1.x ... It's not clear if, with SSL3, one should include send the two length bytes for EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	8d4ad07706	SHA-2 ciphersuites now require TLS 1.x	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	2fbf311391	Fix dependency issue in memory_buffer_alloc	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	97884a31cb	Fix printf format warnings in memory_buffer_alloc	2014-08-14 11:34:33 +02:00
Manuel Pégourié-Gonnard	86bbc7fc30	Fix typo causing compile error with NULL cipher	2014-08-14 11:34:33 +02:00
Paul Bakker	8dcb2d7d7e	Support escaping of commas in x509_string_to_names()	2014-08-11 11:59:52 +02:00
Paul Bakker	21e081b068	Prevent (incorrect) compiler warning	2014-07-24 10:38:01 +02:00
Paul Bakker	6c343d7d9a	Fix mpi_write_string() to write "00" as hex output for empty MPI	2014-07-10 15:27:10 +02:00
Paul Bakker	5b11d026cd	Fix dependencies and includes without FS_IO and PLATFORM_C	2014-07-10 15:27:10 +02:00
Manuel Pégourié-Gonnard	b196fc23b1	Fix dhm_selftest() return value	2014-07-09 16:53:29 +02:00
Paul Bakker	968afaa06f	ssl_key_cert not available in all configurations	2014-07-09 11:34:48 +02:00
Paul Bakker	ec3a617d40	Make ready for release of 1.3.8 and soversion 7	2014-07-09 10:21:28 +02:00
Paul Bakker	84bbeb58df	Adapt cipher and MD layer with _init() and _free()	2014-07-09 10:19:24 +02:00
Paul Bakker	accaffe2c3	Restructure ssl_handshake_init() and small fixes	2014-07-09 10:19:24 +02:00
Paul Bakker	a317a98221	Adapt programs / test suites	2014-07-09 10:19:24 +02:00
Paul Bakker	8f870b047c	Add dhm_init()	2014-07-09 10:19:23 +02:00
Paul Bakker	fff0366bba	Add ctr_drbg_free()	2014-07-09 10:19:23 +02:00
Paul Bakker	5b4af39a36	Add _init() and _free() for hash modules	2014-07-09 10:19:23 +02:00
Paul Bakker	c7ea99af4f	Add _init() and _free() for cipher modules	2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard	d27680bd5e	Clarify code using PSK callback	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	0698f7c21a	Rm duplicate entry in oid_md_alg	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	14beb08542	Fix missing const	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	ba782bbc4b	Save some space in ECP curve tables	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	67dbe1ef44	Better length checking in ecp_point_read_binary()	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	08e81e0c8f	Change selection of hash algorithm for TLS 1.2	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	bd77254b18	md_list() starting with strongest hash	2014-07-08 13:03:02 +02:00
Paul Bakker	8fb99abaac	Merge changes for leaner memory footprint	2014-07-04 15:02:19 +02:00
Paul Bakker	b9e08b086b	Merge server-side enforced renegotiation requests	2014-07-04 15:01:37 +02:00
Paul Bakker	d598318661	Fix base64_decode() to return and check length correctly	2014-07-04 15:01:00 +02:00
Manuel Pégourié-Gonnard	481fcfde93	Make PSK_LEN configurable and adjust PMS size	2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard	dfc7df0bec	Add SSL_CIPHERSUITES config option	2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard	a9964dbcd5	Add ssl_set_renegotiation_enforced()	2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard	791684c058	Save RAM when only a few ciphersuites are defined	2014-06-30 19:07:01 +02:00
Manuel Pégourié-Gonnard	31855456f9	Fix clang's check mode again	2014-06-25 15:59:50 +02:00
Manuel Pégourié-Gonnard	bee8ded03a	Fix warning depending on configuration	2014-06-25 12:22:59 +02:00
Manuel Pégourié-Gonnard	01edb1044c	Add POLARSSL_REMOVE_RC4_CIPHERSUITES	2014-06-25 11:27:59 +02:00
Paul Bakker	2a45d1c8bb	Merge changes to config examples and configuration issues	2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard	dd0c0f33c0	Better usage of dhm_calc_secret in SSL	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	8df68632e8	Fix bug in DHE-PSK PMS computation	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	5c1f032653	Abort handshake if no point format in common	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	fd35af1579	Fix off-by-one error in point format parsing	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	87a8ffeaba	Padlock asm using \n\t too	2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard	0534fd4c1a	Change asm format to \n\t in aesni.c too	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	03576887c2	Remove misplaced debugging message	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	42b5374523	Switch CCM and GCM in default suite order ... The upcoming BCP document recommends GCM as the default.	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	d249b7ab9a	Restore ability to trust non-CA selfsigned EE cert	2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard	c4eff16516	Restore ability to use v1 CA if trusted locally	2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard	eaa76f7e20	Fix computation of minlen for encrypted packets	2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard	e800cd81d7	Re-arrange some code in ssl_derive_keys()	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	b46e6adb9c	Check input lengths in GCM	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	0bcc4e1df7	Fix length checking for AEAD ciphersuites	2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard	66e20c6318	Fix warning and typo->error.	2014-06-24 17:47:40 +02:00
Manuel Pégourié-Gonnard	ac2ccf897c	Fix CCM ciphersuites definition: PSK <-> DHE-PSK!	2014-06-24 15:48:01 +02:00
Manuel Pégourié-Gonnard	8f625632bb	Fix dependencies: GCM != AEAD != CCM	2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard	5bfd968e01	Fix warning with TLS 1.2 without RSA or ECDSA	2014-06-24 15:18:11 +02:00
Paul Bakker	1c98ff96b5	Merge more test improvements and tests ... Conflicts: tests/suites/test_suite_cipher.blowfish.data	2014-06-24 11:12:00 +02:00
Paul Bakker	91c301abbe	Zeroize values in PKCS#12 operations	2014-06-24 11:09:39 +02:00
Manuel Pégourié-Gonnard	398c57b0b3	Blowfish accepts variable key len in cipher layer	2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard	f3b47243df	Split x509_csr_parse_der() out of x509_csr_parse()	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	4d2a8eb6ff	SSL modules now using x509_crt_parse_der() ... Avoid uselessly trying to decode PEM.	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	b912616081	Rm unused functions in cipher_wrap ... You can't initialise a context with DES_CFB or DES_CTR.	2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard	1c082f34f3	Update description and references for X.509 files	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	edc3ab20e2	Small cleanup: less side-effects ... pkcs5_parse_pbkdf2_params() used to modify params.p, which does not look clean, even if the function is static and params.p isn't use afterwards.	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	90dac90f53	Small code simplification in pkcs5_pbes2()	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	66aca931bc	Add tests for pkcs5_pbes2	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	2a8afa98e2	pkcs5_self_test depends on SHA1	2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard	f3e5c22f4d	Refactor x509_string_to_names(): data in a table	2014-06-23 11:52:58 +02:00
Manuel Pégourié-Gonnard	81754a0c35	Create a 'flags' field in cipher_info	2014-06-23 11:33:18 +02:00
Paul Bakker	66d5d076f7	Fix formatting in various code to match spacing from coding style	2014-06-17 17:06:47 +02:00
Paul Bakker	db20c10423	Add #endif comments for #endif more than 10 lines from #if / #else	2014-06-17 14:34:44 +02:00
Paul Bakker	d8bb82665e	Fix code styling for return statements	2014-06-17 14:06:49 +02:00
Paul Bakker	3461772559	Introduce polarssl_zeroize() instead of memset() for zeroization	2014-06-14 16:46:03 +02:00
Paul Bakker	14877e6250	Remove unused 'ret' variable	2014-06-12 23:01:18 +02:00
Paul Bakker	c2ff2083ee	Merge parsing and verification of RSASSA-PSS in X.509 modules	2014-06-12 22:02:47 +02:00
Paul Bakker	508e573231	Merge tests for asn1write, XTEA and Entropy modules	2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard	3ac6a2b9a7	Same as previous commit with Camellia	2014-06-12 21:16:02 +02:00
Manuel Pégourié-Gonnard	afd5a08e33	Minor tune-up in aes code ... un-duplicate a check, and remove useless default case, mainly so that these lines don't appear as uncovered	2014-06-12 21:15:55 +02:00
Manuel Pégourié-Gonnard	e1ac0f8c5d	Add back timing selftest with new hardclock test	2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard	7792198a46	Normalize some error messages	2014-06-12 21:15:44 +02:00
Manuel Pégourié-Gonnard	4dd73925ab	Add entropy_self_test()	2014-06-10 15:38:43 +02:00
Paul Bakker	d6917f0eb3	Add LINK_WITH_PTHREAD to CMakeList for explicitly adding pthread linking	2014-06-09 23:46:41 +02:00
Manuel Pégourié-Gonnard	d1539b1e88	Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT	2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard	88aa6e0b58	Fix potential memory leak in RSASSA-PSS verify	2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard	0eaa8beb36	Fix signedness warning	2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard	53882023e7	Also verify CRLs signed with RSASSA-PSS	2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard	46db4b070c	Use pk_verify_ext() in x509_crt.c	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	bf696d030b	Make sig_opts non-optional in X509 structures ... This simplifies the code.	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	dddbb1d1eb	Rm sig_params from various X509 structures	2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard	9113603b6b	Use sig_opts in x509_sig_alg_gets()	2014-06-05 15:41:39 +02:00
Manuel Pégourié-Gonnard	f75f2f7c46	Add sig_opts member to X509 structures	2014-06-05 15:14:59 +02:00
Manuel Pégourié-Gonnard	20422e9a3a	Add pk_verify_ext()	2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard	5ec628a2b9	Add rsa_rsassa_pss_verify_ext()	2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard	920e1cd5e2	Add basic PSS cert verification ... Still todo: - handle MGF-hash != sign-hash - check effective salt len == announced salt len - add support in the PK layer so that we don't have to bypass it here	2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard	e6d1d82b66	Relax checks on RSA mode for public key operations	2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard	78117d57b0	Consider trailerField a constant	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	cac31eed9e	Factor common code for printing sig_alg	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	cf975a3857	Factor out some common code	2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard	39868ee301	Parse CSRs signed with RSASSA-PSS	2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard	8e42ff6bde	Parse CRLs signed with RSASSA-PSS	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	9df5c96214	Fix dependencies	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	9c9cf5b51e	More checks for length match in rsassa-pss params	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	e76b750b69	Finish parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	f346bab139	Start parsing RSASSA-PSS parameters	2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard	59a75d5b9d	Basic parsing of certs signed with RSASSA-PSS	2014-06-02 16:10:29 +02:00
Peter Vaskovic	7015de7e67	Fix WSAStartup return value check. ... SOCKET_ERROR was not a valid return value. WSAStartup returns 0 on success, so check that instead.	2014-05-28 11:40:51 +02:00
Paul Bakker	14b16c62e9	Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker) ... Move strlen out of for loop. Remove redundant null checks before free.	2014-05-28 11:34:33 +02:00
Peter Vaskovic	8ebfe084ab	Fix minor format string inconsistency.	2014-05-28 11:12:51 +02:00
Peter Vaskovic	c2bbac968b	Fix misplaced parenthesis.	2014-05-28 11:06:31 +02:00
Peter Vaskovic	541529e770	Remove unused arrays.	2014-05-28 11:04:48 +02:00
Paul Bakker	b5212b436f	Merge CCM cipher mode and ciphersuites ... Conflicts: library/ssl_tls.c	2014-05-22 15:30:31 +02:00
Paul Bakker	0f651c7422	Stricter check on SSL ClientHello internal sizes compared to actual packet size	2014-05-22 15:12:19 +02:00
Brian White	12895d15f8	Fix less-than-zero checks on unsigned numbers	2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard	82a5de7bf7	Enforce alignment even if buffer is not aligned	2014-05-22 13:52:49 +02:00
Manuel Pégourié-Gonnard	fe671f4aeb	Add markers around generated code in error.c	2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard	8ff17c544c	Add missing DEBUG_RET on cipher failures	2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard	61edffef28	Normalize "should never happen" messages/errors	2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard	2e5ee32033	Implement CCM and CCM_8 ciphersuites	2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard	5efd772ef0	Small readability improvement	2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard	6768da9438	Register CCM ciphersuites (not implemented yet)	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	41936957b3	Add AES-CCM and CAMELLIA-CCM to the cipher layer	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	de7bb44004	Use cipher_auth_{en,de}crypt() in ssl_tls.c	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	4562ffe2e6	Add cipher_auth_{en,de}crypt()	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	8764d271fa	Use cipher_crypt() in ssl_tls.c	2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard	3c1d150b3d	Add cipher_crypt()	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	0f6b66dba1	CCM operations allow input == output	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	aed6065793	CCM source cosmetics/tune-ups ... - source a bit shorter - generated code slightly smaller - preserving performance	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	ce77d55023	Implement ccm_auth_decrypt()	2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard	002323340a	Refactor to prepare for CCM decryption	2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard	637eb3d31d	Add ccm_encrypt_and_tag()	2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard	9fe0d13e8d	Add ccm_init/free()	2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard	a6916fada8	Add (placeholder) CCM module	2014-05-06 11:28:09 +02:00
Paul Bakker	5593f7caae	Fix typo in debug_print_msg()	2014-05-06 10:29:28 +02:00
Paul Bakker	da13016d84	Prepped for 1.3.7 release	2014-05-01 14:27:19 +02:00
Paul Bakker	c37b0ac4b2	Fix typo in bignum.c	2014-05-01 14:19:23 +02:00
Paul Bakker	b9e4e2c97a	Fix formatting: fix some 'easy' > 80 length lines	2014-05-01 14:18:25 +02:00
Paul Bakker	9af723cee7	Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)	2014-05-01 13:03:14 +02:00
Paul Bakker	c3f89aa26c	Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result)	2014-05-01 10:56:03 +02:00
Paul Bakker	9bb04b6389	Removed redundant code in mpi_fill_random()	2014-05-01 09:47:02 +02:00
Paul Bakker	2ca1dc8958	Updated error.c and version_features.c based on changes	2014-05-01 09:46:38 +02:00
Markus Pfeiffer	a26a005acf	Make compilation on DragonFly work	2014-04-30 16:52:28 +02:00
Paul Bakker	2a024ac86a	Merge dependency fixes	2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard	cef4ad2509	Adapt sources to configurable config.h name	2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard	c16f4e1f78	Move RC4 ciphersuites down the list	2014-04-30 16:27:06 +02:00
Paul Bakker	8eab8d368b	Merge more portable AES-NI	2014-04-30 16:21:08 +02:00
Paul Bakker	33dc46b080	Fix bug with mpi_fill_random() on big-endian	2014-04-30 16:20:39 +02:00
Paul Bakker	f96f7b607a	On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings	2014-04-30 16:02:38 +02:00
Paul Bakker	6384440b13	Better support for the different Attribute Types from IETF PKIX (RFC 5280)	2014-04-30 15:34:12 +02:00
Paul Bakker	1a1fbba1ae	Sanity length checks in ssl_read_record() and ssl_fetch_input() ... Both are already covered in other places, but not in a clear fashion. So for instance Coverity thinks the value is still tainted.	2014-04-30 14:48:51 +02:00
Paul Bakker	24f37ccaed	rsa_check_pubkey() now allows an E up to N	2014-04-30 13:43:51 +02:00
Paul Bakker	0f90d7d2b5	version_check_feature() added to check for compile-time options at run-time	2014-04-30 11:49:44 +02:00
Paul Bakker	a70366317d	Improve interop by not writing ext_len in ClientHello / ServerHello when 0 ... The RFC also indicates that without any extensions, we should write a struct {} (empty) not an array of length zero.	2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard	3d41370645	Fix hash dependencies in X.509 tests	2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard	3a306b9067	Fix misplaced #endif in ssl_tls.c	2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard	b1fd397be6	Adapt AES-NI code to "old" binutil versions	2014-04-26 17:17:31 +02:00
Paul Bakker	c73079a78c	Add debug_set_threshold() and thresholding of messages	2014-04-25 16:58:16 +02:00
Paul Bakker	92478c37a6	Debug module only outputs full lines instead of parts	2014-04-25 16:58:15 +02:00
Paul Bakker	eaebbd5eaa	debug_set_log_mode() added to determine raw or full logging	2014-04-25 16:58:14 +02:00
Paul Bakker	61885c7f7f	Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites ... In case full SSL frames arrived, they were rejected because an overly strict padding check.	2014-04-25 12:59:51 +02:00
Paul Bakker	4ffcd2f9c3	Typo in PKCS#11 module	2014-04-25 11:44:12 +02:00
Paul Bakker	10a9dd35ea	Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c	2014-04-25 11:27:16 +02:00
Paul Bakker	0767e67d17	Add support for 'emailAddress' to x509_string_to_names()	2014-04-18 14:11:37 +02:00
Paul Bakker	c70e425a73	Only iterate over actual certificates in ssl_write_certificate_request()	2014-04-18 13:50:19 +02:00
Paul Bakker	f4cf80b86f	Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code	2014-04-17 17:24:29 +02:00
Paul Bakker	4f42c11846	Remove arbitrary maximum length for cipher_list and content length	2014-04-17 15:37:39 +02:00
Paul Bakker	d893aef867	Force default value to curve parameter	2014-04-17 14:45:34 +02:00
Paul Bakker	93389cc620	Remove const indicator	2014-04-17 14:44:38 +02:00
Paul Bakker	874bd64b28	Check setsockopt() return value in net_bind()	2014-04-17 12:43:05 +02:00
Paul Bakker	3d8fb63e11	Added missing MPI_CHK around mpi functions	2014-04-17 12:42:41 +02:00
Paul Bakker	a9c16d2825	Removed unused cur variable in x509_string_to_names()	2014-04-17 12:42:18 +02:00
Paul Bakker	0e4f9115dc	Fix iteration counter	2014-04-17 12:39:05 +02:00
Paul Bakker	784b04ff9a	Prepared for version 1.3.6	2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard	9655e4597a	Reject certificates with times not in UTC	2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard	0776a43788	Use UTC to heck certificate validity	2014-04-11 13:59:31 +02:00
Paul Bakker	52c5af7d2d	Merge support for verifying the extendedKeyUsage extension in X.509	2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard	78848375c0	Declare EC constants as 'const'	2014-04-11 13:58:41 +02:00
Paul Bakker	1630058dde	Potential buffer overwrite in pem_write_buffer() fixed ... Length indication when given a too small buffer was off. Added regression test in test_suite_pem to detect this.	2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard	0408fd1fbb	Add extendedKeyUsage checking in SSL modules	2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard	7afb8a0dca	Add x509_crt_check_extended_key_usage()	2014-04-11 11:09:00 +02:00
Paul Bakker	d6ad8e949b	Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C	2014-04-09 17:24:14 +02:00
Paul Bakker	a77de8c841	Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off	2014-04-09 16:39:35 +02:00
Paul Bakker	043a2e26d0	Merge verification of the keyUsage extension in X.509 certificates	2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard	a9db85df73	Add tests for keyUsage with client auth	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	490047cc44	Code cosmetics	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	312010e6e9	Factor common parent checking code	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	f93a3c4335	Check the CA bit on trusted CAs too	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	99d4f19111	Add keyUsage checking for CAs	2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard	3fed0b3264	Factor some common code in x509_verify{,_child}	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	7f2a07d7b2	Check keyUsage in SSL client and server	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	603116c570	Add x509_crt_check_key_usage()	2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard	2abed84225	Specific return code for PK sig length mismatch	2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard	35e95ddca4	Add special return code for ecdsa length mismatch	2014-04-09 15:49:59 +02:00
Paul Bakker	ddd427a8fc	Fixed spacing in entropy_gather()	2014-04-09 15:49:57 +02:00
Paul Bakker	75342a65e4	Fixed typos in code	2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard	0f79babd4b	Disable timing_selftest() for now	2014-04-09 15:49:51 +02:00
Paul Bakker	17b85cbd69	Merged additional tests and improved code coverage ... Conflicts: ChangeLog	2014-04-08 14:38:48 +02:00
Paul Bakker	0763a401a7	Merged support for the ALPN extension	2014-04-08 14:37:12 +02:00
Paul Bakker	4224bc0a4f	Prevent potential NULL pointer dereference in ssl_read_record()	2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard	8c045ef8e4	Fix embarrassing X.509 bug introduced in 9533765	2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard	f6521de17b	Add ALPN tests to ssl-opt.sh ... Only self-op for now, required peer versions are a bit high: - OpenSSL 1.0.2-beta - GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)	2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard	89e35798ae	Implement ALPN server-side	2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard	0b874dc580	Implement ALPN client-side	2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard	0148875cfc	Add tests and fix bugs for RSA-alt contexts	2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard	7e250d4812	Add ALPN interface	2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard	79e58421be	Also test net_usleep in timing_selttest()	2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard	3fec220a33	Add test for dhm_parse_dhmfile	2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard	7afdb88216	Test and fix x509_oid functions	2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard	d6aebe108a	Add 'volatile' to hardclock()'s asm ... Prevents calls from being optimised away in timing_self_test(). (Should no be a problem for calls from other files.)	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	13a1ef8600	Misc selftest adjustements	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	470fc935b5	Add timing_self_test() with consistency tests	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	487588d0bf	Whitespace fixes	2014-04-04 16:33:01 +02:00
Paul Bakker	e4205dc50a	Merged printing of X509 extensions	2014-04-04 15:36:10 +02:00
Paul Bakker	5ff3f9134b	Small fix for EFI build under Windows in x509_crt.c	2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard	0db29b05b5	More compact code using macros	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	7b30cfc5b0	x509_crt_info() list output cosmectics	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	f6f4ab40d3	Print extended key usage in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	65c2ddc318	Print key_usage in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	bce2b30855	Print subject alt name in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	919f8f5829	Print NS Cert Type in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	b28487db1f	Start printing extensions in x509_crt_info()	2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard	74bc68ac62	Fix default #define for malloc/free	2014-04-02 13:20:00 +02:00
Paul Bakker	75a2860f26	Potential memory leak in mpi_exp_mod() when error occurs during ... calculation of RR.	2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard	dd75c3183b	Remove potential timing leak in ecdsa_sign()	2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard	5b8c409f53	Fix a warning (theoretical uninitialised variable)	2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard	969ccc6289	Fix length checking of various ClientKeyExchange's	2014-03-27 21:10:56 +01:00
Paul Bakker	96d5265315	Made ready for release 1.3.5	2014-03-26 16:55:50 +01:00
Paul Bakker	5fff23b92a	x509_get_current_time() uses localtime_r() to prevent thread issues	2014-03-26 15:34:54 +01:00
Paul Bakker	4c284c9141	Removed LCOV directives from code	2014-03-26 15:33:05 +01:00
Paul Bakker	77f4f39ea6	Make sure no random pointer occur during failed malloc()'s	2014-03-26 15:30:20 +01:00
Paul Bakker	db1f05985e	Add a check for buffer overflow to pkcs11_sign() ... pkcs11_sign() reuses *sig to store the header and hash, but those might be larger than the actual sig, causing a buffer overflow. An overflow can occur when using raw sigs with hashlen > siglen, or when the RSA key is less than 664 bits long (or less when using hashes shorter than SHA512) As siglen is always within the 'low realm' < 32k, an overflow of asnlen + hashlen is not possible.	2014-03-26 15:14:21 +01:00
Paul Bakker	91c61bc4fd	Further tightened the padlen check to prevent underflow / overflow	2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard	c042cf0013	Fix broken tests due to changed error code ... Introduced in 5246ee5c59	2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard	b2bf5a1bbb	Fix possible buffer overflow with PSK	2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard	fdddac90a6	Fix stupid bug in rsa_copy()	2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard	f84f799bcf	Tune debug_print_ret format	2014-03-26 12:58:46 +01:00
Paul Bakker	b13d3ffb80	Provide no info from entropy_func() on future entropy	2014-03-26 12:51:25 +01:00
Paul Bakker	66ff70dd48	Support for seed file writing and reading in Entropy	2014-03-26 11:58:07 +01:00
Paul Bakker	3f0be61a27	Merged support for parsing EC keys that use SpecifiedECDomain	2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard	9592485d0c	Fix some MSVC12 conversion warnings	2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard	3b6269aa08	Fix warnings on MinGW	2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard	6fac3515d0	Make support for SpecifiedECDomain optional	2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard	5246ee5c59	Work around compressed EC public key in some cases	2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard	eab20d2a9c	Implement parsing SpecifiedECParameters	2014-03-19 15:51:12 +01:00
Paul Bakker	6c1f69b879	MinGW32 static build should link to windows libs and libz	2014-03-17 15:11:13 +01:00
Paul Bakker	3d6504a935	ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr	2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard	2eea29238c	Make the compiler work-around more specific	2014-03-14 18:23:26 +01:00
Paul Bakker	a4b0343edf	Merged massive SSL Testing improvements	2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard	bb8661e006	Work around a compiler bug on OS X.	2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard	d701c9aec9	Fix memory leak in server with expired tickets	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	84c30c7e83	Fix memory leak in ssl_cache	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	145dfcbfc2	Fix bug with NewSessionTicket and non-blocking I/O	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	96ea2f2557	Add tests for SNI	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	8520dac292	Add tests for auth_mode	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	da6b4d3e8c	Change RSA embedded cert to a localhost cert	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	dfbf9c711d	Fix bug in m_sleep()	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	274a12e17c	Fix bug with ssl_cache and max_entries=0	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	f7c52014ec	Add basic tests for session resumption	2014-03-14 08:41:00 +01:00
hasufell	3c6409b066	CMake: allow to build both shared and static at once ... This allows for more fine-grained control. Possible combinations: * static off, shared on * static on, shared off * static on, shared on The static library is always called "libpolarssl.a" and is only used for linking of tests and internal programs if the shared lib is not being built. Default is: only build static lib.	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	9a6e93e7a4	Reserve -1 as an error code (used in programs)	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	844a4c0aef	Fix RSASSA-PSS example programs	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	83cdffc437	Forbid sequence number wrapping	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	3c599f11b0	Avoid possible segfault on bad server ciphersuite	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	9533765b25	Reject certs and CRLs from the future	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	6304f786e0	Add x509_time_future()	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	29dcc0b93c	Fix depend issues in test suites for cipher modes	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	1ec220b002	Add missing #ifdefs in aes.h	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	648656a628	Fix error code in dhm_selftest()	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	796c6f3aff	Countermeasure against "triple handshake" attack	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	fdf3f0e671	Avoid "unreachable code" warning	2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard	2a2ae642d8	Fix forgotten curves in #ifdef	2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard	6b1e207081	Fix verion-major intolerance	2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard	c9093085ed	Revert "Merged RSA-PSS support in Certificate, CSR and CRL" ... This reverts commit ab50d8d30c, reversing changes made to e31b1d992a.	2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard	6df09578bb	Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic" ... This reverts commit 9eae7aae80.	2014-02-12 09:29:05 +01:00
Paul Bakker	f2561b3f69	Ability to provide alternate timing implementation	2014-02-06 15:32:26 +01:00
Paul Bakker	47703a0a80	More entropy functions made thread-safe (add_source, update_manual, gather)	2014-02-06 15:01:20 +01:00
Paul Bakker	9eae7aae80	Mutex call in x509_crt.c depended on PTHREAD specific instead of generic ... threading	2014-02-06 14:51:53 +01:00
Paul Bakker	6a28e722c9	Merged platform compatibility layer	2014-02-06 13:44:19 +01:00
Paul Bakker	0910f32ee3	Fixed compile warning (in test-ref-configs)	2014-02-06 13:41:18 +01:00
Paul Bakker	119602bdde	Typo fix in memory_buffer_alloc.c	2014-02-06 13:20:19 +01:00
Paul Bakker	defc0ca337	Migrated the Memory layer to the Platform layer ... Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make sure current code will not break on new version.	2014-02-06 13:20:17 +01:00
Paul Bakker	7dc4c44267	Library files moved to use platform layer	2014-02-06 13:20:16 +01:00
Paul Bakker	747a83a0f7	Platform abstraction layer for memory, printf and fprintf	2014-02-06 13:15:25 +01:00
Paul Bakker	ab50d8d30c	Merged RSA-PSS support in Certificate, CSR and CRL	2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard	f07031aa98	debug_ecp: don't print Z, always 1	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	f6dc5e1d16	Remove temporary debug code	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	c3f6b62ccc	Print curve name instead of size in debugging ... Also refactor server-side curve selection	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	ab24010b54	Enforce our choice of allowed curves.	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	7f38ed0bfa	ssl_set_curves is no longer ECDHE only	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	cd49f76898	Make ssl_set_curves() work client-side too.	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	ac7194133e	Renamings and other fixes	2014-02-06 10:28:38 +01:00
Gergely Budai	e40c469ad3	The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	de05390c85	Rename ecdh_curve_list to curve_list	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	5de2580563	Make ssl_set_ecdh_curves() a compile-time option	2014-02-06 10:28:38 +01:00
Gergely Budai	987bfb510b	Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	fbf0915404	Fix bug in RSA PKCS#1 v1.5 "reversed" operations	2014-02-05 17:01:24 +01:00
Paul Bakker	5fb8efe71e	Merged HMAC-DRBG code	2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard	6e8e34d61e	Fix ecp_gen_keypair() ... Too few tries caused failures for some curves (esp. secp224k1)	2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard	b05db2a6aa	Save memory by not storing the HMAC key	2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard	cf38367f45	Fix HMAC_DRBG and RIPEMD160 error codes	2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard	446ee6618f	Add LCOV_EXCLUDE_LINE on some IO errors	2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard	b3b205e081	Clean up details in ctr_drbg_selftest()	2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard	79afaa0551	Add hmac_drbg_selftest()	2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard	48bc3e81da	Add hmac_drbg_{write,update}_seed_file()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	efc8d8078b	Use safer names for macros	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	6e897c2a59	Add more checks and references	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	d742a032f4	Use md_hmac_reset() when possible	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	658dbed080	Add automatic periodic reseeding	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	af786ff6cc	Add hmac_drbg_set_prediction_resistance()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	8fc484d1df	Add hmac_drbg_reseed()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	4e669c614d	Add hmac_drbg_set_entropy_len()	2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard	fe34a5fb83	Add entropy callbacks to HMAC_DRBG	2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard	8208d167da	Add hmac_random_with_add()	2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard	7845fc06c9	Use new HMAC_DRBG module for deterministic ECDSA	2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard	490bdf3928	Add minimalistic HMAC_DRBG implementation ... (copied from ECDSA)	2014-01-30 10:58:48 +01:00
Paul Bakker	2aca241425	Ready for release 1.3.4	2014-01-27 11:59:30 +01:00
Paul Bakker	42099c3155	Revert "Add pk_rsa_set_padding() and rsa_set_padding()" ... This reverts commit b4fae579e8. Conflicts: library/pk.c tests/suites/test_suite_pk.data tests/suites/test_suite_pk.function	2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard	27b93ade6e	Factor common code for printing sig_alg	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	5cac583482	Factor out some common code	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	41cae8e1f9	Parse CSRs signed with RSASSA-PSS	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	5eeb32b552	Parse CRLs signed with RSASSA-PSS	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	ce7c6fd433	Fix dependencies	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	b7de86d834	More checks for length match in rsassa-pss params	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	3c1e8b539c	Finish parsing RSASSA-PSS parameters	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	d9fd87be33	Start parsing RSASSA-PSS parameters	2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard	b1d4eb16e4	Basic parsing of certs signed with RSASSA-PSS	2014-01-25 12:48:58 +01:00
Paul Bakker	556efba51c	Added AES CFB8 mode	2014-01-24 15:38:12 +01:00
Paul Bakker	80025417eb	net_is_block() renamed to net_would_block() and corrected behaviour on ... non-blocking sockets net_would_block() now does not return 1 if the socket is blocking.	2014-01-23 21:00:57 +01:00
Paul Bakker	c2024f4592	Added MPI_CHK around unguarded mpi calls	2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard	8e205fc0bc	Fix potential buffer overflow in suported_curves_ext	2014-01-23 17:27:10 +01:00
Paul Bakker	9f3c7d7278	Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det()	2014-01-23 16:11:14 +01:00
Paul Bakker	18e9f3282b	Added missing static to md_info_by_size() in ecdsa.c	2014-01-23 16:08:38 +01:00
Paul Bakker	bf98c3dd11	Merged deterministic ECDSA ... Conflicts: library/ecdsa.c	2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard	dfab4c1193	Add forgotten #ifdef and depends_on	2014-01-22 16:01:06 +01:00
Paul Bakker	5862eee4ca	Merged RIPEMD-160 support	2014-01-22 14:18:34 +01:00
Paul Bakker	61b699ed1b	Renamed RMD160 to RIPEMD160	2014-01-22 14:17:31 +01:00
Paul Bakker	0ac99ca7bc	Merged support for secp224k1, secp192k1 and secp25k1	2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard	b4fae579e8	Add pk_rsa_set_padding() and rsa_set_padding()	2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard	7c59363a85	Remove a few dead stores	2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard	9e987edf9f	Fix potential memory leak in bignum selftest	2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard	fd6a191381	Fix misplaced initialisation. ... If one of the calls to mpi_grow() before setting Apos would fail, then mpi_free( &Apos ) would be executed without Apos being initialised.	2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard	073f0fa2fb	Fix missing error checking in gcm	2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard	280f95bd00	Add #ifs arround ssl_ciphersuite_uses_XXX()	2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard	7cfdcb8c7f	Add a length check in ssl_derive_keys()	2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard	9af7d3a35b	Add fast reduction for the other Koblitz curves	2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard	8887d8d37c	Add mod_p256k1 ... Makes secp256k1 about 4x faster	2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard	ea499a7321	Add support for secp192k1	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	0a56c2c698	Fix bug in ecdh_calc_secret() ... Only affects curves with nbits != pbits (currently only secp224k1)	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	5304812b2d	Fix theoretical compliance issue in ECDSA ... The issue would happen for curves whose bitlength is not a multiple of eight (the only case is NIST P-521) with hashes that are longer than the bitlength of the curve: since the wides hash is 512 bits long, this can't happen. Fixing however as a matter of principle and readability.	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	18e3ec9b4d	Add support for secp224k1	2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard	e4d47a655b	Add RIPEMD-160 to the generic MD layer	2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard	ff40c3ac34	Add HMAC support to RIPEMD-160	2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard	cab4a8807c	Add RIPEMD-160 (core functions)	2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard	9bcff3905b	Add OIDs and TLS IDs for prime Koblitz curves	2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard	f51c8fc353	Add support for secp256k1 arithmetic	2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard	65ad3e4daf	Use deterministic ECDSA in the PK layer	2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard	5e6edcfd96	Add fallback for md_alg == NONE to ecdsa_sign_det()	2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard	937340bce0	Add ecdsa_write_signature_det()	2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard	f42bca6da0	Little HMAC_DRBG refactoring	2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard	4daaef7e27	Add ecdsa_sign_det() with test vectors	2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard	461d416892	Add minified HMAC_DRBG for deterministic ECDSA	2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard	e7072f8d11	Fix theoretical compliance issue in ECDSA ... The issue would happen for curves whose bitlength is not a multiple of eight (the only case is NIST P-521) with hashes that are longer than the bitlength of the curve: since the wides hash is 512 bits long, this can't happen. Fixing however as a matter of principle and readability.	2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard	c9573998ca	Fix unchecked error codes in ecp_gen_keypair()	2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard	79f73b96d9	Remove bias in EC private key generation	2014-01-06 10:19:35 +01:00
Paul Bakker	c78c8422c2	Added failure stub for uninitialized POLARSSL_THREADING_ALT functions	2013-12-31 11:55:27 +01:00
Paul Bakker	a8fd3e31ed	Removed POLARSSL_THREADING_DUMMY option	2013-12-31 11:54:08 +01:00
Paul Bakker	4de44aa0ae	Rewrote check to prevent read of uninitialized data in ... rsa_rsassa_pss_verify()	2013-12-31 11:43:01 +01:00
Paul Bakker	6992eb762c	Fixed potential overflow in certificate size in ssl_write_certificate()	2013-12-31 11:38:33 +01:00
Paul Bakker	6ea1a95ce8	Added missing MPI_CHK() around some statements	2013-12-31 11:17:14 +01:00
Paul Bakker	5bc07a3d30	Prepped for 1.3.3	2013-12-31 10:57:44 +01:00
Paul Bakker	00f5c52bfe	Added cast to socket() return value to prevent Windows warning	2013-12-31 10:45:16 +01:00
Paul Bakker	c73879139e	Merged ECP memory usage optimizations	2013-12-31 10:33:47 +01:00
Paul Bakker	53e1513fea	Initialize ebx and edx in padlock functions	2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard	26bc1c0f5d	Fix a few unchecked return codes in EC	2013-12-30 19:33:33 +01:00
Paul Bakker	93759b048f	Made AES-NI bit-size specific key expansion functions static	2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard	9e4191c3e7	Add another option to reduce EC memory usage ... Also document speed/memory trade-offs better.	2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard	70896a023e	Add statistics about number of allocated blocks	2013-12-30 19:16:05 +01:00
Paul Bakker	ec4bea7eee	Forced cast to unsigned int for %u format in ecp_selftest()	2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard	1f789b8348	Lessen peak memory usage in EC by freeing earlier ... Cuts peak usage by 25% :)	2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard	72c172a13d	Save some small memory allocations inside ecp_mul()	2013-12-30 16:04:55 +01:00
Paul Bakker	f0fc2a27b0	Properly put the pragma comment for the MSVC linker in defines	2013-12-30 15:42:43 +01:00
Paul Bakker	92bcadb110	Removed 'z' length modifier from low-value size_t in ecp_selftest()	2013-12-30 15:37:17 +01:00
Paul Bakker	e7f5133590	Fixed superfluous return value in aesni.c	2013-12-30 15:32:02 +01:00
Paul Bakker	0d0de92156	Only specify done label in aes.c when AES-NI is possible	2013-12-30 15:29:04 +01:00
Paul Bakker	956c9e063d	Reduced the input / output overhead with 200+ bytes and covered corner ... case The actual input / output buffer overhead is only 301 instead of 512. This requires a proper check on the padding_idx to prevent out of bounds reads. Previously a remote party could potentially trigger an access error and thus stop the application when sending a malicious packet having MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of . This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1 for 256 bytes (including fake padding check). Or 13 + 32 bytes over the buffer length. We now reset padding_idx to 0, if it's clear that it will never be a valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)	2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard	d4588cfb6a	aesni_gcm_mult() now returns void	2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard	bfa3c9a85f	Remove temporary code	2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard	23c2f6fee5	Add AES-NI key expansion for 192 bits	2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard	4a5b995c26	Add AES-NI key expansion for 256 bits	2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard	47a3536a31	Add AES-NI key expansion for 128 bits	2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard	01e31bbffb	Add support for key inversion using AES-NI	2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard	80637c7520	Use aesni_gcm_mult() if available	2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard	d333f67f8c	Add aesni_gcm_mult()	2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard	9d57482280	Add comments on GCM multiplication	2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard	8eaf20b18d	Allow detection of CLMUL	2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard	5b685653ef	Add aesni_crypt_ecb() and use it	2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard	92ac76f9db	Add files for (upcoming) AES-NI support	2013-12-25 13:03:26 +01:00
Paul Bakker	1e5369c7fa	Variables in proper block or within proper defines in ssl_decrypt_buf()	2013-12-19 16:40:57 +01:00
Paul Bakker	0c0476f92d	Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED	2013-12-19 16:20:53 +01:00
Paul Bakker	1a56fc96a3	Fixed x509_crt_parse_path() bug on Windows platforms	2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard	1321135758	Fix MingW version issue	2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard	ee5db1d6b9	Fix typo in previous commit	2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard	6a398d4234	Add missing header for windows	2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard	173402bb61	net_prepare() returns int	2013-12-17 15:57:05 +01:00
Paul Bakker	5a607d26b7	Merged IPv6 support in the NET module	2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard	fd6b4cc1db	Add forgotten SO_REUSEADDR option	2013-12-17 13:59:01 +01:00
Paul Bakker	5ab68ba679	Merged storing curves fully in ROM	2013-12-17 13:11:18 +01:00
Paul Bakker	fdf946928d	Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites	2013-12-17 13:10:27 +01:00
Paul Bakker	77e257e958	Fixed bad check for maximum size of fragment length index	2013-12-17 13:09:12 +01:00
Paul Bakker	6c21276342	Place olen initalization after reference check in cipher_update()	2013-12-17 13:09:12 +01:00
Paul Bakker	6f0636a09f	Potential memory leak in ssl_ticket_keys_init()	2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard	6e315a9009	Adapt net_accept() to IPv6	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	389ce63735	Add IPv6 support to net_bind()	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	10934de1ca	Adapt net_connect() for IPv6	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	2e5c3163db	Factor our some code in net.c	2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard	5538970d32	Add server support for ECDH key exchanges	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	d18cc57962	Add client-side support for ECDH key exchanges	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	cdff3cfda3	Add ecdh_get_params() to import from an EC key	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	25781b22e3	Add ECDH_RSA and ECDH_ECDSA ciphersuites ... (not implemented yet)	2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard	69ab354239	Fix bug from stupid typo	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	14a96c5d8b	Avoid wasting memory with some curves	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	95b45b7bb2	Rename macros	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	baee5d4157	Add previously forgotten #ifdef's	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	81e1b102dc	Rm a few unneeded variables	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	1f82b041e7	Adapt ecp_group_free() to static constants	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	73cc01d7fa	Remove last non-static parts of known EC groups	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	731d08b406	Start using constants from ROM for EC groups	2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard	c72ac7c3ef	Fix SSLv3 handling of SHA-384 suites ... Fixes memory corruption, introduced in a5bdfcd (Relax some SHA2 ciphersuite's version requirements)	2013-12-17 10:18:25 +01:00
Paul Bakker	fef3c5a652	Fixed typo in POLARSSL_PKCS1_V15 in rsa.c	2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard	93f41dbdfd	Fix possible issue in corner-case for ecp_mul_mx()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	7a949d3f5b	Update comments	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	d962273594	Add #ifdef's for curve types	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	7c94d8bcab	WIP #ifdef's	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	b6f45a616c	Avoid potential leak in ecp_mul_mxz()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	a60fe8943d	Add mpi_safe_cond_swap()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	97871ef236	Some operations are not supported with Curve25519	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	3d7053a2bb	Add ecp_mod_p255(): Curve25519 about 4x faster now	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	357ff65a51	Details in ecp_mul_mxz()	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	fe0af405f9	Adapt ecp_gen_keypair() to Curve25519	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	9a4a5ac4de	Fix bug in mpi_set_bit	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	a0179b8c4a	Change ecp_mul to handle Curve25519 too	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	312d2e8ea2	Adapt key checking functions for Curve25519	2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard	661536677b	Add Curve25519 to known groups	2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard	3afa07f05b	Add coordinate randomization for Curve25519	2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard	d9ea82e7d9	Add basic arithmetic for Curve25519	2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard	3c0b4ea97e	Rename a few functions	2013-12-05 15:58:37 +01:00
Paul Bakker	498fd354c6	Added missing inline definition for other platforms to ecp_curves.c	2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard	d5e0fbe1a3	Remove now useless function	2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard	3ee90003c9	Make internal functions static again + cosmetics	2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard	9854fe986b	Convert curve constants to binary ... Makes source longer but resulting binary smaller	2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard	32b04c1237	Split ecp.c	2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard	43863eeffc	Declare internal variables static in ecp.c	2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard	d35e191434	Drop useless include in ecp.c	2013-12-02 16:34:24 +01:00
Paul Bakker	9dc53a9967	Merged client ciphersuite order preference option	2013-12-02 14:56:27 +01:00
Paul Bakker	014f143c2a	Merged EC key generation support	2013-12-02 14:55:09 +01:00
Paul Bakker	4040d7e95c	Merged more constant-time checking in RSA	2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard	1a9f2c7245	Add option to respect client ciphersuite order	2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard	011a8db2e7	Complete refactoring of ciphersuite choosing	2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard	3252560e68	Move some functions up	2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard	59b81d73b4	Refactor ciphersuite selection for version > 2	2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard	0267e3dc9b	Add ecp_curve_info_from_name()	2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard	104ee1d1f6	Add ecp_genkey(), prettier wrapper	2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard	27290daf3b	Check PKCS 1.5 padding in a more constant-time way ... (Avoid branches that depend on secret data.)	2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard	ab44d7ecc3	Check OAEP padding in a more constant-time way	2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard	a5cfc35db2	RSA-OAEP decrypt: reorganise code	2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard	5ad68e42e5	Mutex x509_crt_parse_path() when pthreads is used	2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard	964bf9b92f	Quit using readdir_r() ... Prone to buffer overflows on some platforms.	2013-11-28 18:07:39 +01:00
Paul Bakker	76f03118c4	Only compile with -Wmissing-declarations and -Wmissing-prototypes in ... library, not tests and programs	2013-11-28 17:20:04 +01:00
Paul Bakker	88cd22646c	Merged ciphersuite version improvements	2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard	da1ff38715	Don't accept CertificateRequest with PSK suites	2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard	dc953e8c41	Add missing defines/cases for RSA_PSK key exchange	2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard	c57b654a3e	Use t_uint rather than uintXX_t when appropriate	2013-11-26 15:19:56 +01:00
Paul Bakker	3209ce3692	Merged ECP improvements	2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard	20b9af7998	Fix min_version (TLS 1.0) for ECDHE-PSK suites	2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard	a5bdfcde53	Relax some SHA2 ciphersuite's version requirements ... Changed: - PSK ciphersuites (RFC 5487, section 3) - ECDHE-PSK ciphersuites (RFC 5489, section 3) - Additional Camellia ciphersuites (RFC 6367, sec 3.3) Unchanged: - all GCM ciphersuites - Camellia ciphersuites from RFC 5932 (sec. 3.3.2) - ECC-SHA2 ciphersuites from RFC 5289 (unclear) - SHA2 from RFC 5246 (TLS 1.2, no precision)	2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard	96c7a92b08	Change mpi_safe_cond_assign() for more const-ness	2013-11-25 18:28:53 +01:00
Paul Bakker	e4c71f0e11	Merged Prime generation improvements	2013-11-25 14:27:28 +01:00
Paul Bakker	45f457d872	Reverted API change for mpi_is_prime()	2013-11-25 14:26:52 +01:00
Paul Bakker	8fc30b178c	Various const fixes	2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard	ddf7615d49	gen_prime: check small primes early (3x speed-up)	2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard	378fb4b70a	Split mpi_is_prime() and make its first arg const	2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard	0160eacc82	gen_prime: ensure X = 2 mod 3 -> 2.5x speedup	2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard	711507a726	gen_prime: ensure X = 3 mod 4 always (2x speed-up)	2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard	3e3d2b818c	Fix bug in mpi_safe_cond_assign()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	918148193d	Enhance ecp_selftest	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	d728350cee	Make memory access pattern constant	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	aade42fd88	Change method for making M odd in ecp_mul() ... - faster - avoids M >= N (if m = N-1 or N-2)	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	36daa13d76	Misc details	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	469a209334	Rm subtraction from ecp_add_mixed()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	01fca5e882	Do point inversion without leaking information	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	71c2c21601	Add mpi_safe_cond_assign()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	44aab79022	Update bibliographic references	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	7f762319ad	Use mpi_shrink() in ecp_precompute()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	5868163e07	Add mpi_shrink()	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	e282012219	Spare some memory	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	edc1a1f482	Small code cleanups	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	ff27b7c968	Tighten ecp_mul() validity checks	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	09ceaf49d0	Rm multiplication using NAF ... Comb method is at most 1% slower for random points, and is way faster for fixed point (repeated).	2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard	04a0225388	Optimize w in the comb method	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	70c14372c6	Add coordinate randomization back	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	c30200e4ce	Fix bound issues	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	101a39f55f	Improve comb method (less precomputed points)	2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard	d1c1ba90ca	First version of ecp_mul_comb()	2013-11-21 21:56:20 +01:00
Paul Bakker	a9a028ebd0	SSL now gracefully handles missing RNG	2013-11-21 17:31:06 +01:00
Paul Bakker	f2b4d86452	Fixed X.509 hostname comparison (with non-regular characters) ... In situations with 'weird' certificate names or hostnames (containing non-western allowed names) the check would falsely report a name or wildcard match.	2013-11-21 17:30:23 +01:00
Steffan Karger	c245834bc4	Link against ZLIB when zlib is used ... Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>	2013-11-20 16:45:48 +01:00
Steffan Karger	28d81a009c	Fix pkcs11.c to conform to PolarSSL 1.3 API. ... This restores previous functionality, and thus still allows only RSA to be used through PKCS#11. Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>	2013-11-20 16:13:27 +01:00
Paul Bakker	08b028ff0f	Prevent unlikely NULL dereference	2013-11-19 10:42:37 +01:00
Paul Bakker	b076314ff8	Makefile now produces a .so.X with SOVERSION in it	2013-11-05 11:27:12 +01:00
Paul Bakker	f4dc186818	Prep for PolarSSL 1.3.2	2013-11-04 17:29:42 +01:00
Paul Bakker	0333b978fa	Handshake key_cert should be set on first addition to the key_cert chain	2013-11-04 17:08:28 +01:00
Paul Bakker	993e386a73	Merged renegotiation refactoring	2013-10-31 14:32:38 +01:00
Paul Bakker	37ce0ff185	Added defines around renegotiation code for SSL_SRV and SSL_CLI	2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard	31ff1d2e4f	Safer buffer comparisons in the SSL modules	2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard	6d8404d6ba	Server: enforce renegotiation	2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard	9c1e1898b6	Move some code around, improve documentation	2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard	214eed38c7	Make ssl_renegotiate the only interface ... ssl_write_hello_request() is no private	2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard	caed0541a0	Allow ssl_renegotiate() to be called in a loop ... Previously broken if waiting for network I/O in the middle of a re-handshake initiated by the client.	2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard	e5e1bb972c	Fix misplaced initialisation	2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard	f3dc2f6a1d	Add code for testing server-initiated renegotiation	2013-10-30 16:46:46 +01:00
Paul Bakker	0d7702c3ee	Minor change that makes life easier for static analyzers / compilers	2013-10-29 16:18:35 +01:00
Paul Bakker	6edcd41c0a	Addition conditions for UEFI environment under MSVC	2013-10-29 15:44:13 +01:00
Paul Bakker	7b0be68977	Support for serialNumber, postalAddress and postalCode in X509 names	2013-10-29 14:24:37 +01:00
Paul Bakker	fa6a620b75	Defines for UEFI environment under MSVC added	2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard	178d9bac3c	Fix ECDSA corner case: missing reduction mod N ... No security issue, can cause valid signatures to be rejected. Reported by DualTachyon on github.	2013-10-29 13:40:17 +01:00
Paul Bakker	60b1d10131	Fixed spelling / typos (from PowerDNS:codespell)	2013-10-29 10:02:51 +01:00
Paul Bakker	50dc850c52	Const correctness	2013-10-28 21:19:10 +01:00
Paul Bakker	6a6087e71d	Added missing inline definition for MSCV and ARM environments	2013-10-28 18:53:08 +01:00
Paul Bakker	7bc745b6a1	Merged constant-time padding checks	2013-10-28 14:40:26 +01:00
Paul Bakker	1642122f8b	Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer	2013-10-28 14:38:35 +01:00
Paul Bakker	3f917e230d	Merged optimizations for MODP NIST curves	2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard	1001e32d6f	Fix return value of ecdsa_from_keypair()	2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard	21ef42f257	Don't select a PSK ciphersuite if no key available	2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard	3daaf3d21d	X509 key identifiers depend on SHA1	2013-10-28 13:58:32 +01:00
Paul Bakker	45a2c8d99a	Prevent possible alignment warnings on casting from char * to 'aligned *'	2013-10-28 12:57:08 +01:00
Paul Bakker	677377f472	Server does not send out extensions not advertised by client	2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard	e68bf171eb	Make get_zeros_padding() constant-time	2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard	6c32990114	Make get_one_and_zeros_padding() constant-time	2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard	d17df51277	Make get_zeros_and_len_padding() constant-time	2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard	f8ab069d6a	Make get_pkcs_padding() constant-time	2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard	a8a25ae1b9	Fix bad error codes	2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard	7109624aef	Skip MAC computation/check when GCM is used	2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard	8866591cc5	Don't special-case NULL cipher in ssl_tls.c	2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard	126a66f668	Simplify switching on mode in ssl_tls.c	2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard	98d9a2c061	Fix missing or wrong ciphersuite definitions	2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard	6fb0f745be	Rank GCM before CBC in ciphersuite_preference	2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard	8d01eea7af	Add Camellia-GCM ciphersuites	2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard	e0dca4ad78	Cipher layer: check iv_len more carefully	2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard	dae7093875	gcm_selftest depends on AES	2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard	87181d1deb	Add Camellia-GCM to th cipher layer	2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard	13e0d449f7	Add Camellia-GCM test vectors ... https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4	2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard	9fcceac943	Add a comment about modules coupling	2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard	b21c81fb41	Use less memory in fix_negative()	2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard	cae6f3ed45	Reorganize code in ecp.c	2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard	5779cbe582	Make mod_p{224,256,384] a bit faster ... Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.	2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard	c04c530a98	Make NIST curves optimisation an option	2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard	0f9149cb0a	Add mod_p384	2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard	ec655c908c	Add mod_p256	2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard	210b458ddc	Document and slightly reorganize mod_pXXX	2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard	2a08c0debc	mod_p224 now working with 8-bit and 16-bit ints	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	a47e7058ea	mod_p224 now endian-neutral	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	e783f06f73	Start working on mod_p224 ... (Prototype, works only on 32-bit and little-endian 64-bit.)	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	cc67aee9c8	Make ecp_mod_p521 a bit faster	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	c9e387ca9e	Optimize ecp_modp() ... Makes it 22% faster, for a 5% gain on ecp_mul()	2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard	d1e7a45fdd	Rework ecp_mod_p192() ... On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve. The code is shorter too.	2013-10-23 13:24:55 +02:00
Paul Bakker	6888167e73	Forced cast to prevent MSVC compiler warning	2013-10-15 13:24:01 +02:00
Paul Bakker	5c17ccdf2a	Bumped version to 1.3.1	2013-10-15 13:12:41 +02:00
Paul Bakker	f34673e37b	Merged RSA-PSK key-exchange and ciphersuites	2013-10-15 12:46:41 +02:00
Paul Bakker	376e8153a0	Merged ECDHE-PSK ciphersuites	2013-10-15 12:45:36 +02:00
Paul Bakker	bbc1007c50	Convert SOCKET to int to prevent compiler warnings under MSVC. ... From kernel objects at msdn: Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24. Windows Internals by Russinovich and Solomon as well says that the high bits are zero.	2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard	59b9fe28f0	Fix bug in psk_identity_hint parsing	2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard	bac0e3b7d2	Dependency fixes	2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard	09258b9537	Refactor parse_server_key_exchange a bit	2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard	8a3c64d73f	Fix and simplify *-PSK ifdef's	2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard	ef0eb1ebd8	Add two missing RSA-PSK ciphersuites	2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard	0fae60bb71	Implement RSA-PSK key exchange	2013-10-14 19:34:48 +02:00
Paul Bakker	be089b0483	Introduced POLARSSL_HAVE_READDIR_R for systems without it	2013-10-14 15:51:50 +02:00
Paul Bakker	b9cfaa0c7f	Explicit conversions and minor changes to prevent MSVC compiler warnings	2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard	057e0cf263	Fix ciphersuites dependencies on MD5 and SHA1	2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard	1b62c7f93d	Fix dependencies and related issues	2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard	72fb62daa2	More *-PSK refactoring	2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard	bd1ae24449	Factor PSK pms computation to ssl_tls.c	2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard	b59d699a65	Fix bugs in ECDHE_PSK key exchange	2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard	225d6aa786	Add ECDHE_PSK ciphersuites	2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard	3ce3bbdc00	Add support for ECDHE_PSK key exchange	2013-10-11 18:16:35 +02:00
Paul Bakker	b887f1119e	Removed return from error_strerror()	2013-10-11 15:24:31 +02:00
Paul Bakker	beccd9f226	Explicit void pointer cast for buggy MS compiler	2013-10-11 15:20:27 +02:00
Paul Bakker	5191e92ecc	Added missing x509write_crt_set_version()	2013-10-11 10:54:28 +02:00
Paul Bakker	b7c13123de	threading_set_own() renamed to threading_set_alt()	2013-10-11 10:51:32 +02:00
Paul Bakker	4aa40d4f51	Better support for MSVC	2013-10-11 10:49:24 +02:00
Paul Bakker	b799dec4c0	Merged support for Brainpool curves and ciphersuites	2013-10-11 10:05:43 +02:00
Paul Bakker	1677033bc8	TLS compression only allocates working buffer once	2013-10-11 09:59:44 +02:00
Paul Bakker	d61cc3b246	Possible naming collision in dhm_context	2013-10-11 09:38:49 +02:00
Paul Bakker	fcc172138c	Fixed const-correctness issues	2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard	ae102995a7	RSA blinding: lock for a smaller amount of time	2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard	4d89c7e184	RSA blinding: check highly unlikely cases	2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard	971f8b84bb	Fix compile errors with RSA_NO_CRT	2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard	9654fb156f	Fix missing MSVC define	2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard	0cd6f98c0f	Don't special-case a = -3, not worth it	2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard	b8012fca5f	Adjust dependencies	2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard	48ac3db551	Add OIDs for brainpool curves	2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard	0ace4b3154	Use much less variables in ecp_double_jac_gen()	2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard	1c4aa24df1	Add brainpool support for ecp_mul()	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	cd7458aafd	Support brainpool curves in ecp_check_pubkey()	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	a070ada6d4	Add brainpool curves to ecp_use_kown_dp()	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	cec4a53c98	Add domain parameters for Brainpool curves	2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard	8195c1a567	Add identifiers for Brainpool curves	2013-10-10 12:56:00 +02:00
Paul Bakker	c9965dca27	RSA blinding threading support	2013-09-29 15:02:11 +02:00
Paul Bakker	1337affc91	Buffer allocator threading support	2013-09-29 15:02:11 +02:00
Paul Bakker	f4e7dc50ea	entropy_func() threading support	2013-09-29 15:02:07 +02:00
Paul Bakker	1ffefaca1e	Introduced entropy_free()	2013-09-29 15:01:42 +02:00
Paul Bakker	c55988406f	SSL Cache threading support	2013-09-28 15:24:59 +02:00
Paul Bakker	2466d93546	Threading abstraction layer added	2013-09-28 15:00:02 +02:00
Paul Bakker	bf796acf07	Added implementation for memory_buffer_set_verify()	2013-09-28 11:08:44 +02:00
Paul Bakker	caa3af47c0	Handle missing curve extension correctly in ssl_parse_client_hello()	2013-09-28 11:08:43 +02:00
Paul Bakker	f18084a201	Ready for 1.3.0 release	2013-09-26 10:07:09 +02:00
Paul Bakker	ca9c87ed2b	Removed possible cache-timing difference for pad check	2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard	a0fdf8b0a0	Simplify the way default certs are used	2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard	cb99bdb27e	Client: if no cert, send empty cert list	2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard	641de714b6	Use both RSA and ECDSA CA if available	2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard	8372454615	Rework SNI to fix memory issues	2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard	482a2828e4	Offer both EC and RSA in certs.c, RSA first	2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard	4618459fa1	Update EC certificates in certs.c	2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard	705fcca409	Adapt support for SNI to recent changes	2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard	d09453c88c	Check our ECDSA cert(s) against supported curves	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	f24b4a7316	Interface change in ECP info functions ... ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id() ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	f71e587c5e	Fix memory leak in ssl cipher usage	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	3ebb2cdb52	Add support for multiple server certificates	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	834ea8587f	Change internal structs for multi-cert support	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	cbf3ef3861	RSA and ECDSA key exchanges don't depend on CRL	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	164d894b9a	Fix: session start time wasn't set server side	2013-09-23 23:00:50 +02:00
Paul Bakker	3cf63edc44	Typo in Windows error code in x509_crt.c	2013-09-23 15:10:16 +02:00
Paul Bakker	c27c4e2efb	Support faulty X509 v1 certificates with extensions ... (POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)	2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard	fe28646f72	Fix references to x509parse in config.h	2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard	1a483833b3	SSL_TLS doesn't depend on PK any more ... (But PK does depend on RSA or ECP.)	2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard	34ced2dffe	Fix mis-sized buffer ... Reported by rgacogne on twitter. Also spotted by gcc-4.8 with -O2	2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard	a7496f00ff	Fix a few more warnings in small configurations	2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard	4fee79b885	Fix some more depend issues	2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard	387a211fad	Fix some dependencies in tests	2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard	1032c1d3ec	Fix some dependencies and warnings in small config	2013-09-19 10:49:00 +02:00
Paul Bakker	5ad403f5b5	Prepared for 1.3.0 RC0	2013-09-18 21:21:30 +02:00
Paul Bakker	6db455e6e3	PSK callback added to SSL server	2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard	ff29f9c825	Compute public key if absent when reading EC key	2013-09-18 16:13:02 +02:00
Manuel Pégourié-Gonnard	da179e4870	Add ecp_curve_list(), hide ecp_supported_curves	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	dace82f805	Refactor cipher information management	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	a310459f5c	Fix a few things that broke with RSA compiled out	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	161ef968db	Cache pre-computed points for ecp_mul() ... Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a preparation for fixed-point mult (a few prototypes changed in constness).	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	56cd319f0e	Add human-friendly name in ecp_curve_info	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	a79d123a55	Make ecp_supported_curves constant	2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard	51451f8d26	Replace EC flag with ssl_ciphersuite_uses_ec()	2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard	15d5de1969	Simplify usage of DHM blinding	2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard	c83e418149	Prepare for ECDH point blinding just in case	2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard	c972770f78	Prepare ecp_group for future extensions	2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard	456d3b9b0b	Make ECP error codes more specific	2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard	568c9cf878	Add ecp_supported_curves and simplify some code	2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard	7038039f2e	Dissociate TLS and internal EC curve identifiers ... Allows to add new curves before they get a TLS number	2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard	a97c015f89	Rm useless/wrong DHM lenght test	2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard	4cf0686d6d	Remove spurious '+ 3' in ecdsa_write_signature()	2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard	dd0f57f186	Check key size in cipher_setkey()	2013-09-18 14:34:32 +02:00
Paul Bakker	b6b0956631	Rm of memset instead of x509_crt_init()	2013-09-18 14:32:52 +02:00
Paul Bakker	c559c7a680	Renamed x509_cert structure to x509_crt for consistency	2013-09-18 14:32:52 +02:00
Paul Bakker	9556d3d650	Renamed x509_crt_write.c and x509_csr_write.c	2013-09-18 13:50:13 +02:00
Paul Bakker	ddf26b4e38	Renamed x509parse_* functions to new form ... e.g. x509parse_crtfile -> x509_crt_parse_file	2013-09-18 13:46:23 +02:00
Paul Bakker	369d2eb2a2	Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()	2013-09-18 12:01:43 +02:00
Paul Bakker	86d0c1949e	Generalized function names of x509 functions not parse-specific ... x509parse_serial_gets -> x509_serial_gets x509parse_dn_gets -> x509_dn_gets x509parse_time_expired -> x509_time_expired	2013-09-18 12:01:42 +02:00
Paul Bakker	5187656211	Renamed X509 / X509WRITE error codes to generic (non-cert-specific)	2013-09-17 14:36:05 +02:00
Paul Bakker	36713e8ed9	Fixed bunch of X509_PARSE related defines / dependencies	2013-09-17 13:25:29 +02:00
Paul Bakker	e9e6ae338b	Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug	2013-09-16 22:55:51 +02:00
Paul Bakker	da7711594e	Changed pk_parse_get_pubkey() to pk_parse_subpubkey()	2013-09-16 22:45:03 +02:00
Paul Bakker	d1a983fe77	Removed x509parse key functions and moved them to compat-1.2.h	2013-09-16 22:26:53 +02:00
Paul Bakker	7c6b2c320e	Split up X509 files into smaller modules	2013-09-16 21:41:54 +02:00
Paul Bakker	cff6842b39	POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C	2013-09-16 13:36:18 +02:00
Paul Bakker	77e23fb0e0	Move *_pemify() function to PEM module	2013-09-15 20:03:26 +02:00
Paul Bakker	40ce79f1e6	Moved DHM parsing from X509 module to DHM module	2013-09-15 17:43:54 +02:00
Paul Bakker	3e41fe8938	Remove printf when RSA selftest is skipped	2013-09-15 17:42:50 +02:00
Paul Bakker	dce7fdcbc9	Fixed warnings in case POLARSSL_PEM_C is not defined	2013-09-15 17:15:26 +02:00
Paul Bakker	2292d1fad0	Fixed warnings in case POLARSSL_X509_PARSE_C is not defined	2013-09-15 17:06:49 +02:00
Paul Bakker	4606c7317b	Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C	2013-09-15 17:04:23 +02:00
Paul Bakker	c7bb02be77	Moved PK key writing from X509 module to PK module	2013-09-15 14:54:56 +02:00
Paul Bakker	1a7550ac67	Moved PK key parsing from X509 module to PK module	2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard	92cb1d3a91	Make CBC an option, step 3: individual ciphers	2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard	989ed38de2	Make CBC an option, step 2: cipher layer	2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard	f7dc378ead	Make CBC an option, step 1: ssl ciphersuites	2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard	b72b4edec1	Fix memory leak in DHM	2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard	4fe9200f47	Fix memory leak in GCM by adding gcm_free()	2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard	735b8fcb0b	Fix blunder in 8a109f1	2013-09-13 12:57:23 +02:00
Paul Bakker	9013af76a3	Merged major refactoring of x509write module into development ... This refactoring adds support for proper CSR writing and X509 certificate generation / signing	2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard	bb323ffc7c	Complete EC support in x509write_crt	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	31e59400d2	Add missing f_rng/p_rng arguments to x509write_crt	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	53c642504e	Use PK internally for x509write_crt	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	f38e71afd5	Convert x509write_crt interface to PK	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	6de63e480d	Add EC support to x509write_key	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	7f1f0926e4	Add test for x509write_key	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	0088c69fbf	Complete x509write_csr support for EC key ... No automated test yet (complicated by the fact that ECDSA signatures are not deterministic), tested using cert_req (and openssl for verification).	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	edda9041fc	Adapt asn1_write_algorithm_identifier() to params	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	3837daec9e	Add EC support to x509write_pubkey	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	e1f821a6eb	Adapt x509write_pubkey interface to use PK ... key_app_writer will be fixed later	2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard	ee73179b2f	Adapt x509write_csr prototypes for PK	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	8053da4057	x509write_csr() now fully using PK internally	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	d4eb5b5196	Add references	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	27d87fa6c4	Fix many off-by-one errors	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	6dcf0bfcf4	Use x509write_pubkey_der() when applicable	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	5353a03eb9	x509write_csr using PK internally (WIP)	2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard	85dfe08b31	Merge duplicated else/#else branch	2013-09-12 11:57:00 +02:00
Paul Bakker	18f0341aed	Typo in comments in ctr_drbg.c	2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard	da7317ed00	Use asn1_free_named_data_list() when relevant	2013-09-10 15:52:52 +02:00
Paul Bakker	c0dcf0ceb1	Merged blinding additions for EC, RSA and DHM into development	2013-09-10 14:44:27 +02:00
Paul Bakker	36b7e1efe7	Merged GCM refactoring into development ... GCM is now independent of AES and can be used as a mode for any cipher-layer supported 128-bit based block cipher	2013-09-10 14:41:05 +02:00
Paul Bakker	2a6a3a7e69	Better checking on cipher_info_from_values()	2013-09-10 14:29:28 +02:00
Paul Bakker	a0558e0484	Check that the cipher GCM receives is a 128-bit-based cipher	2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard	8a109f106d	Optimize RSA blinding by caching-updating values	2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard	ea53a55c0f	Refactor to prepare for RSA blinding optimisation	2013-09-10 13:55:35 +02:00
Paul Bakker	1c3853b953	oid_get_oid_by_*() now give back oid length as well	2013-09-10 11:43:44 +02:00
Paul Bakker	003dbad250	Fixed file descriptor leak in x509parse_crtpath()	2013-09-09 17:26:14 +02:00
Paul Bakker	a5943858d8	x509_verify() now case insensitive for cn (RFC 6125 6.4)	2013-09-09 17:21:45 +02:00
Paul Bakker	f9f377e652	CSR Parsing (without attributes / extensions) implemented	2013-09-09 15:35:10 +02:00
Paul Bakker	d4bf870ff5	Allow spaces after the comma when converting X509 names	2013-09-09 13:59:11 +02:00
Paul Bakker	52be08c299	Added support for writing Key Usage and NS Cert Type extensions	2013-09-09 12:38:45 +02:00
Paul Bakker	cd35803684	Changes x509_csr to x509write_csr	2013-09-09 12:38:45 +02:00
Paul Bakker	5f45e62afe	Migrated from x509_req_name to asn1_named_data structure	2013-09-09 12:02:36 +02:00
Paul Bakker	c547cc992e	Added generic asn1_free_named_data_list()	2013-09-09 12:01:23 +02:00
Paul Bakker	59ba59fa30	Generalized x509_set_extension() behaviour to asn1_store_named_data()	2013-09-09 11:34:44 +02:00
Paul Bakker	43aff2aec4	Moved GCM to use cipher layer instead of AES directly	2013-09-09 00:10:27 +02:00
Paul Bakker	f46b6955e3	Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode)	2013-09-09 00:08:26 +02:00
Paul Bakker	5e0efa7ef5	Added POLARSSL_MODE_ECB to the cipher layer	2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard	9f5a3c4a0a	Fix possible memory error.	2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard	bfb355c33b	Fix memory leak on missed session reuse	2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard	bc4b7f08ba	Fix possible race in ssl_list_ciphersuites() ... Thread A: executing for loop of ssl_list_ciphersuites() Thread B: call ssl_list_cipher_suites(), see init == 0 Thread A: return, start using the result Thread B: memset(0) on the list used by thread A	2013-09-08 20:07:48 +02:00
Paul Bakker	9c208aabc8	Use ASN1_UTC_TIME in some cases	2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard	032c34e206	Don't use DH blinding for ephemeral DH	2013-09-07 13:06:27 +02:00
Paul Bakker	15162a054a	Writing of X509v3 extensions supported ... Standard extensions already in: basicConstraints, subjectKeyIdentifier and authorityKeyIdentifier	2013-09-06 19:27:21 +02:00
Paul Bakker	329def30c5	Added asn1_write_bool()	2013-09-06 16:34:38 +02:00
Paul Bakker	9397dcb0e8	Base X509 certificate writing functinality	2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard	d13a4099dd	GCM ciphersuites using only cipher layer	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	b8bd593741	Restrict cipher_update() for GCM	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	226d5da1fc	GCM ciphersuites partially using cipher layer	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	1af50a240b	Cipher: test multiple cycles ... GCM-cipher: just trust the user to call update_ad at the right time	2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard	ed8a02bfae	Simplify DH blinding a bit	2013-09-04 17:18:28 +02:00
Paul Bakker	45125bc160	Changes to handle merged enhancements	2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard	143b5028a5	Implement DH blinding	2013-09-04 16:29:59 +02:00
Paul Bakker	c049955b32	Merged new cipher layer enhancements	2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard	2d627649bf	Change dhm_calc_secret() prototype	2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard	ce4112538c	Fix RC4 key length in cipher	2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard	83f3fc0d77	Add AES-192-GCM	2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard	43a4780b03	Ommit AEAD functions if GCM not defined	2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard	aa9ffc5e98	Split tag handling out of cipher_finish()	2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard	2adc40c346	Split cipher_update_ad() out or cipher_reset()	2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard	a235b5b5bd	Fix iv_len interface. ... cipher_info->iv_size == 0 is no longer ambiguous, and cipher_get_iv_size() always returns something useful to generate an IV.	2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard	9c853b910c	Split cipher_set_iv() out of cipher_reset()	2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard	07de4b1d08	Implement randomized coordinates in ecp_mul()	2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard	c75c56fef7	Fix off-by-one error in ecdsa_write_signature() ... Made some signature fail with 521-bit curve	2013-09-02 16:25:37 +02:00
Paul Bakker	ea6ad3f6e5	ARC4 ciphersuites using only cipher layer	2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard	e09d2f8261	Change ecp_mul() prototype to allow randomization ... (Also improve an error code while at it.)	2013-09-02 14:29:09 +02:00
Paul Bakker	eb851f6cd5	Merged current cipher enhancements for ARC4 and AES-GCM	2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard	9241be7ac5	Change cipher prototypes for GCM	2013-08-31 18:07:42 +02:00
Paul Bakker	cca5b81d18	All CBC ciphersuites via the cipher layer	2013-08-31 17:40:26 +02:00
Paul Bakker	da02a7f45e	AES_CBC ciphersuites now run purely via cipher layer	2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard	20d6a17af9	Make GCM tag check "constant-time"	2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard	07f8fa5a69	GCM in the cipher layer, step 1 ... - no support for additional data - no support for tag	2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard	b5e85885de	Handle NULL as a stream cipher for more uniformity	2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard	37e230c022	Add arc4 support in the cipher layer	2013-08-30 17:11:28 +02:00
Paul Bakker	f451bac000	Blinding RSA only active when f_rng is provided	2013-08-30 15:48:53 +02:00
Paul Bakker	48377d9834	Configuration option to enable/disable POLARSSL_PKCS1_V15 operations	2013-08-30 13:41:14 +02:00
Paul Bakker	aab30c130c	RSA blinding added for CRT operations	2013-08-30 11:03:09 +02:00
Paul Bakker	548957dd49	Refactored RSA to have random generator in every RSA operation ... Primarily so that rsa_private() receives an RNG for blinding purposes.	2013-08-30 10:30:02 +02:00
Paul Bakker	ca174fef80	Merged refactored x509write module into development	2013-08-28 16:32:51 +02:00
Paul Bakker	9659dae046	Some extra code defined out	2013-08-28 16:21:34 +02:00