SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-02-12 07:01:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,396 Commits 1 Branch 0 Tags 31 MiB
7e8a6fb78c
Commit Graph

2406 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
d249b7ab9a Restore ability to trust non-CA selfsigned EE cert 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516 Restore ability to use v1 CA if trusted locally 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
eaa76f7e20 Fix computation of minlen for encrypted packets 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
e800cd81d7 Re-arrange some code in ssl_derive_keys() 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
b46e6adb9c Check input lengths in GCM 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0bcc4e1df7 Fix length checking for AEAD ciphersuites 2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard
66e20c6318 Fix warning and typo->error. 2014-06-24 17:47:40 +02:00
Manuel Pégourié-Gonnard
ac2ccf897c Fix CCM ciphersuites definition: PSK <-> DHE-PSK! 2014-06-24 15:48:01 +02:00
Manuel Pégourié-Gonnard
8f625632bb Fix dependencies: GCM != AEAD != CCM 2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard
5bfd968e01 Fix warning with TLS 1.2 without RSA or ECDSA 2014-06-24 15:18:11 +02:00
Paul Bakker
1c98ff96b5 Merge more test improvements and tests 
Conflicts:
	tests/suites/test_suite_cipher.blowfish.data
 2014-06-24 11:12:00 +02:00
Paul Bakker
91c301abbe Zeroize values in PKCS#12 operations 2014-06-24 11:09:39 +02:00
Manuel Pégourié-Gonnard
398c57b0b3 Blowfish accepts variable key len in cipher layer 2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard
f3b47243df Split x509_csr_parse_der() out of x509_csr_parse() 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
4d2a8eb6ff SSL modules now using x509_crt_parse_der() 
Avoid uselessly trying to decode PEM.
 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
b912616081 Rm unused functions in cipher_wrap 
You can't initialise a context with DES_CFB or DES_CTR.
 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
1c082f34f3 Update description and references for X.509 files 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
edc3ab20e2 Small cleanup: less side-effects 
pkcs5_parse_pbkdf2_params() used to modify params.p, which does not look
clean, even if the function is static and params.p isn't use afterwards.
 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
90dac90f53 Small code simplification in pkcs5_pbes2() 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
66aca931bc Add tests for pkcs5_pbes2 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
2a8afa98e2 pkcs5_self_test depends on SHA1 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
f3e5c22f4d Refactor x509_string_to_names(): data in a table 2014-06-23 11:52:58 +02:00
Manuel Pégourié-Gonnard
81754a0c35 Create a 'flags' field in cipher_info 2014-06-23 11:33:18 +02:00
Paul Bakker
66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker
db20c10423 Add #endif comments for #endif more than 10 lines from #if / #else 2014-06-17 14:34:44 +02:00
Paul Bakker
d8bb82665e Fix code styling for return statements 2014-06-17 14:06:49 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker
14877e6250 Remove unused 'ret' variable 2014-06-12 23:01:18 +02:00
Paul Bakker
c2ff2083ee Merge parsing and verification of RSASSA-PSS in X.509 modules 2014-06-12 22:02:47 +02:00
Paul Bakker
508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard
3ac6a2b9a7 Same as previous commit with Camellia 2014-06-12 21:16:02 +02:00
Manuel Pégourié-Gonnard
afd5a08e33 Minor tune-up in aes code 
un-duplicate a check, and remove useless default case, mainly so that these
lines don't appear as uncovered
 2014-06-12 21:15:55 +02:00
Manuel Pégourié-Gonnard
e1ac0f8c5d Add back timing selftest with new hardclock test 2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard
7792198a46 Normalize some error messages 2014-06-12 21:15:44 +02:00
Manuel Pégourié-Gonnard
4dd73925ab Add entropy_self_test() 2014-06-10 15:38:43 +02:00
Paul Bakker
d6917f0eb3 Add LINK_WITH_PTHREAD to CMakeList for explicitly adding pthread linking 2014-06-09 23:46:41 +02:00
Manuel Pégourié-Gonnard
d1539b1e88 Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT 2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard
88aa6e0b58 Fix potential memory leak in RSASSA-PSS verify 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
0eaa8beb36 Fix signedness warning 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
53882023e7 Also verify CRLs signed with RSASSA-PSS 2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard
46db4b070c Use pk_verify_ext() in x509_crt.c 2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
bf696d030b Make sig_opts non-optional in X509 structures 
This simplifies the code.
 2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
dddbb1d1eb Rm sig_params from various X509 structures 2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
9113603b6b Use sig_opts in x509_sig_alg_gets() 2014-06-05 15:41:39 +02:00
Manuel Pégourié-Gonnard
f75f2f7c46 Add sig_opts member to X509 structures 2014-06-05 15:14:59 +02:00
Manuel Pégourié-Gonnard
20422e9a3a Add pk_verify_ext() 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
5ec628a2b9 Add rsa_rsassa_pss_verify_ext() 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
920e1cd5e2 Add basic PSS cert verification 
Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here
 2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard
e6d1d82b66 Relax checks on RSA mode for public key operations 2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard
78117d57b0 Consider trailerField a constant 2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard
cac31eed9e Factor common code for printing sig_alg 2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard
cf975a3857 Factor out some common code 2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard
39868ee301 Parse CSRs signed with RSASSA-PSS 2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard
8e42ff6bde Parse CRLs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
9df5c96214 Fix dependencies 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
9c9cf5b51e More checks for length match in rsassa-pss params 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
e76b750b69 Finish parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
f346bab139 Start parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
59a75d5b9d Basic parsing of certs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Peter Vaskovic
7015de7e67 Fix WSAStartup return value check. 
SOCKET_ERROR was not a valid return value.
WSAStartup returns 0 on success, so check that instead.
 2014-05-28 11:40:51 +02:00
Paul Bakker
14b16c62e9 Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker) 
Move strlen out of for loop.
Remove redundant null checks before free.
 2014-05-28 11:34:33 +02:00
Peter Vaskovic
8ebfe084ab Fix minor format string inconsistency. 2014-05-28 11:12:51 +02:00
Peter Vaskovic
c2bbac968b Fix misplaced parenthesis. 2014-05-28 11:06:31 +02:00
Peter Vaskovic
541529e770 Remove unused arrays. 2014-05-28 11:04:48 +02:00
Paul Bakker
b5212b436f Merge CCM cipher mode and ciphersuites 
Conflicts:
	library/ssl_tls.c
 2014-05-22 15:30:31 +02:00
Paul Bakker
0f651c7422 Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-05-22 15:12:19 +02:00
Brian White
12895d15f8 Fix less-than-zero checks on unsigned numbers 2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard
82a5de7bf7 Enforce alignment even if buffer is not aligned 2014-05-22 13:52:49 +02:00
Manuel Pégourié-Gonnard
fe671f4aeb Add markers around generated code in error.c 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard
8ff17c544c Add missing DEBUG_RET on cipher failures 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard
61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard
2e5ee32033 Implement CCM and CCM_8 ciphersuites 2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard
5efd772ef0 Small readability improvement 2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard
6768da9438 Register CCM ciphersuites (not implemented yet) 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
41936957b3 Add AES-CCM and CAMELLIA-CCM to the cipher layer 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
de7bb44004 Use cipher_auth_{en,de}crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
4562ffe2e6 Add cipher_auth_{en,de}crypt() 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
8764d271fa Use cipher_crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
3c1d150b3d Add cipher_crypt() 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
0f6b66dba1 CCM operations allow input == output 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
aed6065793 CCM source cosmetics/tune-ups 
- source a bit shorter
- generated code slightly smaller
- preserving performance
 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
ce77d55023 Implement ccm_auth_decrypt() 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
002323340a Refactor to prepare for CCM decryption 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
637eb3d31d Add ccm_encrypt_and_tag() 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
9fe0d13e8d Add ccm_init/free() 2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard
a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker
5593f7caae Fix typo in debug_print_msg() 2014-05-06 10:29:28 +02:00
Paul Bakker
da13016d84 Prepped for 1.3.7 release 2014-05-01 14:27:19 +02:00
Paul Bakker
c37b0ac4b2 Fix typo in bignum.c 2014-05-01 14:19:23 +02:00
Paul Bakker
b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Paul Bakker
c3f89aa26c Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result) 2014-05-01 10:56:03 +02:00
Paul Bakker
9bb04b6389 Removed redundant code in mpi_fill_random() 2014-05-01 09:47:02 +02:00
Paul Bakker
2ca1dc8958 Updated error.c and version_features.c based on changes 2014-05-01 09:46:38 +02:00
Markus Pfeiffer
a26a005acf Make compilation on DragonFly work 2014-04-30 16:52:28 +02:00
Paul Bakker
2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard
c16f4e1f78 Move RC4 ciphersuites down the list 2014-04-30 16:27:06 +02:00
Paul Bakker
8eab8d368b Merge more portable AES-NI 2014-04-30 16:21:08 +02:00
Paul Bakker
33dc46b080 Fix bug with mpi_fill_random() on big-endian 2014-04-30 16:20:39 +02:00
Paul Bakker
f96f7b607a On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-04-30 16:02:38 +02:00
Paul Bakker
6384440b13 Better support for the different Attribute Types from IETF PKIX (RFC 5280) 2014-04-30 15:34:12 +02:00
Paul Bakker
1a1fbba1ae Sanity length checks in ssl_read_record() and ssl_fetch_input() 
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
 2014-04-30 14:48:51 +02:00
Paul Bakker
24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5 version_check_feature() added to check for compile-time options at run-time 2014-04-30 11:49:44 +02:00
Paul Bakker
a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0 
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
 2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
3d41370645 Fix hash dependencies in X.509 tests 2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard
3a306b9067 Fix misplaced #endif in ssl_tls.c 2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard
b1fd397be6 Adapt AES-NI code to "old" binutil versions 2014-04-26 17:17:31 +02:00
Paul Bakker
c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6 Debug module only outputs full lines instead of parts 2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa debug_set_log_mode() added to determine raw or full logging 2014-04-25 16:58:14 +02:00
Paul Bakker
61885c7f7f Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites 
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
 2014-04-25 12:59:51 +02:00
Paul Bakker
4ffcd2f9c3 Typo in PKCS#11 module 2014-04-25 11:44:12 +02:00
Paul Bakker
10a9dd35ea Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c 2014-04-25 11:27:16 +02:00
Paul Bakker
0767e67d17 Add support for 'emailAddress' to x509_string_to_names() 2014-04-18 14:11:37 +02:00
Paul Bakker
c70e425a73 Only iterate over actual certificates in ssl_write_certificate_request() 2014-04-18 13:50:19 +02:00
Paul Bakker
f4cf80b86f Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code 2014-04-17 17:24:29 +02:00
Paul Bakker
4f42c11846 Remove arbitrary maximum length for cipher_list and content length 2014-04-17 15:37:39 +02:00
Paul Bakker
d893aef867 Force default value to curve parameter 2014-04-17 14:45:34 +02:00
Paul Bakker
93389cc620 Remove const indicator 2014-04-17 14:44:38 +02:00
Paul Bakker
874bd64b28 Check setsockopt() return value in net_bind() 2014-04-17 12:43:05 +02:00
Paul Bakker
3d8fb63e11 Added missing MPI_CHK around mpi functions 2014-04-17 12:42:41 +02:00
Paul Bakker
a9c16d2825 Removed unused cur variable in x509_string_to_names() 2014-04-17 12:42:18 +02:00
Paul Bakker
0e4f9115dc Fix iteration counter 2014-04-17 12:39:05 +02:00
Paul Bakker
784b04ff9a Prepared for version 1.3.6 2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard
9655e4597a Reject certificates with times not in UTC 2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard
0776a43788 Use UTC to heck certificate validity 2014-04-11 13:59:31 +02:00
Paul Bakker
52c5af7d2d Merge support for verifying the extendedKeyUsage extension in X.509 2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard
78848375c0 Declare EC constants as 'const' 2014-04-11 13:58:41 +02:00
Paul Bakker
1630058dde Potential buffer overwrite in pem_write_buffer() fixed 
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
 2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard
0408fd1fbb Add extendedKeyUsage checking in SSL modules 2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca Add x509_crt_check_extended_key_usage() 2014-04-11 11:09:00 +02:00
Paul Bakker
d6ad8e949b Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C 2014-04-09 17:24:14 +02:00
Paul Bakker
a77de8c841 Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off 2014-04-09 16:39:35 +02:00
Paul Bakker
043a2e26d0 Merge verification of the keyUsage extension in X.509 certificates 2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard
a9db85df73 Add tests for keyUsage with client auth 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
490047cc44 Code cosmetics 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
312010e6e9 Factor common parent checking code 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
f93a3c4335 Check the CA bit on trusted CAs too 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
99d4f19111 Add keyUsage checking for CAs 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
3fed0b3264 Factor some common code in x509_verify{,_child} 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2 Check keyUsage in SSL client and server 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
603116c570 Add x509_crt_check_key_usage() 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
2abed84225 Specific return code for PK sig length mismatch 2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard
35e95ddca4 Add special return code for ecdsa length mismatch 2014-04-09 15:49:59 +02:00
Paul Bakker
ddd427a8fc Fixed spacing in entropy_gather() 2014-04-09 15:49:57 +02:00
Paul Bakker
75342a65e4 Fixed typos in code 2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard
0f79babd4b Disable timing_selftest() for now 2014-04-09 15:49:51 +02:00
Paul Bakker
17b85cbd69 Merged additional tests and improved code coverage 
Conflicts:
	ChangeLog
 2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f Prevent potential NULL pointer dereference in ssl_read_record() 2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard
8c045ef8e4 Fix embarrassing X.509 bug introduced in 9533765 2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard
f6521de17b Add ALPN tests to ssl-opt.sh 
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
 2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae Implement ALPN server-side 2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
0b874dc580 Implement ALPN client-side 2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
0148875cfc Add tests and fix bugs for RSA-alt contexts 2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
7e250d4812 Add ALPN interface 2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard
79e58421be Also test net_usleep in timing_selttest() 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33 Add test for dhm_parse_dhmfile 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
7afdb88216 Test and fix x509_oid functions 2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
d6aebe108a Add 'volatile' to hardclock()'s asm 
Prevents calls from being optimised away in timing_self_test().
(Should no be a problem for calls from other files.)
 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
13a1ef8600 Misc selftest adjustements 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5 Add timing_self_test() with consistency tests 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
487588d0bf Whitespace fixes 2014-04-04 16:33:01 +02:00
Paul Bakker
e4205dc50a Merged printing of X509 extensions 2014-04-04 15:36:10 +02:00
Paul Bakker
5ff3f9134b Small fix for EFI build under Windows in x509_crt.c 2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard
0db29b05b5 More compact code using macros 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0 x509_crt_info() list output cosmectics 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3 Print extended key usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318 Print key_usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855 Print subject alt name in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829 Print NS Cert Type in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f Start printing extensions in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
74bc68ac62 Fix default #define for malloc/free 2014-04-02 13:20:00 +02:00
Paul Bakker
75a2860f26 Potential memory leak in mpi_exp_mod() when error occurs during 
calculation of RR.
 2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard
dd75c3183b Remove potential timing leak in ecdsa_sign() 2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard
5b8c409f53 Fix a warning (theoretical uninitialised variable) 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
969ccc6289 Fix length checking of various ClientKeyExchange's 2014-03-27 21:10:56 +01:00
Paul Bakker
96d5265315 Made ready for release 1.3.5 2014-03-26 16:55:50 +01:00
Paul Bakker
5fff23b92a x509_get_current_time() uses localtime_r() to prevent thread issues 2014-03-26 15:34:54 +01:00
Paul Bakker
4c284c9141 Removed LCOV directives from code 2014-03-26 15:33:05 +01:00
Paul Bakker
77f4f39ea6 Make sure no random pointer occur during failed malloc()'s 2014-03-26 15:30:20 +01:00
Paul Bakker
db1f05985e Add a check for buffer overflow to pkcs11_sign() 
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.

An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)

As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
 2014-03-26 15:14:21 +01:00
Paul Bakker
91c61bc4fd Further tightened the padlen check to prevent underflow / overflow 2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
c042cf0013 Fix broken tests due to changed error code 
Introduced in 5246ee5c59
 2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb Fix possible buffer overflow with PSK 2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard
fdddac90a6 Fix stupid bug in rsa_copy() 2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard
f84f799bcf Tune debug_print_ret format 2014-03-26 12:58:46 +01:00
Paul Bakker
b13d3ffb80 Provide no info from entropy_func() on future entropy 2014-03-26 12:51:25 +01:00
Paul Bakker
66ff70dd48 Support for seed file writing and reading in Entropy 2014-03-26 11:58:07 +01:00
Paul Bakker
3f0be61a27 Merged support for parsing EC keys that use SpecifiedECDomain 2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard
9592485d0c Fix some MSVC12 conversion warnings 2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard
3b6269aa08 Fix warnings on MinGW 2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard
6fac3515d0 Make support for SpecifiedECDomain optional 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
5246ee5c59 Work around compressed EC public key in some cases 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
eab20d2a9c Implement parsing SpecifiedECParameters 2014-03-19 15:51:12 +01:00
Paul Bakker
6c1f69b879 MinGW32 static build should link to windows libs and libz 2014-03-17 15:11:13 +01:00
Paul Bakker
3d6504a935 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard
2eea29238c Make the compiler work-around more specific 2014-03-14 18:23:26 +01:00
Paul Bakker
a4b0343edf Merged massive SSL Testing improvements 2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
bb8661e006 Work around a compiler bug on OS X. 2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard
d701c9aec9 Fix memory leak in server with expired tickets 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
84c30c7e83 Fix memory leak in ssl_cache 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
145dfcbfc2 Fix bug with NewSessionTicket and non-blocking I/O 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
96ea2f2557 Add tests for SNI 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
8520dac292 Add tests for auth_mode 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
da6b4d3e8c Change RSA embedded cert to a localhost cert 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
dfbf9c711d Fix bug in m_sleep() 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
274a12e17c Fix bug with ssl_cache and max_entries=0 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
f7c52014ec Add basic tests for session resumption 2014-03-14 08:41:00 +01:00
hasufell
3c6409b066 CMake: allow to build both shared and static at once 
This allows for more fine-grained control. Possible combinations:
  * static off, shared on
  * static on, shared off
  * static on, shared on

The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.

Default is: only build static lib.
 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9a6e93e7a4 Reserve -1 as an error code (used in programs) 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
844a4c0aef Fix RSASSA-PSS example programs 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
83cdffc437 Forbid sequence number wrapping 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
3c599f11b0 Avoid possible segfault on bad server ciphersuite 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25 Reject certs and CRLs from the future 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
6304f786e0 Add x509_time_future() 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c Fix depend issues in test suites for cipher modes 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
1ec220b002 Add missing #ifdefs in aes.h 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
648656a628 Fix error code in dhm_selftest() 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff Countermeasure against "triple handshake" attack 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
fdf3f0e671 Avoid "unreachable code" warning 2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard
2a2ae642d8 Fix forgotten curves in #ifdef 2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard
6b1e207081 Fix verion-major intolerance 2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard
c9093085ed Revert "Merged RSA-PSS support in Certificate, CSR and CRL" 
This reverts commit ab50d8d30c, reversing
changes made to e31b1d992a.
 2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard
6df09578bb Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic" 
This reverts commit 9eae7aae80.
 2014-02-12 09:29:05 +01:00
Paul Bakker
f2561b3f69 Ability to provide alternate timing implementation 2014-02-06 15:32:26 +01:00
Paul Bakker
47703a0a80 More entropy functions made thread-safe (add_source, update_manual, gather) 2014-02-06 15:01:20 +01:00
Paul Bakker
9eae7aae80 Mutex call in x509_crt.c depended on PTHREAD specific instead of generic 
threading
 2014-02-06 14:51:53 +01:00
Paul Bakker
6a28e722c9 Merged platform compatibility layer 2014-02-06 13:44:19 +01:00
Paul Bakker
0910f32ee3 Fixed compile warning (in test-ref-configs) 2014-02-06 13:41:18 +01:00
Paul Bakker
119602bdde Typo fix in memory_buffer_alloc.c 2014-02-06 13:20:19 +01:00
Paul Bakker
defc0ca337 Migrated the Memory layer to the Platform layer 
Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make
sure current code will not break on new version.
 2014-02-06 13:20:17 +01:00
Paul Bakker
7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Paul Bakker
747a83a0f7 Platform abstraction layer for memory, printf and fprintf 2014-02-06 13:15:25 +01:00
Paul Bakker
ab50d8d30c Merged RSA-PSS support in Certificate, CSR and CRL 2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard
f07031aa98 debug_ecp: don't print Z, always 1 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
f6dc5e1d16 Remove temporary debug code 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc Print curve name instead of size in debugging 
Also refactor server-side curve selection
 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ab24010b54 Enforce our choice of allowed curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7f38ed0bfa ssl_set_curves is no longer ECDHE only 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
cd49f76898 Make ssl_set_curves() work client-side too. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ac7194133e Renamings and other fixes 2014-02-06 10:28:38 +01:00
Gergely Budai
e40c469ad3 The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[]. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85 Rename ecdh_curve_list to curve_list 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563 Make ssl_set_ecdh_curves() a compile-time option 2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
fbf0915404 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-02-05 17:01:24 +01:00
Paul Bakker
5fb8efe71e Merged HMAC-DRBG code 2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard
6e8e34d61e Fix ecp_gen_keypair() 
Too few tries caused failures for some curves (esp. secp224k1)
 2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard
b05db2a6aa Save memory by not storing the HMAC key 2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard
cf38367f45 Fix HMAC_DRBG and RIPEMD160 error codes 2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard
446ee6618f Add LCOV_EXCLUDE_LINE on some IO errors 2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard
b3b205e081 Clean up details in ctr_drbg_selftest() 2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard
79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
48bc3e81da Add hmac_drbg_{write,update}_seed_file() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
efc8d8078b Use safer names for macros 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
6e897c2a59 Add more checks and references 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
d742a032f4 Use md_hmac_reset() when possible 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
658dbed080 Add automatic periodic reseeding 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
af786ff6cc Add hmac_drbg_set_prediction_resistance() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
8fc484d1df Add hmac_drbg_reseed() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
4e669c614d Add hmac_drbg_set_entropy_len() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
fe34a5fb83 Add entropy callbacks to HMAC_DRBG 2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard
8208d167da Add hmac_random_with_add() 2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard
7845fc06c9 Use new HMAC_DRBG module for deterministic ECDSA 2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard
490bdf3928 Add minimalistic HMAC_DRBG implementation 
(copied from ECDSA)
 2014-01-30 10:58:48 +01:00
Paul Bakker
2aca241425 Ready for release 1.3.4 2014-01-27 11:59:30 +01:00
Paul Bakker
42099c3155 Revert "Add pk_rsa_set_padding() and rsa_set_padding()" 
This reverts commit b4fae579e8.

Conflicts:
	library/pk.c
	tests/suites/test_suite_pk.data
	tests/suites/test_suite_pk.function
 2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard
27b93ade6e Factor common code for printing sig_alg 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5cac583482 Factor out some common code 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
41cae8e1f9 Parse CSRs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5eeb32b552 Parse CRLs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
ce7c6fd433 Fix dependencies 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b7de86d834 More checks for length match in rsassa-pss params 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
3c1e8b539c Finish parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d9fd87be33 Start parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b1d4eb16e4 Basic parsing of certs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Paul Bakker
556efba51c Added AES CFB8 mode 2014-01-24 15:38:12 +01:00
Paul Bakker
80025417eb net_is_block() renamed to net_would_block() and corrected behaviour on 
non-blocking sockets

net_would_block() now does not return 1 if the socket is blocking.
 2014-01-23 21:00:57 +01:00
Paul Bakker
c2024f4592 Added MPI_CHK around unguarded mpi calls 2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard
8e205fc0bc Fix potential buffer overflow in suported_curves_ext 2014-01-23 17:27:10 +01:00
Paul Bakker
9f3c7d7278 Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det() 2014-01-23 16:11:14 +01:00
Paul Bakker
18e9f3282b Added missing static to md_info_by_size() in ecdsa.c 2014-01-23 16:08:38 +01:00
Paul Bakker
bf98c3dd11 Merged deterministic ECDSA 
Conflicts:
	library/ecdsa.c
 2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard
dfab4c1193 Add forgotten #ifdef and depends_on 2014-01-22 16:01:06 +01:00
Paul Bakker
5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc Merged support for secp224k1, secp192k1 and secp25k1 2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8 Add pk_rsa_set_padding() and rsa_set_padding() 2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
7c59363a85 Remove a few dead stores 2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard
9e987edf9f Fix potential memory leak in bignum selftest 2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard
fd6a191381 Fix misplaced initialisation. 
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
 2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard
073f0fa2fb Fix missing error checking in gcm 2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard
280f95bd00 Add #ifs arround ssl_ciphersuite_uses_XXX() 2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard
7cfdcb8c7f Add a length check in ssl_derive_keys() 2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard
9af7d3a35b Add fast reduction for the other Koblitz curves 2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard
8887d8d37c Add mod_p256k1 
Makes secp256k1 about 4x faster
 2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard
ea499a7321 Add support for secp192k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
0a56c2c698 Fix bug in ecdh_calc_secret() 
Only affects curves with nbits != pbits (currently only secp224k1)
 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
5304812b2d Fix theoretical compliance issue in ECDSA 
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d Add support for secp224k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b Add RIPEMD-160 to the generic MD layer 2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34 Add HMAC support to RIPEMD-160 2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
cab4a8807c Add RIPEMD-160 (core functions) 2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard
9bcff3905b Add OIDs and TLS IDs for prime Koblitz curves 2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard
f51c8fc353 Add support for secp256k1 arithmetic 2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
65ad3e4daf Use deterministic ECDSA in the PK layer 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
5e6edcfd96 Add fallback for md_alg == NONE to ecdsa_sign_det() 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
937340bce0 Add ecdsa_write_signature_det() 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
f42bca6da0 Little HMAC_DRBG refactoring 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27 Add ecdsa_sign_det() with test vectors 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
461d416892 Add minified HMAC_DRBG for deterministic ECDSA 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
e7072f8d11 Fix theoretical compliance issue in ECDSA 
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
c9573998ca Fix unchecked error codes in ecp_gen_keypair() 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
79f73b96d9 Remove bias in EC private key generation 2014-01-06 10:19:35 +01:00
Paul Bakker
c78c8422c2 Added failure stub for uninitialized POLARSSL_THREADING_ALT functions 2013-12-31 11:55:27 +01:00
Paul Bakker
a8fd3e31ed Removed POLARSSL_THREADING_DUMMY option 2013-12-31 11:54:08 +01:00
Paul Bakker
4de44aa0ae Rewrote check to prevent read of uninitialized data in 
rsa_rsassa_pss_verify()
 2013-12-31 11:43:01 +01:00
Paul Bakker
6992eb762c Fixed potential overflow in certificate size in ssl_write_certificate() 2013-12-31 11:38:33 +01:00
Paul Bakker
6ea1a95ce8 Added missing MPI_CHK() around some statements 2013-12-31 11:17:14 +01:00
Paul Bakker
5bc07a3d30 Prepped for 1.3.3 2013-12-31 10:57:44 +01:00
Paul Bakker
00f5c52bfe Added cast to socket() return value to prevent Windows warning 2013-12-31 10:45:16 +01:00
Paul Bakker
c73879139e Merged ECP memory usage optimizations 2013-12-31 10:33:47 +01:00
Paul Bakker
53e1513fea Initialize ebx and edx in padlock functions 2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard
26bc1c0f5d Fix a few unchecked return codes in EC 2013-12-30 19:33:33 +01:00
Paul Bakker
93759b048f Made AES-NI bit-size specific key expansion functions static 2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard
9e4191c3e7 Add another option to reduce EC memory usage 
Also document speed/memory trade-offs better.
 2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard
70896a023e Add statistics about number of allocated blocks 2013-12-30 19:16:05 +01:00
Paul Bakker
ec4bea7eee Forced cast to unsigned int for %u format in ecp_selftest() 2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard
1f789b8348 Lessen peak memory usage in EC by freeing earlier 
Cuts peak usage by 25% :)
 2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard
72c172a13d Save some small memory allocations inside ecp_mul() 2013-12-30 16:04:55 +01:00
Paul Bakker
f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker
92bcadb110 Removed 'z' length modifier from low-value size_t in ecp_selftest() 2013-12-30 15:37:17 +01:00
Paul Bakker
e7f5133590 Fixed superfluous return value in aesni.c 2013-12-30 15:32:02 +01:00
Paul Bakker
0d0de92156 Only specify done label in aes.c when AES-NI is possible 2013-12-30 15:29:04 +01:00
Paul Bakker
956c9e063d Reduced the input / output overhead with 200+ bytes and covered corner 
case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
 2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard
d4588cfb6a aesni_gcm_mult() now returns void 2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard
bfa3c9a85f Remove temporary code 2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard
23c2f6fee5 Add AES-NI key expansion for 192 bits 2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard
4a5b995c26 Add AES-NI key expansion for 256 bits 2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard
47a3536a31 Add AES-NI key expansion for 128 bits 2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard
01e31bbffb Add support for key inversion using AES-NI 2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard
80637c7520 Use aesni_gcm_mult() if available 2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard
d333f67f8c Add aesni_gcm_mult() 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
9d57482280 Add comments on GCM multiplication 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
8eaf20b18d Allow detection of CLMUL 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
5b685653ef Add aesni_crypt_ecb() and use it 2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard
92ac76f9db Add files for (upcoming) AES-NI support 2013-12-25 13:03:26 +01:00
Paul Bakker
1e5369c7fa Variables in proper block or within proper defines in ssl_decrypt_buf() 2013-12-19 16:40:57 +01:00
Paul Bakker
0c0476f92d Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED 2013-12-19 16:20:53 +01:00
Paul Bakker
1a56fc96a3 Fixed x509_crt_parse_path() bug on Windows platforms 2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard
1321135758 Fix MingW version issue 2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard
ee5db1d6b9 Fix typo in previous commit 2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard
6a398d4234 Add missing header for windows 2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard
173402bb61 net_prepare() returns int 2013-12-17 15:57:05 +01:00
Paul Bakker
5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard
fd6b4cc1db Add forgotten SO_REUSEADDR option 2013-12-17 13:59:01 +01:00
Paul Bakker
5ab68ba679 Merged storing curves fully in ROM 2013-12-17 13:11:18 +01:00
Paul Bakker
fdf946928d Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites 2013-12-17 13:10:27 +01:00
Paul Bakker
77e257e958 Fixed bad check for maximum size of fragment length index 2013-12-17 13:09:12 +01:00
Paul Bakker
6c21276342 Place olen initalization after reference check in cipher_update() 2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f Potential memory leak in ssl_ticket_keys_init() 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
6e315a9009 Adapt net_accept() to IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
389ce63735 Add IPv6 support to net_bind() 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
10934de1ca Adapt net_connect() for IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
2e5c3163db Factor our some code in net.c 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
5538970d32 Add server support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
d18cc57962 Add client-side support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
cdff3cfda3 Add ecdh_get_params() to import from an EC key 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
25781b22e3 Add ECDH_RSA and ECDH_ECDSA ciphersuites 
(not implemented yet)
 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
69ab354239 Fix bug from stupid typo 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
14a96c5d8b Avoid wasting memory with some curves 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
95b45b7bb2 Rename macros 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
baee5d4157 Add previously forgotten #ifdef's 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
81e1b102dc Rm a few unneeded variables 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
1f82b041e7 Adapt ecp_group_free() to static constants 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
73cc01d7fa Remove last non-static parts of known EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
731d08b406 Start using constants from ROM for EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef Fix SSLv3 handling of SHA-384 suites 
Fixes memory corruption, introduced in
a5bdfcd (Relax some SHA2 ciphersuite's version requirements)
 2013-12-17 10:18:25 +01:00
Paul Bakker
fef3c5a652 Fixed typo in POLARSSL_PKCS1_V15 in rsa.c 2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard
93f41dbdfd Fix possible issue in corner-case for ecp_mul_mx() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7a949d3f5b Update comments 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
d962273594 Add #ifdef's for curve types 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7c94d8bcab WIP #ifdef's 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
b6f45a616c Avoid potential leak in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a60fe8943d Add mpi_safe_cond_swap() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
97871ef236 Some operations are not supported with Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
3d7053a2bb Add ecp_mod_p255(): Curve25519 about 4x faster now 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
357ff65a51 Details in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
fe0af405f9 Adapt ecp_gen_keypair() to Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a0179b8c4a Change ecp_mul to handle Curve25519 too 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
312d2e8ea2 Adapt key checking functions for Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
661536677b Add Curve25519 to known groups 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3afa07f05b Add coordinate randomization for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
d9ea82e7d9 Add basic arithmetic for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3c0b4ea97e Rename a few functions 2013-12-05 15:58:37 +01:00
Paul Bakker
498fd354c6 Added missing inline definition for other platforms to ecp_curves.c 2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard
d5e0fbe1a3 Remove now useless function 2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard
3ee90003c9 Make internal functions static again + cosmetics 2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard
9854fe986b Convert curve constants to binary 
Makes source longer but resulting binary smaller
 2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard
32b04c1237 Split ecp.c 2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard
43863eeffc Declare internal variables static in ecp.c 2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard
d35e191434 Drop useless include in ecp.c 2013-12-02 16:34:24 +01:00
Paul Bakker
9dc53a9967 Merged client ciphersuite order preference option 2013-12-02 14:56:27 +01:00
Paul Bakker
014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Paul Bakker
4040d7e95c Merged more constant-time checking in RSA 2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245 Add option to respect client ciphersuite order 2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
011a8db2e7 Complete refactoring of ciphersuite choosing 2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard
3252560e68 Move some functions up 2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard
59b81d73b4 Refactor ciphersuite selection for version > 2 2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b Add ecp_curve_info_from_name() 2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6 Add ecp_genkey(), prettier wrapper 2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
27290daf3b Check PKCS 1.5 padding in a more constant-time way 
(Avoid branches that depend on secret data.)
 2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard
ab44d7ecc3 Check OAEP padding in a more constant-time way 2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard
a5cfc35db2 RSA-OAEP decrypt: reorganise code 2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard
5ad68e42e5 Mutex x509_crt_parse_path() when pthreads is used 2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard
964bf9b92f Quit using readdir_r() 
Prone to buffer overflows on some platforms.
 2013-11-28 18:07:39 +01:00
Paul Bakker
76f03118c4 Only compile with -Wmissing-declarations and -Wmissing-prototypes in 
library, not tests and programs
 2013-11-28 17:20:04 +01:00
Paul Bakker
88cd22646c Merged ciphersuite version improvements 2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard
da1ff38715 Don't accept CertificateRequest with PSK suites 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41 Add missing defines/cases for RSA_PSK key exchange 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
c57b654a3e Use t_uint rather than uintXX_t when appropriate 2013-11-26 15:19:56 +01:00
Paul Bakker
3209ce3692 Merged ECP improvements 2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard
20b9af7998 Fix min_version (TLS 1.0) for ECDHE-PSK suites 2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard
a5bdfcde53 Relax some SHA2 ciphersuite's version requirements 
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)

Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
 2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard
96c7a92b08 Change mpi_safe_cond_assign() for more const-ness 2013-11-25 18:28:53 +01:00
Paul Bakker
e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker
45f457d872 Reverted API change for mpi_is_prime() 2013-11-25 14:26:52 +01:00
Paul Bakker
8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
ddf7615d49 gen_prime: check small primes early (3x speed-up) 2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard
378fb4b70a Split mpi_is_prime() and make its first arg const 2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
0160eacc82 gen_prime: ensure X = 2 mod 3 -> 2.5x speedup 2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard
711507a726 gen_prime: ensure X = 3 mod 4 always (2x speed-up) 2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard
3e3d2b818c Fix bug in mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
918148193d Enhance ecp_selftest 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
d728350cee Make memory access pattern constant 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
aade42fd88 Change method for making M odd in ecp_mul() 
- faster
- avoids M >= N (if m = N-1 or N-2)
 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
36daa13d76 Misc details 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
469a209334 Rm subtraction from ecp_add_mixed() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
01fca5e882 Do point inversion without leaking information 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601 Add mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
44aab79022 Update bibliographic references 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
7f762319ad Use mpi_shrink() in ecp_precompute() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07 Add mpi_shrink() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
e282012219 Spare some memory 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
edc1a1f482 Small code cleanups 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968 Tighten ecp_mul() validity checks 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
09ceaf49d0 Rm multiplication using NAF 
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
04a0225388 Optimize w in the comb method 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
70c14372c6 Add coordinate randomization back 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
c30200e4ce Fix bound issues 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
101a39f55f Improve comb method (less precomputed points) 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca First version of ecp_mul_comb() 2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker
f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters) 
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
 2013-11-21 17:30:23 +01:00
Steffan Karger
c245834bc4 Link against ZLIB when zlib is used 
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
 2013-11-20 16:45:48 +01:00
Steffan Karger
28d81a009c Fix pkcs11.c to conform to PolarSSL 1.3 API. 
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
 2013-11-20 16:13:27 +01:00
Paul Bakker
08b028ff0f Prevent unlikely NULL dereference 2013-11-19 10:42:37 +01:00
Paul Bakker
b076314ff8 Makefile now produces a .so.X with SOVERSION in it 2013-11-05 11:27:12 +01:00
Paul Bakker
f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker
0333b978fa Handshake key_cert should be set on first addition to the key_cert chain 2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185 Added defines around renegotiation code for SSL_SRV and SSL_CLI 2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7 Make ssl_renegotiate the only interface 
ssl_write_hello_request() is no private
 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0 Allow ssl_renegotiate() to be called in a loop 
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c Fix misplaced initialisation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker
0d7702c3ee Minor change that makes life easier for static analyzers / compilers 2013-10-29 16:18:35 +01:00
Paul Bakker
6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker
7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c Fix ECDSA corner case: missing reduction mod N 
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
 2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker
50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker
6a6087e71d Added missing inline definition for MSCV and ARM environments 2013-10-28 18:53:08 +01:00
Paul Bakker
7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard
1001e32d6f Fix return value of ecdsa_from_keypair() 2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard
21ef42f257 Don't select a PSK ciphersuite if no key available 2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Paul Bakker
45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard
e68bf171eb Make get_zeros_padding() constant-time 2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard
6c32990114 Make get_one_and_zeros_padding() constant-time 2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard
d17df51277 Make get_zeros_and_len_padding() constant-time 2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a Make get_pkcs_padding() constant-time 2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9 Fix bad error codes 2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
7109624aef Skip MAC computation/check when GCM is used 2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard
8866591cc5 Don't special-case NULL cipher in ssl_tls.c 2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard
126a66f668 Simplify switching on mode in ssl_tls.c 2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard
98d9a2c061 Fix missing or wrong ciphersuite definitions 2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard
6fb0f745be Rank GCM before CBC in ciphersuite_preference 2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard
8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard
e0dca4ad78 Cipher layer: check iv_len more carefully 2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard
dae7093875 gcm_selftest depends on AES 2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard
87181d1deb Add Camellia-GCM to th cipher layer 2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
13e0d449f7 Add Camellia-GCM test vectors 
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
 2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
9fcceac943 Add a comment about modules coupling 2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard
b21c81fb41 Use less memory in fix_negative() 2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard
cae6f3ed45 Reorganize code in ecp.c 2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard
5779cbe582 Make mod_p{224,256,384] a bit faster 
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
 2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard
c04c530a98 Make NIST curves optimisation an option 2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard
0f9149cb0a Add mod_p384 2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard
ec655c908c Add mod_p256 2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard
210b458ddc Document and slightly reorganize mod_pXXX 2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard
2a08c0debc mod_p224 now working with 8-bit and 16-bit ints 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
a47e7058ea mod_p224 now endian-neutral 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
e783f06f73 Start working on mod_p224 
(Prototype, works only on 32-bit and little-endian 64-bit.)
 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8 Make ecp_mod_p521 a bit faster 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
c9e387ca9e Optimize ecp_modp() 
Makes it 22% faster, for a 5% gain on ecp_mul()
 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd Rework ecp_mod_p192() 
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
 2013-10-23 13:24:55 +02:00
Paul Bakker
6888167e73 Forced cast to prevent MSVC compiler warning 2013-10-15 13:24:01 +02:00
Paul Bakker
5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker
bbc1007c50 Convert SOCKET to int to prevent compiler warnings under MSVC. 
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
 2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0 Fix bug in psk_identity_hint parsing 2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2 Dependency fixes 2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537 Refactor parse_server_key_exchange a bit 2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
ef0eb1ebd8 Add two missing RSA-PSK ciphersuites 2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard
0fae60bb71 Implement RSA-PSK key exchange 2013-10-14 19:34:48 +02:00
Paul Bakker
be089b0483 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2013-10-14 15:51:50 +02:00
Paul Bakker
b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
057e0cf263 Fix ciphersuites dependencies on MD5 and SHA1 2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2 More *-PSK refactoring 2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449 Factor PSK pms computation to ssl_tls.c 2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65 Fix bugs in ECDHE_PSK key exchange 2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
225d6aa786 Add ECDHE_PSK ciphersuites 2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00 Add support for ECDHE_PSK key exchange 2013-10-11 18:16:35 +02:00
Paul Bakker
b887f1119e Removed return from error_strerror() 2013-10-11 15:24:31 +02:00
Paul Bakker
beccd9f226 Explicit void pointer cast for buggy MS compiler 2013-10-11 15:20:27 +02:00
Paul Bakker
5191e92ecc Added missing x509write_crt_set_version() 2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de threading_set_own() renamed to threading_set_alt() 2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51 Better support for MSVC 2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246 Possible naming collision in dhm_context 2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c Fixed const-correctness issues 2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard
ae102995a7 RSA blinding: lock for a smaller amount of time 2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard
4d89c7e184 RSA blinding: check highly unlikely cases 2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard
971f8b84bb Fix compile errors with RSA_NO_CRT 2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard
9654fb156f Fix missing MSVC define 2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard
0cd6f98c0f Don't special-case a = -3, not worth it 2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard
b8012fca5f Adjust dependencies 2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard
48ac3db551 Add OIDs for brainpool curves 2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard
0ace4b3154 Use much less variables in ecp_double_jac_gen() 2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard
1c4aa24df1 Add brainpool support for ecp_mul() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cd7458aafd Support brainpool curves in ecp_check_pubkey() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
a070ada6d4 Add brainpool curves to ecp_use_kown_dp() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cec4a53c98 Add domain parameters for Brainpool curves 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
8195c1a567 Add identifiers for Brainpool curves 2013-10-10 12:56:00 +02:00
Paul Bakker
c9965dca27 RSA blinding threading support 2013-09-29 15:02:11 +02:00
Paul Bakker
1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker
f4e7dc50ea entropy_func() threading support 2013-09-29 15:02:07 +02:00
Paul Bakker
1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker
c55988406f SSL Cache threading support 2013-09-28 15:24:59 +02:00
Paul Bakker
2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Paul Bakker
bf796acf07 Added implementation for memory_buffer_set_verify() 2013-09-28 11:08:44 +02:00
Paul Bakker
caa3af47c0 Handle missing curve extension correctly in ssl_parse_client_hello() 2013-09-28 11:08:43 +02:00
Paul Bakker
f18084a201 Ready for 1.3.0 release 2013-09-26 10:07:09 +02:00
Paul Bakker
ca9c87ed2b Removed possible cache-timing difference for pad check 2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard
a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard
cb99bdb27e Client: if no cert, send empty cert list 2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard
641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
8372454615 Rework SNI to fix memory issues 2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard
482a2828e4 Offer both EC and RSA in certs.c, RSA first 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
4618459fa1 Update EC certificates in certs.c 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
705fcca409 Adapt support for SNI to recent changes 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
d09453c88c Check our ECDSA cert(s) against supported curves 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f24b4a7316 Interface change in ECP info functions 
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f71e587c5e Fix memory leak in ssl cipher usage 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
834ea8587f Change internal structs for multi-cert support 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
164d894b9a Fix: session start time wasn't set server side 2013-09-23 23:00:50 +02:00
Paul Bakker
3cf63edc44 Typo in Windows error code in x509_crt.c 2013-09-23 15:10:16 +02:00
Paul Bakker
c27c4e2efb Support faulty X509 v1 certificates with extensions 
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
 2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
fe28646f72 Fix references to x509parse in config.h 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
1a483833b3 SSL_TLS doesn't depend on PK any more 
(But PK does depend on RSA or ECP.)
 2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard
34ced2dffe Fix mis-sized buffer 
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
 2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard
a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
4fee79b885 Fix some more depend issues 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
387a211fad Fix some dependencies in tests 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec Fix some dependencies and warnings in small config 2013-09-19 10:49:00 +02:00
Paul Bakker
5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Paul Bakker
6db455e6e3 PSK callback added to SSL server 2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard
ff29f9c825 Compute public key if absent when reading EC key 2013-09-18 16:13:02 +02:00
Manuel Pégourié-Gonnard
da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
dace82f805 Refactor cipher information management 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a310459f5c Fix a few things that broke with RSA compiled out 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
161ef968db Cache pre-computed points for ecp_mul() 
Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a
preparation for fixed-point mult (a few prototypes changed in constness).
 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a79d123a55 Make ecp_supported_curves constant 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
51451f8d26 Replace EC flag with ssl_ciphersuite_uses_ec() 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
c83e418149 Prepare for ECDH point blinding just in case 2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard
c972770f78 Prepare ecp_group for future extensions 2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
456d3b9b0b Make ECP error codes more specific 2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
7038039f2e Dissociate TLS and internal EC curve identifiers 
Allows to add new curves before they get a TLS number
 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
a97c015f89 Rm useless/wrong DHM lenght test 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
4cf0686d6d Remove spurious '+ 3' in ecdsa_write_signature() 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
dd0f57f186 Check key size in cipher_setkey() 2013-09-18 14:34:32 +02:00
Paul Bakker
b6b0956631 Rm of memset instead of x509_crt_init() 2013-09-18 14:32:52 +02:00
Paul Bakker
c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker
9556d3d650 Renamed x509_crt_write.c and x509_csr_write.c 2013-09-18 13:50:13 +02:00
Paul Bakker
ddf26b4e38 Renamed x509parse_* functions to new form 
e.g. x509parse_crtfile -> x509_crt_parse_file
 2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e Generalized function names of x509 functions not parse-specific 
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
 2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211 Renamed X509 / X509WRITE error codes to generic (non-cert-specific) 2013-09-17 14:36:05 +02:00
Paul Bakker
36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker
e9e6ae338b Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug 2013-09-16 22:55:51 +02:00
Paul Bakker
da7711594e Changed pk_parse_get_pubkey() to pk_parse_subpubkey() 2013-09-16 22:45:03 +02:00
Paul Bakker
d1a983fe77 Removed x509parse key functions and moved them to compat-1.2.h 2013-09-16 22:26:53 +02:00
Paul Bakker
7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0 Move *_pemify() function to PEM module 2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker
3e41fe8938 Remove printf when RSA selftest is skipped 2013-09-15 17:42:50 +02:00
Paul Bakker
dce7fdcbc9 Fixed warnings in case POLARSSL_PEM_C is not defined 2013-09-15 17:15:26 +02:00
Paul Bakker
2292d1fad0 Fixed warnings in case POLARSSL_X509_PARSE_C is not defined 2013-09-15 17:06:49 +02:00
Paul Bakker
4606c7317b Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C 2013-09-15 17:04:23 +02:00
Paul Bakker
c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2 Make CBC an option, step 2: cipher layer 2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
f7dc378ead Make CBC an option, step 1: ssl ciphersuites 2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard
b72b4edec1 Fix memory leak in DHM 2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard
4fe9200f47 Fix memory leak in GCM by adding gcm_free() 2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard
735b8fcb0b Fix blunder in 8a109f1 2013-09-13 12:57:23 +02:00
Paul Bakker
9013af76a3 Merged major refactoring of x509write module into development 
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
 2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
bb323ffc7c Complete EC support in x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
53c642504e Use PK internally for x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d Add EC support to x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4 Add test for x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
0088c69fbf Complete x509write_csr support for EC key 
No automated test yet (complicated by the fact that ECDSA signatures are not
deterministic), tested using cert_req (and openssl for verification).
 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
edda9041fc Adapt asn1_write_algorithm_identifier() to params 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e Add EC support to x509write_pubkey 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb Adapt x509write_pubkey interface to use PK 
key_app_writer will be fixed later
 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
8053da4057 x509write_csr() now fully using PK internally 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
d4eb5b5196 Add references 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
27d87fa6c4 Fix many off-by-one errors 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
6dcf0bfcf4 Use x509write_pubkey_der() when applicable 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
5353a03eb9 x509write_csr using PK internally (WIP) 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
85dfe08b31 Merge duplicated else/#else branch 2013-09-12 11:57:00 +02:00
Paul Bakker
18f0341aed Typo in comments in ctr_drbg.c 2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard
da7317ed00 Use asn1_free_named_data_list() when relevant 2013-09-10 15:52:52 +02:00
Paul Bakker
c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7 Merged GCM refactoring into development 
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
 2013-09-10 14:41:05 +02:00
Paul Bakker
2a6a3a7e69 Better checking on cipher_info_from_values() 2013-09-10 14:29:28 +02:00
Paul Bakker
a0558e0484 Check that the cipher GCM receives is a 128-bit-based cipher 2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard
8a109f106d Optimize RSA blinding by caching-updating values 2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard
ea53a55c0f Refactor to prepare for RSA blinding optimisation 2013-09-10 13:55:35 +02:00
Paul Bakker
1c3853b953 oid_get_oid_by_*() now give back oid length as well 2013-09-10 11:43:44 +02:00
Paul Bakker
003dbad250 Fixed file descriptor leak in x509parse_crtpath() 2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8 x509_verify() now case insensitive for cn (RFC 6125 6.4) 2013-09-09 17:21:45 +02:00
Paul Bakker
f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker
d4bf870ff5 Allow spaces after the comma when converting X509 names 2013-09-09 13:59:11 +02:00
Paul Bakker
52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Paul Bakker
5f45e62afe Migrated from x509_req_name to asn1_named_data structure 2013-09-09 12:02:36 +02:00
Paul Bakker
c547cc992e Added generic asn1_free_named_data_list() 2013-09-09 12:01:23 +02:00
Paul Bakker
59ba59fa30 Generalized x509_set_extension() behaviour to asn1_store_named_data() 2013-09-09 11:34:44 +02:00
Paul Bakker
43aff2aec4 Moved GCM to use cipher layer instead of AES directly 2013-09-09 00:10:27 +02:00
Paul Bakker
f46b6955e3 Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode) 2013-09-09 00:08:26 +02:00
Paul Bakker
5e0efa7ef5 Added POLARSSL_MODE_ECB to the cipher layer 2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard
9f5a3c4a0a Fix possible memory error. 2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard
bfb355c33b Fix memory leak on missed session reuse 2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard
bc4b7f08ba Fix possible race in ssl_list_ciphersuites() 
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
 2013-09-08 20:07:48 +02:00
Paul Bakker
9c208aabc8 Use ASN1_UTC_TIME in some cases 2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard
032c34e206 Don't use DH blinding for ephemeral DH 2013-09-07 13:06:27 +02:00
Paul Bakker
15162a054a Writing of X509v3 extensions supported 
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
 2013-09-06 19:27:21 +02:00
Paul Bakker
329def30c5 Added asn1_write_bool() 2013-09-06 16:34:38 +02:00
Paul Bakker
9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
d13a4099dd GCM ciphersuites using only cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
b8bd593741 Restrict cipher_update() for GCM 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
226d5da1fc GCM ciphersuites partially using cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b Cipher: test multiple cycles 
GCM-cipher: just trust the user to call update_ad at the right time
 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae Simplify DH blinding a bit 2013-09-04 17:18:28 +02:00
Paul Bakker
45125bc160 Changes to handle merged enhancements 2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard
143b5028a5 Implement DH blinding 2013-09-04 16:29:59 +02:00
Paul Bakker
c049955b32 Merged new cipher layer enhancements 2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard
2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
ce4112538c Fix RC4 key length in cipher 2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard
83f3fc0d77 Add AES-192-GCM 2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard
43a4780b03 Ommit AEAD functions if GCM not defined 2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
a235b5b5bd Fix iv_len interface. 
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
 2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard
9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
07de4b1d08 Implement randomized coordinates in ecp_mul() 2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard
c75c56fef7 Fix off-by-one error in ecdsa_write_signature() 
Made some signature fail with 521-bit curve
 2013-09-02 16:25:37 +02:00
Paul Bakker
ea6ad3f6e5 ARC4 ciphersuites using only cipher layer 2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard
e09d2f8261 Change ecp_mul() prototype to allow randomization 
(Also improve an error code while at it.)
 2013-09-02 14:29:09 +02:00
Paul Bakker
eb851f6cd5 Merged current cipher enhancements for ARC4 and AES-GCM 2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard
9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Paul Bakker
cca5b81d18 All CBC ciphersuites via the cipher layer 2013-08-31 17:40:26 +02:00
Paul Bakker
da02a7f45e AES_CBC ciphersuites now run purely via cipher layer 2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard
20d6a17af9 Make GCM tag check "constant-time" 2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69 GCM in the cipher layer, step 1 
- no support for additional data
- no support for tag
 2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de Handle NULL as a stream cipher for more uniformity 2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022 Add arc4 support in the cipher layer 2013-08-30 17:11:28 +02:00
Paul Bakker
f451bac000 Blinding RSA only active when f_rng is provided 2013-08-30 15:48:53 +02:00
Paul Bakker
48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker
aab30c130c RSA blinding added for CRT operations 2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation 
Primarily so that rsa_private() receives an RNG for blinding purposes.
 2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker
9659dae046 Some extra code defined out 2013-08-28 16:21:34 +02:00
Manuel Pégourié-Gonnard
c852a68b96 More robust selection of ctx_enc size 2013-08-28 13:13:30 +02:00
Manuel Pégourié-Gonnard
cffe4a65bd Move "constant" code outside a loop 2013-08-28 13:13:20 +02:00
Paul Bakker
577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development 
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
 2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
57a8783364 Make more room for ciphersuites 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
db77175e99 Make ecdsa_verify() return value more explicit 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9cc6f5c61b Fix some hash debugging 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
4bd1284f59 Fix ECDSA hash selection bug with TLS 1.0 and 1.1 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9c9812a299 Fix bug introduced in dbf69cf 
(Was writing outside array bounds.)
 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
df0142bd17 Fix some dependencies in tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
2fb15f694c Un-rename ssl_set_own_cert_alt() 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50 Allow compiling without RSA or DH 
Only library and programs now, need to check test suites later.
 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
ee98f8e7a3 Add EC certificates in certs.c 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
f484282e96 Rm a few unneeded tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
d11eb7c789 Fix sig_alg extension on client. 
Temporary solution on server.
 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b pk_{sign,verify}() now accept hash_len = 0 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1 Use convert functions for SSL_SIG_* and SSL_HASH_* 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
c40b4c3708 Add configuration item for the PK module 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440 Merge code for RSA and ECDSA in SSL 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21 Use the new PK RSA-alt interface 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
12c1ff0ecb Add RSA-alt to the PK layer 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007 Add and use pk_encrypt(), pk_decrypt() 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178 Introduce pk_sign() and use it in ssl 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401 Fix some return values 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77 Add client support for ECDSA client auth 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
abae74c4a0 Add server support for ECDHE_ECDSA key exchange 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e Check key type against selected key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50 Add client support for ECDHE_ECDSA key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394 Refactor ssl_parse_server_key_exchange() a bit 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127 Declare ECDSA key exchange and ciphersuites 
Also fix bug in ssl_list_ciphersuites().

For now, disable it on server.
Client will offer it but fail if server selects it.
 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
0b03200e96 Add server-side support for ECDSA client auth 2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23 Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available 2013-08-27 15:06:54 +02:00
Paul Bakker
9852d00de6 Moved asn1write funtions to use asn1_write_raw_buffer() 2013-08-26 17:56:37 +02:00
Paul Bakker
7accbced87 Doxygen documentation added to asn1write.h 2013-08-26 17:37:18 +02:00
Paul Bakker
f3df61ad10 Generalized PEM writing in x509write module for RSA keys as well 2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker
624d03a3f7 Fixed length of key_usage bitstring to 7 bits 2013-08-26 17:37:18 +02:00
Paul Bakker
1c0e550e21 Added support for Netscape Certificate Types in CSR writing 
Further generalization of extension adding / replacing in the CSR
structure
 2013-08-26 17:37:18 +02:00
Paul Bakker
e5eae76bf0 Generalized the x509write_csr_set_key_usage() function and key_usage 
storage
 2013-08-26 17:37:18 +02:00
Paul Bakker
6db915b5a9 Added asn1_write_raw_buffer() 2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard
0a20171d52 Fix compiler warning from gcc -Os 2013-08-26 14:31:43 +02:00
Manuel Pégourié-Gonnard
70f1768b9d Make two format strings literal 
Fixes clang warning
 2013-08-26 14:31:33 +02:00
Manuel Pégourié-Gonnard
c6554aab3d Check length of session tickets we write 2013-08-26 14:26:33 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker
fde4270186 Added support for writing key_usage extension 2013-08-25 14:47:27 +02:00
Paul Bakker
598e450538 Added asn1_write_bitstring() and asn1_write_octet_string() 2013-08-25 14:46:39 +02:00
Paul Bakker
0e06c0fdb4 Assigned error codes to the error defines 2013-08-25 11:21:30 +02:00
Paul Bakker
82e2945ed2 Changed naming and prototype convention for x509write functions 
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
 2013-08-25 11:01:31 +02:00
Paul Bakker
2130796658 Switched order of storing x509_req_names to match inputed order 2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
fff80f8879 PK: use NULL for unimplemented operations 2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard
f73da02962 PK: change pk_verify arguments (md_info "optional") 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ab46694558 Change pk_set_type to pk_init_ctx for consistency 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ac4cd36297 PK rsa_verify: check signature length 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
15699380e5 Small PK cleanups 
- better error codes
- rm now-useless include
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c PK: rename members for consistency CIPHER, MD 
Also add pk_get_name() to remove a direct access to pk_type
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
09162ddcaa PK: reuse some eckey functions for ecdsa 
Also add some forgotten 'static' while at it.
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
c6ac8870d5 Nicer interface between PK and debug. 
Finally get rid of pk_context.type member, too.
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
b3d9187cea PK: add nice interface functions 
Also fix a const-corectness issue.
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
765db07dfb PK: use alloc and free function pointers 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3053f5bcb4 Get rid of pk_wrap_rsa() 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f8c948a674 Add name and get_size() members in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
835eb59c6a PK: fix support for ECKEY_DH 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f18c3e0378 Add a PK can_do() method and simplify code 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
d73b3c13be PK: use wrappers and function pointers for verify 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f499993cb2 Add ecdsa_from_keypair() 
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
cc0a9d040d Fix const-correctness of rsa_*_verify() 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f84b4d6498 Check sig_pk for signature verification 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
96d5912088 Implement EC cert and crl verification 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
211a64c79f Add eckey to ecdsa conversion in the PK layer 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
b4d69c41f8 Prepare for EC cert & crl validation 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
e09631b7c4 Create ecp_group_copy() and use it 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
8eebd012b9 Add an ecdsa_genkey() function 2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard
b694b4896c Add ecdsa_{read,write}_signature() 2013-08-20 20:04:16 +02:00
Paul Bakker
3a074a7996 Actually skip certificate if we do not understand hash type 2013-08-20 12:45:03 +02:00
Paul Bakker
dc4baf11ab Removed errant printf in x509parse_self_test() 2013-08-20 12:44:33 +02:00
Paul Bakker
42c3ccf36e Fixed potential negative value misinterpretation in load_file() 2013-08-19 14:29:31 +02:00
Paul Bakker
75c1a6f97c Fixed potential heap buffer overflow on large hostname setting 2013-08-19 14:25:29 +02:00
Paul Bakker
694d3aeb47 Fixed potential heap buffer overflow on large file reading 2013-08-19 14:23:38 +02:00
Paul Bakker
5fd4917d97 Add missing ifdefs in ssl modules 2013-08-19 13:30:28 +02:00
Paul Bakker
04376b1419 Fixed memory leak in ssl_parse_server_key_exchange from missing 
md_free_ctx()
 2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard
298aae4524 Adapt core OID functions to embeded null bytes 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
c13c0d4524 Add a length check in rsa_get_pubkey() 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
56a487a17f Minor ecdsa cleanups 
- point_format is of no use
- d was init'ed and free'd twice
 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
686bfae244 Fix memory error in x509_get_attr_type_value 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
ba77bbf840 Fix memory error in asn1_get_alg() 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
06dab806ce Fix memory error in asn1_get_bitstring_null() 
When *len is 0, **p would be read, which is out of bounds.
 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
0b2726732e Fix ifdef conditions for EC-related extensions. 
Was alternatively ECP_C and ECDH_C.
 2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358 Actually use the point format selected for ECDH 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
7b19c16b74 Handle suported_point_formats in ServerHello 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
6b8846d929 Stop advertising support for compressed points 
(We can only write them, not read them.)
 2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker
606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Paul Bakker
f0e39acb58 Fixed unitialized n when resuming a session 2013-08-15 11:40:48 +02:00
Paul Bakker
a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
56dc9e8bba Authenticate session tickets. 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
990c51a557 Encrypt session tickets 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
779e42982c Start adding ticket keys (only key_name for now) 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
306827e3bc Prepare ticket structure for securing 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
593058e35e Don't renew ticket when the current one is OK 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
c086cce3d3 Don't cache empty session ID nor resumed session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7cd5924cec Rework NewSessionTicket handling in state machine 
Fixes bug: NewSessionTicket was ommited in resumed sessions.
 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
3ffa3db80b Fix server session ID handling with ticket 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
72882b2079 Relax limit on ClientHello size 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
609bc81a76 ssl_srv: read & write ticket, unsecure for now 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
94f6a79cde Auxiliary functions to (de)serialize ssl_session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7a358b8580 ssl_srv: write & parse session ticket ext & msg 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
6377e41ef5 Complete client support for session tickets 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7 Parse NewSessionTicket message 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989 ssl_cli: write & parse session ticket extension 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
75d440192c Introduce ticket field in session structure 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
5f280cc6cf Implement saving peer cert as part of session. 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
747180391d Add ssl_get_session() to save session on client 2013-08-14 14:08:03 +02:00
Paul Bakker
48e93c84b7 Made padding modes configurable from config.h 2013-08-14 14:02:48 +02:00
Paul Bakker
1a45d91cf2 Restructured cipher_set_padding_mode() to use switch statement 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
ebdc413f44 Add 'no padding' mode 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95 Add zero padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a Add zeros-and-length (ANSI X.923) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad Add one-and-zeros (ISO/IEC 7816-4) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
b7d24bc7ca Fix bug in get_pkcs_padding(): cannot be 0-length 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
ac56a1aec4 Make cipher_set_padding() actually work 
(Only one padding mode recognized yet.)
 2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5 Add cipher_set_padding() (no effect yet) 
Fix pattern in tests/.gitignore along the way.
 2013-08-14 14:02:46 +02:00
Paul Bakker
0f2f0bfc87 CAMELLIA-based PSK and DHE-PSK ciphersuites added 2013-07-26 15:04:03 +02:00
Paul Bakker
b548d773b3 Fixed memory leak in ecdh_compute_shared() in case of error 2013-07-26 14:22:19 +02:00
Paul Bakker
cca998a4c5 Fixed memory leak in ecdsa_sign() / ecdsa_verify() in case of error 2013-07-26 14:22:16 +02:00
Paul Bakker
1e6a175362 Support for AIX header locations in net.c module 2013-07-26 14:10:22 +02:00
Paul Bakker
52cf16caeb Fixed multiple use of GCM-context bug due to split-up of GCM functions 2013-07-26 13:56:22 +02:00
Paul Bakker
d9ca94a677 Updated merged pk.c and x509parse.c changes with new memory allocation functions 2013-07-25 11:25:09 +02:00
Paul Bakker
8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
277f7f23e2 Implement hmac truncation 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
57c2852807 Added truncated hmac negociation (without effect) 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a Misc minor fixes 
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
 2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
ed4af8b57c Move negotiated max fragment length to session 
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
 2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard
581e6b6d6c Prepare migrating max fragment length to session 
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
 2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard
6b4f237f6a Forbid setting max_frag_len > MAX_CONTENT_LEN 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
30dc7ef3ad Reset max_fragment_length in ssl_session_reset() 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
7bb7899121 Send max_fragment_length extension (server) 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
f11a6d78c7 Rework server extensions writing 2013-07-18 11:23:38 +02:00
Manuel Pégourié-Gonnard
de600e571a Read max_fragment_length extension (client) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
a052849640 Send max_fragment_length extension (client) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
48f8d0dbbd Read max_fragment_length extension (server) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
8b46459ae5 Add ssl_set_max_frag_len() 2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
c2c90031ec Fix pk_set_type() behaviour for unkown type 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
14d8564402 Fix overflow check in oid_get_numeric_string() 
(The fix in 791eed3 was wrong.)
 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
fd5164e283 Fix some more ifdef's RSA/EC, in pk and debug 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
ab2d9836b4 Fix some ifdef's in x509parse 
While at it:
- move _rsa variants systematically after generic functions
- unsplit x509parse_key_pkcs8_encrypted_der() (reverts a5d9974)
 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
96f3a4e1b3 Rm ecp_keypair.alg 
Avoid duplicating information already present in pk_context.
 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
8b863cd641 Merge EC & RSA versions of x509_parse_key() 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
6e88202a95 Merge EC & RSA versions of parse_pkcs8_unencrypted 2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac Some more EC pubkey parsing refactoring 
Fix a bug in pk_rsa() and pk_ec() along the way
 2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
1c808a011c Refactor some EC key parsing code 2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
991d0f5aca Remove rsa member from x509_cert structure 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
ff56da3a26 Fix direct uses of x509_cert.rsa, now use pk_rsa() 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
893879adbd Adapt debug_print_crt() for EC keys 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
5b18fb04ca Fix bug in x509_get_{ecpubkey,subpubkey}() 
- 'p' was not properly updated
- also add a few more checks while at it
 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
360a583029 Adapt x509parse_cert_info() for EC 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
674b2243eb Prepare transition from x509_cert.rsa to pk 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
a155513e7b Rationalize use of x509_get_alg variants 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7a287c409e Rename x509_get_algid() to x509_get_pk_alg() 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7c5819eb1e Fix warnings (enum value missing from switch/case) 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
1e60cd09b0 Expand oid_get_sig_alg() for ECDSA-based algs 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
244569f4b1 Use generic x509_get_pubkey() for RSA functions 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
4fa0476675 Use new x509_get_pubkey() in x509parse_public_key() 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
c296c5925e Introduce generic x509_get_pubkey() 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
094ad9e512 Rename x509_get_pubkey to _rsa and split it up 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
f16ac763f6 Simplify length mismatch check in x509_get_pubkey 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
20c12f6b5f Factor more code into x509_get_pubkey() 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
788db112a5 Get rid of x509_cert.pkoid 
Unused, comment did not match reality, and will soon be superseeded by the
'type' field of the pk_context which will replace rsa_context.
 2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
374e4b87d4 pk_set_type() cannot be used to reset key type 2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
0a64e8f1fd Rework algorithmIdentifier parsing 2013-07-17 15:59:39 +02:00
Paul Bakker
f4a1427ae7 base64_decode() also forcefully returns on dst == NULL 2013-07-16 17:48:58 +02:00
Paul Bakker
61d113bb7b Init and free new contexts in the right place for SSL to prevent 
memory leaks
 2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
7d4e5b739e Simplify password check in pem_read_buffer() 2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
791eed3f33 Fix portability issue in oid_get_numeric_string() 2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
de44a4aecf Rename ecp_check_prvkey with a 'i' for consistency 2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
81c313ccc6 Add #ifdef's on RSA and EC in PK 2013-07-09 10:49:09 +02:00
Manuel Pégourié-Gonnard
1f73a65c06 Fix ommission in pk_free(). 2013-07-09 10:42:13 +02:00
Manuel Pégourié-Gonnard
7a6c946446 Fix error code in pk.h 2013-07-09 10:37:27 +02:00
Manuel Pégourié-Gonnard
8838099330 Add x509parse_{,public}_key{,file}() 
Also make previously public *_ec functions private.
 2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
12e0ed9115 Add pk_context and associated functions 2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
d4ec21dd47 Add a check for multiple curve specification 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
80300ad0d9 Add checks for pk_alg. 
Used to be implicitly done by oid_get_pk_alg().
 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
9c1cf459dd Implement x509parse_key_pkcs8_encrypted_der_ec() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
a5d9974423 Split up x509_parse_pkcs8_encrypted_der() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
416fa8fde5 Implement x509parse_key_pkcs8_unencrypted_der_ec() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f8648d51b1 Fix undocumented feature of pem_read_buffer() 
Used to work only for RSAPrivateKey content, now accepts ECPrivateKey too,
and may even work with similar enough structures when they appear.
 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
e366342233 Implement x509parse_key_sec1_der() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
15e8b82724 Fill in x509parse_key_ec using stub function 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
73c0cda346 Complete x509parse_public_key_ec() 
Warning: due to a bug in oid_descriptor_from_buf(), keys associated to some
curves (secp224r1, secp384r1, secp521r1) are incorrectly rejected,
since their namedCurve OID contains a nul byte.
 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f838eeda09 Add x509_get_ecparams() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f0b30d0542 Add oid_get_ec_grp() and associated data 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
5a9b82e234 Make oid_get_pk_alg handle EC algorithms 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
dffba8f63e Fix bug in oid_get_numeric_string() 
Overflow check was done too early, causing many false positives.
 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
444b42710a Optionally allow parameters in x509_get_tag() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
26833c2fc6 Add stubs for x509parse_key_ec and co. 2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
4250a1f818 Fix a comment and some whitespace 2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83 Add ecp_check_prvkey, with test 
Also group key checking and generation functions in ecp.h and ecp.c.
 2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
b8c6e0e3e9 Add ecp_keypair struct, init/free and constants 2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
7c8934ea0e Add ecdsa_init and ecdsa_free 2013-07-08 15:30:23 +02:00
Paul Bakker
1ef120f5fd Updated buffer-allocator with free-block-list to speed up searches 2013-07-03 17:22:32 +02:00
Paul Bakker
41350a9a7e Fixed spaces in memory_buffer_alloc.c 2013-07-03 17:22:32 +02:00
Paul Bakker
fa9b10050b Also compiles / runs without time-based functions in OS 
Can now run without need of time() / localtime() and gettimeofday()
 2013-07-03 17:22:32 +02:00
Paul Bakker
891998e0c3 Added extra debug information to memory_buffer_alloc_status() 2013-07-03 17:22:31 +02:00
Paul Bakker
bd5524471a Removed memory leak in PKCS#12 code 2013-07-03 17:22:31 +02:00
Paul Bakker
4632083c78 Removed memory leaks in PKCS#5 functions 2013-07-03 17:22:31 +02:00
Paul Bakker
6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker
f863485fea Remove memory leak in PKCS#5 self test 2013-07-03 13:31:52 +02:00
Paul Bakker
abf2f8fcf9 zlib compression/decompression skipped on empty blocks 2013-06-30 14:57:46 +02:00
Paul Bakker
e5bffc319d Removed redundant includes 2013-06-30 14:53:06 +02:00
Paul Bakker
d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly 
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
 2013-06-30 14:34:05 +02:00
Paul Bakker
3866b9f4b5 Removed redundant inclusion 2013-06-30 12:53:14 +02:00
Paul Bakker
fd3eac5786 Cleaned up ECP error codes 2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker
e2ab84f4a1 Renamed error_strerror() to the less conflicting polarssl_strerror() 
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
 2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8 Client and server now filter sent and accepted ciphersuites on minimum 
and maximum protocol version
 2013-06-29 18:35:40 +02:00
Paul Bakker
59c28a2723 SSL v2 handshake should also handle dynamic ciphersuites 2013-06-29 18:35:40 +02:00
Paul Bakker
f8d018a274 Made asn1_get_alg() and asn1_get_alg_null() as generic functions 
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
 2013-06-29 18:35:40 +02:00
Paul Bakker
ce6ae233cb Macro-ized the final internal OID functions 2013-06-29 18:35:40 +02:00
Paul Bakker
47fce02bd8 Defines around module-dependent OIDs 2013-06-29 18:35:40 +02:00
Paul Bakker
7749a22974 Moved PKCS#12 cipher layer based PBE detection to use OID database 2013-06-29 18:32:16 +02:00
Paul Bakker
dd1150e846 Macro-ized single and double attribute functions in OID database 2013-06-28 17:20:22 +02:00
Paul Bakker
bd51ad538d Re-ordered OID internals. Made macro for oid_XXX_from_asn1() functions 2013-06-28 16:54:23 +02:00
Paul Bakker
9b5e885611 PKCS#5 PBES2 now uses OID database for algorithm detection 2013-06-28 16:12:50 +02:00
Paul Bakker
c5a79cca53 Fixed compiler warnings for unused parameter ssl 2013-06-26 15:08:35 +02:00
Paul Bakker
b9d3cfa114 Split up GCM into a start/update/finish cycle 2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a Made ctr_drbg_init_entropy_len() non-static and defined 2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6 Cleanup up non-prototyped functions (static) and const-correctness 
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
 2013-06-25 16:25:17 +02:00
Paul Bakker
169b7f4a13 Fixed gcm.c formatting (removed redundant spaces) 2013-06-25 15:06:54 +02:00
Paul Bakker
bda7cb76fa Fixed minor comment typo 
(cherry picked from commit da7fdbd534cb479d333de4c183cf805736ea3e10)
 2013-06-25 15:06:54 +02:00
Paul Bakker
38b50d73a1 Moved PKCS#12 PBE functions to cipher / md layer where possible 
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).

In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2699bd3da884662f7e56e097a12b1a0)
 2013-06-25 15:06:53 +02:00
Paul Bakker
0e34235644 Fixed values for 2-key Triple DES in cipher layer 
(cherry picked from commit 2be71faae4df9f97a700e7e813dad7b544492339)
 2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb x509parse_crt() and x509parse_crt_der() return X509 password related codes 
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED

Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c755f9fd3c8b755d78d7a92d66245c57)
 2013-06-25 15:06:53 +02:00
Paul Bakker
72823091c2 Removed redundant free()s 
(cherry picked from commit 1fc7dfe2e2c26621b55fcf837a4fba241aba8f06)
 2013-06-25 15:06:53 +02:00
Paul Bakker
cf445ffc4e Added missing free() 
(cherry picked from commit ff3a4b010b24c0293c3cefc1c8582b23775e1870)
 2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates 
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2016dfaff2b48c11f731fc9ccbd7ccf)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
 2013-06-25 15:06:52 +02:00
Paul Bakker
b0c19a4b3d PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated 
old PBKDF2 module.
(cherry picked from commit 19bd297dc896410e0d859729f9e8d4b1e107e6c8)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
 2013-06-25 15:06:52 +02:00
Paul Bakker
fc4f46fa9a Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler 
(cherry picked from commit 52b845be34a6b5cfa48f34bfbcddd83069d8c0c3)
 2013-06-25 15:06:52 +02:00
Paul Bakker
531e294313 Fixed location of brackets in pkcs12.c 
(cherry picked from commit 67812d396cd3c4064f12cbd7dcaa83013136ecf5)
 2013-06-25 15:06:52 +02:00
Paul Bakker
2c8cdd201f x509parse_crtpath() is now reentrant and uses more portable stat() 
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
(cherry picked from commit cbfcaa9206be586f6bf8ac26586cd63a6c8c8e15)
 2013-06-25 15:06:51 +02:00
Paul Bakker
42c6581110 Changed x509parse_crt_der() to support adding to chain. 
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
(cherry picked from commit d6d4109adc01417abde44b3325d8438b584de5e5)
 2013-06-25 15:06:51 +02:00
Paul Bakker
90995b5ce3 Added mechanism to provide alternative cipher / hash implementations 
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043cb7b8b51e69f1de47ab6a2bccead3d)
 2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis 
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a81c7b22271beb58a09b5c756148e62a)

Conflicts:
	scripts/generate_errors.pl
 2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876 Internally split up x509parse_key() 
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6ff7b93f0a231a5a49d98d968c9bcdc)

Conflicts:
	library/x509parse.c
 2013-06-25 15:06:50 +02:00
Paul Bakker
89ecb2d074 ssl_parse_certificate() now calls x509parse_crt_der() directly 
(cherry picked from commit 1922a4e6aade7b1d685af19d4d9339ddb5c02859)
 2013-06-24 19:09:25 +02:00
Paul Bakker
5ed3b34e22 x509parse_crt() now better handles PEM error situations 
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
(cherry picked from commit 6417186365f4a73a719fff754fefe8edcef2bc28)
 2013-06-24 19:09:25 +02:00
Paul Bakker
00b2860e8d pem_read_buffer() already update use_len after header and footer are read 
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e550b548b54603c77585921f442e391)
 2013-06-24 19:09:25 +02:00
Paul Bakker
3c2122ff9d Fixed const correctness issues that have no impact on the ABI 
(cherry picked from commit eae09db9e57b7a342ea15bf57c5c1439c59a2e50)

Conflicts:
	library/gcm.c
 2013-06-24 19:09:24 +02:00
Paul Bakker
2013950545 Secure renegotiation extension should only be sent in case client supports secure renegotiation 
(cherry picked from commit 7c3c3899cf528f00b346f465e69d5a59f9e8410e)
 2013-06-24 19:09:24 +02:00
Paul Bakker
73d4431ccd Fixed parse error in ssl_parse_certificate_request() 2013-05-22 13:56:26 +02:00
Paul Bakker
f6a19bd728 Possible resource leak on FILE* removed in X509 parse 2013-05-14 13:26:51 +02:00
Paul Bakker
c72d3f7d85 Possible resource leak on FILE* removed in CTR_DRBG 2013-05-14 13:22:41 +02:00
Paul Bakker
40afb4ba13 Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487 2013-04-19 22:03:30 +02:00
Paul Bakker
a1bf92ddb4 Added PSK NULL ciphers from RFC4785 2013-04-19 20:47:26 +02:00
Paul Bakker
48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based 
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
 2013-04-19 20:47:26 +02:00
Paul Bakker
188c8de430 Only allow missing SereverKeyExchange message in bare PSK mode 2013-04-19 09:13:37 +02:00
Paul Bakker
e07f41d4be Introduced defines to control availability of specific SSL Key Exchange 
methods.

Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
 2013-04-19 09:08:57 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code 
sizes
 2013-04-18 23:12:34 +02:00
Paul Bakker
73a899a9eb Changed error code message to also cover missing pre-shared key 2013-04-18 23:12:34 +02:00
Paul Bakker
fbb17804d8 Added pre-shared key handling for the server side of SSL / TLS 
Server side handling of the pure PSK ciphersuites is now in the base
code.
 2013-04-18 23:12:33 +02:00
Paul Bakker
70df2fbaa5 Split parts of ssl_parse_client_key_exchange() into separate functions 
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
 2013-04-18 23:12:33 +02:00
Paul Bakker
d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS 
Client side handling of the pure PSK ciphersuites is now in the base
code.
 2013-04-18 23:12:33 +02:00
Paul Bakker
f7abd422dc Removed extra spaces on end of lines 2013-04-16 18:09:45 +02:00
Paul Bakker
29e1f12f6b split parts of ssl_parse_server_key_exchange() into separate functions 
Made ssl_parse_server_dh_params(), ssl_parse_server_ecdh_params() and
ssl_parse_signature_algorihm() in preparation for PSK-related code
 2013-04-16 18:09:45 +02:00
Paul Bakker
8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version. 
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b9d8eafbfa952fca63a04100ed90f69)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
 2013-04-16 18:09:45 +02:00
Paul Bakker
0ecdb23eed Cleanup of the GCM code 
Removed unused variable 'v'

orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
 2013-04-09 11:36:42 +02:00
Paul Bakker
a280d0f2b9 Fixed compiler warning for possible uninitialized ret 2013-04-08 13:40:17 +02:00
Paul Bakker
27714b1aa1 Added Camellia ECDHE-based CBC ciphersuites 
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
 2013-04-07 23:07:12 +02:00
Paul Bakker
bfe671f2d5 Blowfish has default of 128-bit keysize in cipher layer 2013-04-07 22:35:44 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module. 
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
 2013-04-07 22:00:46 +02:00
Paul Bakker
37de6bec16 Const correctness added for asn1write functions 2013-04-07 13:11:31 +02:00
Paul Bakker
3b6a07b745 Prevented compiler warning on uninitialized end 2013-03-21 11:56:50 +01:00