Commit Graph

439 Commits

Author SHA1 Message Date
Paul Bakker
1dc45f15a6 Added MPI_CHK around unguarded mpi calls 2014-07-07 17:46:25 +02:00
Paul Bakker
7837026b91 Remove a few dead stores 2014-07-07 16:01:34 +02:00
Manuel Pégourié-Gonnard
d220f8b709 Fix potential memory leak in bignum selftest 2014-07-07 16:01:33 +02:00
Manuel Pégourié-Gonnard
7fd620b331 Fix misplaced initialisation.
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
2014-07-07 16:01:31 +02:00
Manuel Pégourié-Gonnard
b55f578982 Fix missing error checking in gcm 2014-07-07 16:01:30 +02:00
Paul Bakker
4091141368 Add a length check in ssl_derive_keys() 2014-07-07 16:01:28 +02:00
Paul Bakker
d83584e9aa Fixed potential overflow in certificate size in ssl_write_certificate() 2014-07-07 16:01:11 +02:00
Paul Bakker
78e819698b Added missing MPI_CHK() around some statements 2014-07-07 16:01:10 +02:00
Paul Bakker
40cc914567 Fixed x509_crt_parse_path() bug on Windows platforms 2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard
9975c5d217 Check PKCS 1.5 padding in a more constant-time way
(Avoid branches that depend on secret data.)
2014-07-07 14:38:09 +02:00
Manuel Pégourié-Gonnard
d237d261e5 Check OAEP padding in a more constant-time way 2014-07-07 14:37:56 +02:00
Manuel Pégourié-Gonnard
3411464a64 RSA-OAEP decrypt: reorganise code 2014-07-07 14:37:39 +02:00
Paul Bakker
a1caf6e1e8 SSL now gracefully handles missing RNG 2014-07-07 14:20:52 +02:00
Paul Bakker
c941adba31 Fixed X.509 hostname comparison (with non-regular characters) 2014-07-07 14:17:24 +02:00
Paul Bakker
835481930a Makefile now produces a .so.X with SOVERSION in it 2014-07-07 14:13:54 +02:00
Manuel Pégourié-Gonnard
5c8434cf52 Safer buffer comparisons in the SSL modules 2014-07-07 14:10:07 +02:00
Paul Bakker
c3ec63df42 Minor change that makes life easier for static analyzers / compilers 2014-07-07 14:06:22 +02:00
Paul Bakker
e46b17766c Make get_pkcs_padding() constant-time 2014-07-07 14:04:31 +02:00
Paul Bakker
52cb87beb7 Forced cast to prevent MSVC compiler warning 2014-07-07 13:46:10 +02:00
Paul Bakker
4c9301a7af Convert SOCKET to int to prevent compiler warnings under MSVC.
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2014-07-07 13:44:30 +02:00
Paul Bakker
9ccb2116a7 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2014-07-07 13:43:31 +02:00
Paul Bakker
ff6e24710a RSA blinding: check highly unlikely cases 2014-07-07 13:34:41 +02:00
Paul Bakker
6b06502c4b Changed RSA blinding to a slower but thread-safe version 2013-10-07 12:06:29 +02:00
Paul Bakker
adace27ec9 Prepped for 1.2.10 release 2013-10-04 17:07:26 +02:00
Paul Bakker
2f1481ec73 Additional fixed to rsa.c with regards to blinding 2013-10-04 16:46:21 +02:00
Paul Bakker
62087eed22 Fixed memory leak in rsa.c introduced in 43f9799 2013-10-04 10:57:12 +02:00
Paul Bakker
e45574e7de Prepped for 1.2.9 release 2013-09-25 18:42:42 +02:00
Paul Bakker
915ee19887 Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2 2013-09-23 17:30:26 +02:00
Paul Bakker
43f9799ce6 RSA blinding on CRT operations to counter timing attacks 2013-09-23 11:23:31 +02:00
Paul Bakker
88a2264def Fixed potential file descriptor leaks 2013-09-11 13:31:55 +02:00
Paul Bakker
f65fbee52b x509_verify() now case insensitive for cn (RFC 6125 6.4)
(cherry picked from commit a5943858d8)

Conflicts:
	ChangeLog
	library/x509parse.c
	tests/suites/test_suite_x509parse.data
2013-09-11 13:31:55 +02:00
Paul Bakker
a565aceea1 Fixed potential memory leak when failing to resume a session 2013-09-11 13:31:53 +02:00
Paul Bakker
a13d744d2e Fixed potential heap buffer overflow on large hostname setting
(cherry picked from commit 75c1a6f97c)

Conflicts:
	library/ssl_tls.c
2013-09-11 11:41:41 +02:00
Paul Bakker
fe7c24caa6 Fixed potential negative value misinterpretation in load_file()
(cherry picked from commit 42c3ccf36e)

Conflicts:
	library/x509parse.c
2013-09-11 11:41:41 +02:00
Paul Bakker
433fad261e Removed errant printf in x509parse_self_test()
(cherry picked from commit dc4baf11ab)
2013-09-11 11:32:46 +02:00
Paul Bakker
21360ca4d4 ssl_write_certificate_request() can handle empty ca_chain 2013-06-21 15:11:10 +02:00
Paul Bakker
1d419500b0 Prepared for PolarSSL release 1.2.8 2013-06-19 11:48:04 +02:00
Paul Bakker
da7fdbd534 Fixed minor comment typo 2013-06-19 11:15:43 +02:00
Paul Bakker
14a222cef2 Moved PKCS#12 PBE functions to cipher / md layer where possible
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).

In addition this allows for some PASSWORD_MISMATCH checking
2013-06-18 16:35:48 +02:00
Paul Bakker
2be71faae4 Fixed values for 2-key Triple DES in cipher layer 2013-06-18 16:33:27 +02:00
Paul Bakker
b495d3a2c7 x509parse_crt() and x509parse_crt_der() return X509 password related codes
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED

Rationale: For PKCS#8 encrypted keys the same are returned
2013-06-17 15:58:04 +02:00
Paul Bakker
1fc7dfe2e2 Removed redundant free()s 2013-06-17 15:57:02 +02:00
Paul Bakker
ff3a4b010b Added missing free() 2013-06-17 15:56:12 +02:00
Paul Bakker
1fd4321ba2 PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
2013-06-17 15:14:42 +02:00
Paul Bakker
19bd297dc8 PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module.
2013-06-14 12:06:45 +02:00
Paul Bakker
52b845be34 Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler 2013-06-14 11:37:37 +02:00
Paul Bakker
67812d396c Fixed location of brackets in pkcs12.c 2013-06-14 11:35:09 +02:00
Paul Bakker
cbfcaa9206 x509parse_crtpath() is now reentrant and uses more portable stat()
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
2013-06-13 09:20:25 +02:00
Paul Bakker
d6d4109adc Changed x509parse_crt_der() to support adding to chain.
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
2013-06-13 09:02:09 +02:00
Paul Bakker
4087c47043 Added mechanism to provide alternative cipher / hash implementations
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
2013-06-12 16:57:46 +02:00