Manuel Pégourié-Gonnard
dd0f57f186
Check key size in cipher_setkey()
2013-09-18 14:34:32 +02:00
Paul Bakker
b6b0956631
Rm of memset instead of x509_crt_init()
2013-09-18 14:32:52 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
9556d3d650
Renamed x509_crt_write.c and x509_csr_write.c
2013-09-18 13:50:13 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e
Generalized function names of x509 functions not parse-specific
...
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211
Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
2013-09-17 14:36:05 +02:00
Paul Bakker
36713e8ed9
Fixed bunch of X509_PARSE related defines / dependencies
2013-09-17 13:25:29 +02:00
Paul Bakker
e9e6ae338b
Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug
2013-09-16 22:55:51 +02:00
Paul Bakker
da7711594e
Changed pk_parse_get_pubkey() to pk_parse_subpubkey()
2013-09-16 22:45:03 +02:00
Paul Bakker
d1a983fe77
Removed x509parse key functions and moved them to compat-1.2.h
2013-09-16 22:26:53 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39
POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C
2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0
Move *_pemify() function to PEM module
2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6
Moved DHM parsing from X509 module to DHM module
2013-09-15 17:43:54 +02:00
Paul Bakker
3e41fe8938
Remove printf when RSA selftest is skipped
2013-09-15 17:42:50 +02:00
Paul Bakker
dce7fdcbc9
Fixed warnings in case POLARSSL_PEM_C is not defined
2013-09-15 17:15:26 +02:00
Paul Bakker
2292d1fad0
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
2013-09-15 17:06:49 +02:00
Paul Bakker
4606c7317b
Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C
2013-09-15 17:04:23 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2
Make CBC an option, step 2: cipher layer
2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
f7dc378ead
Make CBC an option, step 1: ssl ciphersuites
2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard
b72b4edec1
Fix memory leak in DHM
2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard
4fe9200f47
Fix memory leak in GCM by adding gcm_free()
2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard
735b8fcb0b
Fix blunder in 8a109f1
2013-09-13 12:57:23 +02:00
Paul Bakker
9013af76a3
Merged major refactoring of x509write module into development
...
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
bb323ffc7c
Complete EC support in x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2
Add missing f_rng/p_rng arguments to x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
53c642504e
Use PK internally for x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5
Convert x509write_crt interface to PK
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d
Add EC support to x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4
Add test for x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
0088c69fbf
Complete x509write_csr support for EC key
...
No automated test yet (complicated by the fact that ECDSA signatures are not
deterministic), tested using cert_req (and openssl for verification).
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
edda9041fc
Adapt asn1_write_algorithm_identifier() to params
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e
Add EC support to x509write_pubkey
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb
Adapt x509write_pubkey interface to use PK
...
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f
Adapt x509write_csr prototypes for PK
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
8053da4057
x509write_csr() now fully using PK internally
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
d4eb5b5196
Add references
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
27d87fa6c4
Fix many off-by-one errors
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
6dcf0bfcf4
Use x509write_pubkey_der() when applicable
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
5353a03eb9
x509write_csr using PK internally (WIP)
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
85dfe08b31
Merge duplicated else/#else branch
2013-09-12 11:57:00 +02:00
Paul Bakker
18f0341aed
Typo in comments in ctr_drbg.c
2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard
da7317ed00
Use asn1_free_named_data_list() when relevant
2013-09-10 15:52:52 +02:00
Paul Bakker
c0dcf0ceb1
Merged blinding additions for EC, RSA and DHM into development
2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7
Merged GCM refactoring into development
...
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Paul Bakker
2a6a3a7e69
Better checking on cipher_info_from_values()
2013-09-10 14:29:28 +02:00
Paul Bakker
a0558e0484
Check that the cipher GCM receives is a 128-bit-based cipher
2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard
8a109f106d
Optimize RSA blinding by caching-updating values
2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard
ea53a55c0f
Refactor to prepare for RSA blinding optimisation
2013-09-10 13:55:35 +02:00
Paul Bakker
1c3853b953
oid_get_oid_by_*() now give back oid length as well
2013-09-10 11:43:44 +02:00
Paul Bakker
003dbad250
Fixed file descriptor leak in x509parse_crtpath()
2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8
x509_verify() now case insensitive for cn (RFC 6125 6.4)
2013-09-09 17:21:45 +02:00
Paul Bakker
f9f377e652
CSR Parsing (without attributes / extensions) implemented
2013-09-09 15:35:10 +02:00
Paul Bakker
d4bf870ff5
Allow spaces after the comma when converting X509 names
2013-09-09 13:59:11 +02:00
Paul Bakker
52be08c299
Added support for writing Key Usage and NS Cert Type extensions
2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684
Changes x509_csr to x509write_csr
2013-09-09 12:38:45 +02:00
Paul Bakker
5f45e62afe
Migrated from x509_req_name to asn1_named_data structure
2013-09-09 12:02:36 +02:00
Paul Bakker
c547cc992e
Added generic asn1_free_named_data_list()
2013-09-09 12:01:23 +02:00
Paul Bakker
59ba59fa30
Generalized x509_set_extension() behaviour to asn1_store_named_data()
2013-09-09 11:34:44 +02:00
Paul Bakker
43aff2aec4
Moved GCM to use cipher layer instead of AES directly
2013-09-09 00:10:27 +02:00
Paul Bakker
f46b6955e3
Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode)
2013-09-09 00:08:26 +02:00
Paul Bakker
5e0efa7ef5
Added POLARSSL_MODE_ECB to the cipher layer
2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard
9f5a3c4a0a
Fix possible memory error.
2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard
bfb355c33b
Fix memory leak on missed session reuse
2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard
bc4b7f08ba
Fix possible race in ssl_list_ciphersuites()
...
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
2013-09-08 20:07:48 +02:00
Paul Bakker
9c208aabc8
Use ASN1_UTC_TIME in some cases
2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard
032c34e206
Don't use DH blinding for ephemeral DH
2013-09-07 13:06:27 +02:00
Paul Bakker
15162a054a
Writing of X509v3 extensions supported
...
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
329def30c5
Added asn1_write_bool()
2013-09-06 16:34:38 +02:00
Paul Bakker
9397dcb0e8
Base X509 certificate writing functinality
2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
d13a4099dd
GCM ciphersuites using only cipher layer
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
b8bd593741
Restrict cipher_update() for GCM
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
226d5da1fc
GCM ciphersuites partially using cipher layer
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b
Cipher: test multiple cycles
...
GCM-cipher: just trust the user to call update_ad at the right time
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae
Simplify DH blinding a bit
2013-09-04 17:18:28 +02:00
Paul Bakker
45125bc160
Changes to handle merged enhancements
2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard
143b5028a5
Implement DH blinding
2013-09-04 16:29:59 +02:00
Paul Bakker
c049955b32
Merged new cipher layer enhancements
2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard
2d627649bf
Change dhm_calc_secret() prototype
2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
ce4112538c
Fix RC4 key length in cipher
2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard
83f3fc0d77
Add AES-192-GCM
2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard
43a4780b03
Ommit AEAD functions if GCM not defined
2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98
Split tag handling out of cipher_finish()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346
Split cipher_update_ad() out or cipher_reset()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
a235b5b5bd
Fix iv_len interface.
...
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard
9c853b910c
Split cipher_set_iv() out of cipher_reset()
2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
07de4b1d08
Implement randomized coordinates in ecp_mul()
2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard
c75c56fef7
Fix off-by-one error in ecdsa_write_signature()
...
Made some signature fail with 521-bit curve
2013-09-02 16:25:37 +02:00
Paul Bakker
ea6ad3f6e5
ARC4 ciphersuites using only cipher layer
2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard
e09d2f8261
Change ecp_mul() prototype to allow randomization
...
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker
eb851f6cd5
Merged current cipher enhancements for ARC4 and AES-GCM
2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard
9241be7ac5
Change cipher prototypes for GCM
2013-08-31 18:07:42 +02:00
Paul Bakker
cca5b81d18
All CBC ciphersuites via the cipher layer
2013-08-31 17:40:26 +02:00
Paul Bakker
da02a7f45e
AES_CBC ciphersuites now run purely via cipher layer
2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard
20d6a17af9
Make GCM tag check "constant-time"
2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69
GCM in the cipher layer, step 1
...
- no support for additional data
- no support for tag
2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de
Handle NULL as a stream cipher for more uniformity
2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022
Add arc4 support in the cipher layer
2013-08-30 17:11:28 +02:00
Paul Bakker
f451bac000
Blinding RSA only active when f_rng is provided
2013-08-30 15:48:53 +02:00
Paul Bakker
48377d9834
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
2013-08-30 13:41:14 +02:00
Paul Bakker
aab30c130c
RSA blinding added for CRT operations
2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49
Refactored RSA to have random generator in every RSA operation
...
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80
Merged refactored x509write module into development
2013-08-28 16:32:51 +02:00
Paul Bakker
9659dae046
Some extra code defined out
2013-08-28 16:21:34 +02:00
Manuel Pégourié-Gonnard
c852a68b96
More robust selection of ctx_enc size
2013-08-28 13:13:30 +02:00
Manuel Pégourié-Gonnard
cffe4a65bd
Move "constant" code outside a loop
2013-08-28 13:13:20 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
57a8783364
Make more room for ciphersuites
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
db77175e99
Make ecdsa_verify() return value more explicit
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9cc6f5c61b
Fix some hash debugging
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
4bd1284f59
Fix ECDSA hash selection bug with TLS 1.0 and 1.1
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9c9812a299
Fix bug introduced in dbf69cf
...
(Was writing outside array bounds.)
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
df0142bd17
Fix some dependencies in tests
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
2fb15f694c
Un-rename ssl_set_own_cert_alt()
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50
Allow compiling without RSA or DH
...
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
ee98f8e7a3
Add EC certificates in certs.c
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
f484282e96
Rm a few unneeded tests
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
d11eb7c789
Fix sig_alg extension on client.
...
Temporary solution on server.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b
pk_{sign,verify}() now accept hash_len = 0
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
c40b4c3708
Add configuration item for the PK module
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440
Merge code for RSA and ECDSA in SSL
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21
Use the new PK RSA-alt interface
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
12c1ff0ecb
Add RSA-alt to the PK layer
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007
Add and use pk_encrypt(), pk_decrypt()
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178
Introduce pk_sign() and use it in ssl
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401
Fix some return values
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77
Add client support for ECDSA client auth
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
abae74c4a0
Add server support for ECDHE_ECDSA key exchange
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e
Check key type against selected key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50
Add client support for ECDHE_ECDSA key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394
Refactor ssl_parse_server_key_exchange() a bit
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127
Declare ECDSA key exchange and ciphersuites
...
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
0b03200e96
Add server-side support for ECDSA client auth
2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
2013-08-27 15:06:54 +02:00
Paul Bakker
9852d00de6
Moved asn1write funtions to use asn1_write_raw_buffer()
2013-08-26 17:56:37 +02:00
Paul Bakker
7accbced87
Doxygen documentation added to asn1write.h
2013-08-26 17:37:18 +02:00
Paul Bakker
f3df61ad10
Generalized PEM writing in x509write module for RSA keys as well
2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70
Move PEM conversion of DER data to x509write module
2013-08-26 17:37:18 +02:00
Paul Bakker
624d03a3f7
Fixed length of key_usage bitstring to 7 bits
2013-08-26 17:37:18 +02:00
Paul Bakker
1c0e550e21
Added support for Netscape Certificate Types in CSR writing
...
Further generalization of extension adding / replacing in the CSR
structure
2013-08-26 17:37:18 +02:00
Paul Bakker
e5eae76bf0
Generalized the x509write_csr_set_key_usage() function and key_usage
...
storage
2013-08-26 17:37:18 +02:00