Paul Bakker
5fd4917d97
Add missing ifdefs in ssl modules
2013-08-19 13:30:28 +02:00
Paul Bakker
04376b1419
Fixed memory leak in ssl_parse_server_key_exchange from missing
...
md_free_ctx()
2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard
298aae4524
Adapt core OID functions to embeded null bytes
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
c13c0d4524
Add a length check in rsa_get_pubkey()
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
56a487a17f
Minor ecdsa cleanups
...
- point_format is of no use
- d was init'ed and free'd twice
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
686bfae244
Fix memory error in x509_get_attr_type_value
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
ba77bbf840
Fix memory error in asn1_get_alg()
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
06dab806ce
Fix memory error in asn1_get_bitstring_null()
...
When *len is 0, **p would be read, which is out of bounds.
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
0b2726732e
Fix ifdef conditions for EC-related extensions.
...
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358
Actually use the point format selected for ECDH
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
7b19c16b74
Handle suported_point_formats in ServerHello
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
6b8846d929
Stop advertising support for compressed points
...
(We can only write them, not read them.)
2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
606b4ba20f
Session ticket expiration checked on server
2013-08-15 11:42:48 +02:00
Paul Bakker
f0e39acb58
Fixed unitialized n when resuming a session
2013-08-15 11:40:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
56dc9e8bba
Authenticate session tickets.
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
990c51a557
Encrypt session tickets
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
779e42982c
Start adding ticket keys (only key_name for now)
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
306827e3bc
Prepare ticket structure for securing
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37
Fix reusing session more than once
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
593058e35e
Don't renew ticket when the current one is OK
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
c086cce3d3
Don't cache empty session ID nor resumed session
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7cd5924cec
Rework NewSessionTicket handling in state machine
...
Fixes bug: NewSessionTicket was ommited in resumed sessions.
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
3ffa3db80b
Fix server session ID handling with ticket
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
72882b2079
Relax limit on ClientHello size
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
609bc81a76
ssl_srv: read & write ticket, unsecure for now
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
94f6a79cde
Auxiliary functions to (de)serialize ssl_session
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7a358b8580
ssl_srv: write & parse session ticket ext & msg
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
6377e41ef5
Complete client support for session tickets
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7
Parse NewSessionTicket message
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989
ssl_cli: write & parse session ticket extension
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
75d440192c
Introduce ticket field in session structure
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
5f280cc6cf
Implement saving peer cert as part of session.
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
747180391d
Add ssl_get_session() to save session on client
2013-08-14 14:08:03 +02:00
Paul Bakker
48e93c84b7
Made padding modes configurable from config.h
2013-08-14 14:02:48 +02:00
Paul Bakker
1a45d91cf2
Restructured cipher_set_padding_mode() to use switch statement
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
ebdc413f44
Add 'no padding' mode
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95
Add zero padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a
Add zeros-and-length (ANSI X.923) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad
Add one-and-zeros (ISO/IEC 7816-4) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
b7d24bc7ca
Fix bug in get_pkcs_padding(): cannot be 0-length
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
ac56a1aec4
Make cipher_set_padding() actually work
...
(Only one padding mode recognized yet.)
2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5
Add cipher_set_padding() (no effect yet)
...
Fix pattern in tests/.gitignore along the way.
2013-08-14 14:02:46 +02:00
Paul Bakker
0f2f0bfc87
CAMELLIA-based PSK and DHE-PSK ciphersuites added
2013-07-26 15:04:03 +02:00
Paul Bakker
b548d773b3
Fixed memory leak in ecdh_compute_shared() in case of error
2013-07-26 14:22:19 +02:00
Paul Bakker
cca998a4c5
Fixed memory leak in ecdsa_sign() / ecdsa_verify() in case of error
2013-07-26 14:22:16 +02:00
Paul Bakker
1e6a175362
Support for AIX header locations in net.c module
2013-07-26 14:10:22 +02:00
Paul Bakker
52cf16caeb
Fixed multiple use of GCM-context bug due to split-up of GCM functions
2013-07-26 13:56:22 +02:00
Paul Bakker
d9ca94a677
Updated merged pk.c and x509parse.c changes with new memory allocation functions
2013-07-25 11:25:09 +02:00
Paul Bakker
8c1ede655f
Changed prototype for ssl_set_truncated_hmac() to allow disabling
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
277f7f23e2
Implement hmac truncation
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
57c2852807
Added truncated hmac negociation (without effect)
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0
Add interface for truncated hmac
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
ed4af8b57c
Move negotiated max fragment length to session
...
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard
581e6b6d6c
Prepare migrating max fragment length to session
...
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard
6b4f237f6a
Forbid setting max_frag_len > MAX_CONTENT_LEN
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
30dc7ef3ad
Reset max_fragment_length in ssl_session_reset()
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
7bb7899121
Send max_fragment_length extension (server)
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
f11a6d78c7
Rework server extensions writing
2013-07-18 11:23:38 +02:00
Manuel Pégourié-Gonnard
de600e571a
Read max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
a052849640
Send max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
48f8d0dbbd
Read max_fragment_length extension (server)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
787b658bb3
Implement max_frag_len write restriction
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
8b46459ae5
Add ssl_set_max_frag_len()
2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
c2c90031ec
Fix pk_set_type() behaviour for unkown type
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
14d8564402
Fix overflow check in oid_get_numeric_string()
...
(The fix in 791eed3
was wrong.)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
fd5164e283
Fix some more ifdef's RSA/EC, in pk and debug
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
ab2d9836b4
Fix some ifdef's in x509parse
...
While at it:
- move _rsa variants systematically after generic functions
- unsplit x509parse_key_pkcs8_encrypted_der() (reverts a5d9974
)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
96f3a4e1b3
Rm ecp_keypair.alg
...
Avoid duplicating information already present in pk_context.
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
8b863cd641
Merge EC & RSA versions of x509_parse_key()
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
6e88202a95
Merge EC & RSA versions of parse_pkcs8_unencrypted
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac
Some more EC pubkey parsing refactoring
...
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
1c808a011c
Refactor some EC key parsing code
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
991d0f5aca
Remove rsa member from x509_cert structure
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
ff56da3a26
Fix direct uses of x509_cert.rsa, now use pk_rsa()
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
893879adbd
Adapt debug_print_crt() for EC keys
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
5b18fb04ca
Fix bug in x509_get_{ecpubkey,subpubkey}()
...
- 'p' was not properly updated
- also add a few more checks while at it
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
360a583029
Adapt x509parse_cert_info() for EC
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
674b2243eb
Prepare transition from x509_cert.rsa to pk
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
a155513e7b
Rationalize use of x509_get_alg variants
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7a287c409e
Rename x509_get_algid() to x509_get_pk_alg()
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7c5819eb1e
Fix warnings (enum value missing from switch/case)
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
1e60cd09b0
Expand oid_get_sig_alg() for ECDSA-based algs
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
244569f4b1
Use generic x509_get_pubkey() for RSA functions
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
4fa0476675
Use new x509_get_pubkey() in x509parse_public_key()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
c296c5925e
Introduce generic x509_get_pubkey()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
094ad9e512
Rename x509_get_pubkey to _rsa and split it up
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
f16ac763f6
Simplify length mismatch check in x509_get_pubkey
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
20c12f6b5f
Factor more code into x509_get_pubkey()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
788db112a5
Get rid of x509_cert.pkoid
...
Unused, comment did not match reality, and will soon be superseeded by the
'type' field of the pk_context which will replace rsa_context.
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
374e4b87d4
pk_set_type() cannot be used to reset key type
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
0a64e8f1fd
Rework algorithmIdentifier parsing
2013-07-17 15:59:39 +02:00
Paul Bakker
f4a1427ae7
base64_decode() also forcefully returns on dst == NULL
2013-07-16 17:48:58 +02:00
Paul Bakker
61d113bb7b
Init and free new contexts in the right place for SSL to prevent
...
memory leaks
2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
7d4e5b739e
Simplify password check in pem_read_buffer()
2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
791eed3f33
Fix portability issue in oid_get_numeric_string()
2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
de44a4aecf
Rename ecp_check_prvkey with a 'i' for consistency
2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
81c313ccc6
Add #ifdef's on RSA and EC in PK
2013-07-09 10:49:09 +02:00
Manuel Pégourié-Gonnard
1f73a65c06
Fix ommission in pk_free().
2013-07-09 10:42:13 +02:00
Manuel Pégourié-Gonnard
7a6c946446
Fix error code in pk.h
2013-07-09 10:37:27 +02:00
Manuel Pégourié-Gonnard
8838099330
Add x509parse_{,public}_key{,file}()
...
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
12e0ed9115
Add pk_context and associated functions
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
d4ec21dd47
Add a check for multiple curve specification
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
80300ad0d9
Add checks for pk_alg.
...
Used to be implicitly done by oid_get_pk_alg().
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
9c1cf459dd
Implement x509parse_key_pkcs8_encrypted_der_ec()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
a5d9974423
Split up x509_parse_pkcs8_encrypted_der()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
416fa8fde5
Implement x509parse_key_pkcs8_unencrypted_der_ec()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f8648d51b1
Fix undocumented feature of pem_read_buffer()
...
Used to work only for RSAPrivateKey content, now accepts ECPrivateKey too,
and may even work with similar enough structures when they appear.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
e366342233
Implement x509parse_key_sec1_der()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
15e8b82724
Fill in x509parse_key_ec using stub function
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
73c0cda346
Complete x509parse_public_key_ec()
...
Warning: due to a bug in oid_descriptor_from_buf(), keys associated to some
curves (secp224r1, secp384r1, secp521r1) are incorrectly rejected,
since their namedCurve OID contains a nul byte.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f838eeda09
Add x509_get_ecparams()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f0b30d0542
Add oid_get_ec_grp() and associated data
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
5a9b82e234
Make oid_get_pk_alg handle EC algorithms
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
dffba8f63e
Fix bug in oid_get_numeric_string()
...
Overflow check was done too early, causing many false positives.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
444b42710a
Optionally allow parameters in x509_get_tag()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
26833c2fc6
Add stubs for x509parse_key_ec and co.
2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
4250a1f818
Fix a comment and some whitespace
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83
Add ecp_check_prvkey, with test
...
Also group key checking and generation functions in ecp.h and ecp.c.
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
b8c6e0e3e9
Add ecp_keypair struct, init/free and constants
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
7c8934ea0e
Add ecdsa_init and ecdsa_free
2013-07-08 15:30:23 +02:00
Paul Bakker
1ef120f5fd
Updated buffer-allocator with free-block-list to speed up searches
2013-07-03 17:22:32 +02:00
Paul Bakker
41350a9a7e
Fixed spaces in memory_buffer_alloc.c
2013-07-03 17:22:32 +02:00
Paul Bakker
fa9b10050b
Also compiles / runs without time-based functions in OS
...
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
891998e0c3
Added extra debug information to memory_buffer_alloc_status()
2013-07-03 17:22:31 +02:00
Paul Bakker
bd5524471a
Removed memory leak in PKCS#12 code
2013-07-03 17:22:31 +02:00
Paul Bakker
4632083c78
Removed memory leaks in PKCS#5 functions
2013-07-03 17:22:31 +02:00
Paul Bakker
6e339b52e8
Memory-allocation abstraction layer and buffer-based allocator added
2013-07-03 17:22:31 +02:00
Paul Bakker
f863485fea
Remove memory leak in PKCS#5 self test
2013-07-03 13:31:52 +02:00
Paul Bakker
abf2f8fcf9
zlib compression/decompression skipped on empty blocks
2013-06-30 14:57:46 +02:00
Paul Bakker
e5bffc319d
Removed redundant includes
2013-06-30 14:53:06 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
3866b9f4b5
Removed redundant inclusion
2013-06-30 12:53:14 +02:00
Paul Bakker
fd3eac5786
Cleaned up ECP error codes
2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05
Made supported curves configurable
2013-06-29 23:26:34 +02:00
Paul Bakker
e2ab84f4a1
Renamed error_strerror() to the less conflicting polarssl_strerror()
...
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8
Client and server now filter sent and accepted ciphersuites on minimum
...
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
59c28a2723
SSL v2 handshake should also handle dynamic ciphersuites
2013-06-29 18:35:40 +02:00
Paul Bakker
f8d018a274
Made asn1_get_alg() and asn1_get_alg_null() as generic functions
...
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
2013-06-29 18:35:40 +02:00
Paul Bakker
ce6ae233cb
Macro-ized the final internal OID functions
2013-06-29 18:35:40 +02:00
Paul Bakker
47fce02bd8
Defines around module-dependent OIDs
2013-06-29 18:35:40 +02:00
Paul Bakker
7749a22974
Moved PKCS#12 cipher layer based PBE detection to use OID database
2013-06-29 18:32:16 +02:00
Paul Bakker
dd1150e846
Macro-ized single and double attribute functions in OID database
2013-06-28 17:20:22 +02:00
Paul Bakker
bd51ad538d
Re-ordered OID internals. Made macro for oid_XXX_from_asn1() functions
2013-06-28 16:54:23 +02:00
Paul Bakker
9b5e885611
PKCS#5 PBES2 now uses OID database for algorithm detection
2013-06-28 16:12:50 +02:00
Paul Bakker
c5a79cca53
Fixed compiler warnings for unused parameter ssl
2013-06-26 15:08:35 +02:00
Paul Bakker
b9d3cfa114
Split up GCM into a start/update/finish cycle
2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a
Made ctr_drbg_init_entropy_len() non-static and defined
2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6
Cleanup up non-prototyped functions (static) and const-correctness
...
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
169b7f4a13
Fixed gcm.c formatting (removed redundant spaces)
2013-06-25 15:06:54 +02:00
Paul Bakker
bda7cb76fa
Fixed minor comment typo
...
(cherry picked from commit da7fdbd534
)
2013-06-25 15:06:54 +02:00
Paul Bakker
38b50d73a1
Moved PKCS#12 PBE functions to cipher / md layer where possible
...
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).
In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2
)
2013-06-25 15:06:53 +02:00
Paul Bakker
0e34235644
Fixed values for 2-key Triple DES in cipher layer
...
(cherry picked from commit 2be71faae4
)
2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb
x509parse_crt() and x509parse_crt_der() return X509 password related codes
...
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c7
)
2013-06-25 15:06:53 +02:00
Paul Bakker
72823091c2
Removed redundant free()s
...
(cherry picked from commit 1fc7dfe2e2
)
2013-06-25 15:06:53 +02:00
Paul Bakker
cf445ffc4e
Added missing free()
...
(cherry picked from commit ff3a4b010b
)
2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef
PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
...
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2
)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
b0c19a4b3d
PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
...
old PBKDF2 module.
(cherry picked from commit 19bd297dc8
)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
fc4f46fa9a
Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
...
(cherry picked from commit 52b845be34
)
2013-06-25 15:06:52 +02:00
Paul Bakker
531e294313
Fixed location of brackets in pkcs12.c
...
(cherry picked from commit 67812d396c
)
2013-06-25 15:06:52 +02:00
Paul Bakker
2c8cdd201f
x509parse_crtpath() is now reentrant and uses more portable stat()
...
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
(cherry picked from commit cbfcaa9206
)
2013-06-25 15:06:51 +02:00
Paul Bakker
42c6581110
Changed x509parse_crt_der() to support adding to chain.
...
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
(cherry picked from commit d6d4109adc
)
2013-06-25 15:06:51 +02:00
Paul Bakker
90995b5ce3
Added mechanism to provide alternative cipher / hash implementations
...
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043
)
2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
...
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a8
)
Conflicts:
scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876
Internally split up x509parse_key()
...
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6
)
Conflicts:
library/x509parse.c
2013-06-25 15:06:50 +02:00
Paul Bakker
89ecb2d074
ssl_parse_certificate() now calls x509parse_crt_der() directly
...
(cherry picked from commit 1922a4e6aa
)
2013-06-24 19:09:25 +02:00
Paul Bakker
5ed3b34e22
x509parse_crt() now better handles PEM error situations
...
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
(cherry picked from commit 6417186365
)
2013-06-24 19:09:25 +02:00
Paul Bakker
00b2860e8d
pem_read_buffer() already update use_len after header and footer are read
...
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e
)
2013-06-24 19:09:25 +02:00
Paul Bakker
3c2122ff9d
Fixed const correctness issues that have no impact on the ABI
...
(cherry picked from commit eae09db9e5
)
Conflicts:
library/gcm.c
2013-06-24 19:09:24 +02:00
Paul Bakker
2013950545
Secure renegotiation extension should only be sent in case client supports secure renegotiation
...
(cherry picked from commit 7c3c3899cf
)
2013-06-24 19:09:24 +02:00
Paul Bakker
73d4431ccd
Fixed parse error in ssl_parse_certificate_request()
2013-05-22 13:56:26 +02:00
Paul Bakker
f6a19bd728
Possible resource leak on FILE* removed in X509 parse
2013-05-14 13:26:51 +02:00
Paul Bakker
c72d3f7d85
Possible resource leak on FILE* removed in CTR_DRBG
2013-05-14 13:22:41 +02:00
Paul Bakker
40afb4ba13
Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487
2013-04-19 22:03:30 +02:00
Paul Bakker
a1bf92ddb4
Added PSK NULL ciphers from RFC4785
2013-04-19 20:47:26 +02:00
Paul Bakker
48f7a5d724
DHE-PSK based ciphersuite support added and cleaner key exchange based
...
code selection
The base RFC 4279 DHE-PSK ciphersuites are now supported and added.
The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker
188c8de430
Only allow missing SereverKeyExchange message in bare PSK mode
2013-04-19 09:13:37 +02:00
Paul Bakker
e07f41d4be
Introduced defines to control availability of specific SSL Key Exchange
...
methods.
Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
2013-04-19 09:08:57 +02:00
Paul Bakker
ed27a041e4
More granular define selections within code to allow for smaller code
...
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
73a899a9eb
Changed error code message to also cover missing pre-shared key
2013-04-18 23:12:34 +02:00
Paul Bakker
fbb17804d8
Added pre-shared key handling for the server side of SSL / TLS
...
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
70df2fbaa5
Split parts of ssl_parse_client_key_exchange() into separate functions
...
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
2013-04-18 23:12:33 +02:00
Paul Bakker
d4a56ec6bf
Added pre-shared key handling for the client side of SSL / TLS
...
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
f7abd422dc
Removed extra spaces on end of lines
2013-04-16 18:09:45 +02:00
Paul Bakker
29e1f12f6b
split parts of ssl_parse_server_key_exchange() into separate functions
...
Made ssl_parse_server_dh_params(), ssl_parse_server_ecdh_params() and
ssl_parse_signature_algorihm() in preparation for PSK-related code
2013-04-16 18:09:45 +02:00
Paul Bakker
8f4ddaeea9
Ability to specify allowed ciphersuites based on the protocol version.
...
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b
)
Conflicts:
ChangeLog
library/ssl_srv.c
library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker
0ecdb23eed
Cleanup of the GCM code
...
Removed unused variable 'v'
orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
2013-04-09 11:36:42 +02:00
Paul Bakker
a280d0f2b9
Fixed compiler warning for possible uninitialized ret
2013-04-08 13:40:17 +02:00
Paul Bakker
27714b1aa1
Added Camellia ECDHE-based CBC ciphersuites
...
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker
bfe671f2d5
Blowfish has default of 128-bit keysize in cipher layer
2013-04-07 22:35:44 +02:00
Paul Bakker
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
37de6bec16
Const correctness added for asn1write functions
2013-04-07 13:11:31 +02:00
Paul Bakker
3b6a07b745
Prevented compiler warning on uninitialized end
2013-03-21 11:56:50 +01:00
Paul Bakker
d3edc86720
Moved writing of client extensions to separate functions in ssl_cli.c
2013-03-20 16:07:17 +01:00
Paul Bakker
a54e493bc0
Added ECDHE-based SHA256 and SHA384 ciphersuites
...
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
Paul Bakker
b7149bcc90
Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF
2013-03-20 15:30:09 +01:00
Paul Bakker
41c83d3f67
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
...
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743
Merge branch 'ecc-devel-mpg' into development
2013-03-13 16:31:01 +01:00
Paul Bakker
d589a0ddb6
Modified Makefiles to include new files and and config.h to PolarSSL standard
2013-03-13 16:30:17 +01:00
Paul Bakker
68884e3c09
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-03-13 14:48:32 +01:00
Paul Bakker
c9118b433b
Renamed hash structures to ctx
2013-03-13 11:48:39 +01:00
Paul Bakker
09d67258a2
Modified to work in-place
2013-03-13 11:46:00 +01:00
Paul Bakker
92be97b8e6
Align data with future location based on IV size
2013-03-13 11:46:00 +01:00
Paul Bakker
07eb38ba31
Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well
...
Added ssl_hw_record_activate()
2013-03-13 11:44:40 +01:00
Paul Bakker
c7878113cb
Do not set done in case of a fall-through
2013-03-13 11:44:40 +01:00
Paul Bakker
5bd422937a
Reverted commit 186751d9dd
and made out_hdr and out_msg back-to-back again
2013-03-13 11:44:40 +01:00
Paul Bakker
fae35f0601
Functions in cipher_wrap.c marked static
2013-03-13 10:33:51 +01:00
Paul Bakker
d1df02a8a3
Functions inside md_wrap.c now marked static
2013-03-13 10:31:31 +01:00
Paul Bakker
ac0fba5389
Added missing header for MD2 and made code compile with missing header
...
files
2013-03-13 10:28:40 +01:00
Paul Bakker
1bd3ae826c
Added md_process() to MD layer for generic internal access to hash
...
process functions
Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
2013-03-13 10:26:44 +01:00
Paul Bakker
90f042d4cb
Prepared for PolarSSL 1.2.6 release
2013-03-11 11:38:44 +01:00
Paul Bakker
e81beda60f
The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
...
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.
As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993
Re-added support for parsing and handling SSLv2 Client Hello messages
...
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.
It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b
Fixed net_bind() for specified IP addresses on little endian systems
2013-03-06 18:01:03 +01:00
Paul Bakker
926c8e49fe
Fixed possible NULL pointer exception in ssl_get_ciphersuite()
2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5
Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt()
2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b
Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
...
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()
The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3
Added conversion to int for a t_uint value to prevent compiler warnings
...
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1
Made x509parse.c also work with missing hash header files
2013-02-19 13:17:38 +01:00
Paul Bakker
86f04f400b
Fixed comment
2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
Manuel Pégourié-Gonnard
f35b739dff
Add a few check for context validity.
2013-02-11 22:12:39 +01:00
Manuel Pégourié-Gonnard
424fda5d7b
Add ecdh_calc_secret()
2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c
Add ecdh_{make,read}_public()
2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2
Add ecdh_read_params().
2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
13724765b2
Add ecdh_make_server_params (untested yet)
2013-02-10 15:01:54 +01:00
Manuel Pégourié-Gonnard
63533e44c2
Create ecdh_context structure
2013-02-10 14:22:44 +01:00
Manuel Pégourié-Gonnard
98f51815d6
Fix ecp_tls_read_point's signature
2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418
Fix ecp_tls_read_group's signature
2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
46106a9d75
Add tests for (and fix bug in) ecp_tls_write_group
2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675
Fix ecp_tls_write_point's signature
2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
b325887fad
Add ecp_tls_write_group()
2013-02-10 12:06:19 +01:00
Manuel Pégourié-Gonnard
7e86025f32
Rename ecp_*_binary to ecp_point_*_binary
2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22
Supress 'format' argument to ecp_read_binary.
...
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
0079405918
Add functions for read/write ECPoint records
2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00