Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard
480905d563
Fix selection of hash from sig_alg ClientHello ext.
2014-08-30 14:19:59 +02:00
Sander Niemeijer
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard
8ef7088bb9
Use polarssl_zeroize() in asn1parse too
2014-08-21 18:15:09 +02:00
Peter Vaskovic
a676acf66b
Fix missing curly braces.
2014-08-21 17:56:25 +02:00
Manuel Pégourié-Gonnard
a13500fdf7
Fix bug with ssl_close_notify and non-blocking I/O
2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
f07f421759
Fix server-initiated renego with non-blocking I/O
2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard
f26a1e8602
ssl_read() stops returning non-application data
2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard
55e4ff2ace
Tune comments
2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard
462906f955
Do no test net_usleep() when not defined
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
Alfred Klomp
b308dd72d9
timing.c: avoid referencing garbage value
...
Found with Clang's `scan-build` tool.
When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.
Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
2014-08-14 11:34:35 +02:00
Alfred Klomp
7ee55624fb
gcm.c: remove dead store
...
Found with Clang's `scan-build` tool.
The value written to `hi` is never used, resulting in a warning. Remove
the dead store to get rid of the warning.
2014-08-14 11:34:35 +02:00
Alfred Klomp
1b4eda3af9
pkcs5.c: fix dead store: return proper exit status
...
Found with Clang's `scan-build` tool.
The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d77eeeaf6
Fix integer suffix rejected by some MSVC versions
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9a6b442cee
Fix non-blocking sockets in net_accept()
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
a04fa4fa04
RSA-PSK key exchange requires TLS 1.x
...
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
2fbf311391
Fix dependency issue in memory_buffer_alloc
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
97884a31cb
Fix printf format warnings in memory_buffer_alloc
2014-08-14 11:34:33 +02:00
Manuel Pégourié-Gonnard
86bbc7fc30
Fix typo causing compile error with NULL cipher
2014-08-14 11:34:33 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
21e081b068
Prevent (incorrect) compiler warning
2014-07-24 10:38:01 +02:00
Paul Bakker
6c343d7d9a
Fix mpi_write_string() to write "00" as hex output for empty MPI
2014-07-10 15:27:10 +02:00
Paul Bakker
5b11d026cd
Fix dependencies and includes without FS_IO and PLATFORM_C
2014-07-10 15:27:10 +02:00
Manuel Pégourié-Gonnard
b196fc23b1
Fix dhm_selftest() return value
2014-07-09 16:53:29 +02:00
Paul Bakker
968afaa06f
ssl_key_cert not available in all configurations
2014-07-09 11:34:48 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
Paul Bakker
accaffe2c3
Restructure ssl_handshake_init() and small fixes
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
8f870b047c
Add dhm_init()
2014-07-09 10:19:23 +02:00
Paul Bakker
fff0366bba
Add ctr_drbg_free()
2014-07-09 10:19:23 +02:00
Paul Bakker
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
Paul Bakker
c7ea99af4f
Add _init() and _free() for cipher modules
2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard
d27680bd5e
Clarify code using PSK callback
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
0698f7c21a
Rm duplicate entry in oid_md_alg
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
14beb08542
Fix missing const
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
ba782bbc4b
Save some space in ECP curve tables
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
67dbe1ef44
Better length checking in ecp_point_read_binary()
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f
Change selection of hash algorithm for TLS 1.2
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
bd77254b18
md_list() starting with strongest hash
2014-07-08 13:03:02 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Paul Bakker
b9e08b086b
Merge server-side enforced renegotiation requests
2014-07-04 15:01:37 +02:00
Paul Bakker
d598318661
Fix base64_decode() to return and check length correctly
2014-07-04 15:01:00 +02:00
Manuel Pégourié-Gonnard
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
dfc7df0bec
Add SSL_CIPHERSUITES config option
2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard
a9964dbcd5
Add ssl_set_renegotiation_enforced()
2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard
791684c058
Save RAM when only a few ciphersuites are defined
2014-06-30 19:07:01 +02:00
Manuel Pégourié-Gonnard
31855456f9
Fix clang's check mode again
2014-06-25 15:59:50 +02:00
Manuel Pégourié-Gonnard
bee8ded03a
Fix warning depending on configuration
2014-06-25 12:22:59 +02:00
Manuel Pégourié-Gonnard
01edb1044c
Add POLARSSL_REMOVE_RC4_CIPHERSUITES
2014-06-25 11:27:59 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dd0c0f33c0
Better usage of dhm_calc_secret in SSL
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
8df68632e8
Fix bug in DHE-PSK PMS computation
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5c1f032653
Abort handshake if no point format in common
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579
Fix off-by-one error in point format parsing
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
87a8ffeaba
Padlock asm using \n\t too
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
0534fd4c1a
Change asm format to \n\t in aesni.c too
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
03576887c2
Remove misplaced debugging message
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
42b5374523
Switch CCM and GCM in default suite order
...
The upcoming BCP document recommends GCM as the default.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a
Restore ability to trust non-CA selfsigned EE cert
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516
Restore ability to use v1 CA if trusted locally
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
eaa76f7e20
Fix computation of minlen for encrypted packets
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
e800cd81d7
Re-arrange some code in ssl_derive_keys()
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
b46e6adb9c
Check input lengths in GCM
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0bcc4e1df7
Fix length checking for AEAD ciphersuites
2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard
66e20c6318
Fix warning and typo->error.
2014-06-24 17:47:40 +02:00
Manuel Pégourié-Gonnard
ac2ccf897c
Fix CCM ciphersuites definition: PSK <-> DHE-PSK!
2014-06-24 15:48:01 +02:00
Manuel Pégourié-Gonnard
8f625632bb
Fix dependencies: GCM != AEAD != CCM
2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard
5bfd968e01
Fix warning with TLS 1.2 without RSA or ECDSA
2014-06-24 15:18:11 +02:00
Paul Bakker
1c98ff96b5
Merge more test improvements and tests
...
Conflicts:
tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Paul Bakker
91c301abbe
Zeroize values in PKCS#12 operations
2014-06-24 11:09:39 +02:00
Manuel Pégourié-Gonnard
398c57b0b3
Blowfish accepts variable key len in cipher layer
2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard
f3b47243df
Split x509_csr_parse_der() out of x509_csr_parse()
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
4d2a8eb6ff
SSL modules now using x509_crt_parse_der()
...
Avoid uselessly trying to decode PEM.
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
b912616081
Rm unused functions in cipher_wrap
...
You can't initialise a context with DES_CFB or DES_CTR.
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
1c082f34f3
Update description and references for X.509 files
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
edc3ab20e2
Small cleanup: less side-effects
...
pkcs5_parse_pbkdf2_params() used to modify params.p, which does not look
clean, even if the function is static and params.p isn't use afterwards.
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
90dac90f53
Small code simplification in pkcs5_pbes2()
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
66aca931bc
Add tests for pkcs5_pbes2
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
2a8afa98e2
pkcs5_self_test depends on SHA1
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
f3e5c22f4d
Refactor x509_string_to_names(): data in a table
2014-06-23 11:52:58 +02:00
Manuel Pégourié-Gonnard
81754a0c35
Create a 'flags' field in cipher_info
2014-06-23 11:33:18 +02:00
Paul Bakker
66d5d076f7
Fix formatting in various code to match spacing from coding style
2014-06-17 17:06:47 +02:00
Paul Bakker
db20c10423
Add #endif comments for #endif more than 10 lines from #if / #else
2014-06-17 14:34:44 +02:00
Paul Bakker
d8bb82665e
Fix code styling for return statements
2014-06-17 14:06:49 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Paul Bakker
14877e6250
Remove unused 'ret' variable
2014-06-12 23:01:18 +02:00
Paul Bakker
c2ff2083ee
Merge parsing and verification of RSASSA-PSS in X.509 modules
2014-06-12 22:02:47 +02:00
Paul Bakker
508e573231
Merge tests for asn1write, XTEA and Entropy modules
2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard
3ac6a2b9a7
Same as previous commit with Camellia
2014-06-12 21:16:02 +02:00
Manuel Pégourié-Gonnard
afd5a08e33
Minor tune-up in aes code
...
un-duplicate a check, and remove useless default case, mainly so that these
lines don't appear as uncovered
2014-06-12 21:15:55 +02:00
Manuel Pégourié-Gonnard
e1ac0f8c5d
Add back timing selftest with new hardclock test
2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard
7792198a46
Normalize some error messages
2014-06-12 21:15:44 +02:00
Manuel Pégourié-Gonnard
4dd73925ab
Add entropy_self_test()
2014-06-10 15:38:43 +02:00
Paul Bakker
d6917f0eb3
Add LINK_WITH_PTHREAD to CMakeList for explicitly adding pthread linking
2014-06-09 23:46:41 +02:00
Manuel Pégourié-Gonnard
d1539b1e88
Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT
2014-06-06 16:42:37 +02:00