Manuel Pégourié-Gonnard
5cac583482
Factor out some common code
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
41cae8e1f9
Parse CSRs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5eeb32b552
Parse CRLs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
ce7c6fd433
Fix dependencies
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
3c1e8b539c
Finish parsing RSASSA-PSS parameters
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d9fd87be33
Start parsing RSASSA-PSS parameters
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b1d4eb16e4
Basic parsing of certs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Paul Bakker
556efba51c
Added AES CFB8 mode
2014-01-24 15:38:12 +01:00
Paul Bakker
bf98c3dd11
Merged deterministic ECDSA
...
Conflicts:
library/ecdsa.c
2014-01-23 15:48:01 +01:00
Paul Bakker
a7eac95cc6
Merged ASM format fixes in bn_mul.h
2014-01-22 14:21:35 +01:00
Paul Bakker
5862eee4ca
Merged RIPEMD-160 support
2014-01-22 14:18:34 +01:00
Paul Bakker
9f4c162df1
Support alternative implementation for RIPEMD-160
...
(POLARSSL_RIPEMD160_ALT)
2014-01-22 14:17:31 +01:00
Paul Bakker
61b699ed1b
Renamed RMD160 to RIPEMD160
2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc
Merged support for secp224k1, secp192k1 and secp25k1
2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8
Add pk_rsa_set_padding() and rsa_set_padding()
2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
ea499a7321
Add support for secp192k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d
Add support for secp224k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b
Add RIPEMD-160 to the generic MD layer
2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34
Add HMAC support to RIPEMD-160
2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
cab4a8807c
Add RIPEMD-160 (core functions)
2014-01-17 14:04:25 +01:00
Paul Bakker
cf1d73b213
Clarified ssl_set_ciphersuites() doc for influencing preference as well
2014-01-14 14:08:13 +01:00
Manuel Pégourié-Gonnard
9bcff3905b
Add OIDs and TLS IDs for prime Koblitz curves
2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard
f51c8fc353
Add support for secp256k1 arithmetic
2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
5af8e64b21
Fix asm format for alpha
2014-01-10 16:03:46 +01:00
Manuel Pégourié-Gonnard
3f687ade1d
Fix asm format for tricore
2014-01-10 16:03:46 +01:00
Manuel Pégourié-Gonnard
1753e2f0a2
Fix asm format for microblaze
2014-01-10 16:03:46 +01:00
Manuel Pégourié-Gonnard
3b05e4cce3
Fix asm format for MC68020
2014-01-10 16:03:46 +01:00
Manuel Pégourié-Gonnard
02d800c151
Fix BN ASM for PowerPC
2014-01-10 16:03:46 +01:00
Manuel Pégourié-Gonnard
8b1b103418
Fix bignum's ASM format for MIPS
2014-01-07 18:31:06 +01:00
Manuel Pégourié-Gonnard
def018d301
Fix bignum ASM format for X86-64
2014-01-07 17:50:46 +01:00
Manuel Pégourié-Gonnard
5b1a573751
Document dependency of ECDSA_DETERMINISTIC on MD_C
2014-01-07 16:46:17 +01:00
Manuel Pégourié-Gonnard
937340bce0
Add ecdsa_write_signature_det()
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27
Add ecdsa_sign_det() with test vectors
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
461d416892
Add minified HMAC_DRBG for deterministic ECDSA
2014-01-06 11:01:38 +01:00
Paul Bakker
a8fd3e31ed
Removed POLARSSL_THREADING_DUMMY option
2013-12-31 11:54:08 +01:00
Paul Bakker
5bc07a3d30
Prepped for 1.3.3
2013-12-31 10:57:44 +01:00
Paul Bakker
c73879139e
Merged ECP memory usage optimizations
2013-12-31 10:33:47 +01:00
Manuel Pégourié-Gonnard
9e4191c3e7
Add another option to reduce EC memory usage
...
Also document speed/memory trade-offs better.
2013-12-30 19:16:05 +01:00
Paul Bakker
a36d23e290
Fixed documentation issues found by clang
2013-12-30 17:57:27 +01:00
Paul Bakker
956c9e063d
Reduced the input / output overhead with 200+ bytes and covered corner
...
case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard
d4588cfb6a
aesni_gcm_mult() now returns void
2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard
4a5b995c26
Add AES-NI key expansion for 256 bits
2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard
47a3536a31
Add AES-NI key expansion for 128 bits
2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard
01e31bbffb
Add support for key inversion using AES-NI
2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard
d333f67f8c
Add aesni_gcm_mult()
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
8eaf20b18d
Allow detection of CLMUL
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
5b685653ef
Add aesni_crypt_ecb() and use it
2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard
92ac76f9db
Add files for (upcoming) AES-NI support
2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard
1321135758
Fix MingW version issue
2013-12-17 17:38:55 +01:00
Paul Bakker
5a607d26b7
Merged IPv6 support in the NET module
2013-12-17 14:34:19 +01:00
Paul Bakker
5ab68ba679
Merged storing curves fully in ROM
2013-12-17 13:11:18 +01:00
Manuel Pégourié-Gonnard
767f02cf6e
Update IPv6 comments in config.h
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
6e315a9009
Adapt net_accept() to IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
10934de1ca
Adapt net_connect() for IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
cdff3cfda3
Add ecdh_get_params() to import from an EC key
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
bc64d3b221
Fix bug in ciphersuite number
...
The ID of TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 was wrong
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
25781b22e3
Add ECDH_RSA and ECDH_ECDSA ciphersuites
...
(not implemented yet)
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
96eed7bec9
Allow to test 32-bit ints more easily
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
1f82b041e7
Adapt ecp_group_free() to static constants
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef
Fix SSLv3 handling of SHA-384 suites
...
Fixes memory corruption, introduced in
a5bdfcd
(Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Paul Bakker
e1b665e1aa
Added POLARSSL_ECP_MAX_SIZE and POLARSSL_ECP_WINDOW_SIZE to config.h
2013-12-11 16:02:58 +01:00
Manuel Pégourié-Gonnard
7a949d3f5b
Update comments
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a60fe8943d
Add mpi_safe_cond_swap()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
97871ef236
Some operations are not supported with Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
661536677b
Add Curve25519 to known groups
2013-12-05 15:58:37 +01:00
Paul Bakker
9dc53a9967
Merged client ciphersuite order preference option
2013-12-02 14:56:27 +01:00
Paul Bakker
014f143c2a
Merged EC key generation support
2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245
Add option to respect client ciphersuite order
2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b
Add ecp_curve_info_from_name()
2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6
Add ecp_genkey(), prettier wrapper
2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
e3339ce296
Document x509_crt_parse_path() threading behaviour
2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard
964bf9b92f
Quit using readdir_r()
...
Prone to buffer overflows on some platforms.
2013-11-28 18:07:39 +01:00
Paul Bakker
88cd22646c
Merged ciphersuite version improvements
2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard
3eaa8e7005
Clarify comments of mpi_mul_int()
2013-11-26 15:19:56 +01:00
Paul Bakker
3209ce3692
Merged ECP improvements
2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard
a5bdfcde53
Relax some SHA2 ciphersuite's version requirements
...
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)
Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard
96c7a92b08
Change mpi_safe_cond_assign() for more const-ness
2013-11-25 18:28:53 +01:00
Paul Bakker
e4c71f0e11
Merged Prime generation improvements
2013-11-25 14:27:28 +01:00
Paul Bakker
45f457d872
Reverted API change for mpi_is_prime()
2013-11-25 14:26:52 +01:00
Manuel Pégourié-Gonnard
378fb4b70a
Split mpi_is_prime() and make its first arg const
2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
0160eacc82
gen_prime: ensure X = 2 mod 3 -> 2.5x speedup
2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard
d728350cee
Make memory access pattern constant
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601
Add mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07
Add mpi_shrink()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968
Tighten ecp_mul() validity checks
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
09ceaf49d0
Rm multiplication using NAF
...
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
c30200e4ce
Fix bound issues
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca
First version of ecp_mul_comb()
2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0
SSL now gracefully handles missing RNG
2013-11-21 17:31:06 +01:00
Steffan Karger
28d81a009c
Fix pkcs11.c to conform to PolarSSL 1.3 API.
...
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Steffan Karger
44cf68f262
compat-1.2.h: Make inline functions static
...
This makes it is possible to include the header from multiple .c files,
without getting tons of 'multiple declaration' compiler errors.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:13 +01:00
Paul Bakker
f4dc186818
Prep for PolarSSL 1.3.2
2013-11-04 17:29:42 +01:00
Paul Bakker
d46a9f1a82
Added missing endif in compat-1.2.h
2013-10-31 14:34:19 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7
Make ssl_renegotiate the only interface
...
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0
Allow ssl_renegotiate() to be called in a loop
...
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00