Paul Bakker
bf98c3dd11
Merged deterministic ECDSA
...
Conflicts:
library/ecdsa.c
2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard
dfab4c1193
Add forgotten #ifdef and depends_on
2014-01-22 16:01:06 +01:00
Paul Bakker
5862eee4ca
Merged RIPEMD-160 support
2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b
Renamed RMD160 to RIPEMD160
2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc
Merged support for secp224k1, secp192k1 and secp25k1
2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8
Add pk_rsa_set_padding() and rsa_set_padding()
2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
7c59363a85
Remove a few dead stores
2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard
9e987edf9f
Fix potential memory leak in bignum selftest
2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard
fd6a191381
Fix misplaced initialisation.
...
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard
073f0fa2fb
Fix missing error checking in gcm
2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard
280f95bd00
Add #ifs arround ssl_ciphersuite_uses_XXX()
2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard
7cfdcb8c7f
Add a length check in ssl_derive_keys()
2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard
9af7d3a35b
Add fast reduction for the other Koblitz curves
2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard
8887d8d37c
Add mod_p256k1
...
Makes secp256k1 about 4x faster
2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard
ea499a7321
Add support for secp192k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
0a56c2c698
Fix bug in ecdh_calc_secret()
...
Only affects curves with nbits != pbits (currently only secp224k1)
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
5304812b2d
Fix theoretical compliance issue in ECDSA
...
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d
Add support for secp224k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b
Add RIPEMD-160 to the generic MD layer
2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34
Add HMAC support to RIPEMD-160
2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
cab4a8807c
Add RIPEMD-160 (core functions)
2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard
9bcff3905b
Add OIDs and TLS IDs for prime Koblitz curves
2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard
f51c8fc353
Add support for secp256k1 arithmetic
2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
65ad3e4daf
Use deterministic ECDSA in the PK layer
2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
5e6edcfd96
Add fallback for md_alg == NONE to ecdsa_sign_det()
2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
937340bce0
Add ecdsa_write_signature_det()
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
f42bca6da0
Little HMAC_DRBG refactoring
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27
Add ecdsa_sign_det() with test vectors
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
461d416892
Add minified HMAC_DRBG for deterministic ECDSA
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
e7072f8d11
Fix theoretical compliance issue in ECDSA
...
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
c9573998ca
Fix unchecked error codes in ecp_gen_keypair()
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
79f73b96d9
Remove bias in EC private key generation
2014-01-06 10:19:35 +01:00
Paul Bakker
c78c8422c2
Added failure stub for uninitialized POLARSSL_THREADING_ALT functions
2013-12-31 11:55:27 +01:00
Paul Bakker
a8fd3e31ed
Removed POLARSSL_THREADING_DUMMY option
2013-12-31 11:54:08 +01:00
Paul Bakker
4de44aa0ae
Rewrote check to prevent read of uninitialized data in
...
rsa_rsassa_pss_verify()
2013-12-31 11:43:01 +01:00
Paul Bakker
6992eb762c
Fixed potential overflow in certificate size in ssl_write_certificate()
2013-12-31 11:38:33 +01:00
Paul Bakker
6ea1a95ce8
Added missing MPI_CHK() around some statements
2013-12-31 11:17:14 +01:00
Paul Bakker
5bc07a3d30
Prepped for 1.3.3
2013-12-31 10:57:44 +01:00
Paul Bakker
00f5c52bfe
Added cast to socket() return value to prevent Windows warning
2013-12-31 10:45:16 +01:00
Paul Bakker
c73879139e
Merged ECP memory usage optimizations
2013-12-31 10:33:47 +01:00
Paul Bakker
53e1513fea
Initialize ebx and edx in padlock functions
2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard
26bc1c0f5d
Fix a few unchecked return codes in EC
2013-12-30 19:33:33 +01:00
Paul Bakker
93759b048f
Made AES-NI bit-size specific key expansion functions static
2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard
9e4191c3e7
Add another option to reduce EC memory usage
...
Also document speed/memory trade-offs better.
2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard
70896a023e
Add statistics about number of allocated blocks
2013-12-30 19:16:05 +01:00
Paul Bakker
ec4bea7eee
Forced cast to unsigned int for %u format in ecp_selftest()
2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard
1f789b8348
Lessen peak memory usage in EC by freeing earlier
...
Cuts peak usage by 25% :)
2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard
72c172a13d
Save some small memory allocations inside ecp_mul()
2013-12-30 16:04:55 +01:00
Paul Bakker
f0fc2a27b0
Properly put the pragma comment for the MSVC linker in defines
2013-12-30 15:42:43 +01:00
Paul Bakker
92bcadb110
Removed 'z' length modifier from low-value size_t in ecp_selftest()
2013-12-30 15:37:17 +01:00
Paul Bakker
e7f5133590
Fixed superfluous return value in aesni.c
2013-12-30 15:32:02 +01:00
Paul Bakker
0d0de92156
Only specify done label in aes.c when AES-NI is possible
2013-12-30 15:29:04 +01:00
Paul Bakker
956c9e063d
Reduced the input / output overhead with 200+ bytes and covered corner
...
case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard
d4588cfb6a
aesni_gcm_mult() now returns void
2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard
bfa3c9a85f
Remove temporary code
2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard
23c2f6fee5
Add AES-NI key expansion for 192 bits
2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard
4a5b995c26
Add AES-NI key expansion for 256 bits
2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard
47a3536a31
Add AES-NI key expansion for 128 bits
2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard
01e31bbffb
Add support for key inversion using AES-NI
2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard
80637c7520
Use aesni_gcm_mult() if available
2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard
d333f67f8c
Add aesni_gcm_mult()
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
9d57482280
Add comments on GCM multiplication
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
8eaf20b18d
Allow detection of CLMUL
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
5b685653ef
Add aesni_crypt_ecb() and use it
2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard
92ac76f9db
Add files for (upcoming) AES-NI support
2013-12-25 13:03:26 +01:00
Paul Bakker
1e5369c7fa
Variables in proper block or within proper defines in ssl_decrypt_buf()
2013-12-19 16:40:57 +01:00
Paul Bakker
0c0476f92d
Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED
2013-12-19 16:20:53 +01:00
Paul Bakker
1a56fc96a3
Fixed x509_crt_parse_path() bug on Windows platforms
2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard
1321135758
Fix MingW version issue
2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard
ee5db1d6b9
Fix typo in previous commit
2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard
6a398d4234
Add missing header for windows
2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard
173402bb61
net_prepare() returns int
2013-12-17 15:57:05 +01:00
Paul Bakker
5a607d26b7
Merged IPv6 support in the NET module
2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard
fd6b4cc1db
Add forgotten SO_REUSEADDR option
2013-12-17 13:59:01 +01:00
Paul Bakker
5ab68ba679
Merged storing curves fully in ROM
2013-12-17 13:11:18 +01:00
Paul Bakker
fdf946928d
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
2013-12-17 13:10:27 +01:00
Paul Bakker
77e257e958
Fixed bad check for maximum size of fragment length index
2013-12-17 13:09:12 +01:00
Paul Bakker
6c21276342
Place olen initalization after reference check in cipher_update()
2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f
Potential memory leak in ssl_ticket_keys_init()
2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
6e315a9009
Adapt net_accept() to IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
389ce63735
Add IPv6 support to net_bind()
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
10934de1ca
Adapt net_connect() for IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
2e5c3163db
Factor our some code in net.c
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
5538970d32
Add server support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
d18cc57962
Add client-side support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
cdff3cfda3
Add ecdh_get_params() to import from an EC key
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
25781b22e3
Add ECDH_RSA and ECDH_ECDSA ciphersuites
...
(not implemented yet)
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
69ab354239
Fix bug from stupid typo
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
14a96c5d8b
Avoid wasting memory with some curves
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
95b45b7bb2
Rename macros
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
baee5d4157
Add previously forgotten #ifdef's
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
81e1b102dc
Rm a few unneeded variables
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
1f82b041e7
Adapt ecp_group_free() to static constants
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
73cc01d7fa
Remove last non-static parts of known EC groups
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
731d08b406
Start using constants from ROM for EC groups
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef
Fix SSLv3 handling of SHA-384 suites
...
Fixes memory corruption, introduced in
a5bdfcd
(Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Paul Bakker
fef3c5a652
Fixed typo in POLARSSL_PKCS1_V15 in rsa.c
2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard
93f41dbdfd
Fix possible issue in corner-case for ecp_mul_mx()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7a949d3f5b
Update comments
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
d962273594
Add #ifdef's for curve types
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7c94d8bcab
WIP #ifdef's
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
b6f45a616c
Avoid potential leak in ecp_mul_mxz()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a60fe8943d
Add mpi_safe_cond_swap()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
97871ef236
Some operations are not supported with Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
3d7053a2bb
Add ecp_mod_p255(): Curve25519 about 4x faster now
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
357ff65a51
Details in ecp_mul_mxz()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
fe0af405f9
Adapt ecp_gen_keypair() to Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de
Fix bug in mpi_set_bit
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a0179b8c4a
Change ecp_mul to handle Curve25519 too
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
312d2e8ea2
Adapt key checking functions for Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
661536677b
Add Curve25519 to known groups
2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3afa07f05b
Add coordinate randomization for Curve25519
2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
d9ea82e7d9
Add basic arithmetic for Curve25519
2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3c0b4ea97e
Rename a few functions
2013-12-05 15:58:37 +01:00
Paul Bakker
498fd354c6
Added missing inline definition for other platforms to ecp_curves.c
2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard
d5e0fbe1a3
Remove now useless function
2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard
3ee90003c9
Make internal functions static again + cosmetics
2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard
9854fe986b
Convert curve constants to binary
...
Makes source longer but resulting binary smaller
2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard
32b04c1237
Split ecp.c
2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard
43863eeffc
Declare internal variables static in ecp.c
2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard
d35e191434
Drop useless include in ecp.c
2013-12-02 16:34:24 +01:00
Paul Bakker
9dc53a9967
Merged client ciphersuite order preference option
2013-12-02 14:56:27 +01:00
Paul Bakker
014f143c2a
Merged EC key generation support
2013-12-02 14:55:09 +01:00
Paul Bakker
4040d7e95c
Merged more constant-time checking in RSA
2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245
Add option to respect client ciphersuite order
2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
011a8db2e7
Complete refactoring of ciphersuite choosing
2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard
3252560e68
Move some functions up
2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard
59b81d73b4
Refactor ciphersuite selection for version > 2
2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b
Add ecp_curve_info_from_name()
2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6
Add ecp_genkey(), prettier wrapper
2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
27290daf3b
Check PKCS 1.5 padding in a more constant-time way
...
(Avoid branches that depend on secret data.)
2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard
ab44d7ecc3
Check OAEP padding in a more constant-time way
2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard
a5cfc35db2
RSA-OAEP decrypt: reorganise code
2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard
5ad68e42e5
Mutex x509_crt_parse_path() when pthreads is used
2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard
964bf9b92f
Quit using readdir_r()
...
Prone to buffer overflows on some platforms.
2013-11-28 18:07:39 +01:00
Paul Bakker
76f03118c4
Only compile with -Wmissing-declarations and -Wmissing-prototypes in
...
library, not tests and programs
2013-11-28 17:20:04 +01:00
Paul Bakker
88cd22646c
Merged ciphersuite version improvements
2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard
da1ff38715
Don't accept CertificateRequest with PSK suites
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41
Add missing defines/cases for RSA_PSK key exchange
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
c57b654a3e
Use t_uint rather than uintXX_t when appropriate
2013-11-26 15:19:56 +01:00
Paul Bakker
3209ce3692
Merged ECP improvements
2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard
20b9af7998
Fix min_version (TLS 1.0) for ECDHE-PSK suites
2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard
a5bdfcde53
Relax some SHA2 ciphersuite's version requirements
...
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)
Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard
96c7a92b08
Change mpi_safe_cond_assign() for more const-ness
2013-11-25 18:28:53 +01:00
Paul Bakker
e4c71f0e11
Merged Prime generation improvements
2013-11-25 14:27:28 +01:00
Paul Bakker
45f457d872
Reverted API change for mpi_is_prime()
2013-11-25 14:26:52 +01:00
Paul Bakker
8fc30b178c
Various const fixes
2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
ddf7615d49
gen_prime: check small primes early (3x speed-up)
2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard
378fb4b70a
Split mpi_is_prime() and make its first arg const
2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
0160eacc82
gen_prime: ensure X = 2 mod 3 -> 2.5x speedup
2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard
711507a726
gen_prime: ensure X = 3 mod 4 always (2x speed-up)
2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard
3e3d2b818c
Fix bug in mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
918148193d
Enhance ecp_selftest
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
d728350cee
Make memory access pattern constant
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
aade42fd88
Change method for making M odd in ecp_mul()
...
- faster
- avoids M >= N (if m = N-1 or N-2)
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
36daa13d76
Misc details
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
469a209334
Rm subtraction from ecp_add_mixed()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
01fca5e882
Do point inversion without leaking information
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601
Add mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
44aab79022
Update bibliographic references
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
7f762319ad
Use mpi_shrink() in ecp_precompute()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07
Add mpi_shrink()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
e282012219
Spare some memory
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
edc1a1f482
Small code cleanups
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968
Tighten ecp_mul() validity checks
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
09ceaf49d0
Rm multiplication using NAF
...
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
04a0225388
Optimize w in the comb method
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
70c14372c6
Add coordinate randomization back
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
c30200e4ce
Fix bound issues
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
101a39f55f
Improve comb method (less precomputed points)
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca
First version of ecp_mul_comb()
2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0
SSL now gracefully handles missing RNG
2013-11-21 17:31:06 +01:00
Paul Bakker
f2b4d86452
Fixed X.509 hostname comparison (with non-regular characters)
...
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Steffan Karger
c245834bc4
Link against ZLIB when zlib is used
...
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:45:48 +01:00
Steffan Karger
28d81a009c
Fix pkcs11.c to conform to PolarSSL 1.3 API.
...
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Paul Bakker
08b028ff0f
Prevent unlikely NULL dereference
2013-11-19 10:42:37 +01:00
Paul Bakker
b076314ff8
Makefile now produces a .so.X with SOVERSION in it
2013-11-05 11:27:12 +01:00
Paul Bakker
f4dc186818
Prep for PolarSSL 1.3.2
2013-11-04 17:29:42 +01:00
Paul Bakker
0333b978fa
Handshake key_cert should be set on first addition to the key_cert chain
2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185
Added defines around renegotiation code for SSL_SRV and SSL_CLI
2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7
Make ssl_renegotiate the only interface
...
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0
Allow ssl_renegotiate() to be called in a loop
...
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c
Fix misplaced initialisation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Paul Bakker
0d7702c3ee
Minor change that makes life easier for static analyzers / compilers
2013-10-29 16:18:35 +01:00
Paul Bakker
6edcd41c0a
Addition conditions for UEFI environment under MSVC
2013-10-29 15:44:13 +01:00
Paul Bakker
7b0be68977
Support for serialNumber, postalAddress and postalCode in X509 names
2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c
Fix ECDSA corner case: missing reduction mod N
...
No security issue, can cause valid signatures to be rejected.
Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131
Fixed spelling / typos (from PowerDNS:codespell)
2013-10-29 10:02:51 +01:00
Paul Bakker
50dc850c52
Const correctness
2013-10-28 21:19:10 +01:00
Paul Bakker
6a6087e71d
Added missing inline definition for MSCV and ARM environments
2013-10-28 18:53:08 +01:00
Paul Bakker
7bc745b6a1
Merged constant-time padding checks
2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d
Merged optimizations for MODP NIST curves
2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard
1001e32d6f
Fix return value of ecdsa_from_keypair()
2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard
21ef42f257
Don't select a PSK ciphersuite if no key available
2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d
X509 key identifiers depend on SHA1
2013-10-28 13:58:32 +01:00
Paul Bakker
45a2c8d99a
Prevent possible alignment warnings on casting from char * to 'aligned *'
2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472
Server does not send out extensions not advertised by client
2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard
e68bf171eb
Make get_zeros_padding() constant-time
2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard
6c32990114
Make get_one_and_zeros_padding() constant-time
2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard
d17df51277
Make get_zeros_and_len_padding() constant-time
2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a
Make get_pkcs_padding() constant-time
2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9
Fix bad error codes
2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
7109624aef
Skip MAC computation/check when GCM is used
2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard
8866591cc5
Don't special-case NULL cipher in ssl_tls.c
2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard
126a66f668
Simplify switching on mode in ssl_tls.c
2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard
98d9a2c061
Fix missing or wrong ciphersuite definitions
2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard
6fb0f745be
Rank GCM before CBC in ciphersuite_preference
2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard
8d01eea7af
Add Camellia-GCM ciphersuites
2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard
e0dca4ad78
Cipher layer: check iv_len more carefully
2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard
dae7093875
gcm_selftest depends on AES
2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard
87181d1deb
Add Camellia-GCM to th cipher layer
2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
13e0d449f7
Add Camellia-GCM test vectors
...
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
9fcceac943
Add a comment about modules coupling
2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard
b21c81fb41
Use less memory in fix_negative()
2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard
cae6f3ed45
Reorganize code in ecp.c
2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard
5779cbe582
Make mod_p{224,256,384] a bit faster
...
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard
c04c530a98
Make NIST curves optimisation an option
2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard
0f9149cb0a
Add mod_p384
2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard
ec655c908c
Add mod_p256
2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard
210b458ddc
Document and slightly reorganize mod_pXXX
2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard
2a08c0debc
mod_p224 now working with 8-bit and 16-bit ints
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
a47e7058ea
mod_p224 now endian-neutral
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
e783f06f73
Start working on mod_p224
...
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8
Make ecp_mod_p521 a bit faster
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
c9e387ca9e
Optimize ecp_modp()
...
Makes it 22% faster, for a 5% gain on ecp_mul()
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd
Rework ecp_mod_p192()
...
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Paul Bakker
6888167e73
Forced cast to prevent MSVC compiler warning
2013-10-15 13:24:01 +02:00
Paul Bakker
5c17ccdf2a
Bumped version to 1.3.1
2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Paul Bakker
bbc1007c50
Convert SOCKET to int to prevent compiler warnings under MSVC.
...
From kernel objects at msdn:
Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.
Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0
Fix bug in psk_identity_hint parsing
2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2
Dependency fixes
2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537
Refactor parse_server_key_exchange a bit
2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
ef0eb1ebd8
Add two missing RSA-PSK ciphersuites
2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard
0fae60bb71
Implement RSA-PSK key exchange
2013-10-14 19:34:48 +02:00
Paul Bakker
be089b0483
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2013-10-14 15:51:50 +02:00
Paul Bakker
b9cfaa0c7f
Explicit conversions and minor changes to prevent MSVC compiler warnings
2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
057e0cf263
Fix ciphersuites dependencies on MD5 and SHA1
2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2
More *-PSK refactoring
2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449
Factor PSK pms computation to ssl_tls.c
2013-10-14 13:17:36 +02:00