Commit Graph

697 Commits

Author SHA1 Message Date
Paul Bakker
0e34235644 Fixed values for 2-key Triple DES in cipher layer
(cherry picked from commit 2be71faae4)
2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb x509parse_crt() and x509parse_crt_der() return X509 password related codes
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED

Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c7)
2013-06-25 15:06:53 +02:00
Paul Bakker
72823091c2 Removed redundant free()s
(cherry picked from commit 1fc7dfe2e2)
2013-06-25 15:06:53 +02:00
Paul Bakker
cf445ffc4e Added missing free()
(cherry picked from commit ff3a4b010b)
2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
b0c19a4b3d PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module.
(cherry picked from commit 19bd297dc8)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
fc4f46fa9a Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
(cherry picked from commit 52b845be34)
2013-06-25 15:06:52 +02:00
Paul Bakker
531e294313 Fixed location of brackets in pkcs12.c
(cherry picked from commit 67812d396c)
2013-06-25 15:06:52 +02:00
Paul Bakker
2c8cdd201f x509parse_crtpath() is now reentrant and uses more portable stat()
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
(cherry picked from commit cbfcaa9206)
2013-06-25 15:06:51 +02:00
Paul Bakker
42c6581110 Changed x509parse_crt_der() to support adding to chain.
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
(cherry picked from commit d6d4109adc)
2013-06-25 15:06:51 +02:00
Paul Bakker
90995b5ce3 Added mechanism to provide alternative cipher / hash implementations
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043)
2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a8)

Conflicts:
	scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876 Internally split up x509parse_key()
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6)

Conflicts:
	library/x509parse.c
2013-06-25 15:06:50 +02:00
Paul Bakker
89ecb2d074 ssl_parse_certificate() now calls x509parse_crt_der() directly
(cherry picked from commit 1922a4e6aa)
2013-06-24 19:09:25 +02:00
Paul Bakker
5ed3b34e22 x509parse_crt() now better handles PEM error situations
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
(cherry picked from commit 6417186365)
2013-06-24 19:09:25 +02:00
Paul Bakker
00b2860e8d pem_read_buffer() already update use_len after header and footer are read
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e)
2013-06-24 19:09:25 +02:00
Paul Bakker
3c2122ff9d Fixed const correctness issues that have no impact on the ABI
(cherry picked from commit eae09db9e5)

Conflicts:
	library/gcm.c
2013-06-24 19:09:24 +02:00
Paul Bakker
2013950545 Secure renegotiation extension should only be sent in case client supports secure renegotiation
(cherry picked from commit 7c3c3899cf)
2013-06-24 19:09:24 +02:00
Paul Bakker
73d4431ccd Fixed parse error in ssl_parse_certificate_request() 2013-05-22 13:56:26 +02:00
Paul Bakker
f6a19bd728 Possible resource leak on FILE* removed in X509 parse 2013-05-14 13:26:51 +02:00
Paul Bakker
c72d3f7d85 Possible resource leak on FILE* removed in CTR_DRBG 2013-05-14 13:22:41 +02:00
Paul Bakker
40afb4ba13 Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487 2013-04-19 22:03:30 +02:00
Paul Bakker
a1bf92ddb4 Added PSK NULL ciphers from RFC4785 2013-04-19 20:47:26 +02:00
Paul Bakker
48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker
188c8de430 Only allow missing SereverKeyExchange message in bare PSK mode 2013-04-19 09:13:37 +02:00
Paul Bakker
e07f41d4be Introduced defines to control availability of specific SSL Key Exchange
methods.

Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
2013-04-19 09:08:57 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
73a899a9eb Changed error code message to also cover missing pre-shared key 2013-04-18 23:12:34 +02:00
Paul Bakker
fbb17804d8 Added pre-shared key handling for the server side of SSL / TLS
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
70df2fbaa5 Split parts of ssl_parse_client_key_exchange() into separate functions
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
2013-04-18 23:12:33 +02:00
Paul Bakker
d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
f7abd422dc Removed extra spaces on end of lines 2013-04-16 18:09:45 +02:00
Paul Bakker
29e1f12f6b split parts of ssl_parse_server_key_exchange() into separate functions
Made ssl_parse_server_dh_params(), ssl_parse_server_ecdh_params() and
ssl_parse_signature_algorihm() in preparation for PSK-related code
2013-04-16 18:09:45 +02:00
Paul Bakker
8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker
0ecdb23eed Cleanup of the GCM code
Removed unused variable 'v'

orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
2013-04-09 11:36:42 +02:00
Paul Bakker
a280d0f2b9 Fixed compiler warning for possible uninitialized ret 2013-04-08 13:40:17 +02:00
Paul Bakker
27714b1aa1 Added Camellia ECDHE-based CBC ciphersuites
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker
bfe671f2d5 Blowfish has default of 128-bit keysize in cipher layer 2013-04-07 22:35:44 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
37de6bec16 Const correctness added for asn1write functions 2013-04-07 13:11:31 +02:00
Paul Bakker
3b6a07b745 Prevented compiler warning on uninitialized end 2013-03-21 11:56:50 +01:00
Paul Bakker
d3edc86720 Moved writing of client extensions to separate functions in ssl_cli.c 2013-03-20 16:07:17 +01:00
Paul Bakker
a54e493bc0 Added ECDHE-based SHA256 and SHA384 ciphersuites
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
Paul Bakker
b7149bcc90 Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF 2013-03-20 15:30:09 +01:00
Paul Bakker
41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker
d589a0ddb6 Modified Makefiles to include new files and and config.h to PolarSSL standard 2013-03-13 16:30:17 +01:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker
c9118b433b Renamed hash structures to ctx 2013-03-13 11:48:39 +01:00
Paul Bakker
09d67258a2 Modified to work in-place 2013-03-13 11:46:00 +01:00
Paul Bakker
92be97b8e6 Align data with future location based on IV size 2013-03-13 11:46:00 +01:00
Paul Bakker
07eb38ba31 Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well
Added ssl_hw_record_activate()
2013-03-13 11:44:40 +01:00
Paul Bakker
c7878113cb Do not set done in case of a fall-through 2013-03-13 11:44:40 +01:00
Paul Bakker
5bd422937a Reverted commit 186751d9dd and made out_hdr and out_msg back-to-back again 2013-03-13 11:44:40 +01:00
Paul Bakker
fae35f0601 Functions in cipher_wrap.c marked static 2013-03-13 10:33:51 +01:00
Paul Bakker
d1df02a8a3 Functions inside md_wrap.c now marked static 2013-03-13 10:31:31 +01:00
Paul Bakker
ac0fba5389 Added missing header for MD2 and made code compile with missing header
files
2013-03-13 10:28:40 +01:00
Paul Bakker
1bd3ae826c Added md_process() to MD layer for generic internal access to hash
process functions

Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
2013-03-13 10:26:44 +01:00
Paul Bakker
90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker
e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker
926c8e49fe Fixed possible NULL pointer exception in ssl_get_ciphersuite() 2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46 Removed timing differences due to bad padding from RSA decrypt for
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3 Added conversion to int for a t_uint value to prevent compiler warnings
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5 Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1 Made x509parse.c also work with missing hash header files 2013-02-19 13:17:38 +01:00
Paul Bakker
86f04f400b Fixed comment 2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Manuel Pégourié-Gonnard
f35b739dff Add a few check for context validity. 2013-02-11 22:12:39 +01:00
Manuel Pégourié-Gonnard
424fda5d7b Add ecdh_calc_secret() 2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c Add ecdh_{make,read}_public() 2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2 Add ecdh_read_params(). 2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
13724765b2 Add ecdh_make_server_params (untested yet) 2013-02-10 15:01:54 +01:00
Manuel Pégourié-Gonnard
63533e44c2 Create ecdh_context structure 2013-02-10 14:22:44 +01:00
Manuel Pégourié-Gonnard
98f51815d6 Fix ecp_tls_read_point's signature 2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418 Fix ecp_tls_read_group's signature 2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
46106a9d75 Add tests for (and fix bug in) ecp_tls_write_group 2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675 Fix ecp_tls_write_point's signature 2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
b325887fad Add ecp_tls_write_group() 2013-02-10 12:06:19 +01:00
Manuel Pégourié-Gonnard
7e86025f32 Rename ecp_*_binary to ecp_point_*_binary 2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22 Supress 'format' argument to ecp_read_binary.
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
0079405918 Add functions for read/write ECPoint records 2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard
1a96728964 Add function parsing a TLS ECParameters record 2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6 Fixed timing difference resulting from badly formatted padding. 2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Manuel Pégourié-Gonnard
3aeb5a7192 Add ECDSA signature primitive. 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
b309ab2936 Add ECDSA sign primitive 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
2aea1416f9 Add skeleton ecdsa.[ch] 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
6545ca7bed Add ECDH primitives 2013-01-26 19:11:24 +01:00
Manuel Pégourié-Gonnard
0bad5c2381 Add skeleton ecdh.[ch] 2013-01-26 15:30:46 +01:00
Manuel Pégourié-Gonnard
45a035a9ac Add ecp_gen_keypair() 2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378 Updated for PolarSSL 1.2.4 2013-01-25 17:11:37 +01:00
Paul Bakker
1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae Correctly handle CertificateRequest with empty DN list in <= TLS 1.1 2013-01-22 14:21:49 +01:00
Paul Bakker
cf4365f560 Updated error codes for ECP 2013-01-16 17:00:43 +01:00
Paul Bakker
a95919b4c7 Added ECP files to Makefiles as well 2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
5e402d88ea Added ecp_read_binary(). 2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3 Added support for writing points compressed 2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46 Added ecp_write_binary(). 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63 Added ecp_check_pubkey(). 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
3680c82c5a Made choice of w safer and more optimal 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
cdd44324e9 Added ecp_normalize_many() for faster precompute() 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5 Made ecp_mul() faster and truly SPA resistant 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
7652a593d6 Added a precompute() function for fast mult 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
855560758c Added function preparing for faster multiplication 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
b4a310b472 Added a selftest about SPA resistance 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e Added ecp_sub() as a variant of ecp_add() 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c Changed to jacobian coordinates everywhere 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
773ed546a2 Added a nbits member to ecp_group 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb Multiplication by negative is now forbidden 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
8433824d5f Added fast mod_p192 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4712325777 Clarifications in comments; code cosmetics & style 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
dada4da33f Moved domain paramaters to ecp.c 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
62aad14139 Added slot for fast modp, with mod_p521 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
84d1aea1ac Now reducing mod p after every single operation 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e0c16922f9 Point multiplication using Jacobian coordinates 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
7e0adfbcc5 Replaced add_generic with add_mixed 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
989c32bc3e Replaced double_generic with double_jac 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
27b1ba8be0 Changed ecp_mul() to always add the same point 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
d070f51224 Started introducting Jacobian coordinates 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c Moved tests from selftest to tests/test_suite_ecp 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
a5402fee04 Added ecp_use_known_dp() 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae Implemented multiplication 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b4ab8a8137 Fixed memory leak due to typo 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
de532ee73f Implemented generic doubling 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
ab38b70816 Fixed add_generic 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c Got first tests working, fixed ecp_copy() 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
d0dc6317e1 Added a few test cases for addition 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
847395a8a9 Added ecp_XXX_read_string() 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
7cfcea349c Documented error codes properly 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
ae180d0f20 Got started on ecp_add(): generic case done 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
883f313516 Added ecp_copy() (for points) 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
5179e463d5 Allowed point at infinity, supressed ecp_double() 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
1e8c8ecd95 Implemented ecp_{point,group}_free() 2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
39d2adbbd0 Added (skeleton) ecp.[ch] 2013-01-16 16:31:48 +01:00
Paul Bakker
21dca69ef0 Handle future version properly in ssl_write_certificate_request() 2013-01-03 11:41:08 +01:00
Paul Bakker
02303e8be4 Moved md_init_ctx() calls around to minimize exit points 2013-01-03 11:08:31 +01:00
Paul Bakker
40628bad98 Memory leak when using RSA_PKCS_V21 operations fixed 2013-01-03 10:50:31 +01:00
Paul Bakker
fb1ba781b3 Updated for release 1.2.3 2012-11-26 16:28:25 +01:00
Paul Bakker
bc3d98469f Fixed multiple DN size 2012-11-26 16:12:02 +01:00
Paul Bakker
df5069cb97 Updated for 1.2.2 release 2012-11-24 12:20:19 +01:00
Paul Bakker
3497d8c7bf Do not check sig on trust-ca (might not be top) 2012-11-24 11:53:17 +01:00
Paul Bakker
769075dfb6 Fixed dependency on POLARSSL_SHA4_C in ssl modules 2012-11-24 11:26:46 +01:00
Paul Bakker
78ce507988 Fixed typo 2012-11-23 14:23:53 +01:00
Paul Bakker
926af7582a Fixed client certificate handling with TLS 1.2 2012-11-23 13:38:07 +01:00
Manuel Pégourié-Gonnard
e44ec108be Fixed segfault in mpi_shift_r()
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
90f309ffe7 Added proper gitignores for linux compilation 2012-11-17 00:04:49 +01:00
Paul Bakker
43ae298410 - Fixed argument types 2012-11-14 12:14:19 +00:00
Paul Bakker
34d8dbcc6d - Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0) 2012-11-14 12:11:38 +00:00
Paul Bakker
e0f41f3086 - Updated version to 1.2.1 2012-11-13 12:55:02 +00:00
Paul Bakker
9daf0d0651 - Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 2012-11-13 12:13:27 +00:00
Paul Bakker
96c4ed8134 - Proper building of shared lib when SHARED defined 2012-11-13 10:37:52 +00:00
Paul Bakker
644db3893a - Added SHARED define for building with -fPIC 2012-11-13 10:35:00 +00:00
Paul Bakker
f02c5642d0 - Allow R and A to point to same mpi in mpi_div_mpi 2012-11-13 10:25:21 +00:00
Paul Bakker
36c4a678a6 - Fixed off-by-one loop 2012-11-09 15:30:07 +00:00
Paul Bakker
096348fa79 - Fixed comments / typos 2012-11-07 20:05:38 +00:00
Paul Bakker
fc975dc592 - Small Windows VC6 fixes 2012-11-02 12:51:23 +00:00
Paul Bakker
d9374b05d6 - Moved mpi_inv_mod() outside POLARSSL_GENPRIME 2012-11-02 11:02:58 +00:00
Paul Bakker
7a2538ee38 - Fixes for MSVC6 2012-11-02 10:59:36 +00:00
Paul Bakker
645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker
bb0139c924 - Moved to more flexible define structure
- Added exception for OpenBSD on Sparc64 (no privilege for call)
2012-10-31 09:53:08 +00:00
Paul Bakker
35a7fe52f3 - Prevent compiler warning 2012-10-31 09:07:14 +00:00
Paul Bakker
8611e73dd3 - Fixed infinite loop 2012-10-30 07:52:29 +00:00
Paul Bakker
b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker
d2c167e9a8 - And fixed order 2012-10-30 07:49:19 +00:00
Paul Bakker
98fe5eaf47 - Removed snprintf altogether for critical code paths 2012-10-24 11:17:48 +00:00
Paul Bakker
331f5630e9 - Do not use sprintf(), use snprintf() instead. 2012-10-24 10:16:39 +00:00
Paul Bakker
ba26e9ebfd - Cache now only allows a maximum of entries in cache for preventing memory overrun 2012-10-23 22:18:28 +00:00
Paul Bakker
f1ab0ec1ff - Changed default compiler flags to include -O2 2012-10-23 12:12:53 +00:00
Paul Bakker
67f9d534ee - Removed code breaking strict-aliasing 2012-10-23 11:49:05 +00:00
Paul Bakker
81420abcb6 - properly print minimum version 2012-10-23 10:31:15 +00:00
Paul Bakker
c110d025c2 - Added extra check to prevent crash on failed memory allocation 2012-10-19 12:15:08 +00:00
Paul Bakker
0be82f20a9 - Updated rsa_pkcs1_verify() and rsa_pkcs1_sign() to use appropriate buffer size for max MPIs 2012-10-03 20:36:33 +00:00
Paul Bakker
36fec23dc2 - Updated to 1.2.0 2012-10-02 15:40:44 +00:00
Paul Bakker
62261d6bd6 - Rewrote bignum type definition #ifdef tree to work better on all
systems
2012-10-02 12:19:31 +00:00
Paul Bakker
3338b792da - Fixed WIN32 version of x509parse_crtpath() 2012-10-01 21:13:10 +00:00
Paul Bakker
d6f17b492f - Moved definition to top to prevent MS VC compiler warning 2012-10-01 20:58:19 +00:00
Paul Bakker
5c2364c2ba - Moved from unsigned long to uint32_t throughout code 2012-10-01 14:41:15 +00:00
Paul Bakker
0e19e9ff1c - Minor define change to prevent warning 2012-10-01 11:02:48 +00:00
Paul Bakker
993d11dd05 - Send ClientHello with 'minimal version' 2012-09-28 15:00:12 +00:00
Paul Bakker
23f3680898 - Added proper support for TLS 1.2 signature_algorithm extension on server
side
 - Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b - Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS 2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02 - Added ServerName extension parsing (SNI) at server side 2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163 - Generalized external private key implementation handling (like PKCS#11) in SSL/TLS 2012-09-27 19:15:01 +00:00
Paul Bakker
321df6fb80 - Expanded rsa_check_privkey() to check DP, DQ and QP as well 2012-09-27 13:21:34 +00:00
Paul Bakker
5531c6d92c - Change buffer size on mpi_write_file() to cover larger size MPIs 2012-09-26 19:20:46 +00:00
Paul Bakker
49d75678a5 - Support INTEGRITY OS 2012-09-26 15:22:07 +00:00
Paul Bakker
d14277d7de - Added PBKDF2 error code 2012-09-26 15:19:05 +00:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a - Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob 2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd - Added predefined DHM groups from RFC 5114 2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc - Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
2d319fdfcb - Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover. 2012-09-16 21:34:26 +00:00
Paul Bakker
48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker
b5b20f19e7 - Extra sanity check for input added 2012-09-16 15:07:49 +00:00
Paul Bakker
5f70b25c9b - Correctly handle SHA256 ciphersuites in SSLv3
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
ec636f3bdd - Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation) 2012-09-09 19:17:02 +00:00
Paul Bakker
94a6796179 - Correctly handle MS certificate's key usage bits 2012-08-23 13:03:52 +00:00
Paul Bakker
f518b16f97 - Added PKCS#5 PBKDF2 key derivation function 2012-08-23 13:03:18 +00:00
Paul Bakker
535e97dbab - Better checking for reading over buffer boundaries
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
b68cad6cc7 - Made cipersuites in ssl context const (no intention to modify)
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
bb51f0cb3d - Only include md.h if needed by POLARSSL_PKCS1_V21 2012-08-23 07:46:58 +00:00
Paul Bakker
6a2f857b08 - Added DragonflyBSD support 2012-08-23 07:45:37 +00:00
Paul Bakker
3c16db9a10 - Fixed potential memory zeroization on miscrafted RSA key 2012-07-05 13:58:08 +00:00
Paul Bakker
6132d0aa93 - Added Blowfish to generic cipher layer
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
83f00bba9c - Updated strerror codes for SSL Compression and Blowfish 2012-07-04 11:08:50 +00:00
Paul Bakker
a9379c0ed1 - Added base blowfish algorithm 2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651 - Added DEFLATE compression support as per RFC3749 (requires zlib) 2012-07-03 13:30:23 +00:00
Paul Bakker
cefb396a77 - Handle empty certificate subject names 2012-06-27 11:51:09 +00:00
Paul Bakker
e4791f3936 - Bugfix for Windows in cert path handling 2012-06-04 21:29:15 +00:00
Paul Bakker
67820bd38e - Only include padlock header when POLARSSL_PADLOCK_C is defined 2012-06-04 12:47:23 +00:00
Paul Bakker
8d914583f3 - Added X509 CA Path support 2012-06-04 12:46:42 +00:00
Paul Bakker
e6ee41f932 - Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
50546921ac - Moved to prevent uninitialized exit var 2012-05-19 08:40:49 +00:00
Paul Bakker
f6198c1513 - mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52) 2012-05-16 08:02:29 +00:00
Paul Bakker
2a5c7a87af - Add Windows required library 2012-05-10 21:54:28 +00:00
Paul Bakker
62f88dc473 Makefile more compatible with WINDOWS environment 2012-05-10 21:26:28 +00:00
Paul Bakker
cd5b529d6d - Added automatic WINDOWS define in Makefile 2012-05-10 20:49:10 +00:00
Paul Bakker
4d2c1243b1 - Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present. 2012-05-10 14:12:46 +00:00
Paul Bakker
7e2c728178 - Updated to support NetBSD 2012-05-08 13:23:16 +00:00
Paul Bakker
186751d9dd - Moved out_msg to out_hdr + 32 to support hardware acceleration 2012-05-08 13:16:14 +00:00
Paul Bakker
3aac1daf1d - Added exception error parsing when FATAL ssl message is received 2012-05-08 13:12:27 +00:00
Paul Bakker
6b906e5095 - Const correctness mpi_get_bit()
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a - Added support for Hardware Acceleration hooking in SSL/TLS 2012-05-08 09:17:57 +00:00
Paul Bakker
430ffbe564 - Fixed potential heap corruption in x509_name allocation 2012-05-01 08:14:20 +00:00
Paul Bakker
aec37cb653 - Added extra sanity check to DHM values 2012-04-26 18:59:59 +00:00
Paul Bakker
279432a7c0 - Fixed size of clean 2012-04-26 10:09:35 +00:00
Paul Bakker
901c65620e - Fill full buffer (Wrong parameter usage) 2012-04-20 13:25:38 +00:00
Paul Bakker
380da53c48 - Abstracted checksum updating during handshake 2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker
d8ef167833 - Updated for latest GCM error 2012-04-18 14:17:32 +00:00
Paul Bakker
fc5183cf5d - Added input checking and more efficient buffer overlap use 2012-04-18 14:17:01 +00:00
Paul Bakker
369e14bbf1 - Small code rewrite 2012-04-18 14:16:09 +00:00
Paul Bakker
030277ab1e - Updated error.c to include GCM errors 2012-04-17 12:24:26 +00:00
Paul Bakker
13ed9ab921 - Removed unused variable 2012-04-16 09:43:49 +00:00
Paul Bakker
0a9251870a - Report unexpected_message if unknown record type is received 2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker
bf63b36127 - Updated comments 2012-04-12 20:44:34 +00:00
Paul Bakker
c3f177a77b - Added client side support for signature_algorithm extension and affiliated handling 2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd - Initial bare version of TLS 1.2 2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534 - Fixed too restrictive test 2012-04-10 07:48:40 +00:00