Commit Graph

358 Commits

Author SHA1 Message Date
Paul Bakker
fdf946928d Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites 2013-12-17 13:10:27 +01:00
Paul Bakker
f70fe81a6e Fixed memory leak in benchmark application 2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f Potential memory leak in ssl_ticket_keys_init() 2013-12-17 13:09:12 +01:00
Paul Bakker
48d78a5e60 Merged support for Curve25519 2013-12-05 16:12:40 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Paul Bakker
b14817d10a Updated ChangeLog for splitting off curves from ecp.c 2013-12-02 22:03:23 +01:00
Paul Bakker
9dc53a9967 Merged client ciphersuite order preference option 2013-12-02 14:56:27 +01:00
Paul Bakker
014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Paul Bakker
4040d7e95c Merged more constant-time checking in RSA 2013-12-02 14:53:23 +01:00
Paul Bakker
c3d0d07a7a Merged change from readdir_r() to readdir() + threading 2013-12-02 14:52:50 +01:00
Paul Bakker
7aa0375b78 Updated ChangeLog to reflect recent changes 2013-11-26 17:37:31 +01:00
Paul Bakker
a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker
f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters)
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Paul Bakker
f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker
e1121b6217 Update ChangeLog for renegotiation changes 2013-10-31 15:57:22 +01:00
Paul Bakker
7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c Fix ECDSA corner case: missing reduction mod N
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker
93c6aa4014 Fixed that selfsign copies issuer_name to subject_name 2013-10-28 22:29:11 +01:00
Paul Bakker
50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker
7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Paul Bakker
08bb187bb6 Merged Public Key framwork tests 2013-10-28 14:11:09 +01:00
Paul Bakker
68037da3cd Update Changelog for minor fixes 2013-10-28 14:02:40 +01:00
Paul Bakker
45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Paul Bakker
5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker
a7ea6a5a18 config.h is more script-friendly 2013-10-15 11:55:10 +02:00
Paul Bakker
be089b0483 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2013-10-14 15:51:50 +02:00
Paul Bakker
5191e92ecc Added missing x509write_crt_set_version() 2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de threading_set_own() renamed to threading_set_alt() 2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51 Better support for MSVC 2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246 Possible naming collision in dhm_context 2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c Fixed const-correctness issues 2013-10-11 09:38:06 +02:00
Paul Bakker
ddba8822d0 Added bugfixes to ChangeLog 2013-10-11 09:22:12 +02:00
Paul Bakker
3a2c0563c9 Added 1.2.10 to ChangeLog 2013-10-07 16:22:05 +02:00
Paul Bakker
d93d28e370 Fixed release date for 1.3.0 2013-10-01 10:15:23 +02:00
Paul Bakker
2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Paul Bakker
c13aab18dc Added 1.1.8 and 1.2.9 release 2013-09-26 10:12:19 +02:00
Paul Bakker
f18084a201 Ready for 1.3.0 release 2013-09-26 10:07:09 +02:00
Paul Bakker
8b817dc47e Merged support for multiple certificate/key pairs in SSL into
development
2013-09-25 18:05:16 +02:00
Paul Bakker
c27c4e2efb Support faulty X509 v1 certificates with extensions
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Paul Bakker
5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Paul Bakker
45f21c7ad1 PK layer and X509 core refactoring in ChangeLog 2013-09-18 15:34:45 +02:00
Paul Bakker
7fb4a79f50 Added merged functionality to ChangeLog 2013-09-14 08:15:55 +02:00
Paul Bakker
6ec34fb53d Added ChangeLog for blinding 2013-09-10 14:53:46 +02:00
Paul Bakker
003dbad250 Fixed file descriptor leak in x509parse_crtpath() 2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8 x509_verify() now case insensitive for cn (RFC 6125 6.4) 2013-09-09 17:21:45 +02:00
Paul Bakker
aab30c130c RSA blinding added for CRT operations 2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker
c8676784ff Amended ChangeLog for ECDSA-ciphersuites 2013-08-28 12:15:11 +02:00
Paul Bakker
0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker
936539ad4b Updated Changelog to reflect addition of session tickets 2013-08-14 14:26:03 +02:00
Paul Bakker
da4d1c35d1 Updated Changelog to reflect feature addition 2013-08-14 14:02:48 +02:00
Paul Bakker
1e6a175362 Support for AIX header locations in net.c module 2013-07-26 14:10:22 +02:00
Paul Bakker
f85778efb0 Updated Changelog for EC Key / Cert and RFC 6066 extensions 2013-07-19 14:55:25 +02:00
Paul Bakker
fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker
abf2f8fcf9 zlib compression/decompression skipped on empty blocks 2013-06-30 14:57:46 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
63899feca8 Removed redundant bugfix from ChangeLog (Already done in 1.2.8) 2013-06-30 12:20:03 +02:00
Paul Bakker
e2ab84f4a1 Renamed error_strerror() to the less conflicting polarssl_strerror()
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8 Client and server now filter sent and accepted ciphersuites on minimum
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
b9d3cfa114 Split up GCM into a start/update/finish cycle 2013-06-26 15:08:29 +02:00
Paul Bakker
de65623f3e PolarSSL 1.2.6 and PolarSSL 1.2.7 changes added to ChangeLog 2013-06-24 19:09:24 +02:00
Paul Bakker
248fff5369 PolarSSL 1.1.6 and PolarSSL 1.1.7 changed added to ChangeLog 2013-06-24 19:09:24 +02:00
Paul Bakker
73d4431ccd Fixed parse error in ssl_parse_certificate_request() 2013-05-22 13:56:26 +02:00
Paul Bakker
b91c2b5782 PSK and DHE-PSK addition to ChangeLog 2013-04-19 20:47:26 +02:00
Paul Bakker
8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker
eff2e6d414 Fixed MPI assembly for ARM when -O2 is used
GCC with -O2 or higher also needs to now about 'cc' in the clobber list.
2013-04-11 17:13:22 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker
9b5798dc75 Modified ChangeLog to include explanations of last SSL module changes 2013-03-13 13:53:00 +01:00
Paul Bakker
90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker
fb1cbd3cea Fixed assembly code for ARM (Thumb and regular) for some compilers 2013-03-06 18:14:52 +01:00
Paul Bakker
e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
a35aa54967 Fixed whitespaces in ChangeLog 2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46 Removed timing differences due to bad padding from RSA decrypt for
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
e3e4a59622 Added bugfix line for previous fixes for MS Visual Studio 2013-03-06 18:01:02 +01:00
Paul Bakker
3d2dc0f8e5 Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Paul Bakker
c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6 Fixed timing difference resulting from badly formatted padding. 2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00