Paul Bakker
c27c4e2efb
Support faulty X509 v1 certificates with extensions
...
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
fe28646f72
Fix references to x509parse in config.h
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
09fff7ee25
Cosmetics in config.h
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
1a483833b3
SSL_TLS doesn't depend on PK any more
...
(But PK does depend on RSA or ECP.)
2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard
4fee79b885
Fix some more depend issues
2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec
Fix some dependencies and warnings in small config
2013-09-19 10:49:00 +02:00
Paul Bakker
5ad403f5b5
Prepared for 1.3.0 RC0
2013-09-18 21:21:30 +02:00
Paul Bakker
6db455e6e3
PSK callback added to SSL server
2013-09-18 21:14:58 +02:00
Paul Bakker
4fc090af9c
Minor typos in pk.h
2013-09-18 15:43:25 +02:00
Manuel Pégourié-Gonnard
da179e4870
Add ecp_curve_list(), hide ecp_supported_curves
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
dace82f805
Refactor cipher information management
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
161ef968db
Cache pre-computed points for ecp_mul()
...
Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a
preparation for fixed-point mult (a few prototypes changed in constness).
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e
Add human-friendly name in ecp_curve_info
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a79d123a55
Make ecp_supported_curves constant
2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
51451f8d26
Replace EC flag with ssl_ciphersuite_uses_ec()
2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
c83e418149
Prepare for ECDH point blinding just in case
2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard
c972770f78
Prepare ecp_group for future extensions
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
456d3b9b0b
Make ECP error codes more specific
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
568c9cf878
Add ecp_supported_curves and simplify some code
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
7038039f2e
Dissociate TLS and internal EC curve identifiers
...
Allows to add new curves before they get a TLS number
2013-09-18 14:34:34 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e
Generalized function names of x509 functions not parse-specific
...
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211
Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
2013-09-17 14:36:05 +02:00
Paul Bakker
f20ba4b7b6
Minor typo in config.h
2013-09-16 22:46:20 +02:00
Paul Bakker
da7711594e
Changed pk_parse_get_pubkey() to pk_parse_subpubkey()
2013-09-16 22:45:03 +02:00
Paul Bakker
ff3a518e78
Changed doxygen comments in pk.h from x509_module to pk_module
2013-09-16 22:42:19 +02:00
Paul Bakker
d1a983fe77
Removed x509parse key functions and moved them to compat-1.2.h
2013-09-16 22:26:53 +02:00
Paul Bakker
f8db11f454
Fixed typo is ssl_list_ciphersuites() prototype
2013-09-16 22:22:39 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39
POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C
2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0
Move *_pemify() function to PEM module
2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6
Moved DHM parsing from X509 module to DHM module
2013-09-15 17:43:54 +02:00
Paul Bakker
2292d1fad0
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
2013-09-15 17:06:49 +02:00
Paul Bakker
4606c7317b
Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C
2013-09-15 17:04:23 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2
Make CBC an option, step 2: cipher layer
2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
f7dc378ead
Make CBC an option, step 1: ssl ciphersuites
2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard
4fe9200f47
Fix memory leak in GCM by adding gcm_free()
2013-09-13 13:45:58 +02:00
Paul Bakker
9013af76a3
Merged major refactoring of x509write module into development
...
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
0237620a78
Fix some dependencies declaration
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2
Add missing f_rng/p_rng arguments to x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
53c642504e
Use PK internally for x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5
Convert x509write_crt interface to PK
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d
Add EC support to x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
edda9041fc
Adapt asn1_write_algorithm_identifier() to params
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e
Add EC support to x509write_pubkey
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb
Adapt x509write_pubkey interface to use PK
...
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f
Adapt x509write_csr prototypes for PK
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
8053da4057
x509write_csr() now fully using PK internally
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
5353a03eb9
x509write_csr using PK internally (WIP)
2013-09-12 11:57:00 +02:00
Paul Bakker
dcbfdcc177
Updated doxygen documentation in header files and HTML pages
2013-09-10 16:16:50 +02:00
Paul Bakker
c0dcf0ceb1
Merged blinding additions for EC, RSA and DHM into development
2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7
Merged GCM refactoring into development
...
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Manuel Pégourié-Gonnard
ea53a55c0f
Refactor to prepare for RSA blinding optimisation
2013-09-10 13:55:35 +02:00
Paul Bakker
1c3853b953
oid_get_oid_by_*() now give back oid length as well
2013-09-10 11:43:44 +02:00
Paul Bakker
7db0109436
Made POLARSSL_MD_MAX_SIZE dependent on POLARSSL_SHA512_C
2013-09-10 11:10:57 +02:00
Paul Bakker
eba3ccf785
Typo in config.h
2013-09-09 15:56:09 +02:00
Paul Bakker
f9f377e652
CSR Parsing (without attributes / extensions) implemented
2013-09-09 15:35:10 +02:00
Paul Bakker
cdda097507
Fixed doxygen documentation in asn1.h (added \brief)
2013-09-09 12:51:29 +02:00
Paul Bakker
52be08c299
Added support for writing Key Usage and NS Cert Type extensions
2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684
Changes x509_csr to x509write_csr
2013-09-09 12:38:45 +02:00
Paul Bakker
5f45e62afe
Migrated from x509_req_name to asn1_named_data structure
2013-09-09 12:02:36 +02:00
Paul Bakker
c547cc992e
Added generic asn1_free_named_data_list()
2013-09-09 12:01:23 +02:00
Paul Bakker
59ba59fa30
Generalized x509_set_extension() behaviour to asn1_store_named_data()
2013-09-09 11:34:44 +02:00
Paul Bakker
43aff2aec4
Moved GCM to use cipher layer instead of AES directly
2013-09-09 00:10:27 +02:00
Paul Bakker
f46b6955e3
Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode)
2013-09-09 00:08:26 +02:00
Paul Bakker
5e0efa7ef5
Added POLARSSL_MODE_ECB to the cipher layer
2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard
032c34e206
Don't use DH blinding for ephemeral DH
2013-09-07 13:06:27 +02:00
Manuel Pégourié-Gonnard
337b29c334
Test and document EC blinding overhead
2013-09-07 11:52:27 +02:00
Paul Bakker
15162a054a
Writing of X509v3 extensions supported
...
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
329def30c5
Added asn1_write_bool()
2013-09-06 16:34:38 +02:00
Paul Bakker
9397dcb0e8
Base X509 certificate writing functinality
2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
7da0a38d43
Rm some includes that are now useless
2013-09-05 17:06:11 +02:00
Manuel Pégourié-Gonnard
b8bd593741
Restrict cipher_update() for GCM
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
226d5da1fc
GCM ciphersuites partially using cipher layer
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
143b5028a5
Implement DH blinding
2013-09-04 16:29:59 +02:00
Paul Bakker
c049955b32
Merged new cipher layer enhancements
2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard
2d627649bf
Change dhm_calc_secret() prototype
2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
ce4112538c
Fix RC4 key length in cipher
2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard
83f3fc0d77
Add AES-192-GCM
2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard
43a4780b03
Ommit AEAD functions if GCM not defined
2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98
Split tag handling out of cipher_finish()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346
Split cipher_update_ad() out or cipher_reset()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
a235b5b5bd
Fix iv_len interface.
...
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard
9c853b910c
Split cipher_set_iv() out of cipher_reset()
2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
e09d2f8261
Change ecp_mul() prototype to allow randomization
...
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker
eb851f6cd5
Merged current cipher enhancements for ARC4 and AES-GCM
2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard
9241be7ac5
Change cipher prototypes for GCM
2013-08-31 18:07:42 +02:00
Paul Bakker
da02a7f45e
AES_CBC ciphersuites now run purely via cipher layer
2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard
b5e85885de
Handle NULL as a stream cipher for more uniformity
2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022
Add arc4 support in the cipher layer
2013-08-30 17:11:28 +02:00
Paul Bakker
f451bac000
Blinding RSA only active when f_rng is provided
2013-08-30 15:48:53 +02:00
Paul Bakker
48377d9834
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
2013-08-30 13:41:14 +02:00
Paul Bakker
548957dd49
Refactored RSA to have random generator in every RSA operation
...
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80
Merged refactored x509write module into development
2013-08-28 16:32:51 +02:00
Manuel Pégourié-Gonnard
c852a68b96
More robust selection of ctx_enc size
2013-08-28 13:13:30 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
acc7505a35
Temporary fix for size of cipher contexts
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
db77175e99
Make ecdsa_verify() return value more explicit
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
2fb15f694c
Un-rename ssl_set_own_cert_alt()
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
c6b6803dcf
Add forgotten "inline" keyword
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50
Allow compiling without RSA or DH
...
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b
pk_{sign,verify}() now accept hash_len = 0
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
51be559c53
Fix PKCS#11 deps: now goes through PK
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
c40b4c3708
Add configuration item for the PK module
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440
Merge code for RSA and ECDSA in SSL
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21
Use the new PK RSA-alt interface
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
12c1ff0ecb
Add RSA-alt to the PK layer
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007
Add and use pk_encrypt(), pk_decrypt()
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178
Introduce pk_sign() and use it in ssl
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e
Check key type against selected key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127
Declare ECDSA key exchange and ciphersuites
...
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
0b03200e96
Add server-side support for ECDSA client auth
2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
2013-08-27 15:06:54 +02:00
Paul Bakker
9852d00de6
Moved asn1write funtions to use asn1_write_raw_buffer()
2013-08-26 17:56:37 +02:00
Paul Bakker
7accbced87
Doxygen documentation added to asn1write.h
2013-08-26 17:37:18 +02:00
Paul Bakker
f3df61ad10
Generalized PEM writing in x509write module for RSA keys as well
2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70
Move PEM conversion of DER data to x509write module
2013-08-26 17:37:18 +02:00
Paul Bakker
1c0e550e21
Added support for Netscape Certificate Types in CSR writing
...
Further generalization of extension adding / replacing in the CSR
structure
2013-08-26 17:37:18 +02:00
Paul Bakker
e5eae76bf0
Generalized the x509write_csr_set_key_usage() function and key_usage
...
storage
2013-08-26 17:37:18 +02:00
Paul Bakker
6db915b5a9
Added asn1_write_raw_buffer()
2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard
5151b45aa1
Minor comment fixes
2013-08-26 14:31:20 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5
Move verify_result from ssl_context to session
2013-08-26 14:26:02 +02:00
Paul Bakker
fde4270186
Added support for writing key_usage extension
2013-08-25 14:47:27 +02:00
Paul Bakker
598e450538
Added asn1_write_bitstring() and asn1_write_octet_string()
2013-08-25 14:46:39 +02:00
Paul Bakker
ef0ba55a78
Removed old X509 write data from x509.h
2013-08-25 11:48:10 +02:00
Paul Bakker
f677466d9a
Doxygen documentation added to x509write.h
2013-08-25 11:47:51 +02:00
Paul Bakker
0e06c0fdb4
Assigned error codes to the error defines
2013-08-25 11:21:30 +02:00
Paul Bakker
82e2945ed2
Changed naming and prototype convention for x509write functions
...
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
8eabfc1461
Rewrote x509 certificate request writing to use structure for storing
2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
fff80f8879
PK: use NULL for unimplemented operations
2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard
f73da02962
PK: change pk_verify arguments (md_info "optional")
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ab46694558
Change pk_set_type to pk_init_ctx for consistency
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
15699380e5
Small PK cleanups
...
- better error codes
- rm now-useless include
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c
PK: rename members for consistency CIPHER, MD
...
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
09162ddcaa
PK: reuse some eckey functions for ecdsa
...
Also add some forgotten 'static' while at it.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
c6ac8870d5
Nicer interface between PK and debug.
...
Finally get rid of pk_context.type member, too.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
b3d9187cea
PK: add nice interface functions
...
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
765db07dfb
PK: use alloc and free function pointers
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3053f5bcb4
Get rid of pk_wrap_rsa()
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f8c948a674
Add name and get_size() members in PK
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
835eb59c6a
PK: fix support for ECKEY_DH
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f18c3e0378
Add a PK can_do() method and simplify code
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
d73b3c13be
PK: use wrappers and function pointers for verify
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f499993cb2
Add ecdsa_from_keypair()
...
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
cc0a9d040d
Fix const-correctness of rsa_*_verify()
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
211a64c79f
Add eckey to ecdsa conversion in the PK layer
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
e09631b7c4
Create ecp_group_copy() and use it
2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
aa431613b3
Add ecdsa example program
2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
8eebd012b9
Add an ecdsa_genkey() function
2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard
4846f5ecbc
ecdsa now depends on ASN.1 parse & write
2013-08-20 20:04:16 +02:00
Manuel Pégourié-Gonnard
b694b4896c
Add ecdsa_{read,write}_signature()
2013-08-20 20:04:16 +02:00
Paul Bakker
04784f57e4
Added config check for SSL/TLS module that depends on cipher layer
2013-08-19 13:31:39 +02:00
Paul Bakker
59da0a46a4
Added config check for POLARSSL_SSL_SESSION_TICKETS
2013-08-19 13:27:17 +02:00
Manuel Pégourié-Gonnard
298aae4524
Adapt core OID functions to embeded null bytes
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
56a487a17f
Minor ecdsa cleanups
...
- point_format is of no use
- d was init'ed and free'd twice
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
0b2726732e
Fix ifdef conditions for EC-related extensions.
...
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358
Actually use the point format selected for ECDH
2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
606b4ba20f
Session ticket expiration checked on server
2013-08-15 11:42:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
56dc9e8bba
Authenticate session tickets.
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
990c51a557
Encrypt session tickets
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
779e42982c
Start adding ticket keys (only key_name for now)
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37
Fix reusing session more than once
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7
Parse NewSessionTicket message
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989
ssl_cli: write & parse session ticket extension
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
75d440192c
Introduce ticket field in session structure
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
747180391d
Add ssl_get_session() to save session on client
2013-08-14 14:08:03 +02:00
Paul Bakker
48e93c84b7
Made padding modes configurable from config.h
2013-08-14 14:02:48 +02:00
Paul Bakker
1a45d91cf2
Restructured cipher_set_padding_mode() to use switch statement
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
ebdc413f44
Add 'no padding' mode
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95
Add zero padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a
Add zeros-and-length (ANSI X.923) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad
Add one-and-zeros (ISO/IEC 7816-4) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
ac56a1aec4
Make cipher_set_padding() actually work
...
(Only one padding mode recognized yet.)
2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5
Add cipher_set_padding() (no effect yet)
...
Fix pattern in tests/.gitignore along the way.
2013-08-14 14:02:46 +02:00
Paul Bakker
0f2f0bfc87
CAMELLIA-based PSK and DHE-PSK ciphersuites added
2013-07-26 15:04:03 +02:00
Paul Bakker
d6f41c5bcd
Fixed size of ctx_enc / ctx_dec in ssl for gcm_context size
2013-07-25 17:01:54 +02:00
Paul Bakker
f16db18c55
Fixed header file comments on ciphersuites
2013-07-25 11:30:31 +02:00
Paul Bakker
8c1ede655f
Changed prototype for ssl_set_truncated_hmac() to allow disabling
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
277f7f23e2
Implement hmac truncation
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
57c2852807
Added truncated hmac negociation (without effect)
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0
Add interface for truncated hmac
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
ed4af8b57c
Move negotiated max fragment length to session
...
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard
581e6b6d6c
Prepare migrating max fragment length to session
...
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard
48f8d0dbbd
Read max_fragment_length extension (server)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
8b46459ae5
Add ssl_set_max_frag_len()
2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
fd5164e283
Fix some more ifdef's RSA/EC, in pk and debug
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
ab2d9836b4
Fix some ifdef's in x509parse
...
While at it:
- move _rsa variants systematically after generic functions
- unsplit x509parse_key_pkcs8_encrypted_der() (reverts a5d9974
)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
96f3a4e1b3
Rm ecp_keypair.alg
...
Avoid duplicating information already present in pk_context.
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac
Some more EC pubkey parsing refactoring
...
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
1c808a011c
Refactor some EC key parsing code
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
991d0f5aca
Remove rsa member from x509_cert structure
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
360a583029
Adapt x509parse_cert_info() for EC
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
674b2243eb
Prepare transition from x509_cert.rsa to pk
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
2692a30c1b
Relax ifdef's in pk.h by analogy with md.h
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
1e60cd09b0
Expand oid_get_sig_alg() for ECDSA-based algs
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
244569f4b1
Use generic x509_get_pubkey() for RSA functions
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
788db112a5
Get rid of x509_cert.pkoid
...
Unused, comment did not match reality, and will soon be superseeded by the
'type' field of the pk_context which will replace rsa_context.
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
374e4b87d4
pk_set_type() cannot be used to reset key type
2013-07-17 15:59:39 +02:00
Paul Bakker
f4a1427ae7
base64_decode() also forcefully returns on dst == NULL
2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
7d4e5b739e
Simplify password check in pem_read_buffer()
2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
de44a4aecf
Rename ecp_check_prvkey with a 'i' for consistency
2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
81c313ccc6
Add #ifdef's on RSA and EC in PK
2013-07-09 10:49:09 +02:00
Manuel Pégourié-Gonnard
7a6c946446
Fix error code in pk.h
2013-07-09 10:37:27 +02:00
Manuel Pégourié-Gonnard
8838099330
Add x509parse_{,public}_key{,file}()
...
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
12e0ed9115
Add pk_context and associated functions
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
f8648d51b1
Fix undocumented feature of pem_read_buffer()
...
Used to work only for RSAPrivateKey content, now accepts ECPrivateKey too,
and may even work with similar enough structures when they appear.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f838eeda09
Add x509_get_ecparams()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f0b30d0542
Add oid_get_ec_grp() and associated data
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
5a9b82e234
Make oid_get_pk_alg handle EC algorithms
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
26833c2fc6
Add stubs for x509parse_key_ec and co.
2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83
Add ecp_check_prvkey, with test
...
Also group key checking and generation functions in ecp.h and ecp.c.
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
b8c6e0e3e9
Add ecp_keypair struct, init/free and constants
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
7c8934ea0e
Add ecdsa_init and ecdsa_free
2013-07-08 15:30:23 +02:00
Manuel Pégourié-Gonnard
bec2f45cfc
Add ecdsa_context structure
2013-07-08 15:30:23 +02:00
Paul Bakker
fa9b10050b
Also compiles / runs without time-based functions in OS
...
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
ecd54fb897
Disable POLARSSL_TIMING_C by default (only required for HAVEGE)
2013-07-03 17:22:31 +02:00
Paul Bakker
6e339b52e8
Memory-allocation abstraction layer and buffer-based allocator added
2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
fd3eac5786
Cleaned up ECP error codes
2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05
Made supported curves configurable
2013-06-29 23:26:34 +02:00
Paul Bakker
e2ab84f4a1
Renamed error_strerror() to the less conflicting polarssl_strerror()
...
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8
Client and server now filter sent and accepted ciphersuites on minimum
...
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
f8d018a274
Made asn1_get_alg() and asn1_get_alg_null() as generic functions
...
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
2013-06-29 18:35:40 +02:00
Paul Bakker
47fce02bd8
Defines around module-dependent OIDs
2013-06-29 18:35:40 +02:00
Paul Bakker
7749a22974
Moved PKCS#12 cipher layer based PBE detection to use OID database
2013-06-29 18:32:16 +02:00
Paul Bakker
9b5e885611
PKCS#5 PBES2 now uses OID database for algorithm detection
2013-06-28 16:12:50 +02:00
Paul Bakker
407a0da160
Moved __cplusplus extern statement to include struct definitions as well.
2013-06-27 14:29:21 +02:00
Paul Bakker
b9d3cfa114
Split up GCM into a start/update/finish cycle
2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a
Made ctr_drbg_init_entropy_len() non-static and defined
2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6
Cleanup up non-prototyped functions (static) and const-correctness
...
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
b0713c7e1f
Updated PKCS#12 define dependencies
...
(cherry picked from commit 602c31be23
)
2013-06-25 15:06:54 +02:00
Paul Bakker
38b50d73a1
Moved PKCS#12 PBE functions to cipher / md layer where possible
...
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).
In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2
)
2013-06-25 15:06:53 +02:00
Paul Bakker
9bcf16c55d
Centralized module option values in config.h
...
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
(cherry picked from commit 6fa5488779
)
Conflicts:
include/polarssl/config.h
2013-06-25 15:06:53 +02:00