Manuel Pégourié-Gonnard
0408fd1fbb
Add extendedKeyUsage checking in SSL modules
2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca
Add x509_crt_check_extended_key_usage()
2014-04-11 11:09:00 +02:00
Paul Bakker
d6ad8e949b
Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C
2014-04-09 17:24:14 +02:00
Paul Bakker
a77de8c841
Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off
2014-04-09 16:39:35 +02:00
Paul Bakker
043a2e26d0
Merge verification of the keyUsage extension in X.509 certificates
2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard
a9db85df73
Add tests for keyUsage with client auth
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
490047cc44
Code cosmetics
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
312010e6e9
Factor common parent checking code
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
f93a3c4335
Check the CA bit on trusted CAs too
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
99d4f19111
Add keyUsage checking for CAs
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
3fed0b3264
Factor some common code in x509_verify{,_child}
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2
Check keyUsage in SSL client and server
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
603116c570
Add x509_crt_check_key_usage()
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
2abed84225
Specific return code for PK sig length mismatch
2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard
35e95ddca4
Add special return code for ecdsa length mismatch
2014-04-09 15:49:59 +02:00
Paul Bakker
ddd427a8fc
Fixed spacing in entropy_gather()
2014-04-09 15:49:57 +02:00
Paul Bakker
75342a65e4
Fixed typos in code
2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard
0f79babd4b
Disable timing_selftest() for now
2014-04-09 15:49:51 +02:00
Paul Bakker
17b85cbd69
Merged additional tests and improved code coverage
...
Conflicts:
ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f
Prevent potential NULL pointer dereference in ssl_read_record()
2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard
8c045ef8e4
Fix embarrassing X.509 bug introduced in 9533765
2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae
Implement ALPN server-side
2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
0148875cfc
Add tests and fix bugs for RSA-alt contexts
2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
7e250d4812
Add ALPN interface
2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard
79e58421be
Also test net_usleep in timing_selttest()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33
Add test for dhm_parse_dhmfile
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
7afdb88216
Test and fix x509_oid functions
2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
d6aebe108a
Add 'volatile' to hardclock()'s asm
...
Prevents calls from being optimised away in timing_self_test().
(Should no be a problem for calls from other files.)
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
13a1ef8600
Misc selftest adjustements
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5
Add timing_self_test() with consistency tests
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
487588d0bf
Whitespace fixes
2014-04-04 16:33:01 +02:00
Paul Bakker
e4205dc50a
Merged printing of X509 extensions
2014-04-04 15:36:10 +02:00
Paul Bakker
5ff3f9134b
Small fix for EFI build under Windows in x509_crt.c
2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard
0db29b05b5
More compact code using macros
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0
x509_crt_info() list output cosmectics
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3
Print extended key usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318
Print key_usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855
Print subject alt name in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829
Print NS Cert Type in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f
Start printing extensions in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
74bc68ac62
Fix default #define for malloc/free
2014-04-02 13:20:00 +02:00
Paul Bakker
75a2860f26
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard
dd75c3183b
Remove potential timing leak in ecdsa_sign()
2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard
5b8c409f53
Fix a warning (theoretical uninitialised variable)
2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
969ccc6289
Fix length checking of various ClientKeyExchange's
2014-03-27 21:10:56 +01:00
Paul Bakker
96d5265315
Made ready for release 1.3.5
2014-03-26 16:55:50 +01:00
Paul Bakker
5fff23b92a
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-03-26 15:34:54 +01:00
Paul Bakker
4c284c9141
Removed LCOV directives from code
2014-03-26 15:33:05 +01:00
Paul Bakker
77f4f39ea6
Make sure no random pointer occur during failed malloc()'s
2014-03-26 15:30:20 +01:00
Paul Bakker
db1f05985e
Add a check for buffer overflow to pkcs11_sign()
...
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.
An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)
As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
2014-03-26 15:14:21 +01:00
Paul Bakker
91c61bc4fd
Further tightened the padlen check to prevent underflow / overflow
2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
c042cf0013
Fix broken tests due to changed error code
...
Introduced in 5246ee5c59
2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb
Fix possible buffer overflow with PSK
2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard
fdddac90a6
Fix stupid bug in rsa_copy()
2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard
f84f799bcf
Tune debug_print_ret format
2014-03-26 12:58:46 +01:00
Paul Bakker
b13d3ffb80
Provide no info from entropy_func() on future entropy
2014-03-26 12:51:25 +01:00
Paul Bakker
66ff70dd48
Support for seed file writing and reading in Entropy
2014-03-26 11:58:07 +01:00
Paul Bakker
3f0be61a27
Merged support for parsing EC keys that use SpecifiedECDomain
2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard
9592485d0c
Fix some MSVC12 conversion warnings
2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard
3b6269aa08
Fix warnings on MinGW
2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard
6fac3515d0
Make support for SpecifiedECDomain optional
2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
5246ee5c59
Work around compressed EC public key in some cases
2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
eab20d2a9c
Implement parsing SpecifiedECParameters
2014-03-19 15:51:12 +01:00
Paul Bakker
6c1f69b879
MinGW32 static build should link to windows libs and libz
2014-03-17 15:11:13 +01:00
Paul Bakker
3d6504a935
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard
2eea29238c
Make the compiler work-around more specific
2014-03-14 18:23:26 +01:00
Paul Bakker
a4b0343edf
Merged massive SSL Testing improvements
2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
bb8661e006
Work around a compiler bug on OS X.
2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard
d701c9aec9
Fix memory leak in server with expired tickets
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
84c30c7e83
Fix memory leak in ssl_cache
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
145dfcbfc2
Fix bug with NewSessionTicket and non-blocking I/O
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
96ea2f2557
Add tests for SNI
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
8520dac292
Add tests for auth_mode
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
da6b4d3e8c
Change RSA embedded cert to a localhost cert
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
dfbf9c711d
Fix bug in m_sleep()
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
274a12e17c
Fix bug with ssl_cache and max_entries=0
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
f7c52014ec
Add basic tests for session resumption
2014-03-14 08:41:00 +01:00
hasufell
3c6409b066
CMake: allow to build both shared and static at once
...
This allows for more fine-grained control. Possible combinations:
* static off, shared on
* static on, shared off
* static on, shared on
The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.
Default is: only build static lib.
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9a6e93e7a4
Reserve -1 as an error code (used in programs)
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
844a4c0aef
Fix RSASSA-PSS example programs
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
83cdffc437
Forbid sequence number wrapping
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
3c599f11b0
Avoid possible segfault on bad server ciphersuite
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25
Reject certs and CRLs from the future
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
6304f786e0
Add x509_time_future()
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c
Fix depend issues in test suites for cipher modes
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
1ec220b002
Add missing #ifdefs in aes.h
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
648656a628
Fix error code in dhm_selftest()
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff
Countermeasure against "triple handshake" attack
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
fdf3f0e671
Avoid "unreachable code" warning
2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard
2a2ae642d8
Fix forgotten curves in #ifdef
2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard
6b1e207081
Fix verion-major intolerance
2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard
c9093085ed
Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
...
This reverts commit ab50d8d30c
, reversing
changes made to e31b1d992a
.
2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard
6df09578bb
Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic"
...
This reverts commit 9eae7aae80
.
2014-02-12 09:29:05 +01:00
Paul Bakker
f2561b3f69
Ability to provide alternate timing implementation
2014-02-06 15:32:26 +01:00
Paul Bakker
47703a0a80
More entropy functions made thread-safe (add_source, update_manual, gather)
2014-02-06 15:01:20 +01:00
Paul Bakker
9eae7aae80
Mutex call in x509_crt.c depended on PTHREAD specific instead of generic
...
threading
2014-02-06 14:51:53 +01:00
Paul Bakker
6a28e722c9
Merged platform compatibility layer
2014-02-06 13:44:19 +01:00