Commit Graph

1056 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
09ceaf49d0 Rm multiplication using NAF
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
04a0225388 Optimize w in the comb method 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
70c14372c6 Add coordinate randomization back 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
c30200e4ce Fix bound issues 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
101a39f55f Improve comb method (less precomputed points) 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca First version of ecp_mul_comb() 2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker
f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters)
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Steffan Karger
c245834bc4 Link against ZLIB when zlib is used
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:45:48 +01:00
Steffan Karger
28d81a009c Fix pkcs11.c to conform to PolarSSL 1.3 API.
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Paul Bakker
08b028ff0f Prevent unlikely NULL dereference 2013-11-19 10:42:37 +01:00
Paul Bakker
b076314ff8 Makefile now produces a .so.X with SOVERSION in it 2013-11-05 11:27:12 +01:00
Paul Bakker
f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker
0333b978fa Handshake key_cert should be set on first addition to the key_cert chain 2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185 Added defines around renegotiation code for SSL_SRV and SSL_CLI 2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7 Make ssl_renegotiate the only interface
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0 Allow ssl_renegotiate() to be called in a loop
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c Fix misplaced initialisation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker
0d7702c3ee Minor change that makes life easier for static analyzers / compilers 2013-10-29 16:18:35 +01:00
Paul Bakker
6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker
7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c Fix ECDSA corner case: missing reduction mod N
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker
50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker
6a6087e71d Added missing inline definition for MSCV and ARM environments 2013-10-28 18:53:08 +01:00
Paul Bakker
7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard
1001e32d6f Fix return value of ecdsa_from_keypair() 2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard
21ef42f257 Don't select a PSK ciphersuite if no key available 2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Paul Bakker
45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard
e68bf171eb Make get_zeros_padding() constant-time 2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard
6c32990114 Make get_one_and_zeros_padding() constant-time 2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard
d17df51277 Make get_zeros_and_len_padding() constant-time 2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a Make get_pkcs_padding() constant-time 2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9 Fix bad error codes 2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
7109624aef Skip MAC computation/check when GCM is used 2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard
8866591cc5 Don't special-case NULL cipher in ssl_tls.c 2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard
126a66f668 Simplify switching on mode in ssl_tls.c 2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard
98d9a2c061 Fix missing or wrong ciphersuite definitions 2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard
6fb0f745be Rank GCM before CBC in ciphersuite_preference 2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard
8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard
e0dca4ad78 Cipher layer: check iv_len more carefully 2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard
dae7093875 gcm_selftest depends on AES 2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard
87181d1deb Add Camellia-GCM to th cipher layer 2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
13e0d449f7 Add Camellia-GCM test vectors
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
9fcceac943 Add a comment about modules coupling 2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard
b21c81fb41 Use less memory in fix_negative() 2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard
cae6f3ed45 Reorganize code in ecp.c 2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard
5779cbe582 Make mod_p{224,256,384] a bit faster
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard
c04c530a98 Make NIST curves optimisation an option 2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard
0f9149cb0a Add mod_p384 2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard
ec655c908c Add mod_p256 2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard
210b458ddc Document and slightly reorganize mod_pXXX 2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard
2a08c0debc mod_p224 now working with 8-bit and 16-bit ints 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
a47e7058ea mod_p224 now endian-neutral 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
e783f06f73 Start working on mod_p224
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8 Make ecp_mod_p521 a bit faster 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
c9e387ca9e Optimize ecp_modp()
Makes it 22% faster, for a 5% gain on ecp_mul()
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd Rework ecp_mod_p192()
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Paul Bakker
6888167e73 Forced cast to prevent MSVC compiler warning 2013-10-15 13:24:01 +02:00
Paul Bakker
5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker
bbc1007c50 Convert SOCKET to int to prevent compiler warnings under MSVC.
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0 Fix bug in psk_identity_hint parsing 2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2 Dependency fixes 2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537 Refactor parse_server_key_exchange a bit 2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
ef0eb1ebd8 Add two missing RSA-PSK ciphersuites 2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard
0fae60bb71 Implement RSA-PSK key exchange 2013-10-14 19:34:48 +02:00
Paul Bakker
be089b0483 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2013-10-14 15:51:50 +02:00
Paul Bakker
b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
057e0cf263 Fix ciphersuites dependencies on MD5 and SHA1 2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2 More *-PSK refactoring 2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449 Factor PSK pms computation to ssl_tls.c 2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65 Fix bugs in ECDHE_PSK key exchange 2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
225d6aa786 Add ECDHE_PSK ciphersuites 2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00 Add support for ECDHE_PSK key exchange 2013-10-11 18:16:35 +02:00
Paul Bakker
b887f1119e Removed return from error_strerror() 2013-10-11 15:24:31 +02:00
Paul Bakker
beccd9f226 Explicit void pointer cast for buggy MS compiler 2013-10-11 15:20:27 +02:00
Paul Bakker
5191e92ecc Added missing x509write_crt_set_version() 2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de threading_set_own() renamed to threading_set_alt() 2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51 Better support for MSVC 2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246 Possible naming collision in dhm_context 2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c Fixed const-correctness issues 2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard
ae102995a7 RSA blinding: lock for a smaller amount of time 2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard
4d89c7e184 RSA blinding: check highly unlikely cases 2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard
971f8b84bb Fix compile errors with RSA_NO_CRT 2013-10-11 09:18:16 +02:00