Commit Graph

741 Commits

Author SHA1 Message Date
Paul Bakker
cf6e95d9a8 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
2013-06-12 13:18:15 +02:00
Paul Bakker
65a1909dc6 Internally split up x509parse_key()
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
2013-06-06 21:17:08 +02:00
Paul Bakker
1922a4e6aa ssl_parse_certificate() now calls x509parse_crt_der() directly 2013-06-06 15:11:16 +02:00
Paul Bakker
6417186365 x509parse_crt() now better handles PEM error situations
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
2013-06-06 15:01:18 +02:00
Paul Bakker
9255e8300e pem_read_buffer() already update use_len after header and footer are read
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
2013-06-06 15:00:55 +02:00
Paul Bakker
ac6168b95e Added error.h inclusion in error.c template 2013-06-06 14:52:23 +02:00
Paul Bakker
08f06cf49f Disabled the HAVEGE random generator by default
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
2013-06-06 14:05:26 +02:00
Paul Bakker
e0225e4d7f Fixed const correctness issues in programs and tests 2013-06-06 12:58:12 +02:00
Paul Bakker
eae09db9e5 Fixed const correctness issues that have no impact on the ABI 2013-06-06 12:35:54 +02:00
Paul Bakker
f92263021c Fixed offset for cert_type list in ssl_parse_certificate_request() 2013-06-06 11:24:37 +02:00
Paul Bakker
7c3c3899cf Secure renegotiation extension should only be sent in case client supports secure renegotiation 2013-06-06 11:22:13 +02:00
Paul Bakker
822e958bb2 Prepared for PolarSSL 1.2.7 release 2013-04-13 11:56:17 +02:00
Paul Bakker
f4a84b1154 Added default value comment for ssl_set_ciphersuites*() 2013-04-12 15:33:30 +02:00
Paul Bakker
f42e5cceab Cleanup of the GCM code
Removed unused variable 'v'

orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
(cherry picked from commit 0ecdb23eed)

Conflicts:
	library/gcm.c
2013-04-12 13:21:29 +02:00
Paul Bakker
d68703b17f Split up largest test suite data files into smaller chunks
(cherry picked from commit 286bf3c501)

Conflicts:
	tests/Makefile
2013-04-12 13:20:30 +02:00
Paul Bakker
8a4ec44c7c Blowfish has default of 128-bit keysize in cipher layer
(cherry picked from commit bfe671f2d5)
2013-04-12 13:18:53 +02:00
Paul Bakker
cecfd95aba Minor checks to prevent NULL-pointer exceptions
(cherry picked from commit c295b834a2)
2013-04-12 13:18:07 +02:00
Paul Bakker
93bab7ff8e Made change to error.c for dummy error_strerror() permanent
(cherry picked from commit a0234377fc)
2013-04-12 13:17:02 +02:00
Paul Bakker
a62729888b Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int **' and is now malloced in ssl_init() and freed in
ssl_free().

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
2013-04-12 13:13:43 +02:00
Paul Bakker
d4c5944212 Fixed MPI assembly for ARM when -O2 is used
GCC with -O2 or higher also needs to now about 'cc' in the clobber list.
(cherry picked from commit eff2e6d414)

Conflicts:
	ChangeLog
2013-04-12 09:40:38 +02:00
Paul Bakker
90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker
fb1cbd3cea Fixed assembly code for ARM (Thumb and regular) for some compilers 2013-03-06 18:14:52 +01:00
Paul Bakker
e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
a35aa54967 Fixed whitespaces in ChangeLog 2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker
926c8e49fe Fixed possible NULL pointer exception in ssl_get_ciphersuite() 2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46 Removed timing differences due to bad padding from RSA decrypt for
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
e3e4a59622 Added bugfix line for previous fixes for MS Visual Studio 2013-03-06 18:01:02 +01:00
Paul Bakker
8ea31ff3b5 Added missing typedef for INT64 2013-03-06 18:01:02 +01:00
Paul Bakker
9f2018ea28 Fixed typo in _MSC_VER (double underscore at the start) 2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3 Added conversion to int for a t_uint value to prevent compiler warnings
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5 Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1 Made x509parse.c also work with missing hash header files 2013-02-19 13:17:38 +01:00
Paul Bakker
6deb37e03e Added comments to indicate dependency from PEM on AES, DES and MD5 2013-02-19 13:17:08 +01:00
Paul Bakker
fbb5cf9f59 Fixed typo in base64.h 2013-02-14 11:56:58 +01:00
Paul Bakker
86f04f400b Fixed comment 2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Paul Bakker
c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6 Fixed timing difference resulting from badly formatted padding. 2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
14c56a3378 Updated for PolarSSL 1.2.4 2013-01-25 17:11:37 +01:00
Paul Bakker
9d2bb658fc Added PolarSSL 1.1.5 ChangeLog from 1.1 branch 2013-01-25 16:07:49 +01:00
Paul Bakker
1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae Correctly handle CertificateRequest with empty DN list in <= TLS 1.1 2013-01-22 14:21:49 +01:00