Commit Graph

1611 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
5246ee5c59 Work around compressed EC public key in some cases 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
eab20d2a9c Implement parsing SpecifiedECParameters 2014-03-19 15:51:12 +01:00
Paul Bakker
6c1f69b879 MinGW32 static build should link to windows libs and libz 2014-03-17 15:11:13 +01:00
Paul Bakker
3d6504a935 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard
2eea29238c Make the compiler work-around more specific 2014-03-14 18:23:26 +01:00
Paul Bakker
a4b0343edf Merged massive SSL Testing improvements 2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
bb8661e006 Work around a compiler bug on OS X. 2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard
d701c9aec9 Fix memory leak in server with expired tickets 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
84c30c7e83 Fix memory leak in ssl_cache 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
145dfcbfc2 Fix bug with NewSessionTicket and non-blocking I/O 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
96ea2f2557 Add tests for SNI 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
8520dac292 Add tests for auth_mode 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
da6b4d3e8c Change RSA embedded cert to a localhost cert 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
dfbf9c711d Fix bug in m_sleep() 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
274a12e17c Fix bug with ssl_cache and max_entries=0 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
f7c52014ec Add basic tests for session resumption 2014-03-14 08:41:00 +01:00
hasufell
3c6409b066 CMake: allow to build both shared and static at once
This allows for more fine-grained control. Possible combinations:
  * static off, shared on
  * static on, shared off
  * static on, shared on

The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.

Default is: only build static lib.
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9a6e93e7a4 Reserve -1 as an error code (used in programs) 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
844a4c0aef Fix RSASSA-PSS example programs 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
83cdffc437 Forbid sequence number wrapping 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
3c599f11b0 Avoid possible segfault on bad server ciphersuite 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25 Reject certs and CRLs from the future 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
6304f786e0 Add x509_time_future() 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c Fix depend issues in test suites for cipher modes 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
1ec220b002 Add missing #ifdefs in aes.h 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
648656a628 Fix error code in dhm_selftest() 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff Countermeasure against "triple handshake" attack 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
fdf3f0e671 Avoid "unreachable code" warning 2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard
2a2ae642d8 Fix forgotten curves in #ifdef 2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard
6b1e207081 Fix verion-major intolerance 2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard
c9093085ed Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
This reverts commit ab50d8d30c, reversing
changes made to e31b1d992a.
2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard
6df09578bb Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic"
This reverts commit 9eae7aae80.
2014-02-12 09:29:05 +01:00
Paul Bakker
f2561b3f69 Ability to provide alternate timing implementation 2014-02-06 15:32:26 +01:00
Paul Bakker
47703a0a80 More entropy functions made thread-safe (add_source, update_manual, gather) 2014-02-06 15:01:20 +01:00
Paul Bakker
9eae7aae80 Mutex call in x509_crt.c depended on PTHREAD specific instead of generic
threading
2014-02-06 14:51:53 +01:00
Paul Bakker
6a28e722c9 Merged platform compatibility layer 2014-02-06 13:44:19 +01:00
Paul Bakker
0910f32ee3 Fixed compile warning (in test-ref-configs) 2014-02-06 13:41:18 +01:00
Paul Bakker
119602bdde Typo fix in memory_buffer_alloc.c 2014-02-06 13:20:19 +01:00
Paul Bakker
defc0ca337 Migrated the Memory layer to the Platform layer
Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make
sure current code will not break on new version.
2014-02-06 13:20:17 +01:00
Paul Bakker
7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Paul Bakker
747a83a0f7 Platform abstraction layer for memory, printf and fprintf 2014-02-06 13:15:25 +01:00
Paul Bakker
ab50d8d30c Merged RSA-PSS support in Certificate, CSR and CRL 2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard
f07031aa98 debug_ecp: don't print Z, always 1 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
f6dc5e1d16 Remove temporary debug code 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc Print curve name instead of size in debugging
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ab24010b54 Enforce our choice of allowed curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7f38ed0bfa ssl_set_curves is no longer ECDHE only 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
cd49f76898 Make ssl_set_curves() work client-side too. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ac7194133e Renamings and other fixes 2014-02-06 10:28:38 +01:00
Gergely Budai
e40c469ad3 The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[]. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85 Rename ecdh_curve_list to curve_list 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563 Make ssl_set_ecdh_curves() a compile-time option 2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
fbf0915404 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-02-05 17:01:24 +01:00
Paul Bakker
5fb8efe71e Merged HMAC-DRBG code 2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard
6e8e34d61e Fix ecp_gen_keypair()
Too few tries caused failures for some curves (esp. secp224k1)
2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard
b05db2a6aa Save memory by not storing the HMAC key 2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard
cf38367f45 Fix HMAC_DRBG and RIPEMD160 error codes 2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard
446ee6618f Add LCOV_EXCLUDE_LINE on some IO errors 2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard
b3b205e081 Clean up details in ctr_drbg_selftest() 2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard
79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
48bc3e81da Add hmac_drbg_{write,update}_seed_file() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
efc8d8078b Use safer names for macros 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
6e897c2a59 Add more checks and references 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
d742a032f4 Use md_hmac_reset() when possible 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
658dbed080 Add automatic periodic reseeding 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
af786ff6cc Add hmac_drbg_set_prediction_resistance() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
8fc484d1df Add hmac_drbg_reseed() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
4e669c614d Add hmac_drbg_set_entropy_len() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
fe34a5fb83 Add entropy callbacks to HMAC_DRBG 2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard
8208d167da Add hmac_random_with_add() 2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard
7845fc06c9 Use new HMAC_DRBG module for deterministic ECDSA 2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard
490bdf3928 Add minimalistic HMAC_DRBG implementation
(copied from ECDSA)
2014-01-30 10:58:48 +01:00
Paul Bakker
2aca241425 Ready for release 1.3.4 2014-01-27 11:59:30 +01:00
Paul Bakker
42099c3155 Revert "Add pk_rsa_set_padding() and rsa_set_padding()"
This reverts commit b4fae579e8.

Conflicts:
	library/pk.c
	tests/suites/test_suite_pk.data
	tests/suites/test_suite_pk.function
2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard
27b93ade6e Factor common code for printing sig_alg 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5cac583482 Factor out some common code 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
41cae8e1f9 Parse CSRs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5eeb32b552 Parse CRLs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
ce7c6fd433 Fix dependencies 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b7de86d834 More checks for length match in rsassa-pss params 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
3c1e8b539c Finish parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d9fd87be33 Start parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b1d4eb16e4 Basic parsing of certs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Paul Bakker
556efba51c Added AES CFB8 mode 2014-01-24 15:38:12 +01:00
Paul Bakker
80025417eb net_is_block() renamed to net_would_block() and corrected behaviour on
non-blocking sockets

net_would_block() now does not return 1 if the socket is blocking.
2014-01-23 21:00:57 +01:00
Paul Bakker
c2024f4592 Added MPI_CHK around unguarded mpi calls 2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard
8e205fc0bc Fix potential buffer overflow in suported_curves_ext 2014-01-23 17:27:10 +01:00
Paul Bakker
9f3c7d7278 Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det() 2014-01-23 16:11:14 +01:00
Paul Bakker
18e9f3282b Added missing static to md_info_by_size() in ecdsa.c 2014-01-23 16:08:38 +01:00
Paul Bakker
bf98c3dd11 Merged deterministic ECDSA
Conflicts:
	library/ecdsa.c
2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard
dfab4c1193 Add forgotten #ifdef and depends_on 2014-01-22 16:01:06 +01:00
Paul Bakker
5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc Merged support for secp224k1, secp192k1 and secp25k1 2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8 Add pk_rsa_set_padding() and rsa_set_padding() 2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
7c59363a85 Remove a few dead stores 2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard
9e987edf9f Fix potential memory leak in bignum selftest 2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard
fd6a191381 Fix misplaced initialisation.
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard
073f0fa2fb Fix missing error checking in gcm 2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard
280f95bd00 Add #ifs arround ssl_ciphersuite_uses_XXX() 2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard
7cfdcb8c7f Add a length check in ssl_derive_keys() 2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard
9af7d3a35b Add fast reduction for the other Koblitz curves 2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard
8887d8d37c Add mod_p256k1
Makes secp256k1 about 4x faster
2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard
ea499a7321 Add support for secp192k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
0a56c2c698 Fix bug in ecdh_calc_secret()
Only affects curves with nbits != pbits (currently only secp224k1)
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
5304812b2d Fix theoretical compliance issue in ECDSA
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d Add support for secp224k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b Add RIPEMD-160 to the generic MD layer 2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34 Add HMAC support to RIPEMD-160 2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
cab4a8807c Add RIPEMD-160 (core functions) 2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard
9bcff3905b Add OIDs and TLS IDs for prime Koblitz curves 2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard
f51c8fc353 Add support for secp256k1 arithmetic 2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
65ad3e4daf Use deterministic ECDSA in the PK layer 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
5e6edcfd96 Add fallback for md_alg == NONE to ecdsa_sign_det() 2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
937340bce0 Add ecdsa_write_signature_det() 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
f42bca6da0 Little HMAC_DRBG refactoring 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27 Add ecdsa_sign_det() with test vectors 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
461d416892 Add minified HMAC_DRBG for deterministic ECDSA 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
e7072f8d11 Fix theoretical compliance issue in ECDSA
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
c9573998ca Fix unchecked error codes in ecp_gen_keypair() 2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
79f73b96d9 Remove bias in EC private key generation 2014-01-06 10:19:35 +01:00
Paul Bakker
c78c8422c2 Added failure stub for uninitialized POLARSSL_THREADING_ALT functions 2013-12-31 11:55:27 +01:00
Paul Bakker
a8fd3e31ed Removed POLARSSL_THREADING_DUMMY option 2013-12-31 11:54:08 +01:00
Paul Bakker
4de44aa0ae Rewrote check to prevent read of uninitialized data in
rsa_rsassa_pss_verify()
2013-12-31 11:43:01 +01:00
Paul Bakker
6992eb762c Fixed potential overflow in certificate size in ssl_write_certificate() 2013-12-31 11:38:33 +01:00
Paul Bakker
6ea1a95ce8 Added missing MPI_CHK() around some statements 2013-12-31 11:17:14 +01:00
Paul Bakker
5bc07a3d30 Prepped for 1.3.3 2013-12-31 10:57:44 +01:00
Paul Bakker
00f5c52bfe Added cast to socket() return value to prevent Windows warning 2013-12-31 10:45:16 +01:00
Paul Bakker
c73879139e Merged ECP memory usage optimizations 2013-12-31 10:33:47 +01:00
Paul Bakker
53e1513fea Initialize ebx and edx in padlock functions 2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard
26bc1c0f5d Fix a few unchecked return codes in EC 2013-12-30 19:33:33 +01:00
Paul Bakker
93759b048f Made AES-NI bit-size specific key expansion functions static 2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard
9e4191c3e7 Add another option to reduce EC memory usage
Also document speed/memory trade-offs better.
2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard
70896a023e Add statistics about number of allocated blocks 2013-12-30 19:16:05 +01:00
Paul Bakker
ec4bea7eee Forced cast to unsigned int for %u format in ecp_selftest() 2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard
1f789b8348 Lessen peak memory usage in EC by freeing earlier
Cuts peak usage by 25% :)
2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard
72c172a13d Save some small memory allocations inside ecp_mul() 2013-12-30 16:04:55 +01:00
Paul Bakker
f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker
92bcadb110 Removed 'z' length modifier from low-value size_t in ecp_selftest() 2013-12-30 15:37:17 +01:00
Paul Bakker
e7f5133590 Fixed superfluous return value in aesni.c 2013-12-30 15:32:02 +01:00
Paul Bakker
0d0de92156 Only specify done label in aes.c when AES-NI is possible 2013-12-30 15:29:04 +01:00
Paul Bakker
956c9e063d Reduced the input / output overhead with 200+ bytes and covered corner
case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard
d4588cfb6a aesni_gcm_mult() now returns void 2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard
bfa3c9a85f Remove temporary code 2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard
23c2f6fee5 Add AES-NI key expansion for 192 bits 2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard
4a5b995c26 Add AES-NI key expansion for 256 bits 2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard
47a3536a31 Add AES-NI key expansion for 128 bits 2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard
01e31bbffb Add support for key inversion using AES-NI 2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard
80637c7520 Use aesni_gcm_mult() if available 2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard
d333f67f8c Add aesni_gcm_mult() 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
9d57482280 Add comments on GCM multiplication 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
8eaf20b18d Allow detection of CLMUL 2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
5b685653ef Add aesni_crypt_ecb() and use it 2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard
92ac76f9db Add files for (upcoming) AES-NI support 2013-12-25 13:03:26 +01:00
Paul Bakker
1e5369c7fa Variables in proper block or within proper defines in ssl_decrypt_buf() 2013-12-19 16:40:57 +01:00
Paul Bakker
0c0476f92d Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED 2013-12-19 16:20:53 +01:00
Paul Bakker
1a56fc96a3 Fixed x509_crt_parse_path() bug on Windows platforms 2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard
1321135758 Fix MingW version issue 2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard
ee5db1d6b9 Fix typo in previous commit 2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard
6a398d4234 Add missing header for windows 2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard
173402bb61 net_prepare() returns int 2013-12-17 15:57:05 +01:00
Paul Bakker
5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard
fd6b4cc1db Add forgotten SO_REUSEADDR option 2013-12-17 13:59:01 +01:00
Paul Bakker
5ab68ba679 Merged storing curves fully in ROM 2013-12-17 13:11:18 +01:00
Paul Bakker
fdf946928d Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites 2013-12-17 13:10:27 +01:00
Paul Bakker
77e257e958 Fixed bad check for maximum size of fragment length index 2013-12-17 13:09:12 +01:00
Paul Bakker
6c21276342 Place olen initalization after reference check in cipher_update() 2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f Potential memory leak in ssl_ticket_keys_init() 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
6e315a9009 Adapt net_accept() to IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
389ce63735 Add IPv6 support to net_bind() 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
10934de1ca Adapt net_connect() for IPv6 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
2e5c3163db Factor our some code in net.c 2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
5538970d32 Add server support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
d18cc57962 Add client-side support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
cdff3cfda3 Add ecdh_get_params() to import from an EC key 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
25781b22e3 Add ECDH_RSA and ECDH_ECDSA ciphersuites
(not implemented yet)
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
69ab354239 Fix bug from stupid typo 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
14a96c5d8b Avoid wasting memory with some curves 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
95b45b7bb2 Rename macros 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
baee5d4157 Add previously forgotten #ifdef's 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
81e1b102dc Rm a few unneeded variables 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
1f82b041e7 Adapt ecp_group_free() to static constants 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
73cc01d7fa Remove last non-static parts of known EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
731d08b406 Start using constants from ROM for EC groups 2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef Fix SSLv3 handling of SHA-384 suites
Fixes memory corruption, introduced in
a5bdfcd (Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Paul Bakker
fef3c5a652 Fixed typo in POLARSSL_PKCS1_V15 in rsa.c 2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard
93f41dbdfd Fix possible issue in corner-case for ecp_mul_mx() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7a949d3f5b Update comments 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
d962273594 Add #ifdef's for curve types 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7c94d8bcab WIP #ifdef's 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
b6f45a616c Avoid potential leak in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a60fe8943d Add mpi_safe_cond_swap() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
97871ef236 Some operations are not supported with Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
3d7053a2bb Add ecp_mod_p255(): Curve25519 about 4x faster now 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
357ff65a51 Details in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
fe0af405f9 Adapt ecp_gen_keypair() to Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a0179b8c4a Change ecp_mul to handle Curve25519 too 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
312d2e8ea2 Adapt key checking functions for Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
661536677b Add Curve25519 to known groups 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3afa07f05b Add coordinate randomization for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
d9ea82e7d9 Add basic arithmetic for Curve25519 2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3c0b4ea97e Rename a few functions 2013-12-05 15:58:37 +01:00
Paul Bakker
498fd354c6 Added missing inline definition for other platforms to ecp_curves.c 2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard
d5e0fbe1a3 Remove now useless function 2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard
3ee90003c9 Make internal functions static again + cosmetics 2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard
9854fe986b Convert curve constants to binary
Makes source longer but resulting binary smaller
2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard
32b04c1237 Split ecp.c 2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard
43863eeffc Declare internal variables static in ecp.c 2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard
d35e191434 Drop useless include in ecp.c 2013-12-02 16:34:24 +01:00
Paul Bakker
9dc53a9967 Merged client ciphersuite order preference option 2013-12-02 14:56:27 +01:00
Paul Bakker
014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Paul Bakker
4040d7e95c Merged more constant-time checking in RSA 2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245 Add option to respect client ciphersuite order 2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
011a8db2e7 Complete refactoring of ciphersuite choosing 2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard
3252560e68 Move some functions up 2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard
59b81d73b4 Refactor ciphersuite selection for version > 2 2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b Add ecp_curve_info_from_name() 2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6 Add ecp_genkey(), prettier wrapper 2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
27290daf3b Check PKCS 1.5 padding in a more constant-time way
(Avoid branches that depend on secret data.)
2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard
ab44d7ecc3 Check OAEP padding in a more constant-time way 2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard
a5cfc35db2 RSA-OAEP decrypt: reorganise code 2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard
5ad68e42e5 Mutex x509_crt_parse_path() when pthreads is used 2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard
964bf9b92f Quit using readdir_r()
Prone to buffer overflows on some platforms.
2013-11-28 18:07:39 +01:00
Paul Bakker
76f03118c4 Only compile with -Wmissing-declarations and -Wmissing-prototypes in
library, not tests and programs
2013-11-28 17:20:04 +01:00
Paul Bakker
88cd22646c Merged ciphersuite version improvements 2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard
da1ff38715 Don't accept CertificateRequest with PSK suites 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41 Add missing defines/cases for RSA_PSK key exchange 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
c57b654a3e Use t_uint rather than uintXX_t when appropriate 2013-11-26 15:19:56 +01:00
Paul Bakker
3209ce3692 Merged ECP improvements 2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard
20b9af7998 Fix min_version (TLS 1.0) for ECDHE-PSK suites 2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard
a5bdfcde53 Relax some SHA2 ciphersuite's version requirements
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)

Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard
96c7a92b08 Change mpi_safe_cond_assign() for more const-ness 2013-11-25 18:28:53 +01:00
Paul Bakker
e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker
45f457d872 Reverted API change for mpi_is_prime() 2013-11-25 14:26:52 +01:00
Paul Bakker
8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
ddf7615d49 gen_prime: check small primes early (3x speed-up) 2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard
378fb4b70a Split mpi_is_prime() and make its first arg const 2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
0160eacc82 gen_prime: ensure X = 2 mod 3 -> 2.5x speedup 2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard
711507a726 gen_prime: ensure X = 3 mod 4 always (2x speed-up) 2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard
3e3d2b818c Fix bug in mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
918148193d Enhance ecp_selftest 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
d728350cee Make memory access pattern constant 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
aade42fd88 Change method for making M odd in ecp_mul()
- faster
- avoids M >= N (if m = N-1 or N-2)
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
36daa13d76 Misc details 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
469a209334 Rm subtraction from ecp_add_mixed() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
01fca5e882 Do point inversion without leaking information 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601 Add mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
44aab79022 Update bibliographic references 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
7f762319ad Use mpi_shrink() in ecp_precompute() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07 Add mpi_shrink() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
e282012219 Spare some memory 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
edc1a1f482 Small code cleanups 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968 Tighten ecp_mul() validity checks 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
09ceaf49d0 Rm multiplication using NAF
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
04a0225388 Optimize w in the comb method 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
70c14372c6 Add coordinate randomization back 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
c30200e4ce Fix bound issues 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
101a39f55f Improve comb method (less precomputed points) 2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca First version of ecp_mul_comb() 2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Paul Bakker
f2b4d86452 Fixed X.509 hostname comparison (with non-regular characters)
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Steffan Karger
c245834bc4 Link against ZLIB when zlib is used
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:45:48 +01:00
Steffan Karger
28d81a009c Fix pkcs11.c to conform to PolarSSL 1.3 API.
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Paul Bakker
08b028ff0f Prevent unlikely NULL dereference 2013-11-19 10:42:37 +01:00
Paul Bakker
b076314ff8 Makefile now produces a .so.X with SOVERSION in it 2013-11-05 11:27:12 +01:00
Paul Bakker
f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker
0333b978fa Handshake key_cert should be set on first addition to the key_cert chain 2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185 Added defines around renegotiation code for SSL_SRV and SSL_CLI 2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7 Make ssl_renegotiate the only interface
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0 Allow ssl_renegotiate() to be called in a loop
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c Fix misplaced initialisation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker
0d7702c3ee Minor change that makes life easier for static analyzers / compilers 2013-10-29 16:18:35 +01:00
Paul Bakker
6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker
7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c Fix ECDSA corner case: missing reduction mod N
No security issue, can cause valid signatures to be rejected.

Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker
50dc850c52 Const correctness 2013-10-28 21:19:10 +01:00
Paul Bakker
6a6087e71d Added missing inline definition for MSCV and ARM environments 2013-10-28 18:53:08 +01:00
Paul Bakker
7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard
1001e32d6f Fix return value of ecdsa_from_keypair() 2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard
21ef42f257 Don't select a PSK ciphersuite if no key available 2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Paul Bakker
45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard
e68bf171eb Make get_zeros_padding() constant-time 2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard
6c32990114 Make get_one_and_zeros_padding() constant-time 2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard
d17df51277 Make get_zeros_and_len_padding() constant-time 2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a Make get_pkcs_padding() constant-time 2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9 Fix bad error codes 2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
7109624aef Skip MAC computation/check when GCM is used 2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard
8866591cc5 Don't special-case NULL cipher in ssl_tls.c 2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard
126a66f668 Simplify switching on mode in ssl_tls.c 2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard
98d9a2c061 Fix missing or wrong ciphersuite definitions 2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard
6fb0f745be Rank GCM before CBC in ciphersuite_preference 2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard
8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard
e0dca4ad78 Cipher layer: check iv_len more carefully 2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard
dae7093875 gcm_selftest depends on AES 2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard
87181d1deb Add Camellia-GCM to th cipher layer 2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
13e0d449f7 Add Camellia-GCM test vectors
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
9fcceac943 Add a comment about modules coupling 2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard
b21c81fb41 Use less memory in fix_negative() 2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard
cae6f3ed45 Reorganize code in ecp.c 2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard
5779cbe582 Make mod_p{224,256,384] a bit faster
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard
c04c530a98 Make NIST curves optimisation an option 2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard
0f9149cb0a Add mod_p384 2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard
ec655c908c Add mod_p256 2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard
210b458ddc Document and slightly reorganize mod_pXXX 2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard
2a08c0debc mod_p224 now working with 8-bit and 16-bit ints 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
a47e7058ea mod_p224 now endian-neutral 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
e783f06f73 Start working on mod_p224
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8 Make ecp_mod_p521 a bit faster 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
c9e387ca9e Optimize ecp_modp()
Makes it 22% faster, for a 5% gain on ecp_mul()
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd Rework ecp_mod_p192()
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Paul Bakker
6888167e73 Forced cast to prevent MSVC compiler warning 2013-10-15 13:24:01 +02:00
Paul Bakker
5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Paul Bakker
bbc1007c50 Convert SOCKET to int to prevent compiler warnings under MSVC.
From kernel objects at msdn:
    Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.

Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0 Fix bug in psk_identity_hint parsing 2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2 Dependency fixes 2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537 Refactor parse_server_key_exchange a bit 2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
ef0eb1ebd8 Add two missing RSA-PSK ciphersuites 2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard
0fae60bb71 Implement RSA-PSK key exchange 2013-10-14 19:34:48 +02:00
Paul Bakker
be089b0483 Introduced POLARSSL_HAVE_READDIR_R for systems without it 2013-10-14 15:51:50 +02:00
Paul Bakker
b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
057e0cf263 Fix ciphersuites dependencies on MD5 and SHA1 2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2 More *-PSK refactoring 2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449 Factor PSK pms computation to ssl_tls.c 2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65 Fix bugs in ECDHE_PSK key exchange 2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
225d6aa786 Add ECDHE_PSK ciphersuites 2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00 Add support for ECDHE_PSK key exchange 2013-10-11 18:16:35 +02:00
Paul Bakker
b887f1119e Removed return from error_strerror() 2013-10-11 15:24:31 +02:00
Paul Bakker
beccd9f226 Explicit void pointer cast for buggy MS compiler 2013-10-11 15:20:27 +02:00
Paul Bakker
5191e92ecc Added missing x509write_crt_set_version() 2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de threading_set_own() renamed to threading_set_alt() 2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51 Better support for MSVC 2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8 TLS compression only allocates working buffer once 2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246 Possible naming collision in dhm_context 2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c Fixed const-correctness issues 2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard
ae102995a7 RSA blinding: lock for a smaller amount of time 2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard
4d89c7e184 RSA blinding: check highly unlikely cases 2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard
971f8b84bb Fix compile errors with RSA_NO_CRT 2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard
9654fb156f Fix missing MSVC define 2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard
0cd6f98c0f Don't special-case a = -3, not worth it 2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard
b8012fca5f Adjust dependencies 2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard
48ac3db551 Add OIDs for brainpool curves 2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard
0ace4b3154 Use much less variables in ecp_double_jac_gen() 2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard
1c4aa24df1 Add brainpool support for ecp_mul() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cd7458aafd Support brainpool curves in ecp_check_pubkey() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
a070ada6d4 Add brainpool curves to ecp_use_kown_dp() 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cec4a53c98 Add domain parameters for Brainpool curves 2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
8195c1a567 Add identifiers for Brainpool curves 2013-10-10 12:56:00 +02:00
Paul Bakker
c9965dca27 RSA blinding threading support 2013-09-29 15:02:11 +02:00
Paul Bakker
1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker
f4e7dc50ea entropy_func() threading support 2013-09-29 15:02:07 +02:00
Paul Bakker
1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker
c55988406f SSL Cache threading support 2013-09-28 15:24:59 +02:00
Paul Bakker
2466d93546 Threading abstraction layer added 2013-09-28 15:00:02 +02:00
Paul Bakker
bf796acf07 Added implementation for memory_buffer_set_verify() 2013-09-28 11:08:44 +02:00
Paul Bakker
caa3af47c0 Handle missing curve extension correctly in ssl_parse_client_hello() 2013-09-28 11:08:43 +02:00
Paul Bakker
f18084a201 Ready for 1.3.0 release 2013-09-26 10:07:09 +02:00
Paul Bakker
ca9c87ed2b Removed possible cache-timing difference for pad check 2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard
a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard
cb99bdb27e Client: if no cert, send empty cert list 2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard
641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
8372454615 Rework SNI to fix memory issues 2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard
482a2828e4 Offer both EC and RSA in certs.c, RSA first 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
4618459fa1 Update EC certificates in certs.c 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
705fcca409 Adapt support for SNI to recent changes 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
d09453c88c Check our ECDSA cert(s) against supported curves 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f24b4a7316 Interface change in ECP info functions
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f71e587c5e Fix memory leak in ssl cipher usage 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
834ea8587f Change internal structs for multi-cert support 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
164d894b9a Fix: session start time wasn't set server side 2013-09-23 23:00:50 +02:00
Paul Bakker
3cf63edc44 Typo in Windows error code in x509_crt.c 2013-09-23 15:10:16 +02:00
Paul Bakker
c27c4e2efb Support faulty X509 v1 certificates with extensions
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
fe28646f72 Fix references to x509parse in config.h 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
1a483833b3 SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard
34ced2dffe Fix mis-sized buffer
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard
a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
4fee79b885 Fix some more depend issues 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
387a211fad Fix some dependencies in tests 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec Fix some dependencies and warnings in small config 2013-09-19 10:49:00 +02:00
Paul Bakker
5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Paul Bakker
6db455e6e3 PSK callback added to SSL server 2013-09-18 21:14:58 +02:00