Paul Bakker
10a9dd35ea
Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c
2014-04-25 11:27:16 +02:00
Paul Bakker
0767e67d17
Add support for 'emailAddress' to x509_string_to_names()
2014-04-18 14:11:37 +02:00
Paul Bakker
c70e425a73
Only iterate over actual certificates in ssl_write_certificate_request()
2014-04-18 13:50:19 +02:00
Paul Bakker
f4cf80b86f
Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code
2014-04-17 17:24:29 +02:00
Paul Bakker
4f42c11846
Remove arbitrary maximum length for cipher_list and content length
2014-04-17 15:37:39 +02:00
Paul Bakker
d893aef867
Force default value to curve parameter
2014-04-17 14:45:34 +02:00
Paul Bakker
93389cc620
Remove const indicator
2014-04-17 14:44:38 +02:00
Paul Bakker
874bd64b28
Check setsockopt() return value in net_bind()
2014-04-17 12:43:05 +02:00
Paul Bakker
3d8fb63e11
Added missing MPI_CHK around mpi functions
2014-04-17 12:42:41 +02:00
Paul Bakker
a9c16d2825
Removed unused cur variable in x509_string_to_names()
2014-04-17 12:42:18 +02:00
Paul Bakker
0e4f9115dc
Fix iteration counter
2014-04-17 12:39:05 +02:00
Paul Bakker
784b04ff9a
Prepared for version 1.3.6
2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard
9655e4597a
Reject certificates with times not in UTC
2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard
0776a43788
Use UTC to heck certificate validity
2014-04-11 13:59:31 +02:00
Paul Bakker
52c5af7d2d
Merge support for verifying the extendedKeyUsage extension in X.509
2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard
78848375c0
Declare EC constants as 'const'
2014-04-11 13:58:41 +02:00
Paul Bakker
1630058dde
Potential buffer overwrite in pem_write_buffer() fixed
...
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard
0408fd1fbb
Add extendedKeyUsage checking in SSL modules
2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca
Add x509_crt_check_extended_key_usage()
2014-04-11 11:09:00 +02:00
Paul Bakker
d6ad8e949b
Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C
2014-04-09 17:24:14 +02:00
Paul Bakker
a77de8c841
Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off
2014-04-09 16:39:35 +02:00
Paul Bakker
043a2e26d0
Merge verification of the keyUsage extension in X.509 certificates
2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard
a9db85df73
Add tests for keyUsage with client auth
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
490047cc44
Code cosmetics
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
312010e6e9
Factor common parent checking code
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
f93a3c4335
Check the CA bit on trusted CAs too
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
99d4f19111
Add keyUsage checking for CAs
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
3fed0b3264
Factor some common code in x509_verify{,_child}
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2
Check keyUsage in SSL client and server
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
603116c570
Add x509_crt_check_key_usage()
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
2abed84225
Specific return code for PK sig length mismatch
2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard
35e95ddca4
Add special return code for ecdsa length mismatch
2014-04-09 15:49:59 +02:00
Paul Bakker
ddd427a8fc
Fixed spacing in entropy_gather()
2014-04-09 15:49:57 +02:00
Paul Bakker
75342a65e4
Fixed typos in code
2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard
0f79babd4b
Disable timing_selftest() for now
2014-04-09 15:49:51 +02:00
Paul Bakker
17b85cbd69
Merged additional tests and improved code coverage
...
Conflicts:
ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f
Prevent potential NULL pointer dereference in ssl_read_record()
2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard
8c045ef8e4
Fix embarrassing X.509 bug introduced in 9533765
2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae
Implement ALPN server-side
2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
0148875cfc
Add tests and fix bugs for RSA-alt contexts
2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
7e250d4812
Add ALPN interface
2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard
79e58421be
Also test net_usleep in timing_selttest()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33
Add test for dhm_parse_dhmfile
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
7afdb88216
Test and fix x509_oid functions
2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
d6aebe108a
Add 'volatile' to hardclock()'s asm
...
Prevents calls from being optimised away in timing_self_test().
(Should no be a problem for calls from other files.)
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
13a1ef8600
Misc selftest adjustements
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5
Add timing_self_test() with consistency tests
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
487588d0bf
Whitespace fixes
2014-04-04 16:33:01 +02:00
Paul Bakker
e4205dc50a
Merged printing of X509 extensions
2014-04-04 15:36:10 +02:00
Paul Bakker
5ff3f9134b
Small fix for EFI build under Windows in x509_crt.c
2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard
0db29b05b5
More compact code using macros
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0
x509_crt_info() list output cosmectics
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3
Print extended key usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318
Print key_usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855
Print subject alt name in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829
Print NS Cert Type in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f
Start printing extensions in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
74bc68ac62
Fix default #define for malloc/free
2014-04-02 13:20:00 +02:00
Paul Bakker
75a2860f26
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard
dd75c3183b
Remove potential timing leak in ecdsa_sign()
2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard
5b8c409f53
Fix a warning (theoretical uninitialised variable)
2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
969ccc6289
Fix length checking of various ClientKeyExchange's
2014-03-27 21:10:56 +01:00
Paul Bakker
96d5265315
Made ready for release 1.3.5
2014-03-26 16:55:50 +01:00
Paul Bakker
5fff23b92a
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-03-26 15:34:54 +01:00
Paul Bakker
4c284c9141
Removed LCOV directives from code
2014-03-26 15:33:05 +01:00
Paul Bakker
77f4f39ea6
Make sure no random pointer occur during failed malloc()'s
2014-03-26 15:30:20 +01:00
Paul Bakker
db1f05985e
Add a check for buffer overflow to pkcs11_sign()
...
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.
An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)
As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
2014-03-26 15:14:21 +01:00
Paul Bakker
91c61bc4fd
Further tightened the padlen check to prevent underflow / overflow
2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
c042cf0013
Fix broken tests due to changed error code
...
Introduced in 5246ee5c59
2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb
Fix possible buffer overflow with PSK
2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard
fdddac90a6
Fix stupid bug in rsa_copy()
2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard
f84f799bcf
Tune debug_print_ret format
2014-03-26 12:58:46 +01:00
Paul Bakker
b13d3ffb80
Provide no info from entropy_func() on future entropy
2014-03-26 12:51:25 +01:00
Paul Bakker
66ff70dd48
Support for seed file writing and reading in Entropy
2014-03-26 11:58:07 +01:00
Paul Bakker
3f0be61a27
Merged support for parsing EC keys that use SpecifiedECDomain
2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard
9592485d0c
Fix some MSVC12 conversion warnings
2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard
3b6269aa08
Fix warnings on MinGW
2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard
6fac3515d0
Make support for SpecifiedECDomain optional
2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
5246ee5c59
Work around compressed EC public key in some cases
2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
eab20d2a9c
Implement parsing SpecifiedECParameters
2014-03-19 15:51:12 +01:00
Paul Bakker
6c1f69b879
MinGW32 static build should link to windows libs and libz
2014-03-17 15:11:13 +01:00
Paul Bakker
3d6504a935
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard
2eea29238c
Make the compiler work-around more specific
2014-03-14 18:23:26 +01:00
Paul Bakker
a4b0343edf
Merged massive SSL Testing improvements
2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
bb8661e006
Work around a compiler bug on OS X.
2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard
d701c9aec9
Fix memory leak in server with expired tickets
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
84c30c7e83
Fix memory leak in ssl_cache
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
145dfcbfc2
Fix bug with NewSessionTicket and non-blocking I/O
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
96ea2f2557
Add tests for SNI
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
8520dac292
Add tests for auth_mode
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
da6b4d3e8c
Change RSA embedded cert to a localhost cert
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
dfbf9c711d
Fix bug in m_sleep()
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
274a12e17c
Fix bug with ssl_cache and max_entries=0
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
f7c52014ec
Add basic tests for session resumption
2014-03-14 08:41:00 +01:00
hasufell
3c6409b066
CMake: allow to build both shared and static at once
...
This allows for more fine-grained control. Possible combinations:
* static off, shared on
* static on, shared off
* static on, shared on
The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.
Default is: only build static lib.
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9a6e93e7a4
Reserve -1 as an error code (used in programs)
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
844a4c0aef
Fix RSASSA-PSS example programs
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
83cdffc437
Forbid sequence number wrapping
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
3c599f11b0
Avoid possible segfault on bad server ciphersuite
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25
Reject certs and CRLs from the future
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
6304f786e0
Add x509_time_future()
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c
Fix depend issues in test suites for cipher modes
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
1ec220b002
Add missing #ifdefs in aes.h
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
648656a628
Fix error code in dhm_selftest()
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff
Countermeasure against "triple handshake" attack
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
fdf3f0e671
Avoid "unreachable code" warning
2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard
2a2ae642d8
Fix forgotten curves in #ifdef
2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard
6b1e207081
Fix verion-major intolerance
2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard
c9093085ed
Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
...
This reverts commit ab50d8d30c
, reversing
changes made to e31b1d992a
.
2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard
6df09578bb
Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic"
...
This reverts commit 9eae7aae80
.
2014-02-12 09:29:05 +01:00
Paul Bakker
f2561b3f69
Ability to provide alternate timing implementation
2014-02-06 15:32:26 +01:00
Paul Bakker
47703a0a80
More entropy functions made thread-safe (add_source, update_manual, gather)
2014-02-06 15:01:20 +01:00
Paul Bakker
9eae7aae80
Mutex call in x509_crt.c depended on PTHREAD specific instead of generic
...
threading
2014-02-06 14:51:53 +01:00
Paul Bakker
6a28e722c9
Merged platform compatibility layer
2014-02-06 13:44:19 +01:00
Paul Bakker
0910f32ee3
Fixed compile warning (in test-ref-configs)
2014-02-06 13:41:18 +01:00
Paul Bakker
119602bdde
Typo fix in memory_buffer_alloc.c
2014-02-06 13:20:19 +01:00
Paul Bakker
defc0ca337
Migrated the Memory layer to the Platform layer
...
Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make
sure current code will not break on new version.
2014-02-06 13:20:17 +01:00
Paul Bakker
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
Paul Bakker
747a83a0f7
Platform abstraction layer for memory, printf and fprintf
2014-02-06 13:15:25 +01:00
Paul Bakker
ab50d8d30c
Merged RSA-PSS support in Certificate, CSR and CRL
2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard
f07031aa98
debug_ecp: don't print Z, always 1
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
f6dc5e1d16
Remove temporary debug code
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc
Print curve name instead of size in debugging
...
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ab24010b54
Enforce our choice of allowed curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7f38ed0bfa
ssl_set_curves is no longer ECDHE only
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
cd49f76898
Make ssl_set_curves() work client-side too.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ac7194133e
Renamings and other fixes
2014-02-06 10:28:38 +01:00
Gergely Budai
e40c469ad3
The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85
Rename ecdh_curve_list to curve_list
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563
Make ssl_set_ecdh_curves() a compile-time option
2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b
Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
fbf0915404
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-02-05 17:01:24 +01:00
Paul Bakker
5fb8efe71e
Merged HMAC-DRBG code
2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard
6e8e34d61e
Fix ecp_gen_keypair()
...
Too few tries caused failures for some curves (esp. secp224k1)
2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard
b05db2a6aa
Save memory by not storing the HMAC key
2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard
cf38367f45
Fix HMAC_DRBG and RIPEMD160 error codes
2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard
446ee6618f
Add LCOV_EXCLUDE_LINE on some IO errors
2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard
b3b205e081
Clean up details in ctr_drbg_selftest()
2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard
79afaa0551
Add hmac_drbg_selftest()
2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
48bc3e81da
Add hmac_drbg_{write,update}_seed_file()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
efc8d8078b
Use safer names for macros
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
6e897c2a59
Add more checks and references
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
d742a032f4
Use md_hmac_reset() when possible
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
658dbed080
Add automatic periodic reseeding
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
af786ff6cc
Add hmac_drbg_set_prediction_resistance()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
8fc484d1df
Add hmac_drbg_reseed()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
4e669c614d
Add hmac_drbg_set_entropy_len()
2014-01-30 23:17:33 +01:00