Commit Graph

725 Commits

Author SHA1 Message Date
Paul Bakker
fae35f0601 Functions in cipher_wrap.c marked static 2013-03-13 10:33:51 +01:00
Paul Bakker
d1df02a8a3 Functions inside md_wrap.c now marked static 2013-03-13 10:31:31 +01:00
Paul Bakker
ac0fba5389 Added missing header for MD2 and made code compile with missing header
files
2013-03-13 10:28:40 +01:00
Paul Bakker
1bd3ae826c Added md_process() to MD layer for generic internal access to hash
process functions

Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
2013-03-13 10:26:44 +01:00
Paul Bakker
90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker
fb1cbd3cea Fixed assembly code for ARM (Thumb and regular) for some compilers 2013-03-06 18:14:52 +01:00
Paul Bakker
e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
a35aa54967 Fixed whitespaces in ChangeLog 2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker
926c8e49fe Fixed possible NULL pointer exception in ssl_get_ciphersuite() 2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46 Removed timing differences due to bad padding from RSA decrypt for
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
e3e4a59622 Added bugfix line for previous fixes for MS Visual Studio 2013-03-06 18:01:02 +01:00
Paul Bakker
8ea31ff3b5 Added missing typedef for INT64 2013-03-06 18:01:02 +01:00
Paul Bakker
9f2018ea28 Fixed typo in _MSC_VER (double underscore at the start) 2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3 Added conversion to int for a t_uint value to prevent compiler warnings
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5 Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1 Made x509parse.c also work with missing hash header files 2013-02-19 13:17:38 +01:00
Paul Bakker
6deb37e03e Added comments to indicate dependency from PEM on AES, DES and MD5 2013-02-19 13:17:08 +01:00
Paul Bakker
fbb5cf9f59 Fixed typo in base64.h 2013-02-14 11:56:58 +01:00
Paul Bakker
86f04f400b Fixed comment 2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Paul Bakker
c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6 Fixed timing difference resulting from badly formatted padding. 2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
14c56a3378 Updated for PolarSSL 1.2.4 2013-01-25 17:11:37 +01:00
Paul Bakker
9d2bb658fc Added PolarSSL 1.1.5 ChangeLog from 1.1 branch 2013-01-25 16:07:49 +01:00
Paul Bakker
1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae Correctly handle CertificateRequest with empty DN list in <= TLS 1.1 2013-01-22 14:21:49 +01:00
Paul Bakker
f626e1dd28 Fixed comment on maximum tested size for POLARSSL_MPI_MAX_LIMBS 2013-01-21 12:14:17 +01:00
Paul Bakker
21dca69ef0 Handle future version properly in ssl_write_certificate_request() 2013-01-03 11:41:08 +01:00
Paul Bakker
58ef6ec613 Cleaner test-memory cleanups 2013-01-03 11:33:48 +01:00
Paul Bakker
02303e8be4 Moved md_init_ctx() calls around to minimize exit points 2013-01-03 11:08:31 +01:00
Paul Bakker
40628bad98 Memory leak when using RSA_PKCS_V21 operations fixed 2013-01-03 10:50:31 +01:00
Paul Bakker
34558735d2 Inserted bump_version.sh in git repository 2012-11-26 17:18:12 +01:00
Paul Bakker
77d51d7867 Merge branch 'polarssl-1.2' for release of PolarSSL 1.2.3 2012-11-26 16:30:11 +01:00
Paul Bakker
fb1ba781b3 Updated for release 1.2.3 2012-11-26 16:28:25 +01:00
Paul Bakker
bc3d98469f Fixed multiple DN size 2012-11-26 16:12:02 +01:00
Paul Bakker
df5069cb97 Updated for 1.2.2 release 2012-11-24 12:20:19 +01:00
Paul Bakker
3497d8c7bf Do not check sig on trust-ca (might not be top) 2012-11-24 11:53:17 +01:00
Paul Bakker
769075dfb6 Fixed dependency on POLARSSL_SHA4_C in ssl modules 2012-11-24 11:26:46 +01:00
Paul Bakker
1eeceaeac8 More expansive testing 2012-11-23 14:25:34 +01:00
Paul Bakker
78ce507988 Fixed typo 2012-11-23 14:23:53 +01:00
Paul Bakker
91ebfb5272 Made auth_mode as an command line option 2012-11-23 14:04:08 +01:00
Paul Bakker
7c90da9e75 Amended ChangeLog for client authentication fix 2012-11-23 14:02:40 +01:00