Paul Bakker
6f0636a09f
Potential memory leak in ssl_ticket_keys_init()
2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
6e315a9009
Adapt net_accept() to IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
389ce63735
Add IPv6 support to net_bind()
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
10934de1ca
Adapt net_connect() for IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
2e5c3163db
Factor our some code in net.c
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
5538970d32
Add server support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
d18cc57962
Add client-side support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
cdff3cfda3
Add ecdh_get_params() to import from an EC key
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
25781b22e3
Add ECDH_RSA and ECDH_ECDSA ciphersuites
...
(not implemented yet)
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
69ab354239
Fix bug from stupid typo
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
14a96c5d8b
Avoid wasting memory with some curves
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
95b45b7bb2
Rename macros
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
baee5d4157
Add previously forgotten #ifdef's
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
81e1b102dc
Rm a few unneeded variables
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
1f82b041e7
Adapt ecp_group_free() to static constants
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
73cc01d7fa
Remove last non-static parts of known EC groups
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
731d08b406
Start using constants from ROM for EC groups
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef
Fix SSLv3 handling of SHA-384 suites
...
Fixes memory corruption, introduced in
a5bdfcd
(Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Paul Bakker
fef3c5a652
Fixed typo in POLARSSL_PKCS1_V15 in rsa.c
2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard
93f41dbdfd
Fix possible issue in corner-case for ecp_mul_mx()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7a949d3f5b
Update comments
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
d962273594
Add #ifdef's for curve types
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7c94d8bcab
WIP #ifdef's
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
b6f45a616c
Avoid potential leak in ecp_mul_mxz()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a60fe8943d
Add mpi_safe_cond_swap()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
97871ef236
Some operations are not supported with Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
3d7053a2bb
Add ecp_mod_p255(): Curve25519 about 4x faster now
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
357ff65a51
Details in ecp_mul_mxz()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
fe0af405f9
Adapt ecp_gen_keypair() to Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de
Fix bug in mpi_set_bit
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a0179b8c4a
Change ecp_mul to handle Curve25519 too
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
312d2e8ea2
Adapt key checking functions for Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
661536677b
Add Curve25519 to known groups
2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3afa07f05b
Add coordinate randomization for Curve25519
2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
d9ea82e7d9
Add basic arithmetic for Curve25519
2013-12-05 15:58:37 +01:00
Manuel Pégourié-Gonnard
3c0b4ea97e
Rename a few functions
2013-12-05 15:58:37 +01:00
Paul Bakker
498fd354c6
Added missing inline definition for other platforms to ecp_curves.c
2013-12-02 22:17:24 +01:00
Manuel Pégourié-Gonnard
d5e0fbe1a3
Remove now useless function
2013-12-02 17:20:39 +01:00
Manuel Pégourié-Gonnard
3ee90003c9
Make internal functions static again + cosmetics
2013-12-02 17:14:48 +01:00
Manuel Pégourié-Gonnard
9854fe986b
Convert curve constants to binary
...
Makes source longer but resulting binary smaller
2013-12-02 17:07:30 +01:00
Manuel Pégourié-Gonnard
32b04c1237
Split ecp.c
2013-12-02 16:36:11 +01:00
Manuel Pégourié-Gonnard
43863eeffc
Declare internal variables static in ecp.c
2013-12-02 16:34:24 +01:00
Manuel Pégourié-Gonnard
d35e191434
Drop useless include in ecp.c
2013-12-02 16:34:24 +01:00
Paul Bakker
9dc53a9967
Merged client ciphersuite order preference option
2013-12-02 14:56:27 +01:00
Paul Bakker
014f143c2a
Merged EC key generation support
2013-12-02 14:55:09 +01:00
Paul Bakker
4040d7e95c
Merged more constant-time checking in RSA
2013-12-02 14:53:23 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245
Add option to respect client ciphersuite order
2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
011a8db2e7
Complete refactoring of ciphersuite choosing
2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard
3252560e68
Move some functions up
2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard
59b81d73b4
Refactor ciphersuite selection for version > 2
2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b
Add ecp_curve_info_from_name()
2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6
Add ecp_genkey(), prettier wrapper
2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
27290daf3b
Check PKCS 1.5 padding in a more constant-time way
...
(Avoid branches that depend on secret data.)
2013-11-30 13:36:53 +01:00
Manuel Pégourié-Gonnard
ab44d7ecc3
Check OAEP padding in a more constant-time way
2013-11-30 13:13:05 +01:00
Manuel Pégourié-Gonnard
a5cfc35db2
RSA-OAEP decrypt: reorganise code
2013-11-29 11:58:13 +01:00
Manuel Pégourié-Gonnard
5ad68e42e5
Mutex x509_crt_parse_path() when pthreads is used
2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard
964bf9b92f
Quit using readdir_r()
...
Prone to buffer overflows on some platforms.
2013-11-28 18:07:39 +01:00
Paul Bakker
76f03118c4
Only compile with -Wmissing-declarations and -Wmissing-prototypes in
...
library, not tests and programs
2013-11-28 17:20:04 +01:00
Paul Bakker
88cd22646c
Merged ciphersuite version improvements
2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard
da1ff38715
Don't accept CertificateRequest with PSK suites
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41
Add missing defines/cases for RSA_PSK key exchange
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
c57b654a3e
Use t_uint rather than uintXX_t when appropriate
2013-11-26 15:19:56 +01:00
Paul Bakker
3209ce3692
Merged ECP improvements
2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard
20b9af7998
Fix min_version (TLS 1.0) for ECDHE-PSK suites
2013-11-26 14:31:44 +01:00
Manuel Pégourié-Gonnard
a5bdfcde53
Relax some SHA2 ciphersuite's version requirements
...
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)
Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard
96c7a92b08
Change mpi_safe_cond_assign() for more const-ness
2013-11-25 18:28:53 +01:00
Paul Bakker
e4c71f0e11
Merged Prime generation improvements
2013-11-25 14:27:28 +01:00
Paul Bakker
45f457d872
Reverted API change for mpi_is_prime()
2013-11-25 14:26:52 +01:00
Paul Bakker
8fc30b178c
Various const fixes
2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
ddf7615d49
gen_prime: check small primes early (3x speed-up)
2013-11-22 19:58:22 +01:00
Manuel Pégourié-Gonnard
378fb4b70a
Split mpi_is_prime() and make its first arg const
2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
0160eacc82
gen_prime: ensure X = 2 mod 3 -> 2.5x speedup
2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard
711507a726
gen_prime: ensure X = 3 mod 4 always (2x speed-up)
2013-11-22 17:35:28 +01:00
Manuel Pégourié-Gonnard
3e3d2b818c
Fix bug in mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
918148193d
Enhance ecp_selftest
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
d728350cee
Make memory access pattern constant
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
aade42fd88
Change method for making M odd in ecp_mul()
...
- faster
- avoids M >= N (if m = N-1 or N-2)
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
36daa13d76
Misc details
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
469a209334
Rm subtraction from ecp_add_mixed()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
01fca5e882
Do point inversion without leaking information
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601
Add mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
44aab79022
Update bibliographic references
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
7f762319ad
Use mpi_shrink() in ecp_precompute()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07
Add mpi_shrink()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
e282012219
Spare some memory
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
edc1a1f482
Small code cleanups
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968
Tighten ecp_mul() validity checks
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
09ceaf49d0
Rm multiplication using NAF
...
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
04a0225388
Optimize w in the comb method
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
70c14372c6
Add coordinate randomization back
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
c30200e4ce
Fix bound issues
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
101a39f55f
Improve comb method (less precomputed points)
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca
First version of ecp_mul_comb()
2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0
SSL now gracefully handles missing RNG
2013-11-21 17:31:06 +01:00
Paul Bakker
f2b4d86452
Fixed X.509 hostname comparison (with non-regular characters)
...
In situations with 'weird' certificate names or hostnames (containing
non-western allowed names) the check would falsely report a name or
wildcard match.
2013-11-21 17:30:23 +01:00
Steffan Karger
c245834bc4
Link against ZLIB when zlib is used
...
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:45:48 +01:00
Steffan Karger
28d81a009c
Fix pkcs11.c to conform to PolarSSL 1.3 API.
...
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Paul Bakker
08b028ff0f
Prevent unlikely NULL dereference
2013-11-19 10:42:37 +01:00
Paul Bakker
b076314ff8
Makefile now produces a .so.X with SOVERSION in it
2013-11-05 11:27:12 +01:00
Paul Bakker
f4dc186818
Prep for PolarSSL 1.3.2
2013-11-04 17:29:42 +01:00
Paul Bakker
0333b978fa
Handshake key_cert should be set on first addition to the key_cert chain
2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185
Added defines around renegotiation code for SSL_SRV and SSL_CLI
2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7
Make ssl_renegotiate the only interface
...
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0
Allow ssl_renegotiate() to be called in a loop
...
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c
Fix misplaced initialisation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Paul Bakker
0d7702c3ee
Minor change that makes life easier for static analyzers / compilers
2013-10-29 16:18:35 +01:00
Paul Bakker
6edcd41c0a
Addition conditions for UEFI environment under MSVC
2013-10-29 15:44:13 +01:00
Paul Bakker
7b0be68977
Support for serialNumber, postalAddress and postalCode in X509 names
2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
178d9bac3c
Fix ECDSA corner case: missing reduction mod N
...
No security issue, can cause valid signatures to be rejected.
Reported by DualTachyon on github.
2013-10-29 13:40:17 +01:00
Paul Bakker
60b1d10131
Fixed spelling / typos (from PowerDNS:codespell)
2013-10-29 10:02:51 +01:00
Paul Bakker
50dc850c52
Const correctness
2013-10-28 21:19:10 +01:00
Paul Bakker
6a6087e71d
Added missing inline definition for MSCV and ARM environments
2013-10-28 18:53:08 +01:00
Paul Bakker
7bc745b6a1
Merged constant-time padding checks
2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d
Merged optimizations for MODP NIST curves
2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard
1001e32d6f
Fix return value of ecdsa_from_keypair()
2013-10-28 14:01:08 +01:00
Manuel Pégourié-Gonnard
21ef42f257
Don't select a PSK ciphersuite if no key available
2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d
X509 key identifiers depend on SHA1
2013-10-28 13:58:32 +01:00
Paul Bakker
45a2c8d99a
Prevent possible alignment warnings on casting from char * to 'aligned *'
2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472
Server does not send out extensions not advertised by client
2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard
e68bf171eb
Make get_zeros_padding() constant-time
2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard
6c32990114
Make get_one_and_zeros_padding() constant-time
2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard
d17df51277
Make get_zeros_and_len_padding() constant-time
2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a
Make get_pkcs_padding() constant-time
2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9
Fix bad error codes
2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
7109624aef
Skip MAC computation/check when GCM is used
2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard
8866591cc5
Don't special-case NULL cipher in ssl_tls.c
2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard
126a66f668
Simplify switching on mode in ssl_tls.c
2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard
98d9a2c061
Fix missing or wrong ciphersuite definitions
2013-10-25 18:03:18 +02:00
Manuel Pégourié-Gonnard
6fb0f745be
Rank GCM before CBC in ciphersuite_preference
2013-10-25 17:08:15 +02:00
Manuel Pégourié-Gonnard
8d01eea7af
Add Camellia-GCM ciphersuites
2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard
e0dca4ad78
Cipher layer: check iv_len more carefully
2013-10-24 17:03:39 +02:00
Manuel Pégourié-Gonnard
dae7093875
gcm_selftest depends on AES
2013-10-24 15:06:33 +02:00
Manuel Pégourié-Gonnard
87181d1deb
Add Camellia-GCM to th cipher layer
2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
13e0d449f7
Add Camellia-GCM test vectors
...
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
9fcceac943
Add a comment about modules coupling
2013-10-23 20:56:12 +02:00
Manuel Pégourié-Gonnard
b21c81fb41
Use less memory in fix_negative()
2013-10-23 20:45:04 +02:00
Manuel Pégourié-Gonnard
cae6f3ed45
Reorganize code in ecp.c
2013-10-23 20:19:57 +02:00
Manuel Pégourié-Gonnard
5779cbe582
Make mod_p{224,256,384] a bit faster
...
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
2013-10-23 20:17:00 +02:00
Manuel Pégourié-Gonnard
c04c530a98
Make NIST curves optimisation an option
2013-10-23 16:11:52 +02:00
Manuel Pégourié-Gonnard
0f9149cb0a
Add mod_p384
2013-10-23 15:06:37 +02:00
Manuel Pégourié-Gonnard
ec655c908c
Add mod_p256
2013-10-23 14:50:39 +02:00
Manuel Pégourié-Gonnard
210b458ddc
Document and slightly reorganize mod_pXXX
2013-10-23 14:27:58 +02:00
Manuel Pégourié-Gonnard
2a08c0debc
mod_p224 now working with 8-bit and 16-bit ints
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
a47e7058ea
mod_p224 now endian-neutral
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
e783f06f73
Start working on mod_p224
...
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8
Make ecp_mod_p521 a bit faster
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
c9e387ca9e
Optimize ecp_modp()
...
Makes it 22% faster, for a 5% gain on ecp_mul()
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd
Rework ecp_mod_p192()
...
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Paul Bakker
6888167e73
Forced cast to prevent MSVC compiler warning
2013-10-15 13:24:01 +02:00
Paul Bakker
5c17ccdf2a
Bumped version to 1.3.1
2013-10-15 13:12:41 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Paul Bakker
bbc1007c50
Convert SOCKET to int to prevent compiler warnings under MSVC.
...
From kernel objects at msdn:
Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.
Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2013-10-15 11:55:57 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0
Fix bug in psk_identity_hint parsing
2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2
Dependency fixes
2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537
Refactor parse_server_key_exchange a bit
2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
ef0eb1ebd8
Add two missing RSA-PSK ciphersuites
2013-10-14 19:34:48 +02:00
Manuel Pégourié-Gonnard
0fae60bb71
Implement RSA-PSK key exchange
2013-10-14 19:34:48 +02:00
Paul Bakker
be089b0483
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2013-10-14 15:51:50 +02:00
Paul Bakker
b9cfaa0c7f
Explicit conversions and minor changes to prevent MSVC compiler warnings
2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
057e0cf263
Fix ciphersuites dependencies on MD5 and SHA1
2013-10-14 14:26:04 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2
More *-PSK refactoring
2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449
Factor PSK pms computation to ssl_tls.c
2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65
Fix bugs in ECDHE_PSK key exchange
2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
225d6aa786
Add ECDHE_PSK ciphersuites
2013-10-11 19:07:56 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00
Add support for ECDHE_PSK key exchange
2013-10-11 18:16:35 +02:00
Paul Bakker
b887f1119e
Removed return from error_strerror()
2013-10-11 15:24:31 +02:00
Paul Bakker
beccd9f226
Explicit void pointer cast for buggy MS compiler
2013-10-11 15:20:27 +02:00
Paul Bakker
5191e92ecc
Added missing x509write_crt_set_version()
2013-10-11 10:54:28 +02:00
Paul Bakker
b7c13123de
threading_set_own() renamed to threading_set_alt()
2013-10-11 10:51:32 +02:00
Paul Bakker
4aa40d4f51
Better support for MSVC
2013-10-11 10:49:24 +02:00
Paul Bakker
b799dec4c0
Merged support for Brainpool curves and ciphersuites
2013-10-11 10:05:43 +02:00
Paul Bakker
1677033bc8
TLS compression only allocates working buffer once
2013-10-11 09:59:44 +02:00
Paul Bakker
d61cc3b246
Possible naming collision in dhm_context
2013-10-11 09:38:49 +02:00
Paul Bakker
fcc172138c
Fixed const-correctness issues
2013-10-11 09:38:06 +02:00
Manuel Pégourié-Gonnard
ae102995a7
RSA blinding: lock for a smaller amount of time
2013-10-11 09:19:12 +02:00
Manuel Pégourié-Gonnard
4d89c7e184
RSA blinding: check highly unlikely cases
2013-10-11 09:18:27 +02:00
Manuel Pégourié-Gonnard
971f8b84bb
Fix compile errors with RSA_NO_CRT
2013-10-11 09:18:16 +02:00
Manuel Pégourié-Gonnard
9654fb156f
Fix missing MSVC define
2013-10-11 09:17:14 +02:00
Manuel Pégourié-Gonnard
0cd6f98c0f
Don't special-case a = -3, not worth it
2013-10-10 15:55:39 +02:00
Manuel Pégourié-Gonnard
b8012fca5f
Adjust dependencies
2013-10-10 15:40:49 +02:00
Manuel Pégourié-Gonnard
48ac3db551
Add OIDs for brainpool curves
2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard
0ace4b3154
Use much less variables in ecp_double_jac_gen()
2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard
1c4aa24df1
Add brainpool support for ecp_mul()
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cd7458aafd
Support brainpool curves in ecp_check_pubkey()
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
a070ada6d4
Add brainpool curves to ecp_use_kown_dp()
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
cec4a53c98
Add domain parameters for Brainpool curves
2013-10-10 12:56:00 +02:00
Manuel Pégourié-Gonnard
8195c1a567
Add identifiers for Brainpool curves
2013-10-10 12:56:00 +02:00
Paul Bakker
c9965dca27
RSA blinding threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
1337affc91
Buffer allocator threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
f4e7dc50ea
entropy_func() threading support
2013-09-29 15:02:07 +02:00
Paul Bakker
1ffefaca1e
Introduced entropy_free()
2013-09-29 15:01:42 +02:00
Paul Bakker
c55988406f
SSL Cache threading support
2013-09-28 15:24:59 +02:00
Paul Bakker
2466d93546
Threading abstraction layer added
2013-09-28 15:00:02 +02:00
Paul Bakker
bf796acf07
Added implementation for memory_buffer_set_verify()
2013-09-28 11:08:44 +02:00
Paul Bakker
caa3af47c0
Handle missing curve extension correctly in ssl_parse_client_hello()
2013-09-28 11:08:43 +02:00
Paul Bakker
f18084a201
Ready for 1.3.0 release
2013-09-26 10:07:09 +02:00
Paul Bakker
ca9c87ed2b
Removed possible cache-timing difference for pad check
2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard
a0fdf8b0a0
Simplify the way default certs are used
2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard
cb99bdb27e
Client: if no cert, send empty cert list
2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard
641de714b6
Use both RSA and ECDSA CA if available
2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
8372454615
Rework SNI to fix memory issues
2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard
482a2828e4
Offer both EC and RSA in certs.c, RSA first
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
4618459fa1
Update EC certificates in certs.c
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
705fcca409
Adapt support for SNI to recent changes
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
d09453c88c
Check our ECDSA cert(s) against supported curves
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f24b4a7316
Interface change in ECP info functions
...
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f71e587c5e
Fix memory leak in ssl cipher usage
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52
Add support for multiple server certificates
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
834ea8587f
Change internal structs for multi-cert support
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861
RSA and ECDSA key exchanges don't depend on CRL
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
164d894b9a
Fix: session start time wasn't set server side
2013-09-23 23:00:50 +02:00
Paul Bakker
3cf63edc44
Typo in Windows error code in x509_crt.c
2013-09-23 15:10:16 +02:00
Paul Bakker
c27c4e2efb
Support faulty X509 v1 certificates with extensions
...
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
fe28646f72
Fix references to x509parse in config.h
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
1a483833b3
SSL_TLS doesn't depend on PK any more
...
(But PK does depend on RSA or ECP.)
2013-09-20 12:29:15 +02:00
Manuel Pégourié-Gonnard
34ced2dffe
Fix mis-sized buffer
...
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
2013-09-20 11:37:39 +02:00
Manuel Pégourié-Gonnard
a7496f00ff
Fix a few more warnings in small configurations
2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
4fee79b885
Fix some more depend issues
2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
387a211fad
Fix some dependencies in tests
2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec
Fix some dependencies and warnings in small config
2013-09-19 10:49:00 +02:00
Paul Bakker
5ad403f5b5
Prepared for 1.3.0 RC0
2013-09-18 21:21:30 +02:00
Paul Bakker
6db455e6e3
PSK callback added to SSL server
2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard
ff29f9c825
Compute public key if absent when reading EC key
2013-09-18 16:13:02 +02:00
Manuel Pégourié-Gonnard
da179e4870
Add ecp_curve_list(), hide ecp_supported_curves
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
dace82f805
Refactor cipher information management
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a310459f5c
Fix a few things that broke with RSA compiled out
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
161ef968db
Cache pre-computed points for ecp_mul()
...
Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a
preparation for fixed-point mult (a few prototypes changed in constness).
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e
Add human-friendly name in ecp_curve_info
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a79d123a55
Make ecp_supported_curves constant
2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
51451f8d26
Replace EC flag with ssl_ciphersuite_uses_ec()
2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
c83e418149
Prepare for ECDH point blinding just in case
2013-09-18 14:35:54 +02:00
Manuel Pégourié-Gonnard
c972770f78
Prepare ecp_group for future extensions
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
456d3b9b0b
Make ECP error codes more specific
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
568c9cf878
Add ecp_supported_curves and simplify some code
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
7038039f2e
Dissociate TLS and internal EC curve identifiers
...
Allows to add new curves before they get a TLS number
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
a97c015f89
Rm useless/wrong DHM lenght test
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
4cf0686d6d
Remove spurious '+ 3' in ecdsa_write_signature()
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
dd0f57f186
Check key size in cipher_setkey()
2013-09-18 14:34:32 +02:00
Paul Bakker
b6b0956631
Rm of memset instead of x509_crt_init()
2013-09-18 14:32:52 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
9556d3d650
Renamed x509_crt_write.c and x509_csr_write.c
2013-09-18 13:50:13 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e
Generalized function names of x509 functions not parse-specific
...
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211
Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
2013-09-17 14:36:05 +02:00
Paul Bakker
36713e8ed9
Fixed bunch of X509_PARSE related defines / dependencies
2013-09-17 13:25:29 +02:00
Paul Bakker
e9e6ae338b
Moved x509_self_test() from x509_crt.c to x509.c and fixed mem-free bug
2013-09-16 22:55:51 +02:00
Paul Bakker
da7711594e
Changed pk_parse_get_pubkey() to pk_parse_subpubkey()
2013-09-16 22:45:03 +02:00
Paul Bakker
d1a983fe77
Removed x509parse key functions and moved them to compat-1.2.h
2013-09-16 22:26:53 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39
POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C
2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0
Move *_pemify() function to PEM module
2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6
Moved DHM parsing from X509 module to DHM module
2013-09-15 17:43:54 +02:00
Paul Bakker
3e41fe8938
Remove printf when RSA selftest is skipped
2013-09-15 17:42:50 +02:00
Paul Bakker
dce7fdcbc9
Fixed warnings in case POLARSSL_PEM_C is not defined
2013-09-15 17:15:26 +02:00
Paul Bakker
2292d1fad0
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
2013-09-15 17:06:49 +02:00
Paul Bakker
4606c7317b
Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C
2013-09-15 17:04:23 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2
Make CBC an option, step 2: cipher layer
2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
f7dc378ead
Make CBC an option, step 1: ssl ciphersuites
2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard
b72b4edec1
Fix memory leak in DHM
2013-09-13 13:55:26 +02:00
Manuel Pégourié-Gonnard
4fe9200f47
Fix memory leak in GCM by adding gcm_free()
2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard
735b8fcb0b
Fix blunder in 8a109f1
2013-09-13 12:57:23 +02:00
Paul Bakker
9013af76a3
Merged major refactoring of x509write module into development
...
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
bb323ffc7c
Complete EC support in x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2
Add missing f_rng/p_rng arguments to x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
53c642504e
Use PK internally for x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5
Convert x509write_crt interface to PK
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d
Add EC support to x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4
Add test for x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
0088c69fbf
Complete x509write_csr support for EC key
...
No automated test yet (complicated by the fact that ECDSA signatures are not
deterministic), tested using cert_req (and openssl for verification).
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
edda9041fc
Adapt asn1_write_algorithm_identifier() to params
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e
Add EC support to x509write_pubkey
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb
Adapt x509write_pubkey interface to use PK
...
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f
Adapt x509write_csr prototypes for PK
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
8053da4057
x509write_csr() now fully using PK internally
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
d4eb5b5196
Add references
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
27d87fa6c4
Fix many off-by-one errors
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
6dcf0bfcf4
Use x509write_pubkey_der() when applicable
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
5353a03eb9
x509write_csr using PK internally (WIP)
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
85dfe08b31
Merge duplicated else/#else branch
2013-09-12 11:57:00 +02:00
Paul Bakker
18f0341aed
Typo in comments in ctr_drbg.c
2013-09-11 11:05:56 +02:00
Manuel Pégourié-Gonnard
da7317ed00
Use asn1_free_named_data_list() when relevant
2013-09-10 15:52:52 +02:00
Paul Bakker
c0dcf0ceb1
Merged blinding additions for EC, RSA and DHM into development
2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7
Merged GCM refactoring into development
...
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Paul Bakker
2a6a3a7e69
Better checking on cipher_info_from_values()
2013-09-10 14:29:28 +02:00
Paul Bakker
a0558e0484
Check that the cipher GCM receives is a 128-bit-based cipher
2013-09-10 14:25:51 +02:00
Manuel Pégourié-Gonnard
8a109f106d
Optimize RSA blinding by caching-updating values
2013-09-10 13:55:36 +02:00
Manuel Pégourié-Gonnard
ea53a55c0f
Refactor to prepare for RSA blinding optimisation
2013-09-10 13:55:35 +02:00
Paul Bakker
1c3853b953
oid_get_oid_by_*() now give back oid length as well
2013-09-10 11:43:44 +02:00
Paul Bakker
003dbad250
Fixed file descriptor leak in x509parse_crtpath()
2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8
x509_verify() now case insensitive for cn (RFC 6125 6.4)
2013-09-09 17:21:45 +02:00
Paul Bakker
f9f377e652
CSR Parsing (without attributes / extensions) implemented
2013-09-09 15:35:10 +02:00
Paul Bakker
d4bf870ff5
Allow spaces after the comma when converting X509 names
2013-09-09 13:59:11 +02:00
Paul Bakker
52be08c299
Added support for writing Key Usage and NS Cert Type extensions
2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684
Changes x509_csr to x509write_csr
2013-09-09 12:38:45 +02:00
Paul Bakker
5f45e62afe
Migrated from x509_req_name to asn1_named_data structure
2013-09-09 12:02:36 +02:00
Paul Bakker
c547cc992e
Added generic asn1_free_named_data_list()
2013-09-09 12:01:23 +02:00
Paul Bakker
59ba59fa30
Generalized x509_set_extension() behaviour to asn1_store_named_data()
2013-09-09 11:34:44 +02:00
Paul Bakker
43aff2aec4
Moved GCM to use cipher layer instead of AES directly
2013-09-09 00:10:27 +02:00
Paul Bakker
f46b6955e3
Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode)
2013-09-09 00:08:26 +02:00
Paul Bakker
5e0efa7ef5
Added POLARSSL_MODE_ECB to the cipher layer
2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard
9f5a3c4a0a
Fix possible memory error.
2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard
bfb355c33b
Fix memory leak on missed session reuse
2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard
bc4b7f08ba
Fix possible race in ssl_list_ciphersuites()
...
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
2013-09-08 20:07:48 +02:00
Paul Bakker
9c208aabc8
Use ASN1_UTC_TIME in some cases
2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard
032c34e206
Don't use DH blinding for ephemeral DH
2013-09-07 13:06:27 +02:00
Paul Bakker
15162a054a
Writing of X509v3 extensions supported
...
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
329def30c5
Added asn1_write_bool()
2013-09-06 16:34:38 +02:00
Paul Bakker
9397dcb0e8
Base X509 certificate writing functinality
2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
d13a4099dd
GCM ciphersuites using only cipher layer
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
b8bd593741
Restrict cipher_update() for GCM
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
226d5da1fc
GCM ciphersuites partially using cipher layer
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b
Cipher: test multiple cycles
...
GCM-cipher: just trust the user to call update_ad at the right time
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae
Simplify DH blinding a bit
2013-09-04 17:18:28 +02:00
Paul Bakker
45125bc160
Changes to handle merged enhancements
2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard
143b5028a5
Implement DH blinding
2013-09-04 16:29:59 +02:00
Paul Bakker
c049955b32
Merged new cipher layer enhancements
2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard
2d627649bf
Change dhm_calc_secret() prototype
2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
ce4112538c
Fix RC4 key length in cipher
2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard
83f3fc0d77
Add AES-192-GCM
2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard
43a4780b03
Ommit AEAD functions if GCM not defined
2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98
Split tag handling out of cipher_finish()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346
Split cipher_update_ad() out or cipher_reset()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
a235b5b5bd
Fix iv_len interface.
...
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard
9c853b910c
Split cipher_set_iv() out of cipher_reset()
2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
07de4b1d08
Implement randomized coordinates in ecp_mul()
2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard
c75c56fef7
Fix off-by-one error in ecdsa_write_signature()
...
Made some signature fail with 521-bit curve
2013-09-02 16:25:37 +02:00
Paul Bakker
ea6ad3f6e5
ARC4 ciphersuites using only cipher layer
2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard
e09d2f8261
Change ecp_mul() prototype to allow randomization
...
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker
eb851f6cd5
Merged current cipher enhancements for ARC4 and AES-GCM
2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard
9241be7ac5
Change cipher prototypes for GCM
2013-08-31 18:07:42 +02:00
Paul Bakker
cca5b81d18
All CBC ciphersuites via the cipher layer
2013-08-31 17:40:26 +02:00
Paul Bakker
da02a7f45e
AES_CBC ciphersuites now run purely via cipher layer
2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard
20d6a17af9
Make GCM tag check "constant-time"
2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69
GCM in the cipher layer, step 1
...
- no support for additional data
- no support for tag
2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de
Handle NULL as a stream cipher for more uniformity
2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022
Add arc4 support in the cipher layer
2013-08-30 17:11:28 +02:00
Paul Bakker
f451bac000
Blinding RSA only active when f_rng is provided
2013-08-30 15:48:53 +02:00
Paul Bakker
48377d9834
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
2013-08-30 13:41:14 +02:00
Paul Bakker
aab30c130c
RSA blinding added for CRT operations
2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49
Refactored RSA to have random generator in every RSA operation
...
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80
Merged refactored x509write module into development
2013-08-28 16:32:51 +02:00
Paul Bakker
9659dae046
Some extra code defined out
2013-08-28 16:21:34 +02:00
Manuel Pégourié-Gonnard
c852a68b96
More robust selection of ctx_enc size
2013-08-28 13:13:30 +02:00
Manuel Pégourié-Gonnard
cffe4a65bd
Move "constant" code outside a loop
2013-08-28 13:13:20 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
57a8783364
Make more room for ciphersuites
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
db77175e99
Make ecdsa_verify() return value more explicit
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9cc6f5c61b
Fix some hash debugging
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
4bd1284f59
Fix ECDSA hash selection bug with TLS 1.0 and 1.1
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9c9812a299
Fix bug introduced in dbf69cf
...
(Was writing outside array bounds.)
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
df0142bd17
Fix some dependencies in tests
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
2fb15f694c
Un-rename ssl_set_own_cert_alt()
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50
Allow compiling without RSA or DH
...
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
ee98f8e7a3
Add EC certificates in certs.c
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
f484282e96
Rm a few unneeded tests
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
d11eb7c789
Fix sig_alg extension on client.
...
Temporary solution on server.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b
pk_{sign,verify}() now accept hash_len = 0
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
c40b4c3708
Add configuration item for the PK module
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440
Merge code for RSA and ECDSA in SSL
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21
Use the new PK RSA-alt interface
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
12c1ff0ecb
Add RSA-alt to the PK layer
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007
Add and use pk_encrypt(), pk_decrypt()
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178
Introduce pk_sign() and use it in ssl
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401
Fix some return values
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77
Add client support for ECDSA client auth
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
abae74c4a0
Add server support for ECDHE_ECDSA key exchange
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e
Check key type against selected key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50
Add client support for ECDHE_ECDSA key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394
Refactor ssl_parse_server_key_exchange() a bit
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127
Declare ECDSA key exchange and ciphersuites
...
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
0b03200e96
Add server-side support for ECDSA client auth
2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
2013-08-27 15:06:54 +02:00
Paul Bakker
9852d00de6
Moved asn1write funtions to use asn1_write_raw_buffer()
2013-08-26 17:56:37 +02:00
Paul Bakker
7accbced87
Doxygen documentation added to asn1write.h
2013-08-26 17:37:18 +02:00
Paul Bakker
f3df61ad10
Generalized PEM writing in x509write module for RSA keys as well
2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70
Move PEM conversion of DER data to x509write module
2013-08-26 17:37:18 +02:00
Paul Bakker
624d03a3f7
Fixed length of key_usage bitstring to 7 bits
2013-08-26 17:37:18 +02:00
Paul Bakker
1c0e550e21
Added support for Netscape Certificate Types in CSR writing
...
Further generalization of extension adding / replacing in the CSR
structure
2013-08-26 17:37:18 +02:00
Paul Bakker
e5eae76bf0
Generalized the x509write_csr_set_key_usage() function and key_usage
...
storage
2013-08-26 17:37:18 +02:00
Paul Bakker
6db915b5a9
Added asn1_write_raw_buffer()
2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard
0a20171d52
Fix compiler warning from gcc -Os
2013-08-26 14:31:43 +02:00
Manuel Pégourié-Gonnard
70f1768b9d
Make two format strings literal
...
Fixes clang warning
2013-08-26 14:31:33 +02:00
Manuel Pégourié-Gonnard
c6554aab3d
Check length of session tickets we write
2013-08-26 14:26:33 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5
Move verify_result from ssl_context to session
2013-08-26 14:26:02 +02:00
Paul Bakker
fde4270186
Added support for writing key_usage extension
2013-08-25 14:47:27 +02:00
Paul Bakker
598e450538
Added asn1_write_bitstring() and asn1_write_octet_string()
2013-08-25 14:46:39 +02:00
Paul Bakker
0e06c0fdb4
Assigned error codes to the error defines
2013-08-25 11:21:30 +02:00
Paul Bakker
82e2945ed2
Changed naming and prototype convention for x509write functions
...
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
2130796658
Switched order of storing x509_req_names to match inputed order
2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461
Rewrote x509 certificate request writing to use structure for storing
2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
fff80f8879
PK: use NULL for unimplemented operations
2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard
f73da02962
PK: change pk_verify arguments (md_info "optional")
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ab46694558
Change pk_set_type to pk_init_ctx for consistency
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ac4cd36297
PK rsa_verify: check signature length
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
15699380e5
Small PK cleanups
...
- better error codes
- rm now-useless include
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c
PK: rename members for consistency CIPHER, MD
...
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
09162ddcaa
PK: reuse some eckey functions for ecdsa
...
Also add some forgotten 'static' while at it.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
c6ac8870d5
Nicer interface between PK and debug.
...
Finally get rid of pk_context.type member, too.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
b3d9187cea
PK: add nice interface functions
...
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
765db07dfb
PK: use alloc and free function pointers
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3053f5bcb4
Get rid of pk_wrap_rsa()
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f8c948a674
Add name and get_size() members in PK
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
835eb59c6a
PK: fix support for ECKEY_DH
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f18c3e0378
Add a PK can_do() method and simplify code
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
d73b3c13be
PK: use wrappers and function pointers for verify
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f499993cb2
Add ecdsa_from_keypair()
...
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
cc0a9d040d
Fix const-correctness of rsa_*_verify()
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f84b4d6498
Check sig_pk for signature verification
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
96d5912088
Implement EC cert and crl verification
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
211a64c79f
Add eckey to ecdsa conversion in the PK layer
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
b4d69c41f8
Prepare for EC cert & crl validation
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
e09631b7c4
Create ecp_group_copy() and use it
2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
8eebd012b9
Add an ecdsa_genkey() function
2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard
b694b4896c
Add ecdsa_{read,write}_signature()
2013-08-20 20:04:16 +02:00
Paul Bakker
3a074a7996
Actually skip certificate if we do not understand hash type
2013-08-20 12:45:03 +02:00
Paul Bakker
dc4baf11ab
Removed errant printf in x509parse_self_test()
2013-08-20 12:44:33 +02:00
Paul Bakker
42c3ccf36e
Fixed potential negative value misinterpretation in load_file()
2013-08-19 14:29:31 +02:00
Paul Bakker
75c1a6f97c
Fixed potential heap buffer overflow on large hostname setting
2013-08-19 14:25:29 +02:00
Paul Bakker
694d3aeb47
Fixed potential heap buffer overflow on large file reading
2013-08-19 14:23:38 +02:00
Paul Bakker
5fd4917d97
Add missing ifdefs in ssl modules
2013-08-19 13:30:28 +02:00
Paul Bakker
04376b1419
Fixed memory leak in ssl_parse_server_key_exchange from missing
...
md_free_ctx()
2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard
298aae4524
Adapt core OID functions to embeded null bytes
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
c13c0d4524
Add a length check in rsa_get_pubkey()
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
56a487a17f
Minor ecdsa cleanups
...
- point_format is of no use
- d was init'ed and free'd twice
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
686bfae244
Fix memory error in x509_get_attr_type_value
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
ba77bbf840
Fix memory error in asn1_get_alg()
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
06dab806ce
Fix memory error in asn1_get_bitstring_null()
...
When *len is 0, **p would be read, which is out of bounds.
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
0b2726732e
Fix ifdef conditions for EC-related extensions.
...
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358
Actually use the point format selected for ECDH
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
7b19c16b74
Handle suported_point_formats in ServerHello
2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
6b8846d929
Stop advertising support for compressed points
...
(We can only write them, not read them.)
2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
606b4ba20f
Session ticket expiration checked on server
2013-08-15 11:42:48 +02:00
Paul Bakker
f0e39acb58
Fixed unitialized n when resuming a session
2013-08-15 11:40:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
56dc9e8bba
Authenticate session tickets.
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
990c51a557
Encrypt session tickets
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
779e42982c
Start adding ticket keys (only key_name for now)
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
306827e3bc
Prepare ticket structure for securing
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37
Fix reusing session more than once
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
593058e35e
Don't renew ticket when the current one is OK
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
c086cce3d3
Don't cache empty session ID nor resumed session
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7cd5924cec
Rework NewSessionTicket handling in state machine
...
Fixes bug: NewSessionTicket was ommited in resumed sessions.
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
3ffa3db80b
Fix server session ID handling with ticket
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
72882b2079
Relax limit on ClientHello size
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
609bc81a76
ssl_srv: read & write ticket, unsecure for now
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
94f6a79cde
Auxiliary functions to (de)serialize ssl_session
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7a358b8580
ssl_srv: write & parse session ticket ext & msg
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
6377e41ef5
Complete client support for session tickets
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7
Parse NewSessionTicket message
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989
ssl_cli: write & parse session ticket extension
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
75d440192c
Introduce ticket field in session structure
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
5f280cc6cf
Implement saving peer cert as part of session.
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
747180391d
Add ssl_get_session() to save session on client
2013-08-14 14:08:03 +02:00
Paul Bakker
48e93c84b7
Made padding modes configurable from config.h
2013-08-14 14:02:48 +02:00
Paul Bakker
1a45d91cf2
Restructured cipher_set_padding_mode() to use switch statement
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
ebdc413f44
Add 'no padding' mode
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95
Add zero padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a
Add zeros-and-length (ANSI X.923) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad
Add one-and-zeros (ISO/IEC 7816-4) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
b7d24bc7ca
Fix bug in get_pkcs_padding(): cannot be 0-length
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
ac56a1aec4
Make cipher_set_padding() actually work
...
(Only one padding mode recognized yet.)
2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5
Add cipher_set_padding() (no effect yet)
...
Fix pattern in tests/.gitignore along the way.
2013-08-14 14:02:46 +02:00
Paul Bakker
0f2f0bfc87
CAMELLIA-based PSK and DHE-PSK ciphersuites added
2013-07-26 15:04:03 +02:00
Paul Bakker
b548d773b3
Fixed memory leak in ecdh_compute_shared() in case of error
2013-07-26 14:22:19 +02:00
Paul Bakker
cca998a4c5
Fixed memory leak in ecdsa_sign() / ecdsa_verify() in case of error
2013-07-26 14:22:16 +02:00
Paul Bakker
1e6a175362
Support for AIX header locations in net.c module
2013-07-26 14:10:22 +02:00
Paul Bakker
52cf16caeb
Fixed multiple use of GCM-context bug due to split-up of GCM functions
2013-07-26 13:56:22 +02:00
Paul Bakker
d9ca94a677
Updated merged pk.c and x509parse.c changes with new memory allocation functions
2013-07-25 11:25:09 +02:00
Paul Bakker
8c1ede655f
Changed prototype for ssl_set_truncated_hmac() to allow disabling
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
277f7f23e2
Implement hmac truncation
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
57c2852807
Added truncated hmac negociation (without effect)
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0
Add interface for truncated hmac
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
ed4af8b57c
Move negotiated max fragment length to session
...
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard
581e6b6d6c
Prepare migrating max fragment length to session
...
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard
6b4f237f6a
Forbid setting max_frag_len > MAX_CONTENT_LEN
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
30dc7ef3ad
Reset max_fragment_length in ssl_session_reset()
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
7bb7899121
Send max_fragment_length extension (server)
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
f11a6d78c7
Rework server extensions writing
2013-07-18 11:23:38 +02:00
Manuel Pégourié-Gonnard
de600e571a
Read max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
a052849640
Send max_fragment_length extension (client)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
48f8d0dbbd
Read max_fragment_length extension (server)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
787b658bb3
Implement max_frag_len write restriction
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
8b46459ae5
Add ssl_set_max_frag_len()
2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
c2c90031ec
Fix pk_set_type() behaviour for unkown type
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
14d8564402
Fix overflow check in oid_get_numeric_string()
...
(The fix in 791eed3
was wrong.)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
fd5164e283
Fix some more ifdef's RSA/EC, in pk and debug
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
ab2d9836b4
Fix some ifdef's in x509parse
...
While at it:
- move _rsa variants systematically after generic functions
- unsplit x509parse_key_pkcs8_encrypted_der() (reverts a5d9974
)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
96f3a4e1b3
Rm ecp_keypair.alg
...
Avoid duplicating information already present in pk_context.
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
8b863cd641
Merge EC & RSA versions of x509_parse_key()
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
6e88202a95
Merge EC & RSA versions of parse_pkcs8_unencrypted
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac
Some more EC pubkey parsing refactoring
...
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
1c808a011c
Refactor some EC key parsing code
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
991d0f5aca
Remove rsa member from x509_cert structure
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
ff56da3a26
Fix direct uses of x509_cert.rsa, now use pk_rsa()
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
893879adbd
Adapt debug_print_crt() for EC keys
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
5b18fb04ca
Fix bug in x509_get_{ecpubkey,subpubkey}()
...
- 'p' was not properly updated
- also add a few more checks while at it
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
360a583029
Adapt x509parse_cert_info() for EC
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
674b2243eb
Prepare transition from x509_cert.rsa to pk
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
a155513e7b
Rationalize use of x509_get_alg variants
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7a287c409e
Rename x509_get_algid() to x509_get_pk_alg()
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
7c5819eb1e
Fix warnings (enum value missing from switch/case)
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
1e60cd09b0
Expand oid_get_sig_alg() for ECDSA-based algs
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
244569f4b1
Use generic x509_get_pubkey() for RSA functions
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
4fa0476675
Use new x509_get_pubkey() in x509parse_public_key()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
c296c5925e
Introduce generic x509_get_pubkey()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
094ad9e512
Rename x509_get_pubkey to _rsa and split it up
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
f16ac763f6
Simplify length mismatch check in x509_get_pubkey
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
20c12f6b5f
Factor more code into x509_get_pubkey()
2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
788db112a5
Get rid of x509_cert.pkoid
...
Unused, comment did not match reality, and will soon be superseeded by the
'type' field of the pk_context which will replace rsa_context.
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
374e4b87d4
pk_set_type() cannot be used to reset key type
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
0a64e8f1fd
Rework algorithmIdentifier parsing
2013-07-17 15:59:39 +02:00
Paul Bakker
f4a1427ae7
base64_decode() also forcefully returns on dst == NULL
2013-07-16 17:48:58 +02:00
Paul Bakker
61d113bb7b
Init and free new contexts in the right place for SSL to prevent
...
memory leaks
2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
7d4e5b739e
Simplify password check in pem_read_buffer()
2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
791eed3f33
Fix portability issue in oid_get_numeric_string()
2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
de44a4aecf
Rename ecp_check_prvkey with a 'i' for consistency
2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
81c313ccc6
Add #ifdef's on RSA and EC in PK
2013-07-09 10:49:09 +02:00
Manuel Pégourié-Gonnard
1f73a65c06
Fix ommission in pk_free().
2013-07-09 10:42:13 +02:00
Manuel Pégourié-Gonnard
7a6c946446
Fix error code in pk.h
2013-07-09 10:37:27 +02:00
Manuel Pégourié-Gonnard
8838099330
Add x509parse_{,public}_key{,file}()
...
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
12e0ed9115
Add pk_context and associated functions
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
d4ec21dd47
Add a check for multiple curve specification
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
80300ad0d9
Add checks for pk_alg.
...
Used to be implicitly done by oid_get_pk_alg().
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
9c1cf459dd
Implement x509parse_key_pkcs8_encrypted_der_ec()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
a5d9974423
Split up x509_parse_pkcs8_encrypted_der()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
416fa8fde5
Implement x509parse_key_pkcs8_unencrypted_der_ec()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f8648d51b1
Fix undocumented feature of pem_read_buffer()
...
Used to work only for RSAPrivateKey content, now accepts ECPrivateKey too,
and may even work with similar enough structures when they appear.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
e366342233
Implement x509parse_key_sec1_der()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
15e8b82724
Fill in x509parse_key_ec using stub function
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
73c0cda346
Complete x509parse_public_key_ec()
...
Warning: due to a bug in oid_descriptor_from_buf(), keys associated to some
curves (secp224r1, secp384r1, secp521r1) are incorrectly rejected,
since their namedCurve OID contains a nul byte.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f838eeda09
Add x509_get_ecparams()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
f0b30d0542
Add oid_get_ec_grp() and associated data
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
5a9b82e234
Make oid_get_pk_alg handle EC algorithms
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
dffba8f63e
Fix bug in oid_get_numeric_string()
...
Overflow check was done too early, causing many false positives.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
444b42710a
Optionally allow parameters in x509_get_tag()
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
26833c2fc6
Add stubs for x509parse_key_ec and co.
2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
4250a1f818
Fix a comment and some whitespace
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83
Add ecp_check_prvkey, with test
...
Also group key checking and generation functions in ecp.h and ecp.c.
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
b8c6e0e3e9
Add ecp_keypair struct, init/free and constants
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
7c8934ea0e
Add ecdsa_init and ecdsa_free
2013-07-08 15:30:23 +02:00
Paul Bakker
1ef120f5fd
Updated buffer-allocator with free-block-list to speed up searches
2013-07-03 17:22:32 +02:00
Paul Bakker
41350a9a7e
Fixed spaces in memory_buffer_alloc.c
2013-07-03 17:22:32 +02:00
Paul Bakker
fa9b10050b
Also compiles / runs without time-based functions in OS
...
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
891998e0c3
Added extra debug information to memory_buffer_alloc_status()
2013-07-03 17:22:31 +02:00
Paul Bakker
bd5524471a
Removed memory leak in PKCS#12 code
2013-07-03 17:22:31 +02:00
Paul Bakker
4632083c78
Removed memory leaks in PKCS#5 functions
2013-07-03 17:22:31 +02:00
Paul Bakker
6e339b52e8
Memory-allocation abstraction layer and buffer-based allocator added
2013-07-03 17:22:31 +02:00
Paul Bakker
f863485fea
Remove memory leak in PKCS#5 self test
2013-07-03 13:31:52 +02:00
Paul Bakker
abf2f8fcf9
zlib compression/decompression skipped on empty blocks
2013-06-30 14:57:46 +02:00
Paul Bakker
e5bffc319d
Removed redundant includes
2013-06-30 14:53:06 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
3866b9f4b5
Removed redundant inclusion
2013-06-30 12:53:14 +02:00
Paul Bakker
fd3eac5786
Cleaned up ECP error codes
2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05
Made supported curves configurable
2013-06-29 23:26:34 +02:00
Paul Bakker
e2ab84f4a1
Renamed error_strerror() to the less conflicting polarssl_strerror()
...
Ability to keep old function error_strerror() as well with
POLARSSL_ERROR_STRERROR_BC. Also works with
POLARSSL_ERROR_STRERROR_DUMMY.
2013-06-29 18:35:41 +02:00
Paul Bakker
2fbefde1d8
Client and server now filter sent and accepted ciphersuites on minimum
...
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
59c28a2723
SSL v2 handshake should also handle dynamic ciphersuites
2013-06-29 18:35:40 +02:00
Paul Bakker
f8d018a274
Made asn1_get_alg() and asn1_get_alg_null() as generic functions
...
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
2013-06-29 18:35:40 +02:00
Paul Bakker
ce6ae233cb
Macro-ized the final internal OID functions
2013-06-29 18:35:40 +02:00
Paul Bakker
47fce02bd8
Defines around module-dependent OIDs
2013-06-29 18:35:40 +02:00
Paul Bakker
7749a22974
Moved PKCS#12 cipher layer based PBE detection to use OID database
2013-06-29 18:32:16 +02:00
Paul Bakker
dd1150e846
Macro-ized single and double attribute functions in OID database
2013-06-28 17:20:22 +02:00
Paul Bakker
bd51ad538d
Re-ordered OID internals. Made macro for oid_XXX_from_asn1() functions
2013-06-28 16:54:23 +02:00
Paul Bakker
9b5e885611
PKCS#5 PBES2 now uses OID database for algorithm detection
2013-06-28 16:12:50 +02:00
Paul Bakker
c5a79cca53
Fixed compiler warnings for unused parameter ssl
2013-06-26 15:08:35 +02:00
Paul Bakker
b9d3cfa114
Split up GCM into a start/update/finish cycle
2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a
Made ctr_drbg_init_entropy_len() non-static and defined
2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6
Cleanup up non-prototyped functions (static) and const-correctness
...
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
169b7f4a13
Fixed gcm.c formatting (removed redundant spaces)
2013-06-25 15:06:54 +02:00
Paul Bakker
bda7cb76fa
Fixed minor comment typo
...
(cherry picked from commit da7fdbd534
)
2013-06-25 15:06:54 +02:00
Paul Bakker
38b50d73a1
Moved PKCS#12 PBE functions to cipher / md layer where possible
...
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).
In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2
)
2013-06-25 15:06:53 +02:00
Paul Bakker
0e34235644
Fixed values for 2-key Triple DES in cipher layer
...
(cherry picked from commit 2be71faae4
)
2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb
x509parse_crt() and x509parse_crt_der() return X509 password related codes
...
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c7
)
2013-06-25 15:06:53 +02:00
Paul Bakker
72823091c2
Removed redundant free()s
...
(cherry picked from commit 1fc7dfe2e2
)
2013-06-25 15:06:53 +02:00
Paul Bakker
cf445ffc4e
Added missing free()
...
(cherry picked from commit ff3a4b010b
)
2013-06-25 15:06:53 +02:00