Commit graph

1002 commits

Author SHA1 Message Date
Paul Bakker
c7878113cb Do not set done in case of a fall-through 2013-03-13 11:44:40 +01:00
Paul Bakker
5bd422937a Reverted commit 186751d9dd and made out_hdr and out_msg back-to-back again 2013-03-13 11:44:40 +01:00
Paul Bakker
fae35f0601 Functions in cipher_wrap.c marked static 2013-03-13 10:33:51 +01:00
Paul Bakker
d1df02a8a3 Functions inside md_wrap.c now marked static 2013-03-13 10:31:31 +01:00
Paul Bakker
ac0fba5389 Added missing header for MD2 and made code compile with missing header
files
2013-03-13 10:28:40 +01:00
Paul Bakker
1bd3ae826c Added md_process() to MD layer for generic internal access to hash
process functions

Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
2013-03-13 10:26:44 +01:00
Paul Bakker
90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker
fb1cbd3cea Fixed assembly code for ARM (Thumb and regular) for some compilers 2013-03-06 18:14:52 +01:00
Paul Bakker
e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
a35aa54967 Fixed whitespaces in ChangeLog 2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker
926c8e49fe Fixed possible NULL pointer exception in ssl_get_ciphersuite() 2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46 Removed timing differences due to bad padding from RSA decrypt for
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
e3e4a59622 Added bugfix line for previous fixes for MS Visual Studio 2013-03-06 18:01:02 +01:00
Paul Bakker
8ea31ff3b5 Added missing typedef for INT64 2013-03-06 18:01:02 +01:00
Paul Bakker
9f2018ea28 Fixed typo in _MSC_VER (double underscore at the start) 2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3 Added conversion to int for a t_uint value to prevent compiler warnings
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5 Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1 Made x509parse.c also work with missing hash header files 2013-02-19 13:17:38 +01:00
Paul Bakker
6deb37e03e Added comments to indicate dependency from PEM on AES, DES and MD5 2013-02-19 13:17:08 +01:00
Paul Bakker
fbb5cf9f59 Fixed typo in base64.h 2013-02-14 11:56:58 +01:00
Paul Bakker
86f04f400b Fixed comment 2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Manuel Pégourié-Gonnard
f35b739dff Add a few check for context validity. 2013-02-11 22:12:39 +01:00
Manuel Pégourié-Gonnard
424fda5d7b Add ecdh_calc_secret() 2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c Add ecdh_{make,read}_public() 2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2 Add ecdh_read_params(). 2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
13724765b2 Add ecdh_make_server_params (untested yet) 2013-02-10 15:01:54 +01:00
Manuel Pégourié-Gonnard
63533e44c2 Create ecdh_context structure 2013-02-10 14:22:44 +01:00
Manuel Pégourié-Gonnard
98f51815d6 Fix ecp_tls_read_point's signature 2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418 Fix ecp_tls_read_group's signature 2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
8c16f96259 Add a few tests for ecp_tls_read_point 2013-02-10 13:00:20 +01:00
Manuel Pégourié-Gonnard
46106a9d75 Add tests for (and fix bug in) ecp_tls_write_group 2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675 Fix ecp_tls_write_point's signature 2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
b325887fad Add ecp_tls_write_group() 2013-02-10 12:06:19 +01:00
Manuel Pégourié-Gonnard
6282acaec2 Add basic tests for ecp_tls_*_point 2013-02-10 11:15:11 +01:00
Manuel Pégourié-Gonnard
7e86025f32 Rename ecp_*_binary to ecp_point_*_binary 2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22 Supress 'format' argument to ecp_read_binary.
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
0079405918 Add functions for read/write ECPoint records 2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard
1a96728964 Add function parsing a TLS ECParameters record 2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6 Fixed timing difference resulting from badly formatted padding. 2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Manuel Pégourié-Gonnard
cf4a70c8ed Adjust names of ECDSA tests. 2013-01-27 09:10:53 +01:00