Paul Bakker
c3f89aa26c
Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result)
2014-05-01 10:56:03 +02:00
Paul Bakker
9bb04b6389
Removed redundant code in mpi_fill_random()
2014-05-01 09:47:02 +02:00
Paul Bakker
2ca1dc8958
Updated error.c and version_features.c based on changes
2014-05-01 09:46:38 +02:00
Markus Pfeiffer
a26a005acf
Make compilation on DragonFly work
2014-04-30 16:52:28 +02:00
Paul Bakker
2a024ac86a
Merge dependency fixes
2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard
c16f4e1f78
Move RC4 ciphersuites down the list
2014-04-30 16:27:06 +02:00
Paul Bakker
8eab8d368b
Merge more portable AES-NI
2014-04-30 16:21:08 +02:00
Paul Bakker
33dc46b080
Fix bug with mpi_fill_random() on big-endian
2014-04-30 16:20:39 +02:00
Paul Bakker
f96f7b607a
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-04-30 16:02:38 +02:00
Paul Bakker
6384440b13
Better support for the different Attribute Types from IETF PKIX (RFC 5280)
2014-04-30 15:34:12 +02:00
Paul Bakker
1a1fbba1ae
Sanity length checks in ssl_read_record() and ssl_fetch_input()
...
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-04-30 14:48:51 +02:00
Paul Bakker
24f37ccaed
rsa_check_pubkey() now allows an E up to N
2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5
version_check_feature() added to check for compile-time options at run-time
2014-04-30 11:49:44 +02:00
Paul Bakker
a70366317d
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
3d41370645
Fix hash dependencies in X.509 tests
2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard
3a306b9067
Fix misplaced #endif in ssl_tls.c
2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard
b1fd397be6
Adapt AES-NI code to "old" binutil versions
2014-04-26 17:17:31 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6
Debug module only outputs full lines instead of parts
2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa
debug_set_log_mode() added to determine raw or full logging
2014-04-25 16:58:14 +02:00
Paul Bakker
61885c7f7f
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
...
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker
4ffcd2f9c3
Typo in PKCS#11 module
2014-04-25 11:44:12 +02:00
Paul Bakker
10a9dd35ea
Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c
2014-04-25 11:27:16 +02:00
Paul Bakker
0767e67d17
Add support for 'emailAddress' to x509_string_to_names()
2014-04-18 14:11:37 +02:00
Paul Bakker
c70e425a73
Only iterate over actual certificates in ssl_write_certificate_request()
2014-04-18 13:50:19 +02:00
Paul Bakker
f4cf80b86f
Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code
2014-04-17 17:24:29 +02:00
Paul Bakker
4f42c11846
Remove arbitrary maximum length for cipher_list and content length
2014-04-17 15:37:39 +02:00
Paul Bakker
d893aef867
Force default value to curve parameter
2014-04-17 14:45:34 +02:00
Paul Bakker
93389cc620
Remove const indicator
2014-04-17 14:44:38 +02:00
Paul Bakker
874bd64b28
Check setsockopt() return value in net_bind()
2014-04-17 12:43:05 +02:00
Paul Bakker
3d8fb63e11
Added missing MPI_CHK around mpi functions
2014-04-17 12:42:41 +02:00
Paul Bakker
a9c16d2825
Removed unused cur variable in x509_string_to_names()
2014-04-17 12:42:18 +02:00
Paul Bakker
0e4f9115dc
Fix iteration counter
2014-04-17 12:39:05 +02:00
Paul Bakker
784b04ff9a
Prepared for version 1.3.6
2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard
9655e4597a
Reject certificates with times not in UTC
2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard
0776a43788
Use UTC to heck certificate validity
2014-04-11 13:59:31 +02:00
Paul Bakker
52c5af7d2d
Merge support for verifying the extendedKeyUsage extension in X.509
2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard
78848375c0
Declare EC constants as 'const'
2014-04-11 13:58:41 +02:00
Paul Bakker
1630058dde
Potential buffer overwrite in pem_write_buffer() fixed
...
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard
0408fd1fbb
Add extendedKeyUsage checking in SSL modules
2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca
Add x509_crt_check_extended_key_usage()
2014-04-11 11:09:00 +02:00
Paul Bakker
d6ad8e949b
Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C
2014-04-09 17:24:14 +02:00
Paul Bakker
a77de8c841
Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off
2014-04-09 16:39:35 +02:00
Paul Bakker
043a2e26d0
Merge verification of the keyUsage extension in X.509 certificates
2014-04-09 15:55:08 +02:00
Manuel Pégourié-Gonnard
a9db85df73
Add tests for keyUsage with client auth
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
490047cc44
Code cosmetics
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
312010e6e9
Factor common parent checking code
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
f93a3c4335
Check the CA bit on trusted CAs too
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
99d4f19111
Add keyUsage checking for CAs
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
3fed0b3264
Factor some common code in x509_verify{,_child}
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2
Check keyUsage in SSL client and server
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
603116c570
Add x509_crt_check_key_usage()
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
2abed84225
Specific return code for PK sig length mismatch
2014-04-09 15:50:00 +02:00
Manuel Pégourié-Gonnard
35e95ddca4
Add special return code for ecdsa length mismatch
2014-04-09 15:49:59 +02:00
Paul Bakker
ddd427a8fc
Fixed spacing in entropy_gather()
2014-04-09 15:49:57 +02:00
Paul Bakker
75342a65e4
Fixed typos in code
2014-04-09 15:49:57 +02:00
Manuel Pégourié-Gonnard
0f79babd4b
Disable timing_selftest() for now
2014-04-09 15:49:51 +02:00
Paul Bakker
17b85cbd69
Merged additional tests and improved code coverage
...
Conflicts:
ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f
Prevent potential NULL pointer dereference in ssl_read_record()
2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard
8c045ef8e4
Fix embarrassing X.509 bug introduced in 9533765
2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae
Implement ALPN server-side
2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
0148875cfc
Add tests and fix bugs for RSA-alt contexts
2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
7e250d4812
Add ALPN interface
2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard
79e58421be
Also test net_usleep in timing_selttest()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33
Add test for dhm_parse_dhmfile
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
7afdb88216
Test and fix x509_oid functions
2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
d6aebe108a
Add 'volatile' to hardclock()'s asm
...
Prevents calls from being optimised away in timing_self_test().
(Should no be a problem for calls from other files.)
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
13a1ef8600
Misc selftest adjustements
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5
Add timing_self_test() with consistency tests
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
487588d0bf
Whitespace fixes
2014-04-04 16:33:01 +02:00
Paul Bakker
e4205dc50a
Merged printing of X509 extensions
2014-04-04 15:36:10 +02:00
Paul Bakker
5ff3f9134b
Small fix for EFI build under Windows in x509_crt.c
2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard
0db29b05b5
More compact code using macros
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0
x509_crt_info() list output cosmectics
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3
Print extended key usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318
Print key_usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855
Print subject alt name in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829
Print NS Cert Type in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f
Start printing extensions in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
74bc68ac62
Fix default #define for malloc/free
2014-04-02 13:20:00 +02:00
Paul Bakker
75a2860f26
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard
dd75c3183b
Remove potential timing leak in ecdsa_sign()
2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard
5b8c409f53
Fix a warning (theoretical uninitialised variable)
2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
969ccc6289
Fix length checking of various ClientKeyExchange's
2014-03-27 21:10:56 +01:00
Paul Bakker
96d5265315
Made ready for release 1.3.5
2014-03-26 16:55:50 +01:00
Paul Bakker
5fff23b92a
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-03-26 15:34:54 +01:00
Paul Bakker
4c284c9141
Removed LCOV directives from code
2014-03-26 15:33:05 +01:00
Paul Bakker
77f4f39ea6
Make sure no random pointer occur during failed malloc()'s
2014-03-26 15:30:20 +01:00
Paul Bakker
db1f05985e
Add a check for buffer overflow to pkcs11_sign()
...
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.
An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)
As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
2014-03-26 15:14:21 +01:00
Paul Bakker
91c61bc4fd
Further tightened the padlen check to prevent underflow / overflow
2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
c042cf0013
Fix broken tests due to changed error code
...
Introduced in 5246ee5c59
2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb
Fix possible buffer overflow with PSK
2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard
fdddac90a6
Fix stupid bug in rsa_copy()
2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard
f84f799bcf
Tune debug_print_ret format
2014-03-26 12:58:46 +01:00
Paul Bakker
b13d3ffb80
Provide no info from entropy_func() on future entropy
2014-03-26 12:51:25 +01:00
Paul Bakker
66ff70dd48
Support for seed file writing and reading in Entropy
2014-03-26 11:58:07 +01:00
Paul Bakker
3f0be61a27
Merged support for parsing EC keys that use SpecifiedECDomain
2014-03-26 11:30:39 +01:00
Manuel Pégourié-Gonnard
9592485d0c
Fix some MSVC12 conversion warnings
2014-03-21 12:03:07 +01:00
Manuel Pégourié-Gonnard
3b6269aa08
Fix warnings on MinGW
2014-03-21 12:03:03 +01:00
Manuel Pégourié-Gonnard
6fac3515d0
Make support for SpecifiedECDomain optional
2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
5246ee5c59
Work around compressed EC public key in some cases
2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
eab20d2a9c
Implement parsing SpecifiedECParameters
2014-03-19 15:51:12 +01:00
Paul Bakker
6c1f69b879
MinGW32 static build should link to windows libs and libz
2014-03-17 15:11:13 +01:00
Paul Bakker
3d6504a935
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard
2eea29238c
Make the compiler work-around more specific
2014-03-14 18:23:26 +01:00
Paul Bakker
a4b0343edf
Merged massive SSL Testing improvements
2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
bb8661e006
Work around a compiler bug on OS X.
2014-03-14 09:21:20 +01:00
Manuel Pégourié-Gonnard
d701c9aec9
Fix memory leak in server with expired tickets
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
84c30c7e83
Fix memory leak in ssl_cache
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
145dfcbfc2
Fix bug with NewSessionTicket and non-blocking I/O
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
96ea2f2557
Add tests for SNI
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
8520dac292
Add tests for auth_mode
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
da6b4d3e8c
Change RSA embedded cert to a localhost cert
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
dfbf9c711d
Fix bug in m_sleep()
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
274a12e17c
Fix bug with ssl_cache and max_entries=0
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
f7c52014ec
Add basic tests for session resumption
2014-03-14 08:41:00 +01:00
hasufell
3c6409b066
CMake: allow to build both shared and static at once
...
This allows for more fine-grained control. Possible combinations:
* static off, shared on
* static on, shared off
* static on, shared on
The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.
Default is: only build static lib.
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9a6e93e7a4
Reserve -1 as an error code (used in programs)
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
844a4c0aef
Fix RSASSA-PSS example programs
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
83cdffc437
Forbid sequence number wrapping
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
3c599f11b0
Avoid possible segfault on bad server ciphersuite
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25
Reject certs and CRLs from the future
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
6304f786e0
Add x509_time_future()
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c
Fix depend issues in test suites for cipher modes
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
1ec220b002
Add missing #ifdefs in aes.h
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
648656a628
Fix error code in dhm_selftest()
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff
Countermeasure against "triple handshake" attack
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
fdf3f0e671
Avoid "unreachable code" warning
2014-03-11 13:47:05 +01:00
Manuel Pégourié-Gonnard
2a2ae642d8
Fix forgotten curves in #ifdef
2014-02-24 10:29:21 +01:00
Manuel Pégourié-Gonnard
6b1e207081
Fix verion-major intolerance
2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard
c9093085ed
Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
...
This reverts commit ab50d8d30c
, reversing
changes made to e31b1d992a
.
2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard
6df09578bb
Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic"
...
This reverts commit 9eae7aae80
.
2014-02-12 09:29:05 +01:00
Paul Bakker
f2561b3f69
Ability to provide alternate timing implementation
2014-02-06 15:32:26 +01:00
Paul Bakker
47703a0a80
More entropy functions made thread-safe (add_source, update_manual, gather)
2014-02-06 15:01:20 +01:00
Paul Bakker
9eae7aae80
Mutex call in x509_crt.c depended on PTHREAD specific instead of generic
...
threading
2014-02-06 14:51:53 +01:00
Paul Bakker
6a28e722c9
Merged platform compatibility layer
2014-02-06 13:44:19 +01:00
Paul Bakker
0910f32ee3
Fixed compile warning (in test-ref-configs)
2014-02-06 13:41:18 +01:00
Paul Bakker
119602bdde
Typo fix in memory_buffer_alloc.c
2014-02-06 13:20:19 +01:00
Paul Bakker
defc0ca337
Migrated the Memory layer to the Platform layer
...
Deprecated POLARSSL_MEMORY_C and placed placeholder for memory.h to make
sure current code will not break on new version.
2014-02-06 13:20:17 +01:00
Paul Bakker
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
Paul Bakker
747a83a0f7
Platform abstraction layer for memory, printf and fprintf
2014-02-06 13:15:25 +01:00
Paul Bakker
ab50d8d30c
Merged RSA-PSS support in Certificate, CSR and CRL
2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard
f07031aa98
debug_ecp: don't print Z, always 1
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
f6dc5e1d16
Remove temporary debug code
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc
Print curve name instead of size in debugging
...
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ab24010b54
Enforce our choice of allowed curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7f38ed0bfa
ssl_set_curves is no longer ECDHE only
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
cd49f76898
Make ssl_set_curves() work client-side too.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ac7194133e
Renamings and other fixes
2014-02-06 10:28:38 +01:00
Gergely Budai
e40c469ad3
The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85
Rename ecdh_curve_list to curve_list
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563
Make ssl_set_ecdh_curves() a compile-time option
2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b
Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
fbf0915404
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-02-05 17:01:24 +01:00
Paul Bakker
5fb8efe71e
Merged HMAC-DRBG code
2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard
6e8e34d61e
Fix ecp_gen_keypair()
...
Too few tries caused failures for some curves (esp. secp224k1)
2014-02-05 15:53:45 +01:00
Manuel Pégourié-Gonnard
b05db2a6aa
Save memory by not storing the HMAC key
2014-02-01 11:38:05 +01:00
Manuel Pégourié-Gonnard
cf38367f45
Fix HMAC_DRBG and RIPEMD160 error codes
2014-02-01 10:24:53 +01:00
Manuel Pégourié-Gonnard
446ee6618f
Add LCOV_EXCLUDE_LINE on some IO errors
2014-02-01 10:08:26 +01:00
Manuel Pégourié-Gonnard
b3b205e081
Clean up details in ctr_drbg_selftest()
2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard
79afaa0551
Add hmac_drbg_selftest()
2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
48bc3e81da
Add hmac_drbg_{write,update}_seed_file()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
efc8d8078b
Use safer names for macros
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
6e897c2a59
Add more checks and references
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
d742a032f4
Use md_hmac_reset() when possible
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
658dbed080
Add automatic periodic reseeding
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
af786ff6cc
Add hmac_drbg_set_prediction_resistance()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
8fc484d1df
Add hmac_drbg_reseed()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
4e669c614d
Add hmac_drbg_set_entropy_len()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
fe34a5fb83
Add entropy callbacks to HMAC_DRBG
2014-01-30 15:06:40 +01:00
Manuel Pégourié-Gonnard
8208d167da
Add hmac_random_with_add()
2014-01-30 12:19:26 +01:00
Manuel Pégourié-Gonnard
7845fc06c9
Use new HMAC_DRBG module for deterministic ECDSA
2014-01-30 10:58:48 +01:00
Manuel Pégourié-Gonnard
490bdf3928
Add minimalistic HMAC_DRBG implementation
...
(copied from ECDSA)
2014-01-30 10:58:48 +01:00
Paul Bakker
2aca241425
Ready for release 1.3.4
2014-01-27 11:59:30 +01:00
Paul Bakker
42099c3155
Revert "Add pk_rsa_set_padding() and rsa_set_padding()"
...
This reverts commit b4fae579e8
.
Conflicts:
library/pk.c
tests/suites/test_suite_pk.data
tests/suites/test_suite_pk.function
2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard
27b93ade6e
Factor common code for printing sig_alg
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5cac583482
Factor out some common code
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
41cae8e1f9
Parse CSRs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5eeb32b552
Parse CRLs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
ce7c6fd433
Fix dependencies
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b7de86d834
More checks for length match in rsassa-pss params
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
3c1e8b539c
Finish parsing RSASSA-PSS parameters
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d9fd87be33
Start parsing RSASSA-PSS parameters
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b1d4eb16e4
Basic parsing of certs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Paul Bakker
556efba51c
Added AES CFB8 mode
2014-01-24 15:38:12 +01:00
Paul Bakker
80025417eb
net_is_block() renamed to net_would_block() and corrected behaviour on
...
non-blocking sockets
net_would_block() now does not return 1 if the socket is blocking.
2014-01-23 21:00:57 +01:00
Paul Bakker
c2024f4592
Added MPI_CHK around unguarded mpi calls
2014-01-23 21:00:57 +01:00
Manuel Pégourié-Gonnard
8e205fc0bc
Fix potential buffer overflow in suported_curves_ext
2014-01-23 17:27:10 +01:00
Paul Bakker
9f3c7d7278
Added missing POLARSSL_ECDSA_DETERMINISTIC around ecdsa_write_signature_det()
2014-01-23 16:11:14 +01:00
Paul Bakker
18e9f3282b
Added missing static to md_info_by_size() in ecdsa.c
2014-01-23 16:08:38 +01:00
Paul Bakker
bf98c3dd11
Merged deterministic ECDSA
...
Conflicts:
library/ecdsa.c
2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard
dfab4c1193
Add forgotten #ifdef and depends_on
2014-01-22 16:01:06 +01:00
Paul Bakker
5862eee4ca
Merged RIPEMD-160 support
2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b
Renamed RMD160 to RIPEMD160
2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc
Merged support for secp224k1, secp192k1 and secp25k1
2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8
Add pk_rsa_set_padding() and rsa_set_padding()
2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
7c59363a85
Remove a few dead stores
2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard
9e987edf9f
Fix potential memory leak in bignum selftest
2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard
fd6a191381
Fix misplaced initialisation.
...
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard
073f0fa2fb
Fix missing error checking in gcm
2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard
280f95bd00
Add #ifs arround ssl_ciphersuite_uses_XXX()
2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard
7cfdcb8c7f
Add a length check in ssl_derive_keys()
2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard
9af7d3a35b
Add fast reduction for the other Koblitz curves
2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard
8887d8d37c
Add mod_p256k1
...
Makes secp256k1 about 4x faster
2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard
ea499a7321
Add support for secp192k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
0a56c2c698
Fix bug in ecdh_calc_secret()
...
Only affects curves with nbits != pbits (currently only secp224k1)
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
5304812b2d
Fix theoretical compliance issue in ECDSA
...
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d
Add support for secp224k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b
Add RIPEMD-160 to the generic MD layer
2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34
Add HMAC support to RIPEMD-160
2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
cab4a8807c
Add RIPEMD-160 (core functions)
2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard
9bcff3905b
Add OIDs and TLS IDs for prime Koblitz curves
2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard
f51c8fc353
Add support for secp256k1 arithmetic
2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
65ad3e4daf
Use deterministic ECDSA in the PK layer
2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
5e6edcfd96
Add fallback for md_alg == NONE to ecdsa_sign_det()
2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
937340bce0
Add ecdsa_write_signature_det()
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
f42bca6da0
Little HMAC_DRBG refactoring
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27
Add ecdsa_sign_det() with test vectors
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
461d416892
Add minified HMAC_DRBG for deterministic ECDSA
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
e7072f8d11
Fix theoretical compliance issue in ECDSA
...
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
c9573998ca
Fix unchecked error codes in ecp_gen_keypair()
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
79f73b96d9
Remove bias in EC private key generation
2014-01-06 10:19:35 +01:00
Paul Bakker
c78c8422c2
Added failure stub for uninitialized POLARSSL_THREADING_ALT functions
2013-12-31 11:55:27 +01:00
Paul Bakker
a8fd3e31ed
Removed POLARSSL_THREADING_DUMMY option
2013-12-31 11:54:08 +01:00
Paul Bakker
4de44aa0ae
Rewrote check to prevent read of uninitialized data in
...
rsa_rsassa_pss_verify()
2013-12-31 11:43:01 +01:00
Paul Bakker
6992eb762c
Fixed potential overflow in certificate size in ssl_write_certificate()
2013-12-31 11:38:33 +01:00
Paul Bakker
6ea1a95ce8
Added missing MPI_CHK() around some statements
2013-12-31 11:17:14 +01:00
Paul Bakker
5bc07a3d30
Prepped for 1.3.3
2013-12-31 10:57:44 +01:00
Paul Bakker
00f5c52bfe
Added cast to socket() return value to prevent Windows warning
2013-12-31 10:45:16 +01:00
Paul Bakker
c73879139e
Merged ECP memory usage optimizations
2013-12-31 10:33:47 +01:00
Paul Bakker
53e1513fea
Initialize ebx and edx in padlock functions
2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard
26bc1c0f5d
Fix a few unchecked return codes in EC
2013-12-30 19:33:33 +01:00
Paul Bakker
93759b048f
Made AES-NI bit-size specific key expansion functions static
2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard
9e4191c3e7
Add another option to reduce EC memory usage
...
Also document speed/memory trade-offs better.
2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard
70896a023e
Add statistics about number of allocated blocks
2013-12-30 19:16:05 +01:00
Paul Bakker
ec4bea7eee
Forced cast to unsigned int for %u format in ecp_selftest()
2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard
1f789b8348
Lessen peak memory usage in EC by freeing earlier
...
Cuts peak usage by 25% :)
2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard
72c172a13d
Save some small memory allocations inside ecp_mul()
2013-12-30 16:04:55 +01:00
Paul Bakker
f0fc2a27b0
Properly put the pragma comment for the MSVC linker in defines
2013-12-30 15:42:43 +01:00
Paul Bakker
92bcadb110
Removed 'z' length modifier from low-value size_t in ecp_selftest()
2013-12-30 15:37:17 +01:00
Paul Bakker
e7f5133590
Fixed superfluous return value in aesni.c
2013-12-30 15:32:02 +01:00
Paul Bakker
0d0de92156
Only specify done label in aes.c when AES-NI is possible
2013-12-30 15:29:04 +01:00
Paul Bakker
956c9e063d
Reduced the input / output overhead with 200+ bytes and covered corner
...
case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard
d4588cfb6a
aesni_gcm_mult() now returns void
2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard
bfa3c9a85f
Remove temporary code
2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard
23c2f6fee5
Add AES-NI key expansion for 192 bits
2013-12-29 16:05:22 +01:00