Manuel Pégourié-Gonnard
|
f346bab139
|
Start parsing RSASSA-PSS parameters
|
2014-06-02 16:10:29 +02:00 |
|
Manuel Pégourié-Gonnard
|
59a75d5b9d
|
Basic parsing of certs signed with RSASSA-PSS
|
2014-06-02 16:10:29 +02:00 |
|
Peter Vaskovic
|
7015de7e67
|
Fix WSAStartup return value check.
SOCKET_ERROR was not a valid return value.
WSAStartup returns 0 on success, so check that instead.
|
2014-05-28 11:40:51 +02:00 |
|
Paul Bakker
|
14b16c62e9
|
Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker)
Move strlen out of for loop.
Remove redundant null checks before free.
|
2014-05-28 11:34:33 +02:00 |
|
Peter Vaskovic
|
8ebfe084ab
|
Fix minor format string inconsistency.
|
2014-05-28 11:12:51 +02:00 |
|
Peter Vaskovic
|
c2bbac968b
|
Fix misplaced parenthesis.
|
2014-05-28 11:06:31 +02:00 |
|
Peter Vaskovic
|
541529e770
|
Remove unused arrays.
|
2014-05-28 11:04:48 +02:00 |
|
Paul Bakker
|
b5212b436f
|
Merge CCM cipher mode and ciphersuites
Conflicts:
library/ssl_tls.c
|
2014-05-22 15:30:31 +02:00 |
|
Paul Bakker
|
0f651c7422
|
Stricter check on SSL ClientHello internal sizes compared to actual packet size
|
2014-05-22 15:12:19 +02:00 |
|
Brian White
|
12895d15f8
|
Fix less-than-zero checks on unsigned numbers
|
2014-05-22 13:52:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
82a5de7bf7
|
Enforce alignment even if buffer is not aligned
|
2014-05-22 13:52:49 +02:00 |
|
Manuel Pégourié-Gonnard
|
fe671f4aeb
|
Add markers around generated code in error.c
|
2014-05-22 13:52:48 +02:00 |
|
Manuel Pégourié-Gonnard
|
8ff17c544c
|
Add missing DEBUG_RET on cipher failures
|
2014-05-22 13:52:48 +02:00 |
|
Manuel Pégourié-Gonnard
|
61edffef28
|
Normalize "should never happen" messages/errors
|
2014-05-22 13:52:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
2e5ee32033
|
Implement CCM and CCM_8 ciphersuites
|
2014-05-20 16:29:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
5efd772ef0
|
Small readability improvement
|
2014-05-14 14:10:37 +02:00 |
|
Manuel Pégourié-Gonnard
|
6768da9438
|
Register CCM ciphersuites (not implemented yet)
|
2014-05-14 14:10:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
41936957b3
|
Add AES-CCM and CAMELLIA-CCM to the cipher layer
|
2014-05-14 14:10:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
de7bb44004
|
Use cipher_auth_{en,de}crypt() in ssl_tls.c
|
2014-05-14 14:10:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
4562ffe2e6
|
Add cipher_auth_{en,de}crypt()
|
2014-05-14 14:10:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
8764d271fa
|
Use cipher_crypt() in ssl_tls.c
|
2014-05-14 14:10:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
3c1d150b3d
|
Add cipher_crypt()
|
2014-05-14 14:10:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
0f6b66dba1
|
CCM operations allow input == output
|
2014-05-14 14:10:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
aed6065793
|
CCM source cosmetics/tune-ups
- source a bit shorter
- generated code slightly smaller
- preserving performance
|
2014-05-14 14:10:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
ce77d55023
|
Implement ccm_auth_decrypt()
|
2014-05-07 12:13:13 +02:00 |
|
Manuel Pégourié-Gonnard
|
002323340a
|
Refactor to prepare for CCM decryption
|
2014-05-07 12:13:12 +02:00 |
|
Manuel Pégourié-Gonnard
|
637eb3d31d
|
Add ccm_encrypt_and_tag()
|
2014-05-07 12:13:12 +02:00 |
|
Manuel Pégourié-Gonnard
|
9fe0d13e8d
|
Add ccm_init/free()
|
2014-05-06 12:12:45 +02:00 |
|
Manuel Pégourié-Gonnard
|
a6916fada8
|
Add (placeholder) CCM module
|
2014-05-06 11:28:09 +02:00 |
|
Paul Bakker
|
5593f7caae
|
Fix typo in debug_print_msg()
|
2014-05-06 10:29:28 +02:00 |
|
Paul Bakker
|
da13016d84
|
Prepped for 1.3.7 release
|
2014-05-01 14:27:19 +02:00 |
|
Paul Bakker
|
c37b0ac4b2
|
Fix typo in bignum.c
|
2014-05-01 14:19:23 +02:00 |
|
Paul Bakker
|
b9e4e2c97a
|
Fix formatting: fix some 'easy' > 80 length lines
|
2014-05-01 14:18:25 +02:00 |
|
Paul Bakker
|
9af723cee7
|
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
|
2014-05-01 13:03:14 +02:00 |
|
Paul Bakker
|
c3f89aa26c
|
Removed word 'warning' from PKCS#5 selftest (buildbot warning as a result)
|
2014-05-01 10:56:03 +02:00 |
|
Paul Bakker
|
9bb04b6389
|
Removed redundant code in mpi_fill_random()
|
2014-05-01 09:47:02 +02:00 |
|
Paul Bakker
|
2ca1dc8958
|
Updated error.c and version_features.c based on changes
|
2014-05-01 09:46:38 +02:00 |
|
Markus Pfeiffer
|
a26a005acf
|
Make compilation on DragonFly work
|
2014-04-30 16:52:28 +02:00 |
|
Paul Bakker
|
2a024ac86a
|
Merge dependency fixes
|
2014-04-30 16:50:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
cef4ad2509
|
Adapt sources to configurable config.h name
|
2014-04-30 16:40:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
c16f4e1f78
|
Move RC4 ciphersuites down the list
|
2014-04-30 16:27:06 +02:00 |
|
Paul Bakker
|
8eab8d368b
|
Merge more portable AES-NI
|
2014-04-30 16:21:08 +02:00 |
|
Paul Bakker
|
33dc46b080
|
Fix bug with mpi_fill_random() on big-endian
|
2014-04-30 16:20:39 +02:00 |
|
Paul Bakker
|
f96f7b607a
|
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
|
2014-04-30 16:02:38 +02:00 |
|
Paul Bakker
|
6384440b13
|
Better support for the different Attribute Types from IETF PKIX (RFC 5280)
|
2014-04-30 15:34:12 +02:00 |
|
Paul Bakker
|
1a1fbba1ae
|
Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
|
2014-04-30 14:48:51 +02:00 |
|
Paul Bakker
|
24f37ccaed
|
rsa_check_pubkey() now allows an E up to N
|
2014-04-30 13:43:51 +02:00 |
|
Paul Bakker
|
0f90d7d2b5
|
version_check_feature() added to check for compile-time options at run-time
|
2014-04-30 11:49:44 +02:00 |
|
Paul Bakker
|
a70366317d
|
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
|
2014-04-30 10:16:16 +02:00 |
|
Manuel Pégourié-Gonnard
|
3d41370645
|
Fix hash dependencies in X.509 tests
|
2014-04-29 15:29:41 +02:00 |
|
Manuel Pégourié-Gonnard
|
3a306b9067
|
Fix misplaced #endif in ssl_tls.c
|
2014-04-29 15:11:17 +02:00 |
|
Manuel Pégourié-Gonnard
|
b1fd397be6
|
Adapt AES-NI code to "old" binutil versions
|
2014-04-26 17:17:31 +02:00 |
|
Paul Bakker
|
c73079a78c
|
Add debug_set_threshold() and thresholding of messages
|
2014-04-25 16:58:16 +02:00 |
|
Paul Bakker
|
92478c37a6
|
Debug module only outputs full lines instead of parts
|
2014-04-25 16:58:15 +02:00 |
|
Paul Bakker
|
eaebbd5eaa
|
debug_set_log_mode() added to determine raw or full logging
|
2014-04-25 16:58:14 +02:00 |
|
Paul Bakker
|
61885c7f7f
|
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
|
2014-04-25 12:59:51 +02:00 |
|
Paul Bakker
|
4ffcd2f9c3
|
Typo in PKCS#11 module
|
2014-04-25 11:44:12 +02:00 |
|
Paul Bakker
|
10a9dd35ea
|
Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c
|
2014-04-25 11:27:16 +02:00 |
|
Paul Bakker
|
0767e67d17
|
Add support for 'emailAddress' to x509_string_to_names()
|
2014-04-18 14:11:37 +02:00 |
|
Paul Bakker
|
c70e425a73
|
Only iterate over actual certificates in ssl_write_certificate_request()
|
2014-04-18 13:50:19 +02:00 |
|
Paul Bakker
|
f4cf80b86f
|
Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code
|
2014-04-17 17:24:29 +02:00 |
|
Paul Bakker
|
4f42c11846
|
Remove arbitrary maximum length for cipher_list and content length
|
2014-04-17 15:37:39 +02:00 |
|
Paul Bakker
|
d893aef867
|
Force default value to curve parameter
|
2014-04-17 14:45:34 +02:00 |
|
Paul Bakker
|
93389cc620
|
Remove const indicator
|
2014-04-17 14:44:38 +02:00 |
|
Paul Bakker
|
874bd64b28
|
Check setsockopt() return value in net_bind()
|
2014-04-17 12:43:05 +02:00 |
|
Paul Bakker
|
3d8fb63e11
|
Added missing MPI_CHK around mpi functions
|
2014-04-17 12:42:41 +02:00 |
|
Paul Bakker
|
a9c16d2825
|
Removed unused cur variable in x509_string_to_names()
|
2014-04-17 12:42:18 +02:00 |
|
Paul Bakker
|
0e4f9115dc
|
Fix iteration counter
|
2014-04-17 12:39:05 +02:00 |
|
Paul Bakker
|
784b04ff9a
|
Prepared for version 1.3.6
|
2014-04-11 15:33:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
9655e4597a
|
Reject certificates with times not in UTC
|
2014-04-11 13:59:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
0776a43788
|
Use UTC to heck certificate validity
|
2014-04-11 13:59:31 +02:00 |
|
Paul Bakker
|
52c5af7d2d
|
Merge support for verifying the extendedKeyUsage extension in X.509
|
2014-04-11 13:58:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
78848375c0
|
Declare EC constants as 'const'
|
2014-04-11 13:58:41 +02:00 |
|
Paul Bakker
|
1630058dde
|
Potential buffer overwrite in pem_write_buffer() fixed
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
|
2014-04-11 13:58:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
0408fd1fbb
|
Add extendedKeyUsage checking in SSL modules
|
2014-04-11 11:09:09 +02:00 |
|
Manuel Pégourié-Gonnard
|
7afb8a0dca
|
Add x509_crt_check_extended_key_usage()
|
2014-04-11 11:09:00 +02:00 |
|
Paul Bakker
|
d6ad8e949b
|
Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C
|
2014-04-09 17:24:14 +02:00 |
|
Paul Bakker
|
a77de8c841
|
Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off
|
2014-04-09 16:39:35 +02:00 |
|
Paul Bakker
|
043a2e26d0
|
Merge verification of the keyUsage extension in X.509 certificates
|
2014-04-09 15:55:08 +02:00 |
|
Manuel Pégourié-Gonnard
|
a9db85df73
|
Add tests for keyUsage with client auth
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
490047cc44
|
Code cosmetics
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
312010e6e9
|
Factor common parent checking code
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
f93a3c4335
|
Check the CA bit on trusted CAs too
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
99d4f19111
|
Add keyUsage checking for CAs
|
2014-04-09 15:50:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
3fed0b3264
|
Factor some common code in x509_verify{,_child}
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
7f2a07d7b2
|
Check keyUsage in SSL client and server
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
603116c570
|
Add x509_crt_check_key_usage()
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
2abed84225
|
Specific return code for PK sig length mismatch
|
2014-04-09 15:50:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
35e95ddca4
|
Add special return code for ecdsa length mismatch
|
2014-04-09 15:49:59 +02:00 |
|
Paul Bakker
|
ddd427a8fc
|
Fixed spacing in entropy_gather()
|
2014-04-09 15:49:57 +02:00 |
|
Paul Bakker
|
75342a65e4
|
Fixed typos in code
|
2014-04-09 15:49:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
0f79babd4b
|
Disable timing_selftest() for now
|
2014-04-09 15:49:51 +02:00 |
|
Paul Bakker
|
17b85cbd69
|
Merged additional tests and improved code coverage
Conflicts:
ChangeLog
|
2014-04-08 14:38:48 +02:00 |
|
Paul Bakker
|
0763a401a7
|
Merged support for the ALPN extension
|
2014-04-08 14:37:12 +02:00 |
|
Paul Bakker
|
4224bc0a4f
|
Prevent potential NULL pointer dereference in ssl_read_record()
|
2014-04-08 14:36:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
8c045ef8e4
|
Fix embarrassing X.509 bug introduced in 9533765
|
2014-04-08 11:55:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
f6521de17b
|
Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
|
2014-04-07 12:42:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
89e35798ae
|
Implement ALPN server-side
|
2014-04-07 12:26:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b874dc580
|
Implement ALPN client-side
|
2014-04-07 10:57:45 +02:00 |
|
Manuel Pégourié-Gonnard
|
0148875cfc
|
Add tests and fix bugs for RSA-alt contexts
|
2014-04-04 17:46:46 +02:00 |
|