BearSSL
2 years agoFixed documentation (new include file for AEAD). v0.5
Thomas Pornin [Sun, 30 Jul 2017 21:26:06 +0000 (23:26 +0200)]
Fixed documentation (new include file for AEAD).

2 years agoAdded Twrch support.
Thomas Pornin [Sun, 30 Jul 2017 21:11:26 +0000 (23:11 +0200)]
Added Twrch support.

2 years agoFixed br_ssl_session_cache_lru_forget().
Thomas Pornin [Sun, 30 Jul 2017 18:11:45 +0000 (14:11 -0400)]
Fixed br_ssl_session_cache_lru_forget().

2 years agoAdded name for new ChaCha20 implementation.
Thomas Pornin [Wed, 26 Jul 2017 14:03:32 +0000 (16:03 +0200)]
Added name for new ChaCha20 implementation.

2 years agoAdded ChaCha20 implementation with SSE2 opcodes.
Thomas Pornin [Wed, 26 Jul 2017 13:58:01 +0000 (15:58 +0200)]
Added ChaCha20 implementation with SSE2 opcodes.

2 years agoAdded function to forget saved session parameters (for tests).
Thomas Pornin [Wed, 26 Jul 2017 13:52:38 +0000 (15:52 +0200)]
Added function to forget saved session parameters (for tests).

2 years agoAdded general-purpose API for AEAD algorithms, and GCM implementation.
Thomas Pornin [Mon, 17 Jul 2017 15:22:46 +0000 (17:22 +0200)]
Added general-purpose API for AEAD algorithms, and GCM implementation.

2 years agoFixed behaviour in case of rejected renegotiation.
Thomas Pornin [Sat, 15 Jul 2017 04:14:55 +0000 (06:14 +0200)]
Fixed behaviour in case of rejected renegotiation.

2 years agoFixed selection of ECDHE_RSA suites for pre-1.2 TLS versions.
Thomas Pornin [Thu, 6 Jul 2017 22:49:58 +0000 (00:49 +0200)]
Fixed selection of ECDHE_RSA suites for pre-1.2 TLS versions.

2 years agoAdded implementation of keying material export (RFC 5705) (API for PRF implementation...
Thomas Pornin [Tue, 4 Jul 2017 18:43:39 +0000 (20:43 +0200)]
Added implementation of keying material export (RFC 5705) (API for PRF implementations changed, to handle chunked seeds).

2 years agoFixed modular reduction bug in the special field for P-256 (in some rare cases, value...
Thomas Pornin [Fri, 23 Jun 2017 22:31:09 +0000 (00:31 +0200)]
Fixed modular reduction bug in the special field for P-256 (in some rare cases, value would end up being negative, which would corrupt subsequent operations).

2 years agoFixed mishandling of tree structure in the cache for session parameters.
Thomas Pornin [Fri, 23 Jun 2017 22:29:41 +0000 (00:29 +0200)]
Fixed mishandling of tree structure in the cache for session parameters.

2 years agoAdded an explicit initialisation to a stack buffer to prevent an (harmless) uninitial...
Thomas Pornin [Thu, 22 Jun 2017 21:15:17 +0000 (23:15 +0200)]
Added an explicit initialisation to a stack buffer to prevent an (harmless) uninitialised read reported by valgrind.

2 years agoFixed IV processing for CBC decryption with AES (x86ni implementation) when data...
Thomas Pornin [Thu, 22 Jun 2017 19:13:15 +0000 (21:13 +0200)]
Fixed IV processing for CBC decryption with AES (x86ni implementation) when data length is not multiple of 64 bytes (the bug was breaking TLS 1.0 AES/CBC on recent x86 systems).

2 years agoAdded encoded OID for hash functions (for use with PKCS#1 v1.5 signatures) into the...
Thomas Pornin [Wed, 21 Jun 2017 13:19:32 +0000 (15:19 +0200)]
Added encoded OID for hash functions (for use with PKCS#1 v1.5 signatures) into the public API.

2 years agoFixed proper handling of clients with no "secure renegotiation" support.
Thomas Pornin [Sun, 18 Jun 2017 21:53:17 +0000 (23:53 +0200)]
Fixed proper handling of clients with no "secure renegotiation" support.

2 years agoFixed handling of incoming application data after sending a close_notify (data shall...
Thomas Pornin [Thu, 15 Jun 2017 14:57:37 +0000 (16:57 +0200)]
Fixed handling of incoming application data after sending a close_notify (data shall be discarded silently, not trigger an error). Also fixed a couple of bugs in the command-line test tool.

2 years agoAdded minimal support of Certificate Policies extension (ability to ignore its conten...
Thomas Pornin [Sun, 11 Jun 2017 01:49:02 +0000 (03:49 +0200)]
Added minimal support of Certificate Policies extension (ability to ignore its contents even if marked critical, in situations where it's safe to do that).

2 years agoSmall fix on sample server code (displaying of IPv6 addresses).
Thomas Pornin [Wed, 7 Jun 2017 22:51:55 +0000 (00:51 +0200)]
Small fix on sample server code (displaying of IPv6 addresses).

2 years agoWorkaround for compiler bug (GCC 4.8 and 4.9 when targetting 32-bit x86).
Thomas Pornin [Mon, 17 Apr 2017 13:36:06 +0000 (13:36 +0000)]
Workaround for compiler bug (GCC 4.8 and 4.9 when targetting 32-bit x86).

2 years agoWhen using Clang, use it also for linking (compatibility with core FreeBSD systems).
Thomas Pornin [Fri, 14 Apr 2017 20:32:29 +0000 (22:32 +0200)]
When using Clang, use it also for linking (compatibility with core FreeBSD systems).

2 years agoMade headers compatible with C++.
Thomas Pornin [Wed, 5 Apr 2017 23:03:54 +0000 (01:03 +0200)]
Made headers compatible with C++.

2 years agoDocumentation fixes. v0.4
Thomas Pornin [Mon, 3 Apr 2017 19:38:47 +0000 (21:38 +0200)]
Documentation fixes.

2 years agoSmall patch to allow compilation on old systems that predate the IPV6_V6ONLY option...
Thomas Pornin [Sat, 1 Apr 2017 18:17:09 +0000 (20:17 +0200)]
Small patch to allow compilation on old systems that predate the IPV6_V6ONLY option (Debian 2.2 "potato").

2 years agoSmall improvement to tolerate PEM files missing the terminating newline in the brssl...
Thomas Pornin [Sun, 19 Mar 2017 19:46:16 +0000 (20:46 +0100)]
Small improvement to tolerate PEM files missing the terminating newline in the brssl command-line tool.

2 years agoFixed typo in C preprocessor expression.
Thomas Pornin [Sun, 19 Mar 2017 19:08:29 +0000 (20:08 +0100)]
Fixed typo in C preprocessor expression.

2 years agoNew "i62" code for big integers with 64x64->128 opcodes; also improved "i31" modular...
Thomas Pornin [Sun, 19 Mar 2017 18:55:11 +0000 (14:55 -0400)]
New "i62" code for big integers with 64x64->128 opcodes; also improved "i31" modular exponentiation.

2 years agoOptimised code for encoding/decoding integers when the underlying architecture has...
Thomas Pornin [Sat, 18 Mar 2017 17:07:36 +0000 (18:07 +0100)]
Optimised code for encoding/decoding integers when the underlying architecture has the right endianness and allows unaligned accesses.

2 years agoAdded "ctmulq" implementation of Poly1305 (using 64->128 multiplications when available).
Thomas Pornin [Sat, 18 Mar 2017 15:46:00 +0000 (16:46 +0100)]
Added "ctmulq" implementation of Poly1305 (using 64->128 multiplications when available).

2 years agoFixed compilation for GCC 4.4 to 4.8 (AES-NI opcodes; intrinsics headers require...
Thomas Pornin [Thu, 9 Mar 2017 20:13:23 +0000 (20:13 +0000)]
Fixed compilation for GCC 4.4 to 4.8 (AES-NI opcodes; intrinsics headers require target options to be set).

3 years agoImproved GHASH pclmul implementation (parallel processing of four blocks, +70% speed).
Thomas Pornin [Wed, 15 Feb 2017 20:49:28 +0000 (21:49 +0100)]
Improved GHASH pclmul implementation (parallel processing of four blocks, +70% speed).

3 years agoNew AES and GHASH implementations using POWER8 crypto opcodes.
Thomas Pornin [Wed, 15 Feb 2017 14:08:37 +0000 (14:08 +0000)]
New AES and GHASH implementations using POWER8 crypto opcodes.

3 years agoCosmetic fixes in comments.
Thomas Pornin [Sun, 29 Jan 2017 23:32:21 +0000 (00:32 +0100)]
Cosmetic fixes in comments.

3 years agoAdded AES+GHASH implementation using AES-NI opcodes; also ARM-Thumb assembly for...
Thomas Pornin [Sun, 29 Jan 2017 20:46:33 +0000 (21:46 +0100)]
Added AES+GHASH implementation using AES-NI opcodes; also ARM-Thumb assembly for faster Montgomery multiplication on Cortex-M0+. Added selection functions for "default" implementations.

3 years agoImproved modular exponentiation (automatic window optimisation if there is enough...
Thomas Pornin [Tue, 24 Jan 2017 18:35:04 +0000 (19:35 +0100)]
Improved modular exponentiation (automatic window optimisation if there is enough room).

3 years agoSlight speed improvement for Curve25519 (m15 implementation on Cortex-M0+).
Thomas Pornin [Mon, 23 Jan 2017 18:54:16 +0000 (19:54 +0100)]
Slight speed improvement for Curve25519 (m15 implementation on Cortex-M0+).

3 years agoNew Makefile structure; added compatibility with Windows + Visual C + nmake.
Thomas Pornin [Sun, 22 Jan 2017 19:00:29 +0000 (20:00 +0100)]
New Makefile structure; added compatibility with Windows + Visual C + nmake.

3 years agoSome cleanups (removed unused files, split i15 code into per-function files).
Thomas Pornin [Mon, 16 Jan 2017 19:19:11 +0000 (20:19 +0100)]
Some cleanups (removed unused files, split i15 code into per-function files).

3 years agoAdded optimised implementation of P-256 that uses 32->64 multiplications (MUL31).
Thomas Pornin [Mon, 16 Jan 2017 17:04:40 +0000 (18:04 +0100)]
Added optimised implementation of P-256 that uses 32->64 multiplications (MUL31).

3 years agoTwo new Curve25519 implementations (generic "i31" code, and optimised code with MUL31).
Thomas Pornin [Sun, 15 Jan 2017 22:16:18 +0000 (23:16 +0100)]
Two new Curve25519 implementations (generic "i31" code, and optimised code with MUL31).

3 years agoActivated Curve25519 support for ECDHE cipher suites.
Thomas Pornin [Sun, 15 Jan 2017 19:40:24 +0000 (20:40 +0100)]
Activated Curve25519 support for ECDHE cipher suites.

3 years agoNew implementation of Curve25519 (using multiplications of words of 15 bits or so...
Thomas Pornin [Sun, 15 Jan 2017 15:49:58 +0000 (16:49 +0100)]
New implementation of Curve25519 (using multiplications of words of 15 bits or so, should be much faster on Cortex M0).

3 years agoNew basic implementation of Curve25519 (generic i15 code, experimental).
Thomas Pornin [Sun, 15 Jan 2017 02:32:13 +0000 (03:32 +0100)]
New basic implementation of Curve25519 (generic i15 code, experimental).

3 years agoAdded API for external hashing of ServerKeyExchange, and signature algorithm identifi...
Thomas Pornin [Fri, 13 Jan 2017 20:46:28 +0000 (21:46 +0100)]
Added API for external hashing of ServerKeyExchange, and signature algorithm identifiers in the 0x080* format (preparatory steps for EdDSA support).

3 years agoMore optimisations for EC P-256 "i15" (specialised squaring function, mixed coordinat...
Thomas Pornin [Fri, 13 Jan 2017 04:10:43 +0000 (05:10 +0100)]
More optimisations for EC P-256 "i15" (specialised squaring function, mixed coordinates addition with a 4-bit window when the base point is the conventional generator).

3 years agoImproved performance on dedicated P-256/i15 EC implementation.
Thomas Pornin [Thu, 12 Jan 2017 20:53:31 +0000 (21:53 +0100)]
Improved performance on dedicated P-256/i15 EC implementation.

3 years agoSimple grammar fix in header.
Thomas Pornin [Thu, 12 Jan 2017 20:52:59 +0000 (21:52 +0100)]
Simple grammar fix in header.

3 years agoFixed wrong check on length overflow (unsigned/signed issue).
Thomas Pornin [Mon, 9 Jan 2017 15:48:52 +0000 (16:48 +0100)]
Fixed wrong check on length overflow (unsigned/signed issue).

3 years agoTwo new Poly1305 implementations: ctmul32 uses pure 32-bit multiplications (MUL15...
Thomas Pornin [Thu, 5 Jan 2017 18:47:00 +0000 (19:47 +0100)]
Two new Poly1305 implementations: ctmul32 uses pure 32-bit multiplications (MUL15, constant-time on about everything); i15 uses the generic i15 big integers (MUL15 again), which is quite slow but also small.

3 years agoNew "i15" implementation of big integers (faster, and constant-time, on ARM Cortex...
Thomas Pornin [Wed, 4 Jan 2017 18:21:09 +0000 (19:21 +0100)]
New "i15" implementation of big integers (faster, and constant-time, on ARM Cortex M0/M0+); imported into EC, ECDSA, RSA.

3 years agoNew experimental EC implementation (P-256, only 32-bit multiplications, meant for...
Thomas Pornin [Mon, 2 Jan 2017 21:19:49 +0000 (22:19 +0100)]
New experimental EC implementation (P-256, only 32-bit multiplications, meant for Cortex-M0/M0+).

3 years agoFixed RSA "i32" PKCS#1 v1.5 signature generation.
Thomas Pornin [Sat, 31 Dec 2016 15:19:12 +0000 (16:19 +0100)]
Fixed RSA "i32" PKCS#1 v1.5 signature generation.

3 years agoNew simplified initialisation function for X.509 minimal engine.
Thomas Pornin [Thu, 29 Dec 2016 22:11:46 +0000 (23:11 +0100)]
New simplified initialisation function for X.509 minimal engine.

3 years agoAdded ALPN support (client and server).
Thomas Pornin [Wed, 28 Dec 2016 13:11:51 +0000 (14:11 +0100)]
Added ALPN support (client and server).

3 years agoFixed scheduling error (jumping back to failed engine, could lead to segfault).
Thomas Pornin [Sat, 24 Dec 2016 02:20:03 +0000 (03:20 +0100)]
Fixed scheduling error (jumping back to failed engine, could lead to segfault).

3 years agoAdded speed benchmark for Poly1305.
Thomas Pornin [Sat, 24 Dec 2016 02:19:29 +0000 (03:19 +0100)]
Added speed benchmark for Poly1305.

3 years agoFixed definition of function (wrong name).
Thomas Pornin [Thu, 22 Dec 2016 16:01:02 +0000 (17:01 +0100)]
Fixed definition of function (wrong name).

3 years agoFixed description of TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 in the command-line...
Thomas Pornin [Thu, 15 Dec 2016 00:10:52 +0000 (01:10 +0100)]
Fixed description of TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 in the command-line tool.

3 years agoAdded ChaCha20+Poly1305 support (stand-alone, cipher suites).
Thomas Pornin [Tue, 13 Dec 2016 19:01:19 +0000 (20:01 +0100)]
Added ChaCha20+Poly1305 support (stand-alone, cipher suites).

3 years agoAdded certificate name extraction API (from subject DN and SAN extension).
Thomas Pornin [Mon, 12 Dec 2016 19:45:06 +0000 (20:45 +0100)]
Added certificate name extraction API (from subject DN and SAN extension).

3 years agoOptimised T0 generated code: when possible (at most 256 words), word calls are encode...
Thomas Pornin [Mon, 12 Dec 2016 18:58:49 +0000 (19:58 +0100)]
Optimised T0 generated code: when possible (at most 256 words), word calls are encoded over one byte, even in the 128..255 range.

3 years agoAdded support for client certificates (both client-side and server-side, but still...
Thomas Pornin [Sat, 10 Dec 2016 16:35:06 +0000 (17:35 +0100)]
Added support for client certificates (both client-side and server-side, but still missing an API for extracting the client identity from the certificate).

3 years agoSmall documentation fixes.
Thomas Pornin [Wed, 30 Nov 2016 01:25:14 +0000 (02:25 +0100)]
Small documentation fixes.

3 years agoFixed buffer overrun (read only, usually harmless, but sloppy nonetheless).
Thomas Pornin [Tue, 29 Nov 2016 15:03:49 +0000 (16:03 +0100)]
Fixed buffer overrun (read only, usually harmless, but sloppy nonetheless).

3 years agoMore Doxygen-compatible documentation (SSL API).
Thomas Pornin [Wed, 23 Nov 2016 15:59:44 +0000 (16:59 +0100)]
More Doxygen-compatible documentation (SSL API).

3 years agoSome more Doxygen API documentation (X.509 processing).
Thomas Pornin [Tue, 22 Nov 2016 01:41:34 +0000 (02:41 +0100)]
Some more Doxygen API documentation (X.509 processing).

3 years agoMore API documentation (Doxygen format) for EC code.
Thomas Pornin [Mon, 21 Nov 2016 19:12:11 +0000 (20:12 +0100)]
More API documentation (Doxygen format) for EC code.

3 years agoFixed buffer overflow, and also NULL pointer dereference, in ECDSA signature handling.
Thomas Pornin [Mon, 21 Nov 2016 19:11:21 +0000 (20:11 +0100)]
Fixed buffer overflow, and also NULL pointer dereference, in ECDSA signature handling.

3 years agoMore API documentation in Doxygen format (block ciphers, PEM).
Thomas Pornin [Mon, 21 Nov 2016 15:29:51 +0000 (16:29 +0100)]
More API documentation in Doxygen format (block ciphers, PEM).

3 years agoFixed handling of CR+LF line endings in PEM objects.
Thomas Pornin [Mon, 21 Nov 2016 15:04:26 +0000 (16:04 +0100)]
Fixed handling of CR+LF line endings in PEM objects.

3 years agoAdded API to save and restore session parameters (for controllable session resumption...
Thomas Pornin [Sun, 20 Nov 2016 19:14:48 +0000 (20:14 +0100)]
Added API to save and restore session parameters (for controllable session resumption on the client side).

3 years agoAdded flag to prohibit renegotiations.
Thomas Pornin [Sun, 20 Nov 2016 17:50:37 +0000 (18:50 +0100)]
Added flag to prohibit renegotiations.

3 years agoSIGPIPE shall be ignored in most network-related cases.
Thomas Pornin [Sun, 20 Nov 2016 15:23:00 +0000 (16:23 +0100)]
SIGPIPE shall be ignored in most network-related cases.

3 years agoAdded support for TLS_FALLBACK_SCSV.
Thomas Pornin [Sun, 20 Nov 2016 15:14:48 +0000 (16:14 +0100)]
Added support for TLS_FALLBACK_SCSV.

3 years agoMore Doxygen documentation.
Thomas Pornin [Sat, 19 Nov 2016 22:55:44 +0000 (23:55 +0100)]
More Doxygen documentation.

3 years agoMore Doxygen-compatible documentation. Also unified two identical structures.
Thomas Pornin [Sat, 19 Nov 2016 18:05:08 +0000 (19:05 +0100)]
More Doxygen-compatible documentation. Also unified two identical structures.

3 years agoAdded support for ClientHello padding (RFC 7685) and fixed buffering bug.
Thomas Pornin [Fri, 18 Nov 2016 17:03:06 +0000 (18:03 +0100)]
Added support for ClientHello padding (RFC 7685) and fixed buffering bug.

3 years agoAdded some comments.
Thomas Pornin [Thu, 17 Nov 2016 02:20:52 +0000 (03:20 +0100)]
Added some comments.

3 years agoAdded Doxygen configuration file, and converted bearssl_hash.h file to Doxygen format.
Thomas Pornin [Thu, 17 Nov 2016 01:59:53 +0000 (02:59 +0100)]
Added Doxygen configuration file, and converted bearssl_hash.h file to Doxygen format.

3 years agoMoved address-to-string translation code to blocks that depend on the 'verbose' flag.
Thomas Pornin [Sat, 12 Nov 2016 15:49:27 +0000 (16:49 +0100)]
Moved address-to-string translation code to blocks that depend on the 'verbose' flag.

3 years agoFixed error reporting in case of PEM encoding error when decoding certificates.
Thomas Pornin [Sat, 12 Nov 2016 14:58:57 +0000 (15:58 +0100)]
Fixed error reporting in case of PEM encoding error when decoding certificates.

3 years agoBetter handling of inet_ntop() failures (which should not happen in practice, since...
Thomas Pornin [Sat, 12 Nov 2016 14:30:47 +0000 (15:30 +0100)]
Better handling of inet_ntop() failures (which should not happen in practice, since we filter on address family, but let's be cautious).

3 years agoImproved parsing of some integer arguments (sizes).
Thomas Pornin [Sat, 12 Nov 2016 14:23:43 +0000 (15:23 +0100)]
Improved parsing of some integer arguments (sizes).

3 years agoFixed displaying of IPv6 addresses.
Thomas Pornin [Sat, 12 Nov 2016 13:43:05 +0000 (14:43 +0100)]
Fixed displaying of IPv6 addresses.

3 years agoRemoved unreachable code.
Thomas Pornin [Sat, 12 Nov 2016 13:40:03 +0000 (14:40 +0100)]
Removed unreachable code.

3 years agoNo need to check for NULL, free_private_key() already does that.
Thomas Pornin [Wed, 9 Nov 2016 20:00:11 +0000 (21:00 +0100)]
No need to check for NULL, free_private_key() already does that.

3 years agoRemoved needless variable shadowing (suggested by Doug Hogan).
Thomas Pornin [Wed, 9 Nov 2016 18:58:17 +0000 (19:58 +0100)]
Removed needless variable shadowing (suggested by Doug Hogan).

3 years agoAdded .gitignore file (suggested by Doug Hogan).
Thomas Pornin [Wed, 9 Nov 2016 18:33:59 +0000 (19:33 +0100)]
Added .gitignore file (suggested by Doug Hogan).

3 years agoFixed some small bugs.
Thomas Pornin [Sat, 5 Nov 2016 01:29:18 +0000 (21:29 -0400)]
Fixed some small bugs.

3 years agoInitial import.
Thomas Pornin [Wed, 2 Nov 2016 23:01:13 +0000 (19:01 -0400)]
Initial import.