Manuel Pégourié-Gonnard
f9c8a606b5
Merge commit '8b9bcec' into dtls
...
* commit '8b9bcec':
Stop assuming chars are signed
Fix len miscalculation in buffer-based allocator
Fix NULL dereference in buffer-based allocator
Add test_suite_memory_buffer_alloc
Add memory_buffer_alloc_self_test()
Fix missing bound check
Add test for ctr_drbg_update() input sanitizing
Refactor for clearer correctness/security
Stop assuming chars are signed
Conflicts:
library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker
5b8f7eaa3e
Merge new security defaults for programs (RC4 disabled, SSL3 disabled)
2015-01-14 16:26:54 +01:00
Paul Bakker
36adc3631c
Merge support for getrandom() call
2015-01-14 16:19:59 +01:00
Paul Bakker
c82b7e2003
Merge option to disable truncated hmac on the server-side
2015-01-14 16:16:55 +01:00
Paul Bakker
e522d0fa57
Merge smarter certificate selection for pre-TLS-1.2 clients
2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard
a852cf4833
Fix issue with non-blocking I/O & record splitting
2015-01-13 20:56:15 +01:00
Manuel Pégourié-Gonnard
d5746b36f9
Fix warning
2015-01-13 20:33:24 +01:00
Paul Bakker
f3561154ff
Merge support for 1/n-1 record splitting
2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
5dd28ea432
Fix len miscalculation in buffer-based allocator
2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
547ff6618f
Fix NULL dereference in buffer-based allocator
2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96
Add memory_buffer_alloc_self_test()
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
5cb4b31057
Fix missing bound check
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
352143fa1e
Refactor for clearer correctness/security
2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard
f3c500fe47
Fix bug on OS X (BSD?) in net_accept() for UDP
2015-01-12 19:02:15 +01:00
Manuel Pégourié-Gonnard
18292456c5
Add support for getrandom()
2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e
Specific error for suites in common but none good
2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
df331a55d2
Prefer SHA-1 certificates for pre-1.2 clients
2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard
6458e3b743
Some more refactoring/tuning.
2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard
846ba473af
Minor refactoring
2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard
cfa477ef2f
Allow disabling record splitting at runtime
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d76314c44c
Add 1/n-1 record splitting
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d94232389e
Skip signature_algorithms ext if PSK only
2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
eaecbd3ba8
Fix warning in reduced configs
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
837f0fe831
Make renego period configurable
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
b445805283
Auto-renegotiate before sequence number wrapping
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
6186019d5d
Save 48 bytes if SSLv3 is not defined
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
60346be2a3
Improve debugging message.
...
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
e423246e7f
Fix net_usleep for durations greater than 1 second
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
9439f93ea4
Use pk_load_file() in X509
...
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
2457fa0915
Create ticket keys only if enabled
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
d16d1cb96a
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
fd6c85c3eb
Set a compile-time limit to X.509 chain length
2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard
6ed2d92629
Make x509_crl_parse() iterative
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
426d4ae7ff
Split x509_crl_parse_der() out of x509_crl_parse()
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
8c9223df84
Add text view to debug_print_buf()
2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard
0975ad928d
Merge branch 'etm' into dtls
...
* etm:
Fix some more warnings in reduced configs
Fix typo causing MSVC errors
2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard
8e4b3374d7
Fix some more warnings in reduced configs
2014-11-17 15:06:13 +01:00
Manuel Pégourié-Gonnard
98aa19148c
Adjust warnings in different modes
2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard
e5b0fc1847
Make malloc-init script a bit happier
2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard
f631bbc1da
Make x509_string_cmp() iterative
2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
d681443f69
Fix potential stack overflow
2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
e959979621
Fix ECDSA sign buffer size
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
b31b61b9e8
Fix potential undefined behaviour in Camellia
2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard
7c13d69cb5
Fix dependency issues
2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard
a1efcb084f
Implement pk_check_pair() for RSA-alt
2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard
27e3edbe2c
Check key/cert pair in ssl_set_own_cert()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
70bdadf54b
Add pk_check_pair()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d
Add ecp_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
e10e06d863
Blind RSA operations even without CRT
2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard
d056ce0e3e
Use seq_num as AEAD nonce by default
2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
9d7821d774
Fix warning in reduced config
2014-11-06 01:19:52 +01:00
Manuel Pégourié-Gonnard
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
1a03473576
Keep EtM state across renegotiations
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
b575b54cb9
Forbid extended master secret with SSLv3
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
169dd6a514
Adjust minimum length for EtM
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
78e745fc0a
Don't send back EtM extension if not using CBC
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
08558e5b46
Fix for the RFC erratum
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
313d796e80
Implement EtM
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
0098e7dc70
Preparation for EtM
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
01b2699198
Implement FALLBACK_SCSV server-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
ada3030485
Implement extended master secret
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Paul Bakker
f2a459df05
Preparation for PolarSSL 1.4.0
2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
6b875fc7e5
Fix potential memory leak (from clang-analyzer)
2014-10-21 16:33:00 +02:00
Manuel Pégourié-Gonnard
df3acd82e2
Limit HelloRequest retransmission if not enforced
2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
26a4cf63ec
Add retransmission of HelloRequest
2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
74a1378175
Avoid false positive in ssl-opt.sh with memcheck
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
8e704f0f74
DTLS depends on TIMING_C for now
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
b0643d152d
Add ssl_set_dtls_badmac_limit()
2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
9b35f18f66
Add ssl_get_record_expansion()
2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
37e08e1689
Fix max_fragment_length with DTLS
2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
23cad339c4
Fail cleanly on unhandled case
2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard
fc572dd4f6
Retransmit only on last message from prev flight
...
Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion.
2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
8a7cf2543a
Add a few #ifdefs
2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
46fb942046
Fix warning about function that should be static
2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard
f1e9b09a0c
Fix missing #ifdef's
2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
4e2f245752
Fix timer issues
...
- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
df9a0a8460
Drop unexpected ApplicationData
...
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
2707430a4d
Fix types and comments about read_timeout
2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
6c1fa3a184
Fix misplaced initialisation of timeout
2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
c8d8e97cbd
Move to milliseconds in recv_timeout()
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
905dd2425c
Add ssl_set_handshake_timeout()
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
0ac247fd88
Implement timeout back-off (fixed range for now)
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
579950c2bb
Fix bug with non-blocking I/O and cookies
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
db2858ce96
Preparation for timers
...
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
08a1d4bce1
Fix bug with client auth with DTLS
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
23b7b703aa
Fix issue with renego & resend
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
f03c7aa469
Add replay detection in parse_client_hello()
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
8464a46b6b
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
b47368a00a
Add replay detection
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
7a7e140d4e
Add functions for replay protection
2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
ea22ce577e
Rm unneeded counter increment with DTLS
2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
abf16240dd
Add ability to resend last flight
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
cd32a50d67
Fix NewSesssionTicket vs ChangeCipherSpec bug
...
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
767c69561b
Drop out-of-sequence ChangeCipherSpec messages
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
93017de47e
Minor optim: don't resend on duplicated HVR
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
c715aed744
Fix epoch swapping
2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
6a2bdfaf73
Actually resend flights
2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
ffa67be698
Infrastructure for buffering & resending flights
2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
9d9b003a9a
Add net_recv_timeout()
2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
8fa6dfd560
Introduce f_recv_timeout callback
2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
e6bdc4497c
Merge I/O contexts into one
2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard
f4acfe1808
Document previous API changes in this branch
2014-10-21 16:32:23 +02:00
Manuel Pégourié-Gonnard
d92d6a1b5b
ssl_parse_server_key_exchange() cleanups
2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
5ee96546de
Add length checks in parse_certificate_verify()
2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
72226214b1
Merge checks in ssl_parse_certificate_verify()
2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
ca6440b246
Small cleanups in parse_finished()
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
624bcb5260
No memmove: done, rm temporary things
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
000d5aec13
No memmove: parse_new_session_ticket()
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
0b3400dafa
No memmove: ssl_parse_server_hello()
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
069eb79043
No memmove: ssl_parse_hello_verify_request()
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
04c1b4ece1
No memmove: certificate_request + server_hello_done
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f4830b5092
No memmove: ssl_parse_server_key_exchange()
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
4528f3f5c0
No memmove: parse_certificate_verify()
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
2114d724dc
No memmove: ssl_parse_client_key_exchange()
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
f49a7daa1a
No memmove: ssl_parse_certificate()
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
4abc32734e
No memmove: ssl_parse_finished()
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
4a1753657c
Fix missing return in error check
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
19d438f4ff
Get rid of memmove for DTLS in parse_client_hello()
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
167a37632d
Split two functions out of ssl_read_record()
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
990f9e428a
Handle late handshake messages gracefully
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
60ca5afaec
Drop records from wrong epoch
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
1aa586e41d
Check handshake message_seq field
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
9d1d7196e4
Check length before reading handshake header
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
d9ba0d96b6
Prepare for checking incoming handshake seqnum
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
ac03052f22
Fix segfault with some very short fragments
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
ed79a4bb14
Prepare for DTLS handshake reassembly
2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard
edcbe549fd
Reorder checks in ssl_read_record
2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard
0557bd5fa4
Fix message_seq with server-initiated renego
2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard
c392b240c4
Fix server-initiated renegotiation with DTLS
2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard
30d16eb429
Fix client-initiated renegotiation with DTLS
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
b35fe5638a
Fix HelloVerifyRequest version handling
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
562eb787ec
Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
bef8f09899
Make cookie timeout configurable
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
e90308178f
Add timestamp/serial to cookies, with timeout
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
445a1ec6cd
Change internal names
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
29ad7e8fc0
Add check for missing ssl_set_client_transport_id()
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
7d38d215b1
Allow disabling HelloVerifyRequest
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
e4de06145a
Fix cookie context usage
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d7f9bc5091
Refactor cookie to prepare for external callbacks
...
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
dd3cdb0fbc
Start using client IP in HelloVerifyRequest
...
Dummy fixed key for now.
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
43c021874d
Add ssl_set_client_transport_id()
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
fb2d22371f
Reuse random when responding to a verify request
2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
b760f001d7
Extract generate client random to a function
2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
2c9ee81f6e
Start adding srv support for hello verify request
...
Dummy fixed content for now.
Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
5d53cbef3a
Fix length check in ssl_write_ticket()
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
879a4f9623
Abort on DTLS epoch wrap
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
805e2300af
Fix error message and return code
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
b2f3be8757
Support multiple records in one datagram
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
34c1011b3d
Fix a few warnings in reduced configs
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
fe98aceb70
Adapt ssl_fetch_input() for UDP
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
d6b721c7ee
More ssl_parse_client_hello() adjustments
2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
4128aa71ee
Add the 'cookie' field of DTLS ClientHello
2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
8933a65d5c
Rework ssl_parse_client_hello() a bit
...
- make it more linear
- check lengths better
- prepare for optional "cookie" field
2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
e89bcf05da
Write new DTLS handshake fields correctly
2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard
ce441b3442
Add space for new DTLS fields in handshake
2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard
a59543af30
Minor refactoring in ssl_read_record()
2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard
f302fb52e1
Fix hmac computation for DTLS
2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
5afb167e2c
Implement DTLS epochs
2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
0619348288
Add explicit counter in DTLS record header
2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
507e1e410a
Prep: allow {in,out}_len != {in,out}_hdr + 3
2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
7ee6f0e6e5
Preparation: allow {in,out}_ctr != {in,out}_buf
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
b21ca2a69f
Adapt version-handling functions to DTLS
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
d66645130c
Add a ciphersuite NODTLS flag
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
0b1ff29328
Add basic flags for DTLS
2014-10-21 16:30:03 +02:00
Paul Bakker
82788fb63b
Fix minor style issues
2014-10-20 13:59:19 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard
ef9a6aec51
Allow comparing name with mismatched encodings
2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard
88421246d8
Rename a function
2014-10-17 12:42:30 +02:00
Manuel Pégourié-Gonnard
43c3b28ca6
Fix memory leak with crafted ClientHello
2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard
64938c63f0
Accept spaces at end of line/buffer in base64
2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard
7f4ed67a97
Fix compile error with armcc in mpi_is_prime()
2014-10-15 22:06:46 +02:00
Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard
480905d563
Fix selection of hash from sig_alg ClientHello ext.
2014-08-30 14:19:59 +02:00
Sander Niemeijer
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard
8ef7088bb9
Use polarssl_zeroize() in asn1parse too
2014-08-21 18:15:09 +02:00
Peter Vaskovic
a676acf66b
Fix missing curly braces.
2014-08-21 17:56:25 +02:00
Manuel Pégourié-Gonnard
a13500fdf7
Fix bug with ssl_close_notify and non-blocking I/O
2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
f07f421759
Fix server-initiated renego with non-blocking I/O
2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard
f26a1e8602
ssl_read() stops returning non-application data
2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard
55e4ff2ace
Tune comments
2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard
462906f955
Do no test net_usleep() when not defined
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
Alfred Klomp
b308dd72d9
timing.c: avoid referencing garbage value
...
Found with Clang's `scan-build` tool.
When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.
Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
2014-08-14 11:34:35 +02:00
Alfred Klomp
7ee55624fb
gcm.c: remove dead store
...
Found with Clang's `scan-build` tool.
The value written to `hi` is never used, resulting in a warning. Remove
the dead store to get rid of the warning.
2014-08-14 11:34:35 +02:00
Alfred Klomp
1b4eda3af9
pkcs5.c: fix dead store: return proper exit status
...
Found with Clang's `scan-build` tool.
The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d77eeeaf6
Fix integer suffix rejected by some MSVC versions
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9a6b442cee
Fix non-blocking sockets in net_accept()
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
a04fa4fa04
RSA-PSK key exchange requires TLS 1.x
...
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
2fbf311391
Fix dependency issue in memory_buffer_alloc
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
97884a31cb
Fix printf format warnings in memory_buffer_alloc
2014-08-14 11:34:33 +02:00
Manuel Pégourié-Gonnard
86bbc7fc30
Fix typo causing compile error with NULL cipher
2014-08-14 11:34:33 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
21e081b068
Prevent (incorrect) compiler warning
2014-07-24 10:38:01 +02:00
Paul Bakker
6c343d7d9a
Fix mpi_write_string() to write "00" as hex output for empty MPI
2014-07-10 15:27:10 +02:00
Paul Bakker
5b11d026cd
Fix dependencies and includes without FS_IO and PLATFORM_C
2014-07-10 15:27:10 +02:00
Manuel Pégourié-Gonnard
b196fc23b1
Fix dhm_selftest() return value
2014-07-09 16:53:29 +02:00
Paul Bakker
968afaa06f
ssl_key_cert not available in all configurations
2014-07-09 11:34:48 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
Paul Bakker
accaffe2c3
Restructure ssl_handshake_init() and small fixes
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
8f870b047c
Add dhm_init()
2014-07-09 10:19:23 +02:00
Paul Bakker
fff0366bba
Add ctr_drbg_free()
2014-07-09 10:19:23 +02:00
Paul Bakker
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
Paul Bakker
c7ea99af4f
Add _init() and _free() for cipher modules
2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard
d27680bd5e
Clarify code using PSK callback
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
0698f7c21a
Rm duplicate entry in oid_md_alg
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
14beb08542
Fix missing const
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
ba782bbc4b
Save some space in ECP curve tables
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
67dbe1ef44
Better length checking in ecp_point_read_binary()
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f
Change selection of hash algorithm for TLS 1.2
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
bd77254b18
md_list() starting with strongest hash
2014-07-08 13:03:02 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Paul Bakker
b9e08b086b
Merge server-side enforced renegotiation requests
2014-07-04 15:01:37 +02:00
Paul Bakker
d598318661
Fix base64_decode() to return and check length correctly
2014-07-04 15:01:00 +02:00
Manuel Pégourié-Gonnard
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
dfc7df0bec
Add SSL_CIPHERSUITES config option
2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard
a9964dbcd5
Add ssl_set_renegotiation_enforced()
2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard
791684c058
Save RAM when only a few ciphersuites are defined
2014-06-30 19:07:01 +02:00
Manuel Pégourié-Gonnard
31855456f9
Fix clang's check mode again
2014-06-25 15:59:50 +02:00
Manuel Pégourié-Gonnard
bee8ded03a
Fix warning depending on configuration
2014-06-25 12:22:59 +02:00
Manuel Pégourié-Gonnard
01edb1044c
Add POLARSSL_REMOVE_RC4_CIPHERSUITES
2014-06-25 11:27:59 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dd0c0f33c0
Better usage of dhm_calc_secret in SSL
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
8df68632e8
Fix bug in DHE-PSK PMS computation
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5c1f032653
Abort handshake if no point format in common
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579
Fix off-by-one error in point format parsing
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
87a8ffeaba
Padlock asm using \n\t too
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
0534fd4c1a
Change asm format to \n\t in aesni.c too
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
03576887c2
Remove misplaced debugging message
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
42b5374523
Switch CCM and GCM in default suite order
...
The upcoming BCP document recommends GCM as the default.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a
Restore ability to trust non-CA selfsigned EE cert
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516
Restore ability to use v1 CA if trusted locally
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
eaa76f7e20
Fix computation of minlen for encrypted packets
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
e800cd81d7
Re-arrange some code in ssl_derive_keys()
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
b46e6adb9c
Check input lengths in GCM
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0bcc4e1df7
Fix length checking for AEAD ciphersuites
2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard
66e20c6318
Fix warning and typo->error.
2014-06-24 17:47:40 +02:00
Manuel Pégourié-Gonnard
ac2ccf897c
Fix CCM ciphersuites definition: PSK <-> DHE-PSK!
2014-06-24 15:48:01 +02:00
Manuel Pégourié-Gonnard
8f625632bb
Fix dependencies: GCM != AEAD != CCM
2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard
5bfd968e01
Fix warning with TLS 1.2 without RSA or ECDSA
2014-06-24 15:18:11 +02:00
Paul Bakker
1c98ff96b5
Merge more test improvements and tests
...
Conflicts:
tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Paul Bakker
91c301abbe
Zeroize values in PKCS#12 operations
2014-06-24 11:09:39 +02:00
Manuel Pégourié-Gonnard
398c57b0b3
Blowfish accepts variable key len in cipher layer
2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard
f3b47243df
Split x509_csr_parse_der() out of x509_csr_parse()
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
4d2a8eb6ff
SSL modules now using x509_crt_parse_der()
...
Avoid uselessly trying to decode PEM.
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
b912616081
Rm unused functions in cipher_wrap
...
You can't initialise a context with DES_CFB or DES_CTR.
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
1c082f34f3
Update description and references for X.509 files
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
edc3ab20e2
Small cleanup: less side-effects
...
pkcs5_parse_pbkdf2_params() used to modify params.p, which does not look
clean, even if the function is static and params.p isn't use afterwards.
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
90dac90f53
Small code simplification in pkcs5_pbes2()
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
66aca931bc
Add tests for pkcs5_pbes2
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
2a8afa98e2
pkcs5_self_test depends on SHA1
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
f3e5c22f4d
Refactor x509_string_to_names(): data in a table
2014-06-23 11:52:58 +02:00
Manuel Pégourié-Gonnard
81754a0c35
Create a 'flags' field in cipher_info
2014-06-23 11:33:18 +02:00
Paul Bakker
66d5d076f7
Fix formatting in various code to match spacing from coding style
2014-06-17 17:06:47 +02:00
Paul Bakker
db20c10423
Add #endif comments for #endif more than 10 lines from #if / #else
2014-06-17 14:34:44 +02:00
Paul Bakker
d8bb82665e
Fix code styling for return statements
2014-06-17 14:06:49 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Paul Bakker
14877e6250
Remove unused 'ret' variable
2014-06-12 23:01:18 +02:00