Paul Bakker
66d5d076f7
Fix formatting in various code to match spacing from coding style
2014-06-17 17:06:47 +02:00
Paul Bakker
d8bb82665e
Fix code styling for return statements
2014-06-17 14:06:49 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard
7792198a46
Normalize some error messages
2014-06-12 21:15:44 +02:00
Peter Vaskovic
c2bbac968b
Fix misplaced parenthesis.
2014-05-28 11:06:31 +02:00
Paul Bakker
b5212b436f
Merge CCM cipher mode and ciphersuites
...
Conflicts:
library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Manuel Pégourié-Gonnard
8ff17c544c
Add missing DEBUG_RET on cipher failures
2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard
61edffef28
Normalize "should never happen" messages/errors
2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard
2e5ee32033
Implement CCM and CCM_8 ciphersuites
2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard
5efd772ef0
Small readability improvement
2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard
de7bb44004
Use cipher_auth_{en,de}crypt() in ssl_tls.c
2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
8764d271fa
Use cipher_crypt() in ssl_tls.c
2014-05-14 14:10:36 +02:00
Paul Bakker
b9e4e2c97a
Fix formatting: fix some 'easy' > 80 length lines
2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
2014-05-01 13:03:14 +02:00
Paul Bakker
2a024ac86a
Merge dependency fixes
2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
1a1fbba1ae
Sanity length checks in ssl_read_record() and ssl_fetch_input()
...
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-04-30 14:48:51 +02:00
Manuel Pégourié-Gonnard
3a306b9067
Fix misplaced #endif in ssl_tls.c
2014-04-29 15:11:17 +02:00
Paul Bakker
61885c7f7f
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
...
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker
93389cc620
Remove const indicator
2014-04-17 14:44:38 +02:00
Manuel Pégourié-Gonnard
0408fd1fbb
Add extendedKeyUsage checking in SSL modules
2014-04-11 11:09:09 +02:00
Paul Bakker
d6ad8e949b
Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C
2014-04-09 17:24:14 +02:00
Paul Bakker
a77de8c841
Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off
2014-04-09 16:39:35 +02:00
Manuel Pégourié-Gonnard
a9db85df73
Add tests for keyUsage with client auth
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2
Check keyUsage in SSL client and server
2014-04-09 15:50:57 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f
Prevent potential NULL pointer dereference in ssl_read_record()
2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
7e250d4812
Add ALPN interface
2014-04-04 17:10:40 +02:00
Paul Bakker
77f4f39ea6
Make sure no random pointer occur during failed malloc()'s
2014-03-26 15:30:20 +01:00
Paul Bakker
91c61bc4fd
Further tightened the padlen check to prevent underflow / overflow
2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb
Fix possible buffer overflow with PSK
2014-03-26 12:58:50 +01:00
Paul Bakker
3d6504a935
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard
83cdffc437
Forbid sequence number wrapping
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff
Countermeasure against "triple handshake" attack
2014-03-13 19:25:06 +01:00
Paul Bakker
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
ab24010b54
Enforce our choice of allowed curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7f38ed0bfa
ssl_set_curves is no longer ECDHE only
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ac7194133e
Renamings and other fixes
2014-02-06 10:28:38 +01:00
Gergely Budai
e40c469ad3
The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85
Rename ecdh_curve_list to curve_list
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563
Make ssl_set_ecdh_curves() a compile-time option
2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b
Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7c59363a85
Remove a few dead stores
2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard
7cfdcb8c7f
Add a length check in ssl_derive_keys()
2014-01-22 12:56:22 +01:00
Paul Bakker
6992eb762c
Fixed potential overflow in certificate size in ssl_write_certificate()
2013-12-31 11:38:33 +01:00
Paul Bakker
956c9e063d
Reduced the input / output overhead with 200+ bytes and covered corner
...
case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Paul Bakker
1e5369c7fa
Variables in proper block or within proper defines in ssl_decrypt_buf()
2013-12-19 16:40:57 +01:00
Paul Bakker
fdf946928d
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
2013-12-17 13:10:27 +01:00
Paul Bakker
77e257e958
Fixed bad check for maximum size of fragment length index
2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f
Potential memory leak in ssl_ticket_keys_init()
2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
d18cc57962
Add client-side support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef
Fix SSLv3 handling of SHA-384 suites
...
Fixes memory corruption, introduced in
a5bdfcd
(Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Manuel Pégourié-Gonnard
dc953e8c41
Add missing defines/cases for RSA_PSK key exchange
2013-11-26 15:19:57 +01:00
Paul Bakker
08b028ff0f
Prevent unlikely NULL dereference
2013-11-19 10:42:37 +01:00
Paul Bakker
0333b978fa
Handshake key_cert should be set on first addition to the key_cert chain
2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185
Added defines around renegotiation code for SSL_SRV and SSL_CLI
2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7
Make ssl_renegotiate the only interface
...
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0
Allow ssl_renegotiate() to be called in a loop
...
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c
Fix misplaced initialisation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Paul Bakker
6edcd41c0a
Addition conditions for UEFI environment under MSVC
2013-10-29 15:44:13 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9
Fix bad error codes
2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
7109624aef
Skip MAC computation/check when GCM is used
2013-10-25 19:31:25 +02:00
Manuel Pégourié-Gonnard
8866591cc5
Don't special-case NULL cipher in ssl_tls.c
2013-10-25 18:42:44 +02:00
Manuel Pégourié-Gonnard
126a66f668
Simplify switching on mode in ssl_tls.c
2013-10-25 18:33:32 +02:00
Manuel Pégourié-Gonnard
8d01eea7af
Add Camellia-GCM ciphersuites
2013-10-25 16:46:05 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
0fae60bb71
Implement RSA-PSK key exchange
2013-10-14 19:34:48 +02:00
Paul Bakker
b9cfaa0c7f
Explicit conversions and minor changes to prevent MSVC compiler warnings
2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
bd1ae24449
Factor PSK pms computation to ssl_tls.c
2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00
Add support for ECDHE_PSK key exchange
2013-10-11 18:16:35 +02:00
Paul Bakker
beccd9f226
Explicit void pointer cast for buggy MS compiler
2013-10-11 15:20:27 +02:00
Paul Bakker
1677033bc8
TLS compression only allocates working buffer once
2013-10-11 09:59:44 +02:00
Paul Bakker
ca9c87ed2b
Removed possible cache-timing difference for pad check
2013-09-25 18:52:37 +02:00
Manuel Pégourié-Gonnard
8372454615
Rework SNI to fix memory issues
2013-09-24 22:30:56 +02:00
Manuel Pégourié-Gonnard
705fcca409
Adapt support for SNI to recent changes
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
d09453c88c
Check our ECDSA cert(s) against supported curves
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
f71e587c5e
Fix memory leak in ssl cipher usage
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52
Add support for multiple server certificates
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
834ea8587f
Change internal structs for multi-cert support
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
1a483833b3
SSL_TLS doesn't depend on PK any more
...
(But PK does depend on RSA or ECP.)
2013-09-20 12:29:15 +02:00
Paul Bakker
5ad403f5b5
Prepared for 1.3.0 RC0
2013-09-18 21:21:30 +02:00
Paul Bakker
6db455e6e3
PSK callback added to SSL server
2013-09-18 21:14:58 +02:00
Manuel Pégourié-Gonnard
a310459f5c
Fix a few things that broke with RSA compiled out
2013-09-18 15:37:44 +02:00
Paul Bakker
b6b0956631
Rm of memset instead of x509_crt_init()
2013-09-18 14:32:52 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
2292d1fad0
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
2013-09-15 17:06:49 +02:00
Manuel Pégourié-Gonnard
f7dc378ead
Make CBC an option, step 1: ssl ciphersuites
2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard
bfb355c33b
Fix memory leak on missed session reuse
2013-09-08 20:08:36 +02:00