Commit Graph

486 Commits

Author SHA1 Message Date
Simon Butcher
204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
Manuel Pégourié-Gonnard
5c2a7ca989 Fix warning in some reduced configs 2015-10-23 08:48:41 +02:00
Manuel Pégourié-Gonnard
e5f3072aed Fix #ifdef inconsistency
fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.
2015-10-23 08:40:23 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard
5674a9797a Fix compilers warnings in reduced configs 2015-10-19 15:14:03 +02:00
Robert Cragie
ae8535db38 Changed defs. back to MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 2015-10-06 17:11:18 +01:00
Robert Cragie
39a60de410 Correct overwritten fixes 2015-10-02 13:57:59 +01:00
Robert Cragie
136884c29b Use MBEDTLS_ECJPAKE_C def. for correct conditional compilation 2015-10-02 13:34:31 +01:00
Simon Butcher
5624ec824e Reordered TLS extension fields in client
Session ticket placed at end
2015-09-29 01:06:06 +01:00
Simon Butcher
04799a4274 Fixed copy and paste error
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Simon Butcher
0fc94e9f83 Revised bounds checking on TLS extensions
Revisions following review feedback
2015-09-28 20:52:04 +01:00
Simon Butcher
ed9976634f Added bounds checking for TLS extensions
IOTSSL-478 - Added checks to prevent buffer overflows.
2015-09-28 02:14:30 +01:00
Manuel Pégourié-Gonnard
faee44ded1 Avoid false positives in bounds check
The size of the buffer already accounts for the extra data before the actual
message, so the allowed length is SSL_MAX_CONTENT_LEN starting from _msg
2015-09-24 22:19:58 +02:00
Manuel Pégourié-Gonnard
d0d8cb36a4 Cache ClientHello extension
This extension is quite costly to generate, and we don't want to re-do it
again when the server performs a DTLS HelloVerify. So, cache the result the
first time and re-use if/when we build a new ClientHello.

Note: re-send due to timeouts are different, as the whole message is cached
already, so they don't need any special support.
2015-09-17 14:16:30 +02:00
Manuel Pégourié-Gonnard
0f1660ab4f Implement key exchange messages and PMS derivation
This completes the first working version. No interop testing done yet.
2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard
25dbeb002d Skip certificate-related messages with ECJPAKE 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
0a1324aaa1 Add client-side extension parsing 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
60884a1597 Improve debug formatting of ciphersuites 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
eef142d753 Depend on ECJPAKE key exchange, not module
This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.

Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.)
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
ddf97a6c92 Skip ECJPAKE suite in ClientHello if no pw set up
When we don't have a password, we want to skip the costly process of
generating the extension. So for consistency don't offer the ciphersuite
without the extension.
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
557535d8c4 Add ECJPAKE key exchange 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
294139b57a Add client extension writing 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard
f472179d44 Adjust dependencies for EC extensions
The Thread spec says we need those for EC J-PAKE too.
However, we won't be using the information, so we can skip the parsing
functions in an EC J-PAKE only config; keep the writing functions in order to
comply with the spec.
2015-09-15 18:22:00 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d Fix possible client crash on API misuse 2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
c6b5d833ec Fix handling of long PSK identities
fixes #238
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654 Fix bug with extension-less ServerHello
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
b4b19f395f Add a debug message 2015-07-07 11:41:21 +02:00
Manuel Pégourié-Gonnard
636741b176 Remove obsolete hacks for uin32_t
We now require support for stdint.h from the compiler.
2015-07-01 17:13:05 +02:00
Manuel Pégourié-Gonnard
dba460f2f3 Add SSL "assertion" to help static analysis 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
1cf7b30dc8 Rewrite test to make Coverity happier
With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code.
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
19389753c8 Avoid dead stores (makes scan-build happier) 2015-06-23 13:46:44 +02:00
Manuel Pégourié-Gonnard
9386664543 Move from inttypes.h to stdint.h
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard
12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard
7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard
36a8b575a9 Create API for mbedtls_ssl_conf_sig_hashes().
Not implemented yet.
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
9d412d872c Small internal changes in curve checking
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard
b541da6ef3 Fix define for ssl_conf_curves()
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bd990d6629 Add ssl_conf_dhm_min_bitlen() 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98 Remove references to malloc in strings/names 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
66dc5555f0 mbedtls_ssl_conf_arc4_support() depends on ARC4_C 2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard
1897af9e93 Make conf const inside ssl_context (finally) 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
750e4d7769 Move ssl_set_rng() to act on config 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
ba26c24769 Change how hostname is stored internally 2015-05-07 10:19:14 +01:00
Manuel Pégourié-Gonnard
684b0592cb Move ssl_set_fallback() to work on conf
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
7ca4e4dc79 Move things to conf substructure
A simple series of sed invocations.

This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
07ec1ddd10 Fix bug with ssl_set_curves() check on client 2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard
abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281 Make hmac_ctx optional
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
ca878dbaa5 Make md_info_t an opaque structure
- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
  negligible
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
a78b218042 Fix contness of debug_print_buf() 2015-03-19 17:16:11 +00:00
Manuel Pégourié-Gonnard
852a6d3d8f Rename ssl.renegotiation to ssl.renego_status 2015-03-19 16:15:20 +00:00
Manuel Pégourié-Gonnard
d2b35ec3d3 Fix bug in no-renego option 2015-03-10 11:40:43 +00:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
ed99d70309 Rename macro to avoid possible future collision 2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard
2f5a1b4e55 Rename SSL_RENEGOTIATION macro
- new name is more explicit
- avoids collision with POLARSSL_SSL_RENEGOTIATION config flag when prefixing
  will be applied
2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard
998897be3d Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Rename website and repository
  Move private macro from header to C file
  Add some missing 'static' on a few objects
  Fix whitespace issues
  Minor portability fix in benchmark
2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard
d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00
Rich Evans
00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard
2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
df6411d8d8 Merge branch 'development' into dtls
* development:
  Fix website url to use https.
  Remove maintainer line.
  Remove redundant "all rights reserved"
2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
3a173f497b Merge branch 'development' into dtls
* development:
  Fix error code description.
  generate_errors.pl now errors on duplicate codes
  Avoid nested if's without braces.
  Move renego SCSV after actual ciphersuites
  Fix send_close_notify usage.
  Rename variable for clarity
  Improve script portability

Conflicts:
	library/ssl_srv.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard
59c6f2ef21 Avoid nested if's without braces.
Creates a potential for confusing code if we later want to add an else clause.
2015-01-22 11:06:40 +00:00
Manuel Pégourié-Gonnard
5d9cde25da Move renego SCSV after actual ciphersuites 2015-01-22 10:49:41 +00:00
Manuel Pégourié-Gonnard
67505bf9e8 Merge branch 'development' into dtls
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
0af1ba3521 Merge commit 'f6080b8' into dtls
* commit 'f6080b8':
  Fix warning in reduced configs
  Adapt to "negative" switch for renego
  Add tests for periodic renegotiation
  Make renego period configurable
  Auto-renegotiate before sequence number wrapping
  Update Changelog for compile-option renegotiation
  Switch from an enable to a disable flag
  Save 48 bytes if SSLv3 is not defined
  Make renegotiation a compile-time option
  Add tests for renego security enforcement

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker
f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
eaecbd3ba8 Fix warning in reduced configs 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
ada3030485 Implement extended master secret 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
cd32a50d67 Fix NewSesssionTicket vs ChangeCipherSpec bug
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
d92d6a1b5b ssl_parse_server_key_exchange() cleanups 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
000d5aec13 No memmove: parse_new_session_ticket() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
0b3400dafa No memmove: ssl_parse_server_hello() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
069eb79043 No memmove: ssl_parse_hello_verify_request() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
04c1b4ece1 No memmove: certificate_request + server_hello_done 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f4830b5092 No memmove: ssl_parse_server_key_exchange() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
b35fe5638a Fix HelloVerifyRequest version handling 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
fb2d22371f Reuse random when responding to a verify request 2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
b760f001d7 Extract generate client random to a function 2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
a0e1632b79 Do not use compression with DTLS 2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
67427c07b2 Fix checksum computation with HelloVerifyRequest 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
74848811b4 Implement HelloVerifyRequest on client 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
4128aa71ee Add the 'cookie' field of DTLS ClientHello 2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
abc7e3b4ba Handle DTLS version encoding and fix some checks 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
d66645130c Add a ciphersuite NODTLS flag 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f7cdbc0e87 Fix potential bad read of length 2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard
44ade654c5 Implement (partial) renego delay on client 2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
6591962f06 Allow delay on renego on client
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Paul Bakker
84bbeb58df Adapt cipher and MD layer with _init() and _free() 2014-07-09 10:19:24 +02:00
Paul Bakker
5b4af39a36 Add _init() and _free() for hash modules 2014-07-09 10:19:23 +02:00
Paul Bakker
2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dd0c0f33c0 Better usage of dhm_calc_secret in SSL 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5c1f032653 Abort handshake if no point format in common 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579 Fix off-by-one error in point format parsing 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5bfd968e01 Fix warning with TLS 1.2 without RSA or ECDSA 2014-06-24 15:18:11 +02:00
Paul Bakker
66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard
61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Paul Bakker
b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
f6521de17b Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
0b874dc580 Implement ALPN client-side 2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
3c599f11b0 Avoid possible segfault on bad server ciphersuite 2014-03-13 19:25:06 +01:00
Paul Bakker
6a28e722c9 Merged platform compatibility layer 2014-02-06 13:44:19 +01:00
Paul Bakker
0910f32ee3 Fixed compile warning (in test-ref-configs) 2014-02-06 13:41:18 +01:00
Paul Bakker
7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc Print curve name instead of size in debugging
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ab24010b54 Enforce our choice of allowed curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
cd49f76898 Make ssl_set_curves() work client-side too. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
8e205fc0bc Fix potential buffer overflow in suported_curves_ext 2014-01-23 17:27:10 +01:00
Manuel Pégourié-Gonnard
d18cc57962 Add client-side support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
da1ff38715 Don't accept CertificateRequest with PSK suites 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41 Add missing defines/cases for RSA_PSK key exchange 2013-11-26 15:19:57 +01:00
Paul Bakker
a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Paul Bakker
fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Paul Bakker
6888167e73 Forced cast to prevent MSVC compiler warning 2013-10-15 13:24:01 +02:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0 Fix bug in psk_identity_hint parsing 2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2 Dependency fixes 2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537 Refactor parse_server_key_exchange a bit 2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
0fae60bb71 Implement RSA-PSK key exchange 2013-10-14 19:34:48 +02:00
Paul Bakker
b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2 More *-PSK refactoring 2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449 Factor PSK pms computation to ssl_tls.c 2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65 Fix bugs in ECDHE_PSK key exchange 2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00 Add support for ECDHE_PSK key exchange 2013-10-11 18:16:35 +02:00
Manuel Pégourié-Gonnard
cb99bdb27e Client: if no cert, send empty cert list 2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard
834ea8587f Change internal structs for multi-cert support 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec Fix some dependencies and warnings in small config 2013-09-19 10:49:00 +02:00
Manuel Pégourié-Gonnard
da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a310459f5c Fix a few things that broke with RSA compiled out 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a79d123a55 Make ecp_supported_curves constant 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
7038039f2e Dissociate TLS and internal EC curve identifiers
Allows to add new curves before they get a TLS number
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
a97c015f89 Rm useless/wrong DHM lenght test 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
032c34e206 Don't use DH blinding for ephemeral DH 2013-09-07 13:06:27 +02:00
Manuel Pégourié-Gonnard
2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
e09d2f8261 Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker
9659dae046 Some extra code defined out 2013-08-28 16:21:34 +02:00
Paul Bakker
577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
9cc6f5c61b Fix some hash debugging 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
4bd1284f59 Fix ECDSA hash selection bug with TLS 1.0 and 1.1 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9c9812a299 Fix bug introduced in dbf69cf
(Was writing outside array bounds.)
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50 Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
f484282e96 Rm a few unneeded tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
d11eb7c789 Fix sig_alg extension on client.
Temporary solution on server.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b pk_{sign,verify}() now accept hash_len = 0 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1 Use convert functions for SSL_SIG_* and SSL_HASH_* 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440 Merge code for RSA and ECDSA in SSL 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21 Use the new PK RSA-alt interface 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007 Add and use pk_encrypt(), pk_decrypt() 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178 Introduce pk_sign() and use it in ssl 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401 Fix some return values 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77 Add client support for ECDSA client auth 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e Check key type against selected key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50 Add client support for ECDHE_ECDSA key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394 Refactor ssl_parse_server_key_exchange() a bit 2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Manuel Pégourié-Gonnard
b3d9187cea PK: add nice interface functions
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Paul Bakker
04376b1419 Fixed memory leak in ssl_parse_server_key_exchange from missing
md_free_ctx()
2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard
0b2726732e Fix ifdef conditions for EC-related extensions.
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358 Actually use the point format selected for ECDH 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
7b19c16b74 Handle suported_point_formats in ServerHello 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
6b8846d929 Stop advertising support for compressed points
(We can only write them, not read them.)
2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker
a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
7cd5924cec Rework NewSessionTicket handling in state machine
Fixes bug: NewSessionTicket was ommited in resumed sessions.
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
6377e41ef5 Complete client support for session tickets 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7 Parse NewSessionTicket message 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989 ssl_cli: write & parse session ticket extension 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
57c2852807 Added truncated hmac negociation (without effect) 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a Misc minor fixes
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
de600e571a Read max_fragment_length extension (client) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
a052849640 Send max_fragment_length extension (client) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
ff56da3a26 Fix direct uses of x509_cert.rsa, now use pk_rsa() 2013-07-17 15:59:42 +02:00
Paul Bakker
61d113bb7b Init and free new contexts in the right place for SSL to prevent
memory leaks
2013-07-16 17:48:58 +02:00
Paul Bakker
fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
3866b9f4b5 Removed redundant inclusion 2013-06-30 12:53:14 +02:00
Paul Bakker
5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker
2fbefde1d8 Client and server now filter sent and accepted ciphersuites on minimum
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
c5a79cca53 Fixed compiler warnings for unused parameter ssl 2013-06-26 15:08:35 +02:00
Paul Bakker
73d4431ccd Fixed parse error in ssl_parse_certificate_request() 2013-05-22 13:56:26 +02:00
Paul Bakker
48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker
188c8de430 Only allow missing SereverKeyExchange message in bare PSK mode 2013-04-19 09:13:37 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
f7abd422dc Removed extra spaces on end of lines 2013-04-16 18:09:45 +02:00
Paul Bakker
29e1f12f6b split parts of ssl_parse_server_key_exchange() into separate functions
Made ssl_parse_server_dh_params(), ssl_parse_server_ecdh_params() and
ssl_parse_signature_algorihm() in preparation for PSK-related code
2013-04-16 18:09:45 +02:00
Paul Bakker
8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
3b6a07b745 Prevented compiler warning on uninitialized end 2013-03-21 11:56:50 +01:00
Paul Bakker
d3edc86720 Moved writing of client extensions to separate functions in ssl_cli.c 2013-03-20 16:07:17 +01:00
Paul Bakker
b7149bcc90 Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF 2013-03-20 15:30:09 +01:00
Paul Bakker
41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker
1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae Correctly handle CertificateRequest with empty DN list in <= TLS 1.1 2013-01-22 14:21:49 +01:00
Paul Bakker
769075dfb6 Fixed dependency on POLARSSL_SHA4_C in ssl modules 2012-11-24 11:26:46 +01:00
Paul Bakker
926af7582a Fixed client certificate handling with TLS 1.2 2012-11-23 13:38:07 +01:00
Paul Bakker
645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker
993d11dd05 - Send ClientHello with 'minimal version' 2012-09-28 15:00:12 +00:00
Paul Bakker
23f3680898 - Added proper support for TLS 1.2 signature_algorithm extension on server
side
 - Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker
eb2c658163 - Generalized external private key implementation handling (like PKCS#11) in SSL/TLS 2012-09-27 19:15:01 +00:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
29b64761fd - Added predefined DHM groups from RFC 5114 2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc - Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00