Commit Graph

358 Commits

Author SHA1 Message Date
Gilles Peskine
39e2981b22 Fix FALLBACK_SCSV parsing
Fixed a bug in ssl_srv.c when parsing TLS_FALLBACK_SCSV in the
ciphersuite list that caused it to miss it sometimes. Reported by Hugo
Leisink as issue #810. Fix initially by @andreasag01; this commit
isolates the bug fix and adds a non-regression test.
2017-05-16 18:03:02 +02:00
Paul Bakker
e6ed6a1fc4 Fix guards in SSL for ECDH key exchanges 2016-09-05 12:26:04 +03:00
Simon Butcher
60e2b2fe22 Fix whitespace and formatting in ssl_srv.c 2016-05-23 16:41:16 +01:00
Janos Follath
83f26052bf Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 14:50:15 +01:00
Manuel Pégourié-Gonnard
7f890c3e96 Avoid seemingly-possible overflow
By looking just at that test, it looks like 2 + dn_size could overflow. In
fact that can't happen as that would mean we've read a CA cert of size is too
big to be represented by a size_t.

However, it's best for code to be more obviously free of overflow without
having to reason about the bigger picture.
2015-12-10 15:07:46 +01:00
Manuel Pégourié-Gonnard
bc1babb387 Fix potential overflow in CertificateRequest 2015-10-02 11:20:28 +02:00
Manuel Pégourié-Gonnard
f7022d1131 Fix bug in server parsing point formats extension
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
4cc8c63226 Add test for extensionless ClientHello 2015-07-23 12:24:03 +02:00
Manuel Pégourié-Gonnard
cb0d212c97 Fix level of some debug messages 2015-07-22 11:52:11 +02:00
Manuel Pégourié-Gonnard
b076116e14 Fix one debug message 2015-07-22 11:39:23 +02:00
Manuel Pégourié-Gonnard
e540b49a3f Add one more debug message 2015-07-07 12:44:38 +02:00
Manuel Pégourié-Gonnard
9de64f5af1 Fix MSVC warnings in library and programs 2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard
dba460f2f3 Add SSL "assertion" to help static analysis 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
bae389b4d4 Fix uninitialized access
Found using Codenomicon Defensics.
2015-06-24 10:47:33 +02:00
Manuel Pégourié-Gonnard
b86145e6cd Avoid potential NULL dereference.
May happen with a faulty configuration (eg no allowed curve but trying to use
ECDHE key exchange), but not trigger able remotely.

(Found with Clang's scan-build.)
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard
b9c93d0d0a Fix earlier incomplete change in RSA PMS reading
Probably a bad merge from the 1.3 branch
2015-06-23 18:43:53 +02:00
Manuel Pégourié-Gonnard
19389753c8 Avoid dead stores (makes scan-build happier) 2015-06-23 13:46:44 +02:00
Manuel Pégourié-Gonnard
cdc26ae099 Add mbedtls_ssl_set_hs_authmode
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard
12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard
7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard
b541da6ef3 Fix define for ssl_conf_curves()
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
0c0f11f4b3 Update dependencies & includes for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
d59675d92c Move to callback for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
b0394bebdb Further adapt prototypes of ticket functions
Moving everything in ticket_keys structure, that will soon become
ticket_context.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
69f17280d3 Adapt prototypes of ticket handling functions
This is an intermediate step. The ssl_config argument will be replace by a
ticket context next.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
a4a473516e Rename & move ticket functions to ticket module 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
66dc5555f0 mbedtls_ssl_conf_arc4_support() depends on ARC4_C 2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f Rename ecp_use_known_dp -> mbedtls_ecp_group_load() 2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
8b431fbbec Fix dependency issues 2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
6729e79482 Rename ssl_set_xxx() to ssl_conf_xxx() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
22bfa4bb53 Add ssl_set_hs_ca_chain() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
1af6c8500b Add ssl_set_hs_own_cert() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
8f618a8e65 Rework ssl_set_own_cert() internals 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
750e4d7769 Move ssl_set_rng() to act on config 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
5cb3308e5f Merge contexts for session cache 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
1028b74cff Upgrade default DHM params size 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
2b49445876 Move session ticket keys to conf
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
d36e33fc07 Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
7ca4e4dc79 Move things to conf substructure
A simple series of sed invocations.

This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
331ba5778a Fix some additional renaming issues 2015-04-20 12:33:57 +01:00
Manuel Pégourié-Gonnard
e6efa6f54e manually merge 9f98251 make extKeyUsage accessible 2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard
53c76c07de Merge branch 'mbedtls-1.3' into development
* commit 'ce60fbe':
  Fix potential timing difference with RSA PMS
  Update Changelog for recent merge
  Added more constant-time code and removed biases in the prime number generation routines.

Conflicts:
	library/bignum.c
	library/ssl_srv.c
2015-04-17 20:19:32 +02:00
Manuel Pégourié-Gonnard
ce60fbeb30 Fix potential timing difference with RSA PMS 2015-04-15 16:56:28 +02:00