Commit Graph

91 Commits

Author SHA1 Message Date
Paul Bakker
dedce0c35c Prevent potential NULL pointer dereference in ssl_read_record() 2014-07-08 14:36:12 +02:00
Paul Bakker
24aaf44120 Make sure no random pointer occur during failed malloc()'s 2014-07-08 11:39:19 +02:00
Paul Bakker
b000f82d76 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard
be04673c49 Forbid sequence number wrapping 2014-07-08 11:04:19 +02:00
Manuel Pégourié-Gonnard
963918b88f Countermeasure against "triple handshake" attack 2014-07-07 17:46:35 +02:00
Paul Bakker
7837026b91 Remove a few dead stores 2014-07-07 16:01:34 +02:00
Paul Bakker
4091141368 Add a length check in ssl_derive_keys() 2014-07-07 16:01:28 +02:00
Paul Bakker
d83584e9aa Fixed potential overflow in certificate size in ssl_write_certificate() 2014-07-07 16:01:11 +02:00
Manuel Pégourié-Gonnard
5c8434cf52 Safer buffer comparisons in the SSL modules 2014-07-07 14:10:07 +02:00
Paul Bakker
915ee19887 Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2 2013-09-23 17:30:26 +02:00
Paul Bakker
43f9799ce6 RSA blinding on CRT operations to counter timing attacks 2013-09-23 11:23:31 +02:00
Paul Bakker
a565aceea1 Fixed potential memory leak when failing to resume a session 2013-09-11 13:31:53 +02:00
Paul Bakker
a13d744d2e Fixed potential heap buffer overflow on large hostname setting
(cherry picked from commit 75c1a6f97c)

Conflicts:
	library/ssl_tls.c
2013-09-11 11:41:41 +02:00
Paul Bakker
4087c47043 Added mechanism to provide alternative cipher / hash implementations
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
2013-06-12 16:57:46 +02:00
Paul Bakker
1922a4e6aa ssl_parse_certificate() now calls x509parse_crt_der() directly 2013-06-06 15:11:16 +02:00
Paul Bakker
eae09db9e5 Fixed const correctness issues that have no impact on the ABI 2013-06-06 12:35:54 +02:00
Paul Bakker
a62729888b Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int **' and is now malloced in ssl_init() and freed in
ssl_free().

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
2013-04-12 13:13:43 +02:00
Paul Bakker
926c8e49fe Fixed possible NULL pointer exception in ssl_get_ciphersuite() 2013-03-06 18:01:03 +01:00
Paul Bakker
e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
86f04f400b Fixed comment 2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Paul Bakker
40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6 Fixed timing difference resulting from badly formatted padding. 2013-02-02 19:04:13 +01:00
Paul Bakker
1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
769075dfb6 Fixed dependency on POLARSSL_SHA4_C in ssl modules 2012-11-24 11:26:46 +01:00
Paul Bakker
645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker
23f3680898 - Added proper support for TLS 1.2 signature_algorithm extension on server
side
 - Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b - Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS 2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02 - Added ServerName extension parsing (SNI) at server side 2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163 - Generalized external private key implementation handling (like PKCS#11) in SSL/TLS 2012-09-27 19:15:01 +00:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
d0f6fa7bdc - Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker
5f70b25c9b - Correctly handle SHA256 ciphersuites in SSLv3
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
b68cad6cc7 - Made cipersuites in ssl context const (no intention to modify)
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
2770fbd651 - Added DEFLATE compression support as per RFC3749 (requires zlib) 2012-07-03 13:30:23 +00:00
Paul Bakker
186751d9dd - Moved out_msg to out_hdr + 32 to support hardware acceleration 2012-05-08 13:16:14 +00:00
Paul Bakker
05ef835b6a - Added support for Hardware Acceleration hooking in SSL/TLS 2012-05-08 09:17:57 +00:00
Paul Bakker
380da53c48 - Abstracted checksum updating during handshake 2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker
0a9251870a - Report unexpected_message if unknown record type is received 2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker
1ef83d66dd - Initial bare version of TLS 1.2 2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534 - Fixed too restrictive test 2012-04-10 07:48:40 +00:00
Paul Bakker
452d532955 - Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST) 2012-04-05 12:07:34 +00:00
Paul Bakker
fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00