Commit Graph

254 Commits

Author SHA1 Message Date
Gilles Peskine
c5926a7049 Merge branch 'iotssl-1419-safermemcmp-volatile_backport-1.3' into mbedtls-1.3-restricted 2017-11-28 13:50:05 +01:00
Hanno Becker
ce2c02cca2 Enhance documentation of ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure

Also, adapt ChangeLog.
2017-10-01 00:00:56 +01:00
Hanno Becker
d1cf6d68cc Prevent clever optimization to prematurely quit loop in safe memcmp
The previous version of `ssl_safer_memcmp` did not qualify the
pointers to the arrays to be compared as volatile, theoretically
opening the possibility for the compiler to notice that the loop
operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This
commit changes this. It also declares the stack variable `diff` as
volatile, to force read and write in every loop; omitting that, the
compiler would still be allowed to get away with reading `A[i]` and
`B[i]` but not doing the XOR and not updating `diff`.
2017-06-26 13:43:34 +01:00
Hanno Becker
10699cc96c Simplify retaining of messages for future processing
There are situations in which it is not clear what message to expect
next. For example, the message following the ServerHello might be
either a Certificate, a ServerKeyExchange or a CertificateRequest. We
deal with this situation in the following way: Initially, the message
processing function for one of the allowed message types is called,
which fetches and decodes a new message. If that message is not the
expected one, the function returns successfully (instead of throwing
an error as usual for unexpected messages), and the handshake
continues to the processing function for the next possible message. To
not have this function fetch a new message, a flag in the SSL context
structure is used to indicate that the last message was retained for
further processing, and if that's set, the following processing
function will not fetch a new record.

This commit simplifies the usage of this message-retaining parameter
by doing the check within the record-fetching routine instead of the
specific message-processing routines. The code gets cleaner this way
and allows retaining messages to be used in other situations as well
without much effort. This will be used in the next commits.
2017-06-08 15:41:02 +01:00
Hanno Becker
c2b9d984e9 Remember suitable hash function for any signature algorithm.
This commit changes `ssl_parse_signature_algorithms_ext` to remember
one suitable ( := supported by client and by our config ) hash
algorithm per signature algorithm.

It also modifies the ciphersuite checking function
`ssl_ciphersuite_match` to refuse a suite if there
is no suitable hash algorithm.

Finally, it adds the corresponding entry to the ChangeLog.
2017-05-24 10:47:54 +01:00
Manuel Pégourié-Gonnard
c5934272fc Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
* mbedtls-1.3:
  Fix spurious #endif from previous cherry-pick
  Fix macroization of inline in C++
  Add missing warning in doc
  Fix compile error in net.c with musl libc
2015-10-05 17:06:24 +01:00
Manuel Pégourié-Gonnard
20607bb0fa Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 14:28:17 +01:00
Simon Butcher
c988f32add Added max length checking of hostname 2015-09-29 23:27:20 +01:00
Manuel Pégourié-Gonnard
89789be80f Fix handling of new config option
fixes #256
2015-08-27 09:54:16 +02:00
Manuel Pégourié-Gonnard
f0f399d66c Up default server DHM size to 2048 bits 2015-07-03 17:45:57 +02:00
Manuel Pégourié-Gonnard
9ea1b23cc4 Up min size of DHM params to 1024 bits on client 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard
48647b9255 Merge remote-tracking branch 'nw/misc' into mbedtls-1.3
* nw/misc:
  Typos and doc additions
2015-05-12 12:48:12 +02:00
Nicholas Wilson
d0fa5ccbb0 Typos and doc additions 2015-05-11 10:44:11 +01:00
Manuel Pégourié-Gonnard
e16b62c3a9 Make results of (ext)KeyUsage accessible 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
c70581c272 Add POLARSSL_DEPRECATED_{WARNING,REMOVED} 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
71432849ed Use proper doxygen markup to mark deprecations 2015-03-20 17:26:50 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
607d663b41 Add debug info for cert/suite selection 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
e89163c0a8 Fix bug in ssl_get_verify_result() 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
b4fe3cb1fa Rename to mbed TLS in the documentation/comments 2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
11c919208d Fix error code description. 2015-01-22 13:22:12 +00:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker
c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Paul Bakker
e522d0fa57 Merge smarter certificate selection for pre-TLS-1.2 clients 2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard
78803c0567 Fix char signedness issue 2015-01-13 21:20:22 +01:00
Paul Bakker
f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
cfa477ef2f Allow disabling record splitting at runtime 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
edd371a82c Enhance doc on ssl_write() 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
837f0fe831 Make renego period configurable 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
037170465a Switch from an enable to a disable flag 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
cb7da352fd Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
3e9449350c Fix comment on resumption 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
d16d1cb96a Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00