Commit Graph

308 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
8a7cf2543a Add a few #ifdefs 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
f03c7aa469 Add replay detection in parse_client_hello() 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
5ee96546de Add length checks in parse_certificate_verify() 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
72226214b1 Merge checks in ssl_parse_certificate_verify() 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
4528f3f5c0 No memmove: parse_certificate_verify() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
2114d724dc No memmove: ssl_parse_client_key_exchange() 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
19d438f4ff Get rid of memmove for DTLS in parse_client_hello() 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
1aa586e41d Check handshake message_seq field 2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
d9ba0d96b6 Prepare for checking incoming handshake seqnum 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
30d16eb429 Fix client-initiated renegotiation with DTLS 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
b35fe5638a Fix HelloVerifyRequest version handling 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
7d38d215b1 Allow disabling HelloVerifyRequest 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d7f9bc5091 Refactor cookie to prepare for external callbacks
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
dd3cdb0fbc Start using client IP in HelloVerifyRequest
Dummy fixed key for now.
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
43c021874d Add ssl_set_client_transport_id() 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
2c9ee81f6e Start adding srv support for hello verify request
Dummy fixed content for now.

Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
a0e1632b79 Do not use compression with DTLS 2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
5d53cbef3a Fix length check in ssl_write_ticket() 2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
b2f3be8757 Support multiple records in one datagram 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
d6b721c7ee More ssl_parse_client_hello() adjustments 2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
4128aa71ee Add the 'cookie' field of DTLS ClientHello 2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
8933a65d5c Rework ssl_parse_client_hello() a bit
- make it more linear
- check lengths better
- prepare for optional "cookie" field
2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
e89bcf05da Write new DTLS handshake fields correctly 2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard
ce441b3442 Add space for new DTLS fields in handshake 2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard
0619348288 Add explicit counter in DTLS record header 2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
507e1e410a Prep: allow {in,out}_len != {in,out}_hdr + 3 2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
abc7e3b4ba Handle DTLS version encoding and fix some checks 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
d66645130c Add a ciphersuite NODTLS flag 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
43c3b28ca6 Fix memory leak with crafted ClientHello 2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard
480905d563 Fix selection of hash from sig_alg ClientHello ext. 2014-08-30 14:19:59 +02:00
Paul Bakker
84bbeb58df Adapt cipher and MD layer with _init() and _free() 2014-07-09 10:19:24 +02:00
Paul Bakker
accaffe2c3 Restructure ssl_handshake_init() and small fixes 2014-07-09 10:19:24 +02:00
Paul Bakker
5b4af39a36 Add _init() and _free() for hash modules 2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard
d27680bd5e Clarify code using PSK callback 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
14beb08542 Fix missing const 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f Change selection of hash algorithm for TLS 1.2 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
dd0c0f33c0 Better usage of dhm_calc_secret in SSL 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
4d2a8eb6ff SSL modules now using x509_crt_parse_der()
Avoid uselessly trying to decode PEM.
2014-06-23 11:54:57 +02:00
Paul Bakker
66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker
db20c10423 Add #endif comments for #endif more than 10 lines from #if / #else 2014-06-17 14:34:44 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker
14877e6250 Remove unused 'ret' variable 2014-06-12 23:01:18 +02:00
Paul Bakker
14b16c62e9 Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker)
Move strlen out of for loop.
Remove redundant null checks before free.
2014-05-28 11:34:33 +02:00
Paul Bakker
0f651c7422 Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-05-22 15:12:19 +02:00
Manuel Pégourié-Gonnard
61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Paul Bakker
b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Paul Bakker
c70e425a73 Only iterate over actual certificates in ssl_write_certificate_request() 2014-04-18 13:50:19 +02:00
Paul Bakker
4f42c11846 Remove arbitrary maximum length for cipher_list and content length 2014-04-17 15:37:39 +02:00
Paul Bakker
d893aef867 Force default value to curve parameter 2014-04-17 14:45:34 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2 Check keyUsage in SSL client and server 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
f6521de17b Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae Implement ALPN server-side 2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
969ccc6289 Fix length checking of various ClientKeyExchange's 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb Fix possible buffer overflow with PSK 2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard
d701c9aec9 Fix memory leak in server with expired tickets 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
145dfcbfc2 Fix bug with NewSessionTicket and non-blocking I/O 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
96ea2f2557 Add tests for SNI 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
8520dac292 Add tests for auth_mode 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
f7c52014ec Add basic tests for session resumption 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
6b1e207081 Fix verion-major intolerance 2014-02-12 10:14:54 +01:00
Paul Bakker
7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
f6dc5e1d16 Remove temporary debug code 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc Print curve name instead of size in debugging
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85 Rename ecdh_curve_list to curve_list 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563 Make ssl_set_ecdh_curves() a compile-time option 2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5538970d32 Add server support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245 Add option to respect client ciphersuite order 2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
011a8db2e7 Complete refactoring of ciphersuite choosing 2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard
3252560e68 Move some functions up 2013-11-30 17:50:32 +01:00
Manuel Pégourié-Gonnard
59b81d73b4 Refactor ciphersuite selection for version > 2 2013-11-30 17:46:04 +01:00
Manuel Pégourié-Gonnard
da1ff38715 Don't accept CertificateRequest with PSK suites 2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41 Add missing defines/cases for RSA_PSK key exchange 2013-11-26 15:19:57 +01:00
Paul Bakker
a9a028ebd0 SSL now gracefully handles missing RNG 2013-11-21 17:31:06 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f Safer buffer comparisons in the SSL modules 2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
21ef42f257 Don't select a PSK ciphersuite if no key available 2013-10-28 14:00:45 +01:00
Paul Bakker
45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Paul Bakker
677377f472 Server does not send out extensions not advertised by client 2013-10-28 12:54:26 +01:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2 Dependency fixes 2013-10-15 11:54:47 +02:00