Commit Graph

1097 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
b4fe3cb1fa Rename to mbed TLS in the documentation/comments 2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
3a173f497b Merge branch 'development' into dtls
* development:
  Fix error code description.
  generate_errors.pl now errors on duplicate codes
  Avoid nested if's without braces.
  Move renego SCSV after actual ciphersuites
  Fix send_close_notify usage.
  Rename variable for clarity
  Improve script portability

Conflicts:
	library/ssl_srv.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard
11c919208d Fix error code description. 2015-01-22 13:22:12 +00:00
Manuel Pégourié-Gonnard
67505bf9e8 Merge branch 'development' into dtls
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
bfccdd3c92 Merge commit '36adc36' into dtls
* commit '36adc36':
  Add support for getrandom()
  Use library default for trunc-hmac in ssl_client2
  Make truncated hmac a runtime option server-side
  Fix portability issue in script
  Specific error for suites in common but none good
  Prefer SHA-1 certificates for pre-1.2 clients
  Some more refactoring/tuning.
  Minor refactoring

Conflicts:
	include/polarssl/error.h
	include/polarssl/ssl.h
	library/error.c
2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard
0017c2be48 Merge commit '9835bc0' into dtls
* commit '9835bc0':
  Fix racy test.
  Fix stupid error in previous commit
  Don't check errors on ssl_close_notify()
  Fix char signedness issue
  Fix issue with non-blocking I/O & record splitting
  Fix warning

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard
8fbb01ec84 Merge commit 'b2eaac1' into dtls
* commit 'b2eaac1':
  Stop assuming chars are signed
  Add tests for CBC record splitting
  Fix tests that were failing with record splitting
  Allow disabling record splitting at runtime
  Add 1/n-1 record splitting
  Enhance doc on ssl_write()

Conflicts:
	include/polarssl/ssl.h
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard
0af1ba3521 Merge commit 'f6080b8' into dtls
* commit 'f6080b8':
  Fix warning in reduced configs
  Adapt to "negative" switch for renego
  Add tests for periodic renegotiation
  Make renego period configurable
  Auto-renegotiate before sequence number wrapping
  Update Changelog for compile-option renegotiation
  Switch from an enable to a disable flag
  Save 48 bytes if SSLv3 is not defined
  Make renegotiation a compile-time option
  Add tests for renego security enforcement

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5 Merge commit '8b9bcec' into dtls
* commit '8b9bcec':
  Stop assuming chars are signed
  Fix len miscalculation in buffer-based allocator
  Fix NULL dereference in buffer-based allocator
  Add test_suite_memory_buffer_alloc
  Add memory_buffer_alloc_self_test()
  Fix missing bound check
  Add test for ctr_drbg_update() input sanitizing
  Refactor for clearer correctness/security
  Stop assuming chars are signed

Conflicts:
	library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker
c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Paul Bakker
e522d0fa57 Merge smarter certificate selection for pre-TLS-1.2 clients 2015-01-14 16:12:48 +01:00
Manuel Pégourié-Gonnard
78803c0567 Fix char signedness issue 2015-01-13 21:20:22 +01:00
Paul Bakker
f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
cfa477ef2f Allow disabling record splitting at runtime 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
edd371a82c Enhance doc on ssl_write() 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
837f0fe831 Make renego period configurable 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
037170465a Switch from an enable to a disable flag 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
9439f93ea4 Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
cb7da352fd Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
150c4f62f1 Clarify documentation a bit 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
3e9449350c Fix comment on resumption 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
6b298e6cc1 Update comment from draft to RFC 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
d16d1cb96a Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard
426d4ae7ff Split x509_crl_parse_der() out of x509_crl_parse() 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
e10e06d863 Blind RSA operations even without CRT 2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard
d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard
f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
769c6b6351 Make session-hash depend on TLS versions 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Paul Bakker
f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
ef88e68188 Deprecate ssl_set_bio() 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
df3acd82e2 Limit HelloRequest retransmission if not enforced 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
8e704f0f74 DTLS depends on TIMING_C for now 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
b0643d152d Add ssl_set_dtls_badmac_limit() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
a6fcffe516 Add warnings about disabling replay detection 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
2707430a4d Fix types and comments about read_timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
6c1fa3a184 Fix misplaced initialisation of timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
c8d8e97cbd Move to milliseconds in recv_timeout() 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
905dd2425c Add ssl_set_handshake_timeout() 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
0ac247fd88 Implement timeout back-off (fixed range for now) 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
db2858ce96 Preparation for timers
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
23b7b703aa Fix issue with renego & resend 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
8464a46b6b Make DTLS_ANTI_REPLAY depends on PROTO_DTLS 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
7a7e140d4e Add functions for replay protection 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
ffa67be698 Infrastructure for buffering & resending flights 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
57fa314412 Fix depend documentation 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
9d9b003a9a Add net_recv_timeout() 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
8fa6dfd560 Introduce f_recv_timeout callback 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
e6bdc4497c Merge I/O contexts into one 2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard
624bcb5260 No memmove: done, rm temporary things 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
9d1d7196e4 Check length before reading handshake header 2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
d9ba0d96b6 Prepare for checking incoming handshake seqnum 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
64dffc5d14 Make handshake reassembly work with openssl 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
502bf30fb5 Handle reassembly of handshake messages
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.

Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
562eb787ec Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
bef8f09899 Make cookie timeout configurable 2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
e90308178f Add timestamp/serial to cookies, with timeout 2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
a64acd4f84 Add separate SSL_COOKIE_C define 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
7d38d215b1 Allow disabling HelloVerifyRequest 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d7f9bc5091 Refactor cookie to prepare for external callbacks
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
43c021874d Add ssl_set_client_transport_id() 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
2c9ee81f6e Start adding srv support for hello verify request
Dummy fixed content for now.

Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
a0e1632b79 Do not use compression with DTLS 2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
67427c07b2 Fix checksum computation with HelloVerifyRequest 2014-10-21 16:30:11 +02:00