Manuel Pégourié-Gonnard
3a173f497b
Merge branch 'development' into dtls
...
* development:
Fix error code description.
generate_errors.pl now errors on duplicate codes
Avoid nested if's without braces.
Move renego SCSV after actual ciphersuites
Fix send_close_notify usage.
Rename variable for clarity
Improve script portability
Conflicts:
library/ssl_srv.c
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard
59c6f2ef21
Avoid nested if's without braces.
...
Creates a potential for confusing code if we later want to add an else clause.
2015-01-22 11:06:40 +00:00
Manuel Pégourié-Gonnard
5d9cde25da
Move renego SCSV after actual ciphersuites
2015-01-22 10:49:41 +00:00
Manuel Pégourié-Gonnard
67505bf9e8
Merge branch 'development' into dtls
...
* development:
Adapt tests to new defaults/errors.
Fix typos/cosmetics in Changelog
Disable RC4 by default in example programs.
Add ssl_set_arc4_support()
Set min version to TLS 1.0 in programs
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
0af1ba3521
Merge commit 'f6080b8' into dtls
...
* commit 'f6080b8':
Fix warning in reduced configs
Adapt to "negative" switch for renego
Add tests for periodic renegotiation
Make renego period configurable
Auto-renegotiate before sequence number wrapping
Update Changelog for compile-option renegotiation
Switch from an enable to a disable flag
Save 48 bytes if SSLv3 is not defined
Make renegotiation a compile-time option
Add tests for renego security enforcement
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
programs/ssl/ssl_server2.c
tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43
Merge commit 'd7e2483' into dtls
...
* commit 'd7e2483': (57 commits)
Skip signature_algorithms ext if PSK only
Fix bug in ssl_client2 reconnect option
Cosmetics in ssl_server2
Improve debugging message.
Fix net_usleep for durations greater than 1 second
Use pk_load_file() in X509
Create ticket keys only if enabled
Fix typo in #ifdef
Clarify documentation a bit
Fix comment on resumption
Update comment from draft to RFC
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
Add recursion.pl to all.sh
Allow x509_crt_verify_child() in recursion.pl
Set a compile-time limit to X.509 chain length
Fix 3DES -> DES in all.sh (+ time estimates)
Add curves.pl to all.sh
Rework all.sh to use MSan instead of valgrind
Fix depends on individual curves in tests
Add script to test depends on individual curves
...
Conflicts:
CMakeLists.txt
programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Paul Bakker
5b8f7eaa3e
Merge new security defaults for programs (RC4 disabled, SSL3 disabled)
2015-01-14 16:26:54 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
d94232389e
Skip signature_algorithms ext if PSK only
2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
eaecbd3ba8
Fix warning in reduced configs
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
b575b54cb9
Forbid extended master secret with SSLv3
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
ada3030485
Implement extended master secret
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
cd32a50d67
Fix NewSesssionTicket vs ChangeCipherSpec bug
...
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
d92d6a1b5b
ssl_parse_server_key_exchange() cleanups
2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard
000d5aec13
No memmove: parse_new_session_ticket()
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
0b3400dafa
No memmove: ssl_parse_server_hello()
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
069eb79043
No memmove: ssl_parse_hello_verify_request()
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
04c1b4ece1
No memmove: certificate_request + server_hello_done
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f4830b5092
No memmove: ssl_parse_server_key_exchange()
2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
b35fe5638a
Fix HelloVerifyRequest version handling
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
fb2d22371f
Reuse random when responding to a verify request
2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
b760f001d7
Extract generate client random to a function
2014-10-21 16:30:14 +02:00
Manuel Pégourié-Gonnard
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
4128aa71ee
Add the 'cookie' field of DTLS ClientHello
2014-10-21 16:30:08 +02:00
Manuel Pégourié-Gonnard
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
d66645130c
Add a ciphersuite NODTLS flag
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Paul Bakker
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
Paul Bakker
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dd0c0f33c0
Better usage of dhm_calc_secret in SSL
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5c1f032653
Abort handshake if no point format in common
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579
Fix off-by-one error in point format parsing
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
5bfd968e01
Fix warning with TLS 1.2 without RSA or ECDSA
2014-06-24 15:18:11 +02:00
Paul Bakker
66d5d076f7
Fix formatting in various code to match spacing from coding style
2014-06-17 17:06:47 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard
61edffef28
Normalize "should never happen" messages/errors
2014-05-22 13:52:47 +02:00
Paul Bakker
b9e4e2c97a
Fix formatting: fix some 'easy' > 80 length lines
2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
a70366317d
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
3c599f11b0
Avoid possible segfault on bad server ciphersuite
2014-03-13 19:25:06 +01:00
Paul Bakker
6a28e722c9
Merged platform compatibility layer
2014-02-06 13:44:19 +01:00
Paul Bakker
0910f32ee3
Fixed compile warning (in test-ref-configs)
2014-02-06 13:41:18 +01:00
Paul Bakker
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc
Print curve name instead of size in debugging
...
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ab24010b54
Enforce our choice of allowed curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
cd49f76898
Make ssl_set_curves() work client-side too.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
8e205fc0bc
Fix potential buffer overflow in suported_curves_ext
2014-01-23 17:27:10 +01:00
Manuel Pégourié-Gonnard
d18cc57962
Add client-side support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
da1ff38715
Don't accept CertificateRequest with PSK suites
2013-11-26 15:19:57 +01:00
Manuel Pégourié-Gonnard
dc953e8c41
Add missing defines/cases for RSA_PSK key exchange
2013-11-26 15:19:57 +01:00
Paul Bakker
a9a028ebd0
SSL now gracefully handles missing RNG
2013-11-21 17:31:06 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Paul Bakker
6888167e73
Forced cast to prevent MSVC compiler warning
2013-10-15 13:24:01 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard
59b9fe28f0
Fix bug in psk_identity_hint parsing
2013-10-15 11:55:33 +02:00
Manuel Pégourié-Gonnard
bac0e3b7d2
Dependency fixes
2013-10-15 11:54:47 +02:00
Manuel Pégourié-Gonnard
09258b9537
Refactor parse_server_key_exchange a bit
2013-10-15 11:19:54 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
0fae60bb71
Implement RSA-PSK key exchange
2013-10-14 19:34:48 +02:00
Paul Bakker
b9cfaa0c7f
Explicit conversions and minor changes to prevent MSVC compiler warnings
2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Manuel Pégourié-Gonnard
72fb62daa2
More *-PSK refactoring
2013-10-14 14:01:58 +02:00
Manuel Pégourié-Gonnard
bd1ae24449
Factor PSK pms computation to ssl_tls.c
2013-10-14 13:17:36 +02:00
Manuel Pégourié-Gonnard
b59d699a65
Fix bugs in ECDHE_PSK key exchange
2013-10-14 12:00:45 +02:00
Manuel Pégourié-Gonnard
3ce3bbdc00
Add support for ECDHE_PSK key exchange
2013-10-11 18:16:35 +02:00
Manuel Pégourié-Gonnard
cb99bdb27e
Client: if no cert, send empty cert list
2013-09-25 13:30:56 +02:00
Manuel Pégourié-Gonnard
834ea8587f
Change internal structs for multi-cert support
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
a7496f00ff
Fix a few more warnings in small configurations
2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
1032c1d3ec
Fix some dependencies and warnings in small config
2013-09-19 10:49:00 +02:00
Manuel Pégourié-Gonnard
da179e4870
Add ecp_curve_list(), hide ecp_supported_curves
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a310459f5c
Fix a few things that broke with RSA compiled out
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e
Add human-friendly name in ecp_curve_info
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
a79d123a55
Make ecp_supported_curves constant
2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
568c9cf878
Add ecp_supported_curves and simplify some code
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
7038039f2e
Dissociate TLS and internal EC curve identifiers
...
Allows to add new curves before they get a TLS number
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
a97c015f89
Rm useless/wrong DHM lenght test
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
032c34e206
Don't use DH blinding for ephemeral DH
2013-09-07 13:06:27 +02:00