Commit graph

241 commits

Author SHA1 Message Date
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Manuel Pégourié-Gonnard 8ff17c544c Add missing DEBUG_RET on cipher failures 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard 61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard 2e5ee32033 Implement CCM and CCM_8 ciphersuites 2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard 5efd772ef0 Small readability improvement 2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard de7bb44004 Use cipher_auth_{en,de}crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 8764d271fa Use cipher_crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Paul Bakker b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker 9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Paul Bakker 2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker 1a1fbba1ae Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-04-30 14:48:51 +02:00
Manuel Pégourié-Gonnard 3a306b9067 Fix misplaced #endif in ssl_tls.c 2014-04-29 15:11:17 +02:00
Paul Bakker 61885c7f7f Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker 93389cc620 Remove const indicator 2014-04-17 14:44:38 +02:00
Manuel Pégourié-Gonnard 0408fd1fbb Add extendedKeyUsage checking in SSL modules 2014-04-11 11:09:09 +02:00
Paul Bakker d6ad8e949b Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C 2014-04-09 17:24:14 +02:00
Paul Bakker a77de8c841 Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off 2014-04-09 16:39:35 +02:00
Manuel Pégourié-Gonnard a9db85df73 Add tests for keyUsage with client auth 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 7f2a07d7b2 Check keyUsage in SSL client and server 2014-04-09 15:50:57 +02:00
Paul Bakker 0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Paul Bakker 4224bc0a4f Prevent potential NULL pointer dereference in ssl_read_record() 2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard 0b874dc580 Implement ALPN client-side 2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard 7e250d4812 Add ALPN interface 2014-04-04 17:10:40 +02:00
Paul Bakker 77f4f39ea6 Make sure no random pointer occur during failed malloc()'s 2014-03-26 15:30:20 +01:00
Paul Bakker 91c61bc4fd Further tightened the padlen check to prevent underflow / overflow 2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard b2bf5a1bbb Fix possible buffer overflow with PSK 2014-03-26 12:58:50 +01:00
Paul Bakker 3d6504a935 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard 83cdffc437 Forbid sequence number wrapping 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard 796c6f3aff Countermeasure against "triple handshake" attack 2014-03-13 19:25:06 +01:00
Paul Bakker 7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard ab24010b54 Enforce our choice of allowed curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 7f38ed0bfa ssl_set_curves is no longer ECDHE only 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard ac7194133e Renamings and other fixes 2014-02-06 10:28:38 +01:00
Gergely Budai e40c469ad3 The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[]. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard de05390c85 Rename ecdh_curve_list to curve_list 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 5de2580563 Make ssl_set_ecdh_curves() a compile-time option 2014-02-06 10:28:38 +01:00
Gergely Budai 987bfb510b Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 7c59363a85 Remove a few dead stores 2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard 7cfdcb8c7f Add a length check in ssl_derive_keys() 2014-01-22 12:56:22 +01:00
Paul Bakker 6992eb762c Fixed potential overflow in certificate size in ssl_write_certificate() 2013-12-31 11:38:33 +01:00
Paul Bakker 956c9e063d Reduced the input / output overhead with 200+ bytes and covered corner
case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Paul Bakker 1e5369c7fa Variables in proper block or within proper defines in ssl_decrypt_buf() 2013-12-19 16:40:57 +01:00
Paul Bakker fdf946928d Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites 2013-12-17 13:10:27 +01:00
Paul Bakker 77e257e958 Fixed bad check for maximum size of fragment length index 2013-12-17 13:09:12 +01:00
Paul Bakker 6f0636a09f Potential memory leak in ssl_ticket_keys_init() 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard d18cc57962 Add client-side support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard c72ac7c3ef Fix SSLv3 handling of SHA-384 suites
Fixes memory corruption, introduced in
a5bdfcd (Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Manuel Pégourié-Gonnard dc953e8c41 Add missing defines/cases for RSA_PSK key exchange 2013-11-26 15:19:57 +01:00
Paul Bakker 08b028ff0f Prevent unlikely NULL dereference 2013-11-19 10:42:37 +01:00