Commit graph

1643 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard a852cf4833 Fix issue with non-blocking I/O & record splitting 2015-01-13 20:56:15 +01:00
Manuel Pégourié-Gonnard d5746b36f9 Fix warning 2015-01-13 20:33:24 +01:00
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard 5dd28ea432 Fix len miscalculation in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 547ff6618f Fix NULL dereference in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard 5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard 352143fa1e Refactor for clearer correctness/security 2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard 18292456c5 Add support for getrandom() 2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard 6458e3b743 Some more refactoring/tuning. 2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard 846ba473af Minor refactoring 2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard cfa477ef2f Allow disabling record splitting at runtime 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard eaecbd3ba8 Fix warning in reduced configs 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 837f0fe831 Make renego period configurable 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard b445805283 Auto-renegotiate before sequence number wrapping 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 60346be2a3 Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard e423246e7f Fix net_usleep for durations greater than 1 second 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 9439f93ea4 Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 2457fa0915 Create ticket keys only if enabled 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard d16d1cb96a Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard 6ed2d92629 Make x509_crl_parse() iterative 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 426d4ae7ff Split x509_crl_parse_der() out of x509_crl_parse() 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard 8e4b3374d7 Fix some more warnings in reduced configs 2014-11-17 15:06:13 +01:00
Manuel Pégourié-Gonnard 98aa19148c Adjust warnings in different modes 2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard e5b0fc1847 Make malloc-init script a bit happier 2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard f631bbc1da Make x509_string_cmp() iterative 2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard d681443f69 Fix potential stack overflow 2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard e959979621 Fix ECDSA sign buffer size 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard b31b61b9e8 Fix potential undefined behaviour in Camellia 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard 7c13d69cb5 Fix dependency issues 2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard a1efcb084f Implement pk_check_pair() for RSA-alt 2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard 27e3edbe2c Check key/cert pair in ssl_set_own_cert() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard e10e06d863 Blind RSA operations even without CRT 2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard 9d7821d774 Fix warning in reduced config 2014-11-06 01:19:52 +01:00
Manuel Pégourié-Gonnard 1a03473576 Keep EtM state across renegotiations 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 08558e5b46 Fix for the RFC erratum 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 313d796e80 Implement EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard ada3030485 Implement extended master secret 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Paul Bakker 82788fb63b Fix minor style issues 2014-10-20 13:59:19 +02:00
Paul Bakker 9eac4f7c4e Prepare for release 1.3.9 2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard f7cdbc0e87 Fix potential bad read of length 2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard ef9a6aec51 Allow comparing name with mismatched encodings 2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard 88421246d8 Rename a function 2014-10-17 12:42:30 +02:00
Manuel Pégourié-Gonnard 43c3b28ca6 Fix memory leak with crafted ClientHello 2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard 5d8618539f Fix memory leak while parsing some X.509 certs 2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard 64938c63f0 Accept spaces at end of line/buffer in base64 2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard 7f4ed67a97 Fix compile error with armcc in mpi_is_prime() 2014-10-15 22:06:46 +02:00
Paul Bakker 5a5fa92bfe x509_crt_parse() did not increase total_failed on PEM error
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard 480905d563 Fix selection of hash from sig_alg ClientHello ext. 2014-08-30 14:19:59 +02:00
Sander Niemeijer ef5087d150 Added explicit casts to prevent compiler warnings when trying to build for iOS 2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard 8ef7088bb9 Use polarssl_zeroize() in asn1parse too 2014-08-21 18:15:09 +02:00
Peter Vaskovic a676acf66b Fix missing curly braces. 2014-08-21 17:56:25 +02:00
Manuel Pégourié-Gonnard a13500fdf7 Fix bug with ssl_close_notify and non-blocking I/O 2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard 44ade654c5 Implement (partial) renego delay on client 2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard f07f421759 Fix server-initiated renego with non-blocking I/O 2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard 6591962f06 Allow delay on renego on client
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard f26a1e8602 ssl_read() stops returning non-application data 2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard 55e4ff2ace Tune comments 2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard 462906f955 Do no test net_usleep() when not defined 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard 192253aaa9 Fix buffer size in pk_write_*_pem() 2014-08-14 11:34:35 +02:00
Alfred Klomp b308dd72d9 timing.c: avoid referencing garbage value
Found with Clang's `scan-build` tool.

When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.

Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
2014-08-14 11:34:35 +02:00
Alfred Klomp 7ee55624fb gcm.c: remove dead store
Found with Clang's `scan-build` tool.

The value written to `hi` is never used, resulting in a warning. Remove
the dead store to get rid of the warning.
2014-08-14 11:34:35 +02:00
Alfred Klomp 1b4eda3af9 pkcs5.c: fix dead store: return proper exit status
Found with Clang's `scan-build` tool.

The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 8d77eeeaf6 Fix integer suffix rejected by some MSVC versions 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 9a6b442cee Fix non-blocking sockets in net_accept() 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard a04fa4fa04 RSA-PSK key exchange requires TLS 1.x
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 2fbf311391 Fix dependency issue in memory_buffer_alloc 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 97884a31cb Fix printf format warnings in memory_buffer_alloc 2014-08-14 11:34:33 +02:00
Manuel Pégourié-Gonnard 86bbc7fc30 Fix typo causing compile error with NULL cipher 2014-08-14 11:34:33 +02:00
Paul Bakker 8dcb2d7d7e Support escaping of commas in x509_string_to_names() 2014-08-11 11:59:52 +02:00
Paul Bakker 21e081b068 Prevent (incorrect) compiler warning 2014-07-24 10:38:01 +02:00
Paul Bakker 6c343d7d9a Fix mpi_write_string() to write "00" as hex output for empty MPI 2014-07-10 15:27:10 +02:00