Commit graph

255 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 0b03200e96 Add server-side support for ECDSA client auth 2013-08-27 22:21:19 +02:00
Paul Bakker 0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Manuel Pégourié-Gonnard 0a20171d52 Fix compiler warning from gcc -Os 2013-08-26 14:31:43 +02:00
Manuel Pégourié-Gonnard c6554aab3d Check length of session tickets we write 2013-08-26 14:26:33 +02:00
Manuel Pégourié-Gonnard b3d9187cea PK: add nice interface functions
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Paul Bakker 5fd4917d97 Add missing ifdefs in ssl modules 2013-08-19 13:30:28 +02:00
Manuel Pégourié-Gonnard 0b2726732e Fix ifdef conditions for EC-related extensions.
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard 5734b2d358 Actually use the point format selected for ECDH 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard 7b19c16b74 Handle suported_point_formats in ServerHello 2013-08-16 13:56:16 +02:00
Paul Bakker 1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker 05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker 606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Paul Bakker f0e39acb58 Fixed unitialized n when resuming a session 2013-08-15 11:40:48 +02:00
Paul Bakker a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard 56dc9e8bba Authenticate session tickets. 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 990c51a557 Encrypt session tickets 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 779e42982c Start adding ticket keys (only key_name for now) 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 306827e3bc Prepare ticket structure for securing 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 593058e35e Don't renew ticket when the current one is OK 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard c086cce3d3 Don't cache empty session ID nor resumed session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 7cd5924cec Rework NewSessionTicket handling in state machine
Fixes bug: NewSessionTicket was ommited in resumed sessions.
2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 3ffa3db80b Fix server session ID handling with ticket 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 72882b2079 Relax limit on ClientHello size 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 609bc81a76 ssl_srv: read & write ticket, unsecure for now 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 94f6a79cde Auxiliary functions to (de)serialize ssl_session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard 7a358b8580 ssl_srv: write & parse session ticket ext & msg 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 57c2852807 Added truncated hmac negociation (without effect) 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard e048b67d0a Misc minor fixes
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard ed4af8b57c Move negotiated max fragment length to session
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard 7bb7899121 Send max_fragment_length extension (server) 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard f11a6d78c7 Rework server extensions writing 2013-07-18 11:23:38 +02:00
Manuel Pégourié-Gonnard 48f8d0dbbd Read max_fragment_length extension (server) 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard ff56da3a26 Fix direct uses of x509_cert.rsa, now use pk_rsa() 2013-07-17 15:59:42 +02:00
Paul Bakker 61d113bb7b Init and free new contexts in the right place for SSL to prevent
memory leaks
2013-07-16 17:48:58 +02:00
Paul Bakker fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker 9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker 5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker 2fbefde1d8 Client and server now filter sent and accepted ciphersuites on minimum
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker 59c28a2723 SSL v2 handshake should also handle dynamic ciphersuites 2013-06-29 18:35:40 +02:00
Paul Bakker b6c5d2e1a6 Cleanup up non-prototyped functions (static) and const-correctness
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker 2013950545 Secure renegotiation extension should only be sent in case client supports secure renegotiation
(cherry picked from commit 7c3c3899cf)
2013-06-24 19:09:24 +02:00
Paul Bakker 48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker fbb17804d8 Added pre-shared key handling for the server side of SSL / TLS
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker 70df2fbaa5 Split parts of ssl_parse_client_key_exchange() into separate functions
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
2013-04-18 23:12:33 +02:00
Paul Bakker f7abd422dc Removed extra spaces on end of lines 2013-04-16 18:09:45 +02:00
Paul Bakker 8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker b7149bcc90 Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF 2013-03-20 15:30:09 +01:00
Paul Bakker 41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker 68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker 78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker 1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker 21dca69ef0 Handle future version properly in ssl_write_certificate_request() 2013-01-03 11:41:08 +01:00
Paul Bakker bc3d98469f Fixed multiple DN size 2012-11-26 16:12:02 +01:00
Paul Bakker 78ce507988 Fixed typo 2012-11-23 14:23:53 +01:00
Paul Bakker 926af7582a Fixed client certificate handling with TLS 1.2 2012-11-23 13:38:07 +01:00
Paul Bakker 645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker 35a7fe52f3 - Prevent compiler warning 2012-10-31 09:07:14 +00:00
Paul Bakker 8611e73dd3 - Fixed infinite loop 2012-10-30 07:52:29 +00:00
Paul Bakker 81420abcb6 - properly print minimum version 2012-10-23 10:31:15 +00:00
Paul Bakker 23f3680898 - Added proper support for TLS 1.2 signature_algorithm extension on server
side
 - Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker 1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker 5701cdcd02 - Added ServerName extension parsing (SNI) at server side 2012-09-27 21:49:42 +00:00
Paul Bakker eb2c658163 - Generalized external private key implementation handling (like PKCS#11) in SSL/TLS 2012-09-27 19:15:01 +00:00
Paul Bakker 0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker 29b64761fd - Added predefined DHM groups from RFC 5114 2012-09-25 09:36:44 +00:00
Paul Bakker d0f6fa7bdc - Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker 48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker ec636f3bdd - Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation) 2012-09-09 19:17:02 +00:00
Paul Bakker 2770fbd651 - Added DEFLATE compression support as per RFC3749 (requires zlib) 2012-07-03 13:30:23 +00:00
Paul Bakker 380da53c48 - Abstracted checksum updating during handshake 2012-04-18 16:10:25 +00:00
Paul Bakker ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker 10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker bf63b36127 - Updated comments 2012-04-12 20:44:34 +00:00
Paul Bakker 1ef83d66dd - Initial bare version of TLS 1.2 2012-04-11 12:09:53 +00:00
Paul Bakker fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00
Paul Bakker 1c70d409ad - Added better handling of missing session struct 2011-12-04 22:30:17 +00:00
Paul Bakker a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker 5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker 9d781407bc - A error_strerror function() has been added to translate between error codes and their description.
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker 23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker 99a03afc22 - Fixed possible uninitialized values 2011-04-01 11:39:39 +00:00
Paul Bakker 9dcc32236b - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21) 2011-03-08 14:16:06 +00:00
Paul Bakker e3166ce040 - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker 43b7e35b25 - Support for PKCS#11 through the use of the pkcs11-helper library 2011-01-18 15:27:19 +00:00
Paul Bakker 61c324bbdd - Enabled TLSv1.1 support in server as well 2010-07-29 21:09:03 +00:00
Paul Bakker b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker 84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker 77a43580da - Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites 2010-06-15 21:32:46 +00:00
Paul Bakker 2908713af1 - Corrected behaviour 2010-03-21 21:03:34 +00:00
Paul Bakker fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker 1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker 1f76115340 - Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() 2010-02-18 18:16:31 +00:00
Paul Bakker 77b385e91a - Updated copyright messages on all relevant files 2009-07-28 17:23:11 +00:00
Paul Bakker fc22c441bc - Renamed RSA_RAW to SIG_RSA_RAW for consistency in the code. 2009-07-19 20:36:27 +00:00
Paul Bakker 785a9eeece - Added email address to header license information 2009-01-25 14:15:10 +00:00
Paul Bakker 060c56871c - Fixed possible heap overflow in pkcs1_decrypt on data larger than output
buffer after padding. For instance the premaster decryption in
   ssl_parse_client_key_exchange() in ssl_serv.c (Thanks to Christophe
   Devine)
2009-01-12 21:48:39 +00:00
Paul Bakker b5ef0bada4 - Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL 2009-01-11 20:25:36 +00:00
Paul Bakker e0ccd0a7c3 - Updated Copyright notices 2009-01-04 16:27:10 +00:00
Paul Bakker 40e46940df - First replacement of xyssl by polarssl where needed 2009-01-03 21:51:57 +00:00
Paul Bakker 5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00