Commit graph

1132 commits

Author SHA1 Message Date
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard 5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard 5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard cfa477ef2f Allow disabling record splitting at runtime 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard edd371a82c Enhance doc on ssl_write() 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard 837f0fe831 Make renego period configurable 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 037170465a Switch from an enable to a disable flag 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 9439f93ea4 Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard cb7da352fd Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard 150c4f62f1 Clarify documentation a bit 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard 3e9449350c Fix comment on resumption 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard 6b298e6cc1 Update comment from draft to RFC 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard d16d1cb96a Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard 426d4ae7ff Split x509_crl_parse_der() out of x509_crl_parse() 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard e10e06d863 Blind RSA operations even without CRT 2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard 56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard 769c6b6351 Make session-hash depend on TLS versions 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Paul Bakker f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard ef88e68188 Deprecate ssl_set_bio() 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard df3acd82e2 Limit HelloRequest retransmission if not enforced 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard 8e704f0f74 DTLS depends on TIMING_C for now 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard b0643d152d Add ssl_set_dtls_badmac_limit() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard 9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard a6fcffe516 Add warnings about disabling replay detection 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 2707430a4d Fix types and comments about read_timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard 6c1fa3a184 Fix misplaced initialisation of timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard c8d8e97cbd Move to milliseconds in recv_timeout() 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard 905dd2425c Add ssl_set_handshake_timeout() 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard 0ac247fd88 Implement timeout back-off (fixed range for now) 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard 579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard 7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard db2858ce96 Preparation for timers
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard 23b7b703aa Fix issue with renego & resend 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 8464a46b6b Make DTLS_ANTI_REPLAY depends on PROTO_DTLS 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 7a7e140d4e Add functions for replay protection 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard 5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard ffa67be698 Infrastructure for buffering & resending flights 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard 57fa314412 Fix depend documentation 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard 9d9b003a9a Add net_recv_timeout() 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard 8fa6dfd560 Introduce f_recv_timeout callback 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard e6bdc4497c Merge I/O contexts into one 2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard 624bcb5260 No memmove: done, rm temporary things 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard 9d1d7196e4 Check length before reading handshake header 2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard d9ba0d96b6 Prepare for checking incoming handshake seqnum 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard 64dffc5d14 Make handshake reassembly work with openssl 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard 502bf30fb5 Handle reassembly of handshake messages
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.

Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard 562eb787ec Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard bef8f09899 Make cookie timeout configurable 2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard e90308178f Add timestamp/serial to cookies, with timeout 2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard a64acd4f84 Add separate SSL_COOKIE_C define 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard 7d38d215b1 Allow disabling HelloVerifyRequest 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard 232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard d7f9bc5091 Refactor cookie to prepare for external callbacks
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 43c021874d Add ssl_set_client_transport_id() 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard 2c9ee81f6e Start adding srv support for hello verify request
Dummy fixed content for now.

Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard a0e1632b79 Do not use compression with DTLS 2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard 67427c07b2 Fix checksum computation with HelloVerifyRequest 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 74848811b4 Implement HelloVerifyRequest on client 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard b2f3be8757 Support multiple records in one datagram 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard 34c1011b3d Fix a few warnings in reduced configs 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard fe98aceb70 Adapt ssl_fetch_input() for UDP 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard f5a1312eaa Add UDP support to the NET module 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard e89bcf05da Write new DTLS handshake fields correctly 2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard 0619348288 Add explicit counter in DTLS record header 2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard 7ee6f0e6e5 Preparation: allow {in,out}_ctr != {in,out}_buf 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard abc7e3b4ba Handle DTLS version encoding and fix some checks 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard 864a81fdc0 More ssl_set_XXX() functions can return BAD_INPUT 2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard b21ca2a69f Adapt version-handling functions to DTLS 2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard d66645130c Add a ciphersuite NODTLS flag 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard 0b1ff29328 Add basic flags for DTLS 2014-10-21 16:30:03 +02:00
Paul Bakker 9eac4f7c4e Prepare for release 1.3.9 2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Paul Bakker 9e4ff953de Clarified len parameter of ssl_read() 2014-09-24 11:13:11 +02:00
Sander Niemeijer ef5087d150 Added explicit casts to prevent compiler warnings when trying to build for iOS 2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard 44ade654c5 Implement (partial) renego delay on client 2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard 6591962f06 Allow delay on renego on client
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard 55e4ff2ace Tune comments 2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard 8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Paul Bakker 8dcb2d7d7e Support escaping of commas in x509_string_to_names() 2014-08-11 11:59:52 +02:00
Paul Bakker ec3a617d40 Make ready for release of 1.3.8 and soversion 7 2014-07-09 10:21:28 +02:00
Paul Bakker 84bbeb58df Adapt cipher and MD layer with _init() and _free() 2014-07-09 10:19:24 +02:00
Paul Bakker accaffe2c3 Restructure ssl_handshake_init() and small fixes 2014-07-09 10:19:24 +02:00
Paul Bakker a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker 8f870b047c Add dhm_init() 2014-07-09 10:19:23 +02:00
Paul Bakker fff0366bba Add ctr_drbg_free() 2014-07-09 10:19:23 +02:00
Paul Bakker 5b4af39a36 Add _init() and _free() for hash modules 2014-07-09 10:19:23 +02:00
Paul Bakker c7ea99af4f Add _init() and _free() for cipher modules 2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard 08e81e0c8f Change selection of hash algorithm for TLS 1.2 2014-07-08 14:20:26 +02:00
Paul Bakker 8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard 481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard dfc7df0bec Add SSL_CIPHERSUITES config option 2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard a9964dbcd5 Add ssl_set_renegotiation_enforced() 2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard c27807dd1e Make SSL_BUFFER_LEN overhead depend more on config 2014-06-30 17:27:49 +02:00
Paul Bakker 237a847f1c Fix typos in comments 2014-06-25 14:45:24 +02:00
Manuel Pégourié-Gonnard d543a582bf Clarify padding questions in the PK documentation 2014-06-25 14:04:36 +02:00
Manuel Pégourié-Gonnard 2361746452 Try to clarify ECDH interface documentation 2014-06-25 13:55:10 +02:00
Manuel Pégourié-Gonnard 5af0e5b194 Document in-out param of dhm_calc_secret() 2014-06-25 13:03:50 +02:00
Manuel Pégourié-Gonnard bf31977c42 Update BIGNUM_C comments 2014-06-25 13:00:17 +02:00
Manuel Pégourié-Gonnard 3926a2cc64 Clarify mpi_write_binary()'s doc. 2014-06-25 12:57:47 +02:00
Manuel Pégourié-Gonnard dc16aa7eac Improve comments on POLARSSL_ERROR_STRERROR_DUMMY 2014-06-25 12:55:12 +02:00
Manuel Pégourié-Gonnard 01edb1044c Add POLARSSL_REMOVE_RC4_CIPHERSUITES 2014-06-25 11:27:59 +02:00
Paul Bakker 2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard 3135725670 Disable broken Sparc64 bn_mul assembly 2014-06-25 11:26:15 +02:00
Manuel Pégourié-Gonnard acbcbba860 Fix asm format of bn_mul.h for more portability
Found by Barry K. Nathan.

Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html:

"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-06-25 11:26:13 +02:00
Barry K. Nathan 35e7cb9aa6 Fix preprocessor checks for bn_mul PPC asm
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard f4e1b64517 Fix comments about X.509 versions 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard 08485cca81 Fix SSL_BUFFER_LEN 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard 8f625632bb Fix dependencies: GCM != AEAD != CCM 2014-06-24 15:26:28 +02:00
Paul Bakker 1c98ff96b5 Merge more test improvements and tests
Conflicts:
	tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Manuel Pégourié-Gonnard f3b47243df Split x509_csr_parse_der() out of x509_csr_parse() 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard d77cd5d0c3 Add tests for x509_csr_parse 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard 81754a0c35 Create a 'flags' field in cipher_info 2014-06-23 11:33:18 +02:00
Paul Bakker db20c10423 Add #endif comments for #endif more than 10 lines from #if / #else 2014-06-17 14:34:44 +02:00
Paul Bakker c2ff2083ee Merge parsing and verification of RSASSA-PSS in X.509 modules 2014-06-12 22:02:47 +02:00
Paul Bakker 6dade7c053 Fix typos and spacing 2014-06-12 22:02:14 +02:00
Paul Bakker 508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard c7c56b2e82 Add more tests for the entropy module 2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard 4dd73925ab Add entropy_self_test() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard d1539b1e88 Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT 2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard bf696d030b Make sig_opts non-optional in X509 structures
This simplifies the code.
2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard dddbb1d1eb Rm sig_params from various X509 structures 2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard 9113603b6b Use sig_opts in x509_sig_alg_gets() 2014-06-05 15:41:39 +02:00