Paul Bakker
f3561154ff
Merge support for 1/n-1 record splitting
2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96
Add memory_buffer_alloc_self_test()
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
5cb4b31057
Fix missing bound check
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
448ea506bf
Set min version to TLS 1.0 in programs
2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e
Specific error for suites in common but none good
2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
cfa477ef2f
Allow disabling record splitting at runtime
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d76314c44c
Add 1/n-1 record splitting
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
edd371a82c
Enhance doc on ssl_write()
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d94232389e
Skip signature_algorithms ext if PSK only
2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
837f0fe831
Make renego period configurable
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
037170465a
Switch from an enable to a disable flag
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
6186019d5d
Save 48 bytes if SSLv3 is not defined
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
9439f93ea4
Use pk_load_file() in X509
...
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
cb7da352fd
Fix typo in #ifdef
...
Since length is checked afterwards anyway, no security risk here
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
150c4f62f1
Clarify documentation a bit
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
3e9449350c
Fix comment on resumption
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
6b298e6cc1
Update comment from draft to RFC
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
d16d1cb96a
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
fd6c85c3eb
Set a compile-time limit to X.509 chain length
2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard
426d4ae7ff
Split x509_crl_parse_der() out of x509_crl_parse()
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
70bdadf54b
Add pk_check_pair()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d
Add ecp_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
e10e06d863
Blind RSA operations even without CRT
2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard
d056ce0e3e
Use seq_num as AEAD nonce by default
2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
769c6b6351
Make session-hash depend on TLS versions
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
01b2699198
Implement FALLBACK_SCSV server-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Paul Bakker
f2a459df05
Preparation for PolarSSL 1.4.0
2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
ef88e68188
Deprecate ssl_set_bio()
2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
df3acd82e2
Limit HelloRequest retransmission if not enforced
2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
8e704f0f74
DTLS depends on TIMING_C for now
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
b0643d152d
Add ssl_set_dtls_badmac_limit()
2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
9b35f18f66
Add ssl_get_record_expansion()
2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
a6fcffe516
Add warnings about disabling replay detection
2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
37e08e1689
Fix max_fragment_length with DTLS
2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
2707430a4d
Fix types and comments about read_timeout
2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
6c1fa3a184
Fix misplaced initialisation of timeout
2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
c8d8e97cbd
Move to milliseconds in recv_timeout()
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
905dd2425c
Add ssl_set_handshake_timeout()
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
0ac247fd88
Implement timeout back-off (fixed range for now)
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
579950c2bb
Fix bug with non-blocking I/O and cookies
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
db2858ce96
Preparation for timers
...
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
23b7b703aa
Fix issue with renego & resend
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
8464a46b6b
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
7a7e140d4e
Add functions for replay protection
2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
ffa67be698
Infrastructure for buffering & resending flights
2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
57fa314412
Fix depend documentation
2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
9d9b003a9a
Add net_recv_timeout()
2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
8fa6dfd560
Introduce f_recv_timeout callback
2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard
e6bdc4497c
Merge I/O contexts into one
2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard
624bcb5260
No memmove: done, rm temporary things
2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
9d1d7196e4
Check length before reading handshake header
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
d9ba0d96b6
Prepare for checking incoming handshake seqnum
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
562eb787ec
Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
bef8f09899
Make cookie timeout configurable
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
e90308178f
Add timestamp/serial to cookies, with timeout
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
7d38d215b1
Allow disabling HelloVerifyRequest
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d7f9bc5091
Refactor cookie to prepare for external callbacks
...
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
43c021874d
Add ssl_set_client_transport_id()
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
2c9ee81f6e
Start adding srv support for hello verify request
...
Dummy fixed content for now.
Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
b2f3be8757
Support multiple records in one datagram
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
34c1011b3d
Fix a few warnings in reduced configs
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
fe98aceb70
Adapt ssl_fetch_input() for UDP
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
e89bcf05da
Write new DTLS handshake fields correctly
2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard
0619348288
Add explicit counter in DTLS record header
2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
7ee6f0e6e5
Preparation: allow {in,out}_ctr != {in,out}_buf
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
b21ca2a69f
Adapt version-handling functions to DTLS
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
d66645130c
Add a ciphersuite NODTLS flag
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
0b1ff29328
Add basic flags for DTLS
2014-10-21 16:30:03 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard
da1b4de0e4
Increase MPI_MAX_BYTES to allow RSA 8192
2014-10-15 22:06:46 +02:00
Paul Bakker
9e4ff953de
Clarified len parameter of ssl_read()
2014-09-24 11:13:11 +02:00
Sander Niemeijer
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard
55e4ff2ace
Tune comments
2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
Paul Bakker
accaffe2c3
Restructure ssl_handshake_init() and small fixes
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
8f870b047c
Add dhm_init()
2014-07-09 10:19:23 +02:00
Paul Bakker
fff0366bba
Add ctr_drbg_free()
2014-07-09 10:19:23 +02:00
Paul Bakker
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
Paul Bakker
c7ea99af4f
Add _init() and _free() for cipher modules
2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f
Change selection of hash algorithm for TLS 1.2
2014-07-08 14:20:26 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
dfc7df0bec
Add SSL_CIPHERSUITES config option
2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard
a9964dbcd5
Add ssl_set_renegotiation_enforced()
2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard
c27807dd1e
Make SSL_BUFFER_LEN overhead depend more on config
2014-06-30 17:27:49 +02:00
Paul Bakker
237a847f1c
Fix typos in comments
2014-06-25 14:45:24 +02:00
Manuel Pégourié-Gonnard
d543a582bf
Clarify padding questions in the PK documentation
2014-06-25 14:04:36 +02:00
Manuel Pégourié-Gonnard
2361746452
Try to clarify ECDH interface documentation
2014-06-25 13:55:10 +02:00
Manuel Pégourié-Gonnard
5af0e5b194
Document in-out param of dhm_calc_secret()
2014-06-25 13:03:50 +02:00
Manuel Pégourié-Gonnard
bf31977c42
Update BIGNUM_C comments
2014-06-25 13:00:17 +02:00
Manuel Pégourié-Gonnard
3926a2cc64
Clarify mpi_write_binary()'s doc.
2014-06-25 12:57:47 +02:00
Manuel Pégourié-Gonnard
dc16aa7eac
Improve comments on POLARSSL_ERROR_STRERROR_DUMMY
2014-06-25 12:55:12 +02:00
Manuel Pégourié-Gonnard
01edb1044c
Add POLARSSL_REMOVE_RC4_CIPHERSUITES
2014-06-25 11:27:59 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
3135725670
Disable broken Sparc64 bn_mul assembly
2014-06-25 11:26:15 +02:00
Manuel Pégourié-Gonnard
acbcbba860
Fix asm format of bn_mul.h for more portability
...
Found by Barry K. Nathan.
Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html :
"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-06-25 11:26:13 +02:00
Barry K. Nathan
35e7cb9aa6
Fix preprocessor checks for bn_mul PPC asm
...
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
f4e1b64517
Fix comments about X.509 versions
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
08485cca81
Fix SSL_BUFFER_LEN
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
8f625632bb
Fix dependencies: GCM != AEAD != CCM
2014-06-24 15:26:28 +02:00
Paul Bakker
1c98ff96b5
Merge more test improvements and tests
...
Conflicts:
tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Manuel Pégourié-Gonnard
f3b47243df
Split x509_csr_parse_der() out of x509_csr_parse()
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
d77cd5d0c3
Add tests for x509_csr_parse
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
81754a0c35
Create a 'flags' field in cipher_info
2014-06-23 11:33:18 +02:00
Paul Bakker
db20c10423
Add #endif comments for #endif more than 10 lines from #if / #else
2014-06-17 14:34:44 +02:00
Paul Bakker
c2ff2083ee
Merge parsing and verification of RSASSA-PSS in X.509 modules
2014-06-12 22:02:47 +02:00
Paul Bakker
6dade7c053
Fix typos and spacing
2014-06-12 22:02:14 +02:00
Paul Bakker
508e573231
Merge tests for asn1write, XTEA and Entropy modules
2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard
c7c56b2e82
Add more tests for the entropy module
2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard
4dd73925ab
Add entropy_self_test()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
d1539b1e88
Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT
2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard
bf696d030b
Make sig_opts non-optional in X509 structures
...
This simplifies the code.
2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
dddbb1d1eb
Rm sig_params from various X509 structures
2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
9113603b6b
Use sig_opts in x509_sig_alg_gets()
2014-06-05 15:41:39 +02:00