Paul Bakker
61885c7f7f
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
...
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker
93389cc620
Remove const indicator
2014-04-17 14:44:38 +02:00
Manuel Pégourié-Gonnard
0408fd1fbb
Add extendedKeyUsage checking in SSL modules
2014-04-11 11:09:09 +02:00
Paul Bakker
d6ad8e949b
Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C
2014-04-09 17:24:14 +02:00
Paul Bakker
a77de8c841
Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off
2014-04-09 16:39:35 +02:00
Manuel Pégourié-Gonnard
a9db85df73
Add tests for keyUsage with client auth
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2
Check keyUsage in SSL client and server
2014-04-09 15:50:57 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f
Prevent potential NULL pointer dereference in ssl_read_record()
2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
7e250d4812
Add ALPN interface
2014-04-04 17:10:40 +02:00
Paul Bakker
77f4f39ea6
Make sure no random pointer occur during failed malloc()'s
2014-03-26 15:30:20 +01:00
Paul Bakker
91c61bc4fd
Further tightened the padlen check to prevent underflow / overflow
2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb
Fix possible buffer overflow with PSK
2014-03-26 12:58:50 +01:00
Paul Bakker
3d6504a935
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-03-17 13:41:51 +01:00
Manuel Pégourié-Gonnard
83cdffc437
Forbid sequence number wrapping
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff
Countermeasure against "triple handshake" attack
2014-03-13 19:25:06 +01:00
Paul Bakker
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
ab24010b54
Enforce our choice of allowed curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7f38ed0bfa
ssl_set_curves is no longer ECDHE only
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
ac7194133e
Renamings and other fixes
2014-02-06 10:28:38 +01:00
Gergely Budai
e40c469ad3
The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85
Rename ecdh_curve_list to curve_list
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563
Make ssl_set_ecdh_curves() a compile-time option
2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b
Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
7c59363a85
Remove a few dead stores
2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard
7cfdcb8c7f
Add a length check in ssl_derive_keys()
2014-01-22 12:56:22 +01:00
Paul Bakker
6992eb762c
Fixed potential overflow in certificate size in ssl_write_certificate()
2013-12-31 11:38:33 +01:00
Paul Bakker
956c9e063d
Reduced the input / output overhead with 200+ bytes and covered corner
...
case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Paul Bakker
1e5369c7fa
Variables in proper block or within proper defines in ssl_decrypt_buf()
2013-12-19 16:40:57 +01:00
Paul Bakker
fdf946928d
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
2013-12-17 13:10:27 +01:00
Paul Bakker
77e257e958
Fixed bad check for maximum size of fragment length index
2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f
Potential memory leak in ssl_ticket_keys_init()
2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
d18cc57962
Add client-side support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef
Fix SSLv3 handling of SHA-384 suites
...
Fixes memory corruption, introduced in
a5bdfcd
(Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Manuel Pégourié-Gonnard
dc953e8c41
Add missing defines/cases for RSA_PSK key exchange
2013-11-26 15:19:57 +01:00
Paul Bakker
08b028ff0f
Prevent unlikely NULL dereference
2013-11-19 10:42:37 +01:00
Paul Bakker
0333b978fa
Handshake key_cert should be set on first addition to the key_cert chain
2013-11-04 17:08:28 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Paul Bakker
37ce0ff185
Added defines around renegotiation code for SSL_SRV and SSL_CLI
2013-10-31 14:32:04 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7
Make ssl_renegotiate the only interface
...
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0
Allow ssl_renegotiate() to be called in a loop
...
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
e5e1bb972c
Fix misplaced initialisation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Paul Bakker
6edcd41c0a
Addition conditions for UEFI environment under MSVC
2013-10-29 15:44:13 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9
Fix bad error codes
2013-10-27 13:48:15 +01:00