Commit graph

15 commits

Author SHA1 Message Date
Jouni Malinen
d2eb91e08f TLS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
efb40081ab TLS: Remove placeholders for SIGN_ALG_DSA support
It does not look likely that the old DSA design would be added into the
internal TLS implement, so remove this otherwise dead code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 15:45:16 +02:00
Jouni Malinen
65074a2a7c TLS: Add support for DHE-RSA cipher suites
This extends the internal TLS implementation to support DHE-RSA
cipher suites in both server and client roles.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 15:43:50 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
1622b331f6 TLS: Update file headers to include TLS v1.2 support
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:13:52 +02:00
Jouni Malinen
f0b1c5f7b3 TLS: Add TLS v1.2 style CertificateVerify functionality
Add support for generating and verifying RFC 3447 RSASSA-PKCS1-v1_5
style DigestInfo for TLS v1.2 CertificateVerify. For now, this is
hardcoded to only support SHA256-based digest.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:08:29 +02:00
Jouni Malinen
949b2e1f61 TLS: Add SHA256-based verify_data derivation for TLS v1.2
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:08:28 +02:00
Jouni Malinen
d0485a6208 TLS: Pass version to tls_prf() in preparation for new PRFs
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:35:11 +02:00
Jouni Malinen
5c47af9a7a TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
2011-09-25 17:24:46 +03:00
Jouni Malinen
3bff59f857 TLS: Do not enforce in-place processing in tlsv1_record_send()
In preparation for record layer format changes, modify
tlsv1_record_send() to use separate buffers for payload
and the output message.
2011-09-25 17:11:52 +03:00
Christian Lamparter
6fc34d9fe5 Increase internal TLSs client key exchange buffer
This patch fixes a problem I had when I tried to connect
an embedded system [wpa_supplicant, CONFIG_TLS=internal]
to my TLS secured network.

TLSv1: Send CertificateVerify
TLSv1: CertificateVerify hash - hexdump(len=36): ha .. ha
PKCS #1: pkcs1_generate_encryption_block - Invalid buffer lengths \
                        (modlen=512 outlen=454 inlen=36)

It turned out that a fixed 1000 byte message buffer was just
a little bit too small for the 4096 bit RSA certificates
I'm using.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2011-02-21 18:25:34 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
e77e0a8320 Include functionality to support EAP-FAST unconditionally
Clean up the internal TLS implementation by removing conditional
build blocks for (mostly) EAP-FAST specific functionality. This
will increase the size a big for non-EAP-FAST builds, but is quite
helpful in making src/tls/libtls.a with single build options. If
the potential size reduction is considered significant in the future,
this can be reconsider with a more library compatible way (e.g.,
external file with registration function, etc.).
2009-12-06 16:20:32 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00