Commit graph

271 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 27e3edbe2c Check key/cert pair in ssl_set_own_cert() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00
Paul Bakker 82788fb63b Fix minor style issues 2014-10-20 13:59:19 +02:00
Manuel Pégourié-Gonnard a13500fdf7 Fix bug with ssl_close_notify and non-blocking I/O 2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard f07f421759 Fix server-initiated renego with non-blocking I/O 2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard 6591962f06 Allow delay on renego on client
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard f26a1e8602 ssl_read() stops returning non-application data 2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard 55e4ff2ace Tune comments 2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard 8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Paul Bakker 968afaa06f ssl_key_cert not available in all configurations 2014-07-09 11:34:48 +02:00
Paul Bakker 84bbeb58df Adapt cipher and MD layer with _init() and _free() 2014-07-09 10:19:24 +02:00
Paul Bakker accaffe2c3 Restructure ssl_handshake_init() and small fixes 2014-07-09 10:19:24 +02:00
Paul Bakker 8f870b047c Add dhm_init() 2014-07-09 10:19:23 +02:00
Paul Bakker 5b4af39a36 Add _init() and _free() for hash modules 2014-07-09 10:19:23 +02:00
Paul Bakker c7ea99af4f Add _init() and _free() for cipher modules 2014-07-09 10:19:22 +02:00
Paul Bakker 8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard 481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard a9964dbcd5 Add ssl_set_renegotiation_enforced() 2014-07-04 14:16:07 +02:00
Manuel Pégourié-Gonnard dd0c0f33c0 Better usage of dhm_calc_secret in SSL 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard 8df68632e8 Fix bug in DHE-PSK PMS computation 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard 03576887c2 Remove misplaced debugging message 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard eaa76f7e20 Fix computation of minlen for encrypted packets 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard e800cd81d7 Re-arrange some code in ssl_derive_keys() 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard 0bcc4e1df7 Fix length checking for AEAD ciphersuites 2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard 4d2a8eb6ff SSL modules now using x509_crt_parse_der()
Avoid uselessly trying to decode PEM.
2014-06-23 11:54:57 +02:00
Paul Bakker 66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker d8bb82665e Fix code styling for return statements 2014-06-17 14:06:49 +02:00
Paul Bakker 3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard 7792198a46 Normalize some error messages 2014-06-12 21:15:44 +02:00
Peter Vaskovic c2bbac968b Fix misplaced parenthesis. 2014-05-28 11:06:31 +02:00
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Manuel Pégourié-Gonnard 8ff17c544c Add missing DEBUG_RET on cipher failures 2014-05-22 13:52:48 +02:00
Manuel Pégourié-Gonnard 61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Manuel Pégourié-Gonnard 2e5ee32033 Implement CCM and CCM_8 ciphersuites 2014-05-20 16:29:34 +02:00
Manuel Pégourié-Gonnard 5efd772ef0 Small readability improvement 2014-05-14 14:10:37 +02:00
Manuel Pégourié-Gonnard de7bb44004 Use cipher_auth_{en,de}crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard 8764d271fa Use cipher_crypt() in ssl_tls.c 2014-05-14 14:10:36 +02:00
Paul Bakker b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker 9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Paul Bakker 2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker 1a1fbba1ae Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-04-30 14:48:51 +02:00
Manuel Pégourié-Gonnard 3a306b9067 Fix misplaced #endif in ssl_tls.c 2014-04-29 15:11:17 +02:00
Paul Bakker 61885c7f7f Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker 93389cc620 Remove const indicator 2014-04-17 14:44:38 +02:00
Manuel Pégourié-Gonnard 0408fd1fbb Add extendedKeyUsage checking in SSL modules 2014-04-11 11:09:09 +02:00
Paul Bakker d6ad8e949b Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C 2014-04-09 17:24:14 +02:00
Paul Bakker a77de8c841 Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off 2014-04-09 16:39:35 +02:00
Manuel Pégourié-Gonnard a9db85df73 Add tests for keyUsage with client auth 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 7f2a07d7b2 Check keyUsage in SSL client and server 2014-04-09 15:50:57 +02:00