Manuel Pégourié-Gonnard
|
08e81e0c8f
|
Change selection of hash algorithm for TLS 1.2
|
2014-07-08 14:20:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
dd0c0f33c0
|
Better usage of dhm_calc_secret in SSL
|
2014-06-25 11:26:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
4d2a8eb6ff
|
SSL modules now using x509_crt_parse_der()
Avoid uselessly trying to decode PEM.
|
2014-06-23 11:54:57 +02:00 |
|
Paul Bakker
|
66d5d076f7
|
Fix formatting in various code to match spacing from coding style
|
2014-06-17 17:06:47 +02:00 |
|
Paul Bakker
|
db20c10423
|
Add #endif comments for #endif more than 10 lines from #if / #else
|
2014-06-17 14:34:44 +02:00 |
|
Paul Bakker
|
3461772559
|
Introduce polarssl_zeroize() instead of memset() for zeroization
|
2014-06-14 16:46:03 +02:00 |
|
Paul Bakker
|
14877e6250
|
Remove unused 'ret' variable
|
2014-06-12 23:01:18 +02:00 |
|
Paul Bakker
|
14b16c62e9
|
Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker)
Move strlen out of for loop.
Remove redundant null checks before free.
|
2014-05-28 11:34:33 +02:00 |
|
Paul Bakker
|
0f651c7422
|
Stricter check on SSL ClientHello internal sizes compared to actual packet size
|
2014-05-22 15:12:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
61edffef28
|
Normalize "should never happen" messages/errors
|
2014-05-22 13:52:47 +02:00 |
|
Paul Bakker
|
b9e4e2c97a
|
Fix formatting: fix some 'easy' > 80 length lines
|
2014-05-01 14:18:25 +02:00 |
|
Paul Bakker
|
9af723cee7
|
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
|
2014-05-01 13:03:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
cef4ad2509
|
Adapt sources to configurable config.h name
|
2014-04-30 16:40:20 +02:00 |
|
Paul Bakker
|
a70366317d
|
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
|
2014-04-30 10:16:16 +02:00 |
|
Paul Bakker
|
c70e425a73
|
Only iterate over actual certificates in ssl_write_certificate_request()
|
2014-04-18 13:50:19 +02:00 |
|
Paul Bakker
|
4f42c11846
|
Remove arbitrary maximum length for cipher_list and content length
|
2014-04-17 15:37:39 +02:00 |
|
Paul Bakker
|
d893aef867
|
Force default value to curve parameter
|
2014-04-17 14:45:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
7f2a07d7b2
|
Check keyUsage in SSL client and server
|
2014-04-09 15:50:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
f6521de17b
|
Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
|
2014-04-07 12:42:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
89e35798ae
|
Implement ALPN server-side
|
2014-04-07 12:26:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
969ccc6289
|
Fix length checking of various ClientKeyExchange's
|
2014-03-27 21:10:56 +01:00 |
|
Manuel Pégourié-Gonnard
|
b2bf5a1bbb
|
Fix possible buffer overflow with PSK
|
2014-03-26 12:58:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
d701c9aec9
|
Fix memory leak in server with expired tickets
|
2014-03-14 08:41:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
145dfcbfc2
|
Fix bug with NewSessionTicket and non-blocking I/O
|
2014-03-14 08:41:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
96ea2f2557
|
Add tests for SNI
|
2014-03-14 08:41:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
8520dac292
|
Add tests for auth_mode
|
2014-03-14 08:41:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
f7c52014ec
|
Add basic tests for session resumption
|
2014-03-14 08:41:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
6b1e207081
|
Fix verion-major intolerance
|
2014-02-12 10:14:54 +01:00 |
|
Paul Bakker
|
7dc4c44267
|
Library files moved to use platform layer
|
2014-02-06 13:20:16 +01:00 |
|
Manuel Pégourié-Gonnard
|
f6dc5e1d16
|
Remove temporary debug code
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
c3f6b62ccc
|
Print curve name instead of size in debugging
Also refactor server-side curve selection
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
de05390c85
|
Rename ecdh_curve_list to curve_list
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
5de2580563
|
Make ssl_set_ecdh_curves() a compile-time option
|
2014-02-06 10:28:38 +01:00 |
|
Gergely Budai
|
987bfb510b
|
Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.
|
2014-02-06 10:28:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
5538970d32
|
Add server support for ECDH key exchanges
|
2013-12-17 11:32:31 +01:00 |
|
Manuel Pégourié-Gonnard
|
1a9f2c7245
|
Add option to respect client ciphersuite order
|
2013-11-30 18:30:06 +01:00 |
|
Manuel Pégourié-Gonnard
|
011a8db2e7
|
Complete refactoring of ciphersuite choosing
|
2013-11-30 18:11:07 +01:00 |
|
Manuel Pégourié-Gonnard
|
3252560e68
|
Move some functions up
|
2013-11-30 17:50:32 +01:00 |
|
Manuel Pégourié-Gonnard
|
59b81d73b4
|
Refactor ciphersuite selection for version > 2
|
2013-11-30 17:46:04 +01:00 |
|
Manuel Pégourié-Gonnard
|
da1ff38715
|
Don't accept CertificateRequest with PSK suites
|
2013-11-26 15:19:57 +01:00 |
|
Manuel Pégourié-Gonnard
|
dc953e8c41
|
Add missing defines/cases for RSA_PSK key exchange
|
2013-11-26 15:19:57 +01:00 |
|
Paul Bakker
|
a9a028ebd0
|
SSL now gracefully handles missing RNG
|
2013-11-21 17:31:06 +01:00 |
|
Manuel Pégourié-Gonnard
|
31ff1d2e4f
|
Safer buffer comparisons in the SSL modules
|
2013-10-31 14:23:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
21ef42f257
|
Don't select a PSK ciphersuite if no key available
|
2013-10-28 14:00:45 +01:00 |
|
Paul Bakker
|
45a2c8d99a
|
Prevent possible alignment warnings on casting from char * to 'aligned *'
|
2013-10-28 12:57:08 +01:00 |
|
Paul Bakker
|
677377f472
|
Server does not send out extensions not advertised by client
|
2013-10-28 12:54:26 +01:00 |
|
Paul Bakker
|
f34673e37b
|
Merged RSA-PSK key-exchange and ciphersuites
|
2013-10-15 12:46:41 +02:00 |
|
Paul Bakker
|
376e8153a0
|
Merged ECDHE-PSK ciphersuites
|
2013-10-15 12:45:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
bac0e3b7d2
|
Dependency fixes
|
2013-10-15 11:54:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
09258b9537
|
Refactor parse_server_key_exchange a bit
|
2013-10-15 11:19:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
8a3c64d73f
|
Fix and simplify *-PSK ifdef's
|
2013-10-14 19:54:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
0fae60bb71
|
Implement RSA-PSK key exchange
|
2013-10-14 19:34:48 +02:00 |
|
Paul Bakker
|
b9cfaa0c7f
|
Explicit conversions and minor changes to prevent MSVC compiler warnings
|
2013-10-14 15:50:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
1b62c7f93d
|
Fix dependencies and related issues
|
2013-10-14 14:02:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
bd1ae24449
|
Factor PSK pms computation to ssl_tls.c
|
2013-10-14 13:17:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
b59d699a65
|
Fix bugs in ECDHE_PSK key exchange
|
2013-10-14 12:00:45 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ce3bbdc00
|
Add support for ECDHE_PSK key exchange
|
2013-10-11 18:16:35 +02:00 |
|
Paul Bakker
|
beccd9f226
|
Explicit void pointer cast for buggy MS compiler
|
2013-10-11 15:20:27 +02:00 |
|
Paul Bakker
|
caa3af47c0
|
Handle missing curve extension correctly in ssl_parse_client_hello()
|
2013-09-28 11:08:43 +02:00 |
|
Manuel Pégourié-Gonnard
|
8372454615
|
Rework SNI to fix memory issues
|
2013-09-24 22:30:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
705fcca409
|
Adapt support for SNI to recent changes
|
2013-09-24 21:25:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
d09453c88c
|
Check our ECDSA cert(s) against supported curves
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
f24b4a7316
|
Interface change in ECP info functions
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ebb2cdb52
|
Add support for multiple server certificates
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
834ea8587f
|
Change internal structs for multi-cert support
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
164d894b9a
|
Fix: session start time wasn't set server side
|
2013-09-23 23:00:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
1a483833b3
|
SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
|
2013-09-20 12:29:15 +02:00 |
|
Manuel Pégourié-Gonnard
|
34ced2dffe
|
Fix mis-sized buffer
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
|
2013-09-20 11:37:39 +02:00 |
|
Manuel Pégourié-Gonnard
|
a7496f00ff
|
Fix a few more warnings in small configurations
|
2013-09-20 11:29:59 +02:00 |
|
Paul Bakker
|
6db455e6e3
|
PSK callback added to SSL server
|
2013-09-18 21:14:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
a310459f5c
|
Fix a few things that broke with RSA compiled out
|
2013-09-18 15:37:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
51451f8d26
|
Replace EC flag with ssl_ciphersuite_uses_ec()
|
2013-09-18 14:35:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
15d5de1969
|
Simplify usage of DHM blinding
|
2013-09-18 14:35:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
568c9cf878
|
Add ecp_supported_curves and simplify some code
|
2013-09-18 14:34:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
7038039f2e
|
Dissociate TLS and internal EC curve identifiers
Allows to add new curves before they get a TLS number
|
2013-09-18 14:34:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
a97c015f89
|
Rm useless/wrong DHM lenght test
|
2013-09-18 14:34:33 +02:00 |
|
Paul Bakker
|
b6b0956631
|
Rm of memset instead of x509_crt_init()
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
c559c7a680
|
Renamed x509_cert structure to x509_crt for consistency
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
ddf26b4e38
|
Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
|
2013-09-18 13:46:23 +02:00 |
|
Paul Bakker
|
7c6b2c320e
|
Split up X509 files into smaller modules
|
2013-09-16 21:41:54 +02:00 |
|
Paul Bakker
|
2292d1fad0
|
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
|
2013-09-15 17:06:49 +02:00 |
|
Paul Bakker
|
c0dcf0ceb1
|
Merged blinding additions for EC, RSA and DHM into development
|
2013-09-10 14:44:27 +02:00 |
|
Manuel Pégourié-Gonnard
|
9f5a3c4a0a
|
Fix possible memory error.
|
2013-09-08 20:08:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
032c34e206
|
Don't use DH blinding for ephemeral DH
|
2013-09-07 13:06:27 +02:00 |
|
Manuel Pégourié-Gonnard
|
2d627649bf
|
Change dhm_calc_secret() prototype
|
2013-09-04 14:22:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
e09d2f8261
|
Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
|
2013-09-02 14:29:09 +02:00 |
|
Paul Bakker
|
9659dae046
|
Some extra code defined out
|
2013-08-28 16:21:34 +02:00 |
|
Paul Bakker
|
577e006c2f
|
Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
|
2013-08-28 11:58:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
9cc6f5c61b
|
Fix some hash debugging
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
4bd1284f59
|
Fix ECDSA hash selection bug with TLS 1.0 and 1.1
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
e511ffca50
|
Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
f484282e96
|
Rm a few unneeded tests
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
d11eb7c789
|
Fix sig_alg extension on client.
Temporary solution on server.
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
bfe32efb9b
|
pk_{sign,verify}() now accept hash_len = 0
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
a20c58c6f1
|
Use convert functions for SSL_SIG_* and SSL_HASH_*
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
0d42049440
|
Merge code for RSA and ECDSA in SSL
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
070cc7fd21
|
Use the new PK RSA-alt interface
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
a2d3f22007
|
Add and use pk_encrypt(), pk_decrypt()
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
8df2769178
|
Introduce pk_sign() and use it in ssl
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
583b608401
|
Fix some return values
|
2013-08-27 22:21:20 +02:00 |
|