Manuel Pégourié-Gonnard
|
313d796e80
|
Implement EtM
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
0098e7dc70
|
Preparation for EtM
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
699cafaea2
|
Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
ada3030485
|
Implement extended master secret
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
367381fddd
|
Add negotiation of Extended Master Secret
(But not the actual thing yet.)
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
1cbd39dbeb
|
Implement FALLBACK_SCSV client-side
|
2014-11-05 16:00:49 +01:00 |
|
Paul Bakker
|
82788fb63b
|
Fix minor style issues
|
2014-10-20 13:59:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
a13500fdf7
|
Fix bug with ssl_close_notify and non-blocking I/O
|
2014-08-19 16:14:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
f07f421759
|
Fix server-initiated renego with non-blocking I/O
|
2014-08-19 13:32:15 +02:00 |
|
Manuel Pégourié-Gonnard
|
6591962f06
|
Allow delay on renego on client
Currently unbounded: will be fixed later
|
2014-08-19 12:50:30 +02:00 |
|
Manuel Pégourié-Gonnard
|
f26a1e8602
|
ssl_read() stops returning non-application data
|
2014-08-19 12:28:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
55e4ff2ace
|
Tune comments
|
2014-08-19 11:52:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
8d4ad07706
|
SHA-2 ciphersuites now require TLS 1.x
|
2014-08-14 11:34:34 +02:00 |
|
Paul Bakker
|
968afaa06f
|
ssl_key_cert not available in all configurations
|
2014-07-09 11:34:48 +02:00 |
|
Paul Bakker
|
84bbeb58df
|
Adapt cipher and MD layer with _init() and _free()
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
accaffe2c3
|
Restructure ssl_handshake_init() and small fixes
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
8f870b047c
|
Add dhm_init()
|
2014-07-09 10:19:23 +02:00 |
|
Paul Bakker
|
5b4af39a36
|
Add _init() and _free() for hash modules
|
2014-07-09 10:19:23 +02:00 |
|
Paul Bakker
|
c7ea99af4f
|
Add _init() and _free() for cipher modules
|
2014-07-09 10:19:22 +02:00 |
|
Paul Bakker
|
8fb99abaac
|
Merge changes for leaner memory footprint
|
2014-07-04 15:02:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
481fcfde93
|
Make PSK_LEN configurable and adjust PMS size
|
2014-07-04 14:59:08 +02:00 |
|
Manuel Pégourié-Gonnard
|
a9964dbcd5
|
Add ssl_set_renegotiation_enforced()
|
2014-07-04 14:16:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
dd0c0f33c0
|
Better usage of dhm_calc_secret in SSL
|
2014-06-25 11:26:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
8df68632e8
|
Fix bug in DHE-PSK PMS computation
|
2014-06-25 11:26:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
03576887c2
|
Remove misplaced debugging message
|
2014-06-25 11:26:13 +02:00 |
|
Manuel Pégourié-Gonnard
|
eaa76f7e20
|
Fix computation of minlen for encrypted packets
|
2014-06-25 11:26:12 +02:00 |
|
Manuel Pégourié-Gonnard
|
e800cd81d7
|
Re-arrange some code in ssl_derive_keys()
|
2014-06-25 11:26:11 +02:00 |
|
Manuel Pégourié-Gonnard
|
0bcc4e1df7
|
Fix length checking for AEAD ciphersuites
|
2014-06-25 11:26:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
4d2a8eb6ff
|
SSL modules now using x509_crt_parse_der()
Avoid uselessly trying to decode PEM.
|
2014-06-23 11:54:57 +02:00 |
|
Paul Bakker
|
66d5d076f7
|
Fix formatting in various code to match spacing from coding style
|
2014-06-17 17:06:47 +02:00 |
|
Paul Bakker
|
d8bb82665e
|
Fix code styling for return statements
|
2014-06-17 14:06:49 +02:00 |
|
Paul Bakker
|
3461772559
|
Introduce polarssl_zeroize() instead of memset() for zeroization
|
2014-06-14 16:46:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
7792198a46
|
Normalize some error messages
|
2014-06-12 21:15:44 +02:00 |
|
Peter Vaskovic
|
c2bbac968b
|
Fix misplaced parenthesis.
|
2014-05-28 11:06:31 +02:00 |
|
Paul Bakker
|
b5212b436f
|
Merge CCM cipher mode and ciphersuites
Conflicts:
library/ssl_tls.c
|
2014-05-22 15:30:31 +02:00 |
|
Manuel Pégourié-Gonnard
|
8ff17c544c
|
Add missing DEBUG_RET on cipher failures
|
2014-05-22 13:52:48 +02:00 |
|
Manuel Pégourié-Gonnard
|
61edffef28
|
Normalize "should never happen" messages/errors
|
2014-05-22 13:52:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
2e5ee32033
|
Implement CCM and CCM_8 ciphersuites
|
2014-05-20 16:29:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
5efd772ef0
|
Small readability improvement
|
2014-05-14 14:10:37 +02:00 |
|
Manuel Pégourié-Gonnard
|
de7bb44004
|
Use cipher_auth_{en,de}crypt() in ssl_tls.c
|
2014-05-14 14:10:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
8764d271fa
|
Use cipher_crypt() in ssl_tls.c
|
2014-05-14 14:10:36 +02:00 |
|
Paul Bakker
|
b9e4e2c97a
|
Fix formatting: fix some 'easy' > 80 length lines
|
2014-05-01 14:18:25 +02:00 |
|
Paul Bakker
|
9af723cee7
|
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
|
2014-05-01 13:03:14 +02:00 |
|
Paul Bakker
|
2a024ac86a
|
Merge dependency fixes
|
2014-04-30 16:50:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
cef4ad2509
|
Adapt sources to configurable config.h name
|
2014-04-30 16:40:20 +02:00 |
|
Paul Bakker
|
1a1fbba1ae
|
Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
|
2014-04-30 14:48:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
3a306b9067
|
Fix misplaced #endif in ssl_tls.c
|
2014-04-29 15:11:17 +02:00 |
|
Paul Bakker
|
61885c7f7f
|
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
|
2014-04-25 12:59:51 +02:00 |
|
Paul Bakker
|
93389cc620
|
Remove const indicator
|
2014-04-17 14:44:38 +02:00 |
|
Manuel Pégourié-Gonnard
|
0408fd1fbb
|
Add extendedKeyUsage checking in SSL modules
|
2014-04-11 11:09:09 +02:00 |
|