Paul Bakker
|
08b028ff0f
|
Prevent unlikely NULL dereference
|
2013-11-19 10:42:37 +01:00 |
|
Paul Bakker
|
0333b978fa
|
Handshake key_cert should be set on first addition to the key_cert chain
|
2013-11-04 17:08:28 +01:00 |
|
Paul Bakker
|
993e386a73
|
Merged renegotiation refactoring
|
2013-10-31 14:32:38 +01:00 |
|
Paul Bakker
|
37ce0ff185
|
Added defines around renegotiation code for SSL_SRV and SSL_CLI
|
2013-10-31 14:32:04 +01:00 |
|
Manuel Pégourié-Gonnard
|
31ff1d2e4f
|
Safer buffer comparisons in the SSL modules
|
2013-10-31 14:23:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
6d8404d6ba
|
Server: enforce renegotiation
|
2013-10-30 16:48:10 +01:00 |
|
Manuel Pégourié-Gonnard
|
9c1e1898b6
|
Move some code around, improve documentation
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
214eed38c7
|
Make ssl_renegotiate the only interface
ssl_write_hello_request() is no private
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
caed0541a0
|
Allow ssl_renegotiate() to be called in a loop
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
e5e1bb972c
|
Fix misplaced initialisation
|
2013-10-30 16:46:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
f3dc2f6a1d
|
Add code for testing server-initiated renegotiation
|
2013-10-30 16:46:46 +01:00 |
|
Paul Bakker
|
6edcd41c0a
|
Addition conditions for UEFI environment under MSVC
|
2013-10-29 15:44:13 +01:00 |
|
Paul Bakker
|
fa6a620b75
|
Defines for UEFI environment under MSVC added
|
2013-10-29 14:05:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
a8a25ae1b9
|
Fix bad error codes
|
2013-10-27 13:48:15 +01:00 |
|
Manuel Pégourié-Gonnard
|
7109624aef
|
Skip MAC computation/check when GCM is used
|
2013-10-25 19:31:25 +02:00 |
|
Manuel Pégourié-Gonnard
|
8866591cc5
|
Don't special-case NULL cipher in ssl_tls.c
|
2013-10-25 18:42:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
126a66f668
|
Simplify switching on mode in ssl_tls.c
|
2013-10-25 18:33:32 +02:00 |
|
Manuel Pégourié-Gonnard
|
8d01eea7af
|
Add Camellia-GCM ciphersuites
|
2013-10-25 16:46:05 +02:00 |
|
Paul Bakker
|
f34673e37b
|
Merged RSA-PSK key-exchange and ciphersuites
|
2013-10-15 12:46:41 +02:00 |
|
Paul Bakker
|
376e8153a0
|
Merged ECDHE-PSK ciphersuites
|
2013-10-15 12:45:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
8a3c64d73f
|
Fix and simplify *-PSK ifdef's
|
2013-10-14 19:54:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
0fae60bb71
|
Implement RSA-PSK key exchange
|
2013-10-14 19:34:48 +02:00 |
|
Paul Bakker
|
b9cfaa0c7f
|
Explicit conversions and minor changes to prevent MSVC compiler warnings
|
2013-10-14 15:50:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
1b62c7f93d
|
Fix dependencies and related issues
|
2013-10-14 14:02:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
bd1ae24449
|
Factor PSK pms computation to ssl_tls.c
|
2013-10-14 13:17:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ce3bbdc00
|
Add support for ECDHE_PSK key exchange
|
2013-10-11 18:16:35 +02:00 |
|
Paul Bakker
|
beccd9f226
|
Explicit void pointer cast for buggy MS compiler
|
2013-10-11 15:20:27 +02:00 |
|
Paul Bakker
|
1677033bc8
|
TLS compression only allocates working buffer once
|
2013-10-11 09:59:44 +02:00 |
|
Paul Bakker
|
ca9c87ed2b
|
Removed possible cache-timing difference for pad check
|
2013-09-25 18:52:37 +02:00 |
|
Manuel Pégourié-Gonnard
|
8372454615
|
Rework SNI to fix memory issues
|
2013-09-24 22:30:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
705fcca409
|
Adapt support for SNI to recent changes
|
2013-09-24 21:25:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
d09453c88c
|
Check our ECDSA cert(s) against supported curves
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
f71e587c5e
|
Fix memory leak in ssl cipher usage
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ebb2cdb52
|
Add support for multiple server certificates
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
834ea8587f
|
Change internal structs for multi-cert support
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
1a483833b3
|
SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
|
2013-09-20 12:29:15 +02:00 |
|
Paul Bakker
|
5ad403f5b5
|
Prepared for 1.3.0 RC0
|
2013-09-18 21:21:30 +02:00 |
|
Paul Bakker
|
6db455e6e3
|
PSK callback added to SSL server
|
2013-09-18 21:14:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
a310459f5c
|
Fix a few things that broke with RSA compiled out
|
2013-09-18 15:37:44 +02:00 |
|
Paul Bakker
|
b6b0956631
|
Rm of memset instead of x509_crt_init()
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
c559c7a680
|
Renamed x509_cert structure to x509_crt for consistency
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
ddf26b4e38
|
Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
|
2013-09-18 13:46:23 +02:00 |
|
Paul Bakker
|
7c6b2c320e
|
Split up X509 files into smaller modules
|
2013-09-16 21:41:54 +02:00 |
|
Paul Bakker
|
2292d1fad0
|
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
|
2013-09-15 17:06:49 +02:00 |
|
Manuel Pégourié-Gonnard
|
f7dc378ead
|
Make CBC an option, step 1: ssl ciphersuites
|
2013-09-13 15:37:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
bfb355c33b
|
Fix memory leak on missed session reuse
|
2013-09-08 20:08:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
d13a4099dd
|
GCM ciphersuites using only cipher layer
|
2013-09-05 17:06:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
b8bd593741
|
Restrict cipher_update() for GCM
|
2013-09-05 17:06:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
226d5da1fc
|
GCM ciphersuites partially using cipher layer
|
2013-09-05 17:06:10 +02:00 |
|
Paul Bakker
|
45125bc160
|
Changes to handle merged enhancements
|
2013-09-04 16:48:22 +02:00 |
|