Paul Bakker
|
1e5369c7fa
|
Variables in proper block or within proper defines in ssl_decrypt_buf()
|
2013-12-19 16:40:57 +01:00 |
|
Paul Bakker
|
fdf946928d
|
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
|
2013-12-17 13:10:27 +01:00 |
|
Paul Bakker
|
77e257e958
|
Fixed bad check for maximum size of fragment length index
|
2013-12-17 13:09:12 +01:00 |
|
Paul Bakker
|
6f0636a09f
|
Potential memory leak in ssl_ticket_keys_init()
|
2013-12-17 13:09:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
d18cc57962
|
Add client-side support for ECDH key exchanges
|
2013-12-17 11:32:31 +01:00 |
|
Manuel Pégourié-Gonnard
|
c72ac7c3ef
|
Fix SSLv3 handling of SHA-384 suites
Fixes memory corruption, introduced in
a5bdfcd (Relax some SHA2 ciphersuite's version requirements)
|
2013-12-17 10:18:25 +01:00 |
|
Manuel Pégourié-Gonnard
|
dc953e8c41
|
Add missing defines/cases for RSA_PSK key exchange
|
2013-11-26 15:19:57 +01:00 |
|
Paul Bakker
|
08b028ff0f
|
Prevent unlikely NULL dereference
|
2013-11-19 10:42:37 +01:00 |
|
Paul Bakker
|
0333b978fa
|
Handshake key_cert should be set on first addition to the key_cert chain
|
2013-11-04 17:08:28 +01:00 |
|
Paul Bakker
|
993e386a73
|
Merged renegotiation refactoring
|
2013-10-31 14:32:38 +01:00 |
|
Paul Bakker
|
37ce0ff185
|
Added defines around renegotiation code for SSL_SRV and SSL_CLI
|
2013-10-31 14:32:04 +01:00 |
|
Manuel Pégourié-Gonnard
|
31ff1d2e4f
|
Safer buffer comparisons in the SSL modules
|
2013-10-31 14:23:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
6d8404d6ba
|
Server: enforce renegotiation
|
2013-10-30 16:48:10 +01:00 |
|
Manuel Pégourié-Gonnard
|
9c1e1898b6
|
Move some code around, improve documentation
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
214eed38c7
|
Make ssl_renegotiate the only interface
ssl_write_hello_request() is no private
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
caed0541a0
|
Allow ssl_renegotiate() to be called in a loop
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
e5e1bb972c
|
Fix misplaced initialisation
|
2013-10-30 16:46:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
f3dc2f6a1d
|
Add code for testing server-initiated renegotiation
|
2013-10-30 16:46:46 +01:00 |
|
Paul Bakker
|
6edcd41c0a
|
Addition conditions for UEFI environment under MSVC
|
2013-10-29 15:44:13 +01:00 |
|
Paul Bakker
|
fa6a620b75
|
Defines for UEFI environment under MSVC added
|
2013-10-29 14:05:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
a8a25ae1b9
|
Fix bad error codes
|
2013-10-27 13:48:15 +01:00 |
|
Manuel Pégourié-Gonnard
|
7109624aef
|
Skip MAC computation/check when GCM is used
|
2013-10-25 19:31:25 +02:00 |
|
Manuel Pégourié-Gonnard
|
8866591cc5
|
Don't special-case NULL cipher in ssl_tls.c
|
2013-10-25 18:42:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
126a66f668
|
Simplify switching on mode in ssl_tls.c
|
2013-10-25 18:33:32 +02:00 |
|
Manuel Pégourié-Gonnard
|
8d01eea7af
|
Add Camellia-GCM ciphersuites
|
2013-10-25 16:46:05 +02:00 |
|
Paul Bakker
|
f34673e37b
|
Merged RSA-PSK key-exchange and ciphersuites
|
2013-10-15 12:46:41 +02:00 |
|
Paul Bakker
|
376e8153a0
|
Merged ECDHE-PSK ciphersuites
|
2013-10-15 12:45:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
8a3c64d73f
|
Fix and simplify *-PSK ifdef's
|
2013-10-14 19:54:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
0fae60bb71
|
Implement RSA-PSK key exchange
|
2013-10-14 19:34:48 +02:00 |
|
Paul Bakker
|
b9cfaa0c7f
|
Explicit conversions and minor changes to prevent MSVC compiler warnings
|
2013-10-14 15:50:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
1b62c7f93d
|
Fix dependencies and related issues
|
2013-10-14 14:02:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
bd1ae24449
|
Factor PSK pms computation to ssl_tls.c
|
2013-10-14 13:17:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ce3bbdc00
|
Add support for ECDHE_PSK key exchange
|
2013-10-11 18:16:35 +02:00 |
|
Paul Bakker
|
beccd9f226
|
Explicit void pointer cast for buggy MS compiler
|
2013-10-11 15:20:27 +02:00 |
|
Paul Bakker
|
1677033bc8
|
TLS compression only allocates working buffer once
|
2013-10-11 09:59:44 +02:00 |
|
Paul Bakker
|
ca9c87ed2b
|
Removed possible cache-timing difference for pad check
|
2013-09-25 18:52:37 +02:00 |
|
Manuel Pégourié-Gonnard
|
8372454615
|
Rework SNI to fix memory issues
|
2013-09-24 22:30:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
705fcca409
|
Adapt support for SNI to recent changes
|
2013-09-24 21:25:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
d09453c88c
|
Check our ECDSA cert(s) against supported curves
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
f71e587c5e
|
Fix memory leak in ssl cipher usage
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ebb2cdb52
|
Add support for multiple server certificates
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
834ea8587f
|
Change internal structs for multi-cert support
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
1a483833b3
|
SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
|
2013-09-20 12:29:15 +02:00 |
|
Paul Bakker
|
5ad403f5b5
|
Prepared for 1.3.0 RC0
|
2013-09-18 21:21:30 +02:00 |
|
Paul Bakker
|
6db455e6e3
|
PSK callback added to SSL server
|
2013-09-18 21:14:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
a310459f5c
|
Fix a few things that broke with RSA compiled out
|
2013-09-18 15:37:44 +02:00 |
|
Paul Bakker
|
b6b0956631
|
Rm of memset instead of x509_crt_init()
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
c559c7a680
|
Renamed x509_cert structure to x509_crt for consistency
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
ddf26b4e38
|
Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
|
2013-09-18 13:46:23 +02:00 |
|
Paul Bakker
|
7c6b2c320e
|
Split up X509 files into smaller modules
|
2013-09-16 21:41:54 +02:00 |
|