Manuel Pégourié-Gonnard
|
96d5912088
|
Implement EC cert and crl verification
|
2013-08-20 20:26:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
211a64c79f
|
Add eckey to ecdsa conversion in the PK layer
|
2013-08-20 20:26:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
b4d69c41f8
|
Prepare for EC cert & crl validation
|
2013-08-20 20:26:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
e09631b7c4
|
Create ecp_group_copy() and use it
|
2013-08-20 20:08:29 +02:00 |
|
Manuel Pégourié-Gonnard
|
8eebd012b9
|
Add an ecdsa_genkey() function
|
2013-08-20 20:08:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
b694b4896c
|
Add ecdsa_{read,write}_signature()
|
2013-08-20 20:04:16 +02:00 |
|
Paul Bakker
|
3a074a7996
|
Actually skip certificate if we do not understand hash type
|
2013-08-20 12:45:03 +02:00 |
|
Paul Bakker
|
dc4baf11ab
|
Removed errant printf in x509parse_self_test()
|
2013-08-20 12:44:33 +02:00 |
|
Paul Bakker
|
42c3ccf36e
|
Fixed potential negative value misinterpretation in load_file()
|
2013-08-19 14:29:31 +02:00 |
|
Paul Bakker
|
75c1a6f97c
|
Fixed potential heap buffer overflow on large hostname setting
|
2013-08-19 14:25:29 +02:00 |
|
Paul Bakker
|
694d3aeb47
|
Fixed potential heap buffer overflow on large file reading
|
2013-08-19 14:23:38 +02:00 |
|
Paul Bakker
|
5fd4917d97
|
Add missing ifdefs in ssl modules
|
2013-08-19 13:30:28 +02:00 |
|
Paul Bakker
|
04376b1419
|
Fixed memory leak in ssl_parse_server_key_exchange from missing
md_free_ctx()
|
2013-08-16 14:45:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
298aae4524
|
Adapt core OID functions to embeded null bytes
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
c13c0d4524
|
Add a length check in rsa_get_pubkey()
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
56a487a17f
|
Minor ecdsa cleanups
- point_format is of no use
- d was init'ed and free'd twice
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
686bfae244
|
Fix memory error in x509_get_attr_type_value
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
ba77bbf840
|
Fix memory error in asn1_get_alg()
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
06dab806ce
|
Fix memory error in asn1_get_bitstring_null()
When *len is 0, **p would be read, which is out of bounds.
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b2726732e
|
Fix ifdef conditions for EC-related extensions.
Was alternatively ECP_C and ECDH_C.
|
2013-08-16 13:56:17 +02:00 |
|
Manuel Pégourié-Gonnard
|
5734b2d358
|
Actually use the point format selected for ECDH
|
2013-08-16 13:56:16 +02:00 |
|
Manuel Pégourié-Gonnard
|
7b19c16b74
|
Handle suported_point_formats in ServerHello
|
2013-08-16 13:56:16 +02:00 |
|
Manuel Pégourié-Gonnard
|
6b8846d929
|
Stop advertising support for compressed points
(We can only write them, not read them.)
|
2013-08-16 13:56:16 +02:00 |
|
Paul Bakker
|
1f2bc6238b
|
Made support for the truncated_hmac extension configurable
|
2013-08-15 13:45:55 +02:00 |
|
Paul Bakker
|
05decb24c3
|
Made support for the max_fragment_length extension configurable
|
2013-08-15 13:33:48 +02:00 |
|
Paul Bakker
|
606b4ba20f
|
Session ticket expiration checked on server
|
2013-08-15 11:42:48 +02:00 |
|
Paul Bakker
|
f0e39acb58
|
Fixed unitialized n when resuming a session
|
2013-08-15 11:40:48 +02:00 |
|
Paul Bakker
|
a503a63b85
|
Made session tickets support configurable from config.h
|
2013-08-14 14:26:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
56dc9e8bba
|
Authenticate session tickets.
|
2013-08-14 14:08:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
990c51a557
|
Encrypt session tickets
|
2013-08-14 14:08:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
779e42982c
|
Start adding ticket keys (only key_name for now)
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
aa0d4d1aff
|
Add ssl_set_session_tickets()
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
306827e3bc
|
Prepare ticket structure for securing
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
06650f6a37
|
Fix reusing session more than once
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
593058e35e
|
Don't renew ticket when the current one is OK
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
c086cce3d3
|
Don't cache empty session ID nor resumed session
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
7cd5924cec
|
Rework NewSessionTicket handling in state machine
Fixes bug: NewSessionTicket was ommited in resumed sessions.
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ffa3db80b
|
Fix server session ID handling with ticket
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
72882b2079
|
Relax limit on ClientHello size
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
609bc81a76
|
ssl_srv: read & write ticket, unsecure for now
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
94f6a79cde
|
Auxiliary functions to (de)serialize ssl_session
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
7a358b8580
|
ssl_srv: write & parse session ticket ext & msg
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
6377e41ef5
|
Complete client support for session tickets
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
a5cc6025e7
|
Parse NewSessionTicket message
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
60182ef989
|
ssl_cli: write & parse session ticket extension
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
75d440192c
|
Introduce ticket field in session structure
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
5f280cc6cf
|
Implement saving peer cert as part of session.
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
747180391d
|
Add ssl_get_session() to save session on client
|
2013-08-14 14:08:03 +02:00 |
|
Paul Bakker
|
48e93c84b7
|
Made padding modes configurable from config.h
|
2013-08-14 14:02:48 +02:00 |
|
Paul Bakker
|
1a45d91cf2
|
Restructured cipher_set_padding_mode() to use switch statement
|
2013-08-14 14:02:48 +02:00 |
|