Paul Bakker
|
d7e2483bfc
|
Merge miscellaneous fixes into development
|
2015-01-13 16:04:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
5ba1d52f96
|
Add memory_buffer_alloc_self_test()
|
2015-01-13 14:58:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
5cb4b31057
|
Fix missing bound check
|
2015-01-13 14:58:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
d94232389e
|
Skip signature_algorithms ext if PSK only
|
2014-12-02 11:57:29 +01:00 |
|
Manuel Pégourié-Gonnard
|
9439f93ea4
|
Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
cb7da352fd
|
Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
150c4f62f1
|
Clarify documentation a bit
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
3e9449350c
|
Fix comment on resumption
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
6b298e6cc1
|
Update comment from draft to RFC
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
d16d1cb96a
|
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
fd6c85c3eb
|
Set a compile-time limit to X.509 chain length
|
2014-11-20 16:37:41 +01:00 |
|
Manuel Pégourié-Gonnard
|
426d4ae7ff
|
Split x509_crl_parse_der() out of x509_crl_parse()
|
2014-11-20 16:36:07 +01:00 |
|
Manuel Pégourié-Gonnard
|
70bdadf54b
|
Add pk_check_pair()
|
2014-11-06 18:25:51 +01:00 |
|
Manuel Pégourié-Gonnard
|
30668d688d
|
Add ecp_check_pub_priv()
|
2014-11-06 18:25:51 +01:00 |
|
Manuel Pégourié-Gonnard
|
2f8d1f9fc3
|
Add rsa_check_pub_priv()
|
2014-11-06 18:25:51 +01:00 |
|
Manuel Pégourié-Gonnard
|
e10e06d863
|
Blind RSA operations even without CRT
|
2014-11-06 18:25:44 +01:00 |
|
Manuel Pégourié-Gonnard
|
d056ce0e3e
|
Use seq_num as AEAD nonce by default
|
2014-11-06 18:23:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
699cafaea2
|
Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
769c6b6351
|
Make session-hash depend on TLS versions
|
2014-11-05 16:00:50 +01:00 |
|
Manuel Pégourié-Gonnard
|
367381fddd
|
Add negotiation of Extended Master Secret
(But not the actual thing yet.)
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
01b2699198
|
Implement FALLBACK_SCSV server-side
|
2014-11-05 16:00:49 +01:00 |
|
Manuel Pégourié-Gonnard
|
1cbd39dbeb
|
Implement FALLBACK_SCSV client-side
|
2014-11-05 16:00:49 +01:00 |
|
Paul Bakker
|
9eac4f7c4e
|
Prepare for release 1.3.9
|
2014-10-20 13:56:15 +02:00 |
|
Manuel Pégourié-Gonnard
|
da1b4de0e4
|
Increase MPI_MAX_BYTES to allow RSA 8192
|
2014-10-15 22:06:46 +02:00 |
|
Paul Bakker
|
9e4ff953de
|
Clarified len parameter of ssl_read()
|
2014-09-24 11:13:11 +02:00 |
|
Sander Niemeijer
|
ef5087d150
|
Added explicit casts to prevent compiler warnings when trying to build for iOS
|
2014-08-21 23:48:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
44ade654c5
|
Implement (partial) renego delay on client
|
2014-08-19 13:58:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
6591962f06
|
Allow delay on renego on client
Currently unbounded: will be fixed later
|
2014-08-19 12:50:30 +02:00 |
|
Manuel Pégourié-Gonnard
|
55e4ff2ace
|
Tune comments
|
2014-08-19 11:52:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
8d4ad07706
|
SHA-2 ciphersuites now require TLS 1.x
|
2014-08-14 11:34:34 +02:00 |
|
Paul Bakker
|
8dcb2d7d7e
|
Support escaping of commas in x509_string_to_names()
|
2014-08-11 11:59:52 +02:00 |
|
Paul Bakker
|
ec3a617d40
|
Make ready for release of 1.3.8 and soversion 7
|
2014-07-09 10:21:28 +02:00 |
|
Paul Bakker
|
84bbeb58df
|
Adapt cipher and MD layer with _init() and _free()
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
accaffe2c3
|
Restructure ssl_handshake_init() and small fixes
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
a317a98221
|
Adapt programs / test suites
|
2014-07-09 10:19:24 +02:00 |
|
Paul Bakker
|
8f870b047c
|
Add dhm_init()
|
2014-07-09 10:19:23 +02:00 |
|
Paul Bakker
|
fff0366bba
|
Add ctr_drbg_free()
|
2014-07-09 10:19:23 +02:00 |
|
Paul Bakker
|
5b4af39a36
|
Add _init() and _free() for hash modules
|
2014-07-09 10:19:23 +02:00 |
|
Paul Bakker
|
c7ea99af4f
|
Add _init() and _free() for cipher modules
|
2014-07-09 10:19:22 +02:00 |
|
Manuel Pégourié-Gonnard
|
08e81e0c8f
|
Change selection of hash algorithm for TLS 1.2
|
2014-07-08 14:20:26 +02:00 |
|
Paul Bakker
|
8fb99abaac
|
Merge changes for leaner memory footprint
|
2014-07-04 15:02:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
481fcfde93
|
Make PSK_LEN configurable and adjust PMS size
|
2014-07-04 14:59:08 +02:00 |
|
Manuel Pégourié-Gonnard
|
dfc7df0bec
|
Add SSL_CIPHERSUITES config option
|
2014-07-04 14:59:02 +02:00 |
|
Manuel Pégourié-Gonnard
|
a9964dbcd5
|
Add ssl_set_renegotiation_enforced()
|
2014-07-04 14:16:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
c27807dd1e
|
Make SSL_BUFFER_LEN overhead depend more on config
|
2014-06-30 17:27:49 +02:00 |
|
Paul Bakker
|
237a847f1c
|
Fix typos in comments
|
2014-06-25 14:45:24 +02:00 |
|
Manuel Pégourié-Gonnard
|
d543a582bf
|
Clarify padding questions in the PK documentation
|
2014-06-25 14:04:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
2361746452
|
Try to clarify ECDH interface documentation
|
2014-06-25 13:55:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
5af0e5b194
|
Document in-out param of dhm_calc_secret()
|
2014-06-25 13:03:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
bf31977c42
|
Update BIGNUM_C comments
|
2014-06-25 13:00:17 +02:00 |
|