Manuel Pégourié-Gonnard
7da0a38d43
Rm some includes that are now useless
2013-09-05 17:06:11 +02:00
Manuel Pégourié-Gonnard
226d5da1fc
GCM ciphersuites partially using cipher layer
2013-09-05 17:06:10 +02:00
Paul Bakker
da02a7f45e
AES_CBC ciphersuites now run purely via cipher layer
2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard
c852a68b96
More robust selection of ctx_enc size
2013-08-28 13:13:30 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
acc7505a35
Temporary fix for size of cipher contexts
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
2fb15f694c
Un-rename ssl_set_own_cert_alt()
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1
Use convert functions for SSL_SIG_* and SSL_HASH_*
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440
Merge code for RSA and ECDSA in SSL
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21
Use the new PK RSA-alt interface
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178
Introduce pk_sign() and use it in ssl
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0b03200e96
Add server-side support for ECDSA client auth
2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
2013-08-27 15:06:54 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5
Move verify_result from ssl_context to session
2013-08-26 14:26:02 +02:00
Manuel Pégourié-Gonnard
b3d9187cea
PK: add nice interface functions
...
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
0b2726732e
Fix ifdef conditions for EC-related extensions.
...
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358
Actually use the point format selected for ECDH
2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
606b4ba20f
Session ticket expiration checked on server
2013-08-15 11:42:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
56dc9e8bba
Authenticate session tickets.
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
990c51a557
Encrypt session tickets
2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
779e42982c
Start adding ticket keys (only key_name for now)
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37
Fix reusing session more than once
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7
Parse NewSessionTicket message
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989
ssl_cli: write & parse session ticket extension
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
75d440192c
Introduce ticket field in session structure
2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
747180391d
Add ssl_get_session() to save session on client
2013-08-14 14:08:03 +02:00
Paul Bakker
d6f41c5bcd
Fixed size of ctx_enc / ctx_dec in ssl for gcm_context size
2013-07-25 17:01:54 +02:00
Paul Bakker
8c1ede655f
Changed prototype for ssl_set_truncated_hmac() to allow disabling
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
277f7f23e2
Implement hmac truncation
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
57c2852807
Added truncated hmac negociation (without effect)
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0
Add interface for truncated hmac
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
ed4af8b57c
Move negotiated max fragment length to session
...
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard
581e6b6d6c
Prepare migrating max fragment length to session
...
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard
48f8d0dbbd
Read max_fragment_length extension (server)
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
8b46459ae5
Add ssl_set_max_frag_len()
2013-07-18 11:18:13 +02:00
Paul Bakker
fa9b10050b
Also compiles / runs without time-based functions in OS
...
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
2fbefde1d8
Client and server now filter sent and accepted ciphersuites on minimum
...
and maximum protocol version
2013-06-29 18:35:40 +02:00
Paul Bakker
407a0da160
Moved __cplusplus extern statement to include struct definitions as well.
2013-06-27 14:29:21 +02:00
Paul Bakker
b6c5d2e1a6
Cleanup up non-prototyped functions (static) and const-correctness
...
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
9bcf16c55d
Centralized module option values in config.h
...
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
(cherry picked from commit 6fa5488779
)
Conflicts:
include/polarssl/config.h
2013-06-25 15:06:53 +02:00