Commit Graph

219 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
43c3b28ca6 Fix memory leak with crafted ClientHello 2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard
480905d563 Fix selection of hash from sig_alg ClientHello ext. 2014-08-30 14:19:59 +02:00
Paul Bakker
84bbeb58df Adapt cipher and MD layer with _init() and _free() 2014-07-09 10:19:24 +02:00
Paul Bakker
accaffe2c3 Restructure ssl_handshake_init() and small fixes 2014-07-09 10:19:24 +02:00
Paul Bakker
5b4af39a36 Add _init() and _free() for hash modules 2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard
d27680bd5e Clarify code using PSK callback 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
14beb08542 Fix missing const 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f Change selection of hash algorithm for TLS 1.2 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
dd0c0f33c0 Better usage of dhm_calc_secret in SSL 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
4d2a8eb6ff SSL modules now using x509_crt_parse_der()
Avoid uselessly trying to decode PEM.
2014-06-23 11:54:57 +02:00
Paul Bakker
66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker
db20c10423 Add #endif comments for #endif more than 10 lines from #if / #else 2014-06-17 14:34:44 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker
14877e6250 Remove unused 'ret' variable 2014-06-12 23:01:18 +02:00
Paul Bakker
14b16c62e9 Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker)
Move strlen out of for loop.
Remove redundant null checks before free.
2014-05-28 11:34:33 +02:00
Paul Bakker
0f651c7422 Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-05-22 15:12:19 +02:00
Manuel Pégourié-Gonnard
61edffef28 Normalize "should never happen" messages/errors 2014-05-22 13:52:47 +02:00
Paul Bakker
b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Paul Bakker
c70e425a73 Only iterate over actual certificates in ssl_write_certificate_request() 2014-04-18 13:50:19 +02:00
Paul Bakker
4f42c11846 Remove arbitrary maximum length for cipher_list and content length 2014-04-17 15:37:39 +02:00
Paul Bakker
d893aef867 Force default value to curve parameter 2014-04-17 14:45:34 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2 Check keyUsage in SSL client and server 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
f6521de17b Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae Implement ALPN server-side 2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
969ccc6289 Fix length checking of various ClientKeyExchange's 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb Fix possible buffer overflow with PSK 2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard
d701c9aec9 Fix memory leak in server with expired tickets 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
145dfcbfc2 Fix bug with NewSessionTicket and non-blocking I/O 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
96ea2f2557 Add tests for SNI 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
8520dac292 Add tests for auth_mode 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
f7c52014ec Add basic tests for session resumption 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
6b1e207081 Fix verion-major intolerance 2014-02-12 10:14:54 +01:00
Paul Bakker
7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Manuel Pégourié-Gonnard
f6dc5e1d16 Remove temporary debug code 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
c3f6b62ccc Print curve name instead of size in debugging
Also refactor server-side curve selection
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
de05390c85 Rename ecdh_curve_list to curve_list 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5de2580563 Make ssl_set_ecdh_curves() a compile-time option 2014-02-06 10:28:38 +01:00
Gergely Budai
987bfb510b Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
5538970d32 Add server support for ECDH key exchanges 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245 Add option to respect client ciphersuite order 2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
011a8db2e7 Complete refactoring of ciphersuite choosing 2013-11-30 18:11:07 +01:00
Manuel Pégourié-Gonnard
3252560e68 Move some functions up 2013-11-30 17:50:32 +01:00