Commit Graph

67 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
51451f8d26 Replace EC flag with ssl_ciphersuite_uses_ec() 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
f7dc378ead Make CBC an option, step 1: ssl ciphersuites 2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard
bc4b7f08ba Fix possible race in ssl_list_ciphersuites()
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
2013-09-08 20:07:48 +02:00
Manuel Pégourié-Gonnard
57a8783364 Make more room for ciphersuites 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
09edda888e Check key type against selected key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127 Declare ECDSA key exchange and ciphersuites
Also fix bug in ssl_list_ciphersuites().

For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Paul Bakker
0f2f0bfc87 CAMELLIA-based PSK and DHE-PSK ciphersuites added 2013-07-26 15:04:03 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
40afb4ba13 Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487 2013-04-19 22:03:30 +02:00
Paul Bakker
a1bf92ddb4 Added PSK NULL ciphers from RFC4785 2013-04-19 20:47:26 +02:00
Paul Bakker
e07f41d4be Introduced defines to control availability of specific SSL Key Exchange
methods.

Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
2013-04-19 09:08:57 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
27714b1aa1 Added Camellia ECDHE-based CBC ciphersuites
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker
a54e493bc0 Added ECDHE-based SHA256 and SHA384 ciphersuites
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
Paul Bakker
41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00