Manuel Pégourié-Gonnard
|
8372454615
|
Rework SNI to fix memory issues
|
2013-09-24 22:30:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
705fcca409
|
Adapt support for SNI to recent changes
|
2013-09-24 21:25:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
d09453c88c
|
Check our ECDSA cert(s) against supported curves
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
f24b4a7316
|
Interface change in ECP info functions
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ebb2cdb52
|
Add support for multiple server certificates
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
834ea8587f
|
Change internal structs for multi-cert support
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
164d894b9a
|
Fix: session start time wasn't set server side
|
2013-09-23 23:00:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
1a483833b3
|
SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
|
2013-09-20 12:29:15 +02:00 |
|
Manuel Pégourié-Gonnard
|
34ced2dffe
|
Fix mis-sized buffer
Reported by rgacogne on twitter.
Also spotted by gcc-4.8 with -O2
|
2013-09-20 11:37:39 +02:00 |
|
Manuel Pégourié-Gonnard
|
a7496f00ff
|
Fix a few more warnings in small configurations
|
2013-09-20 11:29:59 +02:00 |
|
Paul Bakker
|
6db455e6e3
|
PSK callback added to SSL server
|
2013-09-18 21:14:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
a310459f5c
|
Fix a few things that broke with RSA compiled out
|
2013-09-18 15:37:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
51451f8d26
|
Replace EC flag with ssl_ciphersuite_uses_ec()
|
2013-09-18 14:35:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
15d5de1969
|
Simplify usage of DHM blinding
|
2013-09-18 14:35:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
568c9cf878
|
Add ecp_supported_curves and simplify some code
|
2013-09-18 14:34:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
7038039f2e
|
Dissociate TLS and internal EC curve identifiers
Allows to add new curves before they get a TLS number
|
2013-09-18 14:34:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
a97c015f89
|
Rm useless/wrong DHM lenght test
|
2013-09-18 14:34:33 +02:00 |
|
Paul Bakker
|
b6b0956631
|
Rm of memset instead of x509_crt_init()
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
c559c7a680
|
Renamed x509_cert structure to x509_crt for consistency
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
ddf26b4e38
|
Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
|
2013-09-18 13:46:23 +02:00 |
|
Paul Bakker
|
7c6b2c320e
|
Split up X509 files into smaller modules
|
2013-09-16 21:41:54 +02:00 |
|
Paul Bakker
|
2292d1fad0
|
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
|
2013-09-15 17:06:49 +02:00 |
|
Paul Bakker
|
c0dcf0ceb1
|
Merged blinding additions for EC, RSA and DHM into development
|
2013-09-10 14:44:27 +02:00 |
|
Manuel Pégourié-Gonnard
|
9f5a3c4a0a
|
Fix possible memory error.
|
2013-09-08 20:08:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
032c34e206
|
Don't use DH blinding for ephemeral DH
|
2013-09-07 13:06:27 +02:00 |
|
Manuel Pégourié-Gonnard
|
2d627649bf
|
Change dhm_calc_secret() prototype
|
2013-09-04 14:22:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
e09d2f8261
|
Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
|
2013-09-02 14:29:09 +02:00 |
|
Paul Bakker
|
9659dae046
|
Some extra code defined out
|
2013-08-28 16:21:34 +02:00 |
|
Paul Bakker
|
577e006c2f
|
Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
|
2013-08-28 11:58:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
9cc6f5c61b
|
Fix some hash debugging
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
4bd1284f59
|
Fix ECDSA hash selection bug with TLS 1.0 and 1.1
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
e511ffca50
|
Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
f484282e96
|
Rm a few unneeded tests
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
d11eb7c789
|
Fix sig_alg extension on client.
Temporary solution on server.
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
bfe32efb9b
|
pk_{sign,verify}() now accept hash_len = 0
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
a20c58c6f1
|
Use convert functions for SSL_SIG_* and SSL_HASH_*
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
0d42049440
|
Merge code for RSA and ECDSA in SSL
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
070cc7fd21
|
Use the new PK RSA-alt interface
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
a2d3f22007
|
Add and use pk_encrypt(), pk_decrypt()
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
8df2769178
|
Introduce pk_sign() and use it in ssl
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
583b608401
|
Fix some return values
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
abae74c4a0
|
Add server support for ECDHE_ECDSA key exchange
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
32ea60a127
|
Declare ECDSA key exchange and ciphersuites
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
|
2013-08-27 22:21:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b03200e96
|
Add server-side support for ECDSA client auth
|
2013-08-27 22:21:19 +02:00 |
|
Paul Bakker
|
0be444a8b1
|
Ability to disable server_name extension (RFC 6066)
|
2013-08-27 21:55:01 +02:00 |
|
Paul Bakker
|
d2f068e071
|
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
|
2013-08-27 21:19:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
0a20171d52
|
Fix compiler warning from gcc -Os
|
2013-08-26 14:31:43 +02:00 |
|
Manuel Pégourié-Gonnard
|
c6554aab3d
|
Check length of session tickets we write
|
2013-08-26 14:26:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
b3d9187cea
|
PK: add nice interface functions
Also fix a const-corectness issue.
|
2013-08-20 20:46:04 +02:00 |
|
Paul Bakker
|
5fd4917d97
|
Add missing ifdefs in ssl modules
|
2013-08-19 13:30:28 +02:00 |
|