Manuel Pégourié-Gonnard
|
c13c0d4524
|
Add a length check in rsa_get_pubkey()
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
56a487a17f
|
Minor ecdsa cleanups
- point_format is of no use
- d was init'ed and free'd twice
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
686bfae244
|
Fix memory error in x509_get_attr_type_value
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
ba77bbf840
|
Fix memory error in asn1_get_alg()
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
06dab806ce
|
Fix memory error in asn1_get_bitstring_null()
When *len is 0, **p would be read, which is out of bounds.
|
2013-08-16 14:00:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b2726732e
|
Fix ifdef conditions for EC-related extensions.
Was alternatively ECP_C and ECDH_C.
|
2013-08-16 13:56:17 +02:00 |
|
Manuel Pégourié-Gonnard
|
5734b2d358
|
Actually use the point format selected for ECDH
|
2013-08-16 13:56:16 +02:00 |
|
Manuel Pégourié-Gonnard
|
7b19c16b74
|
Handle suported_point_formats in ServerHello
|
2013-08-16 13:56:16 +02:00 |
|
Manuel Pégourié-Gonnard
|
6b8846d929
|
Stop advertising support for compressed points
(We can only write them, not read them.)
|
2013-08-16 13:56:16 +02:00 |
|
Paul Bakker
|
1f2bc6238b
|
Made support for the truncated_hmac extension configurable
|
2013-08-15 13:45:55 +02:00 |
|
Paul Bakker
|
05decb24c3
|
Made support for the max_fragment_length extension configurable
|
2013-08-15 13:33:48 +02:00 |
|
Paul Bakker
|
606b4ba20f
|
Session ticket expiration checked on server
|
2013-08-15 11:42:48 +02:00 |
|
Paul Bakker
|
f0e39acb58
|
Fixed unitialized n when resuming a session
|
2013-08-15 11:40:48 +02:00 |
|
Paul Bakker
|
a503a63b85
|
Made session tickets support configurable from config.h
|
2013-08-14 14:26:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
56dc9e8bba
|
Authenticate session tickets.
|
2013-08-14 14:08:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
990c51a557
|
Encrypt session tickets
|
2013-08-14 14:08:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
779e42982c
|
Start adding ticket keys (only key_name for now)
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
aa0d4d1aff
|
Add ssl_set_session_tickets()
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
306827e3bc
|
Prepare ticket structure for securing
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
06650f6a37
|
Fix reusing session more than once
|
2013-08-14 14:08:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
593058e35e
|
Don't renew ticket when the current one is OK
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
c086cce3d3
|
Don't cache empty session ID nor resumed session
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
7cd5924cec
|
Rework NewSessionTicket handling in state machine
Fixes bug: NewSessionTicket was ommited in resumed sessions.
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ffa3db80b
|
Fix server session ID handling with ticket
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
72882b2079
|
Relax limit on ClientHello size
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
609bc81a76
|
ssl_srv: read & write ticket, unsecure for now
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
94f6a79cde
|
Auxiliary functions to (de)serialize ssl_session
|
2013-08-14 14:08:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
7a358b8580
|
ssl_srv: write & parse session ticket ext & msg
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
6377e41ef5
|
Complete client support for session tickets
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
a5cc6025e7
|
Parse NewSessionTicket message
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
60182ef989
|
ssl_cli: write & parse session ticket extension
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
75d440192c
|
Introduce ticket field in session structure
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
5f280cc6cf
|
Implement saving peer cert as part of session.
|
2013-08-14 14:08:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
747180391d
|
Add ssl_get_session() to save session on client
|
2013-08-14 14:08:03 +02:00 |
|
Paul Bakker
|
48e93c84b7
|
Made padding modes configurable from config.h
|
2013-08-14 14:02:48 +02:00 |
|
Paul Bakker
|
1a45d91cf2
|
Restructured cipher_set_padding_mode() to use switch statement
|
2013-08-14 14:02:48 +02:00 |
|
Manuel Pégourié-Gonnard
|
ebdc413f44
|
Add 'no padding' mode
|
2013-08-14 14:02:48 +02:00 |
|
Manuel Pégourié-Gonnard
|
0e7d2c0f95
|
Add zero padding
|
2013-08-14 14:02:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
8d4291b52a
|
Add zeros-and-length (ANSI X.923) padding
|
2013-08-14 14:02:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
679f9e90ad
|
Add one-and-zeros (ISO/IEC 7816-4) padding
|
2013-08-14 14:02:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
b7d24bc7ca
|
Fix bug in get_pkcs_padding(): cannot be 0-length
|
2013-08-14 14:02:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
ac56a1aec4
|
Make cipher_set_padding() actually work
(Only one padding mode recognized yet.)
|
2013-08-14 14:02:46 +02:00 |
|
Manuel Pégourié-Gonnard
|
d5fdcaf9e5
|
Add cipher_set_padding() (no effect yet)
Fix pattern in tests/.gitignore along the way.
|
2013-08-14 14:02:46 +02:00 |
|
Paul Bakker
|
0f2f0bfc87
|
CAMELLIA-based PSK and DHE-PSK ciphersuites added
|
2013-07-26 15:04:03 +02:00 |
|
Paul Bakker
|
b548d773b3
|
Fixed memory leak in ecdh_compute_shared() in case of error
|
2013-07-26 14:22:19 +02:00 |
|
Paul Bakker
|
cca998a4c5
|
Fixed memory leak in ecdsa_sign() / ecdsa_verify() in case of error
|
2013-07-26 14:22:16 +02:00 |
|
Paul Bakker
|
1e6a175362
|
Support for AIX header locations in net.c module
|
2013-07-26 14:10:22 +02:00 |
|
Paul Bakker
|
52cf16caeb
|
Fixed multiple use of GCM-context bug due to split-up of GCM functions
|
2013-07-26 13:56:22 +02:00 |
|
Paul Bakker
|
d9ca94a677
|
Updated merged pk.c and x509parse.c changes with new memory allocation functions
|
2013-07-25 11:25:09 +02:00 |
|
Paul Bakker
|
8c1ede655f
|
Changed prototype for ssl_set_truncated_hmac() to allow disabling
|
2013-07-19 14:51:47 +02:00 |
|