yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1512 commits 1 branch 0 tags 94 MiB
Commit graph

941 commits

Author SHA1 Message Date
Paul Bakker
1c3853b953 oid_get_oid_by_*() now give back oid length as well 2013-09-10 11:43:44 +02:00
Paul Bakker
003dbad250 Fixed file descriptor leak in x509parse_crtpath() 2013-09-09 17:26:14 +02:00
Paul Bakker
a5943858d8 x509_verify() now case insensitive for cn (RFC 6125 6.4) 2013-09-09 17:21:45 +02:00
Paul Bakker
f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker
d4bf870ff5 Allow spaces after the comma when converting X509 names 2013-09-09 13:59:11 +02:00
Paul Bakker
52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Paul Bakker
5f45e62afe Migrated from x509_req_name to asn1_named_data structure 2013-09-09 12:02:36 +02:00
Paul Bakker
c547cc992e Added generic asn1_free_named_data_list() 2013-09-09 12:01:23 +02:00
Paul Bakker
59ba59fa30 Generalized x509_set_extension() behaviour to asn1_store_named_data() 2013-09-09 11:34:44 +02:00
Paul Bakker
43aff2aec4 Moved GCM to use cipher layer instead of AES directly 2013-09-09 00:10:27 +02:00
Paul Bakker
f46b6955e3 Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode) 2013-09-09 00:08:26 +02:00
Paul Bakker
5e0efa7ef5 Added POLARSSL_MODE_ECB to the cipher layer 2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard
9f5a3c4a0a Fix possible memory error. 2013-09-08 20:08:59 +02:00
Manuel Pégourié-Gonnard
bfb355c33b Fix memory leak on missed session reuse 2013-09-08 20:08:36 +02:00
Manuel Pégourié-Gonnard
bc4b7f08ba Fix possible race in ssl_list_ciphersuites() 
Thread A: executing for loop of ssl_list_ciphersuites()
Thread B: call ssl_list_cipher_suites(), see init == 0
Thread A: return, start using the result
Thread B: memset(0) on the list used by thread A
 2013-09-08 20:07:48 +02:00
Paul Bakker
9c208aabc8 Use ASN1_UTC_TIME in some cases 2013-09-08 15:44:31 +02:00
Manuel Pégourié-Gonnard
032c34e206 Don't use DH blinding for ephemeral DH 2013-09-07 13:06:27 +02:00
Paul Bakker
15162a054a Writing of X509v3 extensions supported 
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
 2013-09-06 19:27:21 +02:00
Paul Bakker
329def30c5 Added asn1_write_bool() 2013-09-06 16:34:38 +02:00
Paul Bakker
9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
d13a4099dd GCM ciphersuites using only cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
b8bd593741 Restrict cipher_update() for GCM 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
226d5da1fc GCM ciphersuites partially using cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b Cipher: test multiple cycles 
GCM-cipher: just trust the user to call update_ad at the right time
 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae Simplify DH blinding a bit 2013-09-04 17:18:28 +02:00
Paul Bakker
45125bc160 Changes to handle merged enhancements 2013-09-04 16:48:22 +02:00
Manuel Pégourié-Gonnard
143b5028a5 Implement DH blinding 2013-09-04 16:29:59 +02:00
Paul Bakker
c049955b32 Merged new cipher layer enhancements 2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard
2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
ce4112538c Fix RC4 key length in cipher 2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard
83f3fc0d77 Add AES-192-GCM 2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard
43a4780b03 Ommit AEAD functions if GCM not defined 2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
a235b5b5bd Fix iv_len interface. 
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
 2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard
9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
07de4b1d08 Implement randomized coordinates in ecp_mul() 2013-09-02 16:26:04 +02:00
Manuel Pégourié-Gonnard
c75c56fef7 Fix off-by-one error in ecdsa_write_signature() 
Made some signature fail with 521-bit curve
 2013-09-02 16:25:37 +02:00
Paul Bakker
ea6ad3f6e5 ARC4 ciphersuites using only cipher layer 2013-09-02 14:57:01 +02:00
Manuel Pégourié-Gonnard
e09d2f8261 Change ecp_mul() prototype to allow randomization 
(Also improve an error code while at it.)
 2013-09-02 14:29:09 +02:00
Paul Bakker
eb851f6cd5 Merged current cipher enhancements for ARC4 and AES-GCM 2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard
9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Paul Bakker
cca5b81d18 All CBC ciphersuites via the cipher layer 2013-08-31 17:40:26 +02:00
Paul Bakker
da02a7f45e AES_CBC ciphersuites now run purely via cipher layer 2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard
20d6a17af9 Make GCM tag check "constant-time" 2013-08-31 16:37:46 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69 GCM in the cipher layer, step 1 
- no support for additional data
- no support for tag
 2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de Handle NULL as a stream cipher for more uniformity 2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022 Add arc4 support in the cipher layer 2013-08-30 17:11:28 +02:00
Paul Bakker
f451bac000 Blinding RSA only active when f_rng is provided 2013-08-30 15:48:53 +02:00
Paul Bakker
48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker
aab30c130c RSA blinding added for CRT operations 2013-08-30 11:03:09 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation 
Primarily so that rsa_private() receives an RNG for blinding purposes.
 2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker
9659dae046 Some extra code defined out 2013-08-28 16:21:34 +02:00
Manuel Pégourié-Gonnard
c852a68b96 More robust selection of ctx_enc size 2013-08-28 13:13:30 +02:00
Manuel Pégourié-Gonnard
cffe4a65bd Move "constant" code outside a loop 2013-08-28 13:13:20 +02:00
Paul Bakker
577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development 
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
 2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
57a8783364 Make more room for ciphersuites 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
db77175e99 Make ecdsa_verify() return value more explicit 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9cc6f5c61b Fix some hash debugging 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
4bd1284f59 Fix ECDSA hash selection bug with TLS 1.0 and 1.1 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
9c9812a299 Fix bug introduced in dbf69cf 
(Was writing outside array bounds.)
 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
df0142bd17 Fix some dependencies in tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
2fb15f694c Un-rename ssl_set_own_cert_alt() 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
e511ffca50 Allow compiling without RSA or DH 
Only library and programs now, need to check test suites later.
 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
ee98f8e7a3 Add EC certificates in certs.c 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
f484282e96 Rm a few unneeded tests 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
d11eb7c789 Fix sig_alg extension on client. 
Temporary solution on server.
 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
bfe32efb9b pk_{sign,verify}() now accept hash_len = 0 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard
a20c58c6f1 Use convert functions for SSL_SIG_* and SSL_HASH_* 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
c40b4c3708 Add configuration item for the PK module 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
0d42049440 Merge code for RSA and ECDSA in SSL 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
070cc7fd21 Use the new PK RSA-alt interface 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
12c1ff0ecb Add RSA-alt to the PK layer 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
a2d3f22007 Add and use pk_encrypt(), pk_decrypt() 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178 Introduce pk_sign() and use it in ssl 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401 Fix some return values 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77 Add client support for ECDSA client auth 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
abae74c4a0 Add server support for ECDHE_ECDSA key exchange 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e Check key type against selected key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50 Add client support for ECDHE_ECDSA key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394 Refactor ssl_parse_server_key_exchange() a bit 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127 Declare ECDSA key exchange and ciphersuites 
Also fix bug in ssl_list_ciphersuites().

For now, disable it on server.
Client will offer it but fail if server selects it.
 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
0b03200e96 Add server-side support for ECDSA client auth 2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23 Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available 2013-08-27 15:06:54 +02:00
Paul Bakker
9852d00de6 Moved asn1write funtions to use asn1_write_raw_buffer() 2013-08-26 17:56:37 +02:00
Paul Bakker
7accbced87 Doxygen documentation added to asn1write.h 2013-08-26 17:37:18 +02:00
Paul Bakker
f3df61ad10 Generalized PEM writing in x509write module for RSA keys as well 2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker
624d03a3f7 Fixed length of key_usage bitstring to 7 bits 2013-08-26 17:37:18 +02:00
Paul Bakker
1c0e550e21 Added support for Netscape Certificate Types in CSR writing 
Further generalization of extension adding / replacing in the CSR
structure
 2013-08-26 17:37:18 +02:00
Paul Bakker
e5eae76bf0 Generalized the x509write_csr_set_key_usage() function and key_usage 
storage
 2013-08-26 17:37:18 +02:00
Paul Bakker
6db915b5a9 Added asn1_write_raw_buffer() 2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard
0a20171d52 Fix compiler warning from gcc -Os 2013-08-26 14:31:43 +02:00
Manuel Pégourié-Gonnard
70f1768b9d Make two format strings literal 
Fixes clang warning
 2013-08-26 14:31:33 +02:00
Manuel Pégourié-Gonnard
c6554aab3d Check length of session tickets we write 2013-08-26 14:26:33 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker
fde4270186 Added support for writing key_usage extension 2013-08-25 14:47:27 +02:00
Paul Bakker
598e450538 Added asn1_write_bitstring() and asn1_write_octet_string() 2013-08-25 14:46:39 +02:00
Paul Bakker
0e06c0fdb4 Assigned error codes to the error defines 2013-08-25 11:21:30 +02:00
Paul Bakker
82e2945ed2 Changed naming and prototype convention for x509write functions 
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
 2013-08-25 11:01:31 +02:00
Paul Bakker
2130796658 Switched order of storing x509_req_names to match inputed order 2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
fff80f8879 PK: use NULL for unimplemented operations 2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard
f73da02962 PK: change pk_verify arguments (md_info "optional") 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ab46694558 Change pk_set_type to pk_init_ctx for consistency 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ac4cd36297 PK rsa_verify: check signature length 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
15699380e5 Small PK cleanups 
- better error codes
- rm now-useless include
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c PK: rename members for consistency CIPHER, MD 
Also add pk_get_name() to remove a direct access to pk_type
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
09162ddcaa PK: reuse some eckey functions for ecdsa 
Also add some forgotten 'static' while at it.
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
c6ac8870d5 Nicer interface between PK and debug. 
Finally get rid of pk_context.type member, too.
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
b3d9187cea PK: add nice interface functions 
Also fix a const-corectness issue.
 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
765db07dfb PK: use alloc and free function pointers 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3053f5bcb4 Get rid of pk_wrap_rsa() 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f8c948a674 Add name and get_size() members in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
835eb59c6a PK: fix support for ECKEY_DH 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
f18c3e0378 Add a PK can_do() method and simplify code 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
d73b3c13be PK: use wrappers and function pointers for verify 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f499993cb2 Add ecdsa_from_keypair() 
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
cc0a9d040d Fix const-correctness of rsa_*_verify() 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
f84b4d6498 Check sig_pk for signature verification 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
96d5912088 Implement EC cert and crl verification 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
211a64c79f Add eckey to ecdsa conversion in the PK layer 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
b4d69c41f8 Prepare for EC cert & crl validation 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
e09631b7c4 Create ecp_group_copy() and use it 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
8eebd012b9 Add an ecdsa_genkey() function 2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard
b694b4896c Add ecdsa_{read,write}_signature() 2013-08-20 20:04:16 +02:00
Paul Bakker
3a074a7996 Actually skip certificate if we do not understand hash type 2013-08-20 12:45:03 +02:00
Paul Bakker
dc4baf11ab Removed errant printf in x509parse_self_test() 2013-08-20 12:44:33 +02:00
Paul Bakker
42c3ccf36e Fixed potential negative value misinterpretation in load_file() 2013-08-19 14:29:31 +02:00
Paul Bakker
75c1a6f97c Fixed potential heap buffer overflow on large hostname setting 2013-08-19 14:25:29 +02:00
Paul Bakker
694d3aeb47 Fixed potential heap buffer overflow on large file reading 2013-08-19 14:23:38 +02:00
Paul Bakker
5fd4917d97 Add missing ifdefs in ssl modules 2013-08-19 13:30:28 +02:00
Paul Bakker
04376b1419 Fixed memory leak in ssl_parse_server_key_exchange from missing 
md_free_ctx()
 2013-08-16 14:45:26 +02:00
Manuel Pégourié-Gonnard
298aae4524 Adapt core OID functions to embeded null bytes 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
c13c0d4524 Add a length check in rsa_get_pubkey() 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
56a487a17f Minor ecdsa cleanups 
- point_format is of no use
- d was init'ed and free'd twice
 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
686bfae244 Fix memory error in x509_get_attr_type_value 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
ba77bbf840 Fix memory error in asn1_get_alg() 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
06dab806ce Fix memory error in asn1_get_bitstring_null() 
When *len is 0, **p would be read, which is out of bounds.
 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
0b2726732e Fix ifdef conditions for EC-related extensions. 
Was alternatively ECP_C and ECDH_C.
 2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard
5734b2d358 Actually use the point format selected for ECDH 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
7b19c16b74 Handle suported_point_formats in ServerHello 2013-08-16 13:56:16 +02:00
Manuel Pégourié-Gonnard
6b8846d929 Stop advertising support for compressed points 
(We can only write them, not read them.)
 2013-08-16 13:56:16 +02:00
Paul Bakker
1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker
606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Paul Bakker
f0e39acb58 Fixed unitialized n when resuming a session 2013-08-15 11:40:48 +02:00
Paul Bakker
a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
56dc9e8bba Authenticate session tickets. 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
990c51a557 Encrypt session tickets 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard
779e42982c Start adding ticket keys (only key_name for now) 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
306827e3bc Prepare ticket structure for securing 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
593058e35e Don't renew ticket when the current one is OK 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
c086cce3d3 Don't cache empty session ID nor resumed session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7cd5924cec Rework NewSessionTicket handling in state machine 
Fixes bug: NewSessionTicket was ommited in resumed sessions.
 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
3ffa3db80b Fix server session ID handling with ticket 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
72882b2079 Relax limit on ClientHello size 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
609bc81a76 ssl_srv: read & write ticket, unsecure for now 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
94f6a79cde Auxiliary functions to (de)serialize ssl_session 2013-08-14 14:08:05 +02:00
Manuel Pégourié-Gonnard
7a358b8580 ssl_srv: write & parse session ticket ext & msg 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
6377e41ef5 Complete client support for session tickets 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
a5cc6025e7 Parse NewSessionTicket message 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
60182ef989 ssl_cli: write & parse session ticket extension 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
75d440192c Introduce ticket field in session structure 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
5f280cc6cf Implement saving peer cert as part of session. 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard
747180391d Add ssl_get_session() to save session on client 2013-08-14 14:08:03 +02:00
Paul Bakker
48e93c84b7 Made padding modes configurable from config.h 2013-08-14 14:02:48 +02:00
Paul Bakker
1a45d91cf2 Restructured cipher_set_padding_mode() to use switch statement 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
ebdc413f44 Add 'no padding' mode 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95 Add zero padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a Add zeros-and-length (ANSI X.923) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad Add one-and-zeros (ISO/IEC 7816-4) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
b7d24bc7ca Fix bug in get_pkcs_padding(): cannot be 0-length 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
ac56a1aec4 Make cipher_set_padding() actually work 
(Only one padding mode recognized yet.)
 2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5 Add cipher_set_padding() (no effect yet) 
Fix pattern in tests/.gitignore along the way.
 2013-08-14 14:02:46 +02:00
Paul Bakker
0f2f0bfc87 CAMELLIA-based PSK and DHE-PSK ciphersuites added 2013-07-26 15:04:03 +02:00
Paul Bakker
b548d773b3 Fixed memory leak in ecdh_compute_shared() in case of error 2013-07-26 14:22:19 +02:00
Paul Bakker
cca998a4c5 Fixed memory leak in ecdsa_sign() / ecdsa_verify() in case of error 2013-07-26 14:22:16 +02:00
Paul Bakker
1e6a175362 Support for AIX header locations in net.c module 2013-07-26 14:10:22 +02:00
Paul Bakker
52cf16caeb Fixed multiple use of GCM-context bug due to split-up of GCM functions 2013-07-26 13:56:22 +02:00
Paul Bakker
d9ca94a677 Updated merged pk.c and x509parse.c changes with new memory allocation functions 2013-07-25 11:25:09 +02:00
Paul Bakker
8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
277f7f23e2 Implement hmac truncation 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
57c2852807 Added truncated hmac negociation (without effect) 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e048b67d0a Misc minor fixes 
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
 2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
ed4af8b57c Move negotiated max fragment length to session 
User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments.
 2013-07-18 14:07:09 +02:00
Manuel Pégourié-Gonnard
581e6b6d6c Prepare migrating max fragment length to session 
Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing.
 2013-07-18 12:32:27 +02:00
Manuel Pégourié-Gonnard
6b4f237f6a Forbid setting max_frag_len > MAX_CONTENT_LEN 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
30dc7ef3ad Reset max_fragment_length in ssl_session_reset() 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
7bb7899121 Send max_fragment_length extension (server) 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
f11a6d78c7 Rework server extensions writing 2013-07-18 11:23:38 +02:00
Manuel Pégourié-Gonnard
de600e571a Read max_fragment_length extension (client) 2013-07-18 11:18:14 +02:00