f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
b575b54cb9
Forbid extended master secret with SSLv3
2014-11-05 16:00:50 +01:00
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
ada3030485
Implement extended master secret
2014-11-05 16:00:49 +01:00
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
cd32a50d67
Fix NewSesssionTicket vs ChangeCipherSpec bug
...
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
d92d6a1b5b
ssl_parse_server_key_exchange() cleanups
2014-10-21 16:30:32 +02:00
000d5aec13
No memmove: parse_new_session_ticket()
2014-10-21 16:30:31 +02:00
0b3400dafa
No memmove: ssl_parse_server_hello()
2014-10-21 16:30:31 +02:00
069eb79043
No memmove: ssl_parse_hello_verify_request()
2014-10-21 16:30:30 +02:00
04c1b4ece1
No memmove: certificate_request + server_hello_done
2014-10-21 16:30:30 +02:00
f4830b5092
No memmove: ssl_parse_server_key_exchange()
2014-10-21 16:30:30 +02:00
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
b35fe5638a
Fix HelloVerifyRequest version handling
2014-10-21 16:30:20 +02:00
fb2d22371f
Reuse random when responding to a verify request
2014-10-21 16:30:14 +02:00
b760f001d7
Extract generate client random to a function
2014-10-21 16:30:14 +02:00
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
4128aa71ee
Add the 'cookie' field of DTLS ClientHello
2014-10-21 16:30:08 +02:00
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
d66645130c
Add a ciphersuite NODTLS flag
2014-10-21 16:30:03 +02:00
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
dd0c0f33c0
Better usage of dhm_calc_secret in SSL
2014-06-25 11:26:14 +02:00
5c1f032653
Abort handshake if no point format in common
2014-06-25 11:26:14 +02:00
fd35af1579
Fix off-by-one error in point format parsing
2014-06-25 11:26:14 +02:00
5bfd968e01
Fix warning with TLS 1.2 without RSA or ECDSA
2014-06-24 15:18:11 +02:00
66d5d076f7
Fix formatting in various code to match spacing from coding style
2014-06-17 17:06:47 +02:00
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
61edffef28
Normalize "should never happen" messages/errors
2014-05-22 13:52:47 +02:00
b9e4e2c97a
Fix formatting: fix some 'easy' > 80 length lines
2014-05-01 14:18:25 +02:00
9af723cee7
Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)
2014-05-01 13:03:14 +02:00
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
a70366317d
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
3c599f11b0
Avoid possible segfault on bad server ciphersuite
2014-03-13 19:25:06 +01:00
6a28e722c9
Merged platform compatibility layer
2014-02-06 13:44:19 +01:00
0910f32ee3
Fixed compile warning (in test-ref-configs)
2014-02-06 13:41:18 +01:00
7dc4c44267
Library files moved to use platform layer
2014-02-06 13:20:16 +01:00
