Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b31c5f68b1 
					 
					
						
						
							
							Add SSL presets.  
						
						... 
						
						
						
						No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values. 
						
						
					 
					
						2015-06-17 14:59:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7bfc122703 
					 
					
						
						
							
							Implement sig_hashes  
						
						
						
						
					 
					
						2015-06-17 14:34:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						36a8b575a9 
					 
					
						
						
							
							Create API for mbedtls_ssl_conf_sig_hashes().  
						
						... 
						
						
						
						Not implemented yet. 
						
						
					 
					
						2015-06-17 14:27:39 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						9d412d872c 
					 
					
						
						
							
							Small internal changes in curve checking  
						
						... 
						
						
						
						- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config 
						
						
					 
					
						2015-06-17 14:27:39 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b541da6ef3 
					 
					
						
						
							
							Fix define for ssl_conf_curves()  
						
						... 
						
						
						
						This is a security feature, it shouldn't be optional. 
						
						
					 
					
						2015-06-17 14:27:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6e3ee3ad43 
					 
					
						
						
							
							Add mbedtls_ssl_conf_cert_profile()  
						
						
						
						
					 
					
						2015-06-17 14:27:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						bd990d6629 
					 
					
						
						
							
							Add ssl_conf_dhm_min_bitlen()  
						
						
						
						
					 
					
						2015-06-17 11:37:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						3335205a21 
					 
					
						
						
							
							Avoid in-out length in dhm_calc_secret()  
						
						
						
						
					 
					
						2015-06-02 16:17:08 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						cb46fd8216 
					 
					
						
						
							
							Avoid non-standard strcasecmp()  
						
						
						
						
					 
					
						2015-05-29 10:18:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6a8ca33fa5 
					 
					
						
						
							
							Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED  
						
						
						
						
					 
					
						2015-05-28 16:25:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1b8de57827 
					 
					
						
						
							
							Remove a few redundant memset after calloc.  
						
						... 
						
						
						
						Using the following semantic patch provided by Mansour Moufid:
@@
expression x;
@@
  x = mbedtls_calloc(...)
  ...
- memset(x, 0, ...); 
						
						
					 
					
						2015-05-27 16:58:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b2a18a2a98 
					 
					
						
						
							
							Remove references to malloc in strings/names  
						
						
						
						
					 
					
						2015-05-27 16:58:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7551cb9ee9 
					 
					
						
						
							
							Replace malloc with calloc  
						
						... 
						
						
						
						- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too 
						
						
					 
					
						2015-05-26 16:04:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						5e94ddebbc 
					 
					
						
						
							
							Create ssl_internal.h and move some functions  
						
						
						
						
					 
					
						2015-05-26 11:57:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e057d3bf6b 
					 
					
						
						
							
							Relax some dependencies  
						
						... 
						
						
						
						- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY
Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone). 
						
						
					 
					
						2015-05-20 11:14:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b596abfdc0 
					 
					
						
						
							
							Refine cli/srv ifdefs for session tickets  
						
						... 
						
						
						
						- Only the server needs to generate/parse tickets
- Only the client needs to store them
Also adjust prototype of ssl_conf_session_tickets() while at it. 
						
						
					 
					
						2015-05-20 11:14:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						cf141ca7e7 
					 
					
						
						
							
							Fix #ifdefs on ssl_cli.c or ssl_srv.c  
						
						... 
						
						
						
						Nothing to do with the current branch except I'm going to refine such #ifdefs
for tickets next and I want to start from a clean state 
						
						
					 
					
						2015-05-20 11:14:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						d59675d92c 
					 
					
						
						
							
							Move to callback for session tickets  
						
						
						
						
					 
					
						2015-05-20 11:14:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b0394bebdb 
					 
					
						
						
							
							Further adapt prototypes of ticket functions  
						
						... 
						
						
						
						Moving everything in ticket_keys structure, that will soon become
ticket_context. 
						
						
					 
					
						2015-05-20 11:14:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						151dc77732 
					 
					
						
						
							
							Fix some old names that remained  
						
						... 
						
						
						
						- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me 
						
						
					 
					
						2015-05-14 21:58:34 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8473f87984 
					 
					
						
						
							
							Rename cipher_init_ctx() to cipher_setup()  
						
						
						
						
					 
					
						2015-05-14 21:58:34 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						0de074fbc1 
					 
					
						
						
							
							Use rarely used conf function to cover them  
						
						
						
						
					 
					
						2015-05-14 12:58:01 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						66dc5555f0 
					 
					
						
						
							
							mbedtls_ssl_conf_arc4_support() depends on ARC4_C  
						
						
						
						
					 
					
						2015-05-14 12:31:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6ab9b009cd 
					 
					
						
						
							
							Fix warnings from armcc  
						
						
						
						
					 
					
						2015-05-14 11:37:52 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						545102ef1d 
					 
					
						
						
							
							No timer -> to timeout (optional for TLS)  
						
						
						
						
					 
					
						2015-05-13 17:31:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						286a136e63 
					 
					
						
						
							
							SSL timer fixes: not DTLS only, start cancelled  
						
						
						
						
					 
					
						2015-05-13 17:18:59 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e3c41ad8a4 
					 
					
						
						
							
							Use the new timer callback API in programs  
						
						
						
						
					 
					
						2015-05-13 10:04:32 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						2e01291739 
					 
					
						
						
							
							Prepare the SSL modules for using timer callbacks  
						
						
						
						
					 
					
						2015-05-13 09:43:39 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ec4b08957f 
					 
					
						
						
							
							Fix issue in ssl_free() vs ssl_config_free()  
						
						... 
						
						
						
						Just an overlook from moving things recently 
						
						
					 
					
						2015-05-12 12:22:36 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e6ef16f98c 
					 
					
						
						
							
							Change X.509 verify flags to uint32_t  
						
						
						
						
					 
					
						2015-05-11 19:54:43 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						55fab2de5d 
					 
					
						
						
							
							Fix a few more #ifdef's  
						
						
						
						
					 
					
						2015-05-11 17:54:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8b431fbbec 
					 
					
						
						
							
							Fix dependency issues  
						
						
						
						
					 
					
						2015-05-11 14:35:42 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						06939cebef 
					 
					
						
						
							
							Fix order of ssl_conf vs ssl_setup in programs  
						
						... 
						
						
						
						Except ssl_phtread_server that will be done later 
						
						
					 
					
						2015-05-11 14:35:42 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						01e5e8c1f8 
					 
					
						
						
							
							Change a few ssl_conf return types to void  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6729e79482 
					 
					
						
						
							
							Rename ssl_set_xxx() to ssl_conf_xxx()  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						22bfa4bb53 
					 
					
						
						
							
							Add ssl_set_hs_ca_chain()  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1897af9e93 
					 
					
						
						
							
							Make conf const inside ssl_context (finally)  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						17a40cd255 
					 
					
						
						
							
							Change ssl_own_cert to work on ssl_config  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1af6c8500b 
					 
					
						
						
							
							Add ssl_set_hs_own_cert()  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8f618a8e65 
					 
					
						
						
							
							Rework ssl_set_own_cert() internals  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						120fdbdb3d 
					 
					
						
						
							
							Change ssl_set_psk() to act on ssl_config  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						4b68296626 
					 
					
						
						
							
							Use a specific function in the PSK callback  
						
						
						
						
					 
					
						2015-05-11 14:35:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						750e4d7769 
					 
					
						
						
							
							Move ssl_set_rng() to act on config  
						
						
						
						
					 
					
						2015-05-11 12:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						5cb3308e5f 
					 
					
						
						
							
							Merge contexts for session cache  
						
						
						
						
					 
					
						2015-05-11 12:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ae31914990 
					 
					
						
						
							
							Rename ssl_legacy_renegotiation() to ssl_set_...  
						
						
						
						
					 
					
						2015-05-11 12:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						662c6e8cdd 
					 
					
						
						
							
							Disable truncated HMAC by default  
						
						
						
						
					 
					
						2015-05-11 12:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1028b74cff 
					 
					
						
						
							
							Upgrade default DHM params size  
						
						
						
						
					 
					
						2015-05-11 12:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8836994f6b 
					 
					
						
						
							
							Move WANT_READ/WANT_WRITE codes to SSL  
						
						
						
						
					 
					
						2015-05-11 12:33:26 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1b511f93c6 
					 
					
						
						
							
							Rename ssl_set_bio_timeout() to set_bio()  
						
						... 
						
						
						
						Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway... 
						
						
					 
					
						2015-05-11 12:33:26 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						97fd52c529 
					 
					
						
						
							
							Split ssl_set_read_timeout() out of bio_timeout()  
						
						
						
						
					 
					
						2015-05-11 12:33:26 +02:00