Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						56dc9e8bba 
					 
					
						
						
							
							Authenticate session tickets.  
						
						
						
						
					 
					
						2013-08-14 14:08:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						990c51a557 
					 
					
						
						
							
							Encrypt session tickets  
						
						
						
						
					 
					
						2013-08-14 14:08:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						779e42982c 
					 
					
						
						
							
							Start adding ticket keys (only key_name for now)  
						
						
						
						
					 
					
						2013-08-14 14:08:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						aa0d4d1aff 
					 
					
						
						
							
							Add ssl_set_session_tickets()  
						
						
						
						
					 
					
						2013-08-14 14:08:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						06650f6a37 
					 
					
						
						
							
							Fix reusing session more than once  
						
						
						
						
					 
					
						2013-08-14 14:08:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						c086cce3d3 
					 
					
						
						
							
							Don't cache empty session ID nor resumed session  
						
						
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7cd5924cec 
					 
					
						
						
							
							Rework NewSessionTicket handling in state machine  
						
						... 
						
						
						
						Fixes bug: NewSessionTicket was ommited in resumed sessions. 
						
						
					 
					
						2013-08-14 14:08:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7a358b8580 
					 
					
						
						
							
							ssl_srv: write & parse session ticket ext & msg  
						
						
						
						
					 
					
						2013-08-14 14:08:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a5cc6025e7 
					 
					
						
						
							
							Parse NewSessionTicket message  
						
						
						
						
					 
					
						2013-08-14 14:08:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						75d440192c 
					 
					
						
						
							
							Introduce ticket field in session structure  
						
						
						
						
					 
					
						2013-08-14 14:08:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						5f280cc6cf 
					 
					
						
						
							
							Implement saving peer cert as part of session.  
						
						
						
						
					 
					
						2013-08-14 14:08:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						747180391d 
					 
					
						
						
							
							Add ssl_get_session() to save session on client  
						
						
						
						
					 
					
						2013-08-14 14:08:03 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						8c1ede655f 
					 
					
						
						
							
							Changed prototype for ssl_set_truncated_hmac() to allow disabling  
						
						
						
						
					 
					
						2013-07-19 14:51:47 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						277f7f23e2 
					 
					
						
						
							
							Implement hmac truncation  
						
						
						
						
					 
					
						2013-07-19 14:51:47 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e980a994f0 
					 
					
						
						
							
							Add interface for truncated hmac  
						
						
						
						
					 
					
						2013-07-19 14:51:47 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e048b67d0a 
					 
					
						
						
							
							Misc minor fixes  
						
						... 
						
						
						
						- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue 
						
						
					 
					
						2013-07-19 12:56:08 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ed4af8b57c 
					 
					
						
						
							
							Move negotiated max fragment length to session  
						
						... 
						
						
						
						User-set max fragment length remains in ssl_context.
The min of the two is used for sizing fragments. 
						
						
					 
					
						2013-07-18 14:07:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						581e6b6d6c 
					 
					
						
						
							
							Prepare migrating max fragment length to session  
						
						... 
						
						
						
						Remove max_frag_len member so that reseting session by memset()ing it to zero
does the right thing. 
						
						
					 
					
						2013-07-18 12:32:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6b4f237f6a 
					 
					
						
						
							
							Forbid setting max_frag_len > MAX_CONTENT_LEN  
						
						
						
						
					 
					
						2013-07-18 11:23:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						30dc7ef3ad 
					 
					
						
						
							
							Reset max_fragment_length in ssl_session_reset()  
						
						
						
						
					 
					
						2013-07-18 11:23:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						787b658bb3 
					 
					
						
						
							
							Implement max_frag_len write restriction  
						
						
						
						
					 
					
						2013-07-18 11:18:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8b46459ae5 
					 
					
						
						
							
							Add ssl_set_max_frag_len()  
						
						
						
						
					 
					
						2013-07-18 11:18:13 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						61d113bb7b 
					 
					
						
						
							
							Init and free new contexts in the right place for SSL to prevent  
						
						... 
						
						
						
						memory leaks 
						
						
					 
					
						2013-07-16 17:48:58 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						fa9b10050b 
					 
					
						
						
							
							Also compiles / runs without time-based functions in OS  
						
						... 
						
						
						
						Can now run without need of time() / localtime() and gettimeofday() 
						
						
					 
					
						2013-07-03 17:22:32 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						6e339b52e8 
					 
					
						
						
							
							Memory-allocation abstraction layer and buffer-based allocator added  
						
						
						
						
					 
					
						2013-07-03 17:22:31 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						abf2f8fcf9 
					 
					
						
						
							
							zlib compression/decompression skipped on empty blocks  
						
						
						
						
					 
					
						2013-06-30 14:57:46 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						e5bffc319d 
					 
					
						
						
							
							Removed redundant includes  
						
						
						
						
					 
					
						2013-06-30 14:53:06 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						d2681d82e2 
					 
					
						
						
							
							Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}  
						
						
						
						
					 
					
						2013-06-30 14:49:12 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						9e36f0475f 
					 
					
						
						
							
							SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly  
						
						... 
						
						
						
						The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules. 
						
						
					 
					
						2013-06-30 14:34:05 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						2fbefde1d8 
					 
					
						
						
							
							Client and server now filter sent and accepted ciphersuites on minimum  
						
						... 
						
						
						
						and maximum protocol version 
						
						
					 
					
						2013-06-29 18:35:40 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						b6c5d2e1a6 
					 
					
						
						
							
							Cleanup up non-prototyped functions (static) and const-correctness  
						
						... 
						
						
						
						More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code. 
						
						
					 
					
						2013-06-25 16:25:17 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						90995b5ce3 
					 
					
						
						
							
							Added mechanism to provide alternative cipher / hash implementations  
						
						... 
						
						
						
						All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043 
						
						
					 
					
						2013-06-25 15:06:51 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						89ecb2d074 
					 
					
						
						
							
							ssl_parse_certificate() now calls x509parse_crt_der() directly  
						
						... 
						
						
						
						(cherry picked from commit 1922a4e6aa 
						
						
					 
					
						2013-06-24 19:09:25 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						3c2122ff9d 
					 
					
						
						
							
							Fixed const correctness issues that have no impact on the ABI  
						
						... 
						
						
						
						(cherry picked from commit eae09db9e5 
						
						
					 
					
						2013-06-24 19:09:24 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						48f7a5d724 
					 
					
						
						
							
							DHE-PSK based ciphersuite support added and cleaner key exchange based  
						
						... 
						
						
						
						code selection
The base RFC 4279 DHE-PSK ciphersuites are now supported and added.
The SSL code cuts out code not relevant for defined key exchange methods 
						
						
					 
					
						2013-04-19 20:47:26 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						ed27a041e4 
					 
					
						
						
							
							More granular define selections within code to allow for smaller code  
						
						... 
						
						
						
						sizes 
						
						
					 
					
						2013-04-18 23:12:34 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						d4a56ec6bf 
					 
					
						
						
							
							Added pre-shared key handling for the client side of SSL / TLS  
						
						... 
						
						
						
						Client side handling of the pure PSK ciphersuites is now in the base
code. 
						
						
					 
					
						2013-04-18 23:12:33 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						f7abd422dc 
					 
					
						
						
							
							Removed extra spaces on end of lines  
						
						
						
						
					 
					
						2013-04-16 18:09:45 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						8f4ddaeea9 
					 
					
						
						
							
							Ability to specify allowed ciphersuites based on the protocol version.  
						
						... 
						
						
						
						The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b 
						
						
					 
					
						2013-04-16 18:09:45 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						b7149bcc90 
					 
					
						
						
							
							Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF  
						
						
						
						
					 
					
						2013-03-20 15:30:09 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						41c83d3f67 
					 
					
						
						
							
							Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS  
						
						... 
						
						
						
						Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included. 
						
						
					 
					
						2013-03-20 14:39:14 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						68884e3c09 
					 
					
						
						
							
							Moved to advanced ciphersuite representation and more dynamic SSL code  
						
						
						
						
					 
					
						2013-03-13 14:48:32 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						c9118b433b 
					 
					
						
						
							
							Renamed hash structures to ctx  
						
						
						
						
					 
					
						2013-03-13 11:48:39 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						92be97b8e6 
					 
					
						
						
							
							Align data with future location based on IV size  
						
						
						
						
					 
					
						2013-03-13 11:46:00 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						07eb38ba31 
					 
					
						
						
							
							Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well  
						
						... 
						
						
						
						Added ssl_hw_record_activate() 
						
						
					 
					
						2013-03-13 11:44:40 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						c7878113cb 
					 
					
						
						
							
							Do not set done in case of a fall-through  
						
						
						
						
					 
					
						2013-03-13 11:44:40 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						5bd422937a 
					 
					
						
						
							
							Reverted commit  186751d9dd and made out_hdr and out_msg back-to-back again  
						
						
						
						
					 
					
						2013-03-13 11:44:40 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						926c8e49fe 
					 
					
						
						
							
							Fixed possible NULL pointer exception in ssl_get_ciphersuite()  
						
						
						
						
					 
					
						2013-03-06 18:01:03 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						e47b34bdc8 
					 
					
						
						
							
							Removed further timing differences during SSL message decryption in ssl_decrypt_buf()  
						
						... 
						
						
						
						New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences. 
						
						
					 
					
						2013-02-27 14:48:00 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						86f04f400b 
					 
					
						
						
							
							Fixed comment  
						
						
						
						
					 
					
						2013-02-14 11:20:09 +01:00