f6a19bd728
Possible resource leak on FILE* removed in X509 parse
2013-05-14 13:26:51 +02:00
c72d3f7d85
Possible resource leak on FILE* removed in CTR_DRBG
2013-05-14 13:22:41 +02:00
45bda90caa
Comments for extra PSK ciphersuites added to config.h
2013-04-19 22:28:21 +02:00
40afb4ba13
Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487
2013-04-19 22:03:30 +02:00
0c5fac2931
Reordered ID's to numerical order
2013-04-19 21:10:51 +02:00
a1bf92ddb4
Added PSK NULL ciphers from RFC4785
2013-04-19 20:47:26 +02:00
b91c2b5782
PSK and DHE-PSK addition to ChangeLog
2013-04-19 20:47:26 +02:00
bc956d900e
Added missing config.h include
2013-04-19 20:47:26 +02:00
48f7a5d724
DHE-PSK based ciphersuite support added and cleaner key exchange based
...
code selection
The base RFC 4279 DHE-PSK ciphersuites are now supported and added.
The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
188c8de430
Only allow missing SereverKeyExchange message in bare PSK mode
2013-04-19 09:13:37 +02:00
bcbe2d8d81
Prettier printing of the lists for longer ciphersuite names
2013-04-19 09:10:20 +02:00
e07f41d4be
Introduced defines to control availability of specific SSL Key Exchange
...
methods.
Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
2013-04-19 09:08:57 +02:00
7ad00f9808
Sanity checks added to config.h
...
At the end of config.h sanity checks have been added to check for
prerequisites in the different module dependencies
2013-04-18 23:12:34 +02:00
ed27a041e4
More granular define selections within code to allow for smaller code
...
sizes
2013-04-18 23:12:34 +02:00
7e5e7ca205
Added PSK ciphersuite tests to compat.sh
2013-04-18 23:12:34 +02:00
73a899a9eb
Changed error code message to also cover missing pre-shared key
2013-04-18 23:12:34 +02:00
fbb17804d8
Added pre-shared key handling for the server side of SSL / TLS
...
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
70df2fbaa5
Split parts of ssl_parse_client_key_exchange() into separate functions
...
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
2013-04-18 23:12:33 +02:00
d4a56ec6bf
Added pre-shared key handling for the client side of SSL / TLS
...
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
f7abd422dc
Removed extra spaces on end of lines
2013-04-16 18:09:45 +02:00
29e1f12f6b
split parts of ssl_parse_server_key_exchange() into separate functions
...
Made ssl_parse_server_dh_params(), ssl_parse_server_ecdh_params() and
ssl_parse_signature_algorihm() in preparation for PSK-related code
2013-04-16 18:09:45 +02:00
8f4ddaeea9
Ability to specify allowed ciphersuites based on the protocol version.
...
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b
2013-04-16 18:09:45 +02:00
eff2e6d414
Fixed MPI assembly for ARM when -O2 is used
...
GCC with -O2 or higher also needs to now about 'cc' in the clobber list.
2013-04-11 17:13:22 +02:00
0ecdb23eed
Cleanup of the GCM code
...
Removed unused variable 'v'
orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
2013-04-09 11:36:42 +02:00
286bf3c501
Split up largest test suite data files into smaller chunks
2013-04-08 18:09:51 +02:00
370e90c2f0
Enable PBKDF2 by default
2013-04-08 15:19:43 +02:00
abfdfbfd46
Removed duplicate value from compat.sh ciphersuite list
2013-04-08 14:07:43 +02:00
a280d0f2b9
Fixed compiler warning for possible uninitialized ret
2013-04-08 13:40:17 +02:00
27714b1aa1
Added Camellia ECDHE-based CBC ciphersuites
...
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
bfe671f2d5
Blowfish has default of 128-bit keysize in cipher layer
2013-04-07 22:35:44 +02:00
d5c2b542cc
Indication of x509_get_numeric_string() deprecation
2013-04-07 22:34:26 +02:00
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
37de6bec16
Const correctness added for asn1write functions
2013-04-07 13:11:31 +02:00
c295b834a2
Minor checks to prevent NULL-pointer exceptions
2013-04-02 11:13:39 +02:00
3b6a07b745
Prevented compiler warning on uninitialized end
2013-03-21 11:56:50 +01:00
d3edc86720
Moved writing of client extensions to separate functions in ssl_cli.c
2013-03-20 16:07:17 +01:00
a54e493bc0
Added ECDHE-based SHA256 and SHA384 ciphersuites
...
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
b7149bcc90
Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF
2013-03-20 15:30:09 +01:00
a0234377fc
Made change to error.c for dummy error_strerror() permanent
2013-03-20 14:42:21 +01:00
41c83d3f67
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
...
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
00c1f43743
Merge branch 'ecc-devel-mpg' into development
2013-03-13 16:31:01 +01:00
d589a0ddb6
Modified Makefiles to include new files and and config.h to PolarSSL standard
2013-03-13 16:30:17 +01:00
68884e3c09
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-03-13 14:48:32 +01:00
9b5798dc75
Modified ChangeLog to include explanations of last SSL module changes
2013-03-13 13:53:00 +01:00
c9118b433b
Renamed hash structures to ctx
2013-03-13 11:48:39 +01:00
09d67258a2
Modified to work in-place
2013-03-13 11:46:00 +01:00
92be97b8e6
Align data with future location based on IV size
2013-03-13 11:46:00 +01:00
07eb38ba31
Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well
...
Added ssl_hw_record_activate()
2013-03-13 11:44:40 +01:00
c7878113cb
Do not set done in case of a fall-through
2013-03-13 11:44:40 +01:00
5bd422937a
Reverted commit 186751d9dd and made out_hdr and out_msg back-to-back again
2013-03-13 11:44:40 +01:00
