Paul Bakker
|
993e386a73
|
Merged renegotiation refactoring
|
2013-10-31 14:32:38 +01:00 |
|
Paul Bakker
|
37ce0ff185
|
Added defines around renegotiation code for SSL_SRV and SSL_CLI
|
2013-10-31 14:32:04 +01:00 |
|
Manuel Pégourié-Gonnard
|
31ff1d2e4f
|
Safer buffer comparisons in the SSL modules
|
2013-10-31 14:23:12 +01:00 |
|
Manuel Pégourié-Gonnard
|
291f9af935
|
Make all hash checking in programs constant-time
|
2013-10-31 14:22:27 +01:00 |
|
Paul Bakker
|
424cd6943c
|
Check HMAC in constant-time in crypt_and_hash
|
2013-10-31 14:22:08 +01:00 |
|
Manuel Pégourié-Gonnard
|
6d8404d6ba
|
Server: enforce renegotiation
|
2013-10-30 16:48:10 +01:00 |
|
Manuel Pégourié-Gonnard
|
9c1e1898b6
|
Move some code around, improve documentation
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
214eed38c7
|
Make ssl_renegotiate the only interface
ssl_write_hello_request() is no private
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
caed0541a0
|
Allow ssl_renegotiate() to be called in a loop
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
|
2013-10-30 16:48:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
e5e1bb972c
|
Fix misplaced initialisation
|
2013-10-30 16:46:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
f3dc2f6a1d
|
Add code for testing server-initiated renegotiation
|
2013-10-30 16:46:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
53b3e0603b
|
Add code for testing client-initiated renegotiation
|
2013-10-30 16:46:46 +01:00 |
|
Paul Bakker
|
0d7702c3ee
|
Minor change that makes life easier for static analyzers / compilers
|
2013-10-29 16:18:35 +01:00 |
|
Paul Bakker
|
6edcd41c0a
|
Addition conditions for UEFI environment under MSVC
|
2013-10-29 15:44:13 +01:00 |
|
Paul Bakker
|
7b0be68977
|
Support for serialNumber, postalAddress and postalCode in X509 names
|
2013-10-29 14:24:37 +01:00 |
|
Paul Bakker
|
fa6a620b75
|
Defines for UEFI environment under MSVC added
|
2013-10-29 14:05:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
178d9bac3c
|
Fix ECDSA corner case: missing reduction mod N
No security issue, can cause valid signatures to be rejected.
Reported by DualTachyon on github.
|
2013-10-29 13:40:17 +01:00 |
|
Paul Bakker
|
60b1d10131
|
Fixed spelling / typos (from PowerDNS:codespell)
|
2013-10-29 10:02:51 +01:00 |
|
Paul Bakker
|
93c6aa4014
|
Fixed that selfsign copies issuer_name to subject_name
|
2013-10-28 22:29:11 +01:00 |
|
Paul Bakker
|
50dc850c52
|
Const correctness
|
2013-10-28 21:19:10 +01:00 |
|
Paul Bakker
|
6a6087e71d
|
Added missing inline definition for MSCV and ARM environments
|
2013-10-28 18:53:08 +01:00 |
|
Paul Bakker
|
3292562a33
|
Fixed Makefile for test_suite_pk
|
2013-10-28 17:32:48 +01:00 |
|
Paul Bakker
|
7bc745b6a1
|
Merged constant-time padding checks
|
2013-10-28 14:40:26 +01:00 |
|
Paul Bakker
|
1642122f8b
|
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
|
2013-10-28 14:38:35 +01:00 |
|
Paul Bakker
|
3f917e230d
|
Merged optimizations for MODP NIST curves
|
2013-10-28 14:18:26 +01:00 |
|
Paul Bakker
|
08bb187bb6
|
Merged Public Key framwork tests
|
2013-10-28 14:11:09 +01:00 |
|
Paul Bakker
|
68037da3cd
|
Update Changelog for minor fixes
|
2013-10-28 14:02:40 +01:00 |
|
Manuel Pégourié-Gonnard
|
1001e32d6f
|
Fix return value of ecdsa_from_keypair()
|
2013-10-28 14:01:08 +01:00 |
|
Manuel Pégourié-Gonnard
|
21ef42f257
|
Don't select a PSK ciphersuite if no key available
|
2013-10-28 14:00:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
18dc0e2746
|
CERTS_C depends on PEM_PARSE_C
|
2013-10-28 13:59:26 +01:00 |
|
Manuel Pégourié-Gonnard
|
7c3291ea87
|
Check dependencies of protocol versions on hashes
|
2013-10-28 13:58:56 +01:00 |
|
Manuel Pégourié-Gonnard
|
3daaf3d21d
|
X509 key identifiers depend on SHA1
|
2013-10-28 13:58:32 +01:00 |
|
Manuel Pégourié-Gonnard
|
f8669dabf2
|
Fix error.c test suite relying on old name
|
2013-10-28 13:58:10 +01:00 |
|
Manuel Pégourié-Gonnard
|
c59c9c1453
|
Fix typo in b8012fca (ECP needs at least one curve)
|
2013-10-28 13:57:39 +01:00 |
|
Manuel Pégourié-Gonnard
|
7446833626
|
Fix endianness issue in test helper function
|
2013-10-28 13:02:20 +01:00 |
|
Paul Bakker
|
45a2c8d99a
|
Prevent possible alignment warnings on casting from char * to 'aligned *'
|
2013-10-28 12:57:08 +01:00 |
|
Paul Bakker
|
677377f472
|
Server does not send out extensions not advertised by client
|
2013-10-28 12:54:26 +01:00 |
|
Manuel Pégourié-Gonnard
|
e68bf171eb
|
Make get_zeros_padding() constant-time
|
2013-10-27 18:26:39 +01:00 |
|
Manuel Pégourié-Gonnard
|
6c32990114
|
Make get_one_and_zeros_padding() constant-time
|
2013-10-27 18:25:03 +01:00 |
|
Manuel Pégourié-Gonnard
|
d17df51277
|
Make get_zeros_and_len_padding() constant-time
|
2013-10-27 17:32:43 +01:00 |
|
Manuel Pégourié-Gonnard
|
f8ab069d6a
|
Make get_pkcs_padding() constant-time
|
2013-10-27 17:25:57 +01:00 |
|
Manuel Pégourié-Gonnard
|
a8a25ae1b9
|
Fix bad error codes
|
2013-10-27 13:48:15 +01:00 |
|
Manuel Pégourié-Gonnard
|
7109624aef
|
Skip MAC computation/check when GCM is used
|
2013-10-25 19:31:25 +02:00 |
|
Manuel Pégourié-Gonnard
|
65ea372f9b
|
Rm unsupported suites (export) from compat.sh
|
2013-10-25 18:44:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
8866591cc5
|
Don't special-case NULL cipher in ssl_tls.c
|
2013-10-25 18:42:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
126a66f668
|
Simplify switching on mode in ssl_tls.c
|
2013-10-25 18:33:32 +02:00 |
|
Manuel Pégourié-Gonnard
|
98d9a2c061
|
Fix missing or wrong ciphersuite definitions
|
2013-10-25 18:03:18 +02:00 |
|
Manuel Pégourié-Gonnard
|
9d70373449
|
Update ciphersuite lists in config.h
|
2013-10-25 18:01:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
6fb0f745be
|
Rank GCM before CBC in ciphersuite_preference
|
2013-10-25 17:08:15 +02:00 |
|
Manuel Pégourié-Gonnard
|
8d01eea7af
|
Add Camellia-GCM ciphersuites
|
2013-10-25 16:46:05 +02:00 |
|