Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							eaecbd3ba8 
							
						 
					 
					
						
						
							
							Fix warning in reduced configs  
						
						
						
						
					 
					
						2014-12-02 10:40:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							615e677c0b 
							
						 
					 
					
						
						
							
							Make renegotiation a compile-time option  
						
						
						
						
					 
					
						2014-12-02 10:40:54 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f9d778d635 
							
						 
					 
					
						
						
							
							Merge branch 'etm' into dtls  
						
						... 
						
						
						
						* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM
Conflicts:
	include/polarssl/check_config.h 
						
						
					 
					
						2014-11-06 01:36:32 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							56d985d0a6 
							
						 
					 
					
						
						
							
							Merge branch 'session-hash' into dtls  
						
						... 
						
						
						
						* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret
Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c 
						
						
					 
					
						2014-11-06 01:25:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fedba98ede 
							
						 
					 
					
						
						
							
							Merge branch 'fb-scsv' into dtls  
						
						... 
						
						
						
						* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side 
						
						
					 
					
						2014-11-05 16:12:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b575b54cb9 
							
						 
					 
					
						
						
							
							Forbid extended master secret with SSLv3  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							699cafaea2 
							
						 
					 
					
						
						
							
							Implement initial negotiation of EtM  
						
						... 
						
						
						
						Not implemented yet:
- actually using EtM
- conditions on renegotiation 
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ada3030485 
							
						 
					 
					
						
						
							
							Implement extended master secret  
						
						
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							1cbd39dbeb 
							
						 
					 
					
						
						
							
							Implement FALLBACK_SCSV client-side  
						
						
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							367381fddd 
							
						 
					 
					
						
						
							
							Add negotiation of Extended Master Secret  
						
						... 
						
						
						
						(But not the actual thing yet.) 
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7de3c9eecb 
							
						 
					 
					
						
						
							
							Count timeout per flight, not per message  
						
						
						
						
					 
					
						2014-10-21 16:32:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							cd32a50d67 
							
						 
					 
					
						
						
							
							Fix NewSesssionTicket vs ChangeCipherSpec bug  
						
						... 
						
						
						
						Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less. 
						
						
					 
					
						2014-10-21 16:32:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5d8ba53ace 
							
						 
					 
					
						
						
							
							Expand and fix resend infrastructure  
						
						
						
						
					 
					
						2014-10-21 16:32:28 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d92d6a1b5b 
							
						 
					 
					
						
						
							
							ssl_parse_server_key_exchange() cleanups  
						
						
						
						
					 
					
						2014-10-21 16:30:32 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							000d5aec13 
							
						 
					 
					
						
						
							
							No memmove: parse_new_session_ticket()  
						
						
						
						
					 
					
						2014-10-21 16:30:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0b3400dafa 
							
						 
					 
					
						
						
							
							No memmove: ssl_parse_server_hello()  
						
						
						
						
					 
					
						2014-10-21 16:30:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							069eb79043 
							
						 
					 
					
						
						
							
							No memmove: ssl_parse_hello_verify_request()  
						
						
						
						
					 
					
						2014-10-21 16:30:30 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							04c1b4ece1 
							
						 
					 
					
						
						
							
							No memmove: certificate_request + server_hello_done  
						
						
						
						
					 
					
						2014-10-21 16:30:30 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f4830b5092 
							
						 
					 
					
						
						
							
							No memmove: ssl_parse_server_key_exchange()  
						
						
						
						
					 
					
						2014-10-21 16:30:30 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f899583f94 
							
						 
					 
					
						
						
							
							Prepare moving away from memmove() on incoming HS  
						
						
						
						
					 
					
						2014-10-21 16:30:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b35fe5638a 
							
						 
					 
					
						
						
							
							Fix HelloVerifyRequest version handling  
						
						
						
						
					 
					
						2014-10-21 16:30:20 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fb2d22371f 
							
						 
					 
					
						
						
							
							Reuse random when responding to a verify request  
						
						
						
						
					 
					
						2014-10-21 16:30:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b760f001d7 
							
						 
					 
					
						
						
							
							Extract generate client random to a function  
						
						
						
						
					 
					
						2014-10-21 16:30:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a0e1632b79 
							
						 
					 
					
						
						
							
							Do not use compression with DTLS  
						
						
						
						
					 
					
						2014-10-21 16:30:13 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							67427c07b2 
							
						 
					 
					
						
						
							
							Fix checksum computation with HelloVerifyRequest  
						
						
						
						
					 
					
						2014-10-21 16:30:11 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							74848811b4 
							
						 
					 
					
						
						
							
							Implement HelloVerifyRequest on client  
						
						
						
						
					 
					
						2014-10-21 16:30:11 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							4128aa71ee 
							
						 
					 
					
						
						
							
							Add the 'cookie' field of DTLS ClientHello  
						
						
						
						
					 
					
						2014-10-21 16:30:08 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							abc7e3b4ba 
							
						 
					 
					
						
						
							
							Handle DTLS version encoding and fix some checks  
						
						
						
						
					 
					
						2014-10-21 16:30:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d66645130c 
							
						 
					 
					
						
						
							
							Add a ciphersuite NODTLS flag  
						
						
						
						
					 
					
						2014-10-21 16:30:03 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f7cdbc0e87 
							
						 
					 
					
						
						
							
							Fix potential bad read of length  
						
						
						
						
					 
					
						2014-10-17 17:02:10 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							44ade654c5 
							
						 
					 
					
						
						
							
							Implement (partial) renego delay on client  
						
						
						
						
					 
					
						2014-08-19 13:58:40 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6591962f06 
							
						 
					 
					
						
						
							
							Allow delay on renego on client  
						
						... 
						
						
						
						Currently unbounded: will be fixed later 
						
						
					 
					
						2014-08-19 12:50:30 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							84bbeb58df 
							
						 
					 
					
						
						
							
							Adapt cipher and MD layer with _init() and _free()  
						
						
						
						
					 
					
						2014-07-09 10:19:24 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5b4af39a36 
							
						 
					 
					
						
						
							
							Add _init() and _free() for hash modules  
						
						
						
						
					 
					
						2014-07-09 10:19:23 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							2a45d1c8bb 
							
						 
					 
					
						
						
							
							Merge changes to config examples and configuration issues  
						
						
						
						
					 
					
						2014-06-25 11:27:00 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							dd0c0f33c0 
							
						 
					 
					
						
						
							
							Better usage of dhm_calc_secret in SSL  
						
						
						
						
					 
					
						2014-06-25 11:26:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5c1f032653 
							
						 
					 
					
						
						
							
							Abort handshake if no point format in common  
						
						
						
						
					 
					
						2014-06-25 11:26:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fd35af1579 
							
						 
					 
					
						
						
							
							Fix off-by-one error in point format parsing  
						
						
						
						
					 
					
						2014-06-25 11:26:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5bfd968e01 
							
						 
					 
					
						
						
							
							Fix warning with TLS 1.2 without RSA or ECDSA  
						
						
						
						
					 
					
						2014-06-24 15:18:11 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							66d5d076f7 
							
						 
					 
					
						
						
							
							Fix formatting in various code to match spacing from coding style  
						
						
						
						
					 
					
						2014-06-17 17:06:47 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							3461772559 
							
						 
					 
					
						
						
							
							Introduce polarssl_zeroize() instead of memset() for zeroization  
						
						
						
						
					 
					
						2014-06-14 16:46:03 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							61edffef28 
							
						 
					 
					
						
						
							
							Normalize "should never happen" messages/errors  
						
						
						
						
					 
					
						2014-05-22 13:52:47 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							b9e4e2c97a 
							
						 
					 
					
						
						
							
							Fix formatting: fix some 'easy' > 80 length lines  
						
						
						
						
					 
					
						2014-05-01 14:18:25 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							9af723cee7 
							
						 
					 
					
						
						
							
							Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)  
						
						
						
						
					 
					
						2014-05-01 13:03:14 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							cef4ad2509 
							
						 
					 
					
						
						
							
							Adapt sources to configurable config.h name  
						
						
						
						
					 
					
						2014-04-30 16:40:20 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							a70366317d 
							
						 
					 
					
						
						
							
							Improve interop by not writing ext_len in ClientHello / ServerHello when 0  
						
						... 
						
						
						
						The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero. 
						
						
					 
					
						2014-04-30 10:16:16 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							f6521de17b 
							
						 
					 
					
						
						
							
							Add ALPN tests to ssl-opt.sh  
						
						... 
						
						
						
						Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only) 
						
						
					 
					
						2014-04-07 12:42:04 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0b874dc580 
							
						 
					 
					
						
						
							
							Implement ALPN client-side  
						
						
						
						
					 
					
						2014-04-07 10:57:45 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							3c599f11b0 
							
						 
					 
					
						
						
							
							Avoid possible segfault on bad server ciphersuite  
						
						
						
						
					 
					
						2014-03-13 19:25:06 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							6a28e722c9 
							
						 
					 
					
						
						
							
							Merged platform compatibility layer  
						
						
						
						
					 
					
						2014-02-06 13:44:19 +01:00