aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls
Commit message (Collapse)AuthorAgeFilesLines
* libtls: Link against ws_w32 on WindowsMartin Willi2014-06-041-0/+4
|
* unit-tests: Make sure plugins in the builddir are loadedTobias Brunner2014-05-191-1/+1
| | | | | | When running the tests in GDB the working directory apparently is different. With the relative path used previously the plugins would not be found and those installed on the system would get used.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-2/+2
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* tls: Move variable sized tls_record_t struct to end of tls_t dataMartin Willi2014-05-161-4/+4
| | | | clang complains about the the non-last variable length member.
* Implemented PT-EAP protocol (RFC 7171)Andreas Steffen2014-05-122-47/+70
|
* tls: Add a test case to check correct enum name mapping of cipher suitesMartin Willi2014-04-013-0/+250
|
* tls: Add socket based tests testing all supported suites with TLS 1.2/1.1/1.0Martin Willi2014-04-013-0/+527
|
* tls: Remove superfluous initializers in TLS AEAD implementationsMartin Willi2014-04-014-4/+0
|
* tls: Support a maximum TLS version to negotiate using TLS socket abstractionMartin Willi2014-04-012-2/+4
|
* tls: Support a null encryption flag on TLS socket abstractionMartin Willi2014-04-012-3/+16
|
* tls: Introduce a generic TLS purpose that accepts NULL encryption ciphersMartin Willi2014-04-013-0/+6
|
* tls: Export a function to list supported TLS cipher suitesMartin Willi2014-04-012-18/+66
|
* tls: Create a unit-test runnerMartin Willi2014-04-015-0/+93
|
* tls: Fix some TLS cipher suite enum namesMartin Willi2014-03-311-3/+3
| | | | | It is important to have them mapped correctly, as we use these official TLS identifiers to configure specific TLS suites.
* tls: Include TLS version announced in Client Hello in encrypted premasterMartin Willi2014-03-311-1/+7
| | | | | | While a hardcoded 1.2 version is fine when we offer that in Client Hello, we should include the actually offered version if it has been reduced before starting the exchange.
* tls: Check for minimal TLS record length before each record iterationMartin Willi2014-03-311-8/+8
| | | | | | Fixes fragment reassembling if a buffer contains more than one record, but the last record contains a partial TLS record header. Thanks to Nick Saunders and Jamil Nimeh for identifying this issue and providing a fix for it.
* tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD foundMartin Willi2014-03-311-19/+52
|
* tls: Offer TLS signature schemes in ClientHello in order of preferenceMartin Willi2014-03-311-90/+59
| | | | | Additionally, we now query plugin features to find out what schemes we exactly support.
* tls: Define AES-GCM cipher suites from RFC 5288/5289Martin Willi2014-03-311-0/+54
|
* tls: Implement the TLS AEAD abstraction for real AEAD modesMartin Willi2014-03-314-8/+262
|
* tls: Separate TLS protection to abstracted AEAD modesMartin Willi2014-03-318-325/+874
| | | | | | To better separate the code path for different TLS versions and modes of operation, we introduce a TLS AEAD abstraction. We provide three implementations using traditional transforms, and get prepared for TLS AEAD modes.
* libtls: Move settings to <ns>.tls with fallback to libtlsTobias Brunner2014-02-122-4/+9
|
* Build all shared libraries with -no-undefined and link them properlyTobias Brunner2013-09-121-0/+6
| | | | | | | | | | The flag is required to convince libtool on Cygwin to build DLLs. But on Windows these shared libraries can not have undefined symbols, so we have to link them explicitly to the libraries they reference. For plugins this is currently not done, so only the monolithic build is supported. The plugin loader wouldn't be able to load DLLs anyway, as it tries to load files that don't exist on Cygwin.
* Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LENAndreas Steffen2013-08-191-2/+2
|
* Extract client identity and authentication type from SASL authenticationAndreas Steffen2013-08-151-0/+7
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-2/+2
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* fixed typoAndreas Steffen2013-03-271-1/+1
|
* Use proper integer types when handling TLS exchangesTobias Brunner2013-03-221-5/+6
| | | | tls_t.build takes a size_t argument not a ssize_t.
* If TLS peer authentication not required, the client does nonetheless, allow ↵Martin Willi2013-03-061-4/+19
| | | | it to fail
* Request a TLS client certificate even if no peer identity is givenMartin Willi2013-02-281-5/+1
| | | | | This allows a peer to perform client authentication if it wants, but skip it if not.
* Wrap tls_t.get_{server,peer}_id methods in tls_socket_tMartin Willi2013-02-282-0/+28
|
* Delegate tls_t.get_{peer,server}_id to handshake layerMartin Willi2013-02-287-29/+78
| | | | | This allows to get updated peer identities if the peer can't authenticate, or does when it is optional.
* Merge branch 'pt-tls'Martin Willi2013-02-143-84/+202
|\
| * Send TLS close notify during tls_socket_t destructionMartin Willi2013-01-151-2/+25
| |
| * Send TLS close notify if application returns SUCCESSMartin Willi2013-01-151-2/+6
| |
| * Block TLS read when sending data, but have to wait for the handshake data firstMartin Willi2013-01-151-4/+11
| |
| * Use a more POSIXy tls_socket interface with more flexibility.Martin Willi2013-01-152-81/+165
| | | | | | | | | | If an unsufficient read buffer is provided, application data gets cached for subsequent read() calls.
* | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-112-0/+28
|/
* Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)Tobias Brunner2012-11-282-0/+2
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-2410-10/+10
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-242-3/+3
|
* Added missing break when building TLS cipher suitesTobias Brunner2012-09-281-0/+1
|
* Don't allow NULL encryption with PEAPMartin Willi2012-09-121-1/+3
|
* Use memmove on overlapping regions, and operate with correct sizeof()Martin Willi2012-09-121-2/+2
|
* Whitespace cleanups in tls_eapMartin Willi2012-09-121-6/+6
|
* Check if TLS handshake received Finished before processing application dataMartin Willi2012-08-091-0/+6
|
* Fix tls_prf bug introduced with bc474883Martin Willi2012-07-171-4/+7
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-161-2/+2
|
* Add a return value to hasher_t.get_hash()Martin Willi2012-07-161-4/+4
|
* Add a return value to crypter_t.set_key()Martin Willi2012-07-161-4/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 00:36:37 +0000