30308c5fdb
libtls: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
435fecd751
unit-tests: Make sure plugins in the builddir are loaded
...
When running the tests in GDB the working directory apparently is
different. With the relative path used previously the plugins would not
be found and those installed on the system would get used.
2014-05-19 14:06:43 +02:00
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
e2bf45a491
tls: Move variable sized tls_record_t struct to end of tls_t data
...
clang complains about the the non-last variable length member.
2014-05-16 15:42:07 +02:00
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
5ba9f73457
tls: Add a test case to check correct enum name mapping of cipher suites
2014-04-01 14:52:18 +02:00
2c8d77394c
tls: Add socket based tests testing all supported suites with TLS 1.2/1.1/1.0
2014-04-01 14:52:18 +02:00
74162ed997
tls: Remove superfluous initializers in TLS AEAD implementations
2014-04-01 14:52:18 +02:00
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
5313880261
tls: Support a null encryption flag on TLS socket abstraction
2014-04-01 14:28:55 +02:00
ddf5222096
tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
2014-04-01 14:28:55 +02:00
ac5717c9e9
tls: Export a function to list supported TLS cipher suites
2014-04-01 14:28:55 +02:00
c0efaaebe3
tls: Create a unit-test runner
2014-04-01 14:28:55 +02:00
e67e8dd197
tls: Fix some TLS cipher suite enum names
...
It is important to have them mapped correctly, as we use these official TLS
identifiers to configure specific TLS suites.
2014-03-31 16:07:53 +02:00
b37080f8c9
tls: Include TLS version announced in Client Hello in encrypted premaster
...
While a hardcoded 1.2 version is fine when we offer that in Client Hello, we
should include the actually offered version if it has been reduced before
starting the exchange.
2014-03-31 16:07:53 +02:00
f93497507f
tls: Check for minimal TLS record length before each record iteration
...
Fixes fragment reassembling if a buffer contains more than one record, but
the last record contains a partial TLS record header. Thanks to Nick Saunders
and Jamil Nimeh for identifying this issue and providing a fix for it.
2014-03-31 15:56:12 +02:00
b886dad498
tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD found
2014-03-31 15:56:12 +02:00
48d6b57c30
tls: Offer TLS signature schemes in ClientHello in order of preference
...
Additionally, we now query plugin features to find out what schemes we exactly
support.
2014-03-31 15:56:12 +02:00
d06890d6e2
tls: Define AES-GCM cipher suites from RFC 5288/5289
2014-03-31 15:56:12 +02:00
f0f301170b
tls: Implement the TLS AEAD abstraction for real AEAD modes
2014-03-31 15:56:12 +02:00
d3204677ba
tls: Separate TLS protection to abstracted AEAD modes
...
To better separate the code path for different TLS versions and modes of
operation, we introduce a TLS AEAD abstraction. We provide three implementations
using traditional transforms, and get prepared for TLS AEAD modes.
2014-03-31 15:56:12 +02:00
409adef43c
libtls: Move settings to <ns>.tls with fallback to libtls
2014-02-12 14:34:32 +01:00
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
9dc3b2053d
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
2013-08-19 09:50:57 +02:00
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
5a8dd63433
fixed typo
2013-03-27 22:56:37 +01:00
79306b7e6e
Use proper integer types when handling TLS exchanges
...
tls_t.build takes a size_t argument not a ssize_t.
2013-03-22 11:40:57 +01:00
1db6bf2f3f
If TLS peer authentication not required, the client does nonetheless, allow it to fail
2013-03-06 15:53:12 +01:00
807f2facd0
Request a TLS client certificate even if no peer identity is given
...
This allows a peer to perform client authentication if it wants, but skip
it if not.
2013-02-28 16:46:08 +01:00
257c80cb5b
Wrap tls_t.get_{server,peer}_id methods in tls_socket_t
2013-02-28 16:46:08 +01:00
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
435348f406
Send TLS close notify during tls_socket_t destruction
2013-01-15 17:43:05 +01:00
7bbf7aa97a
Send TLS close notify if application returns SUCCESS
2013-01-15 17:43:05 +01:00
c43e8fdec4
Block TLS read when sending data, but have to wait for the handshake data first
2013-01-15 17:43:05 +01:00
ee90c78998
Use a more POSIXy tls_socket interface with more flexibility.
...
If an unsufficient read buffer is provided, application data gets cached
for subsequent read() calls.
2013-01-15 17:43:05 +01:00
07f826af67
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
2012-11-28 10:20:14 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
1407a0026f
Added missing break when building TLS cipher suites
2012-09-28 18:55:40 +02:00
ab2c989c32
Don't allow NULL encryption with PEAP
2012-09-12 13:19:52 +02:00
acada66a35
Use memmove on overlapping regions, and operate with correct sizeof()
2012-09-12 13:19:52 +02:00
fb3cf1b708
Whitespace cleanups in tls_eap
2012-09-12 13:19:52 +02:00
02cabd0f26
Check if TLS handshake received Finished before processing application data
2012-08-09 12:10:41 +02:00
2df12b4c57
Fix tls_prf bug introduced with bc474883
2012-07-17 11:33:05 +02:00
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
ce73fc19db
Add a return value to crypter_t.set_key()
2012-07-16 14:53:38 +02:00
Martin Willi