ntbtls.git
4 months agoPost release updates master
Werner Koch [Tue, 19 Sep 2017 06:07:31 +0000 (08:07 +0200)]
Post release updates

--

4 months agoRelease 0.1.2 ntbtls-0.1.2
Werner Koch [Tue, 19 Sep 2017 06:01:28 +0000 (08:01 +0200)]
Release 0.1.2

* configure.ac: Set LT version to C0/A0/R2.

4 months agoSupport the other two NIST curves and their Brainpool counterparts.
Werner Koch [Mon, 18 Sep 2017 18:05:26 +0000 (20:05 +0200)]
Support the other two NIST curves and their Brainpool counterparts.

* src/ecdh.c (_ntbtls_ecdh_read_params): Add new curves.
* src/protocol-cli.c (write_supported_elliptic_curves_ext): Ditto.
--

GnuPG-bug-id: 3411
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoPrint "handshake failure" debug msg for the the 2:40 alert.
Werner Koch [Mon, 18 Sep 2017 20:02:07 +0000 (22:02 +0200)]
Print "handshake failure" debug msg for the the 2:40 alert.

* src/protocol.c (_ntbtls_read_record): Explain error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoInclude KSBA includedir while compiling
Andre Heinecke [Fri, 17 Mar 2017 15:21:34 +0000 (16:21 +0100)]
Include KSBA includedir while compiling

* src/Makefile.am (AM_CFLAGS): Include libksba

--
This fixes the build if libksba's prefix differs from gpg-error's.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
10 months agoPost release updates.
Werner Koch [Thu, 16 Mar 2017 10:31:36 +0000 (11:31 +0100)]
Post release updates.

--

10 months agoRelease 0.1.1 ntbtls-0.1.1
Werner Koch [Thu, 16 Mar 2017 10:24:55 +0000 (11:24 +0100)]
Release 0.1.1

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoImplement ECDHE-RSA key exchange.
Werner Koch [Thu, 16 Mar 2017 09:40:19 +0000 (10:40 +0100)]
Implement ECDHE-RSA key exchange.

* src/ecdh.c: New file.
* src/Makefile.am (libntbtls_la_SOURCES): Add new file.
* src/context.h (ecdh_context_t): New type.
(_ntbtls_handshake_params_s): Use new type for 'ecdh_ctx'.
* src/protocol.c (handshake_params_init): Init ECDH_CTX.
(handshake_params_deinit): Deinit ECDH_CTX.
(ssl_write_hello_request): Rename to write_hello_request.  Change
caller.
* src/protocol-cli.c (write_supported_elliptic_curves_ext): Implement.
(write_cli_supported_point_formats_ext): Implement.
(write_client_hello): Call them.
(parse_supported_point_formats_ext): Implement.
(parse_server_ecdh_params): Implement.
(parse_signature_algorithm): Fix debug output.
(read_server_key_exchange): Improve debug output.
(write_client_key_exchange): Implement ECDHE key exchange.
* src/ciphersuites.c (_ntbtls_ciphersuite_list): Advertise ECDHE_RSA
key exchange.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoNew debug macro for print a point value.
Werner Koch [Thu, 16 Mar 2017 09:30:05 +0000 (10:30 +0100)]
New debug macro for print a point value.

* src/debug.c (_ntbtls_debug_pnt): New.
* src/util.h (debug_pnt): New macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agobuild: Use macOS' compatibility macros to enable all features.
Justus Winter [Wed, 8 Mar 2017 12:17:40 +0000 (13:17 +0100)]
build: Use macOS' compatibility macros to enable all features.

* configure.ac: On macOS, use the compatibility macros to expose every
feature of the libc.  This is the equivalent of _GNU_SOURCE on GNU
libc.
--
Not defining this leads to compilation errors or superfluous warnings
on macOS.

GnuPG-bug-id: 2910
ed-off-by: Justus Winter <justus@gnupg.org>

10 months agoMake ntbtls-cli work for W32.
Werner Koch [Thu, 23 Feb 2017 07:59:00 +0000 (08:59 +0100)]
Make ntbtls-cli work for W32.

* src/ntbtls-cli.c: Include errno.h.
(w32_cookie_read) [W32]: New.
(w32_write_server) [W32]: New.
(w32_cookie_write) [W32]: New.
(w32_cookie_functions) [W32]: New.
(connect_estreams) [W32]: Use es_fopencookie.
(main) [W32]: Init Winsock.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoPost release updates.
Werner Koch [Tue, 21 Feb 2017 19:17:58 +0000 (20:17 +0100)]
Post release updates.

--

10 months agoRelease 0.1.0 ntbtls-0.1.0
Werner Koch [Tue, 21 Feb 2017 18:55:58 +0000 (19:55 +0100)]
Release 0.1.0

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoAllow building for W32
Werner Koch [Tue, 21 Feb 2017 14:24:08 +0000 (15:24 +0100)]
Allow building for W32

--

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoRemove now superfluous functions from the public API.
Werner Koch [Tue, 21 Feb 2017 14:09:21 +0000 (15:09 +0100)]
Remove now superfluous functions from the public API.

* src/visibility.c (ntbtls_x509_cert_new): Remove
(ntbtls_x509_cert_release): Remove.
(ntbtls_x509_append_cert): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoNew macro ntbtls_check_context.
Werner Koch [Tue, 21 Feb 2017 10:05:15 +0000 (11:05 +0100)]
New macro ntbtls_check_context.

* src/ntbtls.h.in (ntbtls_check_context): New macro.
* src/visibility.c (_ntbtls_check_context): New function.
* src/libntbtls.def, src/libntbtls.vers: Add _ntbtls_check_context.
* configure.ac (SIZEOF_UNSIGNED_LONG): Define.
* src/context.h (NTBTLS_CONTEXT_MAGIC): New constant.
(_ntbtls_context_s): New field 'magic'.
* src/debug.c (_ntbtls_debug_bug): Always print a message.
* src/protocol.c (_ntbtls_new): Set MAGIC.
(_ntbtls_release): Test MAGIC.
--

This macro allows to assert that a TLS context, which might have been
conveyed using an opaque pointer, is valid.  The function does not
abort but merely logs and returns error.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoNew function ntbtls_get_hostname.
Werner Koch [Tue, 21 Feb 2017 08:47:39 +0000 (09:47 +0100)]
New function ntbtls_get_hostname.

* src/ntbtls.h.in (ntbtls_get_hostname): New.
* src/protocol.c (_ntbtls_get_hostname): New.
* src/visibility.c, src/visibility.h: Export ntbtls_get_hostname.
* src/libntbtls.def, src/libntbtls.vers: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoImplement wildcards for hostname checking.
Werner Koch [Mon, 20 Feb 2017 19:37:11 +0000 (20:37 +0100)]
Implement wildcards for hostname checking.

* src/x509.c (count_labels): New.
(check_hostname): Implement wildcards.
--

We support wildcards in the CN and subjectAltNames.  The wildcard
must be the first label and macthes only one label.

  *.org             - bad
  *.example.org     - good
  *.foo.example.org - good
  *x.example.org    - bad
  foo.*.example.org - bad
  *.foo.example.org - good

The name *.example.org mactes for example

  example.org
  www.example.org
  ftp.example.org

but not for example

  ftp.foo.example.org

In general wildcard certifcates are a bad idea and should be avoided.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agontbtls-cli: New option --head and use a default SNI.
Werner Koch [Mon, 20 Feb 2017 19:30:18 +0000 (20:30 +0100)]
ntbtls-cli: New option --head and use a default SNI.

* src/ntbtls-cli.c (opt_head): New var.
(simple_client): Request "HEAD".
(main): Add option --head.  Use default SNI value.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoImplement hostname checking.
Werner Koch [Mon, 20 Feb 2017 16:21:10 +0000 (17:21 +0100)]
Implement hostname checking.

* src/x509.c (struct dn_array_s): New.
(release_dn_array): New.
(parse_dn_part): New.
(parse_dn): New.
(check_hostname): New.
(_ntbtls_x509_check_hostname): New.
* src/protocol.c (_ntbtls_read_certificate): Add hostname check.
--

The functions parse_dn and parse_dn_part are taken from current
gnupg/sm/certdump.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 months agoNew function ntbtls_set_log_handler
Werner Koch [Mon, 20 Feb 2017 16:16:43 +0000 (17:16 +0100)]
New function ntbtls_set_log_handler

* src/ntbtls.h.in (ntbtls_log_handler_t): New type.
(ntbtls_set_log_handler): New.
* src/visibility.c (ntbtls_set_log_handler): New.
* src/visibility.h (ntbtls_set_log_handler): Mark visible.
* src/libntbtls.def: Add ntbtls_set_log_handler.
* src/libntbtls.vers: Add ntbtls_set_log_handler.
* src/debug.c (log_handler, log_handler_value): New vars.
(_ntbtls_set_log_handler): New.
(_ntbtls_set_debug): Do not re-set the prefix.
(_ntbtls_debug_msg): Divert to a log handler.

* src/util.c (_ntbtls_trim_trailing_spaces): New.
(ascii_toupper): New.
(_ntbtls_ascii_strcasecmp): New.
* src/util.h (spacep, digitp, alphap, alnump, hexdigitp): New macros.
(ascii_isspace): New macro.
(atoi_1, atoi_2, atoi_4, xtoi_1, xtoi_2, xtoi_4): New macros.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agoChange verification API to use a callback.
Werner Koch [Sun, 19 Feb 2017 09:26:49 +0000 (10:26 +0100)]
Change verification API to use a callback.

* src/ntbtls.h.in: Include ksba.h.
(ntbtls_verify_cb_t): New type.
(ntbtls_set_ca_chain): Remove prototype.
(ntbtls_set_verify_cb): New.
(ntbtls_x509_get_peer_cert): New.
* src/visibility.c (ntbtls_set_ca_chain): Remove.
(ntbtls_set_verify_cb): New.
(ntbtls_x509_get_peer_cert): New.
* src/visibility.h (ntbtls_set_ca_chain): Remove
(ntbtls_set_verify_cb): Mark visible.
(ntbtls_x509_get_peer_cert): Ditto.
* src/libntbtls.def (ntbtls_set_ca_chain): Remove.
(ntbtls_set_verify_cb, ntbtls_x509_get_peer_cert): New.
* src/libntbtls.vers (ntbtls_set_ca_chain): Remove.
(ntbtls_set_verify_cb, ntbtls_x509_get_peer_cert): New.

* src/context.h (_ntbtls_context_s: Remove 'ca_chain' and
'crl_chain'.  Add 'verify_cb' and 'verify_cb_value'.
* src/protocol.c (_ntbtls_read_certificate): Call verify callback.
(session_deinit): Remove superfluous conditional.
(_ntbtls_set_ca_chain): Remove.
(_ntbtls_set_verify_cb): New.
* src/x509.c (x)509_cert_s): Remove fields 'fpr', 'is_self_signed',
and 'is_valid'.
(_ntbtls_x509_verify): Remove
(_ntbtls_x509_get_cert): Fix use of IDX.
(_ntbtls_x509_get_peer_cert): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agoIn debug mode write some infos about the certificates.
Werner Koch [Fri, 27 Jan 2017 16:06:29 +0000 (17:06 +0100)]
In debug mode write some infos about the certificates.

* src/debug.c (_ntbtls_debug_msg): Add hack to not print the final LF.
(_ntbtls_debug_crt): New.
* src/util.h (debug_crt): New macro.
* src/x509.c (x509_log_serial, x509_log_time): New.
(_ntbtls_x509_log_cert): New.
* src/protocol-cli.c (read_server_hello): Tweak debug levels.
* src/protocol.c (_ntbtls_read_certificate): Call debug_crt.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoconfigure: Add check for sys/socket.
NIIBE Yutaka [Fri, 20 Jan 2017 04:13:02 +0000 (13:13 +0900)]
configure: Add check for sys/socket.

* configure.ac (gl_HEADER_SYS_SOCKET): Add.
* m4/sys_socket_h.m4: New from gnupg.
* src/Makefile.am (libntbtls_la_LIBADD, ntbtls_cli_LDADD): Fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoFix ntbtls-cli.c for Windows.
NIIBE Yutaka [Fri, 20 Jan 2017 03:28:35 +0000 (12:28 +0900)]
Fix ntbtls-cli.c for Windows.

* src/ntbtls-cli.c: Include files fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoAdd src/versioninfo.rc.in.
NIIBE Yutaka [Fri, 20 Jan 2017 03:03:53 +0000 (12:03 +0900)]
Add src/versioninfo.rc.in.

* src/versioninfo.rc.in: New.
* src/Makefile.am (EXTRA_DIST): Add versioninfo.rc.in.
* configure.ac: Add versioninfo.rc output.

--
The file is copied from libassuan and edited.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoAdd missing m4/libtool.m4.
NIIBE Yutaka [Thu, 19 Jan 2017 10:21:49 +0000 (19:21 +0900)]
Add missing m4/libtool.m4.

* m4/Makefile.am (EXTRA_DIST): Update.
* m4/libtool.m4: New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoFix ciphersuite version check.
NIIBE Yutaka [Thu, 19 Jan 2017 07:58:45 +0000 (16:58 +0900)]
Fix ciphersuite version check.

* src/ciphersuites.c (_ntbtls_ciphersuite_version_ok): Fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoRelease CA at ntbtls_release.
NIIBE Yutaka [Thu, 19 Jan 2017 07:34:45 +0000 (16:34 +0900)]
Release CA at ntbtls_release.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoRename ntbtls_x509_* to ntbtls_x509_cert_*.
NIIBE Yutaka [Thu, 19 Jan 2017 06:36:50 +0000 (15:36 +0900)]
Rename ntbtls_x509_* to ntbtls_x509_cert_*.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoExpose x509 certificate API.
NIIBE Yutaka [Thu, 19 Jan 2017 05:04:10 +0000 (14:04 +0900)]
Expose x509 certificate API.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoExpose ntbtls_set_ca_chain API.
NIIBE Yutaka [Thu, 19 Jan 2017 04:11:17 +0000 (13:11 +0900)]
Expose ntbtls_set_ca_chain API.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoUse hostname removing peer_cn.
NIIBE Yutaka [Thu, 19 Jan 2017 01:04:48 +0000 (10:04 +0900)]
Use hostname removing peer_cn.

* src/context.h (struct _ntbtls_context_s): Remove peer_cn field.
* src/protocol.c (_ntbtls_read_certificate): Use ->hostname.

--

This change reflects the change of mbedtls API:
bc2b771af4b67c900813e58e7c8c77d7907291c1

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoMove pk_encrypt into pkglue.c.
NIIBE Yutaka [Wed, 18 Jan 2017 02:11:19 +0000 (11:11 +0900)]
Move pk_encrypt into pkglue.c.

* src/x509.c (_ntbtls_x509_pk_encrypt): Renaming and move to...
* src/pkglue.c (_ntbtls_pk_encrypt): Here.  Use _ntbtls_x509_get_pk.
* src/protocol-cli.c (write_encrypted_pms): Follow the rename.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoImplement public key encryption in write_encrypted_pms.
NIIBE Yutaka [Tue, 17 Jan 2017 13:18:14 +0000 (22:18 +0900)]
Implement public key encryption in write_encrypted_pms.

* src/x509.c (ntbtls_x509_pk_encrypt): New.
* src/protocol-cli.c (write_encrypted_pms): Call
ntbtls_x509_pk_encrypt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoIgnore non-fatal TLS_ALERT_MSG.
NIIBE Yutaka [Mon, 16 Jan 2017 10:44:55 +0000 (19:44 +0900)]
Ignore non-fatal TLS_ALERT_MSG.

* src/protocol.c (_ntbtls_read_record): Skip to next message.

--

The bug is describe in MbedTLS:

https://tls.mbed.org/discussions/bug-report-issues/mishandling-of-non-fatal-alerts-client-side

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoFix EOF handling.
NIIBE Yutaka [Tue, 13 Dec 2016 02:17:03 +0000 (11:17 +0900)]
Fix EOF handling.

* src/protocol.c (_ntbtls_fetch_input): Return GPG_ERR_EOF.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoModify autogen.sh for git workflow.
NIIBE Yutaka [Tue, 13 Dec 2016 00:50:25 +0000 (09:50 +0900)]
Modify autogen.sh for git workflow.

* autogen.sh: Fix to check .git directory.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoSmall debug message improvement.
Werner Koch [Wed, 13 Jul 2016 17:13:23 +0000 (19:13 +0200)]
Small debug message improvement.

* src/protocol-cli.c (parse_signature_algorithm): Show algo names in
debug messages.
* src/util.h: Use the offical GPGRT_ATTR_PRINTF.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agobuild: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
Werner Koch [Wed, 13 Jul 2016 17:11:24 +0000 (19:11 +0200)]
build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.

* build-aux/config.guess: Update.
* build-aux/config.sub: Update.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoMake --disable-build-timestamp the default.
Werner Koch [Tue, 25 Aug 2015 19:32:19 +0000 (21:32 +0200)]
Make --disable-build-timestamp the default.

* configure.ac (BUILD_TIMESTAMP): Default to "<none>".

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoChange state handler names from parse_* to read_*.
Werner Koch [Wed, 24 Jun 2015 10:23:13 +0000 (12:23 +0200)]
Change state handler names from parse_* to read_*.

2 years agoRework some debug messages
Werner Koch [Wed, 24 Jun 2015 10:16:14 +0000 (12:16 +0200)]
Rework some debug messages

* src/protocol.c (_ntbtls_state2str): New.
* src/ntbtls-cli.c (simple_client): Send some headers.

2 years agoUse buffer to int conversion macros and other cleanups.
Werner Koch [Tue, 23 Jun 2015 14:07:38 +0000 (16:07 +0200)]
Use buffer to int conversion macros and other cleanups.

* src/util.h (buf16_to_uint, buf16_to_size_t)
(buf24_to_size_t, buf32_to_u32): New.  Use them where approriate.

* src/protocol.c (is_aead_mode): New.  Use instead of explicit
conditionals.
(encrypt_buf, decrypt_buf): Add error checking.

* src/protocol-cli.c (parse_server_dh_params): Set lower limit to
1024.
(parse_server_psk_hint): Check length of length header.

2 years agoMinor doc updates
Werner Koch [Tue, 23 Jun 2015 10:31:33 +0000 (12:31 +0200)]
Minor doc updates

--

3 years agoCode cleanup of the server hello parser.
Werner Koch [Sun, 28 Dec 2014 14:40:09 +0000 (15:40 +0100)]
Code cleanup of the server hello parser.

* src/protocol-cli.c (parse_server_hello): Use meaningful var name and
change strange loop construct.

3 years agoAdd Lucky Thirteen protection.
Werner Koch [Sun, 28 Dec 2014 14:02:27 +0000 (15:02 +0100)]
Add Lucky Thirteen protection.

* src/protocol.c (decrypt_buf): Keep on hashing.

3 years agoUse new error code GPG_ERR_REQUEST_TOO_LONG.
Werner Koch [Sun, 28 Dec 2014 14:01:24 +0000 (15:01 +0100)]
Use new error code GPG_ERR_REQUEST_TOO_LONG.

* src/protocol.c (_ntbtls_fetch_input): Change error code.

3 years agoAdd some comments.
Werner Koch [Sun, 28 Dec 2014 12:36:03 +0000 (13:36 +0100)]
Add some comments.

* src/ntbtls-cli.c (main): Add option --help.

3 years agoRemove unused code for stream modes.
Werner Koch [Sun, 28 Dec 2014 12:35:22 +0000 (13:35 +0100)]
Remove unused code for stream modes.

* src/protocol.c (_ntbtls_derive_keys, encrypt_buf)
(decrypt_buf): Remove cipher_mode_stream branches.

3 years agoFix compiler warnings about ununsed functions.
Werner Koch [Fri, 3 Oct 2014 06:39:50 +0000 (08:39 +0200)]
Fix compiler warnings about ununsed functions.

--

3 years agoAdd NTBTLS_SAMETRHEAD flags
Werner Koch [Fri, 3 Oct 2014 06:33:06 +0000 (08:33 +0200)]
Add NTBTLS_SAMETRHEAD flags

--

3 years agoUpdate m4/ macros and improve ntbtls.m4.
Werner Koch [Thu, 2 Oct 2014 13:05:52 +0000 (15:05 +0200)]
Update m4/ macros and improve ntbtls.m4.

--

3 years agoAdd ntbtls_set_hostname.
Werner Koch [Thu, 2 Oct 2014 08:17:42 +0000 (10:17 +0200)]
Add ntbtls_set_hostname.

3 years agoMake "make distcheck" work.
Werner Koch [Wed, 1 Oct 2014 16:24:32 +0000 (18:24 +0200)]
Make "make distcheck" work.

--

3 years agoAdd standard doc files
Werner Koch [Wed, 1 Oct 2014 16:11:44 +0000 (18:11 +0200)]
Add standard doc files

--

3 years agoFirst data retrieved from a server.
Werner Koch [Wed, 1 Oct 2014 16:10:33 +0000 (18:10 +0200)]
First data retrieved from a server.

--

  $ ./ntbtls-cli --verbose zimmermann.mayfirst.org
  ntbtls-cli: connected to 'zimmermann.mayfirst.org' port 443
  ntbtls-cli: starting handshake
  ntbtls-cli: handshake done
  HTTP/1.1 200 OK
  Server: nginx/1.2.1
  Date: Wed, 01 Oct 2014 15:37:59 GMT
  ....

3 years agoMore changes - first successful handshake.
Werner Koch [Mon, 29 Sep 2014 15:34:28 +0000 (17:34 +0200)]
More changes - first successful handshake.

* src/dhm.c: New.
* src/pkglue.c: New.
* src/util.c: New.

3 years agoWith lots of disabled code it does now build.
Werner Koch [Mon, 29 Sep 2014 14:16:25 +0000 (16:16 +0200)]
With lots of disabled code it does now build.

--

3 years agoAdd ciphersuites code from PolarSSL.
Werner Koch [Fri, 26 Sep 2014 10:32:19 +0000 (12:32 +0200)]
Add ciphersuites code from PolarSSL.

* src/ciphersuites.c: New. Change license from GPLv2+ to GPLv3+.  Some
editorial changes.
* src/ciphersuites.h: New. Ditto.
--

Taken from the files ssl_cipersuites.[hc].

3 years agoReplaced error codes by libgpg-error and other changes.
Werner Koch [Thu, 25 Sep 2014 15:11:52 +0000 (17:11 +0200)]
Replaced error codes by libgpg-error and other changes.

3 years agoSnapshot of the current changes.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
Snapshot of the current changes.

--

3 years agoRemove most non-TLS-1.2 stuff and most configure options - part 2.
Werner Koch [Tue, 16 Sep 2014 10:50:22 +0000 (12:50 +0200)]
Remove most non-TLS-1.2 stuff and most configure options - part 2.

* src/protocol-cli.c, src/protocol-srv.c: Simplify.
--

We want a full featured TLS 1.2 only library.  All these conditional
compilation stuff makes the code harder to read and test and thus we
include all features.  If certain features are to be disabled, this
can be added as runtime options.

3 years agoAdd new header files and rename ssl_{tls,cli,srv}.c.
Werner Koch [Mon, 15 Sep 2014 07:58:23 +0000 (09:58 +0200)]
Add new header files and rename ssl_{tls,cli,srv}.c.

* src/util.h: New.
* src/ntbtls-int.h: New.
* src/ssl_tls.c: Rename to protocol.c.
* src/ssl_cli.c: Rename to protocol-cli.c.
* src/ssl_srv.c: Rename to protocol-srv.c.
* src/protocol.c, src/protocol-cli.c, src/protocol-srv.c: Change
license from GPLv2+ to GPLv3+.  Replace most include files by
ntbtls-int.h.
(polarssl_zeroize): Remove.  Change callers to use wipememory.

3 years agoAdd wipemem.h.
Werner Koch [Mon, 15 Sep 2014 07:50:52 +0000 (09:50 +0200)]
Add wipemem.h.

* src/wipemem.h: New.
--

The wipememory functions are based on code from Libgcrypt, commit
54df6fcd806f8c150cffe6cc09925bb8b638bb5b.  To simplify things the
optimized version is only used if stdint.h and thus uint64_t is
available.

3 years agoAdd some build environment files.
Werner Koch [Mon, 15 Sep 2014 07:06:36 +0000 (09:06 +0200)]
Add some build environment files.

3 years agoRemove most non-TLS-1.2 stuff and most configure options.
Werner Koch [Mon, 15 Sep 2014 06:27:31 +0000 (08:27 +0200)]
Remove most non-TLS-1.2 stuff and most configure options.

3 years agoChange indentation of all files.
Werner Koch [Fri, 12 Sep 2014 16:42:33 +0000 (18:42 +0200)]
Change indentation of all files.

--

3 years agoInitial checking of some file from PolarSSL commit 1910aa7
Werner Koch [Fri, 12 Sep 2014 16:25:48 +0000 (18:25 +0200)]
Initial checking of some file from PolarSSL commit 1910aa7

--

Taken from development branch
1910aa78a3677f1bc2a6c6af61d08dc4cccd917a