Paul Bakker
|
7b0be68977
|
Support for serialNumber, postalAddress and postalCode in X509 names
|
2013-10-29 14:24:37 +01:00 |
|
Paul Bakker
|
fa6a620b75
|
Defines for UEFI environment under MSVC added
|
2013-10-29 14:05:38 +01:00 |
|
Paul Bakker
|
60b1d10131
|
Fixed spelling / typos (from PowerDNS:codespell)
|
2013-10-29 10:02:51 +01:00 |
|
Paul Bakker
|
50dc850c52
|
Const correctness
|
2013-10-28 21:19:10 +01:00 |
|
Paul Bakker
|
1642122f8b
|
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
|
2013-10-28 14:38:35 +01:00 |
|
Paul Bakker
|
3f917e230d
|
Merged optimizations for MODP NIST curves
|
2013-10-28 14:18:26 +01:00 |
|
Manuel Pégourié-Gonnard
|
21ef42f257
|
Don't select a PSK ciphersuite if no key available
|
2013-10-28 14:00:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
18dc0e2746
|
CERTS_C depends on PEM_PARSE_C
|
2013-10-28 13:59:26 +01:00 |
|
Manuel Pégourié-Gonnard
|
7c3291ea87
|
Check dependencies of protocol versions on hashes
|
2013-10-28 13:58:56 +01:00 |
|
Manuel Pégourié-Gonnard
|
3daaf3d21d
|
X509 key identifiers depend on SHA1
|
2013-10-28 13:58:32 +01:00 |
|
Manuel Pégourié-Gonnard
|
c59c9c1453
|
Fix typo in b8012fca (ECP needs at least one curve)
|
2013-10-28 13:57:39 +01:00 |
|
Paul Bakker
|
677377f472
|
Server does not send out extensions not advertised by client
|
2013-10-28 12:54:26 +01:00 |
|
Manuel Pégourié-Gonnard
|
a8a25ae1b9
|
Fix bad error codes
|
2013-10-27 13:48:15 +01:00 |
|
Manuel Pégourié-Gonnard
|
9d70373449
|
Update ciphersuite lists in config.h
|
2013-10-25 18:01:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
8d01eea7af
|
Add Camellia-GCM ciphersuites
|
2013-10-25 16:46:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b58c150d6
|
cipher layer: IV length is not always block size
|
2013-10-24 17:17:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
87181d1deb
|
Add Camellia-GCM to th cipher layer
|
2013-10-24 14:02:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
7bd8a99e11
|
Fix GCM dependencies
|
2013-10-24 13:39:39 +02:00 |
|
Manuel Pégourié-Gonnard
|
cae6f3ed45
|
Reorganize code in ecp.c
|
2013-10-23 20:19:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
5779cbe582
|
Make mod_p{224,256,384] a bit faster
Speedup is roughly 25%, giving a 6% speedup on ecp_mul() for these curves.
|
2013-10-23 20:17:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
c04c530a98
|
Make NIST curves optimisation an option
|
2013-10-23 16:11:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
a47e7058ea
|
mod_p224 now endian-neutral
|
2013-10-23 13:24:55 +02:00 |
|
Paul Bakker
|
5c17ccdf2a
|
Bumped version to 1.3.1
|
2013-10-15 13:12:41 +02:00 |
|
Paul Bakker
|
f34673e37b
|
Merged RSA-PSK key-exchange and ciphersuites
|
2013-10-15 12:46:41 +02:00 |
|
Paul Bakker
|
376e8153a0
|
Merged ECDHE-PSK ciphersuites
|
2013-10-15 12:45:36 +02:00 |
|
Paul Bakker
|
a7ea6a5a18
|
config.h is more script-friendly
|
2013-10-15 11:55:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
8a3c64d73f
|
Fix and simplify *-PSK ifdef's
|
2013-10-14 19:54:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
0fae60bb71
|
Implement RSA-PSK key exchange
|
2013-10-14 19:34:48 +02:00 |
|
Paul Bakker
|
be089b0483
|
Introduced POLARSSL_HAVE_READDIR_R for systems without it
|
2013-10-14 15:51:50 +02:00 |
|
Paul Bakker
|
b9cfaa0c7f
|
Explicit conversions and minor changes to prevent MSVC compiler warnings
|
2013-10-14 15:50:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
057e0cf263
|
Fix ciphersuites dependencies on MD5 and SHA1
|
2013-10-14 14:26:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
1b62c7f93d
|
Fix dependencies and related issues
|
2013-10-14 14:02:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
bd1ae24449
|
Factor PSK pms computation to ssl_tls.c
|
2013-10-14 13:17:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
225d6aa786
|
Add ECDHE_PSK ciphersuites
|
2013-10-11 19:07:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ce3bbdc00
|
Add support for ECDHE_PSK key exchange
|
2013-10-11 18:16:35 +02:00 |
|
Paul Bakker
|
4aa40d4f51
|
Better support for MSVC
|
2013-10-11 10:49:24 +02:00 |
|
Paul Bakker
|
b799dec4c0
|
Merged support for Brainpool curves and ciphersuites
|
2013-10-11 10:05:43 +02:00 |
|
Paul Bakker
|
1677033bc8
|
TLS compression only allocates working buffer once
|
2013-10-11 09:59:44 +02:00 |
|
Paul Bakker
|
d61cc3b246
|
Possible naming collision in dhm_context
|
2013-10-11 09:38:49 +02:00 |
|
Paul Bakker
|
fcc172138c
|
Fixed const-correctness issues
|
2013-10-11 09:38:06 +02:00 |
|
Manuel Pégourié-Gonnard
|
bdc96765d6
|
Remove polarssl/ from header includes
|
2013-10-11 09:17:09 +02:00 |
|
Manuel Pégourié-Gonnard
|
0cd6f98c0f
|
Don't special-case a = -3, not worth it
|
2013-10-10 15:55:39 +02:00 |
|
Manuel Pégourié-Gonnard
|
b8012fca5f
|
Adjust dependencies
|
2013-10-10 15:40:49 +02:00 |
|
Manuel Pégourié-Gonnard
|
48ac3db551
|
Add OIDs for brainpool curves
|
2013-10-10 15:11:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
cd7458aafd
|
Support brainpool curves in ecp_check_pubkey()
|
2013-10-10 12:56:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
8195c1a567
|
Add identifiers for Brainpool curves
|
2013-10-10 12:56:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
9eb883104e
|
Update some comments on ecp_group
|
2013-10-07 19:38:56 +02:00 |
|
Paul Bakker
|
30b95fa921
|
Fixed cplusplus extern defines in header files
|
2013-10-01 10:09:06 +02:00 |
|
Paul Bakker
|
6838bd1d73
|
Clarified threading issues
|
2013-09-30 15:24:33 +02:00 |
|
Paul Bakker
|
c9965dca27
|
RSA blinding threading support
|
2013-09-29 15:02:11 +02:00 |
|
Paul Bakker
|
1337affc91
|
Buffer allocator threading support
|
2013-09-29 15:02:11 +02:00 |
|
Paul Bakker
|
f4e7dc50ea
|
entropy_func() threading support
|
2013-09-29 15:02:07 +02:00 |
|
Paul Bakker
|
1ffefaca1e
|
Introduced entropy_free()
|
2013-09-29 15:01:42 +02:00 |
|
Paul Bakker
|
c55988406f
|
SSL Cache threading support
|
2013-09-28 15:24:59 +02:00 |
|
Paul Bakker
|
2466d93546
|
Threading abstraction layer added
|
2013-09-28 15:00:02 +02:00 |
|
Manuel Pégourié-Gonnard
|
a0fdf8b0a0
|
Simplify the way default certs are used
|
2013-09-25 14:05:49 +02:00 |
|
Manuel Pégourié-Gonnard
|
641de714b6
|
Use both RSA and ECDSA CA if available
|
2013-09-25 13:23:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
8372454615
|
Rework SNI to fix memory issues
|
2013-09-24 22:30:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
482a2828e4
|
Offer both EC and RSA in certs.c, RSA first
|
2013-09-24 21:25:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
705fcca409
|
Adapt support for SNI to recent changes
|
2013-09-24 21:25:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
d09453c88c
|
Check our ECDSA cert(s) against supported curves
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
f24b4a7316
|
Interface change in ECP info functions
ecp_named_curve_from_grp_id() -> ecp_curve_info_from_grp_id()
ecp_grp_id_from_named_curve() -> ecp_curve_info_from_tls_id()
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
3ebb2cdb52
|
Add support for multiple server certificates
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
834ea8587f
|
Change internal structs for multi-cert support
|
2013-09-24 21:25:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
cbf3ef3861
|
RSA and ECDSA key exchanges don't depend on CRL
|
2013-09-24 21:25:53 +02:00 |
|
Paul Bakker
|
c2148753df
|
Added missing uint32_t def for Windows in gcm.h
|
2013-09-23 15:11:46 +02:00 |
|
Paul Bakker
|
c27c4e2efb
|
Support faulty X509 v1 certificates with extensions
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
|
2013-09-23 15:01:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
fe28646f72
|
Fix references to x509parse in config.h
|
2013-09-20 16:51:13 +02:00 |
|
Manuel Pégourié-Gonnard
|
09fff7ee25
|
Cosmetics in config.h
|
2013-09-20 16:51:13 +02:00 |
|
Manuel Pégourié-Gonnard
|
1a483833b3
|
SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
|
2013-09-20 12:29:15 +02:00 |
|
Manuel Pégourié-Gonnard
|
4fee79b885
|
Fix some more depend issues
|
2013-09-20 10:58:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
1032c1d3ec
|
Fix some dependencies and warnings in small config
|
2013-09-19 10:49:00 +02:00 |
|
Paul Bakker
|
5ad403f5b5
|
Prepared for 1.3.0 RC0
|
2013-09-18 21:21:30 +02:00 |
|
Paul Bakker
|
6db455e6e3
|
PSK callback added to SSL server
|
2013-09-18 21:14:58 +02:00 |
|
Paul Bakker
|
4fc090af9c
|
Minor typos in pk.h
|
2013-09-18 15:43:25 +02:00 |
|
Manuel Pégourié-Gonnard
|
da179e4870
|
Add ecp_curve_list(), hide ecp_supported_curves
|
2013-09-18 15:37:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
dace82f805
|
Refactor cipher information management
|
2013-09-18 15:37:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
161ef968db
|
Cache pre-computed points for ecp_mul()
Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a
preparation for fixed-point mult (a few prototypes changed in constness).
|
2013-09-18 15:37:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
56cd319f0e
|
Add human-friendly name in ecp_curve_info
|
2013-09-18 15:37:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
a79d123a55
|
Make ecp_supported_curves constant
|
2013-09-18 14:35:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
51451f8d26
|
Replace EC flag with ssl_ciphersuite_uses_ec()
|
2013-09-18 14:35:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
15d5de1969
|
Simplify usage of DHM blinding
|
2013-09-18 14:35:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
c83e418149
|
Prepare for ECDH point blinding just in case
|
2013-09-18 14:35:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
c972770f78
|
Prepare ecp_group for future extensions
|
2013-09-18 14:35:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
456d3b9b0b
|
Make ECP error codes more specific
|
2013-09-18 14:35:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
568c9cf878
|
Add ecp_supported_curves and simplify some code
|
2013-09-18 14:34:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
7038039f2e
|
Dissociate TLS and internal EC curve identifiers
Allows to add new curves before they get a TLS number
|
2013-09-18 14:34:34 +02:00 |
|
Paul Bakker
|
c559c7a680
|
Renamed x509_cert structure to x509_crt for consistency
|
2013-09-18 14:32:52 +02:00 |
|
Paul Bakker
|
ddf26b4e38
|
Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
|
2013-09-18 13:46:23 +02:00 |
|
Paul Bakker
|
369d2eb2a2
|
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
|
2013-09-18 12:01:43 +02:00 |
|
Paul Bakker
|
86d0c1949e
|
Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
|
2013-09-18 12:01:42 +02:00 |
|
Paul Bakker
|
5187656211
|
Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
|
2013-09-17 14:36:05 +02:00 |
|
Paul Bakker
|
f20ba4b7b6
|
Minor typo in config.h
|
2013-09-16 22:46:20 +02:00 |
|
Paul Bakker
|
da7711594e
|
Changed pk_parse_get_pubkey() to pk_parse_subpubkey()
|
2013-09-16 22:45:03 +02:00 |
|
Paul Bakker
|
ff3a518e78
|
Changed doxygen comments in pk.h from x509_module to pk_module
|
2013-09-16 22:42:19 +02:00 |
|
Paul Bakker
|
d1a983fe77
|
Removed x509parse key functions and moved them to compat-1.2.h
|
2013-09-16 22:26:53 +02:00 |
|
Paul Bakker
|
f8db11f454
|
Fixed typo is ssl_list_ciphersuites() prototype
|
2013-09-16 22:22:39 +02:00 |
|
Paul Bakker
|
7c6b2c320e
|
Split up X509 files into smaller modules
|
2013-09-16 21:41:54 +02:00 |
|
Paul Bakker
|
cff6842b39
|
POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C
|
2013-09-16 13:36:18 +02:00 |
|
Paul Bakker
|
77e23fb0e0
|
Move *_pemify() function to PEM module
|
2013-09-15 20:03:26 +02:00 |
|
Paul Bakker
|
40ce79f1e6
|
Moved DHM parsing from X509 module to DHM module
|
2013-09-15 17:43:54 +02:00 |
|
Paul Bakker
|
2292d1fad0
|
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
|
2013-09-15 17:06:49 +02:00 |
|
Paul Bakker
|
4606c7317b
|
Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C
|
2013-09-15 17:04:23 +02:00 |
|
Paul Bakker
|
c7bb02be77
|
Moved PK key writing from X509 module to PK module
|
2013-09-15 14:54:56 +02:00 |
|
Paul Bakker
|
1a7550ac67
|
Moved PK key parsing from X509 module to PK module
|
2013-09-15 13:47:30 +02:00 |
|
Manuel Pégourié-Gonnard
|
92cb1d3a91
|
Make CBC an option, step 3: individual ciphers
|
2013-09-13 17:25:43 +02:00 |
|
Manuel Pégourié-Gonnard
|
989ed38de2
|
Make CBC an option, step 2: cipher layer
|
2013-09-13 15:48:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
f7dc378ead
|
Make CBC an option, step 1: ssl ciphersuites
|
2013-09-13 15:37:03 +02:00 |
|
Manuel Pégourié-Gonnard
|
4fe9200f47
|
Fix memory leak in GCM by adding gcm_free()
|
2013-09-13 13:45:58 +02:00 |
|
Paul Bakker
|
9013af76a3
|
Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
|
2013-09-12 11:58:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
0237620a78
|
Fix some dependencies declaration
|
2013-09-12 11:57:02 +02:00 |
|
Manuel Pégourié-Gonnard
|
31e59400d2
|
Add missing f_rng/p_rng arguments to x509write_crt
|
2013-09-12 11:57:02 +02:00 |
|
Manuel Pégourié-Gonnard
|
53c642504e
|
Use PK internally for x509write_crt
|
2013-09-12 11:57:02 +02:00 |
|
Manuel Pégourié-Gonnard
|
f38e71afd5
|
Convert x509write_crt interface to PK
|
2013-09-12 11:57:02 +02:00 |
|
Manuel Pégourié-Gonnard
|
6de63e480d
|
Add EC support to x509write_key
|
2013-09-12 11:57:01 +02:00 |
|
Manuel Pégourié-Gonnard
|
edda9041fc
|
Adapt asn1_write_algorithm_identifier() to params
|
2013-09-12 11:57:01 +02:00 |
|
Manuel Pégourié-Gonnard
|
3837daec9e
|
Add EC support to x509write_pubkey
|
2013-09-12 11:57:01 +02:00 |
|
Manuel Pégourié-Gonnard
|
e1f821a6eb
|
Adapt x509write_pubkey interface to use PK
key_app_writer will be fixed later
|
2013-09-12 11:57:01 +02:00 |
|
Manuel Pégourié-Gonnard
|
ee73179b2f
|
Adapt x509write_csr prototypes for PK
|
2013-09-12 11:57:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
8053da4057
|
x509write_csr() now fully using PK internally
|
2013-09-12 11:57:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
5353a03eb9
|
x509write_csr using PK internally (WIP)
|
2013-09-12 11:57:00 +02:00 |
|
Paul Bakker
|
dcbfdcc177
|
Updated doxygen documentation in header files and HTML pages
|
2013-09-10 16:16:50 +02:00 |
|
Paul Bakker
|
c0dcf0ceb1
|
Merged blinding additions for EC, RSA and DHM into development
|
2013-09-10 14:44:27 +02:00 |
|
Paul Bakker
|
36b7e1efe7
|
Merged GCM refactoring into development
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
|
2013-09-10 14:41:05 +02:00 |
|
Manuel Pégourié-Gonnard
|
ea53a55c0f
|
Refactor to prepare for RSA blinding optimisation
|
2013-09-10 13:55:35 +02:00 |
|
Paul Bakker
|
1c3853b953
|
oid_get_oid_by_*() now give back oid length as well
|
2013-09-10 11:43:44 +02:00 |
|
Paul Bakker
|
7db0109436
|
Made POLARSSL_MD_MAX_SIZE dependent on POLARSSL_SHA512_C
|
2013-09-10 11:10:57 +02:00 |
|
Paul Bakker
|
eba3ccf785
|
Typo in config.h
|
2013-09-09 15:56:09 +02:00 |
|
Paul Bakker
|
f9f377e652
|
CSR Parsing (without attributes / extensions) implemented
|
2013-09-09 15:35:10 +02:00 |
|
Paul Bakker
|
cdda097507
|
Fixed doxygen documentation in asn1.h (added \brief)
|
2013-09-09 12:51:29 +02:00 |
|
Paul Bakker
|
52be08c299
|
Added support for writing Key Usage and NS Cert Type extensions
|
2013-09-09 12:38:45 +02:00 |
|
Paul Bakker
|
cd35803684
|
Changes x509_csr to x509write_csr
|
2013-09-09 12:38:45 +02:00 |
|
Paul Bakker
|
5f45e62afe
|
Migrated from x509_req_name to asn1_named_data structure
|
2013-09-09 12:02:36 +02:00 |
|
Paul Bakker
|
c547cc992e
|
Added generic asn1_free_named_data_list()
|
2013-09-09 12:01:23 +02:00 |
|
Paul Bakker
|
59ba59fa30
|
Generalized x509_set_extension() behaviour to asn1_store_named_data()
|
2013-09-09 11:34:44 +02:00 |
|
Paul Bakker
|
43aff2aec4
|
Moved GCM to use cipher layer instead of AES directly
|
2013-09-09 00:10:27 +02:00 |
|
Paul Bakker
|
f46b6955e3
|
Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode)
|
2013-09-09 00:08:26 +02:00 |
|
Paul Bakker
|
5e0efa7ef5
|
Added POLARSSL_MODE_ECB to the cipher layer
|
2013-09-08 23:04:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
032c34e206
|
Don't use DH blinding for ephemeral DH
|
2013-09-07 13:06:27 +02:00 |
|
Manuel Pégourié-Gonnard
|
337b29c334
|
Test and document EC blinding overhead
|
2013-09-07 11:52:27 +02:00 |
|
Paul Bakker
|
15162a054a
|
Writing of X509v3 extensions supported
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
|
2013-09-06 19:27:21 +02:00 |
|
Paul Bakker
|
329def30c5
|
Added asn1_write_bool()
|
2013-09-06 16:34:38 +02:00 |
|
Paul Bakker
|
9397dcb0e8
|
Base X509 certificate writing functinality
|
2013-09-06 10:36:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
7da0a38d43
|
Rm some includes that are now useless
|
2013-09-05 17:06:11 +02:00 |
|
Manuel Pégourié-Gonnard
|
b8bd593741
|
Restrict cipher_update() for GCM
|
2013-09-05 17:06:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
226d5da1fc
|
GCM ciphersuites partially using cipher layer
|
2013-09-05 17:06:10 +02:00 |
|
Manuel Pégourié-Gonnard
|
143b5028a5
|
Implement DH blinding
|
2013-09-04 16:29:59 +02:00 |
|
Paul Bakker
|
c049955b32
|
Merged new cipher layer enhancements
|
2013-09-04 16:12:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
2d627649bf
|
Change dhm_calc_secret() prototype
|
2013-09-04 14:22:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
ce4112538c
|
Fix RC4 key length in cipher
|
2013-09-04 12:29:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
83f3fc0d77
|
Add AES-192-GCM
|
2013-09-04 12:14:13 +02:00 |
|
Manuel Pégourié-Gonnard
|
43a4780b03
|
Ommit AEAD functions if GCM not defined
|
2013-09-03 19:28:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
aa9ffc5e98
|
Split tag handling out of cipher_finish()
|
2013-09-03 19:20:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
2adc40c346
|
Split cipher_update_ad() out or cipher_reset()
|
2013-09-03 19:20:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
a235b5b5bd
|
Fix iv_len interface.
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
|
2013-09-03 13:25:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
9c853b910c
|
Split cipher_set_iv() out of cipher_reset()
|
2013-09-03 13:04:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
e09d2f8261
|
Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
|
2013-09-02 14:29:09 +02:00 |
|
Paul Bakker
|
eb851f6cd5
|
Merged current cipher enhancements for ARC4 and AES-GCM
|
2013-09-01 15:49:38 +02:00 |
|
Manuel Pégourié-Gonnard
|
9241be7ac5
|
Change cipher prototypes for GCM
|
2013-08-31 18:07:42 +02:00 |
|
Paul Bakker
|
da02a7f45e
|
AES_CBC ciphersuites now run purely via cipher layer
|
2013-08-31 17:25:14 +02:00 |
|
Manuel Pégourié-Gonnard
|
b5e85885de
|
Handle NULL as a stream cipher for more uniformity
|
2013-08-30 17:11:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
37e230c022
|
Add arc4 support in the cipher layer
|
2013-08-30 17:11:28 +02:00 |
|
Paul Bakker
|
f451bac000
|
Blinding RSA only active when f_rng is provided
|
2013-08-30 15:48:53 +02:00 |
|
Paul Bakker
|
48377d9834
|
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
|
2013-08-30 13:41:14 +02:00 |
|
Paul Bakker
|
548957dd49
|
Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
|
2013-08-30 10:30:02 +02:00 |
|
Paul Bakker
|
ca174fef80
|
Merged refactored x509write module into development
|
2013-08-28 16:32:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
c852a68b96
|
More robust selection of ctx_enc size
|
2013-08-28 13:13:30 +02:00 |
|
Paul Bakker
|
577e006c2f
|
Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
|
2013-08-28 11:58:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
acc7505a35
|
Temporary fix for size of cipher contexts
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
db77175e99
|
Make ecdsa_verify() return value more explicit
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
2fb15f694c
|
Un-rename ssl_set_own_cert_alt()
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
c6b6803dcf
|
Add forgotten "inline" keyword
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
e511ffca50
|
Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
bfe32efb9b
|
pk_{sign,verify}() now accept hash_len = 0
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
a20c58c6f1
|
Use convert functions for SSL_SIG_* and SSL_HASH_*
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
51be559c53
|
Fix PKCS#11 deps: now goes through PK
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
c40b4c3708
|
Add configuration item for the PK module
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
0d42049440
|
Merge code for RSA and ECDSA in SSL
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
070cc7fd21
|
Use the new PK RSA-alt interface
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
12c1ff0ecb
|
Add RSA-alt to the PK layer
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
a2d3f22007
|
Add and use pk_encrypt(), pk_decrypt()
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
8df2769178
|
Introduce pk_sign() and use it in ssl
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
ac75523593
|
Adapt ssl_set_own_cert() to generic keys
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
09edda888e
|
Check key type against selected key exchange
|
2013-08-27 22:21:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
32ea60a127
|
Declare ECDSA key exchange and ciphersuites
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
|
2013-08-27 22:21:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b03200e96
|
Add server-side support for ECDSA client auth
|
2013-08-27 22:21:19 +02:00 |
|
Paul Bakker
|
0be444a8b1
|
Ability to disable server_name extension (RFC 6066)
|
2013-08-27 21:55:01 +02:00 |
|
Paul Bakker
|
d2f068e071
|
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
|
2013-08-27 21:19:20 +02:00 |
|
Paul Bakker
|
fb08fd2e23
|
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
|
2013-08-27 15:06:54 +02:00 |
|
Paul Bakker
|
9852d00de6
|
Moved asn1write funtions to use asn1_write_raw_buffer()
|
2013-08-26 17:56:37 +02:00 |
|
Paul Bakker
|
7accbced87
|
Doxygen documentation added to asn1write.h
|
2013-08-26 17:37:18 +02:00 |
|
Paul Bakker
|
f3df61ad10
|
Generalized PEM writing in x509write module for RSA keys as well
|
2013-08-26 17:37:18 +02:00 |
|
Paul Bakker
|
135f1e9c70
|
Move PEM conversion of DER data to x509write module
|
2013-08-26 17:37:18 +02:00 |
|
Paul Bakker
|
1c0e550e21
|
Added support for Netscape Certificate Types in CSR writing
Further generalization of extension adding / replacing in the CSR
structure
|
2013-08-26 17:37:18 +02:00 |
|
Paul Bakker
|
e5eae76bf0
|
Generalized the x509write_csr_set_key_usage() function and key_usage
storage
|
2013-08-26 17:37:18 +02:00 |
|
Paul Bakker
|
6db915b5a9
|
Added asn1_write_raw_buffer()
|
2013-08-26 17:37:17 +02:00 |
|
Manuel Pégourié-Gonnard
|
5151b45aa1
|
Minor comment fixes
|
2013-08-26 14:31:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
38d1eba3b5
|
Move verify_result from ssl_context to session
|
2013-08-26 14:26:02 +02:00 |
|
Paul Bakker
|
fde4270186
|
Added support for writing key_usage extension
|
2013-08-25 14:47:27 +02:00 |
|
Paul Bakker
|
598e450538
|
Added asn1_write_bitstring() and asn1_write_octet_string()
|
2013-08-25 14:46:39 +02:00 |
|