Manuel Pégourié-Gonnard
0079405918
Add functions for read/write ECPoint records
2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Manuel Pégourié-Gonnard
3aeb5a7192
Add ECDSA signature primitive.
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
b309ab2936
Add ECDSA sign primitive
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
2aea1416f9
Add skeleton ecdsa.[ch]
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
6545ca7bed
Add ECDH primitives
2013-01-26 19:11:24 +01:00
Manuel Pégourié-Gonnard
0bad5c2381
Add skeleton ecdh.[ch]
2013-01-26 15:30:46 +01:00
Manuel Pégourié-Gonnard
45a035a9ac
Add ecp_gen_keypair()
2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
f626e1dd28
Fixed comment on maximum tested size for POLARSSL_MPI_MAX_LIMBS
2013-01-21 12:14:17 +01:00
Paul Bakker
cf4365f560
Updated error codes for ECP
2013-01-16 17:00:43 +01:00
Manuel Pégourié-Gonnard
5e402d88ea
Added ecp_read_binary().
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3
Added support for writing points compressed
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46
Added ecp_write_binary().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63
Added ecp_check_pubkey().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5
Made ecp_mul() faster and truly SPA resistant
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
855560758c
Added function preparing for faster multiplication
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e
Added ecp_sub() as a variant of ecp_add()
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c
Changed to jacobian coordinates everywhere
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
773ed546a2
Added a nbits member to ecp_group
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb
Multiplication by negative is now forbidden
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4712325777
Clarifications in comments; code cosmetics & style
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
dada4da33f
Moved domain paramaters to ecp.c
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
62aad14139
Added slot for fast modp, with mod_p521
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e0c16922f9
Point multiplication using Jacobian coordinates
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
a5402fee04
Added ecp_use_known_dp()
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c
Got first tests working, fixed ecp_copy()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
847395a8a9
Added ecp_XXX_read_string()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
7cfcea349c
Documented error codes properly
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
ae180d0f20
Got started on ecp_add(): generic case done
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
883f313516
Added ecp_copy() (for points)
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
5179e463d5
Allowed point at infinity, supressed ecp_double()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
d7e4570ad1
Copied ECP parameters from RFC 5114
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
39d2adbbd0
Added (skeleton) ecp.[ch]
2013-01-16 16:31:48 +01:00
Paul Bakker
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
Paul Bakker
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
Paul Bakker
769075dfb6
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 11:26:46 +01:00
Paul Bakker
926af7582a
Fixed client certificate handling with TLS 1.2
2012-11-23 13:38:07 +01:00
Paul Bakker
e667c98fb1
Added p_hw_data to ssl_context for context specific hardware acceleration data
2012-11-20 13:50:22 +01:00
Paul Bakker
1f9d02dc90
Added more notes / comments on own_cert, trust_ca purposes
2012-11-20 10:30:55 +01:00
Paul Bakker
25338d74ac
Added proper gitignores for Linux CMake use
2012-11-18 22:56:39 +01:00
Paul Bakker
43ae298410
- Fixed argument types
2012-11-14 12:14:19 +00:00
Paul Bakker
34d8dbcc6d
- Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0)
2012-11-14 12:11:38 +00:00
Paul Bakker
e0f41f3086
- Updated version to 1.2.1
2012-11-13 12:55:02 +00:00
Paul Bakker
c893e0257f
- Added extra documentation
2012-11-07 20:41:16 +00:00
Paul Bakker
096348fa79
- Fixed comments / typos
2012-11-07 20:05:38 +00:00
Paul Bakker
77db6ce348
- Fixed doxygen blocks
2012-11-07 19:57:39 +00:00
Paul Bakker
6831c4a1a8
- Fixed typos
2012-11-07 19:46:27 +00:00
Paul Bakker
7c900780d9
- Default to disabled renegotiation
2012-11-04 16:29:08 +00:00
Paul Bakker
7a2538ee38
- Fixes for MSVC6
2012-11-02 10:59:36 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
4f024b7ba9
- Fixed for SPARC64
2012-10-30 07:29:57 +00:00
Paul Bakker
df2bb75c28
- Premaster should have a maximum of MPI size
2012-10-24 14:30:00 +00:00
Paul Bakker
ba26e9ebfd
- Cache now only allows a maximum of entries in cache for preventing memory overrun
2012-10-23 22:18:28 +00:00
Paul Bakker
0fd018efb2
- Fixed preprocessor typo
2012-10-23 12:44:47 +00:00
Paul Bakker
09f097d45f
- Added more documentation on disable / enable renegotiation
2012-10-23 11:54:56 +00:00
Paul Bakker
2b6af2fbf0
- Only define mpi_read_file and mpi_write_file if POLARSSL_FS_IO is present
2012-10-23 11:08:02 +00:00
Paul Bakker
0f5281a35b
- Enlarged buffer to fit gcm_context on all platforms
2012-10-23 11:06:25 +00:00
Paul Bakker
8f387e6605
- Updated trunk base version to 1.2.0 for prerelease 1
2012-10-02 15:26:45 +00:00
Paul Bakker
62261d6bd6
- Rewrote bignum type definition #ifdef tree to work better on all
...
systems
2012-10-02 12:19:31 +00:00
Paul Bakker
9ef6e2bfb6
- Added missing int32_t definition
2012-10-01 20:57:38 +00:00
Paul Bakker
e23c31561f
- Fixed typo
2012-10-01 14:42:47 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
6adff7497a
- Fixed typo
2012-10-01 11:03:14 +00:00
Paul Bakker
23f3680898
- Added proper support for TLS 1.2 signature_algorithm extension on server
...
side
- Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Paul Bakker
da7e3f225a
- Added RFC 3526 2048-bit and 3072-bit MODP groups
2012-09-28 07:18:17 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
f918310193
- Autosize POLARSSL_MPI_RW_BUFFER_SIZE at compile time
2012-09-27 20:42:35 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
5531c6d92c
- Change buffer size on mpi_write_file() to cover larger size MPIs
2012-09-26 19:20:46 +00:00
Paul Bakker
a864f2ee51
- Removed trailing semicolon
2012-09-26 08:29:20 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
894dece46c
- Cleaner return value (for C++)
2012-08-23 08:34:32 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
5552c8c0b3
- Updated documentation
2012-07-05 13:31:54 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
4f9a7bb7fd
- Added Thumb assembly optimizations
2012-07-02 08:36:36 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
6b906e5095
- Const correctness mpi_get_bit()
...
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
c9b3e1e783
- Fixed typo
2012-04-26 18:59:23 +00:00
Paul Bakker
84bef1db2c
- Fixed DHM length to correct one
2012-04-20 13:42:02 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00