Manuel Pégourié-Gonnard
|
8a109f106d
|
Optimize RSA blinding by caching-updating values
|
2013-09-10 13:55:36 +02:00 |
|
Manuel Pégourié-Gonnard
|
ea53a55c0f
|
Refactor to prepare for RSA blinding optimisation
|
2013-09-10 13:55:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
032c34e206
|
Don't use DH blinding for ephemeral DH
|
2013-09-07 13:06:27 +02:00 |
|
Manuel Pégourié-Gonnard
|
ed8a02bfae
|
Simplify DH blinding a bit
|
2013-09-04 17:18:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
143b5028a5
|
Implement DH blinding
|
2013-09-04 16:29:59 +02:00 |
|
Manuel Pégourié-Gonnard
|
2d627649bf
|
Change dhm_calc_secret() prototype
|
2013-09-04 14:22:07 +02:00 |
|
Manuel Pégourié-Gonnard
|
07de4b1d08
|
Implement randomized coordinates in ecp_mul()
|
2013-09-02 16:26:04 +02:00 |
|
Manuel Pégourié-Gonnard
|
c75c56fef7
|
Fix off-by-one error in ecdsa_write_signature()
Made some signature fail with 521-bit curve
|
2013-09-02 16:25:37 +02:00 |
|
Manuel Pégourié-Gonnard
|
e09d2f8261
|
Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
|
2013-09-02 14:29:09 +02:00 |
|
Paul Bakker
|
f451bac000
|
Blinding RSA only active when f_rng is provided
|
2013-08-30 15:48:53 +02:00 |
|
Paul Bakker
|
48377d9834
|
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
|
2013-08-30 13:41:14 +02:00 |
|
Paul Bakker
|
aab30c130c
|
RSA blinding added for CRT operations
|
2013-08-30 11:03:09 +02:00 |
|
Paul Bakker
|
548957dd49
|
Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
|
2013-08-30 10:30:02 +02:00 |
|
Paul Bakker
|
ca174fef80
|
Merged refactored x509write module into development
|
2013-08-28 16:32:51 +02:00 |
|
Paul Bakker
|
9659dae046
|
Some extra code defined out
|
2013-08-28 16:21:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
c852a68b96
|
More robust selection of ctx_enc size
|
2013-08-28 13:13:30 +02:00 |
|
Manuel Pégourié-Gonnard
|
cffe4a65bd
|
Move "constant" code outside a loop
|
2013-08-28 13:13:20 +02:00 |
|
Paul Bakker
|
577e006c2f
|
Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
|
2013-08-28 11:58:40 +02:00 |
|
Manuel Pégourié-Gonnard
|
57a8783364
|
Make more room for ciphersuites
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
db77175e99
|
Make ecdsa_verify() return value more explicit
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
9cc6f5c61b
|
Fix some hash debugging
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
4bd1284f59
|
Fix ECDSA hash selection bug with TLS 1.0 and 1.1
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
9c9812a299
|
Fix bug introduced in dbf69cf
(Was writing outside array bounds.)
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
df0142bd17
|
Fix some dependencies in tests
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
2fb15f694c
|
Un-rename ssl_set_own_cert_alt()
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
e511ffca50
|
Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
ee98f8e7a3
|
Add EC certificates in certs.c
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
f484282e96
|
Rm a few unneeded tests
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
d11eb7c789
|
Fix sig_alg extension on client.
Temporary solution on server.
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
bfe32efb9b
|
pk_{sign,verify}() now accept hash_len = 0
|
2013-08-27 22:21:21 +02:00 |
|
Manuel Pégourié-Gonnard
|
a20c58c6f1
|
Use convert functions for SSL_SIG_* and SSL_HASH_*
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
c40b4c3708
|
Add configuration item for the PK module
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
0d42049440
|
Merge code for RSA and ECDSA in SSL
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
070cc7fd21
|
Use the new PK RSA-alt interface
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
12c1ff0ecb
|
Add RSA-alt to the PK layer
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
a2d3f22007
|
Add and use pk_encrypt(), pk_decrypt()
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
8df2769178
|
Introduce pk_sign() and use it in ssl
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
583b608401
|
Fix some return values
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
76c18a1a77
|
Add client support for ECDSA client auth
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
abae74c4a0
|
Add server support for ECDHE_ECDSA key exchange
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
ac75523593
|
Adapt ssl_set_own_cert() to generic keys
|
2013-08-27 22:21:20 +02:00 |
|
Manuel Pégourié-Gonnard
|
09edda888e
|
Check key type against selected key exchange
|
2013-08-27 22:21:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
20846b1a50
|
Add client support for ECDHE_ECDSA key exchange
|
2013-08-27 22:21:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
efebb0a394
|
Refactor ssl_parse_server_key_exchange() a bit
|
2013-08-27 22:21:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
32ea60a127
|
Declare ECDSA key exchange and ciphersuites
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
|
2013-08-27 22:21:19 +02:00 |
|
Manuel Pégourié-Gonnard
|
0b03200e96
|
Add server-side support for ECDSA client auth
|
2013-08-27 22:21:19 +02:00 |
|
Paul Bakker
|
0be444a8b1
|
Ability to disable server_name extension (RFC 6066)
|
2013-08-27 21:55:01 +02:00 |
|
Paul Bakker
|
d2f068e071
|
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
|
2013-08-27 21:19:20 +02:00 |
|
Paul Bakker
|
fb08fd2e23
|
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
|
2013-08-27 15:06:54 +02:00 |
|
Paul Bakker
|
9852d00de6
|
Moved asn1write funtions to use asn1_write_raw_buffer()
|
2013-08-26 17:56:37 +02:00 |
|