Manuel Pégourié-Gonnard
661536677b
Add Curve25519 to known groups
2013-12-05 15:58:37 +01:00
Paul Bakker
9dc53a9967
Merged client ciphersuite order preference option
2013-12-02 14:56:27 +01:00
Paul Bakker
014f143c2a
Merged EC key generation support
2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard
1a9f2c7245
Add option to respect client ciphersuite order
2013-11-30 18:30:06 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b
Add ecp_curve_info_from_name()
2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6
Add ecp_genkey(), prettier wrapper
2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
e3339ce296
Document x509_crt_parse_path() threading behaviour
2013-11-28 18:07:39 +01:00
Manuel Pégourié-Gonnard
964bf9b92f
Quit using readdir_r()
...
Prone to buffer overflows on some platforms.
2013-11-28 18:07:39 +01:00
Paul Bakker
88cd22646c
Merged ciphersuite version improvements
2013-11-26 15:22:19 +01:00
Manuel Pégourié-Gonnard
3eaa8e7005
Clarify comments of mpi_mul_int()
2013-11-26 15:19:56 +01:00
Paul Bakker
3209ce3692
Merged ECP improvements
2013-11-26 15:19:17 +01:00
Manuel Pégourié-Gonnard
a5bdfcde53
Relax some SHA2 ciphersuite's version requirements
...
Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)
Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision)
2013-11-26 13:59:43 +01:00
Manuel Pégourié-Gonnard
96c7a92b08
Change mpi_safe_cond_assign() for more const-ness
2013-11-25 18:28:53 +01:00
Paul Bakker
e4c71f0e11
Merged Prime generation improvements
2013-11-25 14:27:28 +01:00
Paul Bakker
45f457d872
Reverted API change for mpi_is_prime()
2013-11-25 14:26:52 +01:00
Manuel Pégourié-Gonnard
378fb4b70a
Split mpi_is_prime() and make its first arg const
2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
0160eacc82
gen_prime: ensure X = 2 mod 3 -> 2.5x speedup
2013-11-22 17:54:59 +01:00
Manuel Pégourié-Gonnard
d728350cee
Make memory access pattern constant
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601
Add mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07
Add mpi_shrink()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968
Tighten ecp_mul() validity checks
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
09ceaf49d0
Rm multiplication using NAF
...
Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated).
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
c30200e4ce
Fix bound issues
2013-11-21 21:56:37 +01:00
Manuel Pégourié-Gonnard
d1c1ba90ca
First version of ecp_mul_comb()
2013-11-21 21:56:20 +01:00
Paul Bakker
a9a028ebd0
SSL now gracefully handles missing RNG
2013-11-21 17:31:06 +01:00
Steffan Karger
28d81a009c
Fix pkcs11.c to conform to PolarSSL 1.3 API.
...
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Steffan Karger
44cf68f262
compat-1.2.h: Make inline functions static
...
This makes it is possible to include the header from multiple .c files,
without getting tons of 'multiple declaration' compiler errors.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:13 +01:00
Paul Bakker
f4dc186818
Prep for PolarSSL 1.3.2
2013-11-04 17:29:42 +01:00
Paul Bakker
d46a9f1a82
Added missing endif in compat-1.2.h
2013-10-31 14:34:19 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Manuel Pégourié-Gonnard
31ff1d2e4f
Safer buffer comparisons in the SSL modules
2013-10-31 14:23:12 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
214eed38c7
Make ssl_renegotiate the only interface
...
ssl_write_hello_request() is no private
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
caed0541a0
Allow ssl_renegotiate() to be called in a loop
...
Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Paul Bakker
7b0be68977
Support for serialNumber, postalAddress and postalCode in X509 names
2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75
Defines for UEFI environment under MSVC added
2013-10-29 14:05:38 +01:00
Paul Bakker
60b1d10131
Fixed spelling / typos (from PowerDNS:codespell)
2013-10-29 10:02:51 +01:00
Paul Bakker
50dc850c52
Const correctness
2013-10-28 21:19:10 +01:00
Paul Bakker
1642122f8b
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d
Merged optimizations for MODP NIST curves
2013-10-28 14:18:26 +01:00
Manuel Pégourié-Gonnard
21ef42f257
Don't select a PSK ciphersuite if no key available
2013-10-28 14:00:45 +01:00
Manuel Pégourié-Gonnard
18dc0e2746
CERTS_C depends on PEM_PARSE_C
2013-10-28 13:59:26 +01:00
Manuel Pégourié-Gonnard
7c3291ea87
Check dependencies of protocol versions on hashes
2013-10-28 13:58:56 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d
X509 key identifiers depend on SHA1
2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard
c59c9c1453
Fix typo in b8012fca
(ECP needs at least one curve)
2013-10-28 13:57:39 +01:00
Paul Bakker
677377f472
Server does not send out extensions not advertised by client
2013-10-28 12:54:26 +01:00
Manuel Pégourié-Gonnard
a8a25ae1b9
Fix bad error codes
2013-10-27 13:48:15 +01:00
Manuel Pégourié-Gonnard
9d70373449
Update ciphersuite lists in config.h
2013-10-25 18:01:50 +02:00