Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a60fe8943d 
								
							 
						 
						
							
							
								
								Add mpi_safe_cond_swap()  
							
							
							
						 
						
							2013-12-05 15:58:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								97871ef236 
								
							 
						 
						
							
							
								
								Some operations are not supported with Curve25519  
							
							
							
						 
						
							2013-12-05 15:58:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								661536677b 
								
							 
						 
						
							
							
								
								Add Curve25519 to known groups  
							
							
							
						 
						
							2013-12-05 15:58:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								9dc53a9967 
								
							 
						 
						
							
							
								
								Merged client ciphersuite order preference option  
							
							
							
						 
						
							2013-12-02 14:56:27 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								014f143c2a 
								
							 
						 
						
							
							
								
								Merged EC key generation support  
							
							
							
						 
						
							2013-12-02 14:55:09 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								1a9f2c7245 
								
							 
						 
						
							
							
								
								Add option to respect client ciphersuite order  
							
							
							
						 
						
							2013-11-30 18:30:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								0267e3dc9b 
								
							 
						 
						
							
							
								
								Add ecp_curve_info_from_name()  
							
							
							
						 
						
							2013-11-30 15:10:14 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								104ee1d1f6 
								
							 
						 
						
							
							
								
								Add ecp_genkey(), prettier wrapper  
							
							
							
						 
						
							2013-11-30 14:35:07 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								e3339ce296 
								
							 
						 
						
							
							
								
								Document x509_crt_parse_path() threading behaviour  
							
							
							
						 
						
							2013-11-28 18:07:39 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								964bf9b92f 
								
							 
						 
						
							
							
								
								Quit using readdir_r()  
							
							... 
							
							
							
							Prone to buffer overflows on some platforms. 
							
						 
						
							2013-11-28 18:07:39 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								88cd22646c 
								
							 
						 
						
							
							
								
								Merged ciphersuite version improvements  
							
							
							
						 
						
							2013-11-26 15:22:19 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								3eaa8e7005 
								
							 
						 
						
							
							
								
								Clarify comments of mpi_mul_int()  
							
							
							
						 
						
							2013-11-26 15:19:56 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								3209ce3692 
								
							 
						 
						
							
							
								
								Merged ECP improvements  
							
							
							
						 
						
							2013-11-26 15:19:17 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								a5bdfcde53 
								
							 
						 
						
							
							
								
								Relax some SHA2 ciphersuite's version requirements  
							
							... 
							
							
							
							Changed:
- PSK ciphersuites (RFC 5487, section 3)
- ECDHE-PSK ciphersuites (RFC 5489, section 3)
- Additional Camellia ciphersuites (RFC 6367, sec 3.3)
Unchanged:
- all GCM ciphersuites
- Camellia ciphersuites from RFC 5932 (sec. 3.3.2)
- ECC-SHA2 ciphersuites from RFC 5289 (unclear)
- SHA2 from RFC 5246 (TLS 1.2, no precision) 
							
						 
						
							2013-11-26 13:59:43 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								96c7a92b08 
								
							 
						 
						
							
							
								
								Change mpi_safe_cond_assign() for more const-ness  
							
							
							
						 
						
							2013-11-25 18:28:53 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								e4c71f0e11 
								
							 
						 
						
							
							
								
								Merged Prime generation improvements  
							
							
							
						 
						
							2013-11-25 14:27:28 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								45f457d872 
								
							 
						 
						
							
							
								
								Reverted API change for mpi_is_prime()  
							
							
							
						 
						
							2013-11-25 14:26:52 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								378fb4b70a 
								
							 
						 
						
							
							
								
								Split mpi_is_prime() and make its first arg const  
							
							
							
						 
						
							2013-11-22 19:40:32 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								0160eacc82 
								
							 
						 
						
							
							
								
								gen_prime: ensure X = 2 mod 3 -> 2.5x speedup  
							
							
							
						 
						
							2013-11-22 17:54:59 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d728350cee 
								
							 
						 
						
							
							
								
								Make memory access pattern constant  
							
							
							
						 
						
							2013-11-21 21:56:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								71c2c21601 
								
							 
						 
						
							
							
								
								Add mpi_safe_cond_assign()  
							
							
							
						 
						
							2013-11-21 21:56:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								5868163e07 
								
							 
						 
						
							
							
								
								Add mpi_shrink()  
							
							
							
						 
						
							2013-11-21 21:56:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								ff27b7c968 
								
							 
						 
						
							
							
								
								Tighten ecp_mul() validity checks  
							
							
							
						 
						
							2013-11-21 21:56:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								09ceaf49d0 
								
							 
						 
						
							
							
								
								Rm multiplication using NAF  
							
							... 
							
							
							
							Comb method is at most 1% slower for random points,
and is way faster for fixed point (repeated). 
							
						 
						
							2013-11-21 21:56:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								c30200e4ce 
								
							 
						 
						
							
							
								
								Fix bound issues  
							
							
							
						 
						
							2013-11-21 21:56:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								d1c1ba90ca 
								
							 
						 
						
							
							
								
								First version of ecp_mul_comb()  
							
							
							
						 
						
							2013-11-21 21:56:20 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								a9a028ebd0 
								
							 
						 
						
							
							
								
								SSL now gracefully handles missing RNG  
							
							
							
						 
						
							2013-11-21 17:31:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Steffan Karger 
							
						 
						
							
							
							
							
								
							
							
								28d81a009c 
								
							 
						 
						
							
							
								
								Fix pkcs11.c to conform to PolarSSL 1.3 API.  
							
							... 
							
							
							
							This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org> 
							
						 
						
							2013-11-20 16:13:27 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Steffan Karger 
							
						 
						
							
							
							
							
								
							
							
								44cf68f262 
								
							 
						 
						
							
							
								
								compat-1.2.h: Make inline functions static  
							
							... 
							
							
							
							This makes it is possible to include the header from multiple .c files,
without getting tons of 'multiple declaration' compiler errors.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org> 
							
						 
						
							2013-11-20 16:13:13 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								f4dc186818 
								
							 
						 
						
							
							
								
								Prep for PolarSSL 1.3.2  
							
							
							
						 
						
							2013-11-04 17:29:42 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								d46a9f1a82 
								
							 
						 
						
							
							
								
								Added missing endif in compat-1.2.h  
							
							
							
						 
						
							2013-10-31 14:34:19 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								993e386a73 
								
							 
						 
						
							
							
								
								Merged renegotiation refactoring  
							
							
							
						 
						
							2013-10-31 14:32:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								31ff1d2e4f 
								
							 
						 
						
							
							
								
								Safer buffer comparisons in the SSL modules  
							
							
							
						 
						
							2013-10-31 14:23:12 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								6d8404d6ba 
								
							 
						 
						
							
							
								
								Server: enforce renegotiation  
							
							
							
						 
						
							2013-10-30 16:48:10 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								9c1e1898b6 
								
							 
						 
						
							
							
								
								Move some code around, improve documentation  
							
							
							
						 
						
							2013-10-30 16:48:09 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								214eed38c7 
								
							 
						 
						
							
							
								
								Make ssl_renegotiate the only interface  
							
							... 
							
							
							
							ssl_write_hello_request() is no private 
							
						 
						
							2013-10-30 16:48:09 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								caed0541a0 
								
							 
						 
						
							
							
								
								Allow ssl_renegotiate() to be called in a loop  
							
							... 
							
							
							
							Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client. 
							
						 
						
							2013-10-30 16:48:09 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								f3dc2f6a1d 
								
							 
						 
						
							
							
								
								Add code for testing server-initiated renegotiation  
							
							
							
						 
						
							2013-10-30 16:46:46 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								7b0be68977 
								
							 
						 
						
							
							
								
								Support for serialNumber, postalAddress and postalCode in X509 names  
							
							
							
						 
						
							2013-10-29 14:24:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								fa6a620b75 
								
							 
						 
						
							
							
								
								Defines for UEFI environment under MSVC added  
							
							
							
						 
						
							2013-10-29 14:05:38 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								60b1d10131 
								
							 
						 
						
							
							
								
								Fixed spelling / typos (from PowerDNS:codespell)  
							
							
							
						 
						
							2013-10-29 10:02:51 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								50dc850c52 
								
							 
						 
						
							
							
								
								Const correctness  
							
							
							
						 
						
							2013-10-28 21:19:10 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								1642122f8b 
								
							 
						 
						
							
							
								
								Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer  
							
							
							
						 
						
							2013-10-28 14:38:35 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								3f917e230d 
								
							 
						 
						
							
							
								
								Merged optimizations for MODP NIST curves  
							
							
							
						 
						
							2013-10-28 14:18:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								21ef42f257 
								
							 
						 
						
							
							
								
								Don't select a PSK ciphersuite if no key available  
							
							
							
						 
						
							2013-10-28 14:00:45 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								18dc0e2746 
								
							 
						 
						
							
							
								
								CERTS_C depends on PEM_PARSE_C  
							
							
							
						 
						
							2013-10-28 13:59:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								7c3291ea87 
								
							 
						 
						
							
							
								
								Check dependencies of protocol versions on hashes  
							
							
							
						 
						
							2013-10-28 13:58:56 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								3daaf3d21d 
								
							 
						 
						
							
							
								
								X509 key identifiers depend on SHA1  
							
							
							
						 
						
							2013-10-28 13:58:32 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
						
							
							
							
							
								
							
							
								c59c9c1453 
								
							 
						 
						
							
							
								
								Fix typo in  b8012fca (ECP needs at least one curve)  
							
							
							
						 
						
							2013-10-28 13:57:39 +01:00 
							
								 
							
						 
					 
				
					
						
							
							
								Paul Bakker 
							
						 
						
							
							
							
							
								
							
							
								677377f472 
								
							 
						 
						
							
							
								
								Server does not send out extensions not advertised by client  
							
							
							
						 
						
							2013-10-28 12:54:26 +01:00