Manuel Pégourié-Gonnard
a2d3f22007
Add and use pk_encrypt(), pk_decrypt()
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
8df2769178
Introduce pk_sign() and use it in ssl
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
583b608401
Fix some return values
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
76c18a1a77
Add client support for ECDSA client auth
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
abae74c4a0
Add server support for ECDHE_ECDSA key exchange
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
09edda888e
Check key type against selected key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
20846b1a50
Add client support for ECDHE_ECDSA key exchange
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
efebb0a394
Refactor ssl_parse_server_key_exchange() a bit
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
32ea60a127
Declare ECDSA key exchange and ciphersuites
...
Also fix bug in ssl_list_ciphersuites().
For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard
0b03200e96
Add server-side support for ECDSA client auth
2013-08-27 22:21:19 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
d2f068e071
Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually
2013-08-27 21:19:20 +02:00
Paul Bakker
fb08fd2e23
Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
2013-08-27 15:06:54 +02:00
Paul Bakker
9852d00de6
Moved asn1write funtions to use asn1_write_raw_buffer()
2013-08-26 17:56:37 +02:00
Paul Bakker
7accbced87
Doxygen documentation added to asn1write.h
2013-08-26 17:37:18 +02:00
Paul Bakker
f3df61ad10
Generalized PEM writing in x509write module for RSA keys as well
2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70
Move PEM conversion of DER data to x509write module
2013-08-26 17:37:18 +02:00
Paul Bakker
57be6e22cf
cert_req now supports key_usage and ns_cert_type command line options
2013-08-26 17:37:18 +02:00
Paul Bakker
624d03a3f7
Fixed length of key_usage bitstring to 7 bits
2013-08-26 17:37:18 +02:00
Paul Bakker
1c0e550e21
Added support for Netscape Certificate Types in CSR writing
...
Further generalization of extension adding / replacing in the CSR
structure
2013-08-26 17:37:18 +02:00
Paul Bakker
e5eae76bf0
Generalized the x509write_csr_set_key_usage() function and key_usage
...
storage
2013-08-26 17:37:18 +02:00
Paul Bakker
6db915b5a9
Added asn1_write_raw_buffer()
2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard
0a20171d52
Fix compiler warning from gcc -Os
2013-08-26 14:31:43 +02:00
Manuel Pégourié-Gonnard
70f1768b9d
Make two format strings literal
...
Fixes clang warning
2013-08-26 14:31:33 +02:00
Manuel Pégourié-Gonnard
5151b45aa1
Minor comment fixes
2013-08-26 14:31:20 +02:00
Manuel Pégourié-Gonnard
356da16ce3
Update VisualStudio files
2013-08-26 14:31:01 +02:00
Manuel Pégourié-Gonnard
c6554aab3d
Check length of session tickets we write
2013-08-26 14:26:33 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5
Move verify_result from ssl_context to session
2013-08-26 14:26:02 +02:00
Paul Bakker
8adf13bd92
Added pem2der utility application
2013-08-26 10:38:54 +02:00
Paul Bakker
fde4270186
Added support for writing key_usage extension
2013-08-25 14:47:27 +02:00
Paul Bakker
598e450538
Added asn1_write_bitstring() and asn1_write_octet_string()
2013-08-25 14:46:39 +02:00
Paul Bakker
ef0ba55a78
Removed old X509 write data from x509.h
2013-08-25 11:48:10 +02:00
Paul Bakker
f677466d9a
Doxygen documentation added to x509write.h
2013-08-25 11:47:51 +02:00
Paul Bakker
0e06c0fdb4
Assigned error codes to the error defines
2013-08-25 11:21:30 +02:00
Paul Bakker
82e2945ed2
Changed naming and prototype convention for x509write functions
...
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
384d4351ce
Added cert_req to CMakeLists.txt
2013-08-25 10:51:18 +02:00
Paul Bakker
2130796658
Switched order of storing x509_req_names to match inputed order
2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461
Rewrote x509 certificate request writing to use structure for storing
2013-08-25 10:51:18 +02:00
Paul Bakker
43fdd617e1
Merged update certificate verification for EC certificates into
...
development
2013-08-20 23:13:29 +02:00
Paul Bakker
ca2da515f3
Merged ECDSA tests / enhancements and example into development
2013-08-20 23:12:59 +02:00
Paul Bakker
2b217c36b6
Merged latest fix for test framework revamp into development
2013-08-20 23:11:42 +02:00
Paul Bakker
667086b01d
Fixed Makefile leftover typo
2013-08-20 23:11:06 +02:00
Manuel Pégourié-Gonnard
fff80f8879
PK: use NULL for unimplemented operations
2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard
f73da02962
PK: change pk_verify arguments (md_info "optional")
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ab46694558
Change pk_set_type to pk_init_ctx for consistency
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
7e56de1671
Adapt ssl_cert_test to changes in PK
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
ac4cd36297
PK rsa_verify: check signature length
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
15699380e5
Small PK cleanups
...
- better error codes
- rm now-useless include
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c
PK: rename members for consistency CIPHER, MD
...
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00