- 04 4月, 2013 6 次提交
-
-
由 Andy Polyakov 提交于
Give CBC decrypt approximately same treatment as to CTR and collect 25%.
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Dr. Stephen Henson 提交于
-
- 01 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 31 3月, 2013 2 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
Submitted by: David Miller
-
- 30 3月, 2013 2 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
- 28 3月, 2013 4 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 944bc29f9004cf8851427ebfa83ee70b8399da57)
-
由 Dr. Stephen Henson 提交于
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in DTLS 1.2 mode too.
-
由 Dr. Stephen Henson 提交于
The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2 too.
-
由 Dr. Stephen Henson 提交于
Add DTLS1.2 support for cached records when computing handshake macs instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the equivalent TLS 1.2 code to DTLS).
-
- 27 3月, 2013 1 次提交
-
-
由 Matt Caswell 提交于
Don't check for binary curves by checking methods: the values will be different in FIPS mode as they are redirected to the validated module version.
-
- 26 3月, 2013 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
-
由 Dr. Stephen Henson 提交于
Since this is always called from DTLS code it is safe to assume the header length should be the DTLS value. This avoids the need to check the version number and should work with any version of DTLS (not just 1.0).
-
由 Dr. Stephen Henson 提交于
Extend DTLS method creation macros to support version numbers and encryption methods. Update existing code.
-
由 Dr. Stephen Henson 提交于
Some TLS extensions were disabled for DTLS. Possibly because they caused problems with the old duplicated code. Enable them again.
-
由 Andy Polyakov 提交于
Based on suggestions from Shay Gueron and Vlad Krasnov. PR: 3021
-
- 25 3月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 20 3月, 2013 2 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
- 19 3月, 2013 3 次提交
-
-
由 Dr. Stephen Henson 提交于
The only standard compression method is stateful and is incompatible with DTLS.
-
由 Dr. Stephen Henson 提交于
-
由 Andy Polyakov 提交于
PR: 3002
-
- 18 3月, 2013 6 次提交
-
-
由 Dr. Stephen Henson 提交于
Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding which versions support each requirement.
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Revise DTLS code. There was a *lot* of code duplication in the DTLS code that generates records. This makes it harder to maintain and sometimes a TLS update is omitted by accident from the DTLS code. Specifically almost all of the record generation functions have code like this: some_pointer = buffer + HANDSHAKE_HEADER_LENGTH; ... Record creation stuff ... set_handshake_header(ssl, SSL_MT_SOMETHING, message_len); ... write_handshake_message(ssl); Where the "Record creation stuff" is identical between SSL/TLS and DTLS or in some cases has very minor differences. By adding a few fields to SSL3_ENC to include the header length, some flags and function pointers for handshake header setting and handshake writing the code can cope with both cases. Note: although this passes "make test" and some simple DTLS tests there may be some minor differences in the DTLS code that have to be accounted for.
-
由 Michael Tuexen 提交于
-
由 Dr. Stephen Henson 提交于
If an ASN1_INTEGER structure is allocated but not explicitly set encode it as zero: don't generate an invalid zero length INTEGER. (cherry picked from commit 1643edc63c3e15b6db5a15a728bc288f2cc2bbc7)
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 1546fb780bc11556a18d70c5fb29af4a9d5beaff)
-
- 11 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add DTLS record header parsing, different client hello format and add HelloVerifyRequest message type. Add code to d1_pkt.c to send message headers to the message callback.
-
- 07 3月, 2013 3 次提交
-
-
由 Andy Polyakov 提交于
-
由 Dr. Stephen Henson 提交于
Add code to support GCM an CCM modes in evp_test. On encrypt this will compare the expected ciphertext and tag. On decrypt it will compare the expected plaintext: tag comparison is done internally. Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
-
由 Dr. Stephen Henson 提交于
-
- 06 3月, 2013 3 次提交
-
-
由 Andy Polyakov 提交于
Thanks to Shay Gueron & Vlad Krasnov for report.
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Simple example of CCM code use: translated from the FIPS self tests.
-