Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
321df6fb80
- Expanded rsa_check_privkey() to check DP, DQ and QP as well
2012-09-27 13:21:34 +00:00
Paul Bakker
5531c6d92c
- Change buffer size on mpi_write_file() to cover larger size MPIs
2012-09-26 19:20:46 +00:00
Paul Bakker
49d75678a5
- Support INTEGRITY OS
2012-09-26 15:22:07 +00:00
Paul Bakker
d14277d7de
- Added PBKDF2 error code
2012-09-26 15:19:05 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
2d319fdfcb
- Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover.
2012-09-16 21:34:26 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
b5b20f19e7
- Extra sanity check for input added
2012-09-16 15:07:49 +00:00
Paul Bakker
5f70b25c9b
- Correctly handle SHA256 ciphersuites in SSLv3
...
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
ec636f3bdd
- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
2012-09-09 19:17:02 +00:00
Paul Bakker
94a6796179
- Correctly handle MS certificate's key usage bits
2012-08-23 13:03:52 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
535e97dbab
- Better checking for reading over buffer boundaries
...
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
bb51f0cb3d
- Only include md.h if needed by POLARSSL_PKCS1_V21
2012-08-23 07:46:58 +00:00
Paul Bakker
6a2f857b08
- Added DragonflyBSD support
2012-08-23 07:45:37 +00:00
Paul Bakker
3c16db9a10
- Fixed potential memory zeroization on miscrafted RSA key
2012-07-05 13:58:08 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
83f00bba9c
- Updated strerror codes for SSL Compression and Blowfish
2012-07-04 11:08:50 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
cefb396a77
- Handle empty certificate subject names
2012-06-27 11:51:09 +00:00
Paul Bakker
e4791f3936
- Bugfix for Windows in cert path handling
2012-06-04 21:29:15 +00:00
Paul Bakker
67820bd38e
- Only include padlock header when POLARSSL_PADLOCK_C is defined
2012-06-04 12:47:23 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
e6ee41f932
- Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
...
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
50546921ac
- Moved to prevent uninitialized exit var
2012-05-19 08:40:49 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
2a5c7a87af
- Add Windows required library
2012-05-10 21:54:28 +00:00
Paul Bakker
62f88dc473
Makefile more compatible with WINDOWS environment
2012-05-10 21:26:28 +00:00
Paul Bakker
cd5b529d6d
- Added automatic WINDOWS define in Makefile
2012-05-10 20:49:10 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
7e2c728178
- Updated to support NetBSD
2012-05-08 13:23:16 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
3aac1daf1d
- Added exception error parsing when FATAL ssl message is received
2012-05-08 13:12:27 +00:00
Paul Bakker
6b906e5095
- Const correctness mpi_get_bit()
...
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
430ffbe564
- Fixed potential heap corruption in x509_name allocation
2012-05-01 08:14:20 +00:00
Paul Bakker
aec37cb653
- Added extra sanity check to DHM values
2012-04-26 18:59:59 +00:00
Paul Bakker
279432a7c0
- Fixed size of clean
2012-04-26 10:09:35 +00:00
Paul Bakker
901c65620e
- Fill full buffer (Wrong parameter usage)
2012-04-20 13:25:38 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
d8ef167833
- Updated for latest GCM error
2012-04-18 14:17:32 +00:00
Paul Bakker
fc5183cf5d
- Added input checking and more efficient buffer overlap use
2012-04-18 14:17:01 +00:00
Paul Bakker
369e14bbf1
- Small code rewrite
2012-04-18 14:16:09 +00:00
Paul Bakker
030277ab1e
- Updated error.c to include GCM errors
2012-04-17 12:24:26 +00:00
Paul Bakker
13ed9ab921
- Removed unused variable
2012-04-16 09:43:49 +00:00
Paul Bakker
0a9251870a
- Report unexpected_message if unknown record type is received
2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
bf63b36127
- Updated comments
2012-04-12 20:44:34 +00:00
Paul Bakker
c3f177a77b
- Added client side support for signature_algorithm extension and affiliated handling
2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534
- Fixed too restrictive test
2012-04-10 07:48:40 +00:00
Paul Bakker
96d42da8fe
- Removed debug value
2012-04-05 13:22:07 +00:00
Paul Bakker
c7ffd36a97
- Added automatic debug flags to CFLAGS if DEBUG is set in shell
2012-04-05 12:08:29 +00:00
Paul Bakker
452d532955
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
2012-04-05 12:07:34 +00:00
Paul Bakker
6126481796
- Added compat for sun in net.c
2012-04-03 07:54:30 +00:00
Paul Bakker
56a7684023
- Added alternative for SHA1 signature structure to check for (without NULL)
2012-03-22 15:31:27 +00:00
Paul Bakker
0c8f73ba8b
- Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong
2012-03-22 14:08:57 +00:00
Paul Bakker
f9169629c9
- Removed unused variables
2012-03-20 15:05:51 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
b6ad62dd21
- Added missing x509write.c
2012-03-20 13:41:33 +00:00
Paul Bakker
02f61692ef
- Removed trailing char
2012-03-15 10:54:25 +00:00
Paul Bakker
f654371b2b
- Only include dependencies when required
2012-03-05 14:01:29 +00:00
Paul Bakker
ad8d354a1a
- Updated RFC ref
2012-02-16 15:28:14 +00:00
Paul Bakker
3cac5e012b
- x509_write_cert_req() now supports all available hash functions
2012-02-16 14:08:06 +00:00
Paul Bakker
058881547f
- Certificate Requests written now have the Email address written in IA5String
2012-02-16 10:26:57 +00:00
Paul Bakker
bdb912db69
- Added preliminary ASN.1 buffer writing support
...
- Added preliminary X509 Certificate Request writing support
- Added key_app_writer example application
- Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
048d04ef4b
- AES code only check for Padlock once
2012-02-12 17:31:04 +00:00
Paul Bakker
39dfdaca8f
- Fixed mpi_fill_random() to fill and create right size MPI
2012-02-12 17:17:27 +00:00
Paul Bakker
8afa70dcd5
- Clean Subject Alternative Name data
2012-02-11 18:42:45 +00:00
Paul Bakker
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
Paul Bakker
1504af585c
- Removed redundant POLARSSL_DEBUG_MSG define
2012-02-11 16:17:43 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3
- Made changes for 1.1.1 release
2012-01-23 09:44:43 +00:00
Paul Bakker
17caec12af
- Changed back statement
2012-01-22 20:37:32 +00:00
Paul Bakker
e88186d2ff
- Fixed selftest for CTR_DRBG
2012-01-22 20:29:47 +00:00
Paul Bakker
cf0360a14e
- Fixed compiler error on 64-bit systems not using GCC
...
- t_udbl optimization now also works on platforms that did not define POLARSSL_HAVE_LONGLONG
2012-01-20 10:08:14 +00:00
Paul Bakker
ec1b9842c4
- Fixed type of length in get_pkcs_padding()
2012-01-14 18:24:43 +00:00
Paul Bakker
87e5cdad5b
- Fixed warning for t if no debugging defined
2012-01-14 18:14:15 +00:00
Paul Bakker
ed375caa3b
- Fixed signed status of ret
2012-01-14 18:10:38 +00:00
Paul Bakker
8913f82c26
- Fixed compiler warning for unreferenced ret in md_file() when POLARSSL_FS_IO not declared
2012-01-14 18:07:41 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
394c56f854
- Support for FreeBSD _SOCKLEN_T_DECLARED
2011-12-20 12:19:03 +00:00
Paul Bakker
43655f46b0
- Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
2011-12-15 20:11:16 +00:00
Paul Bakker
28c7e7f6fa
- Added HAVEGE as a default entropy source
2011-12-15 19:49:30 +00:00
Paul Bakker
b1dee1cfd2
- Changed commands to lowercase where it was not the case
2011-12-11 11:29:51 +00:00
Paul Bakker
55d3fd9aff
- Enlarged maximum size of DHM a client accepts to 512 bytes
2011-12-11 11:13:05 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0
- Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work
2011-12-10 21:42:49 +00:00
Paul Bakker
bd4a9d0cda
- Changed entropy accumulator to have per-source thresholds
2011-12-10 17:02:19 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00