Paul Bakker
e23c31561f
- Fixed typo
2012-10-01 14:42:47 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
6adff7497a
- Fixed typo
2012-10-01 11:03:14 +00:00
Paul Bakker
23f3680898
- Added proper support for TLS 1.2 signature_algorithm extension on server
...
side
- Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Paul Bakker
da7e3f225a
- Added RFC 3526 2048-bit and 3072-bit MODP groups
2012-09-28 07:18:17 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
f918310193
- Autosize POLARSSL_MPI_RW_BUFFER_SIZE at compile time
2012-09-27 20:42:35 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
5531c6d92c
- Change buffer size on mpi_write_file() to cover larger size MPIs
2012-09-26 19:20:46 +00:00
Paul Bakker
a864f2ee51
- Removed trailing semicolon
2012-09-26 08:29:20 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
894dece46c
- Cleaner return value (for C++)
2012-08-23 08:34:32 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
5552c8c0b3
- Updated documentation
2012-07-05 13:31:54 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
4f9a7bb7fd
- Added Thumb assembly optimizations
2012-07-02 08:36:36 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
6b906e5095
- Const correctness mpi_get_bit()
...
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
c9b3e1e783
- Fixed typo
2012-04-26 18:59:23 +00:00
Paul Bakker
84bef1db2c
- Fixed DHM length to correct one
2012-04-20 13:42:02 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
d8ef167833
- Updated for latest GCM error
2012-04-18 14:17:32 +00:00
Paul Bakker
0a9251870a
- Report unexpected_message if unknown record type is received
2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
c3f177a77b
- Added client side support for signature_algorithm extension and affiliated handling
2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Paul Bakker
e93dfa72a5
- Added hex documentation for alerts
2012-04-10 08:03:03 +00:00
Paul Bakker
56a7684023
- Added alternative for SHA1 signature structure to check for (without NULL)
2012-03-22 15:31:27 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
3cac5e012b
- x509_write_cert_req() now supports all available hash functions
2012-02-16 14:08:06 +00:00
Paul Bakker
058881547f
- Certificate Requests written now have the Email address written in IA5String
2012-02-16 10:26:57 +00:00
Paul Bakker
bdb912db69
- Added preliminary ASN.1 buffer writing support
...
- Added preliminary X509 Certificate Request writing support
- Added key_app_writer example application
- Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
1504af585c
- Removed redundant POLARSSL_DEBUG_MSG define
2012-02-11 16:17:43 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
e708e5c901
- Always return 0 fixed in doc for havege_random()
2012-02-03 08:13:57 +00:00
Paul Bakker
3c18a830b3
- Made changes for 1.1.1 release
2012-01-23 09:44:43 +00:00
Paul Bakker
6621987e1c
- Made better fix to issue of defined long long type for bignum code
2012-01-22 20:38:13 +00:00
Paul Bakker
cf0360a14e
- Fixed compiler error on 64-bit systems not using GCC
...
- t_udbl optimization now also works on platforms that did not define POLARSSL_HAVE_LONGLONG
2012-01-20 10:08:14 +00:00
Paul Bakker
8913f82c26
- Fixed compiler warning for unreferenced ret in md_file() when POLARSSL_FS_IO not declared
2012-01-14 18:07:41 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
8b21f7a55d
- Fixed variable doc for 'tag'
2012-01-13 13:29:05 +00:00
Paul Bakker
43655f46b0
- Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
2011-12-15 20:11:16 +00:00
Paul Bakker
ccdb028629
- Fixed include with relative directory
2011-12-15 19:49:51 +00:00
Paul Bakker
28c7e7f6fa
- Added HAVEGE as a default entropy source
2011-12-15 19:49:30 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
bd4a9d0cda
- Changed entropy accumulator to have per-source thresholds
2011-12-10 17:02:19 +00:00
Paul Bakker
5cb9db4c5b
- Seed-size now matches required entropy for key + IV
2011-12-10 17:01:41 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
fc754a9178
- Addedd writing and updating of seedfiles as functions to CTR_DRBG
2011-12-05 13:23:51 +00:00
Paul Bakker
4f5ae803fa
- Fixed MS Visual C++ name clash with int64 in sha4.h
2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d
- Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources
2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a
- Fixed const correctness
...
- Added ctr_drbg_update for non-fixed data lengths
- Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
2bc7cf16fe
- Cleaned up and further documented CTR_DRBG code
2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3
- Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
2011-11-27 14:46:59 +00:00
Paul Bakker
4463740fe4
- Improved build support for s390x and sparc64 in bignum.h
2011-11-26 09:23:07 +00:00
Paul Bakker
fe3256e54b
- Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44 )
2011-11-25 12:11:43 +00:00
Paul Bakker
b6d5f08051
- Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off
2011-11-25 11:52:11 +00:00
Paul Bakker
cce9d77745
- Lots of minimal changes to better support WINCE as a build target
2011-11-18 14:26:47 +00:00
Paul Bakker
a2713a327c
- Made switch for ARM thumb assembly. Still has to be added!
2011-11-18 12:47:23 +00:00
Paul Bakker
5e18aed436
- Changed the defined key-length of DES ciphers in cipher.h to include the parity bits, to prevent mistakes in copying data. (Closes ticket #33 )
2011-11-15 15:38:45 +00:00
Paul Bakker
f7e5bb5904
- Added cipher_get_cipher_mode() and cipher_get_cipher_operation() introspection functions (Closes ticket #40 )
2011-11-11 10:53:37 +00:00
Paul Bakker
2028156556
- Fixed typos in copied text (Fixed ticket #39 )
2011-11-11 10:34:04 +00:00
Paul Bakker
efc302964c
- Extracted ASN.1 parsing code from the X.509 parsing code. Added new module.
2011-11-10 14:43:23 +00:00
Paul Bakker
fa1c592860
- Fixed faulty HMAC-MD2 implementation (Fixes ticket #37 )
2011-10-06 14:18:49 +00:00
Paul Bakker
ca6f3e24a4
- Clarified use of AES and Camellia in CFB and CTR modes
2011-10-06 13:11:08 +00:00
Paul Bakker
490ecc8c3e
- Added ssl_set_max_version() to set the client's maximum sent version number
2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Paul Bakker
4793cc4620
- Fixed typo in doxygen info
2011-08-17 09:40:55 +00:00
Paul Bakker
314052fbfc
- Removed extraneous "polarssl/" in front on include directives in header files
2011-08-15 09:07:52 +00:00
Paul Bakker
4d8ca70833
- Fixed order of comments to match function rsa_pkcs1_decrypt
2011-08-09 10:31:05 +00:00
Paul Bakker
968bc9831b
- Preparations for v1.0.0 release of PolarSSL
2011-07-27 17:03:00 +00:00
Paul Bakker
5c721f98fd
- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
...
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
09b1ec68c8
- Adapted define for inline to be more solid
2011-07-27 16:28:54 +00:00
Paul Bakker
ed56b224de
- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )
2011-07-13 11:26:43 +00:00
Paul Bakker
73206954d4
- Made des_key_check_weak() conform to other functions in return values.
...
- Added documentation for des_key_check_weak() and des_key_check_key_parity()
2011-07-06 14:37:33 +00:00
Paul Bakker
684ddce18c
- Minor fixer to remove compiler warnings for ARMCC
2011-07-01 09:25:54 +00:00
Paul Bakker
74fb74ebd9
- Updated ARMCC_VERSION to __ARMCC_VERSION
2011-06-21 13:36:18 +00:00
Paul Bakker
569df2c135
- Fixed inline definition for ARM systems
2011-06-21 07:48:07 +00:00
Paul Bakker
1aa3d76309
- Fixed a missing t_udbl conversion
2011-06-21 07:37:28 +00:00
Paul Bakker
39bb418d93
- Made second argument of f_send() prototype and of net_send() const
2011-06-21 07:36:43 +00:00
Paul Bakker
9c021adeff
- Added regular error codes for generic message digest layer
2011-06-09 15:55:11 +00:00
Paul Bakker
ff61a78a27
- Added and updated cipher error codes and documentation
2011-06-09 15:42:02 +00:00
Paul Bakker
343a870daa
- Expanded generic cipher layer with support for CTR and CFB128 modes of operation.
2011-06-09 14:27:58 +00:00
Paul Bakker
1ef71dffc7
- Updated unsignedness in some missed cases
2011-06-09 14:14:58 +00:00
Paul Bakker
828acb2234
- Updated for release 0.99-pre5
2011-05-27 09:25:42 +00:00
Paul Bakker
5690efccc4
- Fixed a whole bunch of dependencies on defines between files, examples and tests
2011-05-26 13:16:06 +00:00
Paul Bakker
70338f50fa
- Fixed position of padlock error definition
2011-05-23 10:19:31 +00:00
Paul Bakker
192381aa89
- Made listen backlog number a define
2011-05-20 12:31:31 +00:00
Paul Bakker
bcd5db493f
- Added C++ wrapper code
2011-05-20 12:30:59 +00:00
Paul Bakker
2f5947e1f6
- Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter functions.
2011-05-18 15:47:11 +00:00
Paul Bakker
831a755d9e
- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
...
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
e29ab06701
- Fixed minor typo
2011-05-18 13:26:54 +00:00
Paul Bakker
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
6c591fab72
- mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases.
2011-05-05 11:49:20 +00:00
Paul Bakker
f968857a82
- Removed conversions to int when not needed to prevent signed / unsigned situations
...
- Maximized mpi limb size
2011-05-05 10:00:45 +00:00
Paul Bakker
335db3f121
- Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO
2011-04-25 15:28:35 +00:00
Paul Bakker
15566e4396
- Reordered options alphabetically
2011-04-24 21:19:15 +00:00
Paul Bakker
2eee902be3
- Better timer for Windows platforms
...
- Made alarmed volatile for better Windows compatibility
2011-04-24 15:28:55 +00:00
Paul Bakker
a755ca1bbe
- Renamed t_s_int, t_int and t_dbl to respectively t_sint, t_uint and t_udbl for clarity
2011-04-24 09:11:17 +00:00
Paul Bakker
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
Paul Bakker
b6ecaf5276
- Added additional (configurable) cipher block modes. AES-CTR, Camellia-CTR, XTEA-CBC
2011-04-19 14:29:23 +00:00
Paul Bakker
af5c85fc10
- Improved portability with Microsoft Visual C
2011-04-18 03:47:52 +00:00
Paul Bakker
3efa575ff2
- Ready for release 0.99-pre4
2011-04-01 12:23:26 +00:00
Paul Bakker
0216cc1bee
- Added flag to disable Chinese Remainder Theorem when using RSA private operation (POLARSSL_RSA_NO_CRT)
2011-03-26 13:40:23 +00:00
Paul Bakker
287781a965
- Added mpi_fill_random() for centralized filling of big numbers with random data (Fixed ticket #10 )
2011-03-26 13:18:49 +00:00
Paul Bakker
917e754e9b
- Added declaration of x509parse_public_key() and x509parse_public_keyfile() to
...
the x509 header file
2011-03-25 14:23:36 +00:00
Paul Bakker
fbc4a45f15
- Fixed typo in define
2011-03-25 09:07:46 +00:00
Paul Bakker
9dcc32236b
- Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21)
2011-03-08 14:16:06 +00:00
Paul Bakker
345a6fee91
- Replaced function that fixes man-in-the-middle attack
...
- Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
- Released version 0.99-pre3
2011-02-28 21:20:02 +00:00
Paul Bakker
1946e42dd4
- Made ready for 0.99-pre2 release
2011-02-25 09:39:39 +00:00
Paul Bakker
400ff6f0fd
- Corrected parsing of UTCTime dates before 1990 and after 1950
...
- Support more exotic OID's when parsing certificates
- Support more exotic name representations when parsing certificates
- Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5
- Parsing of PEM files moved to separate module (Fixes ticket #13 ). Also possible to remove PEM support for systems only using DER encoding
...
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5 )
- Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
cdf07e9979
- Information about missing or non-verified client certificate is not provided as well.
2011-01-30 17:05:13 +00:00
Paul Bakker
9fc4659b30
- Preparing for Release of 0.99 prerelease 1
2011-01-30 16:59:02 +00:00
Paul Bakker
e3166ce040
- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
...
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
f3b86c1e62
- Updated Doxygen documentation generation and documentation on small parts
2011-01-27 15:24:17 +00:00
Paul Bakker
0a62cd1a18
- Extra clarification in config header
2011-01-21 11:00:08 +00:00
Paul Bakker
562535d11b
- Split current md_starts() and md_hmac_starts() functionality into separate md_init_ctx() for allocating the context and the existing starts() functions to initialize the message digest for use.
2011-01-20 16:42:01 +00:00
Paul Bakker
1f14d08cf9
- Fixed typo
...
- Clarified necessity of different input and output buffer on cipher_update()
- Fixed value of enumeration of cipher ids
2011-01-20 16:33:24 +00:00
Paul Bakker
d61e7d98cb
- Cleaned up warning-generating code
2011-01-18 16:17:47 +00:00
Paul Bakker
f917e42c9b
- Disables PKCS#11 support by default
2011-01-18 16:15:25 +00:00
Paul Bakker
43b7e35b25
- Support for PKCS#11 through the use of the pkcs11-helper library
2011-01-18 15:27:19 +00:00
Paul Bakker
0f5f72e949
- Fixed doxygen syntax to standard '\' instead of '@'
2011-01-18 14:58:55 +00:00
Paul Bakker
dd47699ba5
- Moved storing of a printable serial into a separate function
2011-01-16 21:34:59 +00:00
Paul Bakker
72f6266f02
- Improved information provided about current Hashing, Cipher and Suite capabilities
2011-01-16 21:27:44 +00:00
Paul Bakker
43ca69c38a
- Added function for stringified SSL/TLS version
2011-01-15 17:35:19 +00:00
Paul Bakker
1f87fb6896
- Support for DES weak keys and parity bits added
2011-01-15 17:32:24 +00:00
Paul Bakker
74111d30b7
- Improved X509 certificate parsing to include extended certificate fields, such as Key Usage
2011-01-15 16:57:55 +00:00
Paul Bakker
b63b0afc05
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Paul Bakker
8123e9d8f1
- Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 15:37:30 +00:00
Paul Bakker
1737385e04
- Added generic message digest wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 14:20:01 +00:00
Paul Bakker
37ca75d6f2
- Added Doxygen source code documentation parts (donated by Fox-IT)
2011-01-06 12:28:03 +00:00