Commit Graph

312 Commits

Author SHA1 Message Date
Paul Bakker
279432a7c0 - Fixed size of clean 2012-04-26 10:09:35 +00:00
Paul Bakker
901c65620e - Fill full buffer (Wrong parameter usage) 2012-04-20 13:25:38 +00:00
Paul Bakker
380da53c48 - Abstracted checksum updating during handshake 2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker
d8ef167833 - Updated for latest GCM error 2012-04-18 14:17:32 +00:00
Paul Bakker
fc5183cf5d - Added input checking and more efficient buffer overlap use 2012-04-18 14:17:01 +00:00
Paul Bakker
369e14bbf1 - Small code rewrite 2012-04-18 14:16:09 +00:00
Paul Bakker
030277ab1e - Updated error.c to include GCM errors 2012-04-17 12:24:26 +00:00
Paul Bakker
13ed9ab921 - Removed unused variable 2012-04-16 09:43:49 +00:00
Paul Bakker
0a9251870a - Report unexpected_message if unknown record type is received 2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker
bf63b36127 - Updated comments 2012-04-12 20:44:34 +00:00
Paul Bakker
c3f177a77b - Added client side support for signature_algorithm extension and affiliated handling 2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd - Initial bare version of TLS 1.2 2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534 - Fixed too restrictive test 2012-04-10 07:48:40 +00:00
Paul Bakker
96d42da8fe - Removed debug value 2012-04-05 13:22:07 +00:00
Paul Bakker
c7ffd36a97 - Added automatic debug flags to CFLAGS if DEBUG is set in shell 2012-04-05 12:08:29 +00:00
Paul Bakker
452d532955 - Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST) 2012-04-05 12:07:34 +00:00
Paul Bakker
6126481796 - Added compat for sun in net.c 2012-04-03 07:54:30 +00:00
Paul Bakker
56a7684023 - Added alternative for SHA1 signature structure to check for (without NULL) 2012-03-22 15:31:27 +00:00
Paul Bakker
0c8f73ba8b - Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong 2012-03-22 14:08:57 +00:00
Paul Bakker
f9169629c9 - Removed unused variables 2012-03-20 15:05:51 +00:00
Paul Bakker
89e80c9a43 - Added base Galois/Counter mode (GCM) for AES 2012-03-20 13:50:09 +00:00
Paul Bakker
b6ad62dd21 - Added missing x509write.c 2012-03-20 13:41:33 +00:00
Paul Bakker
02f61692ef - Removed trailing char 2012-03-15 10:54:25 +00:00
Paul Bakker
f654371b2b - Only include dependencies when required 2012-03-05 14:01:29 +00:00
Paul Bakker
ad8d354a1a - Updated RFC ref 2012-02-16 15:28:14 +00:00
Paul Bakker
3cac5e012b - x509_write_cert_req() now supports all available hash functions 2012-02-16 14:08:06 +00:00
Paul Bakker
058881547f - Certificate Requests written now have the Email address written in IA5String 2012-02-16 10:26:57 +00:00
Paul Bakker
bdb912db69 - Added preliminary ASN.1 buffer writing support
- Added preliminary X509 Certificate Request writing support
 - Added key_app_writer example application
 - Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
048d04ef4b - AES code only check for Padlock once 2012-02-12 17:31:04 +00:00
Paul Bakker
39dfdaca8f - Fixed mpi_fill_random() to fill and create right size MPI 2012-02-12 17:17:27 +00:00
Paul Bakker
8afa70dcd5 - Clean Subject Alternative Name data 2012-02-11 18:42:45 +00:00
Paul Bakker
57b12982b3 - Multi-domain certificates support wildcards as well 2012-02-11 17:38:38 +00:00
Paul Bakker
1504af585c - Removed redundant POLARSSL_DEBUG_MSG define 2012-02-11 16:17:43 +00:00
Paul Bakker
a8cd239d6b - Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3 - Made changes for 1.1.1 release 2012-01-23 09:44:43 +00:00
Paul Bakker
17caec12af - Changed back statement 2012-01-22 20:37:32 +00:00
Paul Bakker
e88186d2ff - Fixed selftest for CTR_DRBG 2012-01-22 20:29:47 +00:00
Paul Bakker
cf0360a14e - Fixed compiler error on 64-bit systems not using GCC
- t_udbl optimization now also works on platforms that did not define POLARSSL_HAVE_LONGLONG
2012-01-20 10:08:14 +00:00
Paul Bakker
ec1b9842c4 - Fixed type of length in get_pkcs_padding() 2012-01-14 18:24:43 +00:00
Paul Bakker
87e5cdad5b - Fixed warning for t if no debugging defined 2012-01-14 18:14:15 +00:00
Paul Bakker
ed375caa3b - Fixed signed status of ret 2012-01-14 18:10:38 +00:00
Paul Bakker
8913f82c26 - Fixed compiler warning for unreferenced ret in md_file() when POLARSSL_FS_IO not declared 2012-01-14 18:07:41 +00:00
Paul Bakker
b15b851d6d - Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47, found by Hugo Leisink) 2012-01-13 13:44:06 +00:00
Paul Bakker
394c56f854 - Support for FreeBSD _SOCKLEN_T_DECLARED 2011-12-20 12:19:03 +00:00
Paul Bakker
43655f46b0 - Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES) 2011-12-15 20:11:16 +00:00
Paul Bakker
28c7e7f6fa - Added HAVEGE as a default entropy source 2011-12-15 19:49:30 +00:00
Paul Bakker
b1dee1cfd2 - Changed commands to lowercase where it was not the case 2011-12-11 11:29:51 +00:00
Paul Bakker
55d3fd9aff - Enlarged maximum size of DHM a client accepts to 512 bytes 2011-12-11 11:13:05 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0 - Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work 2011-12-10 21:42:49 +00:00
Paul Bakker
bd4a9d0cda - Changed entropy accumulator to have per-source thresholds 2011-12-10 17:02:19 +00:00
Paul Bakker
c50132d4fa - Updated version of PolarSSL to 1.1.0 2011-12-05 14:38:36 +00:00
Paul Bakker
9304880e8a - Fixed correct printing of serial number '00' 2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706 - Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs 2011-12-05 14:22:49 +00:00
Paul Bakker
6bcfc67cd2 - Prevented warning from unused parameter data 2011-12-05 13:54:00 +00:00
Paul Bakker
fc754a9178 - Addedd writing and updating of seedfiles as functions to CTR_DRBG 2011-12-05 13:23:51 +00:00
Paul Bakker
1c70d409ad - Added better handling of missing session struct 2011-12-04 22:30:17 +00:00
Paul Bakker
4f229e5d83 - Fixed define for Windows time functions 2011-12-04 22:11:35 +00:00
Paul Bakker
4f5ae803fa - Fixed MS Visual C++ name clash with int64 in sha4.h 2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d - Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources 2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a - Fixed const correctness
- Added ctr_drbg_update for non-fixed data lengths
 - Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912 - Better buffer handling in mpi_read_file() 2011-11-30 16:00:20 +00:00
Paul Bakker
23fd5ea667 - Fixed a potential loop bug 2011-11-29 15:56:12 +00:00
Paul Bakker
2bc7cf16fe - Cleaned up and further documented CTR_DRBG code 2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker
880ac7eb95 - Added handling for CTR_DRBG module 2011-11-27 14:50:49 +00:00
Paul Bakker
0e04d0e9a3 - Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator 2011-11-27 14:46:59 +00:00
Paul Bakker
03c7c25243 - * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets 2011-11-25 12:37:37 +00:00
Paul Bakker
fe3256e54b - Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44) 2011-11-25 12:11:43 +00:00
Paul Bakker
b6d5f08051 - Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off 2011-11-25 11:52:11 +00:00
Paul Bakker
cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker
33008eef64 - Cleaned up define 2011-11-18 12:58:25 +00:00
Paul Bakker
dceecd80f7 - Adapted error generation to include ASN.1 changes and have Windows snprintf macro 2011-11-15 16:38:34 +00:00
Paul Bakker
1fe7d9baf9 - Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41) 2011-11-15 15:26:03 +00:00
Paul Bakker
cebdf17159 - Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) 2011-11-11 15:01:31 +00:00
Paul Bakker
2028156556 - Fixed typos in copied text (Fixed ticket #39) 2011-11-11 10:34:04 +00:00
Paul Bakker
efc302964c - Extracted ASN.1 parsing code from the X.509 parsing code. Added new module. 2011-11-10 14:43:23 +00:00
Paul Bakker
b125ed8fc6 - Fixed typo in doxygen tag 2011-11-10 13:33:51 +00:00
Paul Bakker
ca41010b68 - Expanded clobber list on i386 RDTSC call 2011-10-19 14:27:36 +00:00
Paul Bakker
2a1c5f5382 - Minor code cleanup 2011-10-19 14:15:17 +00:00
Paul Bakker
fae618fa8b - Updated tests to reflect recent changes 2011-10-12 11:53:52 +00:00
Paul Bakker
b5a11ab80b - Added a separate CRL entry extension parsing function 2011-10-12 09:58:41 +00:00
Paul Bakker
fbc09f3cb6 - Added an EXPLICIT tag number parameter to x509_get_ext() 2011-10-12 09:56:41 +00:00
Paul Bakker
3329d1f805 - Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers 2011-10-12 09:55:01 +00:00
Paul Bakker
c4909d95f1 - Inceased maximum size of ASN1 length reads to 32-bits 2011-10-12 09:52:22 +00:00
Paul Bakker
fa1c592860 - Fixed faulty HMAC-MD2 implementation (Fixes ticket #37) 2011-10-06 14:18:49 +00:00
Paul Bakker
490ecc8c3e - Added ssl_set_max_version() to set the client's maximum sent version number 2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face - Added ssl_session_reset() to allow re-use of already set non-connection specific context information 2011-10-06 12:37:39 +00:00
Paul Bakker
adb7ce16c0 - Fixed unconverted t_dbl into t_udbl 2011-08-23 14:55:55 +00:00
Paul Bakker
33aac37d53 - Added correct SONAME to Makefile builds as well 2011-08-13 11:47:41 +00:00
Paul Bakker
8934a98f82 - Fixed memcpy() that had possible overlapping areas to memmove() 2011-08-05 11:11:53 +00:00
Paul Bakker
968bc9831b - Preparations for v1.0.0 release of PolarSSL 2011-07-27 17:03:00 +00:00
Paul Bakker
5c721f98fd - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
9db7742adb - Fixed error file after changed codes 2011-07-13 11:47:32 +00:00
Paul Bakker
ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker
3783d6d812 - Do not build shared version by default 2011-07-13 11:25:36 +00:00