Paul Bakker
34d8dbcc6d
- Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0)
2012-11-14 12:11:38 +00:00
Paul Bakker
e0f41f3086
- Updated version to 1.2.1
2012-11-13 12:55:02 +00:00
Paul Bakker
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
Paul Bakker
96c4ed8134
- Proper building of shared lib when SHARED defined
2012-11-13 10:37:52 +00:00
Paul Bakker
644db3893a
- Added SHARED define for building with -fPIC
2012-11-13 10:35:00 +00:00
Paul Bakker
f02c5642d0
- Allow R and A to point to same mpi in mpi_div_mpi
2012-11-13 10:25:21 +00:00
Paul Bakker
36c4a678a6
- Fixed off-by-one loop
2012-11-09 15:30:07 +00:00
Paul Bakker
096348fa79
- Fixed comments / typos
2012-11-07 20:05:38 +00:00
Paul Bakker
fc975dc592
- Small Windows VC6 fixes
2012-11-02 12:51:23 +00:00
Paul Bakker
d9374b05d6
- Moved mpi_inv_mod() outside POLARSSL_GENPRIME
2012-11-02 11:02:58 +00:00
Paul Bakker
7a2538ee38
- Fixes for MSVC6
2012-11-02 10:59:36 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
bb0139c924
- Moved to more flexible define structure
...
- Added exception for OpenBSD on Sparc64 (no privilege for call)
2012-10-31 09:53:08 +00:00
Paul Bakker
35a7fe52f3
- Prevent compiler warning
2012-10-31 09:07:14 +00:00
Paul Bakker
8611e73dd3
- Fixed infinite loop
2012-10-30 07:52:29 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
d2c167e9a8
- And fixed order
2012-10-30 07:49:19 +00:00
Paul Bakker
98fe5eaf47
- Removed snprintf altogether for critical code paths
2012-10-24 11:17:48 +00:00
Paul Bakker
331f5630e9
- Do not use sprintf(), use snprintf() instead.
2012-10-24 10:16:39 +00:00
Paul Bakker
ba26e9ebfd
- Cache now only allows a maximum of entries in cache for preventing memory overrun
2012-10-23 22:18:28 +00:00
Paul Bakker
f1ab0ec1ff
- Changed default compiler flags to include -O2
2012-10-23 12:12:53 +00:00
Paul Bakker
67f9d534ee
- Removed code breaking strict-aliasing
2012-10-23 11:49:05 +00:00
Paul Bakker
81420abcb6
- properly print minimum version
2012-10-23 10:31:15 +00:00
Paul Bakker
c110d025c2
- Added extra check to prevent crash on failed memory allocation
2012-10-19 12:15:08 +00:00
Paul Bakker
0be82f20a9
- Updated rsa_pkcs1_verify() and rsa_pkcs1_sign() to use appropriate buffer size for max MPIs
2012-10-03 20:36:33 +00:00
Paul Bakker
36fec23dc2
- Updated to 1.2.0
2012-10-02 15:40:44 +00:00
Paul Bakker
62261d6bd6
- Rewrote bignum type definition #ifdef tree to work better on all
...
systems
2012-10-02 12:19:31 +00:00
Paul Bakker
3338b792da
- Fixed WIN32 version of x509parse_crtpath()
2012-10-01 21:13:10 +00:00
Paul Bakker
d6f17b492f
- Moved definition to top to prevent MS VC compiler warning
2012-10-01 20:58:19 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
0e19e9ff1c
- Minor define change to prevent warning
2012-10-01 11:02:48 +00:00
Paul Bakker
993d11dd05
- Send ClientHello with 'minimal version'
2012-09-28 15:00:12 +00:00
Paul Bakker
23f3680898
- Added proper support for TLS 1.2 signature_algorithm extension on server
...
side
- Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
321df6fb80
- Expanded rsa_check_privkey() to check DP, DQ and QP as well
2012-09-27 13:21:34 +00:00
Paul Bakker
5531c6d92c
- Change buffer size on mpi_write_file() to cover larger size MPIs
2012-09-26 19:20:46 +00:00
Paul Bakker
49d75678a5
- Support INTEGRITY OS
2012-09-26 15:22:07 +00:00
Paul Bakker
d14277d7de
- Added PBKDF2 error code
2012-09-26 15:19:05 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
2d319fdfcb
- Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover.
2012-09-16 21:34:26 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
b5b20f19e7
- Extra sanity check for input added
2012-09-16 15:07:49 +00:00
Paul Bakker
5f70b25c9b
- Correctly handle SHA256 ciphersuites in SSLv3
...
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
ec636f3bdd
- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
2012-09-09 19:17:02 +00:00
Paul Bakker
94a6796179
- Correctly handle MS certificate's key usage bits
2012-08-23 13:03:52 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
535e97dbab
- Better checking for reading over buffer boundaries
...
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
bb51f0cb3d
- Only include md.h if needed by POLARSSL_PKCS1_V21
2012-08-23 07:46:58 +00:00
Paul Bakker
6a2f857b08
- Added DragonflyBSD support
2012-08-23 07:45:37 +00:00
Paul Bakker
3c16db9a10
- Fixed potential memory zeroization on miscrafted RSA key
2012-07-05 13:58:08 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
83f00bba9c
- Updated strerror codes for SSL Compression and Blowfish
2012-07-04 11:08:50 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
cefb396a77
- Handle empty certificate subject names
2012-06-27 11:51:09 +00:00
Paul Bakker
e4791f3936
- Bugfix for Windows in cert path handling
2012-06-04 21:29:15 +00:00
Paul Bakker
67820bd38e
- Only include padlock header when POLARSSL_PADLOCK_C is defined
2012-06-04 12:47:23 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
e6ee41f932
- Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
...
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
50546921ac
- Moved to prevent uninitialized exit var
2012-05-19 08:40:49 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
2a5c7a87af
- Add Windows required library
2012-05-10 21:54:28 +00:00
Paul Bakker
62f88dc473
Makefile more compatible with WINDOWS environment
2012-05-10 21:26:28 +00:00
Paul Bakker
cd5b529d6d
- Added automatic WINDOWS define in Makefile
2012-05-10 20:49:10 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
7e2c728178
- Updated to support NetBSD
2012-05-08 13:23:16 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
3aac1daf1d
- Added exception error parsing when FATAL ssl message is received
2012-05-08 13:12:27 +00:00
Paul Bakker
6b906e5095
- Const correctness mpi_get_bit()
...
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
430ffbe564
- Fixed potential heap corruption in x509_name allocation
2012-05-01 08:14:20 +00:00
Paul Bakker
aec37cb653
- Added extra sanity check to DHM values
2012-04-26 18:59:59 +00:00
Paul Bakker
279432a7c0
- Fixed size of clean
2012-04-26 10:09:35 +00:00
Paul Bakker
901c65620e
- Fill full buffer (Wrong parameter usage)
2012-04-20 13:25:38 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
d8ef167833
- Updated for latest GCM error
2012-04-18 14:17:32 +00:00
Paul Bakker
fc5183cf5d
- Added input checking and more efficient buffer overlap use
2012-04-18 14:17:01 +00:00
Paul Bakker
369e14bbf1
- Small code rewrite
2012-04-18 14:16:09 +00:00
Paul Bakker
030277ab1e
- Updated error.c to include GCM errors
2012-04-17 12:24:26 +00:00
Paul Bakker
13ed9ab921
- Removed unused variable
2012-04-16 09:43:49 +00:00
Paul Bakker
0a9251870a
- Report unexpected_message if unknown record type is received
2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
bf63b36127
- Updated comments
2012-04-12 20:44:34 +00:00
Paul Bakker
c3f177a77b
- Added client side support for signature_algorithm extension and affiliated handling
2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534
- Fixed too restrictive test
2012-04-10 07:48:40 +00:00
Paul Bakker
96d42da8fe
- Removed debug value
2012-04-05 13:22:07 +00:00
Paul Bakker
c7ffd36a97
- Added automatic debug flags to CFLAGS if DEBUG is set in shell
2012-04-05 12:08:29 +00:00
Paul Bakker
452d532955
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
2012-04-05 12:07:34 +00:00
Paul Bakker
6126481796
- Added compat for sun in net.c
2012-04-03 07:54:30 +00:00
Paul Bakker
56a7684023
- Added alternative for SHA1 signature structure to check for (without NULL)
2012-03-22 15:31:27 +00:00
Paul Bakker
0c8f73ba8b
- Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong
2012-03-22 14:08:57 +00:00
Paul Bakker
f9169629c9
- Removed unused variables
2012-03-20 15:05:51 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
b6ad62dd21
- Added missing x509write.c
2012-03-20 13:41:33 +00:00
Paul Bakker
02f61692ef
- Removed trailing char
2012-03-15 10:54:25 +00:00
Paul Bakker
f654371b2b
- Only include dependencies when required
2012-03-05 14:01:29 +00:00
Paul Bakker
ad8d354a1a
- Updated RFC ref
2012-02-16 15:28:14 +00:00
Paul Bakker
3cac5e012b
- x509_write_cert_req() now supports all available hash functions
2012-02-16 14:08:06 +00:00
Paul Bakker
058881547f
- Certificate Requests written now have the Email address written in IA5String
2012-02-16 10:26:57 +00:00
Paul Bakker
bdb912db69
- Added preliminary ASN.1 buffer writing support
...
- Added preliminary X509 Certificate Request writing support
- Added key_app_writer example application
- Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
048d04ef4b
- AES code only check for Padlock once
2012-02-12 17:31:04 +00:00
Paul Bakker
39dfdaca8f
- Fixed mpi_fill_random() to fill and create right size MPI
2012-02-12 17:17:27 +00:00
Paul Bakker
8afa70dcd5
- Clean Subject Alternative Name data
2012-02-11 18:42:45 +00:00
Paul Bakker
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
Paul Bakker
1504af585c
- Removed redundant POLARSSL_DEBUG_MSG define
2012-02-11 16:17:43 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3
- Made changes for 1.1.1 release
2012-01-23 09:44:43 +00:00
Paul Bakker
17caec12af
- Changed back statement
2012-01-22 20:37:32 +00:00
Paul Bakker
e88186d2ff
- Fixed selftest for CTR_DRBG
2012-01-22 20:29:47 +00:00
Paul Bakker
cf0360a14e
- Fixed compiler error on 64-bit systems not using GCC
...
- t_udbl optimization now also works on platforms that did not define POLARSSL_HAVE_LONGLONG
2012-01-20 10:08:14 +00:00
Paul Bakker
ec1b9842c4
- Fixed type of length in get_pkcs_padding()
2012-01-14 18:24:43 +00:00
Paul Bakker
87e5cdad5b
- Fixed warning for t if no debugging defined
2012-01-14 18:14:15 +00:00
Paul Bakker
ed375caa3b
- Fixed signed status of ret
2012-01-14 18:10:38 +00:00
Paul Bakker
8913f82c26
- Fixed compiler warning for unreferenced ret in md_file() when POLARSSL_FS_IO not declared
2012-01-14 18:07:41 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
394c56f854
- Support for FreeBSD _SOCKLEN_T_DECLARED
2011-12-20 12:19:03 +00:00
Paul Bakker
43655f46b0
- Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
2011-12-15 20:11:16 +00:00
Paul Bakker
28c7e7f6fa
- Added HAVEGE as a default entropy source
2011-12-15 19:49:30 +00:00
Paul Bakker
b1dee1cfd2
- Changed commands to lowercase where it was not the case
2011-12-11 11:29:51 +00:00
Paul Bakker
55d3fd9aff
- Enlarged maximum size of DHM a client accepts to 512 bytes
2011-12-11 11:13:05 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0
- Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work
2011-12-10 21:42:49 +00:00
Paul Bakker
bd4a9d0cda
- Changed entropy accumulator to have per-source thresholds
2011-12-10 17:02:19 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
9304880e8a
- Fixed correct printing of serial number '00'
2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706
- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs
2011-12-05 14:22:49 +00:00
Paul Bakker
6bcfc67cd2
- Prevented warning from unused parameter data
2011-12-05 13:54:00 +00:00
Paul Bakker
fc754a9178
- Addedd writing and updating of seedfiles as functions to CTR_DRBG
2011-12-05 13:23:51 +00:00
Paul Bakker
1c70d409ad
- Added better handling of missing session struct
2011-12-04 22:30:17 +00:00
Paul Bakker
4f229e5d83
- Fixed define for Windows time functions
2011-12-04 22:11:35 +00:00
Paul Bakker
4f5ae803fa
- Fixed MS Visual C++ name clash with int64 in sha4.h
2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d
- Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources
2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a
- Fixed const correctness
...
- Added ctr_drbg_update for non-fixed data lengths
- Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
23fd5ea667
- Fixed a potential loop bug
2011-11-29 15:56:12 +00:00
Paul Bakker
2bc7cf16fe
- Cleaned up and further documented CTR_DRBG code
2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
880ac7eb95
- Added handling for CTR_DRBG module
2011-11-27 14:50:49 +00:00