Paul Bakker
|
331f5630e9
|
- Do not use sprintf(), use snprintf() instead.
|
2012-10-24 10:16:39 +00:00 |
|
Paul Bakker
|
ba26e9ebfd
|
- Cache now only allows a maximum of entries in cache for preventing memory overrun
|
2012-10-23 22:18:28 +00:00 |
|
Paul Bakker
|
f1ab0ec1ff
|
- Changed default compiler flags to include -O2
|
2012-10-23 12:12:53 +00:00 |
|
Paul Bakker
|
67f9d534ee
|
- Removed code breaking strict-aliasing
|
2012-10-23 11:49:05 +00:00 |
|
Paul Bakker
|
81420abcb6
|
- properly print minimum version
|
2012-10-23 10:31:15 +00:00 |
|
Paul Bakker
|
c110d025c2
|
- Added extra check to prevent crash on failed memory allocation
|
2012-10-19 12:15:08 +00:00 |
|
Paul Bakker
|
0be82f20a9
|
- Updated rsa_pkcs1_verify() and rsa_pkcs1_sign() to use appropriate buffer size for max MPIs
|
2012-10-03 20:36:33 +00:00 |
|
Paul Bakker
|
36fec23dc2
|
- Updated to 1.2.0
|
2012-10-02 15:40:44 +00:00 |
|
Paul Bakker
|
62261d6bd6
|
- Rewrote bignum type definition #ifdef tree to work better on all
systems
|
2012-10-02 12:19:31 +00:00 |
|
Paul Bakker
|
3338b792da
|
- Fixed WIN32 version of x509parse_crtpath()
|
2012-10-01 21:13:10 +00:00 |
|
Paul Bakker
|
d6f17b492f
|
- Moved definition to top to prevent MS VC compiler warning
|
2012-10-01 20:58:19 +00:00 |
|
Paul Bakker
|
5c2364c2ba
|
- Moved from unsigned long to uint32_t throughout code
|
2012-10-01 14:41:15 +00:00 |
|
Paul Bakker
|
0e19e9ff1c
|
- Minor define change to prevent warning
|
2012-10-01 11:02:48 +00:00 |
|
Paul Bakker
|
993d11dd05
|
- Send ClientHello with 'minimal version'
|
2012-09-28 15:00:12 +00:00 |
|
Paul Bakker
|
23f3680898
|
- Added proper support for TLS 1.2 signature_algorithm extension on server
side
- Minor const changes to other extension parsing functions
|
2012-09-28 14:15:14 +00:00 |
|
Paul Bakker
|
1d29fb5e33
|
- Added option to add minimum accepted SSL/TLS protocol version
|
2012-09-28 13:28:45 +00:00 |
|
Paul Bakker
|
62f2deef8b
|
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
|
2012-09-28 07:31:51 +00:00 |
|
Paul Bakker
|
915275ba78
|
- Revamped x509_verify() and the SSL f_vrfy callback implementations
|
2012-09-28 07:10:55 +00:00 |
|
Paul Bakker
|
5701cdcd02
|
- Added ServerName extension parsing (SNI) at server side
|
2012-09-27 21:49:42 +00:00 |
|
Paul Bakker
|
eb2c658163
|
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
|
2012-09-27 19:15:01 +00:00 |
|
Paul Bakker
|
321df6fb80
|
- Expanded rsa_check_privkey() to check DP, DQ and QP as well
|
2012-09-27 13:21:34 +00:00 |
|
Paul Bakker
|
5531c6d92c
|
- Change buffer size on mpi_write_file() to cover larger size MPIs
|
2012-09-26 19:20:46 +00:00 |
|
Paul Bakker
|
49d75678a5
|
- Support INTEGRITY OS
|
2012-09-26 15:22:07 +00:00 |
|
Paul Bakker
|
d14277d7de
|
- Added PBKDF2 error code
|
2012-09-26 15:19:05 +00:00 |
|
Paul Bakker
|
0a59707523
|
- Added simple SSL session cache implementation
- Revamped session resumption handling
|
2012-09-25 21:55:46 +00:00 |
|
Paul Bakker
|
b00ca42f2a
|
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
|
2012-09-25 12:10:00 +00:00 |
|
Paul Bakker
|
29b64761fd
|
- Added predefined DHM groups from RFC 5114
|
2012-09-25 09:36:44 +00:00 |
|
Paul Bakker
|
d0f6fa7bdc
|
- Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
|
2012-09-17 09:18:12 +00:00 |
|
Paul Bakker
|
2d319fdfcb
|
- Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover.
|
2012-09-16 21:34:26 +00:00 |
|
Paul Bakker
|
48916f9b67
|
- Added Secure Renegotiation (RFC 5746)
|
2012-09-16 19:57:18 +00:00 |
|
Paul Bakker
|
b5b20f19e7
|
- Extra sanity check for input added
|
2012-09-16 15:07:49 +00:00 |
|
Paul Bakker
|
5f70b25c9b
|
- Correctly handle SHA256 ciphersuites in SSLv3
- Moved ssl3_prf to separate function (no exceptions)
|
2012-09-13 14:23:06 +00:00 |
|
Paul Bakker
|
ec636f3bdd
|
- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
|
2012-09-09 19:17:02 +00:00 |
|
Paul Bakker
|
94a6796179
|
- Correctly handle MS certificate's key usage bits
|
2012-08-23 13:03:52 +00:00 |
|
Paul Bakker
|
f518b16f97
|
- Added PKCS#5 PBKDF2 key derivation function
|
2012-08-23 13:03:18 +00:00 |
|
Paul Bakker
|
535e97dbab
|
- Better checking for reading over buffer boundaries
- Zeroize altSubjectName chain memory before use
|
2012-08-23 10:49:55 +00:00 |
|
Paul Bakker
|
b68cad6cc7
|
- Made cipersuites in ssl context const (no intention to modify)
- Adjusted ssl_set_ciphersuites() to match
|
2012-08-23 08:34:18 +00:00 |
|
Paul Bakker
|
bb51f0cb3d
|
- Only include md.h if needed by POLARSSL_PKCS1_V21
|
2012-08-23 07:46:58 +00:00 |
|
Paul Bakker
|
6a2f857b08
|
- Added DragonflyBSD support
|
2012-08-23 07:45:37 +00:00 |
|
Paul Bakker
|
3c16db9a10
|
- Fixed potential memory zeroization on miscrafted RSA key
|
2012-07-05 13:58:08 +00:00 |
|
Paul Bakker
|
6132d0aa93
|
- Added Blowfish to generic cipher layer
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
|
2012-07-04 17:10:40 +00:00 |
|
Paul Bakker
|
83f00bba9c
|
- Updated strerror codes for SSL Compression and Blowfish
|
2012-07-04 11:08:50 +00:00 |
|
Paul Bakker
|
a9379c0ed1
|
- Added base blowfish algorithm
|
2012-07-04 11:02:11 +00:00 |
|
Paul Bakker
|
2770fbd651
|
- Added DEFLATE compression support as per RFC3749 (requires zlib)
|
2012-07-03 13:30:23 +00:00 |
|
Paul Bakker
|
cefb396a77
|
- Handle empty certificate subject names
|
2012-06-27 11:51:09 +00:00 |
|
Paul Bakker
|
e4791f3936
|
- Bugfix for Windows in cert path handling
|
2012-06-04 21:29:15 +00:00 |
|
Paul Bakker
|
67820bd38e
|
- Only include padlock header when POLARSSL_PADLOCK_C is defined
|
2012-06-04 12:47:23 +00:00 |
|
Paul Bakker
|
8d914583f3
|
- Added X509 CA Path support
|
2012-06-04 12:46:42 +00:00 |
|
Paul Bakker
|
e6ee41f932
|
- Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
- Handle encryption with private key and decryption with public key as per RFC 2313
|
2012-05-19 08:43:48 +00:00 |
|
Paul Bakker
|
50546921ac
|
- Moved to prevent uninitialized exit var
|
2012-05-19 08:40:49 +00:00 |
|
Paul Bakker
|
f6198c1513
|
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52)
|
2012-05-16 08:02:29 +00:00 |
|
Paul Bakker
|
2a5c7a87af
|
- Add Windows required library
|
2012-05-10 21:54:28 +00:00 |
|
Paul Bakker
|
62f88dc473
|
Makefile more compatible with WINDOWS environment
|
2012-05-10 21:26:28 +00:00 |
|
Paul Bakker
|
cd5b529d6d
|
- Added automatic WINDOWS define in Makefile
|
2012-05-10 20:49:10 +00:00 |
|
Paul Bakker
|
4d2c1243b1
|
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
|
2012-05-10 14:12:46 +00:00 |
|
Paul Bakker
|
7e2c728178
|
- Updated to support NetBSD
|
2012-05-08 13:23:16 +00:00 |
|
Paul Bakker
|
186751d9dd
|
- Moved out_msg to out_hdr + 32 to support hardware acceleration
|
2012-05-08 13:16:14 +00:00 |
|
Paul Bakker
|
3aac1daf1d
|
- Added exception error parsing when FATAL ssl message is received
|
2012-05-08 13:12:27 +00:00 |
|
Paul Bakker
|
6b906e5095
|
- Const correctness mpi_get_bit()
- Documentation mpi_lsb(), mpi_msb()
|
2012-05-08 12:01:43 +00:00 |
|
Paul Bakker
|
05ef835b6a
|
- Added support for Hardware Acceleration hooking in SSL/TLS
|
2012-05-08 09:17:57 +00:00 |
|
Paul Bakker
|
430ffbe564
|
- Fixed potential heap corruption in x509_name allocation
|
2012-05-01 08:14:20 +00:00 |
|
Paul Bakker
|
aec37cb653
|
- Added extra sanity check to DHM values
|
2012-04-26 18:59:59 +00:00 |
|
Paul Bakker
|
279432a7c0
|
- Fixed size of clean
|
2012-04-26 10:09:35 +00:00 |
|
Paul Bakker
|
901c65620e
|
- Fill full buffer (Wrong parameter usage)
|
2012-04-20 13:25:38 +00:00 |
|
Paul Bakker
|
380da53c48
|
- Abstracted checksum updating during handshake
|
2012-04-18 16:10:25 +00:00 |
|
Paul Bakker
|
ca4ab49158
|
- Added GCM ciphersuites to TLS implementation
|
2012-04-18 14:23:57 +00:00 |
|
Paul Bakker
|
d8ef167833
|
- Updated for latest GCM error
|
2012-04-18 14:17:32 +00:00 |
|
Paul Bakker
|
fc5183cf5d
|
- Added input checking and more efficient buffer overlap use
|
2012-04-18 14:17:01 +00:00 |
|
Paul Bakker
|
369e14bbf1
|
- Small code rewrite
|
2012-04-18 14:16:09 +00:00 |
|
Paul Bakker
|
030277ab1e
|
- Updated error.c to include GCM errors
|
2012-04-17 12:24:26 +00:00 |
|
Paul Bakker
|
13ed9ab921
|
- Removed unused variable
|
2012-04-16 09:43:49 +00:00 |
|
Paul Bakker
|
0a9251870a
|
- Report unexpected_message if unknown record type is received
|
2012-04-16 06:46:41 +00:00 |
|
Paul Bakker
|
10cd225962
|
- Added support for the SHA256 ciphersuites of AES and Camellia
|
2012-04-12 21:26:34 +00:00 |
|
Paul Bakker
|
bf63b36127
|
- Updated comments
|
2012-04-12 20:44:34 +00:00 |
|
Paul Bakker
|
c3f177a77b
|
- Added client side support for signature_algorithm extension and affiliated handling
|
2012-04-11 16:11:49 +00:00 |
|
Paul Bakker
|
1ef83d66dd
|
- Initial bare version of TLS 1.2
|
2012-04-11 12:09:53 +00:00 |
|
Paul Bakker
|
f34cf85534
|
- Fixed too restrictive test
|
2012-04-10 07:48:40 +00:00 |
|
Paul Bakker
|
96d42da8fe
|
- Removed debug value
|
2012-04-05 13:22:07 +00:00 |
|
Paul Bakker
|
c7ffd36a97
|
- Added automatic debug flags to CFLAGS if DEBUG is set in shell
|
2012-04-05 12:08:29 +00:00 |
|
Paul Bakker
|
452d532955
|
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
|
2012-04-05 12:07:34 +00:00 |
|
Paul Bakker
|
6126481796
|
- Added compat for sun in net.c
|
2012-04-03 07:54:30 +00:00 |
|
Paul Bakker
|
56a7684023
|
- Added alternative for SHA1 signature structure to check for (without NULL)
|
2012-03-22 15:31:27 +00:00 |
|
Paul Bakker
|
0c8f73ba8b
|
- Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong
|
2012-03-22 14:08:57 +00:00 |
|
Paul Bakker
|
f9169629c9
|
- Removed unused variables
|
2012-03-20 15:05:51 +00:00 |
|
Paul Bakker
|
89e80c9a43
|
- Added base Galois/Counter mode (GCM) for AES
|
2012-03-20 13:50:09 +00:00 |
|
Paul Bakker
|
b6ad62dd21
|
- Added missing x509write.c
|
2012-03-20 13:41:33 +00:00 |
|
Paul Bakker
|
02f61692ef
|
- Removed trailing char
|
2012-03-15 10:54:25 +00:00 |
|
Paul Bakker
|
f654371b2b
|
- Only include dependencies when required
|
2012-03-05 14:01:29 +00:00 |
|
Paul Bakker
|
ad8d354a1a
|
- Updated RFC ref
|
2012-02-16 15:28:14 +00:00 |
|
Paul Bakker
|
3cac5e012b
|
- x509_write_cert_req() now supports all available hash functions
|
2012-02-16 14:08:06 +00:00 |
|
Paul Bakker
|
058881547f
|
- Certificate Requests written now have the Email address written in IA5String
|
2012-02-16 10:26:57 +00:00 |
|
Paul Bakker
|
bdb912db69
|
- Added preliminary ASN.1 buffer writing support
- Added preliminary X509 Certificate Request writing support
- Added key_app_writer example application
- Added cert_req example application
|
2012-02-13 23:11:30 +00:00 |
|
Paul Bakker
|
048d04ef4b
|
- AES code only check for Padlock once
|
2012-02-12 17:31:04 +00:00 |
|
Paul Bakker
|
39dfdaca8f
|
- Fixed mpi_fill_random() to fill and create right size MPI
|
2012-02-12 17:17:27 +00:00 |
|
Paul Bakker
|
8afa70dcd5
|
- Clean Subject Alternative Name data
|
2012-02-11 18:42:45 +00:00 |
|
Paul Bakker
|
57b12982b3
|
- Multi-domain certificates support wildcards as well
|
2012-02-11 17:38:38 +00:00 |
|
Paul Bakker
|
1504af585c
|
- Removed redundant POLARSSL_DEBUG_MSG define
|
2012-02-11 16:17:43 +00:00 |
|
Paul Bakker
|
a8cd239d6b
|
- Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
|
2012-02-11 16:09:32 +00:00 |
|
Paul Bakker
|
fab5c829e7
|
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
|
2012-02-06 16:45:10 +00:00 |
|
Paul Bakker
|
3c18a830b3
|
- Made changes for 1.1.1 release
|
2012-01-23 09:44:43 +00:00 |
|