Commit graph

637 commits

Author SHA1 Message Date
Paul Bakker 9dcc32236b - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21) 2011-03-08 14:16:06 +00:00
Paul Bakker 345a6fee91 - Replaced function that fixes man-in-the-middle attack
- Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
 - Released version 0.99-pre3
2011-02-28 21:20:02 +00:00
Paul Bakker 1946e42dd4 - Made ready for 0.99-pre2 release 2011-02-25 09:39:39 +00:00
Paul Bakker e2a39cc0fa - Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12) 2011-02-20 13:49:27 +00:00
Paul Bakker 400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker a9507c063b - Added crl_app program to allow easy reading and printing of X509 CRLs from file 2011-02-12 15:27:28 +00:00
Paul Bakker 96743fc5f5 - Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
 - Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker 9fc4659b30 - Preparing for Release of 0.99 prerelease 1 2011-01-30 16:59:02 +00:00
Paul Bakker e3166ce040 - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker 20a7808d13 - Addec crypt_and_hash example program of the generic hash and cipher layers 2011-01-21 09:32:12 +00:00
Paul Bakker 43b7e35b25 - Support for PKCS#11 through the use of the pkcs11-helper library 2011-01-18 15:27:19 +00:00
Paul Bakker b619499eb3 - x509parse_time_expired() checks time now in addition to the existing date check 2011-01-16 21:40:22 +00:00
Paul Bakker 72f6266f02 - Improved information provided about current Hashing, Cipher and Suite capabilities 2011-01-16 21:27:44 +00:00
Paul Bakker 76fd75a3de - Improved certificate validation and validation against the available CRLs 2011-01-16 21:12:10 +00:00
Paul Bakker 43ca69c38a - Added function for stringified SSL/TLS version 2011-01-15 17:35:19 +00:00
Paul Bakker 1f87fb6896 - Support for DES weak keys and parity bits added 2011-01-15 17:32:24 +00:00
Paul Bakker 74111d30b7 - Improved X509 certificate parsing to include extended certificate fields, such as Key Usage 2011-01-15 16:57:55 +00:00
Paul Bakker b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker 1b57b06751 - Added reading of DHM context from memory and file 2011-01-06 15:48:19 +00:00
Paul Bakker 8123e9d8f1 - Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT) 2011-01-06 15:37:30 +00:00
Paul Bakker 1737385e04 - Added generic message digest wrapper for integration with OpenVPN (donated by Fox-IT) 2011-01-06 14:20:01 +00:00
Paul Bakker 37ca75d6f2 - Added Doxygen source code documentation parts (donated by Fox-IT) 2011-01-06 12:28:03 +00:00
Paul Bakker 99ed6788b2 - Changed line endings and encodings to unix and utf-8 2011-01-05 14:48:42 +00:00
Paul Bakker 5c10b54fb2 - Added release date for 0.14.0 2010-08-16 12:01:43 +00:00
Paul Bakker 21eb2802fe - Changed origins of random function and pointer in rsa_pkcs1_encrypt, rsa_init, rsa_gen_key.
Moved to parameters of function instead of context pointers as within ssl_cli, context pointer cannot be set easily.
2010-08-16 11:10:02 +00:00
Paul Bakker 2e11f7d966 - Added support for TLS v1.1
- Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Paul Bakker a0f082c574 - Rewrite ChangeLog 2010-07-18 10:14:07 +00:00
Paul Bakker b572adf5e6 - Removed dependency on rand() in rsa_pkcs1_encrypt(). Now using random fuction provided to context
- Expanded ssl_client2 arguments for more flexibility
 - rsa_check_private() now supports PKCS1v2 keys as well
 - Fixed deadlock in rsa_pkcs1_encrypt() on failing random generator
2010-07-18 08:29:32 +00:00
Paul Bakker 4c14a258fe - Fixed out of source build for tests with CMake 2010-06-18 22:54:05 +00:00
Paul Bakker 690b93d91a - Made Makefile cleaner 2010-06-18 16:42:26 +00:00
Paul Bakker 77a43580da - Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites 2010-06-15 21:32:46 +00:00
Paul Bakker 699fbbcf29 - Added missing const fixes 2010-03-24 07:15:41 +00:00
Paul Bakker aed271ed03 - Fixed ChangeLog 2010-03-24 06:55:38 +00:00
Paul Bakker 09d87fcd99 - Added release date for 0.13.0 2010-03-21 16:23:50 +00:00
Paul Bakker 7d3b661bfe - Added reset functionality for HMAC context. Speed-up for some use-cases. 2010-03-21 16:23:13 +00:00
Paul Bakker baad6504d4 - Changed ARC4 to use seperate input/output buffer 2010-03-21 15:42:15 +00:00
Paul Bakker f3ccc68100 - Fixed cipher interface for encrypt/decrypt functions 2010-03-18 21:21:02 +00:00
Paul Bakker 4fc45522f1 - Added cert_app application 2010-03-18 20:11:58 +00:00
Paul Bakker 9f335d5bc1 - Added attribution for fix from FrankDeB 2010-03-17 18:19:37 +00:00
Paul Bakker 27d661657b - Added x509_get_sig_alg() to allow easy future X509 signature algorithm determination expansion 2010-03-17 06:56:01 +00:00
Paul Bakker 41d13f4af8 - Found algorithmic bug in mpi_is_prime() 2010-03-16 21:26:36 +00:00
Paul Bakker 4ed999c4b2 - Added fixes for compiler warnings on a Mac 2010-03-16 21:16:16 +00:00
Paul Bakker ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker 9120018f3d - Added support for GeneralizedTime in X509 certificates 2010-02-18 21:26:15 +00:00
Paul Bakker 9caf2d2d38 - Added option parsing for ssl_client2 to select host and port 2010-02-18 19:37:19 +00:00
Paul Bakker 1f76115340 - Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() 2010-02-18 18:16:31 +00:00
Paul Bakker 5d8d64e1a6 - Fixed texts 2009-10-04 15:15:34 +00:00
Paul Bakker fe1aea7877 - Fixed typo in MD4 define 2009-10-03 20:09:14 +00:00
Paul Bakker 1271d9df55 - Updated to reflect changes of 'depends_on' in testing 2009-10-03 20:05:57 +00:00
Paul Bakker 972f8e77cf - Updated ChangeLog for release 0.12.0 2009-07-28 20:27:03 +00:00
Paul Bakker 3391b12ce3 - Fixed error codes. Negative when needed (SSL error codes). Non-negative if error-codes are OR'ed to other error codes (ASN1, Base64, MPI, DHM). The rest is negative by default. 2009-07-28 20:11:54 +00:00
Paul Bakker b3bb6c0c66 - Fixed include location of endian.h and name clash on Apples (found by Martin van Hensbergen) 2009-07-27 21:09:47 +00:00
Paul Bakker 2b222c830b - Changed interface for AES and Camellia setkey functions to indicate invalid key lengths. 2009-07-27 21:03:45 +00:00
Paul Bakker 854963cee3 - Fixed include location of endian.h on FreeBSD (found by Gabriel) 2009-07-19 20:50:11 +00:00
Paul Bakker 38e2b482ff - Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. 2009-07-19 20:41:06 +00:00
Paul Bakker fc22c441bc - Renamed RSA_RAW to SIG_RSA_RAW for consistency in the code. 2009-07-19 20:36:27 +00:00
Paul Bakker f1fec19797 - Updated ChangeLog to reflect change in error codes 2009-07-19 20:29:42 +00:00
Paul Bakker 596d504da2 - Updated ChangeLog for old fix of Camellia and XTEA for 64-bit Windows systems 2009-07-11 21:06:01 +00:00
Paul Bakker 6e61ea1320 - Updated ChangeLog 2009-07-11 20:44:12 +00:00
Paul Bakker 2fd71f0757 - Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared! 2009-07-11 20:40:58 +00:00
Paul Bakker 765687985a - Fixed formatting of ChangeLog 2009-07-11 18:39:36 +00:00
Paul Bakker 1a9382ea80 - Prevented use of long long in bignum if POLARSSL_HAVE_LONGLONG not defined (found by Giles Bathgate). 2009-07-11 16:35:32 +00:00
Paul Bakker 37940d9ff6 - Added test coverage for X509parse
- Fixed segfault in rsa_check_privkey() and rsa_check_pubkey() and added test
2009-07-10 22:38:58 +00:00
Paul Bakker 367dae44b2 - Added CMake makefiles as alternative to regular Makefiles.
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and  HMAC-SHA-family.
2009-06-28 21:50:27 +00:00
Paul Bakker 48eab260e9 - Corrected is_prime() results for 0, 1 and 2 (found by code coverage tests) 2009-06-25 21:25:49 +00:00
Paul Bakker ce40a6d21d - Fixed incorrect handling of negative first input value in mpi_mod_mpi() and mpi_mod_int(). Resulting change also affects mpi_write_string() (found by code coverage tests). 2009-06-23 19:46:08 +00:00
Paul Bakker 1ef7a53fa2 - Fixed incorrect handling of negative first input value in mpi_sub_abs() (found by code coverage tests). 2009-06-20 10:50:55 +00:00
Paul Bakker f7ca7b99dd - Fixed incorrect handling of one single negative input value in mpi_add_abs() (found by code coverage tests). 2009-06-20 10:31:06 +00:00
Paul Bakker 05feca6f7c - Fixed incorrect handling of negative strings in mpi_read_string() (found by code coverage tests). 2009-06-20 08:22:43 +00:00
Paul Bakker a86cd2dfcd - Updated ChangeLog for rsa.c change 2009-05-17 10:27:03 +00:00
Paul Bakker fdca45fded - Fixed ChangeLog 2009-05-03 16:06:43 +00:00
Paul Bakker b44f3be436 - Updated ChangeLog to include XTEA and Camellia support on 64-bit platforms. 2009-05-03 13:12:27 +00:00
Paul Bakker 40ea7de46d - Added CRL revocation support to x509parse_verify()
- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker 34a9056f39 - POLARSSL_HAVE_ASM also used in padlock and timing code. 2009-04-19 21:17:09 +00:00
Paul Bakker 1d4f30ca4d - Made net_htons() endian-clean for big endian. 2009-04-19 18:55:16 +00:00
Paul Bakker 2b245ebd9f - Moved file loading to load_file 2009-04-19 18:44:26 +00:00
Paul Bakker 6335fafd74 - Added x509parse_crt() fix 2009-03-28 18:54:06 +00:00
Paul Bakker ebb2bebbe2 - Added genprime fix 2009-03-28 17:52:44 +00:00
Paul Bakker 4593aeadaf - Added support for RFC4055 SHA2 and SHA4 signature algorithms for
use with PKCS#1 v1.5 signing and verification.
 - Added extra certificates to test-ca and test code to further test
   functionality of SHA2 and SHA4 signing and verification.
 - Updated other program files accordingly
2009-02-09 22:32:35 +00:00
Paul Bakker 4e0d7ca233 - Fixed a bug in mpi_gcd() that prevented correct funtioning when both input numbers are even. 2009-01-29 22:24:33 +00:00
Paul Bakker 71cd2c6fbd - Updated version from 0.10 to 0.10.0 2009-01-15 19:45:54 +00:00
Paul Bakker f1306186d0 - Updated Changelog 2009-01-12 21:50:17 +00:00
Paul Bakker 72989ffcaf - Updated ChangeLog 2009-01-11 20:26:11 +00:00
Paul Bakker 38119b18d6 - Added first version of Camellia 2009-01-10 23:31:23 +00:00
Paul Bakker 7a7c78fd02 - Added XTEA Algorithm (Not used in SSL) 2009-01-04 18:15:48 +00:00
Paul Bakker b749d68f9c - Updates to PolarSSL
- Added ignores
2009-01-04 16:08:55 +00:00
Paul Bakker 5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00