Paul Bakker
a43231c5a5
Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt()
2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b
Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
...
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()
The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3
Added conversion to int for a t_uint value to prevent compiler warnings
...
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1
Made x509parse.c also work with missing hash header files
2013-02-19 13:17:38 +01:00
Paul Bakker
86f04f400b
Fixed comment
2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
Manuel Pégourié-Gonnard
f35b739dff
Add a few check for context validity.
2013-02-11 22:12:39 +01:00
Manuel Pégourié-Gonnard
424fda5d7b
Add ecdh_calc_secret()
2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c
Add ecdh_{make,read}_public()
2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2
Add ecdh_read_params().
2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
13724765b2
Add ecdh_make_server_params (untested yet)
2013-02-10 15:01:54 +01:00
Manuel Pégourié-Gonnard
63533e44c2
Create ecdh_context structure
2013-02-10 14:22:44 +01:00
Manuel Pégourié-Gonnard
98f51815d6
Fix ecp_tls_read_point's signature
2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418
Fix ecp_tls_read_group's signature
2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
46106a9d75
Add tests for (and fix bug in) ecp_tls_write_group
2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675
Fix ecp_tls_write_point's signature
2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
b325887fad
Add ecp_tls_write_group()
2013-02-10 12:06:19 +01:00
Manuel Pégourié-Gonnard
7e86025f32
Rename ecp_*_binary to ecp_point_*_binary
2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22
Supress 'format' argument to ecp_read_binary.
...
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
0079405918
Add functions for read/write ECPoint records
2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Manuel Pégourié-Gonnard
3aeb5a7192
Add ECDSA signature primitive.
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
b309ab2936
Add ECDSA sign primitive
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
2aea1416f9
Add skeleton ecdsa.[ch]
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
6545ca7bed
Add ECDH primitives
2013-01-26 19:11:24 +01:00
Manuel Pégourié-Gonnard
0bad5c2381
Add skeleton ecdh.[ch]
2013-01-26 15:30:46 +01:00
Manuel Pégourié-Gonnard
45a035a9ac
Add ecp_gen_keypair()
2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae
Correctly handle CertificateRequest with empty DN list in <= TLS 1.1
2013-01-22 14:21:49 +01:00
Paul Bakker
cf4365f560
Updated error codes for ECP
2013-01-16 17:00:43 +01:00
Paul Bakker
a95919b4c7
Added ECP files to Makefiles as well
2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
5e402d88ea
Added ecp_read_binary().
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3
Added support for writing points compressed
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46
Added ecp_write_binary().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63
Added ecp_check_pubkey().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
3680c82c5a
Made choice of w safer and more optimal
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
cdd44324e9
Added ecp_normalize_many() for faster precompute()
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5
Made ecp_mul() faster and truly SPA resistant
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
7652a593d6
Added a precompute() function for fast mult
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
855560758c
Added function preparing for faster multiplication
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
b4a310b472
Added a selftest about SPA resistance
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e
Added ecp_sub() as a variant of ecp_add()
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c
Changed to jacobian coordinates everywhere
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
773ed546a2
Added a nbits member to ecp_group
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb
Multiplication by negative is now forbidden
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
8433824d5f
Added fast mod_p192
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4712325777
Clarifications in comments; code cosmetics & style
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
dada4da33f
Moved domain paramaters to ecp.c
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
62aad14139
Added slot for fast modp, with mod_p521
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
84d1aea1ac
Now reducing mod p after every single operation
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e0c16922f9
Point multiplication using Jacobian coordinates
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
7e0adfbcc5
Replaced add_generic with add_mixed
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
989c32bc3e
Replaced double_generic with double_jac
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
27b1ba8be0
Changed ecp_mul() to always add the same point
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
d070f51224
Started introducting Jacobian coordinates
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c
Moved tests from selftest to tests/test_suite_ecp
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
a5402fee04
Added ecp_use_known_dp()
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae
Implemented multiplication
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b4ab8a8137
Fixed memory leak due to typo
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
de532ee73f
Implemented generic doubling
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
ab38b70816
Fixed add_generic
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c
Got first tests working, fixed ecp_copy()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
d0dc6317e1
Added a few test cases for addition
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
847395a8a9
Added ecp_XXX_read_string()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
7cfcea349c
Documented error codes properly
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
ae180d0f20
Got started on ecp_add(): generic case done
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
883f313516
Added ecp_copy() (for points)
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
5179e463d5
Allowed point at infinity, supressed ecp_double()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
1e8c8ecd95
Implemented ecp_{point,group}_free()
2013-01-16 16:31:49 +01:00
Manuel Pégourié-Gonnard
39d2adbbd0
Added (skeleton) ecp.[ch]
2013-01-16 16:31:48 +01:00
Paul Bakker
21dca69ef0
Handle future version properly in ssl_write_certificate_request()
2013-01-03 11:41:08 +01:00
Paul Bakker
02303e8be4
Moved md_init_ctx() calls around to minimize exit points
2013-01-03 11:08:31 +01:00
Paul Bakker
40628bad98
Memory leak when using RSA_PKCS_V21 operations fixed
2013-01-03 10:50:31 +01:00
Paul Bakker
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
Paul Bakker
bc3d98469f
Fixed multiple DN size
2012-11-26 16:12:02 +01:00
Paul Bakker
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
Paul Bakker
3497d8c7bf
Do not check sig on trust-ca (might not be top)
2012-11-24 11:53:17 +01:00
Paul Bakker
769075dfb6
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 11:26:46 +01:00
Paul Bakker
78ce507988
Fixed typo
2012-11-23 14:23:53 +01:00
Paul Bakker
926af7582a
Fixed client certificate handling with TLS 1.2
2012-11-23 13:38:07 +01:00
Manuel Pégourié-Gonnard
e44ec108be
Fixed segfault in mpi_shift_r()
...
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
90f309ffe7
Added proper gitignores for linux compilation
2012-11-17 00:04:49 +01:00
Paul Bakker
43ae298410
- Fixed argument types
2012-11-14 12:14:19 +00:00
Paul Bakker
34d8dbcc6d
- Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0)
2012-11-14 12:11:38 +00:00
Paul Bakker
e0f41f3086
- Updated version to 1.2.1
2012-11-13 12:55:02 +00:00
Paul Bakker
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
Paul Bakker
96c4ed8134
- Proper building of shared lib when SHARED defined
2012-11-13 10:37:52 +00:00
Paul Bakker
644db3893a
- Added SHARED define for building with -fPIC
2012-11-13 10:35:00 +00:00
Paul Bakker
f02c5642d0
- Allow R and A to point to same mpi in mpi_div_mpi
2012-11-13 10:25:21 +00:00
Paul Bakker
36c4a678a6
- Fixed off-by-one loop
2012-11-09 15:30:07 +00:00
Paul Bakker
096348fa79
- Fixed comments / typos
2012-11-07 20:05:38 +00:00
Paul Bakker
fc975dc592
- Small Windows VC6 fixes
2012-11-02 12:51:23 +00:00
Paul Bakker
d9374b05d6
- Moved mpi_inv_mod() outside POLARSSL_GENPRIME
2012-11-02 11:02:58 +00:00
Paul Bakker
7a2538ee38
- Fixes for MSVC6
2012-11-02 10:59:36 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
bb0139c924
- Moved to more flexible define structure
...
- Added exception for OpenBSD on Sparc64 (no privilege for call)
2012-10-31 09:53:08 +00:00
Paul Bakker
35a7fe52f3
- Prevent compiler warning
2012-10-31 09:07:14 +00:00
Paul Bakker
8611e73dd3
- Fixed infinite loop
2012-10-30 07:52:29 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
d2c167e9a8
- And fixed order
2012-10-30 07:49:19 +00:00
Paul Bakker
98fe5eaf47
- Removed snprintf altogether for critical code paths
2012-10-24 11:17:48 +00:00
Paul Bakker
331f5630e9
- Do not use sprintf(), use snprintf() instead.
2012-10-24 10:16:39 +00:00
Paul Bakker
ba26e9ebfd
- Cache now only allows a maximum of entries in cache for preventing memory overrun
2012-10-23 22:18:28 +00:00
Paul Bakker
f1ab0ec1ff
- Changed default compiler flags to include -O2
2012-10-23 12:12:53 +00:00
Paul Bakker
67f9d534ee
- Removed code breaking strict-aliasing
2012-10-23 11:49:05 +00:00
Paul Bakker
81420abcb6
- properly print minimum version
2012-10-23 10:31:15 +00:00
Paul Bakker
c110d025c2
- Added extra check to prevent crash on failed memory allocation
2012-10-19 12:15:08 +00:00
Paul Bakker
0be82f20a9
- Updated rsa_pkcs1_verify() and rsa_pkcs1_sign() to use appropriate buffer size for max MPIs
2012-10-03 20:36:33 +00:00
Paul Bakker
36fec23dc2
- Updated to 1.2.0
2012-10-02 15:40:44 +00:00
Paul Bakker
62261d6bd6
- Rewrote bignum type definition #ifdef tree to work better on all
...
systems
2012-10-02 12:19:31 +00:00
Paul Bakker
3338b792da
- Fixed WIN32 version of x509parse_crtpath()
2012-10-01 21:13:10 +00:00
Paul Bakker
d6f17b492f
- Moved definition to top to prevent MS VC compiler warning
2012-10-01 20:58:19 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
0e19e9ff1c
- Minor define change to prevent warning
2012-10-01 11:02:48 +00:00
Paul Bakker
993d11dd05
- Send ClientHello with 'minimal version'
2012-09-28 15:00:12 +00:00
Paul Bakker
23f3680898
- Added proper support for TLS 1.2 signature_algorithm extension on server
...
side
- Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
321df6fb80
- Expanded rsa_check_privkey() to check DP, DQ and QP as well
2012-09-27 13:21:34 +00:00
Paul Bakker
5531c6d92c
- Change buffer size on mpi_write_file() to cover larger size MPIs
2012-09-26 19:20:46 +00:00
Paul Bakker
49d75678a5
- Support INTEGRITY OS
2012-09-26 15:22:07 +00:00
Paul Bakker
d14277d7de
- Added PBKDF2 error code
2012-09-26 15:19:05 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
2d319fdfcb
- Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover.
2012-09-16 21:34:26 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
b5b20f19e7
- Extra sanity check for input added
2012-09-16 15:07:49 +00:00
Paul Bakker
5f70b25c9b
- Correctly handle SHA256 ciphersuites in SSLv3
...
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
ec636f3bdd
- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
2012-09-09 19:17:02 +00:00
Paul Bakker
94a6796179
- Correctly handle MS certificate's key usage bits
2012-08-23 13:03:52 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
535e97dbab
- Better checking for reading over buffer boundaries
...
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
bb51f0cb3d
- Only include md.h if needed by POLARSSL_PKCS1_V21
2012-08-23 07:46:58 +00:00
Paul Bakker
6a2f857b08
- Added DragonflyBSD support
2012-08-23 07:45:37 +00:00
Paul Bakker
3c16db9a10
- Fixed potential memory zeroization on miscrafted RSA key
2012-07-05 13:58:08 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
83f00bba9c
- Updated strerror codes for SSL Compression and Blowfish
2012-07-04 11:08:50 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
cefb396a77
- Handle empty certificate subject names
2012-06-27 11:51:09 +00:00
Paul Bakker
e4791f3936
- Bugfix for Windows in cert path handling
2012-06-04 21:29:15 +00:00
Paul Bakker
67820bd38e
- Only include padlock header when POLARSSL_PADLOCK_C is defined
2012-06-04 12:47:23 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
e6ee41f932
- Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
...
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
50546921ac
- Moved to prevent uninitialized exit var
2012-05-19 08:40:49 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
2a5c7a87af
- Add Windows required library
2012-05-10 21:54:28 +00:00
Paul Bakker
62f88dc473
Makefile more compatible with WINDOWS environment
2012-05-10 21:26:28 +00:00
Paul Bakker
cd5b529d6d
- Added automatic WINDOWS define in Makefile
2012-05-10 20:49:10 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
7e2c728178
- Updated to support NetBSD
2012-05-08 13:23:16 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
3aac1daf1d
- Added exception error parsing when FATAL ssl message is received
2012-05-08 13:12:27 +00:00
Paul Bakker
6b906e5095
- Const correctness mpi_get_bit()
...
- Documentation mpi_lsb(), mpi_msb()
2012-05-08 12:01:43 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
430ffbe564
- Fixed potential heap corruption in x509_name allocation
2012-05-01 08:14:20 +00:00
Paul Bakker
aec37cb653
- Added extra sanity check to DHM values
2012-04-26 18:59:59 +00:00
Paul Bakker
279432a7c0
- Fixed size of clean
2012-04-26 10:09:35 +00:00
Paul Bakker
901c65620e
- Fill full buffer (Wrong parameter usage)
2012-04-20 13:25:38 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
d8ef167833
- Updated for latest GCM error
2012-04-18 14:17:32 +00:00
Paul Bakker
fc5183cf5d
- Added input checking and more efficient buffer overlap use
2012-04-18 14:17:01 +00:00
Paul Bakker
369e14bbf1
- Small code rewrite
2012-04-18 14:16:09 +00:00
Paul Bakker
030277ab1e
- Updated error.c to include GCM errors
2012-04-17 12:24:26 +00:00
Paul Bakker
13ed9ab921
- Removed unused variable
2012-04-16 09:43:49 +00:00
Paul Bakker
0a9251870a
- Report unexpected_message if unknown record type is received
2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
bf63b36127
- Updated comments
2012-04-12 20:44:34 +00:00
Paul Bakker
c3f177a77b
- Added client side support for signature_algorithm extension and affiliated handling
2012-04-11 16:11:49 +00:00
Paul Bakker
1ef83d66dd
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534
- Fixed too restrictive test
2012-04-10 07:48:40 +00:00
Paul Bakker
96d42da8fe
- Removed debug value
2012-04-05 13:22:07 +00:00
Paul Bakker
c7ffd36a97
- Added automatic debug flags to CFLAGS if DEBUG is set in shell
2012-04-05 12:08:29 +00:00
Paul Bakker
452d532955
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
2012-04-05 12:07:34 +00:00
Paul Bakker
6126481796
- Added compat for sun in net.c
2012-04-03 07:54:30 +00:00
Paul Bakker
56a7684023
- Added alternative for SHA1 signature structure to check for (without NULL)
2012-03-22 15:31:27 +00:00
Paul Bakker
0c8f73ba8b
- Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong
2012-03-22 14:08:57 +00:00
Paul Bakker
f9169629c9
- Removed unused variables
2012-03-20 15:05:51 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
b6ad62dd21
- Added missing x509write.c
2012-03-20 13:41:33 +00:00
Paul Bakker
02f61692ef
- Removed trailing char
2012-03-15 10:54:25 +00:00
Paul Bakker
f654371b2b
- Only include dependencies when required
2012-03-05 14:01:29 +00:00
Paul Bakker
ad8d354a1a
- Updated RFC ref
2012-02-16 15:28:14 +00:00
Paul Bakker
3cac5e012b
- x509_write_cert_req() now supports all available hash functions
2012-02-16 14:08:06 +00:00
Paul Bakker
058881547f
- Certificate Requests written now have the Email address written in IA5String
2012-02-16 10:26:57 +00:00
Paul Bakker
bdb912db69
- Added preliminary ASN.1 buffer writing support
...
- Added preliminary X509 Certificate Request writing support
- Added key_app_writer example application
- Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
048d04ef4b
- AES code only check for Padlock once
2012-02-12 17:31:04 +00:00
Paul Bakker
39dfdaca8f
- Fixed mpi_fill_random() to fill and create right size MPI
2012-02-12 17:17:27 +00:00
Paul Bakker
8afa70dcd5
- Clean Subject Alternative Name data
2012-02-11 18:42:45 +00:00
Paul Bakker
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
Paul Bakker
1504af585c
- Removed redundant POLARSSL_DEBUG_MSG define
2012-02-11 16:17:43 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3
- Made changes for 1.1.1 release
2012-01-23 09:44:43 +00:00
Paul Bakker
17caec12af
- Changed back statement
2012-01-22 20:37:32 +00:00
Paul Bakker
e88186d2ff
- Fixed selftest for CTR_DRBG
2012-01-22 20:29:47 +00:00
Paul Bakker
cf0360a14e
- Fixed compiler error on 64-bit systems not using GCC
...
- t_udbl optimization now also works on platforms that did not define POLARSSL_HAVE_LONGLONG
2012-01-20 10:08:14 +00:00
Paul Bakker
ec1b9842c4
- Fixed type of length in get_pkcs_padding()
2012-01-14 18:24:43 +00:00
Paul Bakker
87e5cdad5b
- Fixed warning for t if no debugging defined
2012-01-14 18:14:15 +00:00
Paul Bakker
ed375caa3b
- Fixed signed status of ret
2012-01-14 18:10:38 +00:00
Paul Bakker
8913f82c26
- Fixed compiler warning for unreferenced ret in md_file() when POLARSSL_FS_IO not declared
2012-01-14 18:07:41 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
394c56f854
- Support for FreeBSD _SOCKLEN_T_DECLARED
2011-12-20 12:19:03 +00:00
Paul Bakker
43655f46b0
- Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
2011-12-15 20:11:16 +00:00
Paul Bakker
28c7e7f6fa
- Added HAVEGE as a default entropy source
2011-12-15 19:49:30 +00:00
Paul Bakker
b1dee1cfd2
- Changed commands to lowercase where it was not the case
2011-12-11 11:29:51 +00:00
Paul Bakker
55d3fd9aff
- Enlarged maximum size of DHM a client accepts to 512 bytes
2011-12-11 11:13:05 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0
- Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work
2011-12-10 21:42:49 +00:00
Paul Bakker
bd4a9d0cda
- Changed entropy accumulator to have per-source thresholds
2011-12-10 17:02:19 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
9304880e8a
- Fixed correct printing of serial number '00'
2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706
- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs
2011-12-05 14:22:49 +00:00
Paul Bakker
6bcfc67cd2
- Prevented warning from unused parameter data
2011-12-05 13:54:00 +00:00
Paul Bakker
fc754a9178
- Addedd writing and updating of seedfiles as functions to CTR_DRBG
2011-12-05 13:23:51 +00:00
Paul Bakker
1c70d409ad
- Added better handling of missing session struct
2011-12-04 22:30:17 +00:00
Paul Bakker
4f229e5d83
- Fixed define for Windows time functions
2011-12-04 22:11:35 +00:00
Paul Bakker
4f5ae803fa
- Fixed MS Visual C++ name clash with int64 in sha4.h
2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d
- Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources
2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a
- Fixed const correctness
...
- Added ctr_drbg_update for non-fixed data lengths
- Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
23fd5ea667
- Fixed a potential loop bug
2011-11-29 15:56:12 +00:00
Paul Bakker
2bc7cf16fe
- Cleaned up and further documented CTR_DRBG code
2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
880ac7eb95
- Added handling for CTR_DRBG module
2011-11-27 14:50:49 +00:00
Paul Bakker
0e04d0e9a3
- Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
2011-11-27 14:46:59 +00:00
Paul Bakker
03c7c25243
- * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets
2011-11-25 12:37:37 +00:00
Paul Bakker
fe3256e54b
- Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44 )
2011-11-25 12:11:43 +00:00
Paul Bakker
b6d5f08051
- Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off
2011-11-25 11:52:11 +00:00
Paul Bakker
cce9d77745
- Lots of minimal changes to better support WINCE as a build target
2011-11-18 14:26:47 +00:00
Paul Bakker
33008eef64
- Cleaned up define
2011-11-18 12:58:25 +00:00
Paul Bakker
dceecd80f7
- Adapted error generation to include ASN.1 changes and have Windows snprintf macro
2011-11-15 16:38:34 +00:00
Paul Bakker
1fe7d9baf9
- Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41 )
2011-11-15 15:26:03 +00:00
Paul Bakker
cebdf17159
- Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38 )
2011-11-11 15:01:31 +00:00
Paul Bakker
2028156556
- Fixed typos in copied text (Fixed ticket #39 )
2011-11-11 10:34:04 +00:00
Paul Bakker
efc302964c
- Extracted ASN.1 parsing code from the X.509 parsing code. Added new module.
2011-11-10 14:43:23 +00:00
Paul Bakker
b125ed8fc6
- Fixed typo in doxygen tag
2011-11-10 13:33:51 +00:00
Paul Bakker
ca41010b68
- Expanded clobber list on i386 RDTSC call
2011-10-19 14:27:36 +00:00
Paul Bakker
2a1c5f5382
- Minor code cleanup
2011-10-19 14:15:17 +00:00
Paul Bakker
fae618fa8b
- Updated tests to reflect recent changes
2011-10-12 11:53:52 +00:00
Paul Bakker
b5a11ab80b
- Added a separate CRL entry extension parsing function
2011-10-12 09:58:41 +00:00
Paul Bakker
fbc09f3cb6
- Added an EXPLICIT tag number parameter to x509_get_ext()
2011-10-12 09:56:41 +00:00
Paul Bakker
3329d1f805
- Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers
2011-10-12 09:55:01 +00:00
Paul Bakker
c4909d95f1
- Inceased maximum size of ASN1 length reads to 32-bits
2011-10-12 09:52:22 +00:00
Paul Bakker
fa1c592860
- Fixed faulty HMAC-MD2 implementation (Fixes ticket #37 )
2011-10-06 14:18:49 +00:00
Paul Bakker
490ecc8c3e
- Added ssl_set_max_version() to set the client's maximum sent version number
2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Paul Bakker
adb7ce16c0
- Fixed unconverted t_dbl into t_udbl
2011-08-23 14:55:55 +00:00
Paul Bakker
33aac37d53
- Added correct SONAME to Makefile builds as well
2011-08-13 11:47:41 +00:00
Paul Bakker
8934a98f82
- Fixed memcpy() that had possible overlapping areas to memmove()
2011-08-05 11:11:53 +00:00
Paul Bakker
968bc9831b
- Preparations for v1.0.0 release of PolarSSL
2011-07-27 17:03:00 +00:00
Paul Bakker
5c721f98fd
- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
...
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
9db7742adb
- Fixed error file after changed codes
2011-07-13 11:47:32 +00:00
Paul Bakker
ed56b224de
- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )
2011-07-13 11:26:43 +00:00
Paul Bakker
3783d6d812
- Do not build shared version by default
2011-07-13 11:25:36 +00:00
Paul Bakker
b8213a1298
- Minor update in types to prevent compiler warning under VS2010
2011-07-11 08:16:18 +00:00
Paul Bakker
73206954d4
- Made des_key_check_weak() conform to other functions in return values.
...
- Added documentation for des_key_check_weak() and des_key_check_key_parity()
2011-07-06 14:37:33 +00:00
Paul Bakker
c43e326dca
- Generalized CMakefile
2011-07-06 14:36:44 +00:00
Paul Bakker
684ddce18c
- Minor fixer to remove compiler warnings for ARMCC
2011-07-01 09:25:54 +00:00
Paul Bakker
1fad5bfb19
- Added define for OpenBSD (sys/endian.h)
2011-07-01 09:07:24 +00:00
Paul Bakker
a585beb87e
- Introduced windows DLL build and SYS_LDFLAGS
2011-06-21 08:59:44 +00:00
Paul Bakker
39bb418d93
- Made second argument of f_send() prototype and of net_send() const
2011-06-21 07:36:43 +00:00
Paul Bakker
9c021adeff
- Added regular error codes for generic message digest layer
2011-06-09 15:55:11 +00:00
Paul Bakker
ff61a78a27
- Added and updated cipher error codes and documentation
2011-06-09 15:42:02 +00:00
Paul Bakker
343a870daa
- Expanded generic cipher layer with support for CTR and CFB128 modes of operation.
2011-06-09 14:27:58 +00:00
Paul Bakker
1ef71dffc7
- Updated unsignedness in some missed cases
2011-06-09 14:14:58 +00:00
Paul Bakker
27fdf46d16
- Removed deprecated casts to int for now unsigned values
2011-06-09 13:55:13 +00:00
Paul Bakker
887bd502d2
- Undid fix for ssl_write that introduced a true bug when buffers are running full.
2011-06-08 13:10:54 +00:00
Paul Bakker
828acb2234
- Updated for release 0.99-pre5
2011-05-27 09:25:42 +00:00
Paul Bakker
5690efccc4
- Fixed a whole bunch of dependencies on defines between files, examples and tests
2011-05-26 13:16:06 +00:00
Paul Bakker
192381aa89
- Made listen backlog number a define
2011-05-20 12:31:31 +00:00
Paul Bakker
2f5947e1f6
- Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter functions.
2011-05-18 15:47:11 +00:00
Paul Bakker
831a755d9e
- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
...
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
6c591fab72
- mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases.
2011-05-05 11:49:20 +00:00
Paul Bakker
f968857a82
- Removed conversions to int when not needed to prevent signed / unsigned situations
...
- Maximized mpi limb size
2011-05-05 10:00:45 +00:00
Paul Bakker
31cacd7cf8
- Re-organized object files
2011-04-25 15:31:41 +00:00
Paul Bakker
335db3f121
- Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO
2011-04-25 15:28:35 +00:00
Paul Bakker
f4f6968a86
- Improved compile-time compatibility with mingw32 64-bit versions
2011-04-24 16:08:12 +00:00
Paul Bakker
2eee902be3
- Better timer for Windows platforms
...
- Made alarmed volatile for better Windows compatibility
2011-04-24 15:28:55 +00:00
Paul Bakker
a755ca1bbe
- Renamed t_s_int, t_int and t_dbl to respectively t_sint, t_uint and t_udbl for clarity
2011-04-24 09:11:17 +00:00
Paul Bakker
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
Paul Bakker
e91d01e144
- Fixed typo
2011-04-19 15:55:50 +00:00
Paul Bakker
b6ecaf5276
- Added additional (configurable) cipher block modes. AES-CTR, Camellia-CTR, XTEA-CBC
2011-04-19 14:29:23 +00:00