Commit graph

329 commits

Author SHA1 Message Date
Paul Bakker
35a7fe52f3 - Prevent compiler warning 2012-10-31 09:07:14 +00:00
Paul Bakker
8611e73dd3 - Fixed infinite loop 2012-10-30 07:52:29 +00:00
Paul Bakker
b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker
d2c167e9a8 - And fixed order 2012-10-30 07:49:19 +00:00
Paul Bakker
98fe5eaf47 - Removed snprintf altogether for critical code paths 2012-10-24 11:17:48 +00:00
Paul Bakker
331f5630e9 - Do not use sprintf(), use snprintf() instead. 2012-10-24 10:16:39 +00:00
Paul Bakker
ba26e9ebfd - Cache now only allows a maximum of entries in cache for preventing memory overrun 2012-10-23 22:18:28 +00:00
Paul Bakker
f1ab0ec1ff - Changed default compiler flags to include -O2 2012-10-23 12:12:53 +00:00
Paul Bakker
67f9d534ee - Removed code breaking strict-aliasing 2012-10-23 11:49:05 +00:00
Paul Bakker
81420abcb6 - properly print minimum version 2012-10-23 10:31:15 +00:00
Paul Bakker
c110d025c2 - Added extra check to prevent crash on failed memory allocation 2012-10-19 12:15:08 +00:00
Paul Bakker
0be82f20a9 - Updated rsa_pkcs1_verify() and rsa_pkcs1_sign() to use appropriate buffer size for max MPIs 2012-10-03 20:36:33 +00:00
Paul Bakker
36fec23dc2 - Updated to 1.2.0 2012-10-02 15:40:44 +00:00
Paul Bakker
62261d6bd6 - Rewrote bignum type definition #ifdef tree to work better on all
systems
2012-10-02 12:19:31 +00:00
Paul Bakker
3338b792da - Fixed WIN32 version of x509parse_crtpath() 2012-10-01 21:13:10 +00:00
Paul Bakker
d6f17b492f - Moved definition to top to prevent MS VC compiler warning 2012-10-01 20:58:19 +00:00
Paul Bakker
5c2364c2ba - Moved from unsigned long to uint32_t throughout code 2012-10-01 14:41:15 +00:00
Paul Bakker
0e19e9ff1c - Minor define change to prevent warning 2012-10-01 11:02:48 +00:00
Paul Bakker
993d11dd05 - Send ClientHello with 'minimal version' 2012-09-28 15:00:12 +00:00
Paul Bakker
23f3680898 - Added proper support for TLS 1.2 signature_algorithm extension on server
side
 - Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b - Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS 2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02 - Added ServerName extension parsing (SNI) at server side 2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163 - Generalized external private key implementation handling (like PKCS#11) in SSL/TLS 2012-09-27 19:15:01 +00:00
Paul Bakker
321df6fb80 - Expanded rsa_check_privkey() to check DP, DQ and QP as well 2012-09-27 13:21:34 +00:00
Paul Bakker
5531c6d92c - Change buffer size on mpi_write_file() to cover larger size MPIs 2012-09-26 19:20:46 +00:00
Paul Bakker
49d75678a5 - Support INTEGRITY OS 2012-09-26 15:22:07 +00:00
Paul Bakker
d14277d7de - Added PBKDF2 error code 2012-09-26 15:19:05 +00:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a - Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob 2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd - Added predefined DHM groups from RFC 5114 2012-09-25 09:36:44 +00:00
Paul Bakker
d0f6fa7bdc - Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
2d319fdfcb - Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover. 2012-09-16 21:34:26 +00:00
Paul Bakker
48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker
b5b20f19e7 - Extra sanity check for input added 2012-09-16 15:07:49 +00:00
Paul Bakker
5f70b25c9b - Correctly handle SHA256 ciphersuites in SSLv3
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
ec636f3bdd - Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation) 2012-09-09 19:17:02 +00:00
Paul Bakker
94a6796179 - Correctly handle MS certificate's key usage bits 2012-08-23 13:03:52 +00:00
Paul Bakker
f518b16f97 - Added PKCS#5 PBKDF2 key derivation function 2012-08-23 13:03:18 +00:00
Paul Bakker
535e97dbab - Better checking for reading over buffer boundaries
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
b68cad6cc7 - Made cipersuites in ssl context const (no intention to modify)
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
bb51f0cb3d - Only include md.h if needed by POLARSSL_PKCS1_V21 2012-08-23 07:46:58 +00:00
Paul Bakker
6a2f857b08 - Added DragonflyBSD support 2012-08-23 07:45:37 +00:00
Paul Bakker
3c16db9a10 - Fixed potential memory zeroization on miscrafted RSA key 2012-07-05 13:58:08 +00:00
Paul Bakker
6132d0aa93 - Added Blowfish to generic cipher layer
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
83f00bba9c - Updated strerror codes for SSL Compression and Blowfish 2012-07-04 11:08:50 +00:00
Paul Bakker
a9379c0ed1 - Added base blowfish algorithm 2012-07-04 11:02:11 +00:00
Paul Bakker
2770fbd651 - Added DEFLATE compression support as per RFC3749 (requires zlib) 2012-07-03 13:30:23 +00:00
Paul Bakker
cefb396a77 - Handle empty certificate subject names 2012-06-27 11:51:09 +00:00