Paul Bakker
0f2f0bfc87
CAMELLIA-based PSK and DHE-PSK ciphersuites added
2013-07-26 15:04:03 +02:00
Paul Bakker
524691c0a0
Added --modes option to tests/compat.sh
2013-07-25 17:01:20 +02:00
Paul Bakker
bd5fd4d1da
RFC6229 ARC4 test vectors added to testsuite
2013-07-19 14:51:31 +02:00
Paul Bakker
accd4eb665
compat.sh now has -f command-line option to filter used ciphersuites
2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard
4f47538ad8
Fix some 'depends' in tests
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac
Some more EC pubkey parsing refactoring
...
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
893879adbd
Adapt debug_print_crt() for EC keys
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
a3c86c334c
Certificates with EC key and/or sig parsed
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
72ef0b775d
Add test certificate signed with ECDSA
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
244569f4b1
Use generic x509_get_pubkey() for RSA functions
2013-07-17 15:59:40 +02:00
Paul Bakker
8ea6c61477
Rename of prvkey -> privkey fix in test suite files
2013-07-16 17:16:58 +02:00
Manuel Pégourié-Gonnard
de44a4aecf
Rename ecp_check_prvkey with a 'i' for consistency
2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
8838099330
Add x509parse_{,public}_key{,file}()
...
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
a9e54129b5
Adapt test files to supported PKCS#8 modes
...
openssl pkcs8 -topk8 -in ec_prv.sec1.pem -passout pass:polar \
-v1 PBE-SHA1-RC4-128 -outform der -out ec_prv.pk8.pw.der
openssl pkcs8 -topk8 -in ec_prv.sec1.pem -passout pass:polar \
-v1 PBE-SHA1-RC4-128 -outform pem -out ec_prv.pk8.pw.pem
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
2b9252cd8f
Add tests for x509parse_key_ec()
...
Test files were generated as follows:
openssl ecparam -name prime192v1 -genkey > key.pem
openssl ec -in key.pem -pubout -outform PEM > pub.pem
openssl ec -in key.pem -pubout -outform DER > pub.der
openssl ec -in key.pem -outform pem > prv.sec1.pem
openssl ec -in key.pem -outform der > prv.sec1.der
openssl ec -in key.pem -des -passout pass:polar -outform pem > prv.sec1.pw.pem
openssl pkcs8 -topk8 -in key.pem -nocrypt -outform pem > prv.pk8.pem
openssl pkcs8 -topk8 -in key.pem -nocrypt -outform der > prv.pk8.der
openssl pkcs8 -topk8 -in key.pem -passout pass:polar -outform der \
> prv.pk8.pw.der
openssl pkcs8 -topk8 -in key.pem -passout pass:polar -outform pem \
> prv.pk8.pw.pem
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
73c0cda346
Complete x509parse_public_key_ec()
...
Warning: due to a bug in oid_descriptor_from_buf(), keys associated to some
curves (secp224r1, secp384r1, secp521r1) are incorrectly rejected,
since their namedCurve OID contains a nul byte.
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
1bc6931f8c
Add test for x509parse_public_keyfile_ec
2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83
Add ecp_check_prvkey, with test
...
Also group key checking and generation functions in ecp.h and ecp.c.
2013-07-08 15:31:18 +02:00
Paul Bakker
92b8dc0535
Fixed memory leaks in tests
2013-07-03 17:22:31 +02:00
Paul Bakker
e07c431eb3
Test suite automatically uses buffer-based memory allocator if present
...
Eat your own dog-food..
2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
fd3eac5786
Cleaned up ECP error codes
2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05
Made supported curves configurable
2013-06-29 23:26:34 +02:00
Paul Bakker
89fe7f4388
compat.sh modified to support new ssl_server2 and ssl_client2
...
capabilities
2013-06-29 18:35:41 +02:00
Paul Bakker
f8d018a274
Made asn1_get_alg() and asn1_get_alg_null() as generic functions
...
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
2013-06-29 18:35:40 +02:00
Paul Bakker
b9d3cfa114
Split up GCM into a start/update/finish cycle
2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a
Made ctr_drbg_init_entropy_len() non-static and defined
2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6
Cleanup up non-prototyped functions (static) and const-correctness
...
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
f67edd9db8
Made x509parse PKCS#12 and PKCS#5 tests dependent on defines
...
(cherry picked from commit db7ea6f16262cf87fdfa0f98b58707d724531f3d)
2013-06-25 15:06:53 +02:00
Paul Bakker
38b50d73a1
Moved PKCS#12 PBE functions to cipher / md layer where possible
...
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).
In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2699bd3da884662f7e56e097a12b1a0)
2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb
x509parse_crt() and x509parse_crt_der() return X509 password related codes
...
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c755f9fd3c8b755d78d7a92d66245c57)
2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef
PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
...
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2016dfaff2b48c11f731fc9ccbd7ccf)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
b0c19a4b3d
PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
...
old PBKDF2 module.
(cherry picked from commit 19bd297dc896410e0d859729f9e8d4b1e107e6c8)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
28837ff2f4
Make sure polarssl/config.h is included at the start
...
(cherry picked from commit 9691bbe9b32fead5d5268f171d1e185f61a43ac3)
2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
...
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a81c7b22271beb58a09b5c756148e62a)
Conflicts:
scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876
Internally split up x509parse_key()
...
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6ff7b93f0a231a5a49d98d968c9bcdc)
Conflicts:
library/x509parse.c
2013-06-25 15:06:50 +02:00
Paul Bakker
ef3f8c747e
Fixed const correctness issues in programs and tests
...
(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)
Conflicts:
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
programs/test/ssl_test.c
programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
40afb4ba13
Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487
2013-04-19 22:03:30 +02:00
Paul Bakker
a1bf92ddb4
Added PSK NULL ciphers from RFC4785
2013-04-19 20:47:26 +02:00
Paul Bakker
48f7a5d724
DHE-PSK based ciphersuite support added and cleaner key exchange based
...
code selection
The base RFC 4279 DHE-PSK ciphersuites are now supported and added.
The SSL code cuts out code not relevant for defined key exchange methods
2013-04-19 20:47:26 +02:00
Paul Bakker
7e5e7ca205
Added PSK ciphersuite tests to compat.sh
2013-04-18 23:12:34 +02:00
Paul Bakker
286bf3c501
Split up largest test suite data files into smaller chunks
2013-04-08 18:09:51 +02:00
Paul Bakker
abfdfbfd46
Removed duplicate value from compat.sh ciphersuite list
2013-04-08 14:07:43 +02:00
Paul Bakker
27714b1aa1
Added Camellia ECDHE-based CBC ciphersuites
...
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
a54e493bc0
Added ECDHE-based SHA256 and SHA384 ciphersuites
...
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
Paul Bakker
41c83d3f67
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
...
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743
Merge branch 'ecc-devel-mpg' into development
2013-03-13 16:31:01 +01:00
Paul Bakker
d589a0ddb6
Modified Makefiles to include new files and and config.h to PolarSSL standard
2013-03-13 16:30:17 +01:00
Paul Bakker
90f042d4cb
Prepared for PolarSSL 1.2.6 release
2013-03-11 11:38:44 +01:00
Manuel Pégourié-Gonnard
424fda5d7b
Add ecdh_calc_secret()
2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c
Add ecdh_{make,read}_public()
2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2
Add ecdh_read_params().
2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
98f51815d6
Fix ecp_tls_read_point's signature
2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418
Fix ecp_tls_read_group's signature
2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
8c16f96259
Add a few tests for ecp_tls_read_point
2013-02-10 13:00:20 +01:00
Manuel Pégourié-Gonnard
46106a9d75
Add tests for (and fix bug in) ecp_tls_write_group
2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675
Fix ecp_tls_write_point's signature
2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
6282acaec2
Add basic tests for ecp_tls_*_point
2013-02-10 11:15:11 +01:00
Manuel Pégourié-Gonnard
7e86025f32
Rename ecp_*_binary to ecp_point_*_binary
2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22
Supress 'format' argument to ecp_read_binary.
...
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Manuel Pégourié-Gonnard
cf4a70c8ed
Adjust names of ECDSA tests.
2013-01-27 09:10:53 +01:00
Manuel Pégourié-Gonnard
450a163c81
Fix valgrind warning in ECDSA test suite.
2013-01-27 09:08:18 +01:00
Manuel Pégourié-Gonnard
007b7177ef
ECDH : add test vectors from RFC 5903.
2013-01-27 09:00:02 +01:00
Manuel Pégourié-Gonnard
602a8973d7
ECDSA : test vectors from RFC 4754
2013-01-27 08:10:28 +01:00
Manuel Pégourié-Gonnard
d1c7150bf5
Basic tests for ECDSA.
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
61ce13b728
Basic tests for ECDH primitive
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
45a035a9ac
Add ecp_gen_keypair()
2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Paul Bakker
a95919b4c7
Added ECP files to Makefiles as well
2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
5e402d88ea
Added ecp_read_binary().
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3
Added support for writing points compressed
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46
Added ecp_write_binary().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63
Added ecp_check_pubkey().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
c554e9acf1
Added test vectors from RFC 5903
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5
Made ecp_mul() faster and truly SPA resistant
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b4a310b472
Added a selftest about SPA resistance
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e
Added ecp_sub() as a variant of ecp_add()
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c
Changed to jacobian coordinates everywhere
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb
Multiplication by negative is now forbidden
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
8433824d5f
Added fast mod_p192
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
e739f0133b
Added test vectors from RFC 5114 to test suite
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c
Moved tests from selftest to tests/test_suite_ecp
2013-01-16 16:31:50 +01:00
Paul Bakker
58ef6ec613
Cleaner test-memory cleanups
2013-01-03 11:33:48 +01:00
Paul Bakker
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
Paul Bakker
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
Paul Bakker
1eeceaeac8
More expansive testing
2012-11-23 14:25:34 +01:00
Manuel Pégourié-Gonnard
e44ec108be
Fixed segfault in mpi_shift_r()
...
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
90f309ffe7
Added proper gitignores for linux compilation
2012-11-17 00:04:49 +01:00
Paul Bakker
e0f41f3086
- Updated version to 1.2.1
2012-11-13 12:55:02 +00:00
Paul Bakker
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
Paul Bakker
f02c5642d0
- Allow R and A to point to same mpi in mpi_div_mpi
2012-11-13 10:25:21 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
f1ab0ec1ff
- Changed default compiler flags to include -O2
2012-10-23 12:12:53 +00:00
Paul Bakker
8f387e6605
- Updated trunk base version to 1.2.0 for prerelease 1
2012-10-02 15:26:45 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
31417a71f8
- Fixed tests for enhanced rsa_check_privkey()
2012-09-27 20:41:37 +00:00
Paul Bakker
1a0f552030
- Fixed test for 'trust extension' change
2012-09-25 21:53:55 +00:00
Paul Bakker
17a9790918
- Added regression check for latest mpi_add_abs() issue
2012-09-17 08:44:35 +00:00
Paul Bakker
0c93d126bc
- Ability to define openssl at top
...
- Also add SHA256 ciphersuites in non-tls 1.2 modes
2012-09-13 14:26:09 +00:00
Paul Bakker
68b6d88f5e
- Clear all memory
2012-09-08 14:04:13 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
9195662a4c
- Added test for no-subject certificates with altSubjectNames
2012-08-23 10:46:54 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
92eeea4627
- Modified CMakeLists to support zlib
2012-07-03 15:10:33 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
40dd5303c2
- Fixed test on Big Endian systems (Fixed Ticket #54 )
2012-05-15 15:02:38 +00:00
Paul Bakker
62f88dc473
Makefile more compatible with WINDOWS environment
2012-05-10 21:26:28 +00:00
Paul Bakker
cd5b529d6d
- Added automatic WINDOWS define in Makefile
2012-05-10 20:49:10 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
d14cd35ece
- Adapted Makefile for buildbot
2012-05-08 15:39:50 +00:00
Paul Bakker
02adedb0b1
- Added casting to prevent warnings on some compilers
2012-05-08 13:35:48 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
398cb514e2
- Allow to test for multiple modes
2012-04-10 08:22:31 +00:00
Paul Bakker
c7ffd36a97
- Added automatic debug flags to CFLAGS if DEBUG is set in shell
2012-04-05 12:08:29 +00:00
Paul Bakker
0c8f73ba8b
- Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong
2012-03-22 14:08:57 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
6d6205091b
- First tests for x509_write_cert_req() compat with OpenSSL output
2012-02-16 14:09:13 +00:00
Paul Bakker
b08e6843c2
- Removed test memory leaks
2012-02-11 18:43:20 +00:00
Paul Bakker
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3
- Made changes for 1.1.1 release
2012-01-23 09:44:43 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0
- Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work
2011-12-10 21:42:49 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
c0a1a319df
- Moved test to entropy and CTR_DRBG
2011-12-04 17:12:15 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3
- Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
2011-11-27 14:46:59 +00:00
Paul Bakker
fae618fa8b
- Updated tests to reflect recent changes
2011-10-12 11:53:52 +00:00
Paul Bakker
fa1c592860
- Fixed faulty HMAC-MD2 implementation (Fixes ticket #37 )
2011-10-06 14:18:49 +00:00
Paul Bakker
968bc9831b
- Preparations for v1.0.0 release of PolarSSL
2011-07-27 17:03:00 +00:00
Paul Bakker
73043766c7
- Fixed CMakeLists.txt for new suites with multiple data files
2011-07-13 15:03:10 +00:00
Paul Bakker
46c1794110
- Split cipher test suite into three different sets
...
- Adapted test source code generation accordingly
2011-07-13 14:54:54 +00:00
Paul Bakker
26b41a8370
- Fixed compiler warning
2011-07-13 14:53:58 +00:00
Paul Bakker
eaf90d9a9c
- Removed unused but initialized variables
2011-07-13 14:21:52 +00:00
Paul Bakker
36f1b197ca
- Added test for PKCS#8 wrapped private and public keys
2011-07-13 11:32:29 +00:00
Paul Bakker
ed56b224de
- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )
2011-07-13 11:26:43 +00:00
Paul Bakker
a585beb87e
- Introduced windows DLL build and SYS_LDFLAGS
2011-06-21 08:59:44 +00:00
Paul Bakker
c65ab340a7
- Fixed error code
2011-06-09 15:44:37 +00:00
Paul Bakker
343a870daa
- Expanded generic cipher layer with support for CTR and CFB128 modes of operation.
2011-06-09 14:27:58 +00:00
Paul Bakker
1ef71dffc7
- Updated unsignedness in some missed cases
2011-06-09 14:14:58 +00:00
Paul Bakker
cd43a0beec
- Adjusted to use proper size_t arguments
2011-06-09 13:55:44 +00:00
Paul Bakker
828acb2234
- Updated for release 0.99-pre5
2011-05-27 09:25:42 +00:00
Paul Bakker
d7d8dbe3bf
- Fixed two typos
2011-05-26 15:29:38 +00:00
Paul Bakker
c3f5656ff6
- Fixed dependency of MD4 and MD2 of POLARSSL_FS_IO
2011-05-26 14:38:05 +00:00
Paul Bakker
5690efccc4
- Fixed a whole bunch of dependencies on defines between files, examples and tests
2011-05-26 13:16:06 +00:00
Paul Bakker
c8cad6af29
- Upgraded to version 1.6.1 of FCTX
2011-05-25 11:35:09 +00:00
Paul Bakker
02722ea867
- Added missing semicolon
2011-05-25 11:34:44 +00:00
Paul Bakker
2f5947e1f6
- Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter functions.
2011-05-18 15:47:11 +00:00
Paul Bakker
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
6c591fab72
- mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases.
2011-05-05 11:49:20 +00:00
Paul Bakker
335db3f121
- Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO
2011-04-25 15:28:35 +00:00
Paul Bakker
f4a3f301fd
- Updated for migration to size_t
2011-04-24 15:53:29 +00:00
Paul Bakker
a755ca1bbe
- Renamed t_s_int, t_int and t_dbl to respectively t_sint, t_uint and t_udbl for clarity
2011-04-24 09:11:17 +00:00
Paul Bakker
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
Paul Bakker
1be81a4e5f
- Removed test for MD2 certificate as OpenSSL does not support it anymore
2011-04-23 14:46:28 +00:00
Paul Bakker
b6ecaf5276
- Added additional (configurable) cipher block modes. AES-CTR, Camellia-CTR, XTEA-CBC
2011-04-19 14:29:23 +00:00
Paul Bakker
3efa575ff2
- Ready for release 0.99-pre4
2011-04-01 12:23:26 +00:00
Paul Bakker
579923c51b
- The config header file is now always included in all tests
2011-03-26 13:39:34 +00:00
Paul Bakker
be4e7dca08
- Debug print of MPI now removes leading zero octets and displays actual bit size of the value
2011-03-14 20:41:31 +00:00
Paul Bakker
b3dcbc18f6
- Made function resilient to endianness differences.
2011-03-13 16:57:25 +00:00
Paul Bakker
4cce2bbd5a
- Renamed rnd_info structure to correct rnd_buf_info structure
2011-03-13 16:56:35 +00:00
Paul Bakker
4fa1a76c92
- Added dependency on helpers.function
2011-03-13 16:56:11 +00:00
Paul Bakker
997bbd10d8
- Removed dependency of tests on rand()
...
- Added pseudo-random helper function
2011-03-13 15:45:42 +00:00
Paul Bakker
9dcc32236b
- Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21)
2011-03-08 14:16:06 +00:00
Paul Bakker
345a6fee91
- Replaced function that fixes man-in-the-middle attack
...
- Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
- Released version 0.99-pre3
2011-02-28 21:20:02 +00:00
Paul Bakker
1946e42dd4
- Made ready for 0.99-pre2 release
2011-02-25 09:39:39 +00:00
Paul Bakker
c43481aa82
- Release memory used
2011-02-20 16:34:26 +00:00
Paul Bakker
2544a04918
- Replaced with current value of the certificate after certificate replacement
2011-02-20 13:52:44 +00:00
Paul Bakker
400ff6f0fd
- Corrected parsing of UTCTime dates before 1990 and after 1950
...
- Support more exotic OID's when parsing certificates
- Support more exotic name representations when parsing certificates
- Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5
- Parsing of PEM files moved to separate module (Fixes ticket #13 ). Also possible to remove PEM support for systems only using DER encoding
...
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5 )
- Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
896b3be1d1
- Added proper dependencies
2011-02-06 13:12:25 +00:00
Paul Bakker
46eb13828e
- Makefiles now respect external CFLAGS and LDFLAGS. Closes ticket #2
2011-01-30 17:10:13 +00:00
Paul Bakker
9fc4659b30
- Preparing for Release of 0.99 prerelease 1
2011-01-30 16:59:02 +00:00
Paul Bakker
bbf2f63e92
- Added missing dependency on POLARSSL_DEBUG_C
2011-01-21 10:51:24 +00:00
Paul Bakker
562535d11b
- Split current md_starts() and md_hmac_starts() functionality into separate md_init_ctx() for allocating the context and the existing starts() functions to initialize the message digest for use.
2011-01-20 16:42:01 +00:00
Paul Bakker
5a62408629
- Fixed compiler warnings
2011-01-18 16:31:52 +00:00
Paul Bakker
e9426948fa
- Added extra compiler warnings by default
2011-01-18 16:28:42 +00:00
Paul Bakker
b06819bb5d
- Adapted CMake files for the PKCS#11 support
2011-01-18 16:18:38 +00:00
Paul Bakker
43b7e35b25
- Support for PKCS#11 through the use of the pkcs11-helper library
2011-01-18 15:27:19 +00:00
Paul Bakker
76fd75a3de
- Improved certificate validation and validation against the available CRLs
2011-01-16 21:12:10 +00:00
Paul Bakker
1f87fb6896
- Support for DES weak keys and parity bits added
2011-01-15 17:32:24 +00:00
Paul Bakker
f92d7a8c81
- Fixed faulty dependency in test
2011-01-15 17:05:17 +00:00
Paul Bakker
b63b0afc05
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
Paul Bakker
8123e9d8f1
- Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 15:37:30 +00:00
Paul Bakker
1737385e04
- Added generic message digest wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 14:20:01 +00:00
Paul Bakker
7c8fc71aea
- Updated compile-time and run-time version number and test
2010-08-16 12:41:27 +00:00
Paul Bakker
a802e1ac10
- Updated to new rsa_init, rsa_gen_key prototypes
2010-08-16 11:56:45 +00:00
Paul Bakker
ebcef6d4e8
- Updated test to conform to new prototype of rsa_init, rsa_pkcs1_encrypt and rsa_gen_key
2010-08-16 11:10:49 +00:00
Paul Bakker
f0ba6a479a
- Removed unused variable
2010-07-18 19:47:37 +00:00
Paul Bakker
a665685abf
- Added rsa random deadlock test
2010-07-18 19:47:14 +00:00
Paul Bakker
545570e208
- Added initialization for RSA where needed
2010-07-18 09:00:25 +00:00
Paul Bakker
4c14a258fe
- Fixed out of source build for tests with CMake
2010-06-18 22:54:05 +00:00
Paul Bakker
3ac1b2d952
- Added runtime and compiletime version information
2010-06-18 22:47:29 +00:00
Paul Bakker
baad6504d4
- Changed ARC4 to use seperate input/output buffer
2010-03-21 15:42:15 +00:00
Paul Bakker
f3ccc68100
- Fixed cipher interface for encrypt/decrypt functions
2010-03-18 21:21:02 +00:00
Paul Bakker
ff60ee6c2a
- Added const-correctness to main codebase
2010-03-16 21:09:09 +00:00
Paul Bakker
9120018f3d
- Added support for GeneralizedTime in X509 certificates
2010-02-18 21:26:15 +00:00
Paul Bakker
7d7f4f4ad4
- Added test_suite_debug to the Makefile
2010-02-18 18:26:04 +00:00
Paul Bakker
1f76115340
- Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request()
2010-02-18 18:16:31 +00:00
Paul Bakker
c847f070e5
- Added extra test cases
2010-01-18 21:26:30 +00:00
Paul Bakker
c1f3caacf2
- Added config.h to requirements for testing
2009-10-04 15:25:48 +00:00
Paul Bakker
76791f7c32
- Rewrote sign and verify tests to handle missing algorithm definitions
2009-10-03 20:02:00 +00:00
Paul Bakker
46b8071641
- Added 'depends_on' for tests dependent on specific hash algorithms
2009-10-03 20:01:39 +00:00
Paul Bakker
ccff1671ae
cat ../svn-commit.2.tmp
2009-10-03 19:57:10 +00:00
Paul Bakker
d947d765e0
- Better implemented 'make check' in normal Makefile
2009-07-28 20:16:47 +00:00
Paul Bakker
9794cb4f03
- Addec 'make check' to the standard Makefile
2009-07-28 18:55:00 +00:00
Paul Bakker
c6ce838d8f
- Better handling of extension parsing
2009-07-27 21:34:45 +00:00
Paul Bakker
2b222c830b
- Changed interface for AES and Camellia setkey functions to indicate invalid key lengths.
2009-07-27 21:03:45 +00:00
Paul Bakker
33768bf19b
- Created better DHM tests
2009-07-27 20:37:44 +00:00
Paul Bakker
e4ff413890
- Added extra coverage tests
2009-07-27 20:22:10 +00:00
Paul Bakker
345fb49cb7
- Added extra coverage and regression tests
2009-07-20 21:26:07 +00:00
Paul Bakker
6b0fa4f33b
- Added extra regression and coverage tests for ASN parsing of CRL and Key data
2009-07-20 20:35:41 +00:00
Paul Bakker
38e2b482ff
- Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE.
2009-07-19 20:41:06 +00:00
Paul Bakker
fc22c441bc
- Renamed RSA_RAW to SIG_RSA_RAW for consistency in the code.
2009-07-19 20:36:27 +00:00
Paul Bakker
c26a189189
- Added extra X509 regression and coverage tests
2009-07-19 20:30:14 +00:00
Paul Bakker
b2c38f54b4
- Added a lot of ASN1 Certificate parsing tests
2009-07-19 19:36:15 +00:00
Paul Bakker
94101362e8
- Added test for larger that 64 byte hmac-md2 key
2009-07-19 19:35:51 +00:00
Paul Bakker
821fb08b53
- Added extra tests (result of coverage)
2009-07-12 13:26:42 +00:00
Paul Bakker
4d6b31a999
- Added extra certificates and tests
2009-07-12 11:11:06 +00:00
Paul Bakker
ba48cb2fee
- Added and modified tests (result from coverage)
2009-07-12 11:01:32 +00:00
Paul Bakker
71d59fb4b4
- Added extra tests (result from coverage)
2009-07-12 11:00:55 +00:00
Paul Bakker
9863ca5001
- Added non-OpenSSL HMAC-MD2 hashes. They seem to be correct and OpenSSL wrong
2009-07-11 20:42:12 +00:00
Paul Bakker
0049c2fd19
- Added Makefile for tests
2009-07-11 19:15:43 +00:00
Paul Bakker
69998dd2c8
- Made code compliant with ISO99 (no-declaration-after-statement)
2009-07-11 19:15:20 +00:00
Paul Bakker
5946fd9124
- Added further coverage tests for Base64
2009-07-11 15:29:30 +00:00
Paul Bakker
37940d9ff6
- Added test coverage for X509parse
...
- Fixed segfault in rsa_check_privkey() and rsa_check_pubkey() and added test
2009-07-10 22:38:58 +00:00
Paul Bakker
7d8a100783
- Added handling of escaped colon's in input
2009-07-10 22:36:06 +00:00
Paul Bakker
5c60de2beb
- Added preliminary test cases for DHM
2009-07-08 19:47:36 +00:00
Paul Bakker
f725a88e54
- Added test suite for XTEA
2009-07-08 06:43:10 +00:00
Paul Bakker
42a29bf7bf
- Added test suite for RSA and PKCS#1
2009-07-07 20:18:41 +00:00
Paul Bakker
e896feafbe
- Added additional cases for MPI, MDx
...
- Added test case set for Camellia, DES and 3-DES
2009-07-06 06:40:23 +00:00
Paul Bakker
f3eedce885
- Added shax_file tests and data files
...
- Added tests for shax self_test()
2009-07-05 11:30:16 +00:00
Paul Bakker
3d36082a8d
- Added test for self_test()
2009-07-05 11:29:38 +00:00
Paul Bakker
367dae44b2
- Added CMake makefiles as alternative to regular Makefiles.
...
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and HMAC-SHA-family.
2009-06-28 21:50:27 +00:00