Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
769075dfb6
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 11:26:46 +01:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
23f3680898
- Added proper support for TLS 1.2 signature_algorithm extension on server
...
side
- Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
5f70b25c9b
- Correctly handle SHA256 ciphersuites in SSLv3
...
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00
Paul Bakker
0a9251870a
- Report unexpected_message if unknown record type is received
2012-04-16 06:46:41 +00:00
Paul Bakker
10cd225962
- Added support for the SHA256 ciphersuites of AES and Camellia
2012-04-12 21:26:34 +00:00
Paul Bakker
1ef83d66dd
- Initial bare version of TLS 1.2
2012-04-11 12:09:53 +00:00
Paul Bakker
f34cf85534
- Fixed too restrictive test
2012-04-10 07:48:40 +00:00
Paul Bakker
452d532955
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
2012-04-05 12:07:34 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
490ecc8c3e
- Added ssl_set_max_version() to set the client's maximum sent version number
2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Paul Bakker
8934a98f82
- Fixed memcpy() that had possible overlapping areas to memmove()
2011-08-05 11:11:53 +00:00
Paul Bakker
39bb418d93
- Made second argument of f_send() prototype and of net_send() const
2011-06-21 07:36:43 +00:00
Paul Bakker
887bd502d2
- Undid fix for ssl_write that introduced a true bug when buffers are running full.
2011-06-08 13:10:54 +00:00
Paul Bakker
831a755d9e
- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
...
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
Paul Bakker
af5c85fc10
- Improved portability with Microsoft Visual C
2011-04-18 03:47:52 +00:00
Paul Bakker
1fd00bfe82
- Fixed bug in ssl_write() when flushing old data (Fixes ticket #18 )
2011-03-14 20:50:15 +00:00
Paul Bakker
cdf07e9979
- Information about missing or non-verified client certificate is not provided as well.
2011-01-30 17:05:13 +00:00
Paul Bakker
e3166ce040
- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
...
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
43b7e35b25
- Support for PKCS#11 through the use of the pkcs11-helper library
2011-01-18 15:27:19 +00:00
Paul Bakker
72f6266f02
- Improved information provided about current Hashing, Cipher and Suite capabilities
2011-01-16 21:27:44 +00:00
Paul Bakker
43ca69c38a
- Added function for stringified SSL/TLS version
2011-01-15 17:35:19 +00:00
Paul Bakker
b63b0afc05
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Paul Bakker
2e11f7d966
- Added support for TLS v1.1
...
- Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Paul Bakker
b96f154e51
- Fixed copyright message
2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc
- Updated Copyright to correct entity
2010-07-18 10:13:04 +00:00
Paul Bakker
77a43580da
- Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
2010-06-15 21:32:46 +00:00
Paul Bakker
57b7914445
- String peer_cn in ssl context made const as well.
2010-03-24 06:51:15 +00:00
Paul Bakker
2908713af1
- Corrected behaviour
2010-03-21 21:03:34 +00:00
Paul Bakker
fc8c4360b8
- Updated copyright line to 2010
2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194
- Removed copyright line for Christophe Devine for clarity
2010-03-21 17:30:05 +00:00
Paul Bakker
baad6504d4
- Changed ARC4 to use seperate input/output buffer
2010-03-21 15:42:15 +00:00
Paul Bakker
ff60ee6c2a
- Added const-correctness to main codebase
2010-03-16 21:09:09 +00:00
Paul Bakker
1f76115340
- Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request()
2010-02-18 18:16:31 +00:00
Paul Bakker
77b385e91a
- Updated copyright messages on all relevant files
2009-07-28 17:23:11 +00:00
Paul Bakker
40ea7de46d
- Added CRL revocation support to x509parse_verify()
...
- Fixed an off-by-one allocation in ssl_set_hostname()
- Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker
ef75f25be7
- Proper sequence of ciphersuites
2009-03-28 18:43:23 +00:00
Paul Bakker
2da561c2a1
- Moved debug message in ssl_free() before clearing of ssl context
2009-02-05 18:00:28 +00:00
Paul Bakker
785a9eeece
- Added email address to header license information
2009-01-25 14:15:10 +00:00
Paul Bakker
b5ef0bada4
- Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL
2009-01-11 20:25:36 +00:00
Paul Bakker
e0ccd0a7c3
- Updated Copyright notices
2009-01-04 16:27:10 +00:00
Paul Bakker
40e46940df
- First replacement of xyssl by polarssl where needed
2009-01-03 21:51:57 +00:00
Paul Bakker
5121ce5bdb
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00