Commit graph

2057 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
b095a7bf29 Offer both RSA and ECDSA by default in ssl_server2 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Paul Bakker
15b9b3a7e0 Key generation tool 2013-09-23 13:25:44 +02:00
Manuel Pégourié-Gonnard
abd6e02b7b Rm _CRT_SECURE_NO_DEPRECATE for programs
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
3bd2aae5a5 Add forgotten initializations 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
7831b0cb3c A few more issues with small configurations 2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard
a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
92e5b59355 Fix some dependencies/warnings in programs 2013-09-20 10:58:58 +02:00
Manuel Pégourié-Gonnard
da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
803bb312a3 Remove ecp-bench (now in general benchmark) 2013-09-18 15:37:43 +02:00
Paul Bakker
940f9ce515 Added pk_decrypt, pk_encrypt, pk_sign, pk_verify example applications 2013-09-18 15:34:57 +02:00
Paul Bakker
2e24ca74b0 Updated key_app.c and key_app_writer.c for EC key printing 2013-09-18 15:25:16 +02:00
Manuel Pégourié-Gonnard
cc34f95b43 Include ECDSA and ECDH in benchmark 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
ed7cbe92d5 Allow selection of what to benchmark 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
8271f2ffb5 Shorten benchmark source using macros and loops 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
1b57878e4a Add missing VS project files, generated by script 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
68821da01e Fix clang warnings in applications
Some fd would be used uninitialized if we goto exit early.
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
4cf0686d6d Remove spurious '+ 3' in ecdsa_write_signature() 2013-09-18 14:34:33 +02:00
Paul Bakker
c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
7fc7fa630f cert_write application also works without POLARSSL_X509_CSR_PARSE_C 2013-09-17 14:44:00 +02:00
Paul Bakker
36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker
30520d1776 Moved rsa_sign_pss / rsa_verify_pss to use PK for key reading 2013-09-17 11:39:31 +02:00
Paul Bakker
1525495330 Key app updated to support pk_context / ECP keypairs 2013-09-17 11:24:56 +02:00
Paul Bakker
7504d7f806 Fixed X509 define in selftest.c 2013-09-16 22:56:18 +02:00
Paul Bakker
7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker
ace02867f6 Do not lowercase key values in arguments in cert_app.c 2013-09-16 21:40:34 +02:00
Paul Bakker
40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker
9a97c5d894 Fixed warnings in case application dependencies are not met 2013-09-15 17:07:33 +02:00
Paul Bakker
c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Paul Bakker
9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
26b4d45f49 Fix key_app_writer 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Paul Bakker
8f0423afbc Fix for benchmark app after GCM refactoring merge 2013-09-10 14:51:50 +02:00
Paul Bakker
c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker
b2d7f23592 Ability to selfsign certificates added to cert_write app 2013-09-09 16:24:18 +02:00
Paul Bakker
4122f3eacf Removed POLARSSL_ERROR_C define and added as requirement defing for
cert_req and cert_write apps
2013-09-09 16:01:46 +02:00
Paul Bakker
80d44fee2e Moved 'define handling code' to top 2013-09-09 15:59:20 +02:00
Paul Bakker
e2673fb34b cert_write app now parses presented CSR for subject name and key 2013-09-09 15:56:09 +02:00
Paul Bakker
f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker
8693274219 Small typo in usage of cert_req app 2013-09-09 14:09:42 +02:00
Paul Bakker
1014e95775 Use issuer_name from the issuer_certificate in cert_write app 2013-09-09 13:59:42 +02:00
Paul Bakker
52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Manuel Pégourié-Gonnard
e8ea0c0421 Fix exit value on SERVERQUIT 2013-09-08 20:08:24 +02:00
Manuel Pégourié-Gonnard
ce6352a791 Add benchmark for fixed-DHM with blinding 2013-09-07 13:05:52 +02:00
Manuel Pégourié-Gonnard
1a2012459b Fix undetected errors in benchmark
dhm_calc_secret() was exiting early, leading to wrong results
2013-09-07 12:27:35 +02:00
Manuel Pégourié-Gonnard
337b29c334 Test and document EC blinding overhead 2013-09-07 11:52:27 +02:00
Paul Bakker
15162a054a Writing of X509v3 extensions supported
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
cac5f7d737 Update benchmarks for new prototypes 2013-09-04 17:19:18 +02:00
Manuel Pégourié-Gonnard
2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker
577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Paul Bakker
0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker
f3df61ad10 Generalized PEM writing in x509write module for RSA keys as well 2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker
57be6e22cf cert_req now supports key_usage and ns_cert_type command line options 2013-08-26 17:37:18 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker
8adf13bd92 Added pem2der utility application 2013-08-26 10:38:54 +02:00
Paul Bakker
82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
384d4351ce Added cert_req to CMakeLists.txt 2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
7e56de1671 Adapt ssl_cert_test to changes in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
bf3109fd41 Add forgotten ecdsa_free() in ecdsa example 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
e09631b7c4 Create ecp_group_copy() and use it 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
aa431613b3 Add ecdsa example program 2013-08-20 20:08:29 +02:00
Paul Bakker
1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker
a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
cf2e97eae2 ssl_client2: allow reconnecting twice 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aaa1eab55a Add an option to reconnect in ssl_client2
Purpose: test resuming sessions.
2013-08-14 14:08:04 +02:00
Paul Bakker
66c4810ffe Better handling of ciphersuite version range and forced version in
ssl_client2
2013-07-26 14:05:32 +02:00
Paul Bakker
6c85279719 Newline fixes in help text for ssl_client2 / ssl_server2 2013-07-26 14:02:13 +02:00
Paul Bakker
dbd79ca617 ssl_client2 and ssl_server2 now exit with 1 on errors (shell
limitations)
2013-07-24 16:28:35 +02:00
Paul Bakker
8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Paul Bakker
5b55b79021 Better handling of ciphersuite version range and forced version in
ssl_server2
2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard
e048b67d0a Misc minor fixes
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
0c017a55e0 Add max_frag_len option in ssl_server2
Also reformat code and output more information in ssl_client2
2013-07-18 14:07:36 +02:00
Paul Bakker
8e714d7aca Modified LONG_RESPONSE and comments in ssl_server2 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
bd7ce63115 Adapt ssl_server2 to test sending long messages 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
0df6b1f068 ssl_client2: add max_frag_len option 2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
be50680a8c Fix use of x509_cert.rsa in programs 2013-07-17 15:59:43 +02:00
Paul Bakker
82024bf7b9 ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT' 2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker
44618dd798 SSL Test and Benchmark now handle missing POLARSSL_TIMING_C 2013-07-04 11:30:32 +02:00
Paul Bakker
fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
62534dd1d8 programs/util/strerror now handles decimal and hexidecimal input 2013-06-30 12:45:07 +02:00
Paul Bakker
03a8a79516 Programs adapted to use polarssl_strerror() instead of error_strerror() 2013-06-30 12:18:08 +02:00
Paul Bakker
5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker
c1516be99d ssl_server2 and ssl_client2 adapted to support maximum protocol version 2013-06-29 18:35:41 +02:00
Paul Bakker
3c5ef71322 Cleanup up non-prototyped functions (static) and const-correctness in programs 2013-06-25 16:37:45 +02:00
Paul Bakker
ef3f8c747e Fixed const correctness issues in programs and tests
(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
777a5757d6 ca_path and ca_file arguments added to support chain validation in
cert_app
2013-05-21 16:20:04 +02:00
Paul Bakker
bcbe2d8d81 Prettier printing of the lists for longer ciphersuite names 2013-04-19 09:10:20 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
fbb17804d8 Added pre-shared key handling for the server side of SSL / TLS
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
a95919b4c7 Added ECP files to Makefiles as well 2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
b4a310b472 Added a selftest about SPA resistance 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
52a422f6a1 Added ecp-bench specialized benchmark 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e870c0a5d6 Added benchmark for DHM 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c Moved tests from selftest to tests/test_suite_ecp 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae Implemented multiplication 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c Got first tests working, fixed ecp_copy() 2013-01-16 16:31:49 +01:00
Paul Bakker
91ebfb5272 Made auth_mode as an command line option 2012-11-23 14:04:08 +01:00
Paul Bakker
1f9d02dc90 Added more notes / comments on own_cert, trust_ca purposes 2012-11-20 10:30:55 +01:00
Paul Bakker
25338d74ac Added proper gitignores for Linux CMake use 2012-11-18 22:56:39 +01:00
Paul Bakker
90f309ffe7 Added proper gitignores for linux compilation 2012-11-17 00:04:49 +01:00
Paul Bakker
75242c30fb Added checking of CA peer cert to ssl_client1 as sane default 2012-11-17 00:03:46 +01:00
Paul Bakker
580153573b - Do not free uninitialized ssl context 2012-11-14 12:15:41 +00:00
Paul Bakker
645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker
21654f392e - Smaller default values 2012-10-24 14:29:17 +00:00
Paul Bakker
520ea911f6 - Fixed to support 4096 bit DHM params as well 2012-10-24 14:17:01 +00:00
Paul Bakker
f1ab0ec1ff - Changed default compiler flags to include -O2 2012-10-23 12:12:53 +00:00
Paul Bakker
1d56958963 - Updated examples to use appropriate sizes for larger RSA keys (up to 16k) 2012-10-03 20:35:44 +00:00
Paul Bakker
3ad34d4110 - Added key_app_writer to CMakeLists.txt 2012-10-03 20:34:37 +00:00
Paul Bakker
3fad7b3fdd - Changed saved value to RCF 3526 2048 MODP group 2012-10-03 19:50:54 +00:00
Paul Bakker
5da01caa50 - Added warning about example use 2012-10-03 19:48:33 +00:00
Paul Bakker
1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker
5d19f86fdd - Added comment 2012-09-28 07:33:00 +00:00
Paul Bakker
cbbd9998da - SSL/TLS now has default group 2012-09-28 07:32:06 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
819370c7b7 - Removed lowercasing of parameters 2012-09-28 07:04:41 +00:00
Paul Bakker
5ef9db2ae3 - Added rsa_check_privkey() check to rsa_sign 2012-09-27 13:19:22 +00:00
Paul Bakker
db2509c9cd - Added password and password_file options for reading private keys 2012-09-27 12:44:31 +00:00
Paul Bakker
d43241060b - Removed clutter from my_dhm values 2012-09-26 08:29:38 +00:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
4811b56524 - Added util/CMakelists.txt 2012-09-25 11:45:38 +00:00
Paul Bakker
29b64761fd - Added predefined DHM groups from RFC 5114 2012-09-25 09:36:44 +00:00
Paul Bakker
b60b95fd7f - Added first version of ssl_server2 example application 2012-09-25 09:05:17 +00:00
Paul Bakker
0f409a1911 - Added missing subdirectory line for util 2012-09-25 08:19:18 +00:00
Paul Bakker
d0f6fa7bdc - Sending of handshake_failures during renegotiation added
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker
f518b16f97 - Added PKCS#5 PBKDF2 key derivation function 2012-08-23 13:03:18 +00:00
Paul Bakker
835b29e7c3 - Should not be debug_level 5 in repo (reset to 0) 2012-08-23 08:31:59 +00:00
Paul Bakker
3d58fe8af6 - Added Blowfish to benchmarks 2012-07-04 17:15:31 +00:00
Paul Bakker
26c4e3cb0b - Made crypt_and_cipher more robust with other ciphers / hashes 2012-07-04 17:08:33 +00:00
Paul Bakker
a9379c0ed1 - Added base blowfish algorithm 2012-07-04 11:02:11 +00:00
Paul Bakker
92eeea4627 - Modified CMakeLists to support zlib 2012-07-03 15:10:33 +00:00
Paul Bakker
2770fbd651 - Added DEFLATE compression support as per RFC3749 (requires zlib) 2012-07-03 13:30:23 +00:00
Paul Bakker
8d914583f3 - Added X509 CA Path support 2012-06-04 12:46:42 +00:00
Paul Bakker
e6ee41f932 - Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
4248823f43 - Updated to handle x509parse_crtfile() positive return values 2012-05-16 08:21:05 +00:00
Paul Bakker
62f88dc473 Makefile more compatible with WINDOWS environment 2012-05-10 21:26:28 +00:00
Paul Bakker
cd5b529d6d - Added automatic WINDOWS define in Makefile 2012-05-10 20:49:10 +00:00
Paul Bakker
4d2c1243b1 - Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present. 2012-05-10 14:12:46 +00:00
Paul Bakker
01cc394848 - Added commandline error code convertor (util/strerror) 2012-05-08 08:36:15 +00:00
Paul Bakker
88f17b8549 - Fixed for new DHM handling (TLS 1.2) 2012-04-26 18:52:13 +00:00
Paul Bakker
ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker
0b22e3e989 - Print return codes properly 2012-04-18 14:23:29 +00:00
Paul Bakker
6f3578cfc8 - Report proper error number 2012-04-16 06:46:01 +00:00
Paul Bakker
10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker
570267f01a - print error string in useful format 2012-04-10 08:22:46 +00:00
Paul Bakker
c7ffd36a97 - Added automatic debug flags to CFLAGS if DEBUG is set in shell 2012-04-05 12:08:29 +00:00
Paul Bakker
b78c74551f - Use standard IV of 12 2012-03-20 15:05:59 +00:00
Paul Bakker
89e80c9a43 - Added base Galois/Counter mode (GCM) for AES 2012-03-20 13:50:09 +00:00
Paul Bakker
12f5dbb8b4 - Fixed MD type to SHA1 2012-03-05 13:37:13 +00:00
Paul Bakker
92101f2d02 - Keep requests for future use 2012-02-16 14:09:31 +00:00
Paul Bakker
89f3fc5bf1 - Removed superfluous debugging info 2012-02-16 13:36:38 +00:00
Paul Bakker
bdb912db69 - Added preliminary ASN.1 buffer writing support
- Added preliminary X509 Certificate Request writing support
 - Added key_app_writer example application
 - Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
57b12982b3 - Multi-domain certificates support wildcards as well 2012-02-11 17:38:38 +00:00
Paul Bakker
a8cd239d6b - Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00
Paul Bakker
13eb9f01cf - Added error exit code 2012-02-06 15:35:10 +00:00
Paul Bakker
1052784054 - Fixed typo 2012-01-14 18:00:00 +00:00
Paul Bakker
fb3a83f9e3 - Added appropriate error handling to ctr_drbg_init() 2011-12-15 20:05:53 +00:00
Paul Bakker
3f9b650b4b - Fixed renumber error code for POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR 2011-12-15 19:50:22 +00:00
Paul Bakker
b1dee1cfd2 - Changed commands to lowercase where it was not the case 2011-12-11 11:29:51 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
b8ba90b316 - Enlarged default CRL size buffer 2011-12-05 14:34:12 +00:00
Paul Bakker
fc754a9178 - Addedd writing and updating of seedfiles as functions to CTR_DRBG 2011-12-05 13:23:51 +00:00
Paul Bakker
508ad5ab6d - Moved all examples programs to use the new entropy and CTR_DRBG 2011-12-04 17:09:26 +00:00
Paul Bakker
4dc6457274 - Added public key of server1.key 2011-12-04 17:09:08 +00:00
Paul Bakker
310c25e564 - Fixed minor bug by zeroizing result memory 2011-12-04 17:06:56 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
a17bcc3033 - Fixed typo 2011-12-03 21:45:50 +00:00
Paul Bakker
6083fd252d - Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources 2011-12-03 21:45:14 +00:00
Paul Bakker
02faf45d8b - Added random generator benchmarks 2011-11-29 11:23:58 +00:00
Paul Bakker
a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3 - Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator 2011-11-27 14:46:59 +00:00
Paul Bakker
5c356d6f8f - Fixed typo 2011-11-25 13:17:45 +00:00
Paul Bakker
14cb63a40c - cert_app now prints all certificates in the file given, not just the first 2011-11-25 12:44:31 +00:00
Paul Bakker
cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker
61da752077 - Changed read from server loop to read more than a single read. 2011-11-11 10:28:58 +00:00
Paul Bakker
436e4c59c3 - Removed redundant "ok" printing 2011-11-11 10:28:24 +00:00
Paul Bakker
d3b486a743 - Fixed typo in usage 2011-10-12 10:15:05 +00:00
Paul Bakker
b892b1326c - Prevented compiler warning 2011-10-12 09:19:43 +00:00
Paul Bakker
5a8352294b - Added Windows dependent header code 2011-10-12 09:19:31 +00:00
Paul Bakker
d246ed30bd - Fixed rsa_encrypt and rsa_decrypt example programs to use public key for encryption and private key for decryption (Fixes ticket #34) 2011-10-06 13:18:27 +00:00
Paul Bakker
7eb013face - Added ssl_session_reset() to allow re-use of already set non-connection specific context information 2011-10-06 12:37:39 +00:00
Paul Bakker
b81b3abb45 - Added safeguard not to build in WIN32 environment. 2011-08-25 09:47:36 +00:00
Paul Bakker
7bc05ff4a6 - Added rsa_encrypt and rsa_decrypt example programs 2011-08-09 10:30:36 +00:00
Paul Bakker
ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker
a585beb87e - Introduced windows DLL build and SYS_LDFLAGS 2011-06-21 08:59:44 +00:00
Paul Bakker
25b5fe5ac6 - Fixed dual use of n 2011-05-26 14:02:58 +00:00
Paul Bakker
5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker
2c0994e973 - Fixed typedness and size_t printing 2011-05-25 13:51:57 +00:00
Paul Bakker
dcca6b74dc - Removed debug information 2011-05-25 11:16:50 +00:00
Paul Bakker
135b98ef69 - Adapted to compile without POLARSSL_SELF_TEST defined 2011-05-25 11:13:47 +00:00
Paul Bakker
e22d7030c6 - Fixed warnings with cast 2011-05-23 16:02:34 +00:00
Paul Bakker
1496d38028 - Added the ssl_mail_client example application 2011-05-23 12:07:29 +00:00
Paul Bakker
cb79ae0b9b - Fixed description in header 2011-05-20 12:44:16 +00:00
Paul Bakker
896ac22071 - Added ssl_fork_server example program 2011-05-20 12:33:05 +00:00
Paul Bakker
f357131a7b - Gather data until server gives EOF 2011-05-20 12:32:35 +00:00
Paul Bakker
831a755d9e - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
91b4159834 - Added missing rsa_init() statement 2011-05-05 12:01:31 +00:00
Paul Bakker
6c591fab72 - mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases. 2011-05-05 11:49:20 +00:00
Paul Bakker
494c0b8d36 - Changed define from WIN32 to _WIN32 to also support 64-bit windows platforms 2011-04-24 15:30:07 +00:00
Paul Bakker
23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker
af5c85fc10 - Improved portability with Microsoft Visual C 2011-04-18 03:47:52 +00:00
Paul Bakker
1ffc1b9885 - Added rsa_sign_pss and rsa_verify_pss to CMakeLists.txt 2011-03-25 14:26:42 +00:00
Paul Bakker
31acc6b0aa - Fixed uppercase type for gen_random 2011-03-25 14:24:09 +00:00
Paul Bakker
2291f6c19d - Added test application for RSASSA-PSS signing and verification 2011-03-25 14:07:53 +00:00
Paul Bakker
e77db2e119 - Added bugfix info for previous checkin 2011-03-25 14:01:32 +00:00
Paul Bakker
9dcc32236b - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21) 2011-03-08 14:16:06 +00:00
Paul Bakker
5193688682 - Added force_ciphersuite option to ssl_client2 application 2011-02-20 16:05:58 +00:00
Paul Bakker
400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
a9507c063b - Added crl_app program to allow easy reading and printing of X509 CRLs from file 2011-02-12 15:27:28 +00:00
Paul Bakker
f17ed288ad - Fixed reference to generic digest key 2011-02-09 17:10:48 +00:00
Paul Bakker
1a207ec8af - Set sane start values for structures that are closed or freed. 2011-02-06 13:22:40 +00:00
Paul Bakker
6d44032cba - Do not close NULL stream 2011-02-06 12:49:19 +00:00
Paul Bakker
46eb13828e - Makefiles now respect external CFLAGS and LDFLAGS. Closes ticket #2 2011-01-30 17:10:13 +00:00
Paul Bakker
e3166ce040 - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
fc36d16e84 - Added random generation example application 2011-01-27 16:50:02 +00:00
Paul Bakker
fb6c7e2688 - Added generic_sum example application to show use of generic message digest layer. 2011-01-21 10:21:11 +00:00
Paul Bakker
20a7808d13 - Addec crypt_and_hash example program of the generic hash and cipher layers 2011-01-21 09:32:12 +00:00
Paul Bakker
e9426948fa - Added extra compiler warnings by default 2011-01-18 16:28:42 +00:00
Paul Bakker
b06819bb5d - Adapted CMake files for the PKCS#11 support 2011-01-18 16:18:38 +00:00
Paul Bakker
43b7e35b25 - Support for PKCS#11 through the use of the pkcs11-helper library 2011-01-18 15:27:19 +00:00
Paul Bakker
b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker
547f73d66f - Added install targets to the CMake files 2011-01-05 15:07:54 +00:00
Paul Bakker
eaca51d739 - Minor text/debug fixes for release 2010-08-16 12:00:14 +00:00
Paul Bakker
a802e1ac10 - Updated to new rsa_init, rsa_gen_key prototypes 2010-08-16 11:56:45 +00:00
Paul Bakker
b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker
6796839695 2010-07-18 08:28:20 +00:00
Paul Bakker
77a43580da - Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites 2010-06-15 21:32:46 +00:00
Paul Bakker
fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker
baad6504d4 - Changed ARC4 to use seperate input/output buffer 2010-03-21 15:42:15 +00:00
Paul Bakker
4fc45522f1 - Added cert_app application 2010-03-18 20:11:58 +00:00
Paul Bakker
43f7ff6906 - Removed debug print 2010-03-18 20:10:27 +00:00
Paul Bakker
f80d4539d1 - Small fix to initialize value 2010-03-16 21:16:04 +00:00
Paul Bakker
ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker
9caf2d2d38 - Added option parsing for ssl_client2 to select host and port 2010-02-18 19:37:19 +00:00
Paul Bakker
757e2507fd - Fixed port number to ssl_server's 2010-02-18 19:29:00 +00:00
Paul Bakker
361e6382db - Test SSL information 2010-02-18 16:55:49 +00:00
Paul Bakker
1d4da2e123 - Added benchmark of 2048 and 4096 bits RSA 2009-10-25 12:36:53 +00:00
Paul Bakker
77b385e91a - Updated copyright messages on all relevant files 2009-07-28 17:23:11 +00:00
Paul Bakker
5d4a193e77 - Also generate CRL's with all the digests 2009-07-19 20:31:02 +00:00
Paul Bakker
9cdc87c1ad - Longer valid CRL 2009-07-12 11:04:30 +00:00
Paul Bakker
e23166f7e8 - Added generation of all digest certificates from a single key 2009-07-12 11:00:06 +00:00
Paul Bakker
1973e4c582 - Fixed selftest of X509parse code 2009-07-10 22:32:40 +00:00
Paul Bakker
367dae44b2 - Added CMake makefiles as alternative to regular Makefiles.
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and  HMAC-SHA-family.
2009-06-28 21:50:27 +00:00
Paul Bakker
860d36b9d8 - Updated ssl_cert_test to properly parse return values from
x509parse_verify().
2009-05-03 17:29:56 +00:00
Paul Bakker
40ea7de46d - Added CRL revocation support to x509parse_verify()
- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker
d98030e7d6 - Added prelimenary CRL parsing and info support 2009-05-02 15:13:40 +00:00
Paul Bakker
026c03b7f4 - Made changes for better compatibility with old-style C compilers 2009-03-28 17:53:03 +00:00
Paul Bakker
a1d3e5f835 - Add checking of certificate and key match 2009-03-28 17:30:26 +00:00
Paul Bakker
0e6975b7ed - Fixed use of correct ca certificate (test_ca_cert) instead of xyssl_ca_cert 2009-02-10 22:19:10 +00:00
Paul Bakker
c03d9258f6 - Fixed server2 certificate to CN=localhost 2009-02-10 22:17:58 +00:00
Paul Bakker
92f880bf47 - Second server should be called localhost 2009-02-10 22:17:38 +00:00
Paul Bakker
5a0aa77564 - Fixed buffer overrun because of SHA-512 2009-02-09 22:38:52 +00:00
Paul Bakker
3a3c3c2a55 - Added SHA-512 benchmark 2009-02-09 22:33:30 +00:00
Paul Bakker
4593aeadaf - Added support for RFC4055 SHA2 and SHA4 signature algorithms for
use with PKCS#1 v1.5 signing and verification.
 - Added extra certificates to test-ca and test code to further test
   functionality of SHA2 and SHA4 signing and verification.
 - Updated other program files accordingly
2009-02-09 22:32:35 +00:00
Paul Bakker
b29e23c586 - Enhanced generation CA script and config to further automate different actions 2009-02-09 21:06:41 +00:00
Paul Bakker
785a9eeece - Added email address to header license information 2009-01-25 14:15:10 +00:00
Paul Bakker
3375b21081 - Fixed last mistake 2009-01-15 20:46:08 +00:00
Paul Bakker
222aa4bd61 - New PolarSSL test CA, servers and clients 2009-01-14 22:44:12 +00:00
Paul Bakker
b159ed234a - Added test-ca generation script 2009-01-14 22:39:57 +00:00
Paul Bakker
b5ef0bada4 - Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL 2009-01-11 20:25:36 +00:00
Paul Bakker
38119b18d6 - Added first version of Camellia 2009-01-10 23:31:23 +00:00
Paul Bakker
7a7c78fd02 - Added XTEA Algorithm (Not used in SSL) 2009-01-04 18:15:48 +00:00
Paul Bakker
e0ccd0a7c3 - Updated Copyright notices 2009-01-04 16:27:10 +00:00
Paul Bakker
b749d68f9c - Updates to PolarSSL
- Added ignores
2009-01-04 16:08:55 +00:00
Paul Bakker
40e46940df - First replacement of xyssl by polarssl where needed 2009-01-03 21:51:57 +00:00
Paul Bakker
5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00