Paul Bakker
646f65c9bd
- Fixed faulty test server key
2011-03-02 14:47:44 +00:00
Paul Bakker
345a6fee91
- Replaced function that fixes man-in-the-middle attack
...
- Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
- Released version 0.99-pre3
2011-02-28 21:20:02 +00:00
Paul Bakker
5a1494fb30
- Added pem to library
2011-02-25 09:48:49 +00:00
Paul Bakker
1946e42dd4
- Made ready for 0.99-pre2 release
2011-02-25 09:39:39 +00:00
Paul Bakker
c47840efd5
- Updated sanity checks
2011-02-20 16:37:30 +00:00
Paul Bakker
e2a39cc0fa
- Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12 )
2011-02-20 13:49:27 +00:00
Paul Bakker
9e7606fcd8
- Updated certificates for new test versions
2011-02-20 13:34:20 +00:00
Paul Bakker
400ff6f0fd
- Corrected parsing of UTCTime dates before 1990 and after 1950
...
- Support more exotic OID's when parsing certificates
- Support more exotic name representations when parsing certificates
- Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5
- Parsing of PEM files moved to separate module (Fixes ticket #13 ). Also possible to remove PEM support for systems only using DER encoding
...
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5 )
- Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
46eb13828e
- Makefiles now respect external CFLAGS and LDFLAGS. Closes ticket #2
2011-01-30 17:10:13 +00:00
Paul Bakker
cdf07e9979
- Information about missing or non-verified client certificate is not provided as well.
2011-01-30 17:05:13 +00:00
Paul Bakker
9fc4659b30
- Preparing for Release of 0.99 prerelease 1
2011-01-30 16:59:02 +00:00
Paul Bakker
e3166ce040
- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
...
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
dbee2cad7d
- Removed application code from library source file
2011-01-27 16:38:52 +00:00
Paul Bakker
f3b86c1e62
- Updated Doxygen documentation generation and documentation on small parts
2011-01-27 15:24:17 +00:00
Paul Bakker
562535d11b
- Split current md_starts() and md_hmac_starts() functionality into separate md_init_ctx() for allocating the context and the existing starts() functions to initialize the message digest for use.
2011-01-20 16:42:01 +00:00
Paul Bakker
a885d6835f
- Require different input and output buffer in cipher_update()
...
- Fixed style typos
2011-01-20 16:35:05 +00:00
Paul Bakker
e9426948fa
- Added extra compiler warnings by default
2011-01-18 16:28:42 +00:00
Paul Bakker
b06819bb5d
- Adapted CMake files for the PKCS#11 support
2011-01-18 16:18:38 +00:00
Paul Bakker
d61e7d98cb
- Cleaned up warning-generating code
2011-01-18 16:17:47 +00:00
Paul Bakker
43b7e35b25
- Support for PKCS#11 through the use of the pkcs11-helper library
2011-01-18 15:27:19 +00:00
Paul Bakker
0f5f72e949
- Fixed doxygen syntax to standard '\' instead of '@'
2011-01-18 14:58:55 +00:00
Paul Bakker
3cccddb238
- Fixed identification of non-critical CA certificates
2011-01-16 21:46:31 +00:00
Paul Bakker
b619499eb3
- x509parse_time_expired() checks time now in addition to the existing date check
2011-01-16 21:40:22 +00:00
Paul Bakker
a056efc8f9
- Fixed serial length check
2011-01-16 21:38:35 +00:00
Paul Bakker
dd47699ba5
- Moved storing of a printable serial into a separate function
2011-01-16 21:34:59 +00:00
Paul Bakker
72f6266f02
- Improved information provided about current Hashing, Cipher and Suite capabilities
2011-01-16 21:27:44 +00:00
Paul Bakker
76fd75a3de
- Improved certificate validation and validation against the available CRLs
2011-01-16 21:12:10 +00:00
Paul Bakker
43ca69c38a
- Added function for stringified SSL/TLS version
2011-01-15 17:35:19 +00:00
Paul Bakker
1f87fb6896
- Support for DES weak keys and parity bits added
2011-01-15 17:32:24 +00:00
Paul Bakker
74111d30b7
- Improved X509 certificate parsing to include extended certificate fields, such as Key Usage
2011-01-15 16:57:55 +00:00
Paul Bakker
b63b0afc05
- Added verification callback in certificate verification chain in order to allow external blacklisting
2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751
- Added reading of DHM context from memory and file
2011-01-06 15:48:19 +00:00
Paul Bakker
8123e9d8f1
- Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 15:37:30 +00:00
Paul Bakker
6d46812123
- Fixed typo
2011-01-06 15:35:45 +00:00
Paul Bakker
1737385e04
- Added generic message digest wrapper for integration with OpenVPN (donated by Fox-IT)
2011-01-06 14:20:01 +00:00
Paul Bakker
b94081bfc1
- Make A only smaller if it is larger than |X| - 1
2011-01-05 15:53:06 +00:00
Paul Bakker
9d3a7e4188
- Added CMake option USE_SHARED_POLARSSL_LIBRARY to allow for building of shared PolarSSL library
2011-01-05 15:24:43 +00:00
Paul Bakker
547f73d66f
- Added install targets to the CMake files
2011-01-05 15:07:54 +00:00
Paul Bakker
21eb2802fe
- Changed origins of random function and pointer in rsa_pkcs1_encrypt, rsa_init, rsa_gen_key.
...
Moved to parameters of function instead of context pointers as within ssl_cli, context pointer cannot be set easily.
2010-08-16 11:10:02 +00:00
Paul Bakker
61c324bbdd
- Enabled TLSv1.1 support in server as well
2010-07-29 21:09:03 +00:00
Paul Bakker
2e11f7d966
- Added support for TLS v1.1
...
- Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Paul Bakker
b96f154e51
- Fixed copyright message
2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc
- Updated Copyright to correct entity
2010-07-18 10:13:04 +00:00
Paul Bakker
ff7fe670bb
- Minor DHM code cleanup/comments
2010-07-18 09:45:05 +00:00
Paul Bakker
545570e208
- Added initialization for RSA where needed
2010-07-18 09:00:25 +00:00
Paul Bakker
b572adf5e6
- Removed dependency on rand() in rsa_pkcs1_encrypt(). Now using random fuction provided to context
...
- Expanded ssl_client2 arguments for more flexibility
- rsa_check_private() now supports PKCS1v2 keys as well
- Fixed deadlock in rsa_pkcs1_encrypt() on failing random generator
2010-07-18 08:29:32 +00:00
Paul Bakker
08f3c30547
- Enlarged buffer to allow better debugging.
2010-07-08 06:54:25 +00:00
Paul Bakker
3ac1b2d952
- Added runtime and compiletime version information
2010-06-18 22:47:29 +00:00
Paul Bakker
77a43580da
- Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
2010-06-15 21:32:46 +00:00
Paul Bakker
699fbbcf29
- Added missing const fixes
2010-03-24 07:15:41 +00:00
Paul Bakker
57b7914445
- String peer_cn in ssl context made const as well.
2010-03-24 06:51:15 +00:00
Paul Bakker
ad7eca201d
- Reverted Makefile (Unmerged CMake fault)
2010-03-24 06:46:47 +00:00
Paul Bakker
2908713af1
- Corrected behaviour
2010-03-21 21:03:34 +00:00
Paul Bakker
fc8c4360b8
- Updated copyright line to 2010
2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194
- Removed copyright line for Christophe Devine for clarity
2010-03-21 17:30:05 +00:00
Paul Bakker
7d3b661bfe
- Added reset functionality for HMAC context. Speed-up for some use-cases.
2010-03-21 16:23:13 +00:00
Paul Bakker
baad6504d4
- Changed ARC4 to use seperate input/output buffer
2010-03-21 15:42:15 +00:00
Paul Bakker
f3ccc68100
- Fixed cipher interface for encrypt/decrypt functions
2010-03-18 21:21:02 +00:00
Paul Bakker
27d661657b
- Added x509_get_sig_alg() to allow easy future X509 signature algorithm determination expansion
2010-03-17 06:56:01 +00:00
Paul Bakker
41d13f4af8
- Found algorithmic bug in mpi_is_prime()
2010-03-16 21:26:36 +00:00
Paul Bakker
4ed999c4b2
- Added fixes for compiler warnings on a Mac
2010-03-16 21:16:16 +00:00
Paul Bakker
ff60ee6c2a
- Added const-correctness to main codebase
2010-03-16 21:09:09 +00:00
Paul Bakker
9120018f3d
- Added support for GeneralizedTime in X509 certificates
2010-02-18 21:26:15 +00:00
Paul Bakker
1f76115340
- Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request()
2010-02-18 18:16:31 +00:00
Paul Bakker
fe1aea7877
- Fixed typo in MD4 define
2009-10-03 20:09:14 +00:00
Paul Bakker
de4d2eae95
- Added handling of missing POLARSSL_MD5_C define and POLARSSL_SHA1_c define
2009-10-03 19:58:52 +00:00
Paul Bakker
77b385e91a
- Updated copyright messages on all relevant files
2009-07-28 17:23:11 +00:00
Paul Bakker
c6ce838d8f
- Better handling of extension parsing
2009-07-27 21:34:45 +00:00
Paul Bakker
b3bb6c0c66
- Fixed include location of endian.h and name clash on Apples (found by Martin van Hensbergen)
2009-07-27 21:09:47 +00:00
Paul Bakker
2a1fadffd7
- Increased size of generated value X
2009-07-27 21:05:24 +00:00
Paul Bakker
2b222c830b
- Changed interface for AES and Camellia setkey functions to indicate invalid key lengths.
2009-07-27 21:03:45 +00:00
Paul Bakker
9be19375e5
- Fill base data for x509_crl_entry in CRL correctly
...
- Internal structure of sequences is not optional anymore (as per RFC)
- nextUpdate handles optionality correct if no revokedCertificates are present.
- x509parse_crl_info handles the case of no entries correctly
2009-07-27 20:21:53 +00:00
Paul Bakker
c2547b0034
- Surpress warning of unused 'mode' parameter in Camellia
2009-07-20 20:40:52 +00:00
Paul Bakker
635f4b4cf9
- Updated error check on optional nextUpdate in CRL
2009-07-20 20:34:41 +00:00
Paul Bakker
854963cee3
- Fixed include location of endian.h on FreeBSD (found by Gabriel)
2009-07-19 20:50:11 +00:00
Paul Bakker
38e2b482ff
- Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE.
2009-07-19 20:41:06 +00:00
Paul Bakker
fc22c441bc
- Renamed RSA_RAW to SIG_RSA_RAW for consistency in the code.
2009-07-19 20:36:27 +00:00
Paul Bakker
1e27bb24bc
- Added newline at end of CRL info
2009-07-19 20:25:25 +00:00
Paul Bakker
2fd71f0757
- Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared!
2009-07-11 20:40:58 +00:00
Paul Bakker
396c52f711
- Updated and cleaned CMakeList
2009-07-11 19:54:40 +00:00
Paul Bakker
37940d9ff6
- Added test coverage for X509parse
...
- Fixed segfault in rsa_check_privkey() and rsa_check_pubkey() and added test
2009-07-10 22:38:58 +00:00
Paul Bakker
1973e4c582
- Fixed selftest of X509parse code
2009-07-10 22:32:40 +00:00
Paul Bakker
367dae44b2
- Added CMake makefiles as alternative to regular Makefiles.
...
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and HMAC-SHA-family.
2009-06-28 21:50:27 +00:00
Paul Bakker
48eab260e9
- Corrected is_prime() results for 0, 1 and 2 (found by code coverage tests)
2009-06-25 21:25:49 +00:00
Paul Bakker
ce40a6d21d
- Fixed incorrect handling of negative first input value in mpi_mod_mpi() and mpi_mod_int(). Resulting change also affects mpi_write_string() (found by code coverage tests).
2009-06-23 19:46:08 +00:00
Paul Bakker
1ef7a53fa2
- Fixed incorrect handling of negative first input value in mpi_sub_abs() (found by code coverage tests).
2009-06-20 10:50:55 +00:00
Paul Bakker
f7ca7b99dd
- Fixed incorrect handling of one single negative input value in mpi_add_abs() (found by code coverage tests).
2009-06-20 10:31:06 +00:00
Paul Bakker
05feca6f7c
- Fixed incorrect handling of negative strings in mpi_read_string() (found by code coverage tests).
2009-06-20 08:22:43 +00:00
Paul Bakker
cde51572df
- Fixed missing support for SHA2 in rsa_pkcs1_sign()
2009-05-17 10:11:56 +00:00
Paul Bakker
c81f6c3f06
- Made Camellia use uint32_t for 64-bit compatibility
2009-05-03 13:09:15 +00:00
Paul Bakker
0fdf3cacf2
- Modified XTEA to use uint32_t instead of unsigned long
2009-05-03 12:54:07 +00:00
Paul Bakker
40ea7de46d
- Added CRL revocation support to x509parse_verify()
...
- Fixed an off-by-one allocation in ssl_set_hostname()
- Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker
7d06ad2b52
- Fixed formatting
2009-05-02 15:53:56 +00:00
Paul Bakker
d98030e7d6
- Added prelimenary CRL parsing and info support
2009-05-02 15:13:40 +00:00
Paul Bakker
34a9056f39
- POLARSSL_HAVE_ASM also used in padlock and timing code.
2009-04-19 21:17:09 +00:00
Paul Bakker
1d4f30ca4d
- Made net_htons() endian-clean for big endian.
2009-04-19 18:55:16 +00:00
Paul Bakker
2b245ebd9f
- Moved file loading to load_file
2009-04-19 18:44:26 +00:00
Paul Bakker
7c6d4a4e6b
- Fixed new logic on certificate chains in x509parse_verify()
2009-03-28 20:35:47 +00:00
Paul Bakker
e9581d66b0
- Fixed logic error on end of 'full' chain
2009-03-28 20:29:25 +00:00
Paul Bakker
320a4b59a8
- Added input handling for x509parse_crt()
...
- Prevented memory leak by only adding new certificate if needed in x509parse_crt()
- Add certificate before parsing if chain is 'full' in x509parse_crt()
2009-03-28 18:52:39 +00:00
Paul Bakker
ef75f25be7
- Proper sequence of ciphersuites
2009-03-28 18:43:23 +00:00
Paul Bakker
026c03b7f4
- Made changes for better compatibility with old-style C compilers
2009-03-28 17:53:03 +00:00
Paul Bakker
70b3eed2aa
- Moved mpi_gcd() outside of the POLARSSL_GENPRIME define. Is needed in rsa.c for normal use.
2009-03-14 18:01:25 +00:00
Paul Bakker
8cda68bcdc
- Updated certificates to PolarSSL certificates
2009-02-10 22:19:29 +00:00
Paul Bakker
4593aeadaf
- Added support for RFC4055 SHA2 and SHA4 signature algorithms for
...
use with PKCS#1 v1.5 signing and verification.
- Added extra certificates to test-ca and test code to further test
functionality of SHA2 and SHA4 signing and verification.
- Updated other program files accordingly
2009-02-09 22:32:35 +00:00
Paul Bakker
3681b118ec
- Enlarged debug buffer to facilitate long certificate values and filenames
2009-02-07 17:14:21 +00:00
Paul Bakker
2da561c2a1
- Moved debug message in ssl_free() before clearing of ssl context
2009-02-05 18:00:28 +00:00
Paul Bakker
4e0d7ca233
- Fixed a bug in mpi_gcd() that prevented correct funtioning when both input numbers are even.
2009-01-29 22:24:33 +00:00
Paul Bakker
785a9eeece
- Added email address to header license information
2009-01-25 14:15:10 +00:00
Paul Bakker
864801ef41
- Added license replacement script
2009-01-25 11:59:46 +00:00
Paul Bakker
fa049dba45
- Added POLARSSL_CAMELLIA_SMALL_MEMORY define for SBOX'es
2009-01-12 22:12:03 +00:00
Paul Bakker
060c56871c
- Fixed possible heap overflow in pkcs1_decrypt on data larger than output
...
buffer after padding. For instance the premaster decryption in
ssl_parse_client_key_exchange() in ssl_serv.c (Thanks to Christophe
Devine)
2009-01-12 21:48:39 +00:00
Paul Bakker
c32c6b56ca
- Minimally optimized camellia_feistel()
...
- Removed debug code
2009-01-11 21:36:43 +00:00
Paul Bakker
b5ef0bada4
- Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL
2009-01-11 20:25:36 +00:00
Paul Bakker
38119b18d6
- Added first version of Camellia
2009-01-10 23:31:23 +00:00
Paul Bakker
7a7c78fd02
- Added XTEA Algorithm (Not used in SSL)
2009-01-04 18:15:48 +00:00
Paul Bakker
e0ccd0a7c3
- Updated Copyright notices
2009-01-04 16:27:10 +00:00
Paul Bakker
40e46940df
- First replacement of xyssl by polarssl where needed
2009-01-03 21:51:57 +00:00
Paul Bakker
5121ce5bdb
- Renamed include directory to polarssl
2009-01-03 21:22:43 +00:00