Commit Graph

313 Commits

Author SHA1 Message Date
Paul Bakker
b1dee1cfd2 - Changed commands to lowercase where it was not the case 2011-12-11 11:29:51 +00:00
Paul Bakker
55d3fd9aff - Enlarged maximum size of DHM a client accepts to 512 bytes 2011-12-11 11:13:05 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0 - Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work 2011-12-10 21:42:49 +00:00
Paul Bakker
bd4a9d0cda - Changed entropy accumulator to have per-source thresholds 2011-12-10 17:02:19 +00:00
Paul Bakker
c50132d4fa - Updated version of PolarSSL to 1.1.0 2011-12-05 14:38:36 +00:00
Paul Bakker
9304880e8a - Fixed correct printing of serial number '00' 2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706 - Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs 2011-12-05 14:22:49 +00:00
Paul Bakker
6bcfc67cd2 - Prevented warning from unused parameter data 2011-12-05 13:54:00 +00:00
Paul Bakker
fc754a9178 - Addedd writing and updating of seedfiles as functions to CTR_DRBG 2011-12-05 13:23:51 +00:00
Paul Bakker
1c70d409ad - Added better handling of missing session struct 2011-12-04 22:30:17 +00:00
Paul Bakker
4f229e5d83 - Fixed define for Windows time functions 2011-12-04 22:11:35 +00:00
Paul Bakker
4f5ae803fa - Fixed MS Visual C++ name clash with int64 in sha4.h 2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d - Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources 2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a - Fixed const correctness
- Added ctr_drbg_update for non-fixed data lengths
 - Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912 - Better buffer handling in mpi_read_file() 2011-11-30 16:00:20 +00:00
Paul Bakker
23fd5ea667 - Fixed a potential loop bug 2011-11-29 15:56:12 +00:00
Paul Bakker
2bc7cf16fe - Cleaned up and further documented CTR_DRBG code 2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker
880ac7eb95 - Added handling for CTR_DRBG module 2011-11-27 14:50:49 +00:00
Paul Bakker
0e04d0e9a3 - Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator 2011-11-27 14:46:59 +00:00
Paul Bakker
03c7c25243 - * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets 2011-11-25 12:37:37 +00:00
Paul Bakker
fe3256e54b - Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44) 2011-11-25 12:11:43 +00:00
Paul Bakker
b6d5f08051 - Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off 2011-11-25 11:52:11 +00:00
Paul Bakker
cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker
33008eef64 - Cleaned up define 2011-11-18 12:58:25 +00:00
Paul Bakker
dceecd80f7 - Adapted error generation to include ASN.1 changes and have Windows snprintf macro 2011-11-15 16:38:34 +00:00
Paul Bakker
1fe7d9baf9 - Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41) 2011-11-15 15:26:03 +00:00
Paul Bakker
cebdf17159 - Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) 2011-11-11 15:01:31 +00:00
Paul Bakker
2028156556 - Fixed typos in copied text (Fixed ticket #39) 2011-11-11 10:34:04 +00:00
Paul Bakker
efc302964c - Extracted ASN.1 parsing code from the X.509 parsing code. Added new module. 2011-11-10 14:43:23 +00:00
Paul Bakker
b125ed8fc6 - Fixed typo in doxygen tag 2011-11-10 13:33:51 +00:00
Paul Bakker
ca41010b68 - Expanded clobber list on i386 RDTSC call 2011-10-19 14:27:36 +00:00
Paul Bakker
2a1c5f5382 - Minor code cleanup 2011-10-19 14:15:17 +00:00
Paul Bakker
fae618fa8b - Updated tests to reflect recent changes 2011-10-12 11:53:52 +00:00
Paul Bakker
b5a11ab80b - Added a separate CRL entry extension parsing function 2011-10-12 09:58:41 +00:00
Paul Bakker
fbc09f3cb6 - Added an EXPLICIT tag number parameter to x509_get_ext() 2011-10-12 09:56:41 +00:00
Paul Bakker
3329d1f805 - Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers 2011-10-12 09:55:01 +00:00
Paul Bakker
c4909d95f1 - Inceased maximum size of ASN1 length reads to 32-bits 2011-10-12 09:52:22 +00:00
Paul Bakker
fa1c592860 - Fixed faulty HMAC-MD2 implementation (Fixes ticket #37) 2011-10-06 14:18:49 +00:00
Paul Bakker
490ecc8c3e - Added ssl_set_max_version() to set the client's maximum sent version number 2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face - Added ssl_session_reset() to allow re-use of already set non-connection specific context information 2011-10-06 12:37:39 +00:00
Paul Bakker
adb7ce16c0 - Fixed unconverted t_dbl into t_udbl 2011-08-23 14:55:55 +00:00
Paul Bakker
33aac37d53 - Added correct SONAME to Makefile builds as well 2011-08-13 11:47:41 +00:00
Paul Bakker
8934a98f82 - Fixed memcpy() that had possible overlapping areas to memmove() 2011-08-05 11:11:53 +00:00
Paul Bakker
968bc9831b - Preparations for v1.0.0 release of PolarSSL 2011-07-27 17:03:00 +00:00
Paul Bakker
5c721f98fd - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
9db7742adb - Fixed error file after changed codes 2011-07-13 11:47:32 +00:00
Paul Bakker
ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker
3783d6d812 - Do not build shared version by default 2011-07-13 11:25:36 +00:00
Paul Bakker
b8213a1298 - Minor update in types to prevent compiler warning under VS2010 2011-07-11 08:16:18 +00:00
Paul Bakker
73206954d4 - Made des_key_check_weak() conform to other functions in return values.
- Added documentation for des_key_check_weak() and des_key_check_key_parity()
2011-07-06 14:37:33 +00:00
Paul Bakker
c43e326dca - Generalized CMakefile 2011-07-06 14:36:44 +00:00
Paul Bakker
684ddce18c - Minor fixer to remove compiler warnings for ARMCC 2011-07-01 09:25:54 +00:00
Paul Bakker
1fad5bfb19 - Added define for OpenBSD (sys/endian.h) 2011-07-01 09:07:24 +00:00
Paul Bakker
a585beb87e - Introduced windows DLL build and SYS_LDFLAGS 2011-06-21 08:59:44 +00:00
Paul Bakker
39bb418d93 - Made second argument of f_send() prototype and of net_send() const 2011-06-21 07:36:43 +00:00
Paul Bakker
9c021adeff - Added regular error codes for generic message digest layer 2011-06-09 15:55:11 +00:00
Paul Bakker
ff61a78a27 - Added and updated cipher error codes and documentation 2011-06-09 15:42:02 +00:00
Paul Bakker
343a870daa - Expanded generic cipher layer with support for CTR and CFB128 modes of operation. 2011-06-09 14:27:58 +00:00
Paul Bakker
1ef71dffc7 - Updated unsignedness in some missed cases 2011-06-09 14:14:58 +00:00
Paul Bakker
27fdf46d16 - Removed deprecated casts to int for now unsigned values 2011-06-09 13:55:13 +00:00
Paul Bakker
887bd502d2 - Undid fix for ssl_write that introduced a true bug when buffers are running full. 2011-06-08 13:10:54 +00:00
Paul Bakker
828acb2234 - Updated for release 0.99-pre5 2011-05-27 09:25:42 +00:00
Paul Bakker
5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker
192381aa89 - Made listen backlog number a define 2011-05-20 12:31:31 +00:00
Paul Bakker
2f5947e1f6 - Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter functions. 2011-05-18 15:47:11 +00:00
Paul Bakker
831a755d9e - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
9d781407bc - A error_strerror function() has been added to translate between error codes and their description.
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
6c591fab72 - mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases. 2011-05-05 11:49:20 +00:00
Paul Bakker
f968857a82 - Removed conversions to int when not needed to prevent signed / unsigned situations
- Maximized mpi limb size
2011-05-05 10:00:45 +00:00
Paul Bakker
31cacd7cf8 - Re-organized object files 2011-04-25 15:31:41 +00:00
Paul Bakker
335db3f121 - Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO 2011-04-25 15:28:35 +00:00
Paul Bakker
f4f6968a86 - Improved compile-time compatibility with mingw32 64-bit versions 2011-04-24 16:08:12 +00:00
Paul Bakker
2eee902be3 - Better timer for Windows platforms
- Made alarmed volatile for better Windows compatibility
2011-04-24 15:28:55 +00:00
Paul Bakker
a755ca1bbe - Renamed t_s_int, t_int and t_dbl to respectively t_sint, t_uint and t_udbl for clarity 2011-04-24 09:11:17 +00:00
Paul Bakker
23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker
e91d01e144 - Fixed typo 2011-04-19 15:55:50 +00:00
Paul Bakker
b6ecaf5276 - Added additional (configurable) cipher block modes. AES-CTR, Camellia-CTR, XTEA-CBC 2011-04-19 14:29:23 +00:00
Paul Bakker
af5c85fc10 - Improved portability with Microsoft Visual C 2011-04-18 03:47:52 +00:00
Paul Bakker
a493ad4539 - Dropped designated initializers as they are not supported on Microsoft Visual C 2011-04-18 03:29:41 +00:00
Paul Bakker
eaa89f8366 - Do not depend on dhm code if POLARSSL_DHM_C not defined 2011-04-04 21:36:15 +00:00
Paul Bakker
3efa575ff2 - Ready for release 0.99-pre4 2011-04-01 12:23:26 +00:00
Paul Bakker
99a03afc22 - Fixed possible uninitialized values 2011-04-01 11:39:39 +00:00
Paul Bakker
0216cc1bee - Added flag to disable Chinese Remainder Theorem when using RSA private operation (POLARSSL_RSA_NO_CRT) 2011-03-26 13:40:23 +00:00
Paul Bakker
287781a965 - Added mpi_fill_random() for centralized filling of big numbers with random data (Fixed ticket #10) 2011-03-26 13:18:49 +00:00
Paul Bakker
66b78b2d16 - Added missing rsa_init() call in x509parse_self_test() 2011-03-25 14:22:50 +00:00
Paul Bakker
53019ae6f7 - RSASSA-PSS verification now properly handles salt lengths other than hlen 2011-03-25 13:58:48 +00:00
Paul Bakker
1fd00bfe82 - Fixed bug in ssl_write() when flushing old data (Fixes ticket #18) 2011-03-14 20:50:15 +00:00
Paul Bakker
be4e7dca08 - Debug print of MPI now removes leading zero octets and displays actual bit size of the value 2011-03-14 20:41:31 +00:00
Paul Bakker
9dcc32236b - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21) 2011-03-08 14:16:06 +00:00
Paul Bakker
fea43a2501 - Re-added removed dhm test values 2011-03-08 13:58:16 +00:00
Paul Bakker
646f65c9bd - Fixed faulty test server key 2011-03-02 14:47:44 +00:00
Paul Bakker
345a6fee91 - Replaced function that fixes man-in-the-middle attack
- Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
 - Released version 0.99-pre3
2011-02-28 21:20:02 +00:00
Paul Bakker
5a1494fb30 - Added pem to library 2011-02-25 09:48:49 +00:00
Paul Bakker
1946e42dd4 - Made ready for 0.99-pre2 release 2011-02-25 09:39:39 +00:00
Paul Bakker
c47840efd5 - Updated sanity checks 2011-02-20 16:37:30 +00:00
Paul Bakker
e2a39cc0fa - Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12) 2011-02-20 13:49:27 +00:00
Paul Bakker
9e7606fcd8 - Updated certificates for new test versions 2011-02-20 13:34:20 +00:00
Paul Bakker
400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5 - Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
 - Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
46eb13828e - Makefiles now respect external CFLAGS and LDFLAGS. Closes ticket #2 2011-01-30 17:10:13 +00:00
Paul Bakker
cdf07e9979 - Information about missing or non-verified client certificate is not provided as well. 2011-01-30 17:05:13 +00:00
Paul Bakker
9fc4659b30 - Preparing for Release of 0.99 prerelease 1 2011-01-30 16:59:02 +00:00
Paul Bakker
e3166ce040 - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
dbee2cad7d - Removed application code from library source file 2011-01-27 16:38:52 +00:00
Paul Bakker
f3b86c1e62 - Updated Doxygen documentation generation and documentation on small parts 2011-01-27 15:24:17 +00:00
Paul Bakker
562535d11b - Split current md_starts() and md_hmac_starts() functionality into separate md_init_ctx() for allocating the context and the existing starts() functions to initialize the message digest for use. 2011-01-20 16:42:01 +00:00
Paul Bakker
a885d6835f - Require different input and output buffer in cipher_update()
- Fixed style typos
2011-01-20 16:35:05 +00:00
Paul Bakker
e9426948fa - Added extra compiler warnings by default 2011-01-18 16:28:42 +00:00
Paul Bakker
b06819bb5d - Adapted CMake files for the PKCS#11 support 2011-01-18 16:18:38 +00:00
Paul Bakker
d61e7d98cb - Cleaned up warning-generating code 2011-01-18 16:17:47 +00:00
Paul Bakker
43b7e35b25 - Support for PKCS#11 through the use of the pkcs11-helper library 2011-01-18 15:27:19 +00:00
Paul Bakker
0f5f72e949 - Fixed doxygen syntax to standard '\' instead of '@' 2011-01-18 14:58:55 +00:00
Paul Bakker
3cccddb238 - Fixed identification of non-critical CA certificates 2011-01-16 21:46:31 +00:00
Paul Bakker
b619499eb3 - x509parse_time_expired() checks time now in addition to the existing date check 2011-01-16 21:40:22 +00:00
Paul Bakker
a056efc8f9 - Fixed serial length check 2011-01-16 21:38:35 +00:00
Paul Bakker
dd47699ba5 - Moved storing of a printable serial into a separate function 2011-01-16 21:34:59 +00:00
Paul Bakker
72f6266f02 - Improved information provided about current Hashing, Cipher and Suite capabilities 2011-01-16 21:27:44 +00:00
Paul Bakker
76fd75a3de - Improved certificate validation and validation against the available CRLs 2011-01-16 21:12:10 +00:00
Paul Bakker
43ca69c38a - Added function for stringified SSL/TLS version 2011-01-15 17:35:19 +00:00
Paul Bakker
1f87fb6896 - Support for DES weak keys and parity bits added 2011-01-15 17:32:24 +00:00
Paul Bakker
74111d30b7 - Improved X509 certificate parsing to include extended certificate fields, such as Key Usage 2011-01-15 16:57:55 +00:00
Paul Bakker
b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751 - Added reading of DHM context from memory and file 2011-01-06 15:48:19 +00:00
Paul Bakker
8123e9d8f1 - Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT) 2011-01-06 15:37:30 +00:00
Paul Bakker
6d46812123 - Fixed typo 2011-01-06 15:35:45 +00:00
Paul Bakker
1737385e04 - Added generic message digest wrapper for integration with OpenVPN (donated by Fox-IT) 2011-01-06 14:20:01 +00:00
Paul Bakker
b94081bfc1 - Make A only smaller if it is larger than |X| - 1 2011-01-05 15:53:06 +00:00
Paul Bakker
9d3a7e4188 - Added CMake option USE_SHARED_POLARSSL_LIBRARY to allow for building of shared PolarSSL library 2011-01-05 15:24:43 +00:00
Paul Bakker
547f73d66f - Added install targets to the CMake files 2011-01-05 15:07:54 +00:00
Paul Bakker
21eb2802fe - Changed origins of random function and pointer in rsa_pkcs1_encrypt, rsa_init, rsa_gen_key.
Moved to parameters of function instead of context pointers as within ssl_cli, context pointer cannot be set easily.
2010-08-16 11:10:02 +00:00
Paul Bakker
61c324bbdd - Enabled TLSv1.1 support in server as well 2010-07-29 21:09:03 +00:00
Paul Bakker
2e11f7d966 - Added support for TLS v1.1
- Renamed some SSL defines to prevent future naming confusion
2010-07-25 14:24:53 +00:00
Paul Bakker
b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker
ff7fe670bb - Minor DHM code cleanup/comments 2010-07-18 09:45:05 +00:00
Paul Bakker
545570e208 - Added initialization for RSA where needed 2010-07-18 09:00:25 +00:00
Paul Bakker
b572adf5e6 - Removed dependency on rand() in rsa_pkcs1_encrypt(). Now using random fuction provided to context
- Expanded ssl_client2 arguments for more flexibility
 - rsa_check_private() now supports PKCS1v2 keys as well
 - Fixed deadlock in rsa_pkcs1_encrypt() on failing random generator
2010-07-18 08:29:32 +00:00
Paul Bakker
08f3c30547 - Enlarged buffer to allow better debugging. 2010-07-08 06:54:25 +00:00
Paul Bakker
3ac1b2d952 - Added runtime and compiletime version information 2010-06-18 22:47:29 +00:00
Paul Bakker
77a43580da - Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites 2010-06-15 21:32:46 +00:00
Paul Bakker
699fbbcf29 - Added missing const fixes 2010-03-24 07:15:41 +00:00
Paul Bakker
57b7914445 - String peer_cn in ssl context made const as well. 2010-03-24 06:51:15 +00:00
Paul Bakker
ad7eca201d - Reverted Makefile (Unmerged CMake fault) 2010-03-24 06:46:47 +00:00
Paul Bakker
2908713af1 - Corrected behaviour 2010-03-21 21:03:34 +00:00
Paul Bakker
fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker
7d3b661bfe - Added reset functionality for HMAC context. Speed-up for some use-cases. 2010-03-21 16:23:13 +00:00