Paul Bakker
9345ad1f7a
Fixed release date for 1.1.8
2013-10-01 10:14:28 +02:00
Paul Bakker
62dfcf0a55
Prepped for 1.1.8 release
2013-09-25 18:17:36 +02:00
Paul Bakker
3513868f29
Fixed potential file descriptor leaks
2013-09-11 13:28:00 +02:00
Paul Bakker
3081ba12bb
Fixed potential heap buffer overflow on large hostname setting
...
(cherry picked from commit 75c1a6f97c
2013-09-11 13:24:12 +02:00
Paul Bakker
df177ba728
Fixed potential memory leak when failing to resume a session
...
Conflicts:
ChangeLog
library/ssl_tls.c
2013-09-11 13:22:52 +02:00
Paul Bakker
16e5f81473
Fixed potential negative value misinterpretation in load_file()
...
(cherry picked from commit 42c3ccf36e
2013-09-11 13:20:05 +02:00
Paul Bakker
8648f04e47
Potential buffer-overflow for ssl_read_record()
2013-09-11 13:16:28 +02:00
Paul Bakker
3f5b753654
ssl_write_certificate_request() can handle empty ca_chain
...
(cherry picked from commit 21360ca4d4
2013-06-21 15:13:59 +02:00
Paul Bakker
8199a3375f
Added Security note (Advisory 2013-03) in ChangeLog
...
(cherry picked from commit 016ea076e7
2013-06-19 12:16:23 +02:00
Paul Bakker
68514b09a1
Prepared for PolarSSL release 1.1.7
2013-06-19 12:15:10 +02:00
Paul Bakker
90f242bf2e
Fixed values for 2-key Triple DES in cipher layer
...
(cherry picked from commit 2be71faae4
2013-06-19 12:13:56 +02:00
Paul Bakker
b5df3bf1b4
ssl_parse_certificate() now calls x509parse_crt_der() directly
...
(cherry picked from commit 1922a4e6aa
2013-06-19 12:08:47 +02:00
Paul Bakker
721f06d49d
x509parse_crt() now better handles PEM error situations
...
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
(cherry picked from commit 6417186365
2013-06-19 12:07:42 +02:00
Paul Bakker
1fd0e055be
Disabled the HAVEGE random generator by default
...
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.
Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
(cherry picked from commit 08f06cf49f
2013-06-19 12:05:04 +02:00
Paul Bakker
d3cd5c1129
Prepared for PolarSSL 1.1.6 release
2013-03-11 17:02:58 +01:00
Paul Bakker
b5f272778e
Fixed net_bind() for specified IP addresses on little endian systems
...
(cherry picked from commit 37286a573b
2013-03-11 16:53:25 +01:00
Paul Bakker
e73a77f656
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
(cherry picked from commit 8804f69d46
2013-03-11 16:51:05 +01:00
Paul Bakker
0a971b5dc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
(cherry picked from commit e47b34bdc8
2013-03-11 16:08:06 +01:00
Paul Bakker
48b7cb8ea2
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
(cherry picked from commit d66f070d49
2013-03-11 15:59:03 +01:00
Paul Bakker
6a229c1f8c
Fixed timing difference resulting from badly formatted padding.
...
(cherry picked from commit 4582999be6
2013-03-11 15:56:17 +01:00
Paul Bakker
cb60e7c065
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
(cherry picked from commit 8fe40dcd7d
2013-03-11 15:50:35 +01:00
Paul Bakker
66a531b014
Bumped version numbers to 1.1.5
2013-01-16 14:06:28 +01:00
Paul Bakker
cf45a56631
Fixes for MSVC6
...
(cherry picked from commit 7a2538ee38
2013-01-16 13:38:20 +01:00
Paul Bakker
5f5593a30e
Handle encryption with private key and decryption with public key as per RFC 2313
...
(cherry picked from commit e6ee41f932
2013-01-16 13:26:56 +01:00
Paul Bakker
c048493374
Memory leak when using RSA_PKCS_V21 operations fixed
...
(cherry picked from commit 40628bad9802303e8be4
2013-01-16 13:16:09 +01:00
Paul Bakker
144c3cc8ab
Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
...
(cherry picked from commit 9daf0d0651
2013-01-16 13:16:00 +01:00
Paul Bakker
0ae1f40299
Allow R and A to point to same mpi in mpi_div_mpi
...
(cherry picked from commit f02c5642d050546921ac
2013-01-16 13:03:46 +01:00
Manuel Pégourié-Gonnard
f173e0ac74
Fixed segfault in mpi_shift_r(), Fixed memory leak in test_suite_mpi
...
(cherry picked from commit e44ec108be
2013-01-16 12:52:17 +01:00
Paul Bakker
d8ee8440a7
mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
...
(cherry picked from commit f6198c1513
2013-01-16 12:51:13 +01:00
Paul Bakker
7261cbaa91
Better checking for reading over buffer boundaries
...
(Partial cherry picked from commit 535e97dbab
2013-01-16 12:44:01 +01:00
Paul Bakker
087e0379c5
Moved mpi_inv_mod() outside POLARSSL_GENPRIME
...
(cherry picked from commit d9374b05d6
2013-01-14 17:57:13 +01:00
Paul Bakker
bdaf68a492
Added bug to ChangeLog
...
(cherry picked from commit d4c2bd79fe
2013-01-14 17:36:53 +01:00
Paul Bakker
47f626184c
Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
...
(cherry picked from commit b00ca42f2a
2013-01-14 17:36:49 +01:00
Paul Bakker
a4ed0c9a76
Fixed for SPARC64
...
(cherry picked from commit 4f024b7ba9
2013-01-14 17:36:48 +01:00
Paul Bakker
0ea57e8c7a
Fixed potential memory zeroization on miscrafted RSA key
...
(cherry picked from commit 3c16db9a10
2013-01-14 17:36:47 +01:00
Paul Bakker
d36da11125
Version 1.1.4
2012-05-31 10:46:28 +00:00
Paul Bakker
8639578f58
- Correctly handle empty packets (Found by James Yonan)
2012-05-30 07:39:36 +00:00
Paul Bakker
ce30bdf624
- Fixed single RSA test that failed on Big Endian systems (Closes ticket #54 )
2012-05-30 07:36:21 +00:00
Paul Bakker
7f113205bf
- Merged 'Fixed potential heap corruption in x509_name allocation' into 1.1 branch
2012-05-30 07:33:49 +00:00
Paul Bakker
662d1686d9
- Fixed random MPI generation to not generate more size than requested.
2012-04-29 20:15:55 +00:00
Paul Bakker
e893b669de
- Updated polarssl-1.1 branch with merged trunk patches
2012-04-26 19:30:20 +00:00
Paul Bakker
145e68119b
- Ready for release 1.1.2
2012-04-20 13:58:28 +00:00
Paul Bakker
79e9477d08
2012-04-20 13:41:32 +00:00
Paul Bakker
32356acc4f
- Fixed handling error in mpi_cmp_mpi() on longer B values (found by Hui Dong)
2012-04-20 13:34:52 +00:00
Paul Bakker
e2f8ff6797
- Merged security fixes to 1.1 branch
2012-04-20 13:33:14 +00:00
Paul Bakker
e2e36d31bd
- Merged changes from trunk to PolarSSL 1.1 branch
2012-01-23 09:56:51 +00:00
Paul Bakker
d567aa2b6e
- Merged Trunk changes for 1.1 into branch
2011-12-22 10:06:27 +00:00
Paul Bakker
732e1a893c
- Merged trunk into 1.1 branch
2011-12-11 16:35:09 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
c8ffbe7706
- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs
2011-12-05 14:22:49 +00:00
