Paul Bakker
03a85bca4c
pem_read_buffer() already update use_len after header and footer are read
...
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e
)
2013-06-19 12:06:00 +02:00
Paul Bakker
1fd0e055be
Disabled the HAVEGE random generator by default
...
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.
Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
(cherry picked from commit 08f06cf49f
)
Conflicts:
ChangeLog
2013-06-19 12:05:04 +02:00
Paul Bakker
d3cd5c1129
Prepared for PolarSSL 1.1.6 release
2013-03-11 17:02:58 +01:00
Paul Bakker
0a971b5dc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
(cherry picked from commit e47b34bdc8
)
Conflicts:
ChangeLog
library/ssl_tls.c
2013-03-11 16:08:06 +01:00
Paul Bakker
332166eeda
Added comments to indicate dependency from PEM on AES, DES and MD5
...
(cherry picked from commit 6deb37e03e
)
Conflicts:
include/polarssl/config.h
2013-03-11 16:04:49 +01:00
Paul Bakker
6c04475bfc
Fixed typo in base64.h
...
(cherry picked from commit fbb5cf9f59
)
2013-03-11 16:04:04 +01:00
Paul Bakker
48b7cb8ea2
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
(cherry picked from commit d66f070d49
)
Conflicts:
include/polarssl/config.h
library/ssl_tls.c
2013-03-11 15:59:03 +01:00
Paul Bakker
cb60e7c065
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
(cherry picked from commit 8fe40dcd7d
)
Conflicts:
ChangeLog
programs/util/strerror.c
2013-03-11 15:50:35 +01:00
Paul Bakker
66a531b014
Bumped version numbers to 1.1.5
2013-01-16 14:06:28 +01:00
Paul Bakker
5aef1e10f9
Fixed comments / typos
...
(cherry picked from commit 096348fa79
)
2013-01-16 13:16:09 +01:00
Paul Bakker
089b70d5a6
Fixed doxygen blocks
...
(cherry picked from commit 77db6ce348
)
2013-01-16 13:16:09 +01:00
Paul Bakker
d8ee8440a7
mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
...
(cherry picked from commit f6198c1513
)
2013-01-16 12:51:13 +01:00
Paul Bakker
a4ed0c9a76
Fixed for SPARC64
...
(cherry picked from commit 4f024b7ba9
)
Conflicts:
ChangeLog (Moved to 'Branch 1.1')
2013-01-14 17:36:48 +01:00
Paul Bakker
d36da11125
Version 1.1.4
2012-05-31 10:46:28 +00:00
Paul Bakker
a63c9e9fba
- Added 1.1.3 changes to 1.1 branch
2012-04-29 20:29:53 +00:00
Paul Bakker
e893b669de
- Updated polarssl-1.1 branch with merged trunk patches
2012-04-26 19:30:20 +00:00
Paul Bakker
145e68119b
- Ready for release 1.1.2
2012-04-20 13:58:28 +00:00
Paul Bakker
e2e36d31bd
- Merged changes from trunk to PolarSSL 1.1 branch
2012-01-23 09:56:51 +00:00
Paul Bakker
d567aa2b6e
- Merged Trunk changes for 1.1 into branch
2011-12-22 10:06:27 +00:00
Paul Bakker
732e1a893c
- Merged trunk into 1.1 branch
2011-12-11 16:35:09 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
fc754a9178
- Addedd writing and updating of seedfiles as functions to CTR_DRBG
2011-12-05 13:23:51 +00:00
Paul Bakker
4f5ae803fa
- Fixed MS Visual C++ name clash with int64 in sha4.h
2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d
- Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources
2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a
- Fixed const correctness
...
- Added ctr_drbg_update for non-fixed data lengths
- Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
2bc7cf16fe
- Cleaned up and further documented CTR_DRBG code
2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3
- Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
2011-11-27 14:46:59 +00:00
Paul Bakker
4463740fe4
- Improved build support for s390x and sparc64 in bignum.h
2011-11-26 09:23:07 +00:00
Paul Bakker
fe3256e54b
- Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44 )
2011-11-25 12:11:43 +00:00
Paul Bakker
b6d5f08051
- Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off
2011-11-25 11:52:11 +00:00
Paul Bakker
cce9d77745
- Lots of minimal changes to better support WINCE as a build target
2011-11-18 14:26:47 +00:00
Paul Bakker
a2713a327c
- Made switch for ARM thumb assembly. Still has to be added!
2011-11-18 12:47:23 +00:00
Paul Bakker
5e18aed436
- Changed the defined key-length of DES ciphers in cipher.h to include the parity bits, to prevent mistakes in copying data. (Closes ticket #33 )
2011-11-15 15:38:45 +00:00
Paul Bakker
f7e5bb5904
- Added cipher_get_cipher_mode() and cipher_get_cipher_operation() introspection functions (Closes ticket #40 )
2011-11-11 10:53:37 +00:00
Paul Bakker
2028156556
- Fixed typos in copied text (Fixed ticket #39 )
2011-11-11 10:34:04 +00:00
Paul Bakker
efc302964c
- Extracted ASN.1 parsing code from the X.509 parsing code. Added new module.
2011-11-10 14:43:23 +00:00
Paul Bakker
fa1c592860
- Fixed faulty HMAC-MD2 implementation (Fixes ticket #37 )
2011-10-06 14:18:49 +00:00
Paul Bakker
ca6f3e24a4
- Clarified use of AES and Camellia in CFB and CTR modes
2011-10-06 13:11:08 +00:00
Paul Bakker
490ecc8c3e
- Added ssl_set_max_version() to set the client's maximum sent version number
2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face
- Added ssl_session_reset() to allow re-use of already set non-connection specific context information
2011-10-06 12:37:39 +00:00
Paul Bakker
4793cc4620
- Fixed typo in doxygen info
2011-08-17 09:40:55 +00:00
Paul Bakker
314052fbfc
- Removed extraneous "polarssl/" in front on include directives in header files
2011-08-15 09:07:52 +00:00
Paul Bakker
4d8ca70833
- Fixed order of comments to match function rsa_pkcs1_decrypt
2011-08-09 10:31:05 +00:00
Paul Bakker
968bc9831b
- Preparations for v1.0.0 release of PolarSSL
2011-07-27 17:03:00 +00:00
Paul Bakker
5c721f98fd
- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
...
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
09b1ec68c8
- Adapted define for inline to be more solid
2011-07-27 16:28:54 +00:00
Paul Bakker
ed56b224de
- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )
2011-07-13 11:26:43 +00:00