Paul Bakker
03a85bca4c
pem_read_buffer() already update use_len after header and footer are read
...
After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e8300e
)
2013-06-19 12:06:00 +02:00
Paul Bakker
d3cd5c1129
Prepared for PolarSSL 1.1.6 release
2013-03-11 17:02:58 +01:00
Paul Bakker
b5f272778e
Fixed net_bind() for specified IP addresses on little endian systems
...
(cherry picked from commit 37286a573b
)
Conflicts:
ChangeLog
library/net.c
2013-03-11 16:53:25 +01:00
Paul Bakker
e73a77f656
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
(cherry picked from commit 8804f69d46
)
Conflicts:
ChangeLog
library/rsa.c
2013-03-11 16:51:05 +01:00
Paul Bakker
0a971b5dc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
(cherry picked from commit e47b34bdc8
)
Conflicts:
ChangeLog
library/ssl_tls.c
2013-03-11 16:08:06 +01:00
Paul Bakker
f6bff2a300
Made x509parse.c also work with missing hash header files
...
(cherry picked from commit 2ca8ad10a1
)
2013-03-11 16:05:32 +01:00
Paul Bakker
9fa6ea7cdf
Fixed comment
...
(cherry picked from commit 86f04f400b
)
2013-03-11 16:03:35 +01:00
Paul Bakker
48b7cb8ea2
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
(cherry picked from commit d66f070d49
)
Conflicts:
include/polarssl/config.h
library/ssl_tls.c
2013-03-11 15:59:03 +01:00
Paul Bakker
6a229c1f8c
Fixed timing difference resulting from badly formatted padding.
...
(cherry picked from commit 4582999be6
)
Conflicts:
ChangeLog
library/ssl_tls.c
2013-03-11 15:56:17 +01:00
Paul Bakker
cb60e7c065
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
(cherry picked from commit 8fe40dcd7d
)
Conflicts:
ChangeLog
programs/util/strerror.c
2013-03-11 15:50:35 +01:00
Paul Bakker
66a531b014
Bumped version numbers to 1.1.5
2013-01-16 14:06:28 +01:00
Paul Bakker
9406c12b1b
Fixed typo
2013-01-16 14:02:02 +01:00
Paul Bakker
cf45a56631
Fixes for MSVC6
...
(cherry picked from commit 7a2538ee38
)
2013-01-16 13:38:20 +01:00
Paul Bakker
5f5593a30e
Handle encryption with private key and decryption with public key as per RFC 2313
...
(cherry picked from commit e6ee41f932
)
2013-01-16 13:26:56 +01:00
Paul Bakker
c048493374
Memory leak when using RSA_PKCS_V21 operations fixed
...
(cherry picked from commit 40628bad98
and
from commit 02303e8be4
)
2013-01-16 13:16:09 +01:00
Paul Bakker
5aef1e10f9
Fixed comments / typos
...
(cherry picked from commit 096348fa79
)
2013-01-16 13:16:09 +01:00
Paul Bakker
144c3cc8ab
Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
...
(cherry picked from commit 9daf0d0651
)
2013-01-16 13:16:00 +01:00
Paul Bakker
0ae1f40299
Allow R and A to point to same mpi in mpi_div_mpi
...
(cherry picked from commit f02c5642d0
and
from commit 50546921ac
)
2013-01-16 13:03:46 +01:00
Manuel Pégourié-Gonnard
f173e0ac74
Fixed segfault in mpi_shift_r(), Fixed memory leak in test_suite_mpi
...
(cherry picked from commit e44ec108be
)
2013-01-16 12:52:17 +01:00
Paul Bakker
d8ee8440a7
mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
...
(cherry picked from commit f6198c1513
)
2013-01-16 12:51:13 +01:00
Paul Bakker
7261cbaa91
Better checking for reading over buffer boundaries
...
(Partial cherry picked from commit 535e97dbab
)
2013-01-16 12:44:01 +01:00
Paul Bakker
087e0379c5
Moved mpi_inv_mod() outside POLARSSL_GENPRIME
...
(cherry picked from commit d9374b05d6
)
Conflicts:
ChangeLog
2013-01-14 17:57:13 +01:00
Paul Bakker
ebee076da6
Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover.
...
(cherry picked from commit 2d319fdfcb
)
2013-01-14 17:36:52 +01:00
Paul Bakker
47f626184c
Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
...
(cherry picked from commit b00ca42f2a
)
Conflicts:
ChangeLog (Moved message to 'Branch 1.1')
2013-01-14 17:36:49 +01:00
Paul Bakker
0ea57e8c7a
Fixed potential memory zeroization on miscrafted RSA key
...
(cherry picked from commit 3c16db9a10
)
Conflicts:
ChangeLog (Moved message to 'Branch 1.1')
2013-01-14 17:36:47 +01:00
Paul Bakker
ff47dec89d
Added proper gitignores for linux compilation
...
(cherry picked from commit 90f309ffe7
)
2013-01-14 17:36:39 +01:00
Paul Bakker
8639578f58
- Correctly handle empty packets (Found by James Yonan)
2012-05-30 07:39:36 +00:00
Paul Bakker
0715668eea
2012-05-30 07:33:30 +00:00
Paul Bakker
a63c9e9fba
- Added 1.1.3 changes to 1.1 branch
2012-04-29 20:29:53 +00:00
Paul Bakker
662d1686d9
- Fixed random MPI generation to not generate more size than requested.
2012-04-29 20:15:55 +00:00
Paul Bakker
e893b669de
- Updated polarssl-1.1 branch with merged trunk patches
2012-04-26 19:30:20 +00:00
Paul Bakker
32356acc4f
- Fixed handling error in mpi_cmp_mpi() on longer B values (found by Hui Dong)
2012-04-20 13:34:52 +00:00
Paul Bakker
e2f8ff6797
- Merged security fixes to 1.1 branch
2012-04-20 13:33:14 +00:00
Paul Bakker
e2e36d31bd
- Merged changes from trunk to PolarSSL 1.1 branch
2012-01-23 09:56:51 +00:00
Paul Bakker
d567aa2b6e
- Merged Trunk changes for 1.1 into branch
2011-12-22 10:06:27 +00:00
Paul Bakker
732e1a893c
- Merged trunk into 1.1 branch
2011-12-11 16:35:09 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
9304880e8a
- Fixed correct printing of serial number '00'
2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706
- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs
2011-12-05 14:22:49 +00:00
Paul Bakker
6bcfc67cd2
- Prevented warning from unused parameter data
2011-12-05 13:54:00 +00:00
Paul Bakker
fc754a9178
- Addedd writing and updating of seedfiles as functions to CTR_DRBG
2011-12-05 13:23:51 +00:00
Paul Bakker
1c70d409ad
- Added better handling of missing session struct
2011-12-04 22:30:17 +00:00
Paul Bakker
4f229e5d83
- Fixed define for Windows time functions
2011-12-04 22:11:35 +00:00
Paul Bakker
4f5ae803fa
- Fixed MS Visual C++ name clash with int64 in sha4.h
2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d
- Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources
2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a
- Fixed const correctness
...
- Added ctr_drbg_update for non-fixed data lengths
- Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
23fd5ea667
- Fixed a potential loop bug
2011-11-29 15:56:12 +00:00
Paul Bakker
2bc7cf16fe
- Cleaned up and further documented CTR_DRBG code
2011-11-29 10:50:51 +00:00