Commit Graph

164 Commits

Author SHA1 Message Date
Paul Bakker
1fd0e055be Disabled the HAVEGE random generator by default
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
(cherry picked from commit 08f06cf49f)

Conflicts:
	ChangeLog
2013-06-19 12:05:04 +02:00
Paul Bakker
d3cd5c1129 Prepared for PolarSSL 1.1.6 release 2013-03-11 17:02:58 +01:00
Paul Bakker
0a971b5dc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
(cherry picked from commit e47b34bdc8)

Conflicts:
	ChangeLog
	library/ssl_tls.c
2013-03-11 16:08:06 +01:00
Paul Bakker
332166eeda Added comments to indicate dependency from PEM on AES, DES and MD5
(cherry picked from commit 6deb37e03e)

Conflicts:
	include/polarssl/config.h
2013-03-11 16:04:49 +01:00
Paul Bakker
6c04475bfc Fixed typo in base64.h
(cherry picked from commit fbb5cf9f59)
2013-03-11 16:04:04 +01:00
Paul Bakker
48b7cb8ea2 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
(cherry picked from commit d66f070d49)

Conflicts:
	include/polarssl/config.h
	library/ssl_tls.c
2013-03-11 15:59:03 +01:00
Paul Bakker
cb60e7c065 Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
(cherry picked from commit 8fe40dcd7d)

Conflicts:
	ChangeLog
	programs/util/strerror.c
2013-03-11 15:50:35 +01:00
Paul Bakker
66a531b014 Bumped version numbers to 1.1.5 2013-01-16 14:06:28 +01:00
Paul Bakker
5aef1e10f9 Fixed comments / typos
(cherry picked from commit 096348fa79)
2013-01-16 13:16:09 +01:00
Paul Bakker
089b70d5a6 Fixed doxygen blocks
(cherry picked from commit 77db6ce348)
2013-01-16 13:16:09 +01:00
Paul Bakker
d8ee8440a7 mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52)
(cherry picked from commit f6198c1513)
2013-01-16 12:51:13 +01:00
Paul Bakker
a4ed0c9a76 Fixed for SPARC64
(cherry picked from commit 4f024b7ba9)

Conflicts:
	ChangeLog (Moved to 'Branch 1.1')
2013-01-14 17:36:48 +01:00
Paul Bakker
d36da11125 Version 1.1.4 2012-05-31 10:46:28 +00:00
Paul Bakker
a63c9e9fba - Added 1.1.3 changes to 1.1 branch 2012-04-29 20:29:53 +00:00
Paul Bakker
e893b669de - Updated polarssl-1.1 branch with merged trunk patches 2012-04-26 19:30:20 +00:00
Paul Bakker
145e68119b - Ready for release 1.1.2 2012-04-20 13:58:28 +00:00
Paul Bakker
e2e36d31bd - Merged changes from trunk to PolarSSL 1.1 branch 2012-01-23 09:56:51 +00:00
Paul Bakker
d567aa2b6e - Merged Trunk changes for 1.1 into branch 2011-12-22 10:06:27 +00:00
Paul Bakker
732e1a893c - Merged trunk into 1.1 branch 2011-12-11 16:35:09 +00:00
Paul Bakker
c50132d4fa - Updated version of PolarSSL to 1.1.0 2011-12-05 14:38:36 +00:00
Paul Bakker
fc754a9178 - Addedd writing and updating of seedfiles as functions to CTR_DRBG 2011-12-05 13:23:51 +00:00
Paul Bakker
4f5ae803fa - Fixed MS Visual C++ name clash with int64 in sha4.h 2011-12-04 22:10:28 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
6083fd252d - Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources 2011-12-03 21:45:14 +00:00
Paul Bakker
1bc9efc00a - Fixed const correctness
- Added ctr_drbg_update for non-fixed data lengths
 - Fixed void pointer arithmetic
2011-12-03 11:29:32 +00:00
Paul Bakker
cb37aa5912 - Better buffer handling in mpi_read_file() 2011-11-30 16:00:20 +00:00
Paul Bakker
2bc7cf16fe - Cleaned up and further documented CTR_DRBG code 2011-11-29 10:50:51 +00:00
Paul Bakker
a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3 - Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator 2011-11-27 14:46:59 +00:00
Paul Bakker
4463740fe4 - Improved build support for s390x and sparc64 in bignum.h 2011-11-26 09:23:07 +00:00
Paul Bakker
fe3256e54b - Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44) 2011-11-25 12:11:43 +00:00
Paul Bakker
b6d5f08051 - Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off 2011-11-25 11:52:11 +00:00
Paul Bakker
cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker
a2713a327c - Made switch for ARM thumb assembly. Still has to be added! 2011-11-18 12:47:23 +00:00
Paul Bakker
5e18aed436 - Changed the defined key-length of DES ciphers in cipher.h to include the parity bits, to prevent mistakes in copying data. (Closes ticket #33) 2011-11-15 15:38:45 +00:00
Paul Bakker
f7e5bb5904 - Added cipher_get_cipher_mode() and cipher_get_cipher_operation() introspection functions (Closes ticket #40) 2011-11-11 10:53:37 +00:00
Paul Bakker
2028156556 - Fixed typos in copied text (Fixed ticket #39) 2011-11-11 10:34:04 +00:00
Paul Bakker
efc302964c - Extracted ASN.1 parsing code from the X.509 parsing code. Added new module. 2011-11-10 14:43:23 +00:00
Paul Bakker
fa1c592860 - Fixed faulty HMAC-MD2 implementation (Fixes ticket #37) 2011-10-06 14:18:49 +00:00
Paul Bakker
ca6f3e24a4 - Clarified use of AES and Camellia in CFB and CTR modes 2011-10-06 13:11:08 +00:00
Paul Bakker
490ecc8c3e - Added ssl_set_max_version() to set the client's maximum sent version number 2011-10-06 13:04:09 +00:00
Paul Bakker
7eb013face - Added ssl_session_reset() to allow re-use of already set non-connection specific context information 2011-10-06 12:37:39 +00:00
Paul Bakker
4793cc4620 - Fixed typo in doxygen info 2011-08-17 09:40:55 +00:00
Paul Bakker
314052fbfc - Removed extraneous "polarssl/" in front on include directives in header files 2011-08-15 09:07:52 +00:00
Paul Bakker
4d8ca70833 - Fixed order of comments to match function rsa_pkcs1_decrypt 2011-08-09 10:31:05 +00:00
Paul Bakker
968bc9831b - Preparations for v1.0.0 release of PolarSSL 2011-07-27 17:03:00 +00:00
Paul Bakker
5c721f98fd - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
09b1ec68c8 - Adapted define for inline to be more solid 2011-07-27 16:28:54 +00:00
Paul Bakker
ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker
73206954d4 - Made des_key_check_weak() conform to other functions in return values.
- Added documentation for des_key_check_weak() and des_key_check_key_parity()
2011-07-06 14:37:33 +00:00