Paul Bakker
3cbaf1e379
Add ssl_close_notify() to servers that missed it
2014-07-08 14:30:35 +02:00
Paul Bakker
358a841b34
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-07-08 12:14:37 +02:00
Paul Bakker
24aaf44120
Make sure no random pointer occur during failed malloc()'s
2014-07-08 11:39:19 +02:00
Paul Bakker
bc8984931c
Improvements to tests/Makefile when using shared library
2014-07-08 11:32:12 +02:00
Paul Bakker
1e9423704a
Support for seed file writing and reading in Entropy
2014-07-08 11:20:25 +02:00
Paul Bakker
b000f82d76
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard
57291a7019
Work around a compiler bug on OS X.
2014-07-08 11:13:42 +02:00
Manuel Pégourié-Gonnard
3baeb15c79
Update changelog for cmake changes
2014-07-08 11:10:54 +02:00
Alex Wilson
e63560470e
Don't try to use MIPS32 asm macros on MIPS64
...
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
2014-07-08 11:06:05 +02:00
Manuel Pégourié-Gonnard
be04673c49
Forbid sequence number wrapping
2014-07-08 11:04:19 +02:00
Paul Bakker
50a5c53398
Reject certs and CRLs from the future
2014-07-08 10:59:10 +02:00
Manuel Pégourié-Gonnard
963918b88f
Countermeasure against "triple handshake" attack
2014-07-07 17:46:35 +02:00
Paul Bakker
57ca5702fd
Fixed CMake symlinking on out-of-source builds
2014-07-07 17:46:32 +02:00
Manuel Pégourié-Gonnard
6d841c2c5c
Fix verion-major intolerance
2014-07-07 17:46:31 +02:00
Paul Bakker
e96bfbc6bd
Fixed testing with out-of-source builds using cmake
2014-07-07 17:46:30 +02:00
Manuel Pégourié-Gonnard
c675e4bde5
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-07-07 17:46:29 +02:00
Paul Bakker
af0ccc8fa0
SMTP lines are officially terminated with CRLF, ssl_mail_client fixed
2014-07-07 17:46:29 +02:00
Paul Bakker
0b6355d088
Updated ChangeLog
2014-07-07 16:01:53 +02:00
Paul Bakker
d15718cbe0
Updated ChangeLog
2014-07-07 16:01:23 +02:00
Paul Bakker
d83584e9aa
Fixed potential overflow in certificate size in ssl_write_certificate()
2014-07-07 16:01:11 +02:00
Paul Bakker
78e819698b
Added missing MPI_CHK() around some statements
2014-07-07 16:01:10 +02:00
Paul Bakker
40cc914567
Fixed x509_crt_parse_path() bug on Windows platforms
2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard
b9f6d507dd
crypt_and_hash: check MAC earlier
2014-07-07 14:35:02 +02:00
Paul Bakker
a1caf6e1e8
SSL now gracefully handles missing RNG
2014-07-07 14:20:52 +02:00
Paul Bakker
c941adba31
Fixed X.509 hostname comparison (with non-regular characters)
2014-07-07 14:17:24 +02:00
Paul Bakker
e46b17766c
Make get_pkcs_padding() constant-time
2014-07-07 14:04:31 +02:00
Paul Bakker
9ccb2116a7
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2014-07-07 13:43:31 +02:00
Paul Bakker
6b06502c4b
Changed RSA blinding to a slower but thread-safe version
2013-10-07 12:06:29 +02:00
Paul Bakker
adace27ec9
Prepped for 1.2.10 release
2013-10-04 17:07:26 +02:00
Paul Bakker
178e74454f
Fixed MS VC project files
2013-10-04 13:20:40 +02:00
Paul Bakker
495830dd1f
Fixed ssl_pkcs11_decrypt() prototype
2013-10-04 11:01:48 +02:00
Paul Bakker
62087eed22
Fixed memory leak in rsa.c introduced in 43f9799
2013-10-04 10:57:12 +02:00
Paul Bakker
60ad84f43f
Fixed release date for 1.2.9
2013-10-01 10:13:52 +02:00
Paul Bakker
e45574e7de
Prepped for 1.2.9 release
2013-09-25 18:42:42 +02:00
Paul Bakker
43f9799ce6
RSA blinding on CRT operations to counter timing attacks
2013-09-23 11:23:31 +02:00
Paul Bakker
88a2264def
Fixed potential file descriptor leaks
2013-09-11 13:31:55 +02:00
Paul Bakker
f65fbee52b
x509_verify() now case insensitive for cn (RFC 6125 6.4)
...
(cherry picked from commit a5943858d8
2013-09-11 13:31:55 +02:00
Paul Bakker
a565aceea1
Fixed potential memory leak when failing to resume a session
2013-09-11 13:31:53 +02:00
Paul Bakker
78020fe72c
Added fixes to ChangeLog
2013-09-11 13:31:06 +02:00
Paul Bakker
21360ca4d4
ssl_write_certificate_request() can handle empty ca_chain
2013-06-21 15:11:10 +02:00
Paul Bakker
016ea076e7
Added Security note (Advisory 2013-03) in ChangeLog
2013-06-19 11:50:30 +02:00
Paul Bakker
1d419500b0
Prepared for PolarSSL release 1.2.8
2013-06-19 11:48:04 +02:00
Paul Bakker
2be71faae4
Fixed values for 2-key Triple DES in cipher layer
2013-06-18 16:33:27 +02:00
Paul Bakker
6fa5488779
Centralized module option values in config.h
...
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
2013-06-17 15:44:03 +02:00
Paul Bakker
19bd297dc8
PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
...
old PBKDF2 module.
2013-06-14 12:06:45 +02:00
Paul Bakker
52b845be34
Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
2013-06-14 11:37:37 +02:00
Paul Bakker
cbfcaa9206
x509parse_crtpath() is now reentrant and uses more portable stat()
...
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
2013-06-13 09:20:25 +02:00
Paul Bakker
4087c47043
Added mechanism to provide alternative cipher / hash implementations
...
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
2013-06-12 16:57:46 +02:00
Paul Bakker
cf6e95d9a8
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
...
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
2013-06-12 13:18:15 +02:00
Paul Bakker
65a1909dc6
Internally split up x509parse_key()
...
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
2013-06-06 21:17:08 +02:00
