Manuel Pégourié-Gonnard
963918b88f
Countermeasure against "triple handshake" attack
2014-07-07 17:46:35 +02:00
Paul Bakker
57ca5702fd
Fixed CMake symlinking on out-of-source builds
2014-07-07 17:46:32 +02:00
Manuel Pégourié-Gonnard
6d841c2c5c
Fix verion-major intolerance
2014-07-07 17:46:31 +02:00
Paul Bakker
e96bfbc6bd
Fixed testing with out-of-source builds using cmake
2014-07-07 17:46:30 +02:00
Manuel Pégourié-Gonnard
c675e4bde5
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-07-07 17:46:29 +02:00
Paul Bakker
af0ccc8fa0
SMTP lines are officially terminated with CRLF, ssl_mail_client fixed
2014-07-07 17:46:29 +02:00
Paul Bakker
0b6355d088
Updated ChangeLog
2014-07-07 16:01:53 +02:00
Paul Bakker
d15718cbe0
Updated ChangeLog
2014-07-07 16:01:23 +02:00
Paul Bakker
d83584e9aa
Fixed potential overflow in certificate size in ssl_write_certificate()
2014-07-07 16:01:11 +02:00
Paul Bakker
78e819698b
Added missing MPI_CHK() around some statements
2014-07-07 16:01:10 +02:00
Paul Bakker
40cc914567
Fixed x509_crt_parse_path() bug on Windows platforms
2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard
b9f6d507dd
crypt_and_hash: check MAC earlier
2014-07-07 14:35:02 +02:00
Paul Bakker
a1caf6e1e8
SSL now gracefully handles missing RNG
2014-07-07 14:20:52 +02:00
Paul Bakker
c941adba31
Fixed X.509 hostname comparison (with non-regular characters)
2014-07-07 14:17:24 +02:00
Paul Bakker
e46b17766c
Make get_pkcs_padding() constant-time
2014-07-07 14:04:31 +02:00
Paul Bakker
9ccb2116a7
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2014-07-07 13:43:31 +02:00
Paul Bakker
6b06502c4b
Changed RSA blinding to a slower but thread-safe version
2013-10-07 12:06:29 +02:00
Paul Bakker
adace27ec9
Prepped for 1.2.10 release
2013-10-04 17:07:26 +02:00
Paul Bakker
178e74454f
Fixed MS VC project files
2013-10-04 13:20:40 +02:00
Paul Bakker
495830dd1f
Fixed ssl_pkcs11_decrypt() prototype
2013-10-04 11:01:48 +02:00
Paul Bakker
62087eed22
Fixed memory leak in rsa.c introduced in 43f9799
2013-10-04 10:57:12 +02:00
Paul Bakker
60ad84f43f
Fixed release date for 1.2.9
2013-10-01 10:13:52 +02:00
Paul Bakker
e45574e7de
Prepped for 1.2.9 release
2013-09-25 18:42:42 +02:00
Paul Bakker
43f9799ce6
RSA blinding on CRT operations to counter timing attacks
2013-09-23 11:23:31 +02:00
Paul Bakker
88a2264def
Fixed potential file descriptor leaks
2013-09-11 13:31:55 +02:00
Paul Bakker
f65fbee52b
x509_verify() now case insensitive for cn (RFC 6125 6.4)
...
(cherry picked from commit a5943858d8
)
Conflicts:
ChangeLog
library/x509parse.c
tests/suites/test_suite_x509parse.data
2013-09-11 13:31:55 +02:00
Paul Bakker
a565aceea1
Fixed potential memory leak when failing to resume a session
2013-09-11 13:31:53 +02:00
Paul Bakker
78020fe72c
Added fixes to ChangeLog
2013-09-11 13:31:06 +02:00
Paul Bakker
21360ca4d4
ssl_write_certificate_request() can handle empty ca_chain
2013-06-21 15:11:10 +02:00
Paul Bakker
016ea076e7
Added Security note (Advisory 2013-03) in ChangeLog
2013-06-19 11:50:30 +02:00
Paul Bakker
1d419500b0
Prepared for PolarSSL release 1.2.8
2013-06-19 11:48:04 +02:00
Paul Bakker
2be71faae4
Fixed values for 2-key Triple DES in cipher layer
2013-06-18 16:33:27 +02:00
Paul Bakker
6fa5488779
Centralized module option values in config.h
...
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
2013-06-17 15:44:03 +02:00
Paul Bakker
19bd297dc8
PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
...
old PBKDF2 module.
2013-06-14 12:06:45 +02:00
Paul Bakker
52b845be34
Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
2013-06-14 11:37:37 +02:00
Paul Bakker
cbfcaa9206
x509parse_crtpath() is now reentrant and uses more portable stat()
...
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
2013-06-13 09:20:25 +02:00
Paul Bakker
4087c47043
Added mechanism to provide alternative cipher / hash implementations
...
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
2013-06-12 16:57:46 +02:00
Paul Bakker
cf6e95d9a8
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
...
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
2013-06-12 13:18:15 +02:00
Paul Bakker
65a1909dc6
Internally split up x509parse_key()
...
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
2013-06-06 21:17:08 +02:00
Paul Bakker
1922a4e6aa
ssl_parse_certificate() now calls x509parse_crt_der() directly
2013-06-06 15:11:16 +02:00
Paul Bakker
6417186365
x509parse_crt() now better handles PEM error situations
...
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
2013-06-06 15:01:18 +02:00
Paul Bakker
08f06cf49f
Disabled the HAVEGE random generator by default
...
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.
Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
2013-06-06 14:05:26 +02:00
Paul Bakker
eae09db9e5
Fixed const correctness issues that have no impact on the ABI
2013-06-06 12:35:54 +02:00
Paul Bakker
f92263021c
Fixed offset for cert_type list in ssl_parse_certificate_request()
2013-06-06 11:24:37 +02:00
Paul Bakker
7c3c3899cf
Secure renegotiation extension should only be sent in case client supports secure renegotiation
2013-06-06 11:22:13 +02:00
Paul Bakker
822e958bb2
Prepared for PolarSSL 1.2.7 release
2013-04-13 11:56:17 +02:00
Paul Bakker
a62729888b
Ability to specify allowed ciphersuites based on the protocol version.
...
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int **' and is now malloced in ssl_init() and freed in
ssl_free().
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
2013-04-12 13:13:43 +02:00
Paul Bakker
d4c5944212
Fixed MPI assembly for ARM when -O2 is used
...
GCC with -O2 or higher also needs to now about 'cc' in the clobber list.
(cherry picked from commit eff2e6d414
)
Conflicts:
ChangeLog
2013-04-12 09:40:38 +02:00
Paul Bakker
90f042d4cb
Prepared for PolarSSL 1.2.6 release
2013-03-11 11:38:44 +01:00
Paul Bakker
fb1cbd3cea
Fixed assembly code for ARM (Thumb and regular) for some compilers
2013-03-06 18:14:52 +01:00
Paul Bakker
e81beda60f
The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
...
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.
As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
a35aa54967
Fixed whitespaces in ChangeLog
2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993
Re-added support for parsing and handling SSLv2 Client Hello messages
...
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.
It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b
Fixed net_bind() for specified IP addresses on little endian systems
2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5
Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt()
2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b
Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
...
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()
The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
e3e4a59622
Added bugfix line for previous fixes for MS Visual Studio
2013-03-06 18:01:02 +01:00
Paul Bakker
3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Paul Bakker
9d2bb658fc
Added PolarSSL 1.1.5 ChangeLog from 1.1 branch
2013-01-25 16:07:49 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae
Correctly handle CertificateRequest with empty DN list in <= TLS 1.1
2013-01-22 14:21:49 +01:00
Paul Bakker
21dca69ef0
Handle future version properly in ssl_write_certificate_request()
2013-01-03 11:41:08 +01:00
Paul Bakker
40628bad98
Memory leak when using RSA_PKCS_V21 operations fixed
2013-01-03 10:50:31 +01:00
Paul Bakker
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
Paul Bakker
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
Paul Bakker
7c90da9e75
Amended ChangeLog for client authentication fix
2012-11-23 14:02:40 +01:00
Paul Bakker
e667c98fb1
Added p_hw_data to ssl_context for context specific hardware acceleration data
2012-11-20 13:50:22 +01:00
Paul Bakker
1492633e54
Updated date for release
2012-11-20 10:58:09 +01:00
Manuel Pégourié-Gonnard
e44ec108be
Fixed segfault in mpi_shift_r()
...
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
34d8dbcc6d
- Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0)
2012-11-14 12:11:38 +00:00
Paul Bakker
b815682a48
- Updated Changelog for 1.2.1
2012-11-13 12:52:17 +00:00
Paul Bakker
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
Paul Bakker
f02c5642d0
- Allow R and A to point to same mpi in mpi_div_mpi
2012-11-13 10:25:21 +00:00
Paul Bakker
d9374b05d6
- Moved mpi_inv_mod() outside POLARSSL_GENPRIME
2012-11-02 11:02:58 +00:00
Paul Bakker
7a2538ee38
- Fixes for MSVC6
2012-11-02 10:59:36 +00:00
Paul Bakker
c9c5df98de
- Updated for PolarSSL 1.2.0
2012-10-31 13:55:27 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
4f024b7ba9
- Fixed for SPARC64
2012-10-30 07:29:57 +00:00
Paul Bakker
d5834bb394
- Added release text for 1.1.4 to ChangeLog
2012-10-02 14:38:56 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
995a215eac
- Added credits
2012-09-25 08:19:56 +00:00
Paul Bakker
d4c2bd79fe
- Added bug
2012-09-16 21:35:30 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
ec636f3bdd
- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
2012-09-09 19:17:02 +00:00