Paul Bakker
1e9423704a
Support for seed file writing and reading in Entropy
2014-07-08 11:20:25 +02:00
Paul Bakker
b000f82d76
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard
57291a7019
Work around a compiler bug on OS X.
2014-07-08 11:13:42 +02:00
Manuel Pégourié-Gonnard
3baeb15c79
Update changelog for cmake changes
2014-07-08 11:10:54 +02:00
Alex Wilson
e63560470e
Don't try to use MIPS32 asm macros on MIPS64
...
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
2014-07-08 11:06:05 +02:00
Manuel Pégourié-Gonnard
be04673c49
Forbid sequence number wrapping
2014-07-08 11:04:19 +02:00
Paul Bakker
50a5c53398
Reject certs and CRLs from the future
2014-07-08 10:59:10 +02:00
Manuel Pégourié-Gonnard
963918b88f
Countermeasure against "triple handshake" attack
2014-07-07 17:46:35 +02:00
Paul Bakker
57ca5702fd
Fixed CMake symlinking on out-of-source builds
2014-07-07 17:46:32 +02:00
Manuel Pégourié-Gonnard
6d841c2c5c
Fix verion-major intolerance
2014-07-07 17:46:31 +02:00
Paul Bakker
e96bfbc6bd
Fixed testing with out-of-source builds using cmake
2014-07-07 17:46:30 +02:00
Manuel Pégourié-Gonnard
c675e4bde5
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-07-07 17:46:29 +02:00
Paul Bakker
af0ccc8fa0
SMTP lines are officially terminated with CRLF, ssl_mail_client fixed
2014-07-07 17:46:29 +02:00
Paul Bakker
0b6355d088
Updated ChangeLog
2014-07-07 16:01:53 +02:00
Paul Bakker
d15718cbe0
Updated ChangeLog
2014-07-07 16:01:23 +02:00
Paul Bakker
d83584e9aa
Fixed potential overflow in certificate size in ssl_write_certificate()
2014-07-07 16:01:11 +02:00
Paul Bakker
78e819698b
Added missing MPI_CHK() around some statements
2014-07-07 16:01:10 +02:00
Paul Bakker
40cc914567
Fixed x509_crt_parse_path() bug on Windows platforms
2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard
b9f6d507dd
crypt_and_hash: check MAC earlier
2014-07-07 14:35:02 +02:00
Paul Bakker
a1caf6e1e8
SSL now gracefully handles missing RNG
2014-07-07 14:20:52 +02:00
Paul Bakker
c941adba31
Fixed X.509 hostname comparison (with non-regular characters)
2014-07-07 14:17:24 +02:00
Paul Bakker
e46b17766c
Make get_pkcs_padding() constant-time
2014-07-07 14:04:31 +02:00
Paul Bakker
9ccb2116a7
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2014-07-07 13:43:31 +02:00
Paul Bakker
6b06502c4b
Changed RSA blinding to a slower but thread-safe version
2013-10-07 12:06:29 +02:00
Paul Bakker
adace27ec9
Prepped for 1.2.10 release
2013-10-04 17:07:26 +02:00
Paul Bakker
178e74454f
Fixed MS VC project files
2013-10-04 13:20:40 +02:00
Paul Bakker
495830dd1f
Fixed ssl_pkcs11_decrypt() prototype
2013-10-04 11:01:48 +02:00
Paul Bakker
62087eed22
Fixed memory leak in rsa.c introduced in 43f9799
2013-10-04 10:57:12 +02:00
Paul Bakker
60ad84f43f
Fixed release date for 1.2.9
2013-10-01 10:13:52 +02:00
Paul Bakker
e45574e7de
Prepped for 1.2.9 release
2013-09-25 18:42:42 +02:00
Paul Bakker
43f9799ce6
RSA blinding on CRT operations to counter timing attacks
2013-09-23 11:23:31 +02:00
Paul Bakker
88a2264def
Fixed potential file descriptor leaks
2013-09-11 13:31:55 +02:00
Paul Bakker
f65fbee52b
x509_verify() now case insensitive for cn (RFC 6125 6.4)
...
(cherry picked from commit a5943858d8
)
Conflicts:
ChangeLog
library/x509parse.c
tests/suites/test_suite_x509parse.data
2013-09-11 13:31:55 +02:00
Paul Bakker
a565aceea1
Fixed potential memory leak when failing to resume a session
2013-09-11 13:31:53 +02:00
Paul Bakker
78020fe72c
Added fixes to ChangeLog
2013-09-11 13:31:06 +02:00
Paul Bakker
21360ca4d4
ssl_write_certificate_request() can handle empty ca_chain
2013-06-21 15:11:10 +02:00
Paul Bakker
016ea076e7
Added Security note (Advisory 2013-03) in ChangeLog
2013-06-19 11:50:30 +02:00
Paul Bakker
1d419500b0
Prepared for PolarSSL release 1.2.8
2013-06-19 11:48:04 +02:00
Paul Bakker
2be71faae4
Fixed values for 2-key Triple DES in cipher layer
2013-06-18 16:33:27 +02:00
Paul Bakker
6fa5488779
Centralized module option values in config.h
...
Allow user-defined settings without editing header files by using
POLARSSL_CONFIG_OPTIONS in config.h
2013-06-17 15:44:03 +02:00
Paul Bakker
19bd297dc8
PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
...
old PBKDF2 module.
2013-06-14 12:06:45 +02:00
Paul Bakker
52b845be34
Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
2013-06-14 11:37:37 +02:00
Paul Bakker
cbfcaa9206
x509parse_crtpath() is now reentrant and uses more portable stat()
...
Moved from readdir() to readdir_r() and use stat instead of the less
portable d_type from struct dirent.
2013-06-13 09:20:25 +02:00
Paul Bakker
4087c47043
Added mechanism to provide alternative cipher / hash implementations
...
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
2013-06-12 16:57:46 +02:00
Paul Bakker
cf6e95d9a8
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
...
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
2013-06-12 13:18:15 +02:00
Paul Bakker
65a1909dc6
Internally split up x509parse_key()
...
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
2013-06-06 21:17:08 +02:00
Paul Bakker
1922a4e6aa
ssl_parse_certificate() now calls x509parse_crt_der() directly
2013-06-06 15:11:16 +02:00
Paul Bakker
6417186365
x509parse_crt() now better handles PEM error situations
...
Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
2013-06-06 15:01:18 +02:00
Paul Bakker
08f06cf49f
Disabled the HAVEGE random generator by default
...
Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.
Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
2013-06-06 14:05:26 +02:00
Paul Bakker
eae09db9e5
Fixed const correctness issues that have no impact on the ABI
2013-06-06 12:35:54 +02:00