Paul Bakker
d83584e9aa
Fixed potential overflow in certificate size in ssl_write_certificate()
2014-07-07 16:01:11 +02:00
Paul Bakker
78e819698b
Added missing MPI_CHK() around some statements
2014-07-07 16:01:10 +02:00
Paul Bakker
b5296b7f78
Add CHECK flags in CMakeLists.txt
2014-07-07 16:01:09 +02:00
Paul Bakker
2ad45598eb
Support for CLANG compiler in CMakeLists.txt
2014-07-07 16:01:08 +02:00
Paul Bakker
40cc914567
Fixed x509_crt_parse_path() bug on Windows platforms
2014-07-07 16:01:08 +02:00
Paul Bakker
238be3a207
Removed dependency on unistd.h for MSVC in apps
2014-07-07 16:01:07 +02:00
Paul Bakker
0748895b68
Explicit conversions to int from size_t for MSVC (64-bit) in apps
2014-07-07 16:01:06 +02:00
Paul Bakker
256a4afb57
Removed making commandline arguments case insensitive
2014-07-07 15:54:04 +02:00
Manuel Pégourié-Gonnard
9975c5d217
Check PKCS 1.5 padding in a more constant-time way
...
(Avoid branches that depend on secret data.)
2014-07-07 14:38:09 +02:00
Manuel Pégourié-Gonnard
d237d261e5
Check OAEP padding in a more constant-time way
2014-07-07 14:37:56 +02:00
Manuel Pégourié-Gonnard
3411464a64
RSA-OAEP decrypt: reorganise code
2014-07-07 14:37:39 +02:00
Paul Bakker
a91d41e7a4
Removed Windows auto-spawn client code
2014-07-07 14:37:05 +02:00
Paul Bakker
26e281831e
Renamed test_offset to prevent clash with one in ctr_drbg.c
2014-07-07 14:36:30 +02:00
Manuel Pégourié-Gonnard
b9f6d507dd
crypt_and_hash: check MAC earlier
2014-07-07 14:35:02 +02:00
Manuel Pégourié-Gonnard
7ab2d5daf5
Clarify comments of mpi_mul_int()
2014-07-07 14:34:06 +02:00
Paul Bakker
a1caf6e1e8
SSL now gracefully handles missing RNG
2014-07-07 14:20:52 +02:00
Paul Bakker
c941adba31
Fixed X.509 hostname comparison (with non-regular characters)
2014-07-07 14:17:24 +02:00
Paul Bakker
cf78ba2b89
bump_version script also handled SOVERSION for library/Makefile
2014-07-07 14:14:21 +02:00
Paul Bakker
835481930a
Makefile now produces a .so.X with SOVERSION in it
2014-07-07 14:13:54 +02:00
Manuel Pégourié-Gonnard
5c8434cf52
Safer buffer comparisons in the SSL modules
2014-07-07 14:10:07 +02:00
Manuel Pégourié-Gonnard
79f1ff84ed
Make all hash checking in programs constant-time
2014-07-07 14:07:23 +02:00
Paul Bakker
2a8c2881f4
Check HMAC in constant-time in crypt_and_hash
2014-07-07 14:06:58 +02:00
Paul Bakker
c3ec63df42
Minor change that makes life easier for static analyzers / compilers
2014-07-07 14:06:22 +02:00
Paul Bakker
e46b17766c
Make get_pkcs_padding() constant-time
2014-07-07 14:04:31 +02:00
Paul Bakker
52cb87beb7
Forced cast to prevent MSVC compiler warning
2014-07-07 13:46:10 +02:00
Paul Bakker
4c9301a7af
Convert SOCKET to int to prevent compiler warnings under MSVC.
...
From kernel objects at msdn:
Kernel object handles are process specific. That is, a process must either create the object or open an existing object to obtain a kernel object handle. The per-process limit on kernel handles is 2^24.
Windows Internals by Russinovich and Solomon as well says that the high bits are zero.
2014-07-07 13:44:30 +02:00
Paul Bakker
9ccb2116a7
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2014-07-07 13:43:31 +02:00
Paul Bakker
ff6e24710a
RSA blinding: check highly unlikely cases
2014-07-07 13:34:41 +02:00
Paul Bakker
6b06502c4b
Changed RSA blinding to a slower but thread-safe version
2013-10-07 12:06:29 +02:00
Paul Bakker
adace27ec9
Prepped for 1.2.10 release
2013-10-04 17:07:26 +02:00
Paul Bakker
2f1481ec73
Additional fixed to rsa.c with regards to blinding
2013-10-04 16:46:21 +02:00
Paul Bakker
178e74454f
Fixed MS VC project files
2013-10-04 13:20:40 +02:00
Paul Bakker
495830dd1f
Fixed ssl_pkcs11_decrypt() prototype
2013-10-04 11:01:48 +02:00
Paul Bakker
62087eed22
Fixed memory leak in rsa.c introduced in 43f9799
2013-10-04 10:57:12 +02:00
Paul Bakker
60ad84f43f
Fixed release date for 1.2.9
2013-10-01 10:13:52 +02:00
Paul Bakker
e45574e7de
Prepped for 1.2.9 release
2013-09-25 18:42:42 +02:00
Paul Bakker
915ee19887
Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2
2013-09-23 17:30:26 +02:00
Paul Bakker
43f9799ce6
RSA blinding on CRT operations to counter timing attacks
2013-09-23 11:23:31 +02:00
Paul Bakker
88a2264def
Fixed potential file descriptor leaks
2013-09-11 13:31:55 +02:00
Paul Bakker
f65fbee52b
x509_verify() now case insensitive for cn (RFC 6125 6.4)
...
(cherry picked from commit a5943858d8
)
Conflicts:
ChangeLog
library/x509parse.c
tests/suites/test_suite_x509parse.data
2013-09-11 13:31:55 +02:00
Paul Bakker
34b225f0ee
Added C++ style extern in x509write header file
2013-09-11 13:31:55 +02:00
Paul Bakker
a565aceea1
Fixed potential memory leak when failing to resume a session
2013-09-11 13:31:53 +02:00
Paul Bakker
78020fe72c
Added fixes to ChangeLog
2013-09-11 13:31:06 +02:00
Paul Bakker
a13d744d2e
Fixed potential heap buffer overflow on large hostname setting
...
(cherry picked from commit 75c1a6f97c
)
Conflicts:
library/ssl_tls.c
2013-09-11 11:41:41 +02:00
Paul Bakker
fe7c24caa6
Fixed potential negative value misinterpretation in load_file()
...
(cherry picked from commit 42c3ccf36e
)
Conflicts:
library/x509parse.c
2013-09-11 11:41:41 +02:00
Paul Bakker
433fad261e
Removed errant printf in x509parse_self_test()
...
(cherry picked from commit dc4baf11ab
)
2013-09-11 11:32:46 +02:00
Paul Bakker
21360ca4d4
ssl_write_certificate_request() can handle empty ca_chain
2013-06-21 15:11:10 +02:00
Paul Bakker
016ea076e7
Added Security note (Advisory 2013-03) in ChangeLog
2013-06-19 11:50:30 +02:00
Paul Bakker
1d419500b0
Prepared for PolarSSL release 1.2.8
2013-06-19 11:48:04 +02:00
Paul Bakker
da7fdbd534
Fixed minor comment typo
2013-06-19 11:15:43 +02:00