3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
2ca8ad10a1
Made x509parse.c also work with missing hash header files
2013-02-19 13:17:38 +01:00
6deb37e03e
Added comments to indicate dependency from PEM on AES, DES and MD5
2013-02-19 13:17:08 +01:00
fbb5cf9f59
Fixed typo in base64.h
2013-02-14 11:56:58 +01:00
86f04f400b
Fixed comment
2013-02-14 11:20:09 +01:00
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
9d2bb658fc
Added PolarSSL 1.1.5 ChangeLog from 1.1 branch
2013-01-25 16:07:49 +01:00
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
9c94cddeae
Correctly handle CertificateRequest with empty DN list in <= TLS 1.1
2013-01-22 14:21:49 +01:00
f626e1dd28
Fixed comment on maximum tested size for POLARSSL_MPI_MAX_LIMBS
2013-01-21 12:14:17 +01:00
21dca69ef0
Handle future version properly in ssl_write_certificate_request()
2013-01-03 11:41:08 +01:00
58ef6ec613
Cleaner test-memory cleanups
2013-01-03 11:33:48 +01:00
02303e8be4
Moved md_init_ctx() calls around to minimize exit points
2013-01-03 11:08:31 +01:00
40628bad98
Memory leak when using RSA_PKCS_V21 operations fixed
2013-01-03 10:50:31 +01:00
34558735d2
Inserted bump_version.sh in git repository
2012-11-26 17:18:12 +01:00
77d51d7867
Merge branch 'polarssl-1.2' for release of PolarSSL 1.2.3
2012-11-26 16:30:11 +01:00
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
bc3d98469f
Fixed multiple DN size
2012-11-26 16:12:02 +01:00
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
3497d8c7bf
Do not check sig on trust-ca (might not be top)
2012-11-24 11:53:17 +01:00
769075dfb6
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 11:26:46 +01:00
1eeceaeac8
More expansive testing
2012-11-23 14:25:34 +01:00
78ce507988
Fixed typo
2012-11-23 14:23:53 +01:00
91ebfb5272
Made auth_mode as an command line option
2012-11-23 14:04:08 +01:00
7c90da9e75
Amended ChangeLog for client authentication fix
2012-11-23 14:02:40 +01:00
926af7582a
Fixed client certificate handling with TLS 1.2
2012-11-23 13:38:07 +01:00
e667c98fb1
Added p_hw_data to ssl_context for context specific hardware acceleration data
2012-11-20 13:50:22 +01:00
1492633e54
Updated date for release
2012-11-20 10:58:09 +01:00
d10ff14355
Merged trunk changes for 1.2
2012-11-20 10:55:17 +01:00
1f9d02dc90
Added more notes / comments on own_cert, trust_ca purposes
2012-11-20 10:30:55 +01:00
e44ec108be
Fixed segfault in mpi_shift_r()
...
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
25338d74ac
Added proper gitignores for Linux CMake use
2012-11-18 22:56:39 +01:00
90f309ffe7
Added proper gitignores for linux compilation
2012-11-17 00:04:49 +01:00
75242c30fb
Added checking of CA peer cert to ssl_client1 as sane default
2012-11-17 00:03:46 +01:00
9a73632fd9
- Merged changesets 1399 up to and including 1415 into 1.2 branch
2012-11-14 12:39:52 +00:00
580153573b
- Do not free uninitialized ssl context
2012-11-14 12:15:41 +00:00
43ae298410
- Fixed argument types
2012-11-14 12:14:19 +00:00
34d8dbcc6d
- Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0)
2012-11-14 12:11:38 +00:00
e0f41f3086
- Updated version to 1.2.1
2012-11-13 12:55:02 +00:00
b815682a48
- Updated Changelog for 1.2.1
2012-11-13 12:52:17 +00:00
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
96c4ed8134
- Proper building of shared lib when SHARED defined
2012-11-13 10:37:52 +00:00
644db3893a
- Added SHARED define for building with -fPIC
2012-11-13 10:35:00 +00:00
