90f042d4cb
Prepared for PolarSSL 1.2.6 release
polarssl-1.2.6
2013-03-11 11:38:44 +01:00
fb1cbd3cea
Fixed assembly code for ARM (Thumb and regular) for some compilers
2013-03-06 18:14:52 +01:00
e81beda60f
The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
...
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.
As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
a35aa54967
Fixed whitespaces in ChangeLog
2013-03-06 18:01:03 +01:00
78a8c71993
Re-added support for parsing and handling SSLv2 Client Hello messages
...
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.
It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
37286a573b
Fixed net_bind() for specified IP addresses on little endian systems
2013-03-06 18:01:03 +01:00
926c8e49fe
Fixed possible NULL pointer exception in ssl_get_ciphersuite()
2013-03-06 18:01:03 +01:00
8804f69d46
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
a43231c5a5
Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt()
2013-03-06 18:01:02 +01:00
b386913f8b
Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
...
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()
The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
e3e4a59622
Added bugfix line for previous fixes for MS Visual Studio
2013-03-06 18:01:02 +01:00
8ea31ff3b5
Added missing typedef for INT64
2013-03-06 18:01:02 +01:00
9f2018ea28
Fixed typo in _MSC_VER (double underscore at the start)
2013-03-06 18:01:02 +01:00
8ddb645ad3
Added conversion to int for a t_uint value to prevent compiler warnings
...
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
2ca8ad10a1
Made x509parse.c also work with missing hash header files
2013-02-19 13:17:38 +01:00
6deb37e03e
Added comments to indicate dependency from PEM on AES, DES and MD5
2013-02-19 13:17:08 +01:00
fbb5cf9f59
Fixed typo in base64.h
2013-02-14 11:56:58 +01:00
86f04f400b
Fixed comment
2013-02-14 11:20:09 +01:00
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
f35b739dff
Add a few check for context validity.
2013-02-11 22:12:39 +01:00
424fda5d7b
Add ecdh_calc_secret()
2013-02-11 22:05:42 +01:00
5cceb41d2c
Add ecdh_{make,read}_public()
2013-02-11 21:51:45 +01:00
854fbd7ba2
Add ecdh_read_params().
2013-02-11 21:32:24 +01:00
13724765b2
Add ecdh_make_server_params (untested yet)
2013-02-10 15:01:54 +01:00
63533e44c2
Create ecdh_context structure
2013-02-10 14:22:44 +01:00
98f51815d6
Fix ecp_tls_read_point's signature
2013-02-10 13:38:29 +01:00
7c145c6418
Fix ecp_tls_read_group's signature
2013-02-10 13:20:52 +01:00
8c16f96259
Add a few tests for ecp_tls_read_point
2013-02-10 13:00:20 +01:00
46106a9d75
Add tests for (and fix bug in) ecp_tls_write_group
2013-02-10 12:51:17 +01:00
420f1eb675
Fix ecp_tls_write_point's signature
2013-02-10 12:22:46 +01:00
b325887fad
Add ecp_tls_write_group()
2013-02-10 12:06:19 +01:00
6282acaec2
Add basic tests for ecp_tls_*_point
2013-02-10 11:15:11 +01:00
7e86025f32
Rename ecp_*_binary to ecp_point_*_binary
2013-02-10 10:58:48 +01:00
d84895dc22
Supress 'format' argument to ecp_read_binary.
...
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
0079405918
Add functions for read/write ECPoint records
2013-02-09 19:00:07 +01:00
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
c7a2da437e
Updated for PolarSSL 1.2.5
polarssl-1.2.5
2013-02-02 19:23:57 +01:00
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
cf4a70c8ed
Adjust names of ECDSA tests.
2013-01-27 09:10:53 +01:00
450a163c81
Fix valgrind warning in ECDSA test suite.
2013-01-27 09:08:18 +01:00
007b7177ef
ECDH : add test vectors from RFC 5903.
2013-01-27 09:00:02 +01:00
602a8973d7
ECDSA : test vectors from RFC 4754
2013-01-27 08:10:28 +01:00
d1c7150bf5
Basic tests for ECDSA.
2013-01-26 19:11:28 +01:00
3aeb5a7192
Add ECDSA signature primitive.
2013-01-26 19:11:28 +01:00
b309ab2936
Add ECDSA sign primitive
2013-01-26 19:11:28 +01:00