Manuel Pégourié-Gonnard
b3c6a97b31
Update Changelog for session-hash
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
178f9d6e19
Update Changelog for FALLBACK_SCSV
2014-11-05 16:00:49 +01:00
Paul Bakker
a6c5ea2c43
Include 1.2.12 release information in ChangeLog
2014-10-24 16:26:29 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Paul Bakker
b082bb50de
Fix typos in ChangeLog
2014-10-20 13:37:51 +02:00
Manuel Pégourié-Gonnard
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard
43c3b28ca6
Fix memory leak with crafted ClientHello
2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard
64938c63f0
Accept spaces at end of line/buffer in base64
2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard
7f4ed67a97
Fix compile error with armcc in mpi_is_prime()
2014-10-15 22:06:46 +02:00
Manuel Pégourié-Gonnard
da1b4de0e4
Increase MPI_MAX_BYTES to allow RSA 8192
2014-10-15 22:06:46 +02:00
Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard
480905d563
Fix selection of hash from sig_alg ClientHello ext.
2014-08-30 14:19:59 +02:00
Sander Niemeijer
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard
a13500fdf7
Fix bug with ssl_close_notify and non-blocking I/O
2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard
f07f421759
Fix server-initiated renego with non-blocking I/O
2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard
f26a1e8602
ssl_read() stops returning non-application data
2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard
dca108e5a2
Rm reference to non-existent file in VS projects
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
462906f955
Do no test net_usleep() when not defined
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
868c0eea08
Update Changelog for the last few commits
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
42cc641159
Don't print uninitialized buffer in ssl_mail_client
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9a6b442cee
Fix non-blocking sockets in net_accept()
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
a04fa4fa04
RSA-PSK key exchange requires TLS 1.x
...
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858
Fix compile error in ssl_pthread_server
2014-08-14 11:34:33 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
1910aa78a3
Fix release date for 1.3.8
2014-07-11 11:28:56 +02:00
Paul Bakker
0ae5a3d336
Include 1.2.11 ChangeLog
2014-07-11 11:28:30 +02:00
Paul Bakker
6c343d7d9a
Fix mpi_write_string() to write "00" as hex output for empty MPI
2014-07-10 15:27:10 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
28476e2789
Updated ChangeLog
2014-07-09 10:19:52 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f
Change selection of hash algorithm for TLS 1.2
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
bd77254b18
md_list() starting with strongest hash
2014-07-08 13:03:02 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Paul Bakker
b9e08b086b
Merge server-side enforced renegotiation requests
2014-07-04 15:01:37 +02:00
Paul Bakker
d598318661
Fix base64_decode() to return and check length correctly
2014-07-04 15:01:00 +02:00
Paul Bakker
23647b4df5
Update ChangeLog
2014-07-04 15:00:12 +02:00
Manuel Pégourié-Gonnard
dfc7df0bec
Add SSL_CIPHERSUITES config option
2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard
01edb1044c
Add POLARSSL_REMOVE_RC4_CIPHERSUITES
2014-06-25 11:27:59 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
3135725670
Disable broken Sparc64 bn_mul assembly
2014-06-25 11:26:15 +02:00
Manuel Pégourié-Gonnard
8df68632e8
Fix bug in DHE-PSK PMS computation
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579
Fix off-by-one error in point format parsing
2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
acbcbba860
Fix asm format of bn_mul.h for more portability
...
Found by Barry K. Nathan.
Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html :
"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-06-25 11:26:13 +02:00
Barry K. Nathan
35e7cb9aa6
Fix preprocessor checks for bn_mul PPC asm
...
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a
Restore ability to trust non-CA selfsigned EE cert
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516
Restore ability to use v1 CA if trusted locally
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
08485cca81
Fix SSL_BUFFER_LEN
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
eaa76f7e20
Fix computation of minlen for encrypted packets
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
0bcc4e1df7
Fix length checking for AEAD ciphersuites
2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard
3579522d31
Update Changelog for example configs changes
2014-06-24 17:33:54 +02:00
Manuel Pégourié-Gonnard
398c57b0b3
Blowfish accepts variable key len in cipher layer
2014-06-24 11:01:33 +02:00
Paul Bakker
3c38f29a61
Fix DER output of gen_key app (found by Gergely Budai)
2014-06-14 16:46:43 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Paul Bakker
c2ff2083ee
Merge parsing and verification of RSASSA-PSS in X.509 modules
2014-06-12 22:02:47 +02:00
Paul Bakker
f51183a262
Revert deleted PolarSSL 1.3.4 release line in ChangeLog
2014-06-12 21:53:40 +02:00
Paul Bakker
863989bc81
Add LINK_WITH_PTHREAD to ChangeLog
2014-06-12 21:49:01 +02:00
Paul Bakker
49033ba0ac
Update ChangeLog for external fixes
2014-06-12 21:46:13 +02:00
Manuel Pégourié-Gonnard
b479871956
Update Changelog for RSASSA-PSS in X.509
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard
bf696d030b
Make sig_opts non-optional in X509 structures
...
This simplifies the code.
2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
cf975a3857
Factor out some common code
2014-06-02 16:12:46 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
c6ece49890
Updated ChangeLog for CCM
2014-05-22 15:45:03 +02:00
Paul Bakker
0f651c7422
Stricter check on SSL ClientHello internal sizes compared to actual packet size
2014-05-22 15:12:19 +02:00
Paul Bakker
dff3139cc8
Updated ChangeLog
2014-05-22 15:06:41 +02:00
Paul Bakker
5593f7caae
Fix typo in debug_print_msg()
2014-05-06 10:29:28 +02:00
Paul Bakker
47431b6d31
Updated ChangeLog for 1.3.7 to 2014-05-02
2014-05-02 13:27:13 +02:00
Paul Bakker
da13016d84
Prepped for 1.3.7 release
2014-05-01 14:27:19 +02:00
Barry K. Nathan
cf975f5988
Fix build with cc from Apple LLVM
...
On Xcode 4.x and above (I tested Xcode 4.6.3 on 10.7.5 and Xcode 5.5.1 on 10.9.2), cmake (2.8.12.2, whether from MacPorts or from clang.org, FWIW) is detecting /usr/bin/cc as Clang, but CMAKE_COMPILER_IS_CLANG is not getting set, so the tests aren't being built. (There may have been other build problems as well, but the fact that the tests weren't being built was by far the most obvious problem.)
Checking the compiler ID detected by cmake, rather than the name of the command used to invoke the compiler, fixes this.
2014-04-30 16:53:34 +02:00
Markus Pfeiffer
a26a005acf
Make compilation on DragonFly work
2014-04-30 16:52:28 +02:00
Paul Bakker
2a024ac86a
Merge dependency fixes
2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard
c16f4e1f78
Move RC4 ciphersuites down the list
2014-04-30 16:27:06 +02:00
Paul Bakker
8eab8d368b
Merge more portable AES-NI
2014-04-30 16:21:08 +02:00
Paul Bakker
33dc46b080
Fix bug with mpi_fill_random() on big-endian
2014-04-30 16:20:39 +02:00
Paul Bakker
f96f7b607a
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-04-30 16:02:38 +02:00
Paul Bakker
6384440b13
Better support for the different Attribute Types from IETF PKIX (RFC 5280)
2014-04-30 15:34:12 +02:00
Paul Bakker
24f37ccaed
rsa_check_pubkey() now allows an E up to N
2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5
version_check_feature() added to check for compile-time options at run-time
2014-04-30 11:49:44 +02:00
Paul Bakker
a70366317d
Improve interop by not writing ext_len in ClientHello / ServerHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
3a306b9067
Fix misplaced #endif in ssl_tls.c
2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2
Fix some more curve depends in X.509 tests
2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
63a5bfe903
Update Changelog for AES-NI
2014-04-26 17:21:07 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6
Debug module only outputs full lines instead of parts
2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa
debug_set_log_mode() added to determine raw or full logging
2014-04-25 16:58:14 +02:00
Paul Bakker
61885c7f7f
Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
...
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker
fdba46885b
cert_write app should use subject of issuer certificate as issuer of cert
2014-04-25 11:48:35 +02:00
Paul Bakker
4ffcd2f9c3
Typo in PKCS#11 module
2014-04-25 11:44:12 +02:00
Paul Bakker
10a9dd35ea
Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c
2014-04-25 11:27:16 +02:00
Paul Bakker
088c5c5f18
POLARSSL_CONFIG_OPTIONS has been removed. Values are set individually
...
For the Platform module this requires the introduction of
POLARSSL_PLATFORM_NO_STD_FUNCTIONS to allow not performing the default
assignments.
2014-04-25 11:11:10 +02:00
Paul Bakker
e92f73d73b
Updated ChangeLog
2014-04-18 14:08:26 +02:00
Paul Bakker
784b04ff9a
Prepared for version 1.3.6
2014-04-11 15:33:59 +02:00
Manuel Pégourié-Gonnard
9655e4597a
Reject certificates with times not in UTC
2014-04-11 13:59:36 +02:00
Manuel Pégourié-Gonnard
0776a43788
Use UTC to heck certificate validity
2014-04-11 13:59:31 +02:00
Paul Bakker
52c5af7d2d
Merge support for verifying the extendedKeyUsage extension in X.509
2014-04-11 13:58:57 +02:00
Manuel Pégourié-Gonnard
78848375c0
Declare EC constants as 'const'
2014-04-11 13:58:41 +02:00
Paul Bakker
1630058dde
Potential buffer overwrite in pem_write_buffer() fixed
...
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard
b7fff0f9c6
Update Changelog for extendedKeyUsage
2014-04-11 11:32:39 +02:00
Paul Bakker
59366213cb
Updated ChangeLog for keyUsage merge
2014-04-09 15:55:20 +02:00