Commit graph

454 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
dfc7df0bec Add SSL_CIPHERSUITES config option 2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard
01edb1044c Add POLARSSL_REMOVE_RC4_CIPHERSUITES 2014-06-25 11:27:59 +02:00
Paul Bakker
2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
3135725670 Disable broken Sparc64 bn_mul assembly 2014-06-25 11:26:15 +02:00
Manuel Pégourié-Gonnard
8df68632e8 Fix bug in DHE-PSK PMS computation 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
fd35af1579 Fix off-by-one error in point format parsing 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard
acbcbba860 Fix asm format of bn_mul.h for more portability
Found by Barry K. Nathan.

Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html:

"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-06-25 11:26:13 +02:00
Barry K. Nathan
35e7cb9aa6 Fix preprocessor checks for bn_mul PPC asm
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a Restore ability to trust non-CA selfsigned EE cert 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516 Restore ability to use v1 CA if trusted locally 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
08485cca81 Fix SSL_BUFFER_LEN 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
eaa76f7e20 Fix computation of minlen for encrypted packets 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
0bcc4e1df7 Fix length checking for AEAD ciphersuites 2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard
3579522d31 Update Changelog for example configs changes 2014-06-24 17:33:54 +02:00
Manuel Pégourié-Gonnard
398c57b0b3 Blowfish accepts variable key len in cipher layer 2014-06-24 11:01:33 +02:00
Paul Bakker
3c38f29a61 Fix DER output of gen_key app (found by Gergely Budai) 2014-06-14 16:46:43 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker
c2ff2083ee Merge parsing and verification of RSASSA-PSS in X.509 modules 2014-06-12 22:02:47 +02:00
Paul Bakker
f51183a262 Revert deleted PolarSSL 1.3.4 release line in ChangeLog 2014-06-12 21:53:40 +02:00
Paul Bakker
863989bc81 Add LINK_WITH_PTHREAD to ChangeLog 2014-06-12 21:49:01 +02:00
Paul Bakker
49033ba0ac Update ChangeLog for external fixes 2014-06-12 21:46:13 +02:00
Manuel Pégourié-Gonnard
b479871956 Update Changelog for RSASSA-PSS in X.509 2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard
bf696d030b Make sig_opts non-optional in X509 structures
This simplifies the code.
2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard
cf975a3857 Factor out some common code 2014-06-02 16:12:46 +02:00
Paul Bakker
1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker
c6ece49890 Updated ChangeLog for CCM 2014-05-22 15:45:03 +02:00
Paul Bakker
0f651c7422 Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-05-22 15:12:19 +02:00
Paul Bakker
dff3139cc8 Updated ChangeLog 2014-05-22 15:06:41 +02:00
Paul Bakker
5593f7caae Fix typo in debug_print_msg() 2014-05-06 10:29:28 +02:00
Paul Bakker
47431b6d31 Updated ChangeLog for 1.3.7 to 2014-05-02 2014-05-02 13:27:13 +02:00
Paul Bakker
da13016d84 Prepped for 1.3.7 release 2014-05-01 14:27:19 +02:00
Barry K. Nathan
cf975f5988 Fix build with cc from Apple LLVM
On Xcode 4.x and above (I tested Xcode 4.6.3 on 10.7.5 and Xcode 5.5.1 on 10.9.2), cmake (2.8.12.2, whether from MacPorts or from clang.org, FWIW) is detecting /usr/bin/cc as Clang, but CMAKE_COMPILER_IS_CLANG is not getting set, so the tests aren't being built. (There may have been other build problems as well, but the fact that the tests weren't being built was by far the most obvious problem.)

Checking the compiler ID detected by cmake, rather than the name of the command used to invoke the compiler, fixes this.
2014-04-30 16:53:34 +02:00
Markus Pfeiffer
a26a005acf Make compilation on DragonFly work 2014-04-30 16:52:28 +02:00
Paul Bakker
2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard
c16f4e1f78 Move RC4 ciphersuites down the list 2014-04-30 16:27:06 +02:00
Paul Bakker
8eab8d368b Merge more portable AES-NI 2014-04-30 16:21:08 +02:00
Paul Bakker
33dc46b080 Fix bug with mpi_fill_random() on big-endian 2014-04-30 16:20:39 +02:00
Paul Bakker
f96f7b607a On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-04-30 16:02:38 +02:00
Paul Bakker
6384440b13 Better support for the different Attribute Types from IETF PKIX (RFC 5280) 2014-04-30 15:34:12 +02:00
Paul Bakker
24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5 version_check_feature() added to check for compile-time options at run-time 2014-04-30 11:49:44 +02:00
Paul Bakker
a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
3a306b9067 Fix misplaced #endif in ssl_tls.c 2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2 Fix some more curve depends in X.509 tests 2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
63a5bfe903 Update Changelog for AES-NI 2014-04-26 17:21:07 +02:00
Paul Bakker
c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6 Debug module only outputs full lines instead of parts 2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa debug_set_log_mode() added to determine raw or full logging 2014-04-25 16:58:14 +02:00
Paul Bakker
61885c7f7f Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker
fdba46885b cert_write app should use subject of issuer certificate as issuer of cert 2014-04-25 11:48:35 +02:00