257 Commits

Author	SHA1	Message	Date
Paul Bakker	62dfcf0a55	Prepped for 1.1.8 release	2013-09-25 18:17:36 +02:00
Paul Bakker	3513868f29	Fixed potential file descriptor leaks	2013-09-11 13:28:00 +02:00
Paul Bakker	3081ba12bb	Fixed potential heap buffer overflow on large hostname setting ... (cherry picked from commit 75c1a6f97c9b25b71bcc95b158bc673f6db04400) Conflicts: library/ssl_tls.c	2013-09-11 13:24:12 +02:00
Paul Bakker	df177ba728	Fixed potential memory leak when failing to resume a session ... Conflicts: ChangeLog library/ssl_tls.c	2013-09-11 13:22:52 +02:00
Paul Bakker	16e5f81473	Fixed potential negative value misinterpretation in load_file() ... (cherry picked from commit 42c3ccf36e86972bff3a74c1e74c11311e6a7af0) Conflicts: library/x509parse.c	2013-09-11 13:20:05 +02:00
Paul Bakker	8648f04e47	Potential buffer-overflow for ssl_read_record()	2013-09-11 13:16:28 +02:00
Paul Bakker	3f5b753654	ssl_write_certificate_request() can handle empty ca_chain ... (cherry picked from commit 21360ca4d45c47f16952fa1f75c21600c4e26d7e) Conflicts: library/ssl_srv.c	2013-06-21 15:13:59 +02:00
Paul Bakker	68514b09a1	Prepared for PolarSSL release 1.1.7	2013-06-19 12:15:10 +02:00
Paul Bakker	90f242bf2e	Fixed values for 2-key Triple DES in cipher layer ... (cherry picked from commit 2be71faae4df9f97a700e7e813dad7b544492339) Conflicts: ChangeLog	2013-06-19 12:13:56 +02:00
Paul Bakker	a465d758aa	Added missing free() ... (cherry picked from commit ff3a4b010b24c0293c3cefc1c8582b23775e1870)	2013-06-19 12:11:20 +02:00
Paul Bakker	03437fc198	Changed x509parse_crt_der() to support adding to chain. ... Removed chain functionality from x509parse_crt() as x509parse_crt_der() now handles that much cleaner. (cherry picked from commit d6d4109adc01417abde44b3325d8438b584de5e5)	2013-06-19 12:10:31 +02:00
Paul Bakker	b5df3bf1b4	ssl_parse_certificate() now calls x509parse_crt_der() directly ... (cherry picked from commit 1922a4e6aade7b1d685af19d4d9339ddb5c02859) Conflicts: library/ssl_tls.c	2013-06-19 12:08:47 +02:00
Paul Bakker	721f06d49d	x509parse_crt() now better handles PEM error situations ... Because of new pem_read_buffer() handling of when it writes use_len, x509parse_crt() is able to better handle situations where a PEM blob results in an error but the other blobs can still be parsed. (cherry picked from commit 6417186365f4a73a719fff754fefe8edcef2bc28) Conflicts: ChangeLog	2013-06-19 12:07:42 +02:00
Paul Bakker	03a85bca4c	pem_read_buffer() already update use_len after header and footer are read ... After header and footer are read, pem_read_buffer() is able to determine the length of input data used. This allows calling functions to skip this PEM bit if an error occurs during its parsing. (cherry picked from commit 9255e8300e550b548b54603c77585921f442e391)	2013-06-19 12:06:00 +02:00
Paul Bakker	d3cd5c1129	Prepared for PolarSSL 1.1.6 release	2013-03-11 17:02:58 +01:00
Paul Bakker	b5f272778e	Fixed net_bind() for specified IP addresses on little endian systems ... (cherry picked from commit 37286a573bd36b7d80fd101b54bd25bb04979b4e) Conflicts: ChangeLog library/net.c	2013-03-11 16:53:25 +01:00
Paul Bakker	e73a77f656	Removed timing differences due to bad padding from RSA decrypt for ... PKCS#1 v1.5 operations (cherry picked from commit 8804f69d46ef5cb5fad403f4df8e14725966443d) Conflicts: ChangeLog library/rsa.c	2013-03-11 16:51:05 +01:00
Paul Bakker	0a971b5dc8	Removed further timing differences during SSL message decryption in ssl_decrypt_buf() ... New padding checking is unbiased on correct or incorrect padding and has no branch prediction timing differences. The additional MAC checks further straighten out the timing differences. (cherry picked from commit e47b34bdc8507b63758402f69e7623d11dfb6984) Conflicts: ChangeLog library/ssl_tls.c	2013-03-11 16:08:06 +01:00
Paul Bakker	f6bff2a300	Made x509parse.c also work with missing hash header files ... (cherry picked from commit 2ca8ad10a121e7d579ae935ccd9e9508604680ec)	2013-03-11 16:05:32 +01:00
Paul Bakker	9fa6ea7cdf	Fixed comment ... (cherry picked from commit 86f04f400b3ce789b2a1105da1d42c39c69e47c5)	2013-03-11 16:03:35 +01:00
Paul Bakker	48b7cb8ea2	Disable debug messages that can introduce a timing side channel. ... Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug messages in case somebody does want to see the reason checks fail. (cherry picked from commit d66f070d492ef75405baad9f0d018b1bd06862c8) Conflicts: include/polarssl/config.h library/ssl_tls.c	2013-03-11 15:59:03 +01:00
Paul Bakker	6a229c1f8c	Fixed timing difference resulting from badly formatted padding. ... (cherry picked from commit 4582999be608c9794d4518ae336b265084db9f93) Conflicts: ChangeLog library/ssl_tls.c	2013-03-11 15:56:17 +01:00
Paul Bakker	cb60e7c065	Allow enabling of dummy error_strerror() to support some use-cases ... Enable a dummy error function to make use of error_strerror() in third party libraries easier. Disable if you run into name conflicts and want to really remove the error_strerror() (cherry picked from commit 8fe40dcd7d3b46193f74032361efb674112ee9e5) Conflicts: ChangeLog programs/util/strerror.c	2013-03-11 15:50:35 +01:00
Paul Bakker	66a531b014	Bumped version numbers to 1.1.5	2013-01-16 14:06:28 +01:00
Paul Bakker	9406c12b1b	Fixed typo	2013-01-16 14:02:02 +01:00
Paul Bakker	cf45a56631	Fixes for MSVC6 ... (cherry picked from commit 7a2538ee38f6fde58bc6d3eb45624a5ac8eeaa30)	2013-01-16 13:38:20 +01:00
Paul Bakker	5f5593a30e	Handle encryption with private key and decryption with public key as per RFC 2313 ... (cherry picked from commit e6ee41f932f71e86b2d33a9ed12ba4e3d172b1ca)	2013-01-16 13:26:56 +01:00
Paul Bakker	c048493374	Memory leak when using RSA_PKCS_V21 operations fixed ... (cherry picked from commit 40628bad98973fb7270b6822924086c4d27b3b79 and from commit 02303e8be478dc8836093331bde1341936ce1dc9)	2013-01-16 13:16:09 +01:00
Paul Bakker	5aef1e10f9	Fixed comments / typos ... (cherry picked from commit 096348fa7984bb86201c50d8e8e030059af2fb6d)	2013-01-16 13:16:09 +01:00
Paul Bakker	144c3cc8ab	Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 ... (cherry picked from commit 9daf0d0651d6346f6f21b6bce9797c626c88f24f)	2013-01-16 13:16:00 +01:00
Paul Bakker	0ae1f40299	Allow R and A to point to same mpi in mpi_div_mpi ... (cherry picked from commit f02c5642d0f19281e7c30d849bf8cd94703a9bd5 and from commit 50546921ac8250d1884c41fd9dc7a645007d4103)	2013-01-16 13:03:46 +01:00
Manuel Pégourié-Gonnard	f173e0ac74	Fixed segfault in mpi_shift_r(), Fixed memory leak in test_suite_mpi ... (cherry picked from commit e44ec108bea03837fa72714ca33e6dc557c1189b)	2013-01-16 12:52:17 +01:00
Paul Bakker	d8ee8440a7	mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52) ... (cherry picked from commit f6198c1513edcb44e7edb96fc82e3a5549a4bdc3)	2013-01-16 12:51:13 +01:00
Paul Bakker	7261cbaa91	Better checking for reading over buffer boundaries ... (Partial cherry picked from commit 535e97dbab8cf34bb1e487f0f0f169a04eb9921f)	2013-01-16 12:44:01 +01:00
Paul Bakker	087e0379c5	Moved mpi_inv_mod() outside POLARSSL_GENPRIME ... (cherry picked from commit d9374b05d67ca1abcfe0f6b289b6583b6257eee3) Conflicts: ChangeLog	2013-01-14 17:57:13 +01:00
Paul Bakker	ebee076da6	Fixed bug in mpi_add_abs with adding a small number to a large mpi with carry rollover. ... (cherry picked from commit 2d319fdfcb36d53a733293904a5bf42775332fed)	2013-01-14 17:36:52 +01:00
Paul Bakker	47f626184c	Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob ... (cherry picked from commit b00ca42f2a26133172d9df9304bfbc9b093a43dc) Conflicts: ChangeLog (Moved message to 'Branch 1.1')	2013-01-14 17:36:49 +01:00
Paul Bakker	0ea57e8c7a	Fixed potential memory zeroization on miscrafted RSA key ... (cherry picked from commit 3c16db9a10a3087e1611cd8ffb9ca564c0e9cf60) Conflicts: ChangeLog (Moved message to 'Branch 1.1')	2013-01-14 17:36:47 +01:00
Paul Bakker	ff47dec89d	Added proper gitignores for linux compilation ... (cherry picked from commit 90f309ffe784daa69568ac688b0bd6c118d4e2e0)	2013-01-14 17:36:39 +01:00
Paul Bakker	8639578f58	- Correctly handle empty packets (Found by James Yonan)	2012-05-30 07:39:36 +00:00
Paul Bakker	0715668eea		2012-05-30 07:33:30 +00:00
Paul Bakker	a63c9e9fba	- Added 1.1.3 changes to 1.1 branch	2012-04-29 20:29:53 +00:00
Paul Bakker	662d1686d9	- Fixed random MPI generation to not generate more size than requested.	2012-04-29 20:15:55 +00:00
Paul Bakker	e893b669de	- Updated polarssl-1.1 branch with merged trunk patches	2012-04-26 19:30:20 +00:00
Paul Bakker	32356acc4f	- Fixed handling error in mpi_cmp_mpi() on longer B values (found by Hui Dong)	2012-04-20 13:34:52 +00:00
Paul Bakker	e2f8ff6797	- Merged security fixes to 1.1 branch	2012-04-20 13:33:14 +00:00
Paul Bakker	e2e36d31bd	- Merged changes from trunk to PolarSSL 1.1 branch	2012-01-23 09:56:51 +00:00
Paul Bakker	d567aa2b6e	- Merged Trunk changes for 1.1 into branch	2011-12-22 10:06:27 +00:00
Paul Bakker	732e1a893c	- Merged trunk into 1.1 branch	2011-12-11 16:35:09 +00:00
Paul Bakker	c50132d4fa	- Updated version of PolarSSL to 1.1.0	2011-12-05 14:38:36 +00:00