Manuel Pégourié-Gonnard
14ed1a2934
Update changelog for cmake changes
2014-03-13 19:25:06 +01:00
Alex Wilson
7349142ce7
Don't try to use MIPS32 asm macros on MIPS64
...
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
844a4c0aef
Fix RSASSA-PSS example programs
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
83cdffc437
Forbid sequence number wrapping
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25
Reject certs and CRLs from the future
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c
Fix depend issues in test suites for cipher modes
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
796c6f3aff
Countermeasure against "triple handshake" attack
2014-03-13 19:25:06 +01:00
Paul Bakker
3d52ab76f6
Fixed CMake symlinking on out-of-source builds
2014-03-07 10:33:55 +01:00
Manuel Pégourié-Gonnard
47fc5ae400
Fxi typo
2014-02-20 15:56:43 +01:00
Manuel Pégourié-Gonnard
6b1e207081
Fix verion-major intolerance
2014-02-12 10:14:54 +01:00
Manuel Pégourié-Gonnard
c9093085ed
Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
...
This reverts commit ab50d8d30ce31b1d992a
2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard
6df09578bb
Revert "Mutex call in x509_crt.c depended on PTHREAD specific instead of generic"
...
This reverts commit 9eae7aae80
2014-02-12 09:29:05 +01:00
Paul Bakker
2ceda57989
Ability to force the Entropy module to use SHA-256 as its basis
...
By default the SHA-512 module is used if both are available. On some
systems, SHA-256 is the better choice.
Contributed by: Gergely Budai
2014-02-06 15:55:25 +01:00
Paul Bakker
cd6d69a414
Fixed testing with out-of-source builds using cmake
2014-02-06 15:44:11 +01:00
Paul Bakker
f2561b3f69
Ability to provide alternate timing implementation
2014-02-06 15:32:26 +01:00
Paul Bakker
47703a0a80
More entropy functions made thread-safe (add_source, update_manual, gather)
2014-02-06 15:01:20 +01:00
Paul Bakker
9eae7aae80
Mutex call in x509_crt.c depended on PTHREAD specific instead of generic
...
threading
2014-02-06 14:51:53 +01:00
Paul Bakker
6a28e722c9
Merged platform compatibility layer
2014-02-06 13:44:19 +01:00
Paul Bakker
ab50d8d30c
Merged RSA-PSS support in Certificate, CSR and CRL
2014-02-06 13:14:56 +01:00
Paul Bakker
e31b1d992a
Added Curve preference order to ChangeLog
2014-02-06 13:08:02 +01:00
Manuel Pégourié-Gonnard
fbf0915404
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-02-05 17:01:24 +01:00
Paul Bakker
5fb8efe71e
Merged HMAC-DRBG code
2014-02-05 15:55:18 +01:00
Manuel Pégourié-Gonnard
6e8e34d61e
Fix ecp_gen_keypair()
...
Too few tries caused failures for some curves (esp. secp224k1)
2014-02-05 15:53:45 +01:00
Paul Bakker
2cb1a0c400
Fixed indication for TrustInSoft fix
2014-01-27 13:36:23 +01:00
Paul Bakker
b84582b7a6
Fixed up ChangeLog with missing bug fixes
2014-01-27 12:23:43 +01:00
Paul Bakker
2aca241425
Ready for release 1.3.4
2014-01-27 11:59:30 +01:00
Paul Bakker
e6c2ddb0b8
Updated ChangeLog with deterministic ECDSA
2014-01-27 11:59:29 +01:00
Paul Bakker
42099c3155
Revert "Add pk_rsa_set_padding() and rsa_set_padding()"
...
This reverts commit b4fae579e8
2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard
5cac583482
Factor out some common code
2014-01-25 12:48:58 +01:00
Paul Bakker
d75ba40cc3
SMTP lines are officially terminated with CRLF, ssl_mail_client fixed
2014-01-24 16:12:18 +01:00
Paul Bakker
556efba51c
Added AES CFB8 mode
2014-01-24 15:38:12 +01:00
Paul Bakker
5862eee4ca
Merged RIPEMD-160 support
2014-01-22 14:18:34 +01:00
Paul Bakker
0ac99ca7bc
Merged support for secp224k1, secp192k1 and secp25k1
2014-01-22 13:10:48 +01:00
Paul Bakker
3eb9673e19
Updated ChangeLog with recent changes
2014-01-22 13:08:19 +01:00
Paul Bakker
a8fd3e31ed
Removed POLARSSL_THREADING_DUMMY option
2013-12-31 11:54:08 +01:00
Paul Bakker
6992eb762c
Fixed potential overflow in certificate size in ssl_write_certificate()
2013-12-31 11:38:33 +01:00
Paul Bakker
6ea1a95ce8
Added missing MPI_CHK() around some statements
2013-12-31 11:17:14 +01:00
Paul Bakker
5bc07a3d30
Prepped for 1.3.3
2013-12-31 10:57:44 +01:00
Paul Bakker
c73879139e
Merged ECP memory usage optimizations
2013-12-31 10:33:47 +01:00
Paul Bakker
956c9e063d
Reduced the input / output overhead with 200+ bytes and covered corner
...
case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Paul Bakker
f9c4953e39
Added version of the SSL pthread server example
2013-12-30 14:55:54 +01:00
Paul Bakker
23116fdb53
Merged AES-NI support for AES, AES-GCM and AES key scheduling
2013-12-30 14:10:35 +01:00
Paul Bakker
1a56fc96a3
Fixed x509_crt_parse_path() bug on Windows platforms
2013-12-19 13:52:33 +01:00
Paul Bakker
5a607d26b7
Merged IPv6 support in the NET module
2013-12-17 14:34:19 +01:00
Paul Bakker
5ab68ba679
Merged storing curves fully in ROM
2013-12-17 13:11:18 +01:00
Paul Bakker
fdf946928d
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
2013-12-17 13:10:27 +01:00
Paul Bakker
f70fe81a6e
Fixed memory leak in benchmark application
2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f
Potential memory leak in ssl_ticket_keys_init()
2013-12-17 13:09:12 +01:00
Paul Bakker
48d78a5e60
Merged support for Curve25519
2013-12-05 16:12:40 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de
Fix bug in mpi_set_bit
2013-12-05 15:58:38 +01:00
