Commits · 5ed3b34e229c2bc6f56ec927848f6f44e39241d8 · BC / public / external / mbedtls

24 Jun, 2013 9 commits

x509parse_crt() now better handles PEM error situations · 5ed3b34e

Paul Bakker authored Jun 24, 2013

Because of new pem_read_buffer() handling of when it writes use_len,
x509parse_crt() is able to better handle situations where a PEM blob
results in an error but the other blobs can still be parsed.
(cherry picked from commit 64171863)

5ed3b34e

pem_read_buffer() already update use_len after header and footer are read · 00b2860e

Paul Bakker authored Jun 24, 2013

After header and footer are read, pem_read_buffer() is able to determine
the length of input data used. This allows calling functions to skip
this PEM bit if an error occurs during its parsing.
(cherry picked from commit 9255e830)

00b2860e

Added error.h inclusion in error.c template · b2a11404
Paul Bakker authored Jun 24, 2013
```
(cherry picked from commit ac6168b9)
```
b2a11404

Disabled the HAVEGE random generator by default · 2a84424a

Paul Bakker authored Jun 24, 2013

Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
(cherry picked from commit 08f06cf4)

2a84424a

Fixed const correctness issues in programs and tests · ef3f8c74

Paul Bakker authored Jun 24, 2013

(cherry picked from commit e0225e4d)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c

ef3f8c74

Fixed const correctness issues that have no impact on the ABI · 3c2122ff
Paul Bakker authored Jun 24, 2013
```
(cherry picked from commit eae09db9)

Conflicts:
	library/gcm.c
```
3c2122ff
Secure renegotiation extension should only be sent in case client supports secure renegotiation · 20139505
Paul Bakker authored Jun 24, 2013
```
(cherry picked from commit 7c3c3899)
```
20139505
PolarSSL 1.2.6 and PolarSSL 1.2.7 changes added to ChangeLog · de65623f
Paul Bakker authored Jun 24, 2013

de65623f
PolarSSL 1.1.6 and PolarSSL 1.1.7 changed added to ChangeLog · 248fff53
Paul Bakker authored Jun 24, 2013

248fff53

22 May, 2013 1 commit
- Fixed parse error in ssl_parse_certificate_request() · 73d4431c
  Paul Bakker authored May 22, 2013
  
  73d4431c
21 May, 2013 1 commit
- ca_path and ca_file arguments added to support chain validation in · 777a5757
  Paul Bakker authored May 21, 2013
```
cert_app
```
  777a5757
14 May, 2013 2 commits
- Possible resource leak on FILE* removed in X509 parse · f6a19bd7
  Paul Bakker authored May 14, 2013
  
  f6a19bd7
- Possible resource leak on FILE* removed in CTR_DRBG · c72d3f7d
  Paul Bakker authored May 14, 2013
  
  c72d3f7d
19 Apr, 2013 10 commits
- Comments for extra PSK ciphersuites added to config.h · 45bda90c
  Paul Bakker authored Apr 19, 2013
  
  45bda90c
- Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487 · 40afb4ba
  Paul Bakker authored Apr 19, 2013
  
  40afb4ba
- Reordered ID's to numerical order · 0c5fac29
  Paul Bakker authored Apr 19, 2013
  
  0c5fac29
- Added PSK NULL ciphers from RFC4785 · a1bf92dd
  Paul Bakker authored Apr 19, 2013
  
  a1bf92dd
- PSK and DHE-PSK addition to ChangeLog · b91c2b57
  Paul Bakker authored Apr 19, 2013
  
  b91c2b57
- Added missing config.h include · bc956d90
  Paul Bakker authored Apr 19, 2013
  
  bc956d90
- DHE-PSK based ciphersuite support added and cleaner key exchange based · 48f7a5d7
  Paul Bakker authored Apr 19, 2013
```
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
```
  48f7a5d7
- Only allow missing SereverKeyExchange message in bare PSK mode · 188c8de4
  Paul Bakker authored Apr 19, 2013
  
  188c8de4
- Prettier printing of the lists for longer ciphersuite names · bcbe2d8d
  Paul Bakker authored Apr 19, 2013
  
  bcbe2d8d
- Introduced defines to control availability of specific SSL Key Exchange · e07f41d4
  Paul Bakker authored Apr 19, 2013
```
methods.

Introduces POLARSSL_KEY_EXCHANGE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED, etc
```
  e07f41d4
18 Apr, 2013 7 commits
- Sanity checks added to config.h · 7ad00f98
  Paul Bakker authored Apr 18, 2013
```
At the end of config.h sanity checks have been added to check for
prerequisites in the different module dependencies
```
  7ad00f98
- More granular define selections within code to allow for smaller code · ed27a041
  Paul Bakker authored Apr 18, 2013
```
sizes
```
  ed27a041
- Added PSK ciphersuite tests to compat.sh · 7e5e7ca2
  Paul Bakker authored Apr 17, 2013
  
  7e5e7ca2
- Changed error code message to also cover missing pre-shared key · 73a899a9
  Paul Bakker authored Apr 17, 2013
  
  73a899a9
- Added pre-shared key handling for the server side of SSL / TLS · fbb17804
  Paul Bakker authored Apr 17, 2013
```
Server side handling of the pure PSK ciphersuites is now in the base
code.
```
  fbb17804
- Split parts of ssl_parse_client_key_exchange() into separate functions · 70df2fba
  Paul Bakker authored Apr 17, 2013
```
Made ssl_parse_client_dh_public(), ssl_parse_cient_ecdh_public() and
ssl_parse_encrypted_pms_secret() in preparation for PSK-related code
```
  70df2fba
- Added pre-shared key handling for the client side of SSL / TLS · d4a56ec6
  Paul Bakker authored Apr 16, 2013
```
Client side handling of the pure PSK ciphersuites is now in the base
code.
```
  d4a56ec6
16 Apr, 2013 3 commits

Removed extra spaces on end of lines · f7abd422
Paul Bakker authored Apr 16, 2013

f7abd422

split parts of ssl_parse_server_key_exchange() into separate functions · 29e1f12f

Paul Bakker authored Apr 16, 2013

Made ssl_parse_server_dh_params(), ssl_parse_server_ecdh_params() and
ssl_parse_signature_algorihm() in preparation for PSK-related code

29e1f12f

Ability to specify allowed ciphersuites based on the protocol version. · 8f4ddaee

Paul Bakker authored Apr 15, 2013

The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a6272988)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c

8f4ddaee

11 Apr, 2013 1 commit
- Fixed MPI assembly for ARM when -O2 is used · eff2e6d4
  Paul Bakker authored Apr 11, 2013
```
GCC with -O2 or higher also needs to now about 'cc' in the clobber list.
```
  eff2e6d4
09 Apr, 2013 1 commit

Cleanup of the GCM code · 0ecdb23e

Paul Bakker authored Apr 09, 2013

Removed unused variable 'v'

orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes

0ecdb23e

08 Apr, 2013 4 commits
- Split up largest test suite data files into smaller chunks · 286bf3c5
  Paul Bakker authored Apr 08, 2013
  
  286bf3c5
- Enable PBKDF2 by default · 370e90c2
  Paul Bakker authored Apr 08, 2013
  
  370e90c2
- Removed duplicate value from compat.sh ciphersuite list · abfdfbfd
  Paul Bakker authored Apr 08, 2013
  
  abfdfbfd
- Fixed compiler warning for possible uninitialized ret · a280d0f2
  Paul Bakker authored Apr 08, 2013
  
  a280d0f2
07 Apr, 2013 1 commit

Added Camellia ECDHE-based CBC ciphersuites · 27714b1a

Paul Bakker authored Apr 07, 2013

Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384

27714b1a