Manuel Pégourié-Gonnard
01978bfe63
Merge branch 'polarssl-1.2' into polarssl-1.2-restricted
...
* polarssl-1.2:
Fix spurious #endif from previous cherry-pick
Fix macroization of inline in C++
Add missing warning in doc
Fix compile error in net.c with musl libc
2015-10-05 17:31:05 +01:00
Simon Butcher
c047c74b95
Merge of multiple security fixes
2015-10-05 17:18:59 +01:00
Manuel Pégourié-Gonnard
42571ddb4e
Fix references to non-standard SIZE_T_MAX
...
Turns out C99 doesn't define SIZE_T_MAX, so let's not use it.
2015-10-05 15:31:53 +01:00
Manuel Pégourié-Gonnard
27840e0d43
Fix compile error in net.c with musl libc
...
fixes #278
2015-10-05 14:32:43 +01:00
Manuel Pégourié-Gonnard
d64f1ad98b
Fix potential overflow in CertificateRequest
2015-10-02 12:36:02 +02:00
Manuel Pégourié-Gonnard
e4e4be77be
Fix potential overflow in base64_encode
2015-10-01 18:10:17 +02:00
Manuel Pégourié-Gonnard
b73ce45b3f
Fix potential random malloc in pem_read()
2015-10-01 17:00:22 +02:00
Manuel Pégourié-Gonnard
9b75305d6a
Fix potential buffer overflow in mpi_read_string()
...
Found by Guido Vranken.
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.
Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).
Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-01 16:59:55 +02:00
Manuel Pégourié-Gonnard
73011bba95
Fix stack buffer overflow in pkcs12
2015-10-01 16:57:47 +02:00
Simon Butcher
13ca8951f9
Added max length checking of hostname
2015-09-30 00:45:21 +01:00
Manuel Pégourié-Gonnard
a7975dcf9a
Remove file that should never have been added
...
Oops.
2015-09-21 12:07:10 +02:00
Manuel Pégourié-Gonnard
9405e462d0
Bump version to 1.2.15
2015-09-17 11:55:25 +02:00
Manuel Pégourié-Gonnard
2bc4505f5d
Add counter-measure against RSA-CRT attack
...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
backport of a1cdcd2
2015-09-09 12:36:49 +02:00
Manuel Pégourié-Gonnard
fa566e3545
Fix possible client crash on API misuse
2015-09-03 11:01:37 +02:00
Manuel Pégourié-Gonnard
aa4e55bd23
Fix warning with MD/SHA ALT implementation
...
backport of e217cee#239
2015-08-31 12:23:30 +02:00
Manuel Pégourié-Gonnard
faf44abf2a
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
2015-08-10 16:43:28 +02:00
Manuel Pégourié-Gonnard
af39e3e597
Fix missing -static-libgcc for dlls
2015-08-10 16:41:14 +02:00
Paul Bakker
7fc4e3e225
Prepare for 1.2.15 release
2015-08-10 15:06:34 +01:00
Manuel Pégourié-Gonnard
3517c20df7
Up default server DH params to 2048 bits
2015-07-03 17:43:06 +02:00
Manuel Pégourié-Gonnard
78a428dbd0
Fix unchecked malloc()
...
Found using Infer.
2015-06-29 19:00:38 +02:00
Manuel Pégourié-Gonnard
26d88cf154
Fix thread-safety issue in debug.c
2015-06-29 18:54:28 +02:00
Manuel Pégourié-Gonnard
5324d411da
Up min size of DHM params to 1024 bits
2015-06-29 18:54:28 +02:00
Paul Bakker
7b209579c6
Prepare for 1.2.14 release
2015-06-26 15:35:30 +01:00
Manuel Pégourié-Gonnard
70f0df9e46
Add countermeasure against cache-based lucky 13
2015-04-29 09:45:58 +02:00
Manuel Pégourié-Gonnard
0c2fa144bc
Fix invalid memory read in x509_get_sig()
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
cd7d24d464
Fix bug in Via Padlock support
...
Backport of cf201201
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
7e82884811
Fix hardclock with some versions of mingw64
...
Backport of 383433535 from the 1.3 branch
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
a9553a8c49
Fix warnings from mingw64 in timing.c
...
Backport from dda52139
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
64f65e84bc
Fix potential unintended sign extension
...
Backport of 6fdc4cae
2015-04-23 10:55:04 +02:00
Manuel Pégourié-Gonnard
aa695be983
Fix version-major intolerance again
...
This time doing minimal changes to avoid introducing other issues.
2015-04-10 14:12:14 +02:00
Manuel Pégourié-Gonnard
9b4c5d9f21
Revert "Fix verion-major intolerance"
...
This reverts commit 6d841c2c5c
2015-04-10 13:57:43 +02:00
Paul Bakker
9fdc58fd9e
Ready for release 1.2.13
2015-02-16 15:17:32 +01:00
Paul Bakker
530927b163
Update copyright line to 2015
2015-02-13 14:24:10 +01:00
Manuel Pégourié-Gonnard
f097400abc
Fix small bug in base64_encode()
2015-02-05 11:48:58 +00:00
Manuel Pégourié-Gonnard
2dc15c8e7d
Fix unchecked error on windows
2015-02-05 11:34:49 +00:00
Manuel Pégourié-Gonnard
e12abf90ce
Fix url
2015-01-28 17:13:45 +00:00
Manuel Pégourié-Gonnard
0edee5e386
Update copyright notice
2015-01-26 15:29:40 +00:00
Manuel Pégourié-Gonnard
258bab0b1b
Fix missing bound check
2014-11-27 09:27:21 +01:00
Manuel Pégourié-Gonnard
4cdb3babad
Add POLARSSL_X509_MAX_INTERMEDIATE_CA
2014-11-20 17:12:15 +01:00
Manuel Pégourié-Gonnard
6a095d2383
Make x509parse_crt() iterative
2014-11-20 17:03:09 +01:00
Manuel Pégourié-Gonnard
1c022a6983
Fix memory leaks in PKCS#5 and PKCS#12
2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
d8a1ea72b1
Fix potential buffer overread of size 1
2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
ffbeedb838
Fix potential undefined behaviour in Camellia
2014-11-17 11:52:34 +01:00
Manuel Pégourié-Gonnard
6c28491a15
Backport build modes from 1.3
2014-11-17 11:15:13 +01:00
Manuel Pégourié-Gonnard
017bf57daa
Forbid repeated X.509 extensions
2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
360eb91d02
Fix potential stack overflow
2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
fdec957e55
Fix memory leak with crafted X.509 certs
2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d3ae430241
Fix uninitialised pointer dereference
2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d730aa517a
Use blinding for RSA even without CRT
2014-11-12 16:29:12 +01:00
Paul Bakker
fc3697ce2b
Prepared for PolarSSL-1.2.12
2014-10-24 10:42:52 +02:00
