Manuel Pégourié-Gonnard
066c1f60bb
Fix potential bad read in parsing ServerHello
2014-10-23 14:58:09 +02:00
Manuel Pégourié-Gonnard
6b44038913
Fix memory leak parsing some X.509 certs
2014-10-23 14:53:46 +02:00
Paul Bakker
308a586477
Better placement of memset() to prevent compiler warning under MSVC
2014-07-11 11:40:35 +02:00
Paul Bakker
695266cb51
Updated to version 1.2.11
2014-07-11 11:26:03 +02:00
Manuel Pégourié-Gonnard
0cdde2d107
Fix minlen for GCM suites
2014-07-09 18:03:10 +02:00
Paul Bakker
a16e7f24f0
Proper initialization and checks for rare cases
2014-07-09 14:58:11 +02:00
Paul Bakker
1d073c59ad
Add static and casts to prevent compiler warnings
2014-07-08 20:17:07 +02:00
Paul Bakker
f73b718f17
Latest CBC padding check
2014-07-08 18:30:44 +02:00
Paul Bakker
bbc843f0b8
Fix base64_decode() to return and check length correctly
2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard
ff9e1a4aa4
Document in-out param of dhm_calc_secret()
2014-07-08 18:29:04 +02:00
Manuel Pégourié-Gonnard
002bc86718
Clarify mpi_write_binary()'s doc.
2014-07-08 18:29:03 +02:00
Manuel Pégourié-Gonnard
03917bf7d5
Disable broken Sparc64 bn_mul assembly
2014-07-08 18:29:01 +02:00
Manuel Pégourié-Gonnard
877a0944ad
Padlock asm using \n\t too
2014-07-08 18:29:00 +02:00
Manuel Pégourié-Gonnard
4564af9e3d
Fix asm format of bn_mul.h for more portability
...
Found by Barry K. Nathan.
Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html :
"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-07-08 18:28:59 +02:00
Barry K. Nathan
22ca9c0197
Fix preprocessor checks for bn_mul PPC asm
...
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-07-08 18:28:57 +02:00
Manuel Pégourié-Gonnard
4467fb7507
Check input lengths in GCM
2014-07-08 18:28:56 +02:00
Paul Bakker
5bad6afd8c
Fix length checking for AEAD ciphersuites
2014-07-08 18:28:54 +02:00
Paul Bakker
312da33ef1
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-07-08 18:28:52 +02:00
Peter Vaskovic
1b08bd9525
Fix WSAStartup return value check.
...
SOCKET_ERROR was not a valid return value.
WSAStartup returns 0 on success, so check that instead.
2014-07-08 18:28:51 +02:00
Andre Heinecke
dcbd74f699
Fix symlink command for cross compiling
...
Check for the host system to determine which command should be used
to create a symlink. Otherwise symlinking will fail when cross
compiling polarssl on a unix host for windows.
2014-07-08 18:28:49 +02:00
Peter Vaskovic
02388c918d
Fix minor format string inconsistency.
2014-07-08 18:28:48 +02:00
Paul Bakker
75ee01097f
Stricter check on SSL ClientHello internal sizes compared to actual packet size
2014-07-08 18:28:47 +02:00
Barry K. Nathan
609d1a96aa
Fix build with cc from Apple LLVM
...
On Xcode 4.x and above (I tested Xcode 4.6.3 on 10.7.5 and Xcode 5.5.1 on 10.9.2), cmake (2.8.12.2, whether from MacPorts or from clang.org, FWIW) is detecting /usr/bin/cc as Clang, but CMAKE_COMPILER_IS_CLANG is not getting set, so the tests aren't being built. (There may have been other build problems as well, but the fact that the tests weren't being built was by far the most obvious problem.)
Checking the compiler ID detected by cmake, rather than the name of the command used to invoke the compiler, fixes this.
2014-07-08 18:28:45 +02:00
Markus Pfeiffer
55bdbc1834
Make compilation on DragonFly work
2014-07-08 18:28:44 +02:00
Paul Bakker
358d325017
Fix bug with mpi_fill_random() on big-endian
2014-07-08 18:28:42 +02:00
Paul Bakker
95a11f8c16
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-07-08 18:28:40 +02:00
Paul Bakker
ccebf6ef8a
Sanity length checks in ssl_read_record() and ssl_fetch_input()
...
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-07-08 18:28:38 +02:00
Paul Bakker
b0af56334c
rsa_check_pubkey() now allows an E up to N
2014-07-08 18:28:36 +02:00
Paul Bakker
3dfa07b401
Clearer description for version_get_string_full() regarding 18 bytes
2014-07-08 18:28:35 +02:00
Paul Bakker
838ed3c74d
Improve interop by not writing ext_len in ClientHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-07-08 18:28:33 +02:00
Paul Bakker
6993284ece
Travis configuration file for 1.2 branch
2014-07-08 18:28:32 +02:00
Paul Bakker
d6d1f410e6
Cleaner initialization (values did not matter, but were uninitialized)
2014-07-08 18:28:31 +02:00
Paul Bakker
a2eabadb07
Actually increment the loop counter to quit in ssl_fork_server
2014-07-08 18:28:31 +02:00
Paul Bakker
3914840d78
Cleaned up location of init and free for some programs to prevent memory
...
leaks on incorrect arguments
2014-07-08 18:28:30 +02:00
Paul Bakker
993f02cda0
Added return value checking for correctness in programs
2014-07-08 18:28:29 +02:00
Paul Bakker
676093e253
Check setsockopt() return value in net_bind()
2014-07-08 18:28:29 +02:00
Paul Bakker
7890e62a1f
Added missing MPI_CHK around mpi functions
2014-07-08 18:28:29 +02:00
Paul Bakker
243d61894c
Reject certificates with times not in UTC
2014-07-08 14:40:58 +02:00
Paul Bakker
f48de9579f
Use UTC to heck certificate validity
2014-07-08 14:39:41 +02:00
Paul Bakker
dedce0c35c
Prevent potential NULL pointer dereference in ssl_read_record()
2014-07-08 14:36:12 +02:00
Paul Bakker
6995efe8be
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-07-08 14:32:35 +02:00
Paul Bakker
3cbaf1e379
Add ssl_close_notify() to servers that missed it
2014-07-08 14:30:35 +02:00
Paul Bakker
875548ce67
Disable renegotiation by default in example cli/srv
2014-07-08 12:21:41 +02:00
Paul Bakker
358a841b34
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-07-08 12:14:37 +02:00
Paul Bakker
24aaf44120
Make sure no random pointer occur during failed malloc()'s
2014-07-08 11:39:19 +02:00
Paul Bakker
345316db65
Made building of programs optional in CMake
2014-07-08 11:32:40 +02:00
Paul Bakker
bc8984931c
Improvements to tests/Makefile when using shared library
2014-07-08 11:32:12 +02:00
Manuel Pégourié-Gonnard
c2262b58f6
Tune debug_print_ret format
2014-07-08 11:26:20 +02:00
Paul Bakker
ef3cf7088f
Provide no info from entropy_func() on future entropy
2014-07-08 11:25:51 +02:00
Paul Bakker
1e9423704a
Support for seed file writing and reading in Entropy
2014-07-08 11:20:25 +02:00