Manuel Pégourié-Gonnard
3517c20df7
Up default server DH params to 2048 bits
2015-07-03 17:43:06 +02:00
Manuel Pégourié-Gonnard
f333174fa1
Update dh_genprime program
...
- no warning
- configurable size
- default to 2048 bits
2015-07-03 17:18:10 +02:00
Manuel Pégourié-Gonnard
78a428dbd0
Fix unchecked malloc()
...
Found using Infer.
2015-06-29 19:00:38 +02:00
Manuel Pégourié-Gonnard
26d88cf154
Fix thread-safety issue in debug.c
2015-06-29 18:54:28 +02:00
Manuel Pégourié-Gonnard
5324d411da
Up min size of DHM params to 1024 bits
2015-06-29 18:54:28 +02:00
Paul Bakker
7b209579c6
Prepare for 1.2.14 release
2015-06-26 15:35:30 +01:00
Manuel Pégourié-Gonnard
70f0df9e46
Add countermeasure against cache-based lucky 13
2015-04-29 09:45:58 +02:00
Manuel Pégourié-Gonnard
0c2fa144bc
Fix invalid memory read in x509_get_sig()
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
cd7d24d464
Fix bug in Via Padlock support
...
Backport of cf201201
from the 1.3 branch
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
7e82884811
Fix hardclock with some versions of mingw64
...
Backport of 383433535 from the 1.3 branch
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
a9553a8c49
Fix warnings from mingw64 in timing.c
...
Backport from dda52139
from the 1.3 branch
2015-04-23 10:55:05 +02:00
Manuel Pégourié-Gonnard
64f65e84bc
Fix potential unintended sign extension
...
Backport of 6fdc4cae
from the 1.3 branch
2015-04-23 10:55:04 +02:00
Manuel Pégourié-Gonnard
82f1a88a92
Update Changelog for the last two commits
2015-04-23 10:55:04 +02:00
Manuel Pégourié-Gonnard
aa695be983
Fix version-major intolerance again
...
This time doing minimal changes to avoid introducing other issues.
2015-04-10 14:12:14 +02:00
Manuel Pégourié-Gonnard
9b4c5d9f21
Revert "Fix verion-major intolerance"
...
This reverts commit 6d841c2c5c
.
This commit introduced a security-critical bug in the way the client version
is validated. Let's first revert it to fix the security issue, and then fix
the version-major intolerance issue another way.
2015-04-10 13:57:43 +02:00
Paul Bakker
9fdc58fd9e
Ready for release 1.2.13
2015-02-16 15:17:32 +01:00
Paul Bakker
530927b163
Update copyright line to 2015
2015-02-13 14:24:10 +01:00
Manuel Pégourié-Gonnard
f097400abc
Fix small bug in base64_encode()
2015-02-05 11:48:58 +00:00
James Cowgill
b82f59162c
Fix mips64 bignum implementation
...
- Use correct mips64 define (__mips64, not __mips64__).
- Added mips64 to the list of arches supporting 64-bit ints.
2015-02-05 11:41:03 +00:00
Manuel Pégourié-Gonnard
2dc15c8e7d
Fix unchecked error on windows
2015-02-05 11:34:49 +00:00
Manuel Pégourié-Gonnard
e12abf90ce
Fix url
2015-01-28 17:13:45 +00:00
Manuel Pégourié-Gonnard
0edee5e386
Update copyright notice
2015-01-26 15:29:40 +00:00
Manuel Pégourié-Gonnard
d64359279d
Fix bug on s390
2015-01-23 15:50:23 +00:00
Manuel Pégourié-Gonnard
258bab0b1b
Fix missing bound check
2014-11-27 09:27:21 +01:00
Manuel Pégourié-Gonnard
aa02dc1ed8
Add support for cleanly exiting ssl_server2
...
Useful for memory testing
2014-11-20 17:28:18 +01:00
Manuel Pégourié-Gonnard
4cdb3babad
Add POLARSSL_X509_MAX_INTERMEDIATE_CA
2014-11-20 17:12:15 +01:00
Manuel Pégourié-Gonnard
6a095d2383
Make x509parse_crt() iterative
2014-11-20 17:03:09 +01:00
Manuel Pégourié-Gonnard
1c022a6983
Fix memory leaks in PKCS#5 and PKCS#12
2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
d8a1ea72b1
Fix potential buffer overread of size 1
2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
309c798b2b
Fix memory leak in PKCS#5 test suite
2014-11-17 11:56:08 +01:00
Manuel Pégourié-Gonnard
3c17460a1f
Fix warning in RSA test suite
2014-11-17 11:52:51 +01:00
Manuel Pégourié-Gonnard
ffbeedb838
Fix potential undefined behaviour in Camellia
2014-11-17 11:52:34 +01:00
Manuel Pégourié-Gonnard
7bf9f7e308
Fix documentation issues found by Clang
2014-11-17 11:20:21 +01:00
Manuel Pégourié-Gonnard
6c28491a15
Backport build modes from 1.3
2014-11-17 11:15:13 +01:00
Manuel Pégourié-Gonnard
aec1385551
compat.sh exits non-zero on failure
2014-11-17 11:12:33 +01:00
Manuel Pégourié-Gonnard
017bf57daa
Forbid repeated X.509 extensions
2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
360eb91d02
Fix potential stack overflow
2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
fdec957e55
Fix memory leak with crafted X.509 certs
2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d3ae430241
Fix uninitialised pointer dereference
2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d730aa517a
Use blinding for RSA even without CRT
2014-11-12 16:29:12 +01:00
Paul Bakker
fc3697ce2b
Prepared for PolarSSL-1.2.12
2014-10-24 10:42:52 +02:00
Manuel Pégourié-Gonnard
0b12d5e332
Accept spaces at EOL/buffer in base64_decode()
2014-10-23 17:00:26 +02:00
Manuel Pégourié-Gonnard
a6118741a7
Update changelog for the last few commits
2014-10-23 15:37:34 +02:00
Alfred Klomp
d6d5ef2f0d
timing.c: avoid referencing garbage value
...
Found with Clang's `scan-build` tool.
When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.
Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
2014-10-23 15:36:33 +02:00
Alfred Klomp
9afec5f8ec
ssl_mail_client.c: silence warning, check base64_encode() status
...
Found with Clang's `scan-build` tool.
ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value. This causes
scan-build to issue a warning.
Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-10-23 15:36:17 +02:00
Alfred Klomp
185962114a
ssl_test.c: remove dead store, assign at declaration
...
Found with Clang's `scan-build` tool.
The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-10-23 15:35:39 +02:00
Alfred Klomp
ec99373df6
pkcs5.c: fix dead store: return proper exit status
...
Found with Clang's `scan-build` tool.
The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-10-23 15:34:02 +02:00
Manuel Pégourié-Gonnard
9711920304
Fix ssl_read wrt non-Application Data
2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard
3fdfcedebb
Fix net_accept() regarding non-blocking sockets
2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard
982eda385f
Don't print uninitialised buffer in ssl_mail_client
2014-10-23 15:20:26 +02:00