Commit Graph

2421 Commits

Author SHA1 Message Date
Paul Bakker
8eab8d368b Merge more portable AES-NI 2014-04-30 16:21:08 +02:00
Paul Bakker
33dc46b080 Fix bug with mpi_fill_random() on big-endian 2014-04-30 16:20:39 +02:00
Paul Bakker
f96f7b607a On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-04-30 16:02:38 +02:00
Paul Bakker
6384440b13 Better support for the different Attribute Types from IETF PKIX (RFC 5280) 2014-04-30 15:34:12 +02:00
Paul Bakker
1a1fbba1ae Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-04-30 14:48:51 +02:00
Paul Bakker
24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5 version_check_feature() added to check for compile-time options at run-time 2014-04-30 11:49:44 +02:00
Paul Bakker
8394684dd3 Clearer description for version_get_string_full() regarding 18 bytes 2014-04-30 10:21:51 +02:00
Paul Bakker
a70366317d Improve interop by not writing ext_len in ClientHello / ServerHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-04-30 10:16:16 +02:00
Manuel Pégourié-Gonnard
e26389f26f Document that Curve25519 can't be the only curve 2014-04-29 15:32:53 +02:00
Manuel Pégourié-Gonnard
3d41370645 Fix hash dependencies in X.509 tests 2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard
3a306b9067 Fix misplaced #endif in ssl_tls.c 2014-04-29 15:11:17 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2 Fix some more curve depends in X.509 tests 2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
ec4d27398a Fix curve dependencies in *keyusage tests 2014-04-29 15:06:41 +02:00
Manuel Pégourié-Gonnard
63a5bfe903 Update Changelog for AES-NI 2014-04-26 17:21:07 +02:00
Manuel Pégourié-Gonnard
b1fd397be6 Adapt AES-NI code to "old" binutil versions 2014-04-26 17:17:31 +02:00
Paul Bakker
c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6 Debug module only outputs full lines instead of parts 2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa debug_set_log_mode() added to determine raw or full logging 2014-04-25 16:58:14 +02:00
Paul Bakker
57ffa5570d Add tests for debug_print_ret() and debug_print_buf(). 2014-04-25 16:58:13 +02:00
Paul Bakker
2b34657b39 Updated Debug test suite data 2014-04-25 16:58:12 +02:00
Paul Bakker
93c32b21b3 Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN 2014-04-25 16:58:12 +02:00
Paul Bakker
61885c7f7f Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites
In case full SSL frames arrived, they were rejected because an overly
strict padding check.
2014-04-25 12:59:51 +02:00
Paul Bakker
fdba46885b cert_write app should use subject of issuer certificate as issuer of cert 2014-04-25 11:48:35 +02:00
Paul Bakker
4ffcd2f9c3 Typo in PKCS#11 module 2014-04-25 11:44:12 +02:00
Paul Bakker
10a9dd35ea Typo in POLARSSL_PLATFORM_STD_FPRINTF in platform.c 2014-04-25 11:27:16 +02:00
Paul Bakker
088c5c5f18 POLARSSL_CONFIG_OPTIONS has been removed. Values are set individually
For the Platform module this requires the introduction of
POLARSSL_PLATFORM_NO_STD_FUNCTIONS to allow not performing the default
assignments.
2014-04-25 11:11:10 +02:00
Paul Bakker
1f69a93ab1 Move configs to 'configs/' and activate-config.pl should be called from root 2014-04-25 10:04:49 +02:00
Paul Bakker
0767e67d17 Add support for 'emailAddress' to x509_string_to_names() 2014-04-18 14:11:37 +02:00
Paul Bakker
e92f73d73b Updated ChangeLog 2014-04-18 14:08:26 +02:00
Paul Bakker
c70e425a73 Only iterate over actual certificates in ssl_write_certificate_request() 2014-04-18 13:50:19 +02:00
Paul Bakker
f4cf80b86f Restructured pk_parse_key_pkcs8_encrypted_der() to prevent unreachable code 2014-04-17 17:24:29 +02:00
Paul Bakker
03b6a46353 Properly comment two defines in config.h 2014-04-17 17:24:28 +02:00
Paul Bakker
3ad3aa3bc0 Travis configuration file 2014-04-17 17:24:27 +02:00
Paul Bakker
8a0c0a9ed9 Check additional return values in some test cases 2014-04-17 17:24:23 +02:00
Paul Bakker
94b916c7b5 Split assignment and assert check into seperate lines in tests 2014-04-17 16:07:20 +02:00
Paul Bakker
dd0aae92e0 Replaced strcpy() with strncpy() in tests suites 2014-04-17 16:06:37 +02:00
Paul Bakker
b6487dade9 Fixed result for test case in test_suite_x509parse 2014-04-17 16:04:33 +02:00
Paul Bakker
df71dd1618 Cleaner initialization (values did not matter, but were uninitialized) 2014-04-17 16:03:48 +02:00
Paul Bakker
030decdb4e Actually increment the loop counter to quit in ssl_fork_server 2014-04-17 16:03:23 +02:00
Paul Bakker
0c22610693 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Paul Bakker
cbe3d0d5cc Added return value checking for correctness in programs 2014-04-17 16:00:59 +02:00
Paul Bakker
4f42c11846 Remove arbitrary maximum length for cipher_list and content length 2014-04-17 15:37:39 +02:00
Paul Bakker
d893aef867 Force default value to curve parameter 2014-04-17 14:45:34 +02:00
Paul Bakker
93389cc620 Remove const indicator 2014-04-17 14:44:38 +02:00
Paul Bakker
874bd64b28 Check setsockopt() return value in net_bind() 2014-04-17 12:43:05 +02:00
Paul Bakker
3d8fb63e11 Added missing MPI_CHK around mpi functions 2014-04-17 12:42:41 +02:00
Paul Bakker
a9c16d2825 Removed unused cur variable in x509_string_to_names() 2014-04-17 12:42:18 +02:00
Paul Bakker
0e4f9115dc Fix iteration counter 2014-04-17 12:39:05 +02:00
Paul Bakker
784b04ff9a Prepared for version 1.3.6 2014-04-11 15:33:59 +02:00