Alfred Klomp
ec99373df6
pkcs5.c: fix dead store: return proper exit status
...
Found with Clang's `scan-build` tool.
The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-10-23 15:34:02 +02:00
Manuel Pégourié-Gonnard
9711920304
Fix ssl_read wrt non-Application Data
2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard
3fdfcedebb
Fix net_accept() regarding non-blocking sockets
2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard
0b0b522932
Fix compiler warnings on iOS
2014-10-23 15:17:27 +02:00
Manuel Pégourié-Gonnard
7d75ea4787
x509_crt_parse() did not increase total_failed on PEM error
2014-10-23 15:13:39 +02:00
Manuel Pégourié-Gonnard
86792a6cf3
Fix ssl_close_notify() with non-blocking I/O
2014-10-23 15:02:45 +02:00
Manuel Pégourié-Gonnard
066c1f60bb
Fix potential bad read in parsing ServerHello
2014-10-23 14:58:09 +02:00
Manuel Pégourié-Gonnard
6b44038913
Fix memory leak parsing some X.509 certs
2014-10-23 14:53:46 +02:00
Paul Bakker
308a586477
Better placement of memset() to prevent compiler warning under MSVC
2014-07-11 11:40:35 +02:00
Paul Bakker
695266cb51
Updated to version 1.2.11
2014-07-11 11:26:03 +02:00
Manuel Pégourié-Gonnard
0cdde2d107
Fix minlen for GCM suites
2014-07-09 18:03:10 +02:00
Paul Bakker
a16e7f24f0
Proper initialization and checks for rare cases
2014-07-09 14:58:11 +02:00
Paul Bakker
1d073c59ad
Add static and casts to prevent compiler warnings
2014-07-08 20:17:07 +02:00
Paul Bakker
f73b718f17
Latest CBC padding check
2014-07-08 18:30:44 +02:00
Paul Bakker
bbc843f0b8
Fix base64_decode() to return and check length correctly
2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard
877a0944ad
Padlock asm using \n\t too
2014-07-08 18:29:00 +02:00
Manuel Pégourié-Gonnard
4467fb7507
Check input lengths in GCM
2014-07-08 18:28:56 +02:00
Paul Bakker
5bad6afd8c
Fix length checking for AEAD ciphersuites
2014-07-08 18:28:54 +02:00
Paul Bakker
312da33ef1
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-07-08 18:28:52 +02:00
Peter Vaskovic
1b08bd9525
Fix WSAStartup return value check.
...
SOCKET_ERROR was not a valid return value.
WSAStartup returns 0 on success, so check that instead.
2014-07-08 18:28:51 +02:00
Peter Vaskovic
02388c918d
Fix minor format string inconsistency.
2014-07-08 18:28:48 +02:00
Paul Bakker
75ee01097f
Stricter check on SSL ClientHello internal sizes compared to actual packet size
2014-07-08 18:28:47 +02:00
Markus Pfeiffer
55bdbc1834
Make compilation on DragonFly work
2014-07-08 18:28:44 +02:00
Paul Bakker
358d325017
Fix bug with mpi_fill_random() on big-endian
2014-07-08 18:28:42 +02:00
Paul Bakker
95a11f8c16
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-07-08 18:28:40 +02:00
Paul Bakker
ccebf6ef8a
Sanity length checks in ssl_read_record() and ssl_fetch_input()
...
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-07-08 18:28:38 +02:00
Paul Bakker
b0af56334c
rsa_check_pubkey() now allows an E up to N
2014-07-08 18:28:36 +02:00
Paul Bakker
838ed3c74d
Improve interop by not writing ext_len in ClientHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-07-08 18:28:33 +02:00
Paul Bakker
676093e253
Check setsockopt() return value in net_bind()
2014-07-08 18:28:29 +02:00
Paul Bakker
7890e62a1f
Added missing MPI_CHK around mpi functions
2014-07-08 18:28:29 +02:00
Paul Bakker
243d61894c
Reject certificates with times not in UTC
2014-07-08 14:40:58 +02:00
Paul Bakker
f48de9579f
Use UTC to heck certificate validity
2014-07-08 14:39:41 +02:00
Paul Bakker
dedce0c35c
Prevent potential NULL pointer dereference in ssl_read_record()
2014-07-08 14:36:12 +02:00
Paul Bakker
6995efe8be
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-07-08 14:32:35 +02:00
Paul Bakker
358a841b34
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-07-08 12:14:37 +02:00
Paul Bakker
24aaf44120
Make sure no random pointer occur during failed malloc()'s
2014-07-08 11:39:19 +02:00
Manuel Pégourié-Gonnard
c2262b58f6
Tune debug_print_ret format
2014-07-08 11:26:20 +02:00
Paul Bakker
ef3cf7088f
Provide no info from entropy_func() on future entropy
2014-07-08 11:25:51 +02:00
Paul Bakker
1e9423704a
Support for seed file writing and reading in Entropy
2014-07-08 11:20:25 +02:00
Paul Bakker
22a0ce0cef
Fix warning on MinGW and MSVC12
2014-07-08 11:17:50 +02:00
Paul Bakker
8cb73200e1
MinGW32 static build should link to windows libs and libz
2014-07-08 11:15:55 +02:00
Paul Bakker
b000f82d76
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard
a9f86e03ed
Make the compiler work-around more specific
2014-07-08 11:13:59 +02:00
Manuel Pégourié-Gonnard
57291a7019
Work around a compiler bug on OS X.
2014-07-08 11:13:42 +02:00
hasufell
97a11c107e
CMake: allow to build both shared and static at once
...
This allows for more fine-grained control. Possible combinations:
* static off, shared on
* static on, shared off
* static on, shared on
The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.
Default is: only build static lib.
2014-07-08 11:10:09 +02:00
Manuel Pégourié-Gonnard
be04673c49
Forbid sequence number wrapping
2014-07-08 11:04:19 +02:00
Paul Bakker
50a5c53398
Reject certs and CRLs from the future
2014-07-08 10:59:10 +02:00
Paul Bakker
0d844dd650
Add x509parse_time_future()
2014-07-07 17:46:36 +02:00
Manuel Pégourié-Gonnard
963918b88f
Countermeasure against "triple handshake" attack
2014-07-07 17:46:35 +02:00
Manuel Pégourié-Gonnard
397858b81d
Avoid "unreachable code" warning
2014-07-07 17:46:33 +02:00
