Manuel Pégourié-Gonnard
6b44038913
Fix memory leak parsing some X.509 certs
2014-10-23 14:53:46 +02:00
Paul Bakker
695266cb51
Updated to version 1.2.11
2014-07-11 11:26:03 +02:00
Paul Bakker
bbc843f0b8
Fix base64_decode() to return and check length correctly
2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard
03917bf7d5
Disable broken Sparc64 bn_mul assembly
2014-07-08 18:29:01 +02:00
Manuel Pégourié-Gonnard
4564af9e3d
Fix asm format of bn_mul.h for more portability
...
Found by Barry K. Nathan.
Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html :
"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-07-08 18:28:59 +02:00
Barry K. Nathan
22ca9c0197
Fix preprocessor checks for bn_mul PPC asm
...
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-07-08 18:28:57 +02:00
Paul Bakker
5bad6afd8c
Fix length checking for AEAD ciphersuites
2014-07-08 18:28:54 +02:00
Paul Bakker
312da33ef1
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-07-08 18:28:52 +02:00
Paul Bakker
75ee01097f
Stricter check on SSL ClientHello internal sizes compared to actual packet size
2014-07-08 18:28:47 +02:00
Markus Pfeiffer
55bdbc1834
Make compilation on DragonFly work
2014-07-08 18:28:44 +02:00
Paul Bakker
358d325017
Fix bug with mpi_fill_random() on big-endian
2014-07-08 18:28:42 +02:00
Paul Bakker
95a11f8c16
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-07-08 18:28:40 +02:00
Paul Bakker
b0af56334c
rsa_check_pubkey() now allows an E up to N
2014-07-08 18:28:36 +02:00
Paul Bakker
838ed3c74d
Improve interop by not writing ext_len in ClientHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-07-08 18:28:33 +02:00
Paul Bakker
243d61894c
Reject certificates with times not in UTC
2014-07-08 14:40:58 +02:00
Paul Bakker
f48de9579f
Use UTC to heck certificate validity
2014-07-08 14:39:41 +02:00
Paul Bakker
dedce0c35c
Prevent potential NULL pointer dereference in ssl_read_record()
2014-07-08 14:36:12 +02:00
Paul Bakker
6995efe8be
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-07-08 14:32:35 +02:00
Paul Bakker
3cbaf1e379
Add ssl_close_notify() to servers that missed it
2014-07-08 14:30:35 +02:00
Paul Bakker
358a841b34
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-07-08 12:14:37 +02:00
Paul Bakker
24aaf44120
Make sure no random pointer occur during failed malloc()'s
2014-07-08 11:39:19 +02:00
Paul Bakker
bc8984931c
Improvements to tests/Makefile when using shared library
2014-07-08 11:32:12 +02:00
Paul Bakker
1e9423704a
Support for seed file writing and reading in Entropy
2014-07-08 11:20:25 +02:00
Paul Bakker
b000f82d76
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard
57291a7019
Work around a compiler bug on OS X.
2014-07-08 11:13:42 +02:00
Manuel Pégourié-Gonnard
3baeb15c79
Update changelog for cmake changes
2014-07-08 11:10:54 +02:00
Alex Wilson
e63560470e
Don't try to use MIPS32 asm macros on MIPS64
...
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
2014-07-08 11:06:05 +02:00
Manuel Pégourié-Gonnard
be04673c49
Forbid sequence number wrapping
2014-07-08 11:04:19 +02:00
Paul Bakker
50a5c53398
Reject certs and CRLs from the future
2014-07-08 10:59:10 +02:00
Manuel Pégourié-Gonnard
963918b88f
Countermeasure against "triple handshake" attack
2014-07-07 17:46:35 +02:00
Paul Bakker
57ca5702fd
Fixed CMake symlinking on out-of-source builds
2014-07-07 17:46:32 +02:00
Manuel Pégourié-Gonnard
6d841c2c5c
Fix verion-major intolerance
2014-07-07 17:46:31 +02:00
Paul Bakker
e96bfbc6bd
Fixed testing with out-of-source builds using cmake
2014-07-07 17:46:30 +02:00
Manuel Pégourié-Gonnard
c675e4bde5
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-07-07 17:46:29 +02:00
Paul Bakker
af0ccc8fa0
SMTP lines are officially terminated with CRLF, ssl_mail_client fixed
2014-07-07 17:46:29 +02:00
Paul Bakker
0b6355d088
Updated ChangeLog
2014-07-07 16:01:53 +02:00
Paul Bakker
d15718cbe0
Updated ChangeLog
2014-07-07 16:01:23 +02:00
Paul Bakker
d83584e9aa
Fixed potential overflow in certificate size in ssl_write_certificate()
2014-07-07 16:01:11 +02:00
Paul Bakker
78e819698b
Added missing MPI_CHK() around some statements
2014-07-07 16:01:10 +02:00
Paul Bakker
40cc914567
Fixed x509_crt_parse_path() bug on Windows platforms
2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard
b9f6d507dd
crypt_and_hash: check MAC earlier
2014-07-07 14:35:02 +02:00
Paul Bakker
a1caf6e1e8
SSL now gracefully handles missing RNG
2014-07-07 14:20:52 +02:00
Paul Bakker
c941adba31
Fixed X.509 hostname comparison (with non-regular characters)
2014-07-07 14:17:24 +02:00
Paul Bakker
e46b17766c
Make get_pkcs_padding() constant-time
2014-07-07 14:04:31 +02:00
Paul Bakker
9ccb2116a7
Introduced POLARSSL_HAVE_READDIR_R for systems without it
2014-07-07 13:43:31 +02:00
Paul Bakker
6b06502c4b
Changed RSA blinding to a slower but thread-safe version
2013-10-07 12:06:29 +02:00
Paul Bakker
adace27ec9
Prepped for 1.2.10 release
2013-10-04 17:07:26 +02:00
Paul Bakker
178e74454f
Fixed MS VC project files
2013-10-04 13:20:40 +02:00
Paul Bakker
495830dd1f
Fixed ssl_pkcs11_decrypt() prototype
2013-10-04 11:01:48 +02:00
Paul Bakker
62087eed22
Fixed memory leak in rsa.c introduced in 43f9799
2013-10-04 10:57:12 +02:00