Alfred Klomp
ec99373df6
pkcs5.c: fix dead store: return proper exit status
...
Found with Clang's `scan-build` tool.
The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-10-23 15:34:02 +02:00
Manuel Pégourié-Gonnard
9711920304
Fix ssl_read wrt non-Application Data
2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard
3fdfcedebb
Fix net_accept() regarding non-blocking sockets
2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard
982eda385f
Don't print uninitialised buffer in ssl_mail_client
2014-10-23 15:20:26 +02:00
Manuel Pégourié-Gonnard
0b0b522932
Fix compiler warnings on iOS
2014-10-23 15:17:27 +02:00
Manuel Pégourié-Gonnard
7d75ea4787
x509_crt_parse() did not increase total_failed on PEM error
2014-10-23 15:13:39 +02:00
Manuel Pégourié-Gonnard
86792a6cf3
Fix ssl_close_notify() with non-blocking I/O
2014-10-23 15:02:45 +02:00
Manuel Pégourié-Gonnard
066c1f60bb
Fix potential bad read in parsing ServerHello
2014-10-23 14:58:09 +02:00
Manuel Pégourié-Gonnard
6b44038913
Fix memory leak parsing some X.509 certs
2014-10-23 14:53:46 +02:00
Paul Bakker
308a586477
Better placement of memset() to prevent compiler warning under MSVC
2014-07-11 11:40:35 +02:00
Paul Bakker
695266cb51
Updated to version 1.2.11
2014-07-11 11:26:03 +02:00
Manuel Pégourié-Gonnard
0cdde2d107
Fix minlen for GCM suites
2014-07-09 18:03:10 +02:00
Paul Bakker
a16e7f24f0
Proper initialization and checks for rare cases
2014-07-09 14:58:11 +02:00
Paul Bakker
1d073c59ad
Add static and casts to prevent compiler warnings
2014-07-08 20:17:07 +02:00
Paul Bakker
f73b718f17
Latest CBC padding check
2014-07-08 18:30:44 +02:00
Paul Bakker
bbc843f0b8
Fix base64_decode() to return and check length correctly
2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard
ff9e1a4aa4
Document in-out param of dhm_calc_secret()
2014-07-08 18:29:04 +02:00
Manuel Pégourié-Gonnard
002bc86718
Clarify mpi_write_binary()'s doc.
2014-07-08 18:29:03 +02:00
Manuel Pégourié-Gonnard
03917bf7d5
Disable broken Sparc64 bn_mul assembly
2014-07-08 18:29:01 +02:00
Manuel Pégourié-Gonnard
877a0944ad
Padlock asm using \n\t too
2014-07-08 18:29:00 +02:00
Manuel Pégourié-Gonnard
4564af9e3d
Fix asm format of bn_mul.h for more portability
...
Found by Barry K. Nathan.
Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html :
"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-07-08 18:28:59 +02:00
Barry K. Nathan
22ca9c0197
Fix preprocessor checks for bn_mul PPC asm
...
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-07-08 18:28:57 +02:00
Manuel Pégourié-Gonnard
4467fb7507
Check input lengths in GCM
2014-07-08 18:28:56 +02:00
Paul Bakker
5bad6afd8c
Fix length checking for AEAD ciphersuites
2014-07-08 18:28:54 +02:00
Paul Bakker
312da33ef1
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-07-08 18:28:52 +02:00
Peter Vaskovic
1b08bd9525
Fix WSAStartup return value check.
...
SOCKET_ERROR was not a valid return value.
WSAStartup returns 0 on success, so check that instead.
2014-07-08 18:28:51 +02:00
Andre Heinecke
dcbd74f699
Fix symlink command for cross compiling
...
Check for the host system to determine which command should be used
to create a symlink. Otherwise symlinking will fail when cross
compiling polarssl on a unix host for windows.
2014-07-08 18:28:49 +02:00
Peter Vaskovic
02388c918d
Fix minor format string inconsistency.
2014-07-08 18:28:48 +02:00
Paul Bakker
75ee01097f
Stricter check on SSL ClientHello internal sizes compared to actual packet size
2014-07-08 18:28:47 +02:00
Barry K. Nathan
609d1a96aa
Fix build with cc from Apple LLVM
...
On Xcode 4.x and above (I tested Xcode 4.6.3 on 10.7.5 and Xcode 5.5.1 on 10.9.2), cmake (2.8.12.2, whether from MacPorts or from clang.org, FWIW) is detecting /usr/bin/cc as Clang, but CMAKE_COMPILER_IS_CLANG is not getting set, so the tests aren't being built. (There may have been other build problems as well, but the fact that the tests weren't being built was by far the most obvious problem.)
Checking the compiler ID detected by cmake, rather than the name of the command used to invoke the compiler, fixes this.
2014-07-08 18:28:45 +02:00
Markus Pfeiffer
55bdbc1834
Make compilation on DragonFly work
2014-07-08 18:28:44 +02:00
Paul Bakker
358d325017
Fix bug with mpi_fill_random() on big-endian
2014-07-08 18:28:42 +02:00
Paul Bakker
95a11f8c16
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-07-08 18:28:40 +02:00
Paul Bakker
ccebf6ef8a
Sanity length checks in ssl_read_record() and ssl_fetch_input()
...
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-07-08 18:28:38 +02:00
Paul Bakker
b0af56334c
rsa_check_pubkey() now allows an E up to N
2014-07-08 18:28:36 +02:00
Paul Bakker
3dfa07b401
Clearer description for version_get_string_full() regarding 18 bytes
2014-07-08 18:28:35 +02:00
Paul Bakker
838ed3c74d
Improve interop by not writing ext_len in ClientHello when 0
...
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-07-08 18:28:33 +02:00
Paul Bakker
6993284ece
Travis configuration file for 1.2 branch
2014-07-08 18:28:32 +02:00
Paul Bakker
d6d1f410e6
Cleaner initialization (values did not matter, but were uninitialized)
2014-07-08 18:28:31 +02:00
Paul Bakker
a2eabadb07
Actually increment the loop counter to quit in ssl_fork_server
2014-07-08 18:28:31 +02:00
Paul Bakker
3914840d78
Cleaned up location of init and free for some programs to prevent memory
...
leaks on incorrect arguments
2014-07-08 18:28:30 +02:00
Paul Bakker
993f02cda0
Added return value checking for correctness in programs
2014-07-08 18:28:29 +02:00
Paul Bakker
676093e253
Check setsockopt() return value in net_bind()
2014-07-08 18:28:29 +02:00
Paul Bakker
7890e62a1f
Added missing MPI_CHK around mpi functions
2014-07-08 18:28:29 +02:00
Paul Bakker
243d61894c
Reject certificates with times not in UTC
2014-07-08 14:40:58 +02:00
Paul Bakker
f48de9579f
Use UTC to heck certificate validity
2014-07-08 14:39:41 +02:00
Paul Bakker
dedce0c35c
Prevent potential NULL pointer dereference in ssl_read_record()
2014-07-08 14:36:12 +02:00
Paul Bakker
6995efe8be
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-07-08 14:32:35 +02:00
Paul Bakker
3cbaf1e379
Add ssl_close_notify() to servers that missed it
2014-07-08 14:30:35 +02:00
Paul Bakker
875548ce67
Disable renegotiation by default in example cli/srv
2014-07-08 12:21:41 +02:00