Commit Graph

914 Commits

Author SHA1 Message Date
Alfred Klomp
9afec5f8ec ssl_mail_client.c: silence warning, check base64_encode() status
Found with Clang's `scan-build` tool.

ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value.  This causes
scan-build to issue a warning.

Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-10-23 15:36:17 +02:00
Alfred Klomp
185962114a ssl_test.c: remove dead store, assign at declaration
Found with Clang's `scan-build` tool.

The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-10-23 15:35:39 +02:00
Alfred Klomp
ec99373df6 pkcs5.c: fix dead store: return proper exit status
Found with Clang's `scan-build` tool.

The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-10-23 15:34:02 +02:00
Manuel Pégourié-Gonnard
9711920304 Fix ssl_read wrt non-Application Data 2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard
3fdfcedebb Fix net_accept() regarding non-blocking sockets 2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard
982eda385f Don't print uninitialised buffer in ssl_mail_client 2014-10-23 15:20:26 +02:00
Manuel Pégourié-Gonnard
0b0b522932 Fix compiler warnings on iOS 2014-10-23 15:17:27 +02:00
Manuel Pégourié-Gonnard
7d75ea4787 x509_crt_parse() did not increase total_failed on PEM error 2014-10-23 15:13:39 +02:00
Manuel Pégourié-Gonnard
86792a6cf3 Fix ssl_close_notify() with non-blocking I/O 2014-10-23 15:02:45 +02:00
Manuel Pégourié-Gonnard
066c1f60bb Fix potential bad read in parsing ServerHello 2014-10-23 14:58:09 +02:00
Manuel Pégourié-Gonnard
6b44038913 Fix memory leak parsing some X.509 certs 2014-10-23 14:53:46 +02:00
Paul Bakker
308a586477 Better placement of memset() to prevent compiler warning under MSVC 2014-07-11 11:40:35 +02:00
Paul Bakker
695266cb51 Updated to version 1.2.11 2014-07-11 11:26:03 +02:00
Manuel Pégourié-Gonnard
0cdde2d107 Fix minlen for GCM suites 2014-07-09 18:03:10 +02:00
Paul Bakker
a16e7f24f0 Proper initialization and checks for rare cases 2014-07-09 14:58:11 +02:00
Paul Bakker
1d073c59ad Add static and casts to prevent compiler warnings 2014-07-08 20:17:07 +02:00
Paul Bakker
f73b718f17 Latest CBC padding check 2014-07-08 18:30:44 +02:00
Paul Bakker
bbc843f0b8 Fix base64_decode() to return and check length correctly 2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard
ff9e1a4aa4 Document in-out param of dhm_calc_secret() 2014-07-08 18:29:04 +02:00
Manuel Pégourié-Gonnard
002bc86718 Clarify mpi_write_binary()'s doc. 2014-07-08 18:29:03 +02:00
Manuel Pégourié-Gonnard
03917bf7d5 Disable broken Sparc64 bn_mul assembly 2014-07-08 18:29:01 +02:00
Manuel Pégourié-Gonnard
877a0944ad Padlock asm using \n\t too 2014-07-08 18:29:00 +02:00
Manuel Pégourié-Gonnard
4564af9e3d Fix asm format of bn_mul.h for more portability
Found by Barry K. Nathan.

Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html:

"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-07-08 18:28:59 +02:00
Barry K. Nathan
22ca9c0197 Fix preprocessor checks for bn_mul PPC asm
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-07-08 18:28:57 +02:00
Manuel Pégourié-Gonnard
4467fb7507 Check input lengths in GCM 2014-07-08 18:28:56 +02:00
Paul Bakker
5bad6afd8c Fix length checking for AEAD ciphersuites 2014-07-08 18:28:54 +02:00
Paul Bakker
312da33ef1 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-07-08 18:28:52 +02:00
Peter Vaskovic
1b08bd9525 Fix WSAStartup return value check.
SOCKET_ERROR was not a valid return value.
WSAStartup returns 0 on success, so check that instead.
2014-07-08 18:28:51 +02:00
Andre Heinecke
dcbd74f699 Fix symlink command for cross compiling
Check for the host system to determine which command should be used
to create a symlink. Otherwise symlinking will fail when cross
compiling polarssl on a unix host for windows.
2014-07-08 18:28:49 +02:00
Peter Vaskovic
02388c918d Fix minor format string inconsistency. 2014-07-08 18:28:48 +02:00
Paul Bakker
75ee01097f Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-07-08 18:28:47 +02:00
Barry K. Nathan
609d1a96aa Fix build with cc from Apple LLVM
On Xcode 4.x and above (I tested Xcode 4.6.3 on 10.7.5 and Xcode 5.5.1 on 10.9.2), cmake (2.8.12.2, whether from MacPorts or from clang.org, FWIW) is detecting /usr/bin/cc as Clang, but CMAKE_COMPILER_IS_CLANG is not getting set, so the tests aren't being built. (There may have been other build problems as well, but the fact that the tests weren't being built was by far the most obvious problem.)

Checking the compiler ID detected by cmake, rather than the name of the command used to invoke the compiler, fixes this.
2014-07-08 18:28:45 +02:00
Markus Pfeiffer
55bdbc1834 Make compilation on DragonFly work 2014-07-08 18:28:44 +02:00
Paul Bakker
358d325017 Fix bug with mpi_fill_random() on big-endian 2014-07-08 18:28:42 +02:00
Paul Bakker
95a11f8c16 On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-07-08 18:28:40 +02:00
Paul Bakker
ccebf6ef8a Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-07-08 18:28:38 +02:00
Paul Bakker
b0af56334c rsa_check_pubkey() now allows an E up to N 2014-07-08 18:28:36 +02:00
Paul Bakker
3dfa07b401 Clearer description for version_get_string_full() regarding 18 bytes 2014-07-08 18:28:35 +02:00
Paul Bakker
838ed3c74d Improve interop by not writing ext_len in ClientHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-07-08 18:28:33 +02:00
Paul Bakker
6993284ece Travis configuration file for 1.2 branch 2014-07-08 18:28:32 +02:00
Paul Bakker
d6d1f410e6 Cleaner initialization (values did not matter, but were uninitialized) 2014-07-08 18:28:31 +02:00
Paul Bakker
a2eabadb07 Actually increment the loop counter to quit in ssl_fork_server 2014-07-08 18:28:31 +02:00
Paul Bakker
3914840d78 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-07-08 18:28:30 +02:00
Paul Bakker
993f02cda0 Added return value checking for correctness in programs 2014-07-08 18:28:29 +02:00
Paul Bakker
676093e253 Check setsockopt() return value in net_bind() 2014-07-08 18:28:29 +02:00
Paul Bakker
7890e62a1f Added missing MPI_CHK around mpi functions 2014-07-08 18:28:29 +02:00
Paul Bakker
243d61894c Reject certificates with times not in UTC 2014-07-08 14:40:58 +02:00
Paul Bakker
f48de9579f Use UTC to heck certificate validity 2014-07-08 14:39:41 +02:00
Paul Bakker
dedce0c35c Prevent potential NULL pointer dereference in ssl_read_record() 2014-07-08 14:36:12 +02:00
Paul Bakker
6995efe8be Potential memory leak in mpi_exp_mod() when error occurs during
calculation of RR.
2014-07-08 14:32:35 +02:00