Commit Graph

944 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
9b4c5d9f21 Revert "Fix verion-major intolerance"
This reverts commit 6d841c2c5c.

This commit introduced a security-critical bug in the way the client version
is validated. Let's first revert it to fix the security issue, and then fix
the version-major intolerance issue another way.
2015-04-10 13:57:43 +02:00
Paul Bakker
9fdc58fd9e Ready for release 1.2.13 2015-02-16 15:17:32 +01:00
Paul Bakker
530927b163 Update copyright line to 2015 2015-02-13 14:24:10 +01:00
Manuel Pégourié-Gonnard
f097400abc Fix small bug in base64_encode() 2015-02-05 11:48:58 +00:00
James Cowgill
b82f59162c Fix mips64 bignum implementation
- Use correct mips64 define (__mips64, not __mips64__).
- Added mips64 to the list of arches supporting 64-bit ints.
2015-02-05 11:41:03 +00:00
Manuel Pégourié-Gonnard
2dc15c8e7d Fix unchecked error on windows 2015-02-05 11:34:49 +00:00
Manuel Pégourié-Gonnard
e12abf90ce Fix url 2015-01-28 17:13:45 +00:00
Manuel Pégourié-Gonnard
0edee5e386 Update copyright notice 2015-01-26 15:29:40 +00:00
Manuel Pégourié-Gonnard
d64359279d Fix bug on s390 2015-01-23 15:50:23 +00:00
Manuel Pégourié-Gonnard
258bab0b1b Fix missing bound check 2014-11-27 09:27:21 +01:00
Manuel Pégourié-Gonnard
aa02dc1ed8 Add support for cleanly exiting ssl_server2
Useful for memory testing
2014-11-20 17:28:18 +01:00
Manuel Pégourié-Gonnard
4cdb3babad Add POLARSSL_X509_MAX_INTERMEDIATE_CA 2014-11-20 17:12:15 +01:00
Manuel Pégourié-Gonnard
6a095d2383 Make x509parse_crt() iterative 2014-11-20 17:03:09 +01:00
Manuel Pégourié-Gonnard
1c022a6983 Fix memory leaks in PKCS#5 and PKCS#12 2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
d8a1ea72b1 Fix potential buffer overread of size 1 2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
309c798b2b Fix memory leak in PKCS#5 test suite 2014-11-17 11:56:08 +01:00
Manuel Pégourié-Gonnard
3c17460a1f Fix warning in RSA test suite 2014-11-17 11:52:51 +01:00
Manuel Pégourié-Gonnard
ffbeedb838 Fix potential undefined behaviour in Camellia 2014-11-17 11:52:34 +01:00
Manuel Pégourié-Gonnard
7bf9f7e308 Fix documentation issues found by Clang 2014-11-17 11:20:21 +01:00
Manuel Pégourié-Gonnard
6c28491a15 Backport build modes from 1.3 2014-11-17 11:15:13 +01:00
Manuel Pégourié-Gonnard
aec1385551 compat.sh exits non-zero on failure 2014-11-17 11:12:33 +01:00
Manuel Pégourié-Gonnard
017bf57daa Forbid repeated X.509 extensions 2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
360eb91d02 Fix potential stack overflow 2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
fdec957e55 Fix memory leak with crafted X.509 certs 2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d3ae430241 Fix uninitialised pointer dereference 2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d730aa517a Use blinding for RSA even without CRT 2014-11-12 16:29:12 +01:00
Paul Bakker
fc3697ce2b Prepared for PolarSSL-1.2.12 2014-10-24 10:42:52 +02:00
Manuel Pégourié-Gonnard
0b12d5e332 Accept spaces at EOL/buffer in base64_decode() 2014-10-23 17:00:26 +02:00
Manuel Pégourié-Gonnard
a6118741a7 Update changelog for the last few commits 2014-10-23 15:37:34 +02:00
Alfred Klomp
d6d5ef2f0d timing.c: avoid referencing garbage value
Found with Clang's `scan-build` tool.

When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.

Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
2014-10-23 15:36:33 +02:00
Alfred Klomp
9afec5f8ec ssl_mail_client.c: silence warning, check base64_encode() status
Found with Clang's `scan-build` tool.

ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value.  This causes
scan-build to issue a warning.

Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-10-23 15:36:17 +02:00
Alfred Klomp
185962114a ssl_test.c: remove dead store, assign at declaration
Found with Clang's `scan-build` tool.

The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-10-23 15:35:39 +02:00
Alfred Klomp
ec99373df6 pkcs5.c: fix dead store: return proper exit status
Found with Clang's `scan-build` tool.

The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-10-23 15:34:02 +02:00
Manuel Pégourié-Gonnard
9711920304 Fix ssl_read wrt non-Application Data 2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard
3fdfcedebb Fix net_accept() regarding non-blocking sockets 2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard
982eda385f Don't print uninitialised buffer in ssl_mail_client 2014-10-23 15:20:26 +02:00
Manuel Pégourié-Gonnard
0b0b522932 Fix compiler warnings on iOS 2014-10-23 15:17:27 +02:00
Manuel Pégourié-Gonnard
7d75ea4787 x509_crt_parse() did not increase total_failed on PEM error 2014-10-23 15:13:39 +02:00
Manuel Pégourié-Gonnard
86792a6cf3 Fix ssl_close_notify() with non-blocking I/O 2014-10-23 15:02:45 +02:00
Manuel Pégourié-Gonnard
066c1f60bb Fix potential bad read in parsing ServerHello 2014-10-23 14:58:09 +02:00
Manuel Pégourié-Gonnard
6b44038913 Fix memory leak parsing some X.509 certs 2014-10-23 14:53:46 +02:00
Paul Bakker
308a586477 Better placement of memset() to prevent compiler warning under MSVC 2014-07-11 11:40:35 +02:00
Paul Bakker
695266cb51 Updated to version 1.2.11 2014-07-11 11:26:03 +02:00
Manuel Pégourié-Gonnard
0cdde2d107 Fix minlen for GCM suites 2014-07-09 18:03:10 +02:00
Paul Bakker
a16e7f24f0 Proper initialization and checks for rare cases 2014-07-09 14:58:11 +02:00
Paul Bakker
1d073c59ad Add static and casts to prevent compiler warnings 2014-07-08 20:17:07 +02:00
Paul Bakker
f73b718f17 Latest CBC padding check 2014-07-08 18:30:44 +02:00
Paul Bakker
bbc843f0b8 Fix base64_decode() to return and check length correctly 2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard
ff9e1a4aa4 Document in-out param of dhm_calc_secret() 2014-07-08 18:29:04 +02:00
Manuel Pégourié-Gonnard
002bc86718 Clarify mpi_write_binary()'s doc. 2014-07-08 18:29:03 +02:00