mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-24 00:15:39 +01:00

Author	SHA1	Message	Date
Peter Vaskovic	02388c918d	Fix minor format string inconsistency.	2014-07-08 18:28:48 +02:00
Paul Bakker	75ee01097f	Stricter check on SSL ClientHello internal sizes compared to actual packet size	2014-07-08 18:28:47 +02:00
Markus Pfeiffer	55bdbc1834	Make compilation on DragonFly work	2014-07-08 18:28:44 +02:00
Paul Bakker	358d325017	Fix bug with mpi_fill_random() on big-endian	2014-07-08 18:28:42 +02:00
Paul Bakker	95a11f8c16	On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings	2014-07-08 18:28:40 +02:00
Paul Bakker	ccebf6ef8a	Sanity length checks in ssl_read_record() and ssl_fetch_input() Both are already covered in other places, but not in a clear fashion. So for instance Coverity thinks the value is still tainted.	2014-07-08 18:28:38 +02:00
Paul Bakker	b0af56334c	rsa_check_pubkey() now allows an E up to N	2014-07-08 18:28:36 +02:00
Paul Bakker	838ed3c74d	Improve interop by not writing ext_len in ClientHello when 0 The RFC also indicates that without any extensions, we should write a struct {} (empty) not an array of length zero.	2014-07-08 18:28:33 +02:00
Paul Bakker	676093e253	Check setsockopt() return value in net_bind()	2014-07-08 18:28:29 +02:00
Paul Bakker	7890e62a1f	Added missing MPI_CHK around mpi functions	2014-07-08 18:28:29 +02:00
Paul Bakker	243d61894c	Reject certificates with times not in UTC	2014-07-08 14:40:58 +02:00
Paul Bakker	f48de9579f	Use UTC to heck certificate validity	2014-07-08 14:39:41 +02:00
Paul Bakker	dedce0c35c	Prevent potential NULL pointer dereference in ssl_read_record()	2014-07-08 14:36:12 +02:00
Paul Bakker	6995efe8be	Potential memory leak in mpi_exp_mod() when error occurs during calculation of RR.	2014-07-08 14:32:35 +02:00
Paul Bakker	358a841b34	x509_get_current_time() uses localtime_r() to prevent thread issues	2014-07-08 12:14:37 +02:00
Paul Bakker	24aaf44120	Make sure no random pointer occur during failed malloc()'s	2014-07-08 11:39:19 +02:00
Manuel Pégourié-Gonnard	c2262b58f6	Tune debug_print_ret format	2014-07-08 11:26:20 +02:00
Paul Bakker	ef3cf7088f	Provide no info from entropy_func() on future entropy	2014-07-08 11:25:51 +02:00
Paul Bakker	1e9423704a	Support for seed file writing and reading in Entropy	2014-07-08 11:20:25 +02:00
Paul Bakker	22a0ce0cef	Fix warning on MinGW and MSVC12	2014-07-08 11:17:50 +02:00
Paul Bakker	8cb73200e1	MinGW32 static build should link to windows libs and libz	2014-07-08 11:15:55 +02:00
Paul Bakker	b000f82d76	ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr	2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard	a9f86e03ed	Make the compiler work-around more specific	2014-07-08 11:13:59 +02:00
Manuel Pégourié-Gonnard	57291a7019	Work around a compiler bug on OS X.	2014-07-08 11:13:42 +02:00
hasufell	97a11c107e	CMake: allow to build both shared and static at once This allows for more fine-grained control. Possible combinations: * static off, shared on * static on, shared off * static on, shared on The static library is always called "libpolarssl.a" and is only used for linking of tests and internal programs if the shared lib is not being built. Default is: only build static lib.	2014-07-08 11:10:09 +02:00
Manuel Pégourié-Gonnard	be04673c49	Forbid sequence number wrapping	2014-07-08 11:04:19 +02:00
Paul Bakker	50a5c53398	Reject certs and CRLs from the future	2014-07-08 10:59:10 +02:00
Paul Bakker	0d844dd650	Add x509parse_time_future()	2014-07-07 17:46:36 +02:00
Manuel Pégourié-Gonnard	963918b88f	Countermeasure against "triple handshake" attack	2014-07-07 17:46:35 +02:00
Manuel Pégourié-Gonnard	397858b81d	Avoid "unreachable code" warning	2014-07-07 17:46:33 +02:00
Manuel Pégourié-Gonnard	6d841c2c5c	Fix verion-major intolerance	2014-07-07 17:46:31 +02:00
Manuel Pégourié-Gonnard	c675e4bde5	Fix bug in RSA PKCS#1 v1.5 "reversed" operations	2014-07-07 17:46:29 +02:00
Paul Bakker	1e7c3d2500	net_is_block() renamed to net_would_block() and corrected behaviour on non-blocking sockets net_would_block() now does not return 1 if the socket is blocking.	2014-07-07 17:46:28 +02:00
Paul Bakker	1dc45f15a6	Added MPI_CHK around unguarded mpi calls	2014-07-07 17:46:25 +02:00
Paul Bakker	7837026b91	Remove a few dead stores	2014-07-07 16:01:34 +02:00
Manuel Pégourié-Gonnard	d220f8b709	Fix potential memory leak in bignum selftest	2014-07-07 16:01:33 +02:00
Manuel Pégourié-Gonnard	7fd620b331	Fix misplaced initialisation. If one of the calls to mpi_grow() before setting Apos would fail, then mpi_free( &Apos ) would be executed without Apos being initialised.	2014-07-07 16:01:31 +02:00
Manuel Pégourié-Gonnard	b55f578982	Fix missing error checking in gcm	2014-07-07 16:01:30 +02:00
Paul Bakker	4091141368	Add a length check in ssl_derive_keys()	2014-07-07 16:01:28 +02:00
Paul Bakker	d83584e9aa	Fixed potential overflow in certificate size in ssl_write_certificate()	2014-07-07 16:01:11 +02:00
Paul Bakker	78e819698b	Added missing MPI_CHK() around some statements	2014-07-07 16:01:10 +02:00
Paul Bakker	40cc914567	Fixed x509_crt_parse_path() bug on Windows platforms	2014-07-07 16:01:08 +02:00
Manuel Pégourié-Gonnard	9975c5d217	Check PKCS 1.5 padding in a more constant-time way (Avoid branches that depend on secret data.)	2014-07-07 14:38:09 +02:00
Manuel Pégourié-Gonnard	d237d261e5	Check OAEP padding in a more constant-time way	2014-07-07 14:37:56 +02:00
Manuel Pégourié-Gonnard	3411464a64	RSA-OAEP decrypt: reorganise code	2014-07-07 14:37:39 +02:00
Paul Bakker	a1caf6e1e8	SSL now gracefully handles missing RNG	2014-07-07 14:20:52 +02:00
Paul Bakker	c941adba31	Fixed X.509 hostname comparison (with non-regular characters)	2014-07-07 14:17:24 +02:00
Paul Bakker	835481930a	Makefile now produces a .so.X with SOVERSION in it	2014-07-07 14:13:54 +02:00
Manuel Pégourié-Gonnard	5c8434cf52	Safer buffer comparisons in the SSL modules	2014-07-07 14:10:07 +02:00
Paul Bakker	c3ec63df42	Minor change that makes life easier for static analyzers / compilers	2014-07-07 14:06:22 +02:00

1 2 3 4 5 ...

472 Commits