Commit Graph

324 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
d64359279d Fix bug on s390 2015-01-23 15:50:23 +00:00
Manuel Pégourié-Gonnard
258bab0b1b Fix missing bound check 2014-11-27 09:27:21 +01:00
Manuel Pégourié-Gonnard
4cdb3babad Add POLARSSL_X509_MAX_INTERMEDIATE_CA 2014-11-20 17:12:15 +01:00
Manuel Pégourié-Gonnard
1c022a6983 Fix memory leaks in PKCS#5 and PKCS#12 2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
d8a1ea72b1 Fix potential buffer overread of size 1 2014-11-17 12:27:49 +01:00
Manuel Pégourié-Gonnard
ffbeedb838 Fix potential undefined behaviour in Camellia 2014-11-17 11:52:34 +01:00
Manuel Pégourié-Gonnard
017bf57daa Forbid repeated X.509 extensions 2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
360eb91d02 Fix potential stack overflow 2014-11-17 11:01:09 +01:00
Manuel Pégourié-Gonnard
fdec957e55 Fix memory leak with crafted X.509 certs 2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d3ae430241 Fix uninitialised pointer dereference 2014-11-17 11:01:08 +01:00
Manuel Pégourié-Gonnard
d730aa517a Use blinding for RSA even without CRT 2014-11-12 16:29:12 +01:00
Paul Bakker
fc3697ce2b Prepared for PolarSSL-1.2.12 2014-10-24 10:42:52 +02:00
Manuel Pégourié-Gonnard
0b12d5e332 Accept spaces at EOL/buffer in base64_decode() 2014-10-23 17:00:26 +02:00
Manuel Pégourié-Gonnard
a6118741a7 Update changelog for the last few commits 2014-10-23 15:37:34 +02:00
Manuel Pégourié-Gonnard
9711920304 Fix ssl_read wrt non-Application Data 2014-10-23 15:29:55 +02:00
Manuel Pégourié-Gonnard
3fdfcedebb Fix net_accept() regarding non-blocking sockets 2014-10-23 15:23:48 +02:00
Manuel Pégourié-Gonnard
982eda385f Don't print uninitialised buffer in ssl_mail_client 2014-10-23 15:20:26 +02:00
Manuel Pégourié-Gonnard
0b0b522932 Fix compiler warnings on iOS 2014-10-23 15:17:27 +02:00
Manuel Pégourié-Gonnard
7d75ea4787 x509_crt_parse() did not increase total_failed on PEM error 2014-10-23 15:13:39 +02:00
Manuel Pégourié-Gonnard
86792a6cf3 Fix ssl_close_notify() with non-blocking I/O 2014-10-23 15:02:45 +02:00
Manuel Pégourié-Gonnard
066c1f60bb Fix potential bad read in parsing ServerHello 2014-10-23 14:58:09 +02:00
Manuel Pégourié-Gonnard
6b44038913 Fix memory leak parsing some X.509 certs 2014-10-23 14:53:46 +02:00
Paul Bakker
695266cb51 Updated to version 1.2.11 2014-07-11 11:26:03 +02:00
Paul Bakker
bbc843f0b8 Fix base64_decode() to return and check length correctly 2014-07-08 18:29:06 +02:00
Manuel Pégourié-Gonnard
03917bf7d5 Disable broken Sparc64 bn_mul assembly 2014-07-08 18:29:01 +02:00
Manuel Pégourié-Gonnard
4564af9e3d Fix asm format of bn_mul.h for more portability
Found by Barry K. Nathan.

Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html:

"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-07-08 18:28:59 +02:00
Barry K. Nathan
22ca9c0197 Fix preprocessor checks for bn_mul PPC asm
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-07-08 18:28:57 +02:00
Paul Bakker
5bad6afd8c Fix length checking for AEAD ciphersuites 2014-07-08 18:28:54 +02:00
Paul Bakker
312da33ef1 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-07-08 18:28:52 +02:00
Paul Bakker
75ee01097f Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-07-08 18:28:47 +02:00
Markus Pfeiffer
55bdbc1834 Make compilation on DragonFly work 2014-07-08 18:28:44 +02:00
Paul Bakker
358d325017 Fix bug with mpi_fill_random() on big-endian 2014-07-08 18:28:42 +02:00
Paul Bakker
95a11f8c16 On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-07-08 18:28:40 +02:00
Paul Bakker
b0af56334c rsa_check_pubkey() now allows an E up to N 2014-07-08 18:28:36 +02:00
Paul Bakker
838ed3c74d Improve interop by not writing ext_len in ClientHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-07-08 18:28:33 +02:00
Paul Bakker
243d61894c Reject certificates with times not in UTC 2014-07-08 14:40:58 +02:00
Paul Bakker
f48de9579f Use UTC to heck certificate validity 2014-07-08 14:39:41 +02:00
Paul Bakker
dedce0c35c Prevent potential NULL pointer dereference in ssl_read_record() 2014-07-08 14:36:12 +02:00
Paul Bakker
6995efe8be Potential memory leak in mpi_exp_mod() when error occurs during
calculation of RR.
2014-07-08 14:32:35 +02:00
Paul Bakker
3cbaf1e379 Add ssl_close_notify() to servers that missed it 2014-07-08 14:30:35 +02:00
Paul Bakker
358a841b34 x509_get_current_time() uses localtime_r() to prevent thread issues 2014-07-08 12:14:37 +02:00
Paul Bakker
24aaf44120 Make sure no random pointer occur during failed malloc()'s 2014-07-08 11:39:19 +02:00
Paul Bakker
bc8984931c Improvements to tests/Makefile when using shared library 2014-07-08 11:32:12 +02:00
Paul Bakker
1e9423704a Support for seed file writing and reading in Entropy 2014-07-08 11:20:25 +02:00
Paul Bakker
b000f82d76 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard
57291a7019 Work around a compiler bug on OS X. 2014-07-08 11:13:42 +02:00
Manuel Pégourié-Gonnard
3baeb15c79 Update changelog for cmake changes 2014-07-08 11:10:54 +02:00
Alex Wilson
e63560470e Don't try to use MIPS32 asm macros on MIPS64
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
2014-07-08 11:06:05 +02:00
Manuel Pégourié-Gonnard
be04673c49 Forbid sequence number wrapping 2014-07-08 11:04:19 +02:00
Paul Bakker
50a5c53398 Reject certs and CRLs from the future 2014-07-08 10:59:10 +02:00