Commit graph

929 commits

Author SHA1 Message Date
Paul Bakker ccebf6ef8a Sanity length checks in ssl_read_record() and ssl_fetch_input()
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-07-08 18:28:38 +02:00
Paul Bakker b0af56334c rsa_check_pubkey() now allows an E up to N 2014-07-08 18:28:36 +02:00
Paul Bakker 3dfa07b401 Clearer description for version_get_string_full() regarding 18 bytes 2014-07-08 18:28:35 +02:00
Paul Bakker 838ed3c74d Improve interop by not writing ext_len in ClientHello when 0
The RFC also indicates that without any extensions, we should write a
struct {} (empty) not an array of length zero.
2014-07-08 18:28:33 +02:00
Paul Bakker 6993284ece Travis configuration file for 1.2 branch 2014-07-08 18:28:32 +02:00
Paul Bakker d6d1f410e6 Cleaner initialization (values did not matter, but were uninitialized) 2014-07-08 18:28:31 +02:00
Paul Bakker a2eabadb07 Actually increment the loop counter to quit in ssl_fork_server 2014-07-08 18:28:31 +02:00
Paul Bakker 3914840d78 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-07-08 18:28:30 +02:00
Paul Bakker 993f02cda0 Added return value checking for correctness in programs 2014-07-08 18:28:29 +02:00
Paul Bakker 676093e253 Check setsockopt() return value in net_bind() 2014-07-08 18:28:29 +02:00
Paul Bakker 7890e62a1f Added missing MPI_CHK around mpi functions 2014-07-08 18:28:29 +02:00
Paul Bakker 243d61894c Reject certificates with times not in UTC 2014-07-08 14:40:58 +02:00
Paul Bakker f48de9579f Use UTC to heck certificate validity 2014-07-08 14:39:41 +02:00
Paul Bakker dedce0c35c Prevent potential NULL pointer dereference in ssl_read_record() 2014-07-08 14:36:12 +02:00
Paul Bakker 6995efe8be Potential memory leak in mpi_exp_mod() when error occurs during
calculation of RR.
2014-07-08 14:32:35 +02:00
Paul Bakker 3cbaf1e379 Add ssl_close_notify() to servers that missed it 2014-07-08 14:30:35 +02:00
Paul Bakker 875548ce67 Disable renegotiation by default in example cli/srv 2014-07-08 12:21:41 +02:00
Paul Bakker 358a841b34 x509_get_current_time() uses localtime_r() to prevent thread issues 2014-07-08 12:14:37 +02:00
Paul Bakker 24aaf44120 Make sure no random pointer occur during failed malloc()'s 2014-07-08 11:39:19 +02:00
Paul Bakker 345316db65 Made building of programs optional in CMake 2014-07-08 11:32:40 +02:00
Paul Bakker bc8984931c Improvements to tests/Makefile when using shared library 2014-07-08 11:32:12 +02:00
Manuel Pégourié-Gonnard c2262b58f6 Tune debug_print_ret format 2014-07-08 11:26:20 +02:00
Paul Bakker ef3cf7088f Provide no info from entropy_func() on future entropy 2014-07-08 11:25:51 +02:00
Paul Bakker 1e9423704a Support for seed file writing and reading in Entropy 2014-07-08 11:20:25 +02:00
Paul Bakker ec8e5db1cf Updated documentation for seed functions w.r.t. return values 2014-07-08 11:18:41 +02:00
Paul Bakker 22a0ce0cef Fix warning on MinGW and MSVC12 2014-07-08 11:17:50 +02:00
Paul Bakker 8cb73200e1 MinGW32 static build should link to windows libs and libz 2014-07-08 11:15:55 +02:00
Paul Bakker b000f82d76 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr 2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard a9f86e03ed Make the compiler work-around more specific 2014-07-08 11:13:59 +02:00
Manuel Pégourié-Gonnard 57291a7019 Work around a compiler bug on OS X. 2014-07-08 11:13:42 +02:00
Manuel Pégourié-Gonnard 516eb623df Make auth_mode=required the default in ssl_client2 2014-07-08 11:13:15 +02:00
Manuel Pégourié-Gonnard 8a56d3044d Update doc of ssl_set_authmode() 2014-07-08 11:11:45 +02:00
Manuel Pégourié-Gonnard 588b66f152 Add a warning against compression in config.h 2014-07-08 11:11:25 +02:00
Manuel Pégourié-Gonnard 3baeb15c79 Update changelog for cmake changes 2014-07-08 11:10:54 +02:00
hasufell 97a11c107e CMake: allow to build both shared and static at once
This allows for more fine-grained control. Possible combinations:
  * static off, shared on
  * static on, shared off
  * static on, shared on

The static library is always called "libpolarssl.a" and is only used
for linking of tests and internal programs if the shared lib is
not being built.

Default is: only build static lib.
2014-07-08 11:10:09 +02:00
hasufell d113a9d60f CMake: fix zlib include dir
ZLIB_INCLUDE_DIR was interpreted as a relative path from the
working directory.
2014-07-08 11:06:59 +02:00
hasufell 69ebf32725 CMake: respect system cflags
Adding optimization level to CMAKE_C_FLAGS is intrusive and problematic
with policies of various distribution.
However, setting "-O2" in CMAKE_CFLAGS_RELEASE is fine and only
affects release build.
2014-07-08 11:06:41 +02:00
Alex Wilson e63560470e Don't try to use MIPS32 asm macros on MIPS64
The MIPS32 bn_mul asm code causes segfaults on MIPS64 and failing
tests. Until someone has time to fix this up, MIPS64 platforms should
fall back to the C implementation (which works fine).
2014-07-08 11:06:05 +02:00
Manuel Pégourié-Gonnard be04673c49 Forbid sequence number wrapping 2014-07-08 11:04:19 +02:00
Paul Bakker 50a5c53398 Reject certs and CRLs from the future 2014-07-08 10:59:10 +02:00
Paul Bakker 0d844dd650 Add x509parse_time_future() 2014-07-07 17:46:36 +02:00
Manuel Pégourié-Gonnard 963918b88f Countermeasure against "triple handshake" attack 2014-07-07 17:46:35 +02:00
Manuel Pégourié-Gonnard 397858b81d Avoid "unreachable code" warning 2014-07-07 17:46:33 +02:00
Paul Bakker 57ca5702fd Fixed CMake symlinking on out-of-source builds 2014-07-07 17:46:32 +02:00
Manuel Pégourié-Gonnard 6d841c2c5c Fix verion-major intolerance 2014-07-07 17:46:31 +02:00
Paul Bakker e96bfbc6bd Fixed testing with out-of-source builds using cmake 2014-07-07 17:46:30 +02:00
Paul Bakker 44e8b23462 Fixed file descriptor leak in generic_sum 2014-07-07 17:46:30 +02:00
Manuel Pégourié-Gonnard c675e4bde5 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-07-07 17:46:29 +02:00
Paul Bakker af0ccc8fa0 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-07-07 17:46:29 +02:00
Paul Bakker 1e7c3d2500 net_is_block() renamed to net_would_block() and corrected behaviour on
non-blocking sockets

net_would_block() now does not return 1 if the socket is blocking.
2014-07-07 17:46:28 +02:00