Commit graph

572 commits

Author SHA1 Message Date
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard 5dd28ea432 Fix len miscalculation in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 547ff6618f Fix NULL dereference in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard fa06581c73 Disable RC4 by default in example programs. 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard 18292456c5 Add support for getrandom() 2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard 3ff78239fe Add tests for CBC record splitting 2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard fa4238838a Update Changelog for compile-option renegotiation 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard 426d4ae7ff Split x509_crl_parse_der() out of x509_crl_parse() 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard d681443f69 Fix potential stack overflow 2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard e959979621 Fix ECDSA sign buffer size 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard b31b61b9e8 Fix potential undefined behaviour in Camellia 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard 54f6e562e6 Fix CFLAGS with cmake and gcc 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard de17125875 Update ChangeLog for pk_check_pair() & Co 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard e10e06d863 Blind RSA operations even without CRT 2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00
Manuel Pégourié-Gonnard c122ae7612 Update Changelog for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard b3c6a97b31 Update Changelog for session-hash 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 178f9d6e19 Update Changelog for FALLBACK_SCSV 2014-11-05 16:00:49 +01:00
Paul Bakker a6c5ea2c43 Include 1.2.12 release information in ChangeLog 2014-10-24 16:26:29 +02:00
Paul Bakker 9eac4f7c4e Prepare for release 1.3.9 2014-10-20 13:56:15 +02:00
Paul Bakker b082bb50de Fix typos in ChangeLog 2014-10-20 13:37:51 +02:00
Manuel Pégourié-Gonnard f7cdbc0e87 Fix potential bad read of length 2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard 43c3b28ca6 Fix memory leak with crafted ClientHello 2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard 5d8618539f Fix memory leak while parsing some X.509 certs 2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard 64938c63f0 Accept spaces at end of line/buffer in base64 2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard 7f4ed67a97 Fix compile error with armcc in mpi_is_prime() 2014-10-15 22:06:46 +02:00
Manuel Pégourié-Gonnard da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Paul Bakker 5a5fa92bfe x509_crt_parse() did not increase total_failed on PEM error
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard 480905d563 Fix selection of hash from sig_alg ClientHello ext. 2014-08-30 14:19:59 +02:00
Sander Niemeijer ef5087d150 Added explicit casts to prevent compiler warnings when trying to build for iOS 2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard a13500fdf7 Fix bug with ssl_close_notify and non-blocking I/O 2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard f07f421759 Fix server-initiated renego with non-blocking I/O 2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard f26a1e8602 ssl_read() stops returning non-application data 2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard dca108e5a2 Rm reference to non-existent file in VS projects 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard 462906f955 Do no test net_usleep() when not defined 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard 192253aaa9 Fix buffer size in pk_write_*_pem() 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard 868c0eea08 Update Changelog for the last few commits 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard 42cc641159 Don't print uninitialized buffer in ssl_mail_client 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 9a6b442cee Fix non-blocking sockets in net_accept() 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard a04fa4fa04 RSA-PSK key exchange requires TLS 1.x
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 955028f858 Fix compile error in ssl_pthread_server 2014-08-14 11:34:33 +02:00
Paul Bakker 8dcb2d7d7e Support escaping of commas in x509_string_to_names() 2014-08-11 11:59:52 +02:00
Paul Bakker 1910aa78a3 Fix release date for 1.3.8 2014-07-11 11:28:56 +02:00
Paul Bakker 0ae5a3d336 Include 1.2.11 ChangeLog 2014-07-11 11:28:30 +02:00
Paul Bakker 6c343d7d9a Fix mpi_write_string() to write "00" as hex output for empty MPI 2014-07-10 15:27:10 +02:00
Paul Bakker ec3a617d40 Make ready for release of 1.3.8 and soversion 7 2014-07-09 10:21:28 +02:00
Paul Bakker 28476e2789 Updated ChangeLog 2014-07-09 10:19:52 +02:00
Manuel Pégourié-Gonnard 08e81e0c8f Change selection of hash algorithm for TLS 1.2 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard bd77254b18 md_list() starting with strongest hash 2014-07-08 13:03:02 +02:00
Paul Bakker 8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Paul Bakker b9e08b086b Merge server-side enforced renegotiation requests 2014-07-04 15:01:37 +02:00
Paul Bakker d598318661 Fix base64_decode() to return and check length correctly 2014-07-04 15:01:00 +02:00
Paul Bakker 23647b4df5 Update ChangeLog 2014-07-04 15:00:12 +02:00
Manuel Pégourié-Gonnard dfc7df0bec Add SSL_CIPHERSUITES config option 2014-07-04 14:59:02 +02:00
Manuel Pégourié-Gonnard 01edb1044c Add POLARSSL_REMOVE_RC4_CIPHERSUITES 2014-06-25 11:27:59 +02:00
Paul Bakker 2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard 3135725670 Disable broken Sparc64 bn_mul assembly 2014-06-25 11:26:15 +02:00
Manuel Pégourié-Gonnard 8df68632e8 Fix bug in DHE-PSK PMS computation 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard fd35af1579 Fix off-by-one error in point format parsing 2014-06-25 11:26:14 +02:00
Manuel Pégourié-Gonnard acbcbba860 Fix asm format of bn_mul.h for more portability
Found by Barry K. Nathan.

Quoting from http://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html:

"You can put multiple assembler instructions together in a single asm
template, separated by the characters normally used in assembly code for the
system. A combination that works in most places is a newline to break the
line, plus a tab character to move to the instruction field (written as
‘\n\t’). Sometimes semicolons can be used, if the assembler allows semicolons
as a line-breaking character. Note that some assembler dialects use semicolons
to start a comment."
2014-06-25 11:26:13 +02:00
Barry K. Nathan 35e7cb9aa6 Fix preprocessor checks for bn_mul PPC asm
On OS X, neither __powerpc__ nor __ppc__ is defined on PPC64, so the
asm code was only being used on PPC32.
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard d249b7ab9a Restore ability to trust non-CA selfsigned EE cert 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard c4eff16516 Restore ability to use v1 CA if trusted locally 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard 08485cca81 Fix SSL_BUFFER_LEN 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard eaa76f7e20 Fix computation of minlen for encrypted packets 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard 0bcc4e1df7 Fix length checking for AEAD ciphersuites 2014-06-25 11:26:10 +02:00
Manuel Pégourié-Gonnard 3579522d31 Update Changelog for example configs changes 2014-06-24 17:33:54 +02:00
Manuel Pégourié-Gonnard 398c57b0b3 Blowfish accepts variable key len in cipher layer 2014-06-24 11:01:33 +02:00
Paul Bakker 3c38f29a61 Fix DER output of gen_key app (found by Gergely Budai) 2014-06-14 16:46:43 +02:00
Paul Bakker 3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker c2ff2083ee Merge parsing and verification of RSASSA-PSS in X.509 modules 2014-06-12 22:02:47 +02:00
Paul Bakker f51183a262 Revert deleted PolarSSL 1.3.4 release line in ChangeLog 2014-06-12 21:53:40 +02:00
Paul Bakker 863989bc81 Add LINK_WITH_PTHREAD to ChangeLog 2014-06-12 21:49:01 +02:00
Paul Bakker 49033ba0ac Update ChangeLog for external fixes 2014-06-12 21:46:13 +02:00
Manuel Pégourié-Gonnard b479871956 Update Changelog for RSASSA-PSS in X.509 2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard bf696d030b Make sig_opts non-optional in X509 structures
This simplifies the code.
2014-06-05 17:08:46 +02:00
Manuel Pégourié-Gonnard cf975a3857 Factor out some common code 2014-06-02 16:12:46 +02:00
Paul Bakker 1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker c6ece49890 Updated ChangeLog for CCM 2014-05-22 15:45:03 +02:00
Paul Bakker 0f651c7422 Stricter check on SSL ClientHello internal sizes compared to actual packet size 2014-05-22 15:12:19 +02:00
Paul Bakker dff3139cc8 Updated ChangeLog 2014-05-22 15:06:41 +02:00
Paul Bakker 5593f7caae Fix typo in debug_print_msg() 2014-05-06 10:29:28 +02:00
Paul Bakker 47431b6d31 Updated ChangeLog for 1.3.7 to 2014-05-02 2014-05-02 13:27:13 +02:00
Paul Bakker da13016d84 Prepped for 1.3.7 release 2014-05-01 14:27:19 +02:00
Barry K. Nathan cf975f5988 Fix build with cc from Apple LLVM
On Xcode 4.x and above (I tested Xcode 4.6.3 on 10.7.5 and Xcode 5.5.1 on 10.9.2), cmake (2.8.12.2, whether from MacPorts or from clang.org, FWIW) is detecting /usr/bin/cc as Clang, but CMAKE_COMPILER_IS_CLANG is not getting set, so the tests aren't being built. (There may have been other build problems as well, but the fact that the tests weren't being built was by far the most obvious problem.)

Checking the compiler ID detected by cmake, rather than the name of the command used to invoke the compiler, fixes this.
2014-04-30 16:53:34 +02:00