Commit graph

3213 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 1c38550bbd Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

see #220

backport of fdbdd72
2015-09-01 18:34:15 +02:00
Manuel Pégourié-Gonnard 15f1088ef6 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.

backport of 560fea3
2015-09-01 18:29:59 +02:00
Manuel Pégourié-Gonnard 8fbb5a32c6 Fix snprintf usage again
Sigh, switching between branches is error-prone
2015-08-31 12:38:12 +02:00
Manuel Pégourié-Gonnard c728f9486b Fix snprintf usage on windows
Introduced in 6432c7e
2015-08-31 12:30:16 +02:00
Manuel Pégourié-Gonnard 6512554f42 Fix handling of long PSK identities
backport from c3b5d83

see #238
2015-08-31 11:43:47 +02:00
Manuel Pégourié-Gonnard ee7db9cb6d Fix hash buffer size in pkey programs
backport from 102a620
2015-08-31 11:32:03 +02:00
Manuel Pégourié-Gonnard 6432c7e782 Fix memory corruption in rsa sign/verify programs
backport from d74c697

see #210
2015-08-31 11:30:07 +02:00
Manuel Pégourié-Gonnard e217ceea38 Fix warning with MD/SHA ALT implementation
backport of 8b2641d

see #239
2015-08-31 11:22:47 +02:00
Manuel Pégourié-Gonnard a67fd79e8f Fix -Wshadow warnings
Backport of ea35666 and 824ba72

see #240
2015-08-31 11:07:51 +02:00
Manuel Pégourié-Gonnard 5efed09c5f Fix possible unlock before lock in RSA
Backport of 1385a28 and 4d04cdc

see #257
2015-08-31 10:21:10 +02:00
Manuel Pégourié-Gonnard 89789be80f Fix handling of new config option
fixes #256
2015-08-27 09:54:16 +02:00
Manuel Pégourié-Gonnard 3a5ee1c411 Increase tolerance of timing selftest
Forgot to move that one to 20% in previous commit
2015-08-19 14:48:34 +02:00
Manuel Pégourié-Gonnard 25f44a6020 Relax timing_self_test for windows idiosyncrasies
Also widen accepted error to +/- 20 % while at it
2015-08-19 10:22:54 +02:00
Manuel Pégourié-Gonnard ce11699cf2 Fix pkwrite test that were failing on mingw32
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
2015-08-19 10:20:25 +02:00
Paul Bakker 3edec6c4ed Prepare for 1.3.12 release 2015-08-11 13:22:10 +01:00
Manuel Pégourié-Gonnard 027ead91e5 Disable padlock asm with ASan
Causes errors with some versions of ASan
2015-08-10 17:44:53 +02:00
Manuel Pégourié-Gonnard 705de2f98d Revert "Avoid formatting debug message uselessly"
This reverts commit 925a72628b.

Reason: introduced an ABI change in the maintenance branch.
2015-08-10 17:36:47 +02:00
Manuel Pégourié-Gonnard 84690c35ee Make ssl-opt.sh more tolerant to start timeouts
Rather than flat-out die when we can't see the server started with lsof, just
stop waiting and try to go ahead with the test. Maybe it'll work if there was
a problem with lsof, most probably it will fail, but at least we'll have the
log, and the results of the following tests.

Note: date +%s isn't POSIX, but it works at least on Linux, Darwin/FreeBSD and
OpenBSD, which should be good enough for a test script.
2015-08-10 17:06:22 +02:00
Manuel Pégourié-Gonnard cc86ac5d56 Fix compile error with armcc5 --gnu 2015-08-10 12:10:39 +02:00
Manuel Pégourié-Gonnard b5d77d3fd9 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
2015-08-10 12:01:50 +02:00
Manuel Pégourié-Gonnard 1b1254fa05 Fix missing -static-libgcc when building dlls 2015-08-10 11:56:54 +02:00
Manuel Pégourié-Gonnard a64b15ee73 Fix bug with cmake and old version of GCC 2015-08-10 11:35:02 +02:00
Manuel Pégourié-Gonnard 501084c764 Add warning/errors about deprecated config items 2015-07-15 11:18:40 +02:00
Manuel Pégourié-Gonnard e92617b586 Run timing selftest on all platforms 2015-07-06 17:19:27 +02:00
Manuel Pégourié-Gonnard 3ab7b96f35 Make hardclock selftest optional 2015-07-06 17:17:55 +02:00
Manuel Pégourié-Gonnard 5574546524 Document thread-safety of the RSA functions 2015-07-03 17:51:10 +02:00
Manuel Pégourié-Gonnard f0f399d66c Up default server DHM size to 2048 bits 2015-07-03 17:45:57 +02:00
Manuel Pégourié-Gonnard f0dd045bbe Backport dh_genprime update from 2.0 2015-07-03 17:14:06 +02:00
Manuel Pégourié-Gonnard 56e245d959 Only do dynamic alloc when necessary 2015-06-29 19:52:44 +02:00
Manuel Pégourié-Gonnard 925a72628b Avoid formatting debug message uselessly 2015-06-29 19:47:17 +02:00
Manuel Pégourié-Gonnard 6461f368d8 Use good DH params with OpenSSL in tests 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard 006f655218 Add forgotten programs in Makefile
Closes #209
2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard 9ea1b23cc4 Up min size of DHM params to 1024 bits on client 2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard 6c3ccf5fd0 Fix thread-safety issue in debug.c
Closes #203
2015-06-29 18:52:57 +02:00
Manuel Pégourié-Gonnard 8e8ae3d961 Fix potential NULL dereference on bad usage 2015-06-23 18:57:28 +02:00
Manuel Pégourié-Gonnard b26b75e17b Clean up RSA PMS checking code 2015-06-23 18:52:09 +02:00
Paul Bakker 19eef51487 Prepare for 1.3.11 release 2015-06-04 14:49:19 +02:00
Manuel Pégourié-Gonnard 721e6bbf71 Fix all.sh for recent config.pl change 2015-06-03 13:38:20 +01:00
Manuel Pégourié-Gonnard dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard b752715893 Expand config.pl's notion of "full"
Make sure bugs in PLATFORM_xxx_ALT are catched
2015-06-03 10:00:02 +01:00
Manuel Pégourié-Gonnard f2ec505c34 Ack external bugfix in Changelog 2015-06-03 09:50:07 +01:00
Manuel Pégourié-Gonnard 3e87a9f57f FIx misplaced Changelog entry (oops) 2015-06-03 09:48:26 +01:00
ptahpeteh 249bece013 Fix compile bug: incompatible declaration of polarssl_exit in platform.c
This causes a compile-time error: 

platform.c(157): error:  #147: declaration is incompatible with "void (*polarssl_exit)(int)" (declared at line 179 of "platform.h")
2015-06-02 15:26:09 +02:00
Manuel Pégourié-Gonnard d22514e8f6 Fix contributor's name in Changelog 2015-06-02 12:59:59 +01:00
Manuel Pégourié-Gonnard 6ca7624952 Mark unused constant as such 2015-06-02 09:55:32 +01:00
Manuel Pégourié-Gonnard 5866848092 Update ChangeLog for recent external bugfix 2015-06-02 09:08:35 +01:00
Manuel Pégourié-Gonnard 468b06dab0 Merge remote-tracking branch 'ptahpeteh/patch-1' into mbedtls-1.3
* ptahpeteh/patch-1:
  Serious bug fix in entropy.c
2015-06-02 09:03:06 +01:00
ptahpeteh 638fa0bb0f Serious bug fix in entropy.c
Bug: mutex access within entropy_contex after it has been zeroed leads to app crash.
2015-06-01 12:28:29 +02:00
Manuel Pégourié-Gonnard 61977614d8 Fix memleak with repeated [gc]cm_setkey() 2015-05-27 17:40:16 +02:00
Nicholas Wilson bc07c3a1f0 fix minor bug in path_cnt checks
If the top certificate occurs twice in trust_ca (for example) it would
not be good for the second instance to be checked with check_path_cnt
reduced twice!
2015-05-13 10:40:30 +01:00