Manuel Pégourié-Gonnard
fd6c85c3eb
Set a compile-time limit to X.509 chain length
2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard
6ed2d92629
Make x509_crl_parse() iterative
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
426d4ae7ff
Split x509_crl_parse_der() out of x509_crl_parse()
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
8c9223df84
Add text view to debug_print_buf()
2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard
98aa19148c
Adjust warnings in different modes
2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard
e5b0fc1847
Make malloc-init script a bit happier
2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard
f631bbc1da
Make x509_string_cmp() iterative
2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
d681443f69
Fix potential stack overflow
2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
e959979621
Fix ECDSA sign buffer size
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
b31b61b9e8
Fix potential undefined behaviour in Camellia
2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard
7c13d69cb5
Fix dependency issues
2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard
a1efcb084f
Implement pk_check_pair() for RSA-alt
2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard
27e3edbe2c
Check key/cert pair in ssl_set_own_cert()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
70bdadf54b
Add pk_check_pair()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d
Add ecp_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
e10e06d863
Blind RSA operations even without CRT
2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard
d056ce0e3e
Use seq_num as AEAD nonce by default
2014-11-06 18:23:49 +01:00
Paul Bakker
82788fb63b
Fix minor style issues
2014-10-20 13:59:19 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
Manuel Pégourié-Gonnard
ef9a6aec51
Allow comparing name with mismatched encodings
2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard
88421246d8
Rename a function
2014-10-17 12:42:30 +02:00
Manuel Pégourié-Gonnard
43c3b28ca6
Fix memory leak with crafted ClientHello
2014-10-17 12:42:11 +02:00
Manuel Pégourié-Gonnard
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard
64938c63f0
Accept spaces at end of line/buffer in base64
2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard
7f4ed67a97
Fix compile error with armcc in mpi_is_prime()
2014-10-15 22:06:46 +02:00
Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard
480905d563
Fix selection of hash from sig_alg ClientHello ext.
2014-08-30 14:19:59 +02:00
Sander Niemeijer
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard
8ef7088bb9
Use polarssl_zeroize() in asn1parse too
2014-08-21 18:15:09 +02:00
Peter Vaskovic
a676acf66b
Fix missing curly braces.
2014-08-21 17:56:25 +02:00
Manuel Pégourié-Gonnard
a13500fdf7
Fix bug with ssl_close_notify and non-blocking I/O
2014-08-19 16:14:04 +02:00
Manuel Pégourié-Gonnard
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
f07f421759
Fix server-initiated renego with non-blocking I/O
2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard
f26a1e8602
ssl_read() stops returning non-application data
2014-08-19 12:28:50 +02:00
Manuel Pégourié-Gonnard
55e4ff2ace
Tune comments
2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard
462906f955
Do no test net_usleep() when not defined
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
Alfred Klomp
b308dd72d9
timing.c: avoid referencing garbage value
...
Found with Clang's `scan-build` tool.
When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.
Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
2014-08-14 11:34:35 +02:00
Alfred Klomp
7ee55624fb
gcm.c: remove dead store
...
Found with Clang's `scan-build` tool.
The value written to `hi` is never used, resulting in a warning. Remove
the dead store to get rid of the warning.
2014-08-14 11:34:35 +02:00
Alfred Klomp
1b4eda3af9
pkcs5.c: fix dead store: return proper exit status
...
Found with Clang's `scan-build` tool.
The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d77eeeaf6
Fix integer suffix rejected by some MSVC versions
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9a6b442cee
Fix non-blocking sockets in net_accept()
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
a04fa4fa04
RSA-PSK key exchange requires TLS 1.x
...
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00