98aa19148c
Adjust warnings in different modes
2014-11-14 16:45:48 +01:00
e5b0fc1847
Make malloc-init script a bit happier
2014-11-13 12:42:12 +01:00
f631bbc1da
Make x509_string_cmp() iterative
2014-11-13 12:42:06 +01:00
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
d681443f69
Fix potential stack overflow
2014-11-12 01:25:31 +01:00
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
e959979621
Fix ECDSA sign buffer size
2014-11-12 00:01:52 +01:00
b31b61b9e8
Fix potential undefined behaviour in Camellia
2014-11-12 00:01:51 +01:00
7c13d69cb5
Fix dependency issues
2014-11-12 00:01:34 +01:00
a1efcb084f
Implement pk_check_pair() for RSA-alt
2014-11-08 18:00:22 +01:00
27e3edbe2c
Check key/cert pair in ssl_set_own_cert()
2014-11-06 18:25:51 +01:00
70bdadf54b
Add pk_check_pair()
2014-11-06 18:25:51 +01:00
30668d688d
Add ecp_check_pub_priv()
2014-11-06 18:25:51 +01:00
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
e10e06d863
Blind RSA operations even without CRT
2014-11-06 18:25:44 +01:00
d056ce0e3e
Use seq_num as AEAD nonce by default
2014-11-06 18:23:49 +01:00
82788fb63b
Fix minor style issues
2014-10-20 13:59:19 +02:00
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
f7cdbc0e87
Fix potential bad read of length
2014-10-17 17:02:10 +02:00
ef9a6aec51
Allow comparing name with mismatched encodings
2014-10-17 12:42:31 +02:00
88421246d8
Rename a function
2014-10-17 12:42:30 +02:00
43c3b28ca6
Fix memory leak with crafted ClientHello
2014-10-17 12:42:11 +02:00
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
64938c63f0
Accept spaces at end of line/buffer in base64
2014-10-15 23:53:33 +02:00
7f4ed67a97
Fix compile error with armcc in mpi_is_prime()
2014-10-15 22:06:46 +02:00
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
480905d563
Fix selection of hash from sig_alg ClientHello ext.
2014-08-30 14:19:59 +02:00
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
8ef7088bb9
Use polarssl_zeroize() in asn1parse too
2014-08-21 18:15:09 +02:00
a676acf66b
Fix missing curly braces.
2014-08-21 17:56:25 +02:00
a13500fdf7
Fix bug with ssl_close_notify and non-blocking I/O
2014-08-19 16:14:04 +02:00
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
f07f421759
Fix server-initiated renego with non-blocking I/O
2014-08-19 13:32:15 +02:00
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
f26a1e8602
ssl_read() stops returning non-application data
2014-08-19 12:28:50 +02:00
55e4ff2ace
Tune comments
2014-08-19 11:52:33 +02:00
462906f955
Do no test net_usleep() when not defined
2014-08-14 11:34:35 +02:00
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
b308dd72d9
timing.c: avoid referencing garbage value
...
Found with Clang's `scan-build` tool.
When get_timer() is called with `reset` set to 1, the value of
t->start.tv_sec is used as a rvalue without being initialized first.
This is relatively harmless because the result of get_timer() is not
used by the callers when called in "reset mode". However, scan-build
prints a warning.
Silence the warning by only calculating the delta on non-reset runs,
returning zero otherwise.
2014-08-14 11:34:35 +02:00
7ee55624fb
gcm.c: remove dead store
...
Found with Clang's `scan-build` tool.
The value written to `hi` is never used, resulting in a warning. Remove
the dead store to get rid of the warning.
2014-08-14 11:34:35 +02:00
1b4eda3af9
pkcs5.c: fix dead store: return proper exit status
...
Found with Clang's `scan-build` tool.
The error value assigned to `ret` is not returned, meaning that the
selftest always succeeds. Ensure the error value is propagated back to
the caller.
2014-08-14 11:34:34 +02:00
8d77eeeaf6
Fix integer suffix rejected by some MSVC versions
2014-08-14 11:34:34 +02:00
9a6b442cee
Fix non-blocking sockets in net_accept()
2014-08-14 11:34:34 +02:00
a04fa4fa04
RSA-PSK key exchange requires TLS 1.x
...
It's not clear if, with SSL3, one should include send the two length bytes for
EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
2014-08-14 11:34:34 +02:00
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
2fbf311391
Fix dependency issue in memory_buffer_alloc
2014-08-14 11:34:34 +02:00
97884a31cb
Fix printf format warnings in memory_buffer_alloc
2014-08-14 11:34:33 +02:00
86bbc7fc30
Fix typo causing compile error with NULL cipher
2014-08-14 11:34:33 +02:00
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
