Commit graph

1722 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 0017c2be48 Merge commit '9835bc0' into dtls
* commit '9835bc0':
  Fix racy test.
  Fix stupid error in previous commit
  Don't check errors on ssl_close_notify()
  Fix char signedness issue
  Fix issue with non-blocking I/O & record splitting
  Fix warning

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard 8fbb01ec84 Merge commit 'b2eaac1' into dtls
* commit 'b2eaac1':
  Stop assuming chars are signed
  Add tests for CBC record splitting
  Fix tests that were failing with record splitting
  Allow disabling record splitting at runtime
  Add 1/n-1 record splitting
  Enhance doc on ssl_write()

Conflicts:
	include/polarssl/ssl.h
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard b89c4f35a1 Fixes for the renego-option merge 2015-01-21 13:24:10 +00:00
Manuel Pégourié-Gonnard 0af1ba3521 Merge commit 'f6080b8' into dtls
* commit 'f6080b8':
  Fix warning in reduced configs
  Adapt to "negative" switch for renego
  Add tests for periodic renegotiation
  Make renego period configurable
  Auto-renegotiate before sequence number wrapping
  Update Changelog for compile-option renegotiation
  Switch from an enable to a disable flag
  Save 48 bytes if SSLv3 is not defined
  Make renegotiation a compile-time option
  Add tests for renego security enforcement

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard f9c8a606b5 Merge commit '8b9bcec' into dtls
* commit '8b9bcec':
  Stop assuming chars are signed
  Fix len miscalculation in buffer-based allocator
  Fix NULL dereference in buffer-based allocator
  Add test_suite_memory_buffer_alloc
  Add memory_buffer_alloc_self_test()
  Fix missing bound check
  Add test for ctr_drbg_update() input sanitizing
  Refactor for clearer correctness/security
  Stop assuming chars are signed

Conflicts:
	library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Manuel Pégourié-Gonnard a852cf4833 Fix issue with non-blocking I/O & record splitting 2015-01-13 20:56:15 +01:00
Manuel Pégourié-Gonnard d5746b36f9 Fix warning 2015-01-13 20:33:24 +01:00
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard 5dd28ea432 Fix len miscalculation in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 547ff6618f Fix NULL dereference in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard 5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard 352143fa1e Refactor for clearer correctness/security 2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard f3c500fe47 Fix bug on OS X (BSD?) in net_accept() for UDP 2015-01-12 19:02:15 +01:00
Manuel Pégourié-Gonnard cfa477ef2f Allow disabling record splitting at runtime 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard eaecbd3ba8 Fix warning in reduced configs 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 837f0fe831 Make renego period configurable 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard b445805283 Auto-renegotiate before sequence number wrapping 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 60346be2a3 Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard e423246e7f Fix net_usleep for durations greater than 1 second 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 9439f93ea4 Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 2457fa0915 Create ticket keys only if enabled 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard d16d1cb96a Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard 6ed2d92629 Make x509_crl_parse() iterative 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 426d4ae7ff Split x509_crl_parse_der() out of x509_crl_parse() 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard 0975ad928d Merge branch 'etm' into dtls
* etm:
  Fix some more warnings in reduced configs
  Fix typo causing MSVC errors
2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard 8e4b3374d7 Fix some more warnings in reduced configs 2014-11-17 15:06:13 +01:00
Manuel Pégourié-Gonnard 98aa19148c Adjust warnings in different modes 2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard e5b0fc1847 Make malloc-init script a bit happier 2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard f631bbc1da Make x509_string_cmp() iterative 2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard d681443f69 Fix potential stack overflow 2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard e959979621 Fix ECDSA sign buffer size 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard b31b61b9e8 Fix potential undefined behaviour in Camellia 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard 7c13d69cb5 Fix dependency issues 2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard a1efcb084f Implement pk_check_pair() for RSA-alt 2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard 27e3edbe2c Check key/cert pair in ssl_set_own_cert() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00