Manuel Pégourié-Gonnard
5dd28ea432
Fix len miscalculation in buffer-based allocator
2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
547ff6618f
Fix NULL dereference in buffer-based allocator
2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard
765bb31d24
Add test_suite_memory_buffer_alloc
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96
Add memory_buffer_alloc_self_test()
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
5cb4b31057
Fix missing bound check
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
f5f25b3a0d
Add test for ctr_drbg_update() input sanitizing
2015-01-13 14:56:59 +01:00
Paul Bakker
d9e2dd2bb0
Merge support for Encrypt-then-MAC
2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard
fa06581c73
Disable RC4 by default in example programs.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
352143fa1e
Refactor for clearer correctness/security
2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard
982865618a
Stop assuming chars are signed
...
(They aren't on ARM by default.)
2015-01-12 19:17:05 +01:00
Paul Bakker
54b1a8fa4d
Merge support for Extended Master Secret (session-hash)
2015-01-12 14:14:07 +01:00
Paul Bakker
b52b015c0b
Merge support for FALLBACK_SCSV
2015-01-12 14:07:59 +01:00
Manuel Pégourié-Gonnard
448ea506bf
Set min version to TLS 1.0 in programs
2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
18292456c5
Add support for getrandom()
2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard
265fe997ff
Use library default for trunc-hmac in ssl_client2
2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
6f303ce19e
Fix portability issue in script
...
If there was a reason for hardcoding the path, it should have been documented.
2015-01-08 17:07:18 +01:00
Manuel Pégourié-Gonnard
f01768c55e
Specific error for suites in common but none good
2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
df331a55d2
Prefer SHA-1 certificates for pre-1.2 clients
2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard
6458e3b743
Some more refactoring/tuning.
2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard
846ba473af
Minor refactoring
2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard
3ff78239fe
Add tests for CBC record splitting
2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard
c82ee3555f
Fix tests that were failing with record splitting
2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard
cfa477ef2f
Allow disabling record splitting at runtime
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d76314c44c
Add 1/n-1 record splitting
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
edd371a82c
Enhance doc on ssl_write()
2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard
d68b65199f
Fix previous commit
...
(worked with BSD sed but no GNU sed...)
2015-01-07 14:55:38 +01:00
Manuel Pégourié-Gonnard
3da751ea55
Allow flexible location of valgrind
2014-12-15 10:47:31 +01:00
Manuel Pégourié-Gonnard
f46f128f4a
Fix test scripts portability issues
2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard
76c99a01a1
Fix Gnu-ism in script
2014-12-11 10:33:43 +01:00
Manuel Pégourié-Gonnard
d94232389e
Skip signature_algorithms ext if PSK only
2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard
eaecbd3ba8
Fix warning in reduced configs
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
86b2908236
Adapt to "negative" switch for renego
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
590f416142
Add tests for periodic renegotiation
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
837f0fe831
Make renego period configurable
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
b445805283
Auto-renegotiate before sequence number wrapping
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
fa4238838a
Update Changelog for compile-option renegotiation
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
037170465a
Switch from an enable to a disable flag
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
6186019d5d
Save 48 bytes if SSLv3 is not defined
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
85d915b81d
Add tests for renego security enforcement
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
d3b90f797d
Fix bug in ssl_client2 reconnect option
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
f29e5de09d
Cosmetics in ssl_server2
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
60346be2a3
Improve debugging message.
...
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
e423246e7f
Fix net_usleep for durations greater than 1 second
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
9439f93ea4
Use pk_load_file() in X509
...
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
2457fa0915
Create ticket keys only if enabled
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
cb7da352fd
Fix typo in #ifdef
...
Since length is checked afterwards anyway, no security risk here
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard
150c4f62f1
Clarify documentation a bit
2014-11-27 17:44:45 +01:00