Commit graph

2831 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard b445805283 Auto-renegotiate before sequence number wrapping 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard fa4238838a Update Changelog for compile-option renegotiation 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 037170465a Switch from an enable to a disable flag 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard d3b90f797d Fix bug in ssl_client2 reconnect option 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard f29e5de09d Cosmetics in ssl_server2 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 60346be2a3 Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard e423246e7f Fix net_usleep for durations greater than 1 second 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 9439f93ea4 Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 2457fa0915 Create ticket keys only if enabled 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard cb7da352fd Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard 150c4f62f1 Clarify documentation a bit 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard 3e9449350c Fix comment on resumption 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard 6b298e6cc1 Update comment from draft to RFC 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard d16d1cb96a Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard ea29d152c7 Add recursion.pl to all.sh 2014-11-20 17:32:33 +01:00
Manuel Pégourié-Gonnard 10c44d767d Allow x509_crt_verify_child() in recursion.pl 2014-11-20 17:30:37 +01:00
Manuel Pégourié-Gonnard fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard 89d69b398c Fix 3DES -> DES in all.sh (+ time estimates) 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 246978d97d Add curves.pl to all.sh 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 9bda9b3b92 Rework all.sh to use MSan instead of valgrind 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard cf4de32f58 Fix depends on individual curves in tests 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 2727dc1e09 Add script to test depends on individual curves 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 5c2aa10c15 Fix curve dependency issues in X.509 test suite 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 6ed2d92629 Make x509_crl_parse() iterative 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 426d4ae7ff Split x509_crl_parse_der() out of x509_crl_parse() 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 57a5d60abb Add tests for concatenated CRLs 2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard 4be3449dbc Add Readme about X.509 test files 2014-11-19 14:03:59 +01:00
Manuel Pégourié-Gonnard 8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard 8e4b3374d7 Fix some more warnings in reduced configs 2014-11-17 15:06:13 +01:00
Manuel Pégourié-Gonnard be6ce835a2 Fix typo causing MSVC errors 2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard 3a3066c3ee ssl_server2 now exits on signal during a read too 2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard 403a86f73d ssl_server2: exit cleanly on SIGINT too 2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard 98aa19148c Adjust warnings in different modes 2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard e80083cafa Add precision about cmake cache 2014-11-14 14:18:24 +01:00
Manuel Pégourié-Gonnard 052ae25e56 Avoid advertising private option 2014-11-14 13:09:41 +01:00
Manuel Pégourié-Gonnard 6cf11642a4 Update README to mention config.pl 2014-11-14 12:29:59 +01:00
Manuel Pégourié-Gonnard ca89d89a10 Document build modes better 2014-11-13 13:56:05 +01:00
Manuel Pégourié-Gonnard 705b70f122 Add new build modes for sanitizers 2014-11-13 13:35:50 +01:00
Manuel Pégourié-Gonnard fd60a5c621 Add script finding recursive functions 2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard e5b0fc1847 Make malloc-init script a bit happier 2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard 5924f9f810 Add script to find malloc() not followed by init 2014-11-13 12:42:12 +01:00
Manuel Pégourié-Gonnard f631bbc1da Make x509_string_cmp() iterative 2014-11-13 12:42:06 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard d681443f69 Fix potential stack overflow 2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard e9271e6835 Add a MemSan Cmake build type
Detects uninitialised memory reads. Available only with Clang on Linux x86_64
for now. Experimental but seems usable enough.
2014-11-12 00:01:52 +01:00