Commit graph

2867 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 5dd28ea432 Fix len miscalculation in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 547ff6618f Fix NULL dereference in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 765bb31d24 Add test_suite_memory_buffer_alloc 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard 5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard 5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard f5f25b3a0d Add test for ctr_drbg_update() input sanitizing 2015-01-13 14:56:59 +01:00
Paul Bakker d9e2dd2bb0 Merge support for Encrypt-then-MAC 2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard fa06581c73 Disable RC4 by default in example programs. 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard 352143fa1e Refactor for clearer correctness/security 2015-01-13 12:02:55 +01:00
Manuel Pégourié-Gonnard 982865618a Stop assuming chars are signed
(They aren't on ARM by default.)
2015-01-12 19:17:05 +01:00
Paul Bakker 54b1a8fa4d Merge support for Extended Master Secret (session-hash) 2015-01-12 14:14:07 +01:00
Paul Bakker b52b015c0b Merge support for FALLBACK_SCSV 2015-01-12 14:07:59 +01:00
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard 18292456c5 Add support for getrandom() 2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard 265fe997ff Use library default for trunc-hmac in ssl_client2 2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard 6f303ce19e Fix portability issue in script
If there was a reason for hardcoding the path, it should have been documented.
2015-01-08 17:07:18 +01:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard 6458e3b743 Some more refactoring/tuning. 2015-01-08 14:16:56 +01:00
Manuel Pégourié-Gonnard 846ba473af Minor refactoring 2015-01-08 13:54:38 +01:00
Manuel Pégourié-Gonnard 3ff78239fe Add tests for CBC record splitting 2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard c82ee3555f Fix tests that were failing with record splitting 2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard cfa477ef2f Allow disabling record splitting at runtime 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d76314c44c Add 1/n-1 record splitting 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard edd371a82c Enhance doc on ssl_write() 2015-01-07 14:56:54 +01:00
Manuel Pégourié-Gonnard d68b65199f Fix previous commit
(worked with BSD sed but no GNU sed...)
2015-01-07 14:55:38 +01:00
Manuel Pégourié-Gonnard 3da751ea55 Allow flexible location of valgrind 2014-12-15 10:47:31 +01:00
Manuel Pégourié-Gonnard f46f128f4a Fix test scripts portability issues 2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard 76c99a01a1 Fix Gnu-ism in script 2014-12-11 10:33:43 +01:00
Manuel Pégourié-Gonnard d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard eaecbd3ba8 Fix warning in reduced configs 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 86b2908236 Adapt to "negative" switch for renego 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 590f416142 Add tests for periodic renegotiation 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 837f0fe831 Make renego period configurable 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard b445805283 Auto-renegotiate before sequence number wrapping 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard fa4238838a Update Changelog for compile-option renegotiation 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 037170465a Switch from an enable to a disable flag 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 6186019d5d Save 48 bytes if SSLv3 is not defined 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard d3b90f797d Fix bug in ssl_client2 reconnect option 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard f29e5de09d Cosmetics in ssl_server2 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 60346be2a3 Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard e423246e7f Fix net_usleep for durations greater than 1 second 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 9439f93ea4 Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 2457fa0915 Create ticket keys only if enabled 2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard cb7da352fd Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
2014-11-27 17:44:45 +01:00
Manuel Pégourié-Gonnard 150c4f62f1 Clarify documentation a bit 2014-11-27 17:44:45 +01:00