Commit graph

543 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard dda5213982 Fix harmless warnings with mingw in timing.c 2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard 38433535e3 Fix hardclock() with mingw64 2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard 677af93baa Update Changelog for the cleanup branch 2015-02-10 11:41:57 +00:00
Manuel Pégourié-Gonnard 6f60cd848b Move from SHA-1 to SHA-256 as default in programs 2015-02-10 11:31:58 +00:00
Manuel Pégourié-Gonnard 7bf1976034 Prepare Changelog for 1.3 branch development
This is meant to minimize/simplify merge conflict between topic branches.
2015-02-10 10:09:37 +00:00
Paul Bakker daae3b749b Prepare for mbed TLS 1.3.10 release 2015-02-08 15:49:54 +01:00
Manuel Pégourié-Gonnard 6674cce892 Fix potential timing issue in RSA pms handling 2015-02-06 11:36:56 +00:00
Manuel Pégourié-Gonnard aa422b2f1a Add attribution 2015-02-02 09:30:45 +00:00
Manuel Pégourié-Gonnard 65fc6a886a Fix small bug in base64_encode() 2015-01-28 16:49:26 +00:00
Manuel Pégourié-Gonnard f3046efb24 Re-categorize changelog entry 2015-01-28 15:21:42 +00:00
Manuel Pégourié-Gonnard ee7d599904 Fix misattribution 2015-01-28 15:21:42 +00:00
Manuel Pégourié-Gonnard 607d663b41 Add debug info for cert/suite selection 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard e89163c0a8 Fix bug in ssl_get_verify_result() 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard 9d7fc16dbf Update Changelog 2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard c9e0483b42 Update Changelog 2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard acdb9b9525 Fix unchecked error code on Windows 2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard d1a878c68f Fix typos/cosmetics in Changelog 2015-01-14 16:59:23 +01:00
Paul Bakker 5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker 36adc3631c Merge support for getrandom() call 2015-01-14 16:19:59 +01:00
Paul Bakker c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Paul Bakker e522d0fa57 Merge smarter certificate selection for pre-TLS-1.2 clients 2015-01-14 16:12:48 +01:00
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard 5dd28ea432 Fix len miscalculation in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 547ff6618f Fix NULL dereference in buffer-based allocator 2015-01-13 14:58:01 +01:00
Manuel Pégourié-Gonnard 5cb4b31057 Fix missing bound check 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard fa06581c73 Disable RC4 by default in example programs. 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard 18292456c5 Add support for getrandom() 2015-01-09 14:34:13 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard 3ff78239fe Add tests for CBC record splitting 2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard d94232389e Skip signature_algorithms ext if PSK only 2014-12-02 11:57:29 +01:00
Manuel Pégourié-Gonnard fa4238838a Update Changelog for compile-option renegotiation 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard fd6c85c3eb Set a compile-time limit to X.509 chain length 2014-11-20 16:37:41 +01:00
Manuel Pégourié-Gonnard 426d4ae7ff Split x509_crl_parse_der() out of x509_crl_parse() 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard d681443f69 Fix potential stack overflow 2014-11-12 01:25:31 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard e959979621 Fix ECDSA sign buffer size 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard b31b61b9e8 Fix potential undefined behaviour in Camellia 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard 54f6e562e6 Fix CFLAGS with cmake and gcc 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard de17125875 Update ChangeLog for pk_check_pair() & Co 2014-11-12 00:01:51 +01:00
Manuel Pégourié-Gonnard e10e06d863 Blind RSA operations even without CRT 2014-11-06 18:25:44 +01:00
Manuel Pégourié-Gonnard d056ce0e3e Use seq_num as AEAD nonce by default 2014-11-06 18:23:49 +01:00