Commit graph

2109 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 89e35798ae Implement ALPN server-side 2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard 0b874dc580 Implement ALPN client-side 2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard 1bd2281260 Add an alpn option to ssl_client2 and ssl_server2 2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard 7e250d4812 Add ALPN interface 2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard 6c33a16dae Add previously forgotten test files... oops! 2014-04-04 16:23:29 +02:00
Paul Bakker 4984d3c0b8 Updated ChangeLog for x509_crt_info() change 2014-04-04 15:39:37 +02:00
Paul Bakker e4205dc50a Merged printing of X509 extensions 2014-04-04 15:36:10 +02:00
Paul Bakker 4c41277710 Updated Visual Studio projects with changes from last release 2014-04-04 15:26:47 +02:00
Paul Bakker 5ff3f9134b Small fix for EFI build under Windows in x509_crt.c 2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard 0db29b05b5 More compact code using macros 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard 7b30cfc5b0 x509_crt_info() list output cosmectics 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard f6f4ab40d3 Print extended key usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard 65c2ddc318 Print key_usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard bce2b30855 Print subject alt name in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard 919f8f5829 Print NS Cert Type in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard b28487db1f Start printing extensions in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard 887aa5b381 Fix include path in ecdsa.h 2014-04-04 13:57:20 +02:00
Manuel Pégourié-Gonnard e442111e29 Fix typo which broke ENTROPY_FORCE_SHA256 2014-04-02 13:50:05 +02:00
Manuel Pégourié-Gonnard a27cd4c62e Fix ENTROPY_LEN check 2014-04-02 13:46:29 +02:00
Manuel Pégourié-Gonnard eb82a74ed2 Fix header issue with default malloc() 2014-04-02 13:43:48 +02:00
Manuel Pégourié-Gonnard 74bc68ac62 Fix default #define for malloc/free 2014-04-02 13:20:00 +02:00
Paul Bakker 75a2860f26 Potential memory leak in mpi_exp_mod() when error occurs during
calculation of RR.
2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard dd75c3183b Remove potential timing leak in ecdsa_sign() 2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard 6b0d268bc9 Add ssl_close_notify() to servers that missed it 2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard 00d538f8f9 Disable renegotiation by default in example cli/srv 2014-03-31 11:03:06 +02:00
Manuel Pégourié-Gonnard 5b8c409f53 Fix a warning (theoretical uninitialised variable) 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard 1827a6e77e Add -O1 to check mode (helps some warnings) 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard 3895f5a344 all.sh: directly go for ASan build 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard 969ccc6289 Fix length checking of various ClientKeyExchange's 2014-03-27 21:10:56 +01:00
Paul Bakker 96d5265315 Made ready for release 1.3.5 2014-03-26 16:55:50 +01:00
Paul Bakker 5fff23b92a x509_get_current_time() uses localtime_r() to prevent thread issues 2014-03-26 15:34:54 +01:00
Paul Bakker 4c284c9141 Removed LCOV directives from code 2014-03-26 15:33:05 +01:00
Paul Bakker 77f4f39ea6 Make sure no random pointer occur during failed malloc()'s 2014-03-26 15:30:20 +01:00
Paul Bakker db1f05985e Add a check for buffer overflow to pkcs11_sign()
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.

An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)

As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
2014-03-26 15:14:21 +01:00
Paul Bakker 91c61bc4fd Further tightened the padlen check to prevent underflow / overflow 2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard 76b8ab73cd ssl-opt.sh: address some robustness issues 2014-03-26 14:21:34 +01:00
Manuel Pégourié-Gonnard c042cf0013 Fix broken tests due to changed error code
Introduced in 5246ee5c59
2014-03-26 14:12:20 +01:00
Paul Bakker df5024c0dd Made building of programs optional in CMake 2014-03-26 13:27:51 +01:00
Paul Bakker 674e0b015a Improvements to tests/Makefile when using shared library 2014-03-26 13:26:52 +01:00
Manuel Pégourié-Gonnard e9a9a61c61 Deduplicate suites in compat.sh 2014-03-26 12:58:56 +01:00
Manuel Pégourié-Gonnard 8a3a3208a0 Update lcov test descriptions 2014-03-26 12:58:55 +01:00
Manuel Pégourié-Gonnard 12b8472f2f Test against GnuTLS for every common ciphersuite 2014-03-26 12:58:54 +01:00
Manuel Pégourié-Gonnard a1a9f9a639 Allow GnuTLS to be enabled via environment 2014-03-26 12:58:53 +01:00
Manuel Pégourié-Gonnard 7a2aba8d81 Deprecate some non-PK compatibility functions
(Should have been deprecated in 1.3.0 already.)
2014-03-26 12:58:52 +01:00
Manuel Pégourié-Gonnard b2bf5a1bbb Fix possible buffer overflow with PSK 2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard fdddac90a6 Fix stupid bug in rsa_copy() 2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard e01af4cd37 Tune compat.sh and ssl-opt.sh error reporting 2014-03-26 12:58:48 +01:00
Manuel Pégourié-Gonnard 244c06ee02 Be more specific in ref-configs's compat.sh call 2014-03-26 12:58:47 +01:00
Manuel Pégourié-Gonnard 897a595406 Make all.sh more robust in some use cases 2014-03-26 12:58:47 +01:00
Manuel Pégourié-Gonnard f84f799bcf Tune debug_print_ret format 2014-03-26 12:58:46 +01:00