Manuel Pégourié-Gonnard
312010e6e9
Factor common parent checking code
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
f93a3c4335
Check the CA bit on trusted CAs too
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
99d4f19111
Add keyUsage checking for CAs
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
3fed0b3264
Factor some common code in x509_verify{,_child}
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2
Check keyUsage in SSL client and server
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
603116c570
Add x509_crt_check_key_usage()
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
0f79babd4b
Disable timing_selftest() for now
2014-04-09 15:49:51 +02:00
Paul Bakker
17b85cbd69
Merged additional tests and improved code coverage
...
Conflicts:
ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f
Prevent potential NULL pointer dereference in ssl_read_record()
2014-04-08 14:36:50 +02:00
Manuel Pégourié-Gonnard
8c045ef8e4
Fix embarrassing X.509 bug introduced in 9533765
2014-04-08 11:55:03 +02:00
Manuel Pégourié-Gonnard
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae
Implement ALPN server-side
2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
0b874dc580
Implement ALPN client-side
2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
0148875cfc
Add tests and fix bugs for RSA-alt contexts
2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
7e250d4812
Add ALPN interface
2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard
79e58421be
Also test net_usleep in timing_selttest()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33
Add test for dhm_parse_dhmfile
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
7afdb88216
Test and fix x509_oid functions
2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
d6aebe108a
Add 'volatile' to hardclock()'s asm
...
Prevents calls from being optimised away in timing_self_test().
(Should no be a problem for calls from other files.)
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
13a1ef8600
Misc selftest adjustements
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5
Add timing_self_test() with consistency tests
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
487588d0bf
Whitespace fixes
2014-04-04 16:33:01 +02:00
Paul Bakker
e4205dc50a
Merged printing of X509 extensions
2014-04-04 15:36:10 +02:00
Paul Bakker
5ff3f9134b
Small fix for EFI build under Windows in x509_crt.c
2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard
0db29b05b5
More compact code using macros
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0
x509_crt_info() list output cosmectics
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3
Print extended key usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318
Print key_usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855
Print subject alt name in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829
Print NS Cert Type in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f
Start printing extensions in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
74bc68ac62
Fix default #define for malloc/free
2014-04-02 13:20:00 +02:00
Paul Bakker
75a2860f26
Potential memory leak in mpi_exp_mod() when error occurs during
...
calculation of RR.
2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard
dd75c3183b
Remove potential timing leak in ecdsa_sign()
2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard
5b8c409f53
Fix a warning (theoretical uninitialised variable)
2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
969ccc6289
Fix length checking of various ClientKeyExchange's
2014-03-27 21:10:56 +01:00
Paul Bakker
96d5265315
Made ready for release 1.3.5
2014-03-26 16:55:50 +01:00
Paul Bakker
5fff23b92a
x509_get_current_time() uses localtime_r() to prevent thread issues
2014-03-26 15:34:54 +01:00
Paul Bakker
4c284c9141
Removed LCOV directives from code
2014-03-26 15:33:05 +01:00
Paul Bakker
77f4f39ea6
Make sure no random pointer occur during failed malloc()'s
2014-03-26 15:30:20 +01:00
Paul Bakker
db1f05985e
Add a check for buffer overflow to pkcs11_sign()
...
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.
An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)
As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
2014-03-26 15:14:21 +01:00
Paul Bakker
91c61bc4fd
Further tightened the padlen check to prevent underflow / overflow
2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
c042cf0013
Fix broken tests due to changed error code
...
Introduced in 5246ee5c59
2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard
b2bf5a1bbb
Fix possible buffer overflow with PSK
2014-03-26 12:58:50 +01:00
Manuel Pégourié-Gonnard
fdddac90a6
Fix stupid bug in rsa_copy()
2014-03-26 12:58:49 +01:00
Manuel Pégourié-Gonnard
f84f799bcf
Tune debug_print_ret format
2014-03-26 12:58:46 +01:00
Paul Bakker
b13d3ffb80
Provide no info from entropy_func() on future entropy
2014-03-26 12:51:25 +01:00
Paul Bakker
66ff70dd48
Support for seed file writing and reading in Entropy
2014-03-26 11:58:07 +01:00
Paul Bakker
3f0be61a27
Merged support for parsing EC keys that use SpecifiedECDomain
2014-03-26 11:30:39 +01:00