Paul Bakker
|
f3561154ff
|
Merge support for 1/n-1 record splitting
|
2015-01-13 16:31:34 +01:00 |
|
Paul Bakker
|
f6080b8557
|
Merge support for enabling / disabling renegotiation support at compile-time
|
2015-01-13 16:18:23 +01:00 |
|
Paul Bakker
|
d7e2483bfc
|
Merge miscellaneous fixes into development
|
2015-01-13 16:04:38 +01:00 |
|
Paul Bakker
|
8b9bcecaae
|
Stop assuming chars are signed
|
2015-01-13 15:59:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
5dd28ea432
|
Fix len miscalculation in buffer-based allocator
|
2015-01-13 14:58:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
547ff6618f
|
Fix NULL dereference in buffer-based allocator
|
2015-01-13 14:58:01 +01:00 |
|
Manuel Pégourié-Gonnard
|
765bb31d24
|
Add test_suite_memory_buffer_alloc
|
2015-01-13 14:58:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
5ba1d52f96
|
Add memory_buffer_alloc_self_test()
|
2015-01-13 14:58:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
5cb4b31057
|
Fix missing bound check
|
2015-01-13 14:58:00 +01:00 |
|
Manuel Pégourié-Gonnard
|
f5f25b3a0d
|
Add test for ctr_drbg_update() input sanitizing
|
2015-01-13 14:56:59 +01:00 |
|
Paul Bakker
|
d9e2dd2bb0
|
Merge support for Encrypt-then-MAC
|
2015-01-13 14:23:56 +01:00 |
|
Manuel Pégourié-Gonnard
|
352143fa1e
|
Refactor for clearer correctness/security
|
2015-01-13 12:02:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
982865618a
|
Stop assuming chars are signed
(They aren't on ARM by default.)
|
2015-01-12 19:17:05 +01:00 |
|
Paul Bakker
|
54b1a8fa4d
|
Merge support for Extended Master Secret (session-hash)
|
2015-01-12 14:14:07 +01:00 |
|
Paul Bakker
|
b52b015c0b
|
Merge support for FALLBACK_SCSV
|
2015-01-12 14:07:59 +01:00 |
|
Manuel Pégourié-Gonnard
|
3ff78239fe
|
Add tests for CBC record splitting
|
2015-01-08 11:15:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
c82ee3555f
|
Fix tests that were failing with record splitting
|
2015-01-07 16:39:10 +01:00 |
|
Manuel Pégourié-Gonnard
|
cfa477ef2f
|
Allow disabling record splitting at runtime
|
2015-01-07 14:56:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
d76314c44c
|
Add 1/n-1 record splitting
|
2015-01-07 14:56:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
edd371a82c
|
Enhance doc on ssl_write()
|
2015-01-07 14:56:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
d68b65199f
|
Fix previous commit
(worked with BSD sed but no GNU sed...)
|
2015-01-07 14:55:38 +01:00 |
|
Manuel Pégourié-Gonnard
|
3da751ea55
|
Allow flexible location of valgrind
|
2014-12-15 10:47:31 +01:00 |
|
Manuel Pégourié-Gonnard
|
f46f128f4a
|
Fix test scripts portability issues
|
2014-12-11 17:26:09 +01:00 |
|
Manuel Pégourié-Gonnard
|
76c99a01a1
|
Fix Gnu-ism in script
|
2014-12-11 10:33:43 +01:00 |
|
Manuel Pégourié-Gonnard
|
d94232389e
|
Skip signature_algorithms ext if PSK only
|
2014-12-02 11:57:29 +01:00 |
|
Manuel Pégourié-Gonnard
|
eaecbd3ba8
|
Fix warning in reduced configs
|
2014-12-02 10:40:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
86b2908236
|
Adapt to "negative" switch for renego
|
2014-12-02 10:40:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
590f416142
|
Add tests for periodic renegotiation
|
2014-12-02 10:40:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
837f0fe831
|
Make renego period configurable
|
2014-12-02 10:40:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
b445805283
|
Auto-renegotiate before sequence number wrapping
|
2014-12-02 10:40:55 +01:00 |
|
Manuel Pégourié-Gonnard
|
fa4238838a
|
Update Changelog for compile-option renegotiation
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
037170465a
|
Switch from an enable to a disable flag
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
6186019d5d
|
Save 48 bytes if SSLv3 is not defined
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
615e677c0b
|
Make renegotiation a compile-time option
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
85d915b81d
|
Add tests for renego security enforcement
|
2014-12-02 10:40:54 +01:00 |
|
Manuel Pégourié-Gonnard
|
d3b90f797d
|
Fix bug in ssl_client2 reconnect option
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
f29e5de09d
|
Cosmetics in ssl_server2
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
60346be2a3
|
Improve debugging message.
This actually prints only the payload, not the potential IV and/or MAC,
so (to me at least) it's much less confusing
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
e423246e7f
|
Fix net_usleep for durations greater than 1 second
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
9439f93ea4
|
Use pk_load_file() in X509
Saves a bit of ROM. X509 depends on PK anyway.
|
2014-11-27 17:44:46 +01:00 |
|
Manuel Pégourié-Gonnard
|
2457fa0915
|
Create ticket keys only if enabled
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
cb7da352fd
|
Fix typo in #ifdef
Since length is checked afterwards anyway, no security risk here
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
150c4f62f1
|
Clarify documentation a bit
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
3e9449350c
|
Fix comment on resumption
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
6b298e6cc1
|
Update comment from draft to RFC
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
d16d1cb96a
|
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
|
2014-11-27 17:44:45 +01:00 |
|
Manuel Pégourié-Gonnard
|
ea29d152c7
|
Add recursion.pl to all.sh
|
2014-11-20 17:32:33 +01:00 |
|
Manuel Pégourié-Gonnard
|
10c44d767d
|
Allow x509_crt_verify_child() in recursion.pl
|
2014-11-20 17:30:37 +01:00 |
|
Manuel Pégourié-Gonnard
|
fd6c85c3eb
|
Set a compile-time limit to X.509 chain length
|
2014-11-20 16:37:41 +01:00 |
|
Manuel Pégourié-Gonnard
|
89d69b398c
|
Fix 3DES -> DES in all.sh (+ time estimates)
|
2014-11-20 16:36:08 +01:00 |
|