Commit graph

987 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
66fc07362e Fix typo in an OID name
fixes #314
2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard
7c5fcdc17a Disable reportedly broken assembly of Sparc(64)
fixes #292
2015-10-21 14:52:24 +02:00
Manuel Pégourié-Gonnard
22c3b7b9da Fix potential buffer overflow in asn1write 2015-10-21 12:13:05 +02:00
Manuel Pégourié-Gonnard
261faed725 Fix potential heap corruption on Windows
If len is large enough, when cast to an int it will be negative and then the
test if( len > MAX_PATH - 3 ) will not behave as expected.
2015-10-21 10:25:22 +02:00
Manuel Pégourié-Gonnard
173c790722 Fix potential double-free in ssl_conf_psk() 2015-10-20 19:56:45 +02:00
Manuel Pégourié-Gonnard
1ef96c2231 Update ChangeLog for the EC J-PAKE branch 2015-10-20 15:04:57 +02:00
Manuel Pégourié-Gonnard
4104864e54 ECHDE-PSK does not use a certificate
fixes #270
2015-10-09 14:50:43 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
ca056c7748 Fix CVE number in ChangeLog 2015-10-05 18:21:34 +01:00
Manuel Pégourié-Gonnard
a97ab2c8a6 Merge branch 'development' into development-restricted
* development:
  Remove inline workaround when not useful
  Fix macroization of inline in C++
2015-10-05 15:48:09 +01:00
Simon Butcher
7776fc36d3 Fix for #279 macroisation of 'inline' keyword 2015-10-05 15:44:18 +01:00
Manuel Pégourié-Gonnard
899ac849d0 Merge branch 'development' into development-restricted
* development:
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
2015-10-05 14:47:43 +01:00
Manuel Pégourié-Gonnard
0431735299 Fix compile error in net.c with musl libc
fixes #278
2015-10-05 12:17:49 +01:00
Simon Butcher
475cf0a98a Merge fix of IOTSSL-496 - Potential heap overflow
Fix for potential overflow in ssl_write_certificate_request()
2015-10-05 11:57:54 +01:00
Manuel Pégourié-Gonnard
0223ab9d38 Fix macroization of inline in C++
When compiling as C++, MSVC complains about our macroization of a keyword.
Stop doing that as we know inline is always available in C++
2015-10-05 11:41:36 +01:00
Simon Butcher
fec73a8eec Merge of fix for IOTSSL-481 - Double free
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher
c48b66bfb6 Changed attribution for Guido Vranken 2015-10-05 10:18:17 +01:00
Simon Butcher
6418ffaadb Merge fix for IOTSSL-480 - base64 overflow issue 2015-10-05 09:54:11 +01:00
Simon Butcher
a45aa1399b Merge of IOTSSL-476 - Random malloc in pem_read() 2015-10-05 00:26:36 +01:00
Simon Butcher
e7f96f22ee Merge fix IOTSSL-475 Potential buffer overflow
Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-10-04 23:43:05 +01:00
Simon Butcher
d5ba4672b2 Merge fix for IOTSSL-474 PKCS12 Overflow
Fix stack buffer overflow in PKCS12
2015-10-04 22:47:59 +01:00
Simon Butcher
5b8d1d65f7 Fix for IOTSSL-473 Double free error
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
Manuel Pégourié-Gonnard
ef388f168d Merge branch 'development' into development-restricted
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Manuel Pégourié-Gonnard
bc1babb387 Fix potential overflow in CertificateRequest 2015-10-02 11:20:28 +02:00
Simon Butcher
54eec9d1dd Merge pull request #301 from Tilka/typo
Fix a fairly common typo in comments
2015-10-01 02:07:24 +01:00
Simon Butcher
a12e3c00bf Updated ChangeLog with credit 2015-10-01 01:59:33 +01:00
Manuel Pégourié-Gonnard
0aa45c209a Fix potential overflow in base64_encode 2015-09-30 16:37:49 +02:00
Simon Butcher
5624ec824e Reordered TLS extension fields in client
Session ticket placed at end
2015-09-29 01:06:06 +01:00
Simon Butcher
04799a4274 Fixed copy and paste error
Accidental additional assignment in ssl_write_alpn_ext()
2015-09-29 00:31:09 +01:00
Manuel Pégourié-Gonnard
d02a1daca7 Fix stack buffer overflow in pkcs12 2015-09-28 19:47:50 +02:00
Manuel Pégourié-Gonnard
24417f06fe Fix potential double-free in mbedtls_ssl_conf_psk() 2015-09-28 18:09:45 +02:00
Manuel Pégourié-Gonnard
58fb49531d Fix potential buffer overflow in mpi_read_string()
Found by Guido Vranken.

Two possible integer overflows (during << 2 or addition in BITS_TO_LIMB())
could result in far too few memory to be allocated, then overflowing the
buffer in the subsequent for loop.

Both integer overflows happen when slen is close to or greater than
SIZE_T_MAX >> 2 (ie 2^30 on a 32 bit system).

Note: one could also avoid those overflows by changing BITS_TO_LIMB(s << 2) to
CHARS_TO_LIMB(s >> 1) but the solution implemented looks more robust with
respect to future code changes.
2015-09-28 15:59:54 +02:00
Tillmann Karras
588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Simon Butcher
8f98842e38 Refined credits in ChangeLog for fuzzing issue
Changed GDS to Gotham Digital Science
2015-09-22 10:10:36 +01:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Simon Butcher
ac58c53ab1 Merge remote-tracking branch 'origin/development' 2015-09-16 23:25:25 +01:00
Simon Butcher
7dd82f8fd5 Merge branch 'development' with bugfix branch
Conflicts:
	ChangeLog
2015-09-16 16:21:38 +01:00
Simon Butcher
5793e7ef01 Merge 'development' into iotssl-411-port-reuse
Conflicts:
	ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard
f7022d1131 Fix bug in server parsing point formats extension
There is only one length byte but for some reason we skipped two, resulting in
reading one byte past the end of the extension. Fortunately, even if that
extension is at the very end of the ClientHello, it can't be at the end of the
buffer since the ClientHello length is at most SSL_MAX_CONTENT_LEN and the
buffer has some more room after that for MAC and so on. So there is no
buffer overread.

Possible consequences are:
- nothing, if the next byte is 0x00, which is a comment first byte for other
  extensions, which is why the bug remained unnoticed
- using a point format that was not offered by the peer if next byte is 0x01.
  In that case the peer will reject our ServerKeyExchange message and the
handshake will fail.
- thinking that we don't have a common point format even if we do, which will
  cause us to immediately abort the handshake.
None of these are a security issue.

The same bug was fixed client-side in fd35af15
2015-09-16 11:32:18 +02:00
Simon Butcher
a1a1128f7d Updated ChangeLog for fix #275 2015-09-14 21:30:40 +01:00
Simon Butcher
d69f14bed8 Updated Changelog for new version 2015-09-11 20:00:20 +01:00
Simon Butcher
8a52a7468d Added PR to Changelog for NWilson 2015-09-11 19:44:34 +01:00
Manuel Pégourié-Gonnard
c2ed8029ff Fix ChangeLog - misplaced entries 2015-09-09 12:15:13 +02:00
Manuel Pégourié-Gonnard
14c2574a9d Update Changelog 2015-09-08 15:12:45 +02:00
Simon Butcher
e5a21b4493 Merge pull request #282 from ARMmbed/iotssl-469-rsa-crt-restricted
Add counter-measure against RSA-CRT attack
2015-09-08 13:05:51 +01:00
Manuel Pégourié-Gonnard
5f50104c52 Add counter-measure against RSA-CRT attack
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
2015-09-08 13:39:29 +02:00
Manuel Pégourié-Gonnard
7f2f062a5d Fix possible client crash on API misuse 2015-09-07 12:27:24 +02:00
Manuel Pégourié-Gonnard
0a0c22e0ef Add ChangeLog entry about license change 2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
b2beb84be6 Changelog entry fro the previous commit 2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard
1385a289f4 Fix possible mutex lock/unlock mismatch
fixes #257
2015-08-27 11:30:58 +02:00
Manuel Pégourié-Gonnard
c98204e68f Fix missing break in switch for SSL presets
closes #235
2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard
ed46c436c0 Fix error when loading libmbedtls.so 2015-08-10 10:17:32 +02:00
Manuel Pégourié-Gonnard
e33316c607 Add test build of shared libs for windows 2015-08-07 13:22:37 +02:00
Manuel Pégourié-Gonnard
32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
9983993e27 Fix bug with make install without tests
closes #232
2015-08-03 10:42:10 +02:00
Manuel Pégourié-Gonnard
2006408545 Fix Make bug when installing programs 2015-08-03 10:40:38 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
e96ce08a21 Fix compile error with armcc5 --gnu 2015-07-31 10:58:06 +02:00
Simon Butcher
10a6f02f83 Merge branch 'development' into IOTSSL-442-hello-noext
Conflicts:
	ChangeLog
2015-07-27 13:45:40 +01:00
Manuel Pégourié-Gonnard
52a5079cf2 Fix bug with install target in make
closes #223
2015-07-27 10:36:12 +02:00
Manuel Pégourié-Gonnard
6f42417ba8 Fix typo in that broke installation in cmake
closes #221
2015-07-24 16:55:22 +02:00
Manuel Pégourié-Gonnard
a6e5bd5654 Fix bug with extension-less ServerHello
https://tls.mbed.org/discussions/bug-report-issues/server-hello-parsing-bug

in_hslen include the length of the handshake header. (We might want to change
that in the future, as it is a bit annoying.)
2015-07-23 12:23:19 +02:00
Manuel Pégourié-Gonnard
bcb0460224 Fix bug with cmake and old version of GCC 2015-07-19 16:00:04 +02:00
Manuel Pégourié-Gonnard
4f3368e31e Fix bug in benchmark.c with DHM params 2015-07-19 15:01:28 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
abc729e664 Simplify net_accept() with UDP sockets
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
91895853ac Move from naked int to a structure in net.c
Provides more flexibility for future changes/extensions.
2015-06-30 15:56:25 +02:00
Manuel Pégourié-Gonnard
a25ffc3b0f Update Changelog for target split 2015-06-25 12:01:16 +02:00
Manuel Pégourié-Gonnard
53585eeb17 Remove test DHM params from certs.c
certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
c0d749418b Make 'port' a string in NET module
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
1cd10adc7c Update prototype of x509write_set_key_usage()
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
60c793bdc9 Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
First one means we have time() but it may not return the actual wall clock
time, second means it does.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
88d37859b6 Update Changelog for the profiles branch 2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
7ee5ddd798 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
f2ec505c34 Ack external bugfix in Changelog 2015-06-03 09:50:07 +01:00
Manuel Pégourié-Gonnard
3e87a9f57f FIx misplaced Changelog entry (oops) 2015-06-03 09:48:26 +01:00
Manuel Pégourié-Gonnard
bc6ff23dc6 Update changelog for i/o lengths 2015-06-02 16:33:08 +01:00
Manuel Pégourié-Gonnard
9693668c23 Tune Changelog (typos, ordering) 2015-06-02 15:14:15 +01:00
Manuel Pégourié-Gonnard
d22514e8f6 Fix contributor's name in Changelog 2015-06-02 12:59:59 +01:00
Manuel Pégourié-Gonnard
0574bb0bdb Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Mark unused constant as such
  Update ChangeLog for recent external bugfix
  Serious bug fix in entropy.c
  Fix memleak with repeated [gc]cm_setkey()
  fix minor bug in path_cnt checks

Conflicts:
	include/mbedtls/cipher.h
	library/ccm.c
	library/entropy.c
	library/gcm.c
	library/x509_crt.c
2015-06-02 09:59:29 +01:00
Manuel Pégourié-Gonnard
5866848092 Update ChangeLog for recent external bugfix 2015-06-02 09:08:35 +01:00
Manuel Pégourié-Gonnard
cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
eb0d8706ce Add option for even smaller SHA-256 2015-05-28 16:45:23 +02:00
Manuel Pégourié-Gonnard
2a1524ccb5 Manually merge 1.3 changelog 2015-05-27 17:59:46 +02:00
Manuel Pégourié-Gonnard
61977614d8 Fix memleak with repeated [gc]cm_setkey() 2015-05-27 17:40:16 +02:00
Manuel Pégourié-Gonnard
1b8de57827 Remove a few redundant memset after calloc.
Using the following semantic patch provided by Mansour Moufid:

@@
expression x;
@@
  x = mbedtls_calloc(...)
  ...
- memset(x, 0, ...);
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
5b9e5b19a1 Update ChangeLog for s/malloc/calloc 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
50518f4195 Rename _wrap headers to _internal
Makes it clearer that the user is not supposed to include them
2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard
866eb471da Update Changelog for session ticket changes 2015-05-25 19:42:14 +02:00
Manuel Pégourié-Gonnard
0b104b056b Adapt prototype of net_accept() for explicit size 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d4f04dba42 net.c now depends on select() unconditionally 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
a63bc94a2d Remove timing_m_sleep() -> net_usleep() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
0c89035d4d Update Changelog for recent timer changes 2015-05-13 10:28:41 +02:00
Manuel Pégourié-Gonnard
31993f271d Add per-function override for AES 2015-05-12 15:41:08 +02:00
Manuel Pégourié-Gonnard
e45dba47b5 Remove unused member in des_context 2015-05-12 14:54:15 +02:00
Manuel Pégourié-Gonnard
43b37cbc92 Fix use of pem_read_buffer() in PK, DHM and X509 2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard
2088ba6d30 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Update Changelog for recent contribution
  Perf: rewrite of ecp_double_jac

Conflicts:
	library/ecp.c
2015-05-12 10:36:26 +02:00
Manuel Pégourié-Gonnard
154b00b07b Update Changelog for recent contribution 2015-05-11 21:05:36 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
56cc88a796 Rm ecp_add() and add ecp_muladd() 2015-05-11 18:40:45 +02:00
Manuel Pégourié-Gonnard
6dde596a03 Remove ecp_sub() 2015-05-11 18:18:32 +02:00
Manuel Pégourié-Gonnard
aff37e5aa1 Remove ecp_group_read_string() 2015-05-11 18:11:57 +02:00
Manuel Pégourié-Gonnard
06939cebef Fix order of ssl_conf vs ssl_setup in programs
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
9a1a4d6903 Update Changelog with forgotten change 2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard
01e5e8c1f8 Change a few ssl_conf return types to void 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
caace65711 Update Changelog for recent config split 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
2f84e97929 Fix typos in the Changelog 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
0a4fb09534 Make xxx_drbg_random() thread-safe 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
5cb3308e5f Merge contexts for session cache 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
6e088f9a0f Group all renamings together in Changelog 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
662c6e8cdd Disable truncated HMAC by default 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
1028b74cff Upgrade default DHM params size 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
8836994f6b Move WANT_READ/WANT_WRITE codes to SSL 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
1b511f93c6 Rename ssl_set_bio_timeout() to set_bio()
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
bc2b771af4 Move ssl_set_ca_chain() to work on config 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
5a74e8bf19 Make struct cipher_base_t opaque 2015-05-06 17:10:55 +01:00
Manuel Pégourié-Gonnard
3a3ae3d47e Update changelog 2015-05-06 17:08:54 +01:00
Manuel Pégourié-Gonnard
e36d56419e Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  fix bug in ssl_mail_client
  Adapt compat.sh to GnuTLS 3.4
  Fix undefined behaviour in x509

Conflicts:
	programs/ssl/ssl_mail_client.c
	tests/compat.sh
2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard
fa950c9480 fix bug in ssl_mail_client 2015-04-30 12:50:22 +02:00
Manuel Pégourié-Gonnard
159c524df8 Fix undefined behaviour in x509 2015-04-30 11:21:18 +02:00
Manuel Pégourié-Gonnard
da61ed3346 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
7b12492c77 Include changes from the 1.2 branch 2015-04-30 10:16:19 +02:00
Manuel Pégourié-Gonnard
7d1e95c991 Add countermeasure against cache-based lucky 13 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
e16b62c3a9 Make results of (ext)KeyUsage accessible 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e Fix missing NULL check in MPI 2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard
d97828e7af Fix detection of getrandom() 2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
f5203e0bb5 Fix "make install" handling of symlinks 2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
8a81e84638 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Add countermeasure against cache-based lucky 13

Conflicts:
	library/ssl_tls.c
2015-04-29 02:13:42 +02:00
Manuel Pégourié-Gonnard
eab147c4d0 Rename pkcs11_xxx_init() to bind() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
69a69cc5ae memory_buffer_alloc_init() now returns void 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
41d479e7df Split ssl_init() -> ssl_setup() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
47fede0d6d Add countermeasure against cache-based lucky 13 2015-04-29 01:35:48 +02:00
Manuel Pégourié-Gonnard
8d128efd48 Split mbedtls_ctr_drbg_init() -> seed() 2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5 Split mbedtls_hmac_drbg_init() -> seed{,_buf}() 2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265 Split mbedtls_gcm_init() -> gcm_setkey() 2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969 Split mbedtls_ccm_init() -> setkey() 2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
d54e617ea6 Restructure Changelog 2015-04-28 17:56:12 +02:00
Manuel Pégourié-Gonnard
8f5fd31212 Change mutex_init/free to return void 2015-04-24 14:42:34 +02:00
Manuel Pégourié-Gonnard
e75fa70b36 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Make results of (ext)KeyUsage accessible
  Use x509_crt_verify_info() in programs
  Add x509_crt_verify_info()

Conflicts:
	ChangeLog
	include/mbedtls/x509_crt.h
	include/polarssl/ssl.h
	include/polarssl/x509.h
	library/ssl_srv.c
	library/ssl_tls.c
	library/x509_crt.c
	programs/ssl/ssl_client1.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_mail_client.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
	tests/ssl-opt.sh
	tests/suites/test_suite_x509parse.function
2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard
e6efa6f54e manually merge 9f98251 make extKeyUsage accessible 2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard
b5f48ad82f manually merge 39a183a add x509_crt_verify_info() 2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard
e2650c8238 Merge branch 'mbedtls-1.3' into development
* commit '23c0608':
  Fix bug in generate_code.pl
  Fix typo in contributor name (oops!)
2015-04-17 20:39:50 +02:00
Manuel Pégourié-Gonnard
144bc224e9 Merge branch 'mbedtls-1.3' into development
* commit 'a2fce21':
  Fix potential NULL dereference on bad usage

Conflicts:
	library/ssl_tls.c
2015-04-17 20:39:07 +02:00
Manuel Pégourié-Gonnard
53c76c07de Merge branch 'mbedtls-1.3' into development
* commit 'ce60fbe':
  Fix potential timing difference with RSA PMS
  Update Changelog for recent merge
  Added more constant-time code and removed biases in the prime number generation routines.

Conflicts:
	library/bignum.c
	library/ssl_srv.c
2015-04-17 20:19:32 +02:00
Manuel Pégourié-Gonnard
de9b363fbd Merge branch mbedtls-1.3 into development
* commit '95f0089':
  Update Changelog for DH params
  Add test case for dh params with privateValueLength
  accept PKCS#3 DH parameters with privateValueLength included

Conflicts:
	library/dhm.c
2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard
9f98251e72 Make results of (ext)KeyUsage accessible 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
39a183a629 Add x509_crt_verify_info() 2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
ba334201a9 Fix typo in contributor name (oops!) 2015-04-17 17:24:20 +02:00
Manuel Pégourié-Gonnard
a2fce21ae5 Fix potential NULL dereference on bad usage 2015-04-15 21:04:19 +02:00
Manuel Pégourié-Gonnard
12a8b66961 Update Changelog for recent merge 2015-04-15 14:20:14 +02:00
Manuel Pégourié-Gonnard
95f00892d2 Update Changelog for DH params 2015-04-15 14:12:05 +02:00
Manuel Pégourié-Gonnard
ab22910191 Just use stdint.h even with MSVC 2015-04-15 11:58:31 +02:00
Manuel Pégourié-Gonnard
862d503c01 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix typos in Changelog
  Fix macro name from wrong branch
  Fix bug in pk_parse_key()
  Fixed typos
  Updated Travis CI config for mbedtls project

Conflicts:
	include/mbedtls/ecp.h
	include/polarssl/compat-1.2.h
	include/polarssl/openssl.h
	include/polarssl/platform.h
	library/pkparse.c
	programs/pkey/mpi_demo.c
2015-04-15 11:30:46 +02:00
Manuel Pégourié-Gonnard
0645bfa74e Fix typos in Changelog 2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e6c8366b46 Fix bug in pk_parse_key() 2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e1e5871a55 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix bug in pk_parse_key()
  Update generated file

Conflicts:
	library/pkparse.c
	library/version_features.c
2015-04-15 10:50:34 +02:00
Paul Bakker
6152b0267c Fixed typos 2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard
924cd100a6 Fix bug in pk_parse_key() 2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard
975d5fa206 Remove option HAVE_LONGLONG 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard
7b53889f05 Remove support for HAVE_INT8 and HAVE_INT16 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard
b31424c86a Make HAVE_IPV6 non-optional 2015-04-09 16:42:38 +02:00
Manuel Pégourié-Gonnard
43b997fee9 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Deprecate HAVE_INT8 and HAVE_INT16
  Deprecate using NET_C without HAVE_IPV6
  Officially deprecate compat-1.2.h and openssl.h
  Document POLARSSL_CAMELLIA_SMALL_MEMORY
  Fix bug with ssl_set_curves() check on client
  Fix bug in POLARSSL_PLATFORM_STD_EXIT support
2015-04-09 15:34:42 +02:00
Manuel Pégourié-Gonnard
23ce09b18f Deprecate HAVE_INT8 and HAVE_INT16 2015-04-09 14:51:51 +02:00
Manuel Pégourié-Gonnard
a98af5e2b2 Deprecate using NET_C without HAVE_IPV6 2015-04-09 14:40:46 +02:00
Manuel Pégourié-Gonnard
8c3f0f4c16 Official deprecate compat-1.2.h and openssl.h 2015-04-09 14:10:26 +02:00
Manuel Pégourié-Gonnard
d759d7d720 Update ChangeLog for Great Renaming 2015-04-08 20:13:33 +02:00
Manuel Pégourié-Gonnard
07ec1ddd10 Fix bug with ssl_set_curves() check on client 2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard
29f777ef54 Fix bug with ssl_set_curves() check on client 2015-04-03 17:57:59 +02:00
Manuel Pégourié-Gonnard
f1d2f7c456 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix bug in Via Padlock support
  Fix portability issue in Makefile
2015-04-02 12:44:00 +01:00
Manuel Pégourié-Gonnard
cf201201e6 Fix bug in Via Padlock support 2015-04-02 10:53:59 +01:00
Manuel Pégourié-Gonnard
427b672551 Add XXX_PROCESS_ALT mecchanism 2015-03-31 18:32:50 +02:00
Manuel Pégourié-Gonnard
26c9f90cae Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Add missing depends in x509 programs
  Simplify ifdef checks in programs/x509
  Fix thread safety issue in RSA operations
  Add test certificate for bitstring in DN
  Add support for X.520 uniqueIdentifier
  Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
0878a0d884 Add missing depends in x509 programs 2015-03-31 15:14:37 +02:00
Manuel Pégourié-Gonnard
c89d6cf77c Make pk_info_t opaque 2015-03-31 14:43:19 +02:00
Manuel Pégourié-Gonnard
8c8be1ebbb Change default min TLS version to TLS 1.0 2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard
348bcb3694 Make RSA_ALT support optionnal 2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard
8fce937a1a Simplify ecdsa_context 2015-03-31 13:06:41 +02:00
Manuel Pégourié-Gonnard
dfdcac9d51 Merge ecdsa_write_signature{,_det}() together 2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard
b8cfe3f0d9 pk_sign() now requires non-NONE md_alg for ECDSA 2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard
fa44f20b9f Change authmode default to Required on client 2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard
606df8c199 Re-section ChangeLog 2015-03-27 17:13:17 +01:00
Manuel Pégourié-Gonnard
1d0ca1a336 Move key_usage to more that 8 bits 2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard
1022fed36e Remove redundant sig_oid2 in x509 structures 2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard
88fca3ef0e Fix thread safety issue in RSA operations
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).

The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.

A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
2015-03-27 15:12:05 +01:00
Manuel Pégourié-Gonnard
39ead3ef2f Add test certificate for bitstring in DN 2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard
a958d69a70 Rename test_ca_list to test_cas_pem 2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard
75f901006b Add len constants to certs.c 2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard
147fa097e2 Reintroduce md_init_ctx compatibility wrapper 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281 Make hmac_ctx optional
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4da88c50c1 Remove specific xxx_hmac functions 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
ca878dbaa5 Make md_info_t an opaque structure
- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
  negligible
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
d81562ffc0 Remove RC4 ciphersuites by default 2015-03-23 14:51:08 +01:00
Manuel Pégourié-Gonnard
8a80318df2 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Update generated file
  Update Changelog for deprecation config flags
  Fix tests to work with DEPRECATED_REMOVED
  Add POLARSSL_DEPRECATED_{WARNING,REMOVED}
  Suppress clang warning we don't want
2015-03-23 14:31:25 +01:00
Manuel Pégourié-Gonnard
f7dbedb7db Update Changelog for deprecation config flags 2015-03-23 14:20:04 +01:00
Manuel Pégourié-Gonnard
849b174e57 Disable RC4 by default in the library 2015-03-20 19:14:19 +00:00
Manuel Pégourié-Gonnard
4b378c9423 Remove old script 2015-03-20 18:30:40 +00:00
Manuel Pégourié-Gonnard
c4dfaccfa0 Update ChankeLog for removed programs 2015-03-20 17:46:40 +00:00
Manuel Pégourié-Gonnard
fa8aebcbcc Fix a constness issue 2015-03-19 13:38:17 +00:00
Manuel Pégourié-Gonnard
35f1d7f0aa Update signature of mpi_mul_mpi() 2015-03-19 12:42:40 +00:00
Manuel Pégourié-Gonnard
cc0d084820 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Actually use armcc for the armcc test ^^'
  Add more -O level variety in all.sh
  Document recent make changes
  build: Makefile: cleanup CFLAGS
  build: Makefile: cleanup LDFLAGS
  build: Makefile: simplify root Makefile
  build: Makefile: remove bashism

Conflicts:
	programs/Makefile
2015-03-13 16:32:40 +00:00
Manuel Pégourié-Gonnard
40f315ac16 Document recent make changes 2015-03-13 13:50:30 +00:00
Manuel Pégourié-Gonnard
b6b16bddc3 Drop pbkdf2 module (superseded by pkcs5) 2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
f9c1387b9d Drop POLARSSL_ERROR_STRERROR_BC 2015-03-11 10:59:38 +00:00
Manuel Pégourié-Gonnard
57a26da593 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Use link-time garbage collection in memory.sh
  scripts/memory.sh only work on Linux
  Add missing 'const' on selftest data
  Use only headers for doxygen (no doc in C files)
  Add missing extern "C" guard in aesni.h
  Fix compile error with renego disabled
  Remove slow PKCS5 test
  Stop checking key-cert match systematically
  Make tests/*.sh runnable from anywhere
  Update visual C files
2015-03-11 10:30:21 +00:00
Manuel Pégourié-Gonnard
1a90147dc5 Add missing extern "C" guard in aesni.h 2015-03-10 16:12:29 +00:00
Manuel Pégourié-Gonnard
51bccd3889 Fix compile error with renego disabled 2015-03-10 16:09:08 +00:00
Manuel Pégourié-Gonnard
f427f8854a Stop checking key-cert match systematically 2015-03-10 15:35:29 +00:00
Manuel Pégourié-Gonnard
88bdb0bb51 Update Changelog with recent changes 2015-03-10 14:02:33 +00:00
Manuel Pégourié-Gonnard
cd4cd1dd26 Merge branch 'development' into dtls
* development:
  Fix the fix to ssl_set_psk()
  Update Changelog
  Finish fixing memleak in ssl_server2 arg parsing
  Fix another potential memory leak found by find-mem-leak.cocci.
  Add a rule for another type of memory leak to find-mem-leak.cocci.
  Fix a potential memory leak found by find-mem-leak.cocci.
  Add a semantic patch to find potential memory leaks.
  Fix whitespace of 369e6c20.
  Apply the semantic patch rm-malloc-cast.cocci.
  Add a semantic patch to remove casts of malloc.
2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard
df4e44025d Update Changelog 2015-02-18 10:11:06 +00:00
Manuel Pégourié-Gonnard
cc8980872c Merge branch 'mbedtls-1.4' into dtls
* mbedtls-1.4:
  Add missing require_gnutls guards in ssl-opt.sh
  Remove gnutls from the travis build
  Update release date and added note
2015-02-17 16:50:45 +00:00
Manuel Pégourié-Gonnard
d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard
ad350ed759 Update Changelog for the mem-measure branch 2015-02-16 17:45:35 +00:00
Manuel Pégourié-Gonnard
ea0184bbeb Document changes to make for windows 2015-02-16 15:42:16 +00:00
Manuel Pégourié-Gonnard
09eb14c01e Revert "Require unix-utils in path for windows make"
This reverts commit 5d46cca09a.

In preparation of merging an external contribution that superseedes this

Conflicts:
	ChangeLog
2015-02-16 15:25:31 +00:00
Paul Bakker
9c5898f033 Update release date and added note 2015-02-16 16:22:05 +01:00
Manuel Pégourié-Gonnard
6fdc4cae53 Fix potential signedness issue 2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard
00c220123d Update Changelog for portability improvements 2015-02-13 15:15:51 +00:00
Manuel Pégourié-Gonnard
5d46cca09a Require unix-utils in path for windows make 2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard
dda5213982 Fix harmless warnings with mingw in timing.c 2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard
38433535e3 Fix hardclock() with mingw64 2015-02-11 12:33:40 +00:00
Manuel Pégourié-Gonnard
677af93baa Update Changelog for the cleanup branch 2015-02-10 11:41:57 +00:00
Manuel Pégourié-Gonnard
6f60cd848b Move from SHA-1 to SHA-256 as default in programs 2015-02-10 11:31:58 +00:00
Manuel Pégourié-Gonnard
7bf1976034 Prepare Changelog for 1.3 branch development
This is meant to minimize/simplify merge conflict between topic branches.
2015-02-10 10:09:37 +00:00
Manuel Pégourié-Gonnard
f7d2bbaa62 Merge branch 'development' into dtls
* development:
  Add missing guards for gnuTLS
  Prepare for mbed TLS 1.3.10 release
  Fix potential timing issue in RSA pms handling

Conflicts:
	ChangeLog
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	library/CMakeLists.txt
	library/ssl_srv.c
	tests/suites/test_suite_version.data
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-02-09 11:42:40 +00:00
Paul Bakker
daae3b749b Prepare for mbed TLS 1.3.10 release 2015-02-08 15:49:54 +01:00
Manuel Pégourié-Gonnard
6674cce892 Fix potential timing issue in RSA pms handling 2015-02-06 11:36:56 +00:00
Manuel Pégourié-Gonnard
20343cfec9 Merge branch 'development' into dtls
* development:
  Add attribution
  Fix ignore patterns for windows cmake again
2015-02-03 11:31:06 +00:00
Manuel Pégourié-Gonnard
aa422b2f1a Add attribution 2015-02-02 09:30:45 +00:00
Manuel Pégourié-Gonnard
2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
65fc6a886a Fix small bug in base64_encode() 2015-01-28 16:49:26 +00:00
Manuel Pégourié-Gonnard
f3046efb24 Re-categorize changelog entry 2015-01-28 15:21:42 +00:00
Manuel Pégourié-Gonnard
ee7d599904 Fix misattribution 2015-01-28 15:21:42 +00:00
Manuel Pégourié-Gonnard
607d663b41 Add debug info for cert/suite selection 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
e89163c0a8 Fix bug in ssl_get_verify_result() 2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
9d7fc16dbf Update Changelog 2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard
c9e0483b42 Update Changelog 2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard
acdb9b9525 Fix unchecked error code on Windows 2015-01-23 17:50:34 +00:00
Manuel Pégourié-Gonnard
67505bf9e8 Merge branch 'development' into dtls
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
bfccdd3c92 Merge commit '36adc36' into dtls
* commit '36adc36':
  Add support for getrandom()
  Use library default for trunc-hmac in ssl_client2
  Make truncated hmac a runtime option server-side
  Fix portability issue in script
  Specific error for suites in common but none good
  Prefer SHA-1 certificates for pre-1.2 clients
  Some more refactoring/tuning.
  Minor refactoring

Conflicts:
	include/polarssl/error.h
	include/polarssl/ssl.h
	library/error.c
2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard
8fbb01ec84 Merge commit 'b2eaac1' into dtls
* commit 'b2eaac1':
  Stop assuming chars are signed
  Add tests for CBC record splitting
  Fix tests that were failing with record splitting
  Allow disabling record splitting at runtime
  Add 1/n-1 record splitting
  Enhance doc on ssl_write()

Conflicts:
	include/polarssl/ssl.h
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard
0af1ba3521 Merge commit 'f6080b8' into dtls
* commit 'f6080b8':
  Fix warning in reduced configs
  Adapt to "negative" switch for renego
  Add tests for periodic renegotiation
  Make renego period configurable
  Auto-renegotiate before sequence number wrapping
  Update Changelog for compile-option renegotiation
  Switch from an enable to a disable flag
  Save 48 bytes if SSLv3 is not defined
  Make renegotiation a compile-time option
  Add tests for renego security enforcement

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00