AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,117 Commits 1 Branch 0 Tags 61 MiB
0763a401a7
Commit Graph

2117 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul Bakker
0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Paul Bakker
4224bc0a4f Prevent potential NULL pointer dereference in ssl_read_record() 2014-04-08 14:36:50 +02:00
Paul Bakker
27e36d342c Support for the ALPN SSL extension (re-enabled in config.h) 2014-04-08 12:33:37 +02:00
Manuel Pégourié-Gonnard
563ad02663 Fix final report in compat.sh 
Only affect what's printed, the exit code was already correct.
 2014-04-08 11:56:35 +02:00
Manuel Pégourié-Gonnard
8c045ef8e4 Fix embarrassing X.509 bug introduced in 9533765 2014-04-08 11:55:03 +02:00
Shuo Chen
95a0d118a9 Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined. 2014-04-08 10:53:51 +02:00
Manuel Pégourié-Gonnard
83d8c73c91 Disable ALPN by default 2014-04-07 13:24:21 +02:00
Manuel Pégourié-Gonnard
f6521de17b Add ALPN tests to ssl-opt.sh 
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
 2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
89e35798ae Implement ALPN server-side 2014-04-07 12:26:35 +02:00
Manuel Pégourié-Gonnard
0b874dc580 Implement ALPN client-side 2014-04-07 10:57:45 +02:00
Manuel Pégourié-Gonnard
1bd2281260 Add an alpn option to ssl_client2 and ssl_server2 2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard
7e250d4812 Add ALPN interface 2014-04-04 17:10:40 +02:00
Manuel Pégourié-Gonnard
6c33a16dae Add previously forgotten test files... oops! 2014-04-04 16:23:29 +02:00
Paul Bakker
4984d3c0b8 Updated ChangeLog for x509_crt_info() change 2014-04-04 15:39:37 +02:00
Paul Bakker
e4205dc50a Merged printing of X509 extensions 2014-04-04 15:36:10 +02:00
Paul Bakker
4c41277710 Updated Visual Studio projects with changes from last release 2014-04-04 15:26:47 +02:00
Paul Bakker
5ff3f9134b Small fix for EFI build under Windows in x509_crt.c 2014-04-04 15:08:20 +02:00
Manuel Pégourié-Gonnard
0db29b05b5 More compact code using macros 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0 x509_crt_info() list output cosmectics 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3 Print extended key usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318 Print key_usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855 Print subject alt name in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829 Print NS Cert Type in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f Start printing extensions in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
887aa5b381 Fix include path in ecdsa.h 2014-04-04 13:57:20 +02:00
Manuel Pégourié-Gonnard
e442111e29 Fix typo which broke ENTROPY_FORCE_SHA256 2014-04-02 13:50:05 +02:00
Manuel Pégourié-Gonnard
a27cd4c62e Fix ENTROPY_LEN check 2014-04-02 13:46:29 +02:00
Manuel Pégourié-Gonnard
eb82a74ed2 Fix header issue with default malloc() 2014-04-02 13:43:48 +02:00
Manuel Pégourié-Gonnard
74bc68ac62 Fix default #define for malloc/free 2014-04-02 13:20:00 +02:00
Paul Bakker
75a2860f26 Potential memory leak in mpi_exp_mod() when error occurs during 
calculation of RR.
 2014-03-31 12:08:17 +02:00
Manuel Pégourié-Gonnard
dd75c3183b Remove potential timing leak in ecdsa_sign() 2014-03-31 11:55:42 +02:00
Manuel Pégourié-Gonnard
6b0d268bc9 Add ssl_close_notify() to servers that missed it 2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard
00d538f8f9 Disable renegotiation by default in example cli/srv 2014-03-31 11:03:06 +02:00
Manuel Pégourié-Gonnard
5b8c409f53 Fix a warning (theoretical uninitialised variable) 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
1827a6e77e Add -O1 to check mode (helps some warnings) 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
3895f5a344 all.sh: directly go for ASan build 2014-03-27 21:10:56 +01:00
Manuel Pégourié-Gonnard
969ccc6289 Fix length checking of various ClientKeyExchange's 2014-03-27 21:10:56 +01:00
Paul Bakker
96d5265315 Made ready for release 1.3.5 2014-03-26 16:55:50 +01:00
Paul Bakker
5fff23b92a x509_get_current_time() uses localtime_r() to prevent thread issues 2014-03-26 15:34:54 +01:00
Paul Bakker
4c284c9141 Removed LCOV directives from code 2014-03-26 15:33:05 +01:00
Paul Bakker
77f4f39ea6 Make sure no random pointer occur during failed malloc()'s 2014-03-26 15:30:20 +01:00
Paul Bakker
db1f05985e Add a check for buffer overflow to pkcs11_sign() 
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.

An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)

As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
 2014-03-26 15:14:21 +01:00
Paul Bakker
91c61bc4fd Further tightened the padlen check to prevent underflow / overflow 2014-03-26 15:14:20 +01:00
Manuel Pégourié-Gonnard
76b8ab73cd ssl-opt.sh: address some robustness issues 2014-03-26 14:21:34 +01:00
Manuel Pégourié-Gonnard
c042cf0013 Fix broken tests due to changed error code 
Introduced in 5246ee5c59
 2014-03-26 14:12:20 +01:00
Paul Bakker
df5024c0dd Made building of programs optional in CMake 2014-03-26 13:27:51 +01:00
Paul Bakker
674e0b015a Improvements to tests/Makefile when using shared library 2014-03-26 13:26:52 +01:00
Manuel Pégourié-Gonnard
e9a9a61c61 Deduplicate suites in compat.sh 2014-03-26 12:58:56 +01:00
Manuel Pégourié-Gonnard
8a3a3208a0 Update lcov test descriptions 2014-03-26 12:58:55 +01:00
Manuel Pégourié-Gonnard
12b8472f2f Test against GnuTLS for every common ciphersuite 2014-03-26 12:58:54 +01:00