yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 19:15:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
3286 commits 88 branches 205 tags 69 MiB
Commit graph

343 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard d823bd0a04 Add handshake_timeout option to test server/client 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard f03651217c Adapt programs to use nbio with DTLS 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard bd97fdb3a4 Make ssl_server2's HVR handling more realistic 
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 484b8f9ed8 Fix bug in ssl_client2 reconnect option 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard b6440a496b ssl_server2 now dies on SIGTERM during a read 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard a014829024 Use ssl_set_bio_timeout() in test client/server 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard 4ba6ab6d0d Fix glitch with HelloVerifyRequest 
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard 26820e3061 Add option 'cookies' to ssl_server2 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard a64acd4f84 Add separate SSL_COOKIE_C define 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard 232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard 82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 336b824f07 Use ssl_set_client_transport_id() in ssl_server2 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard ae5050c212 Start adapting ssl_client2 to datagram I/O 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 798f15a500 Fix version adjustments with force_ciphersuite 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard fe3f73bdeb Allow force_version to select DTLS 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard 8a06d9c5d6 Actually use UDP for DTLS in test client/server 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard f5a1312eaa Add UDP support to the NET module 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard 83218f1da1 Add dtls version aliases to test serv/cli 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard 864a81fdc0 More ssl_set_XXX() functions can return BAD_INPUT 2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard e29fd4beaf Add a dtls option to test server and client 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard f138874811 Properly send close_notify in ssl_client2 2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard a8c0a0dbd0 Add "exchanges" option to test server and client 
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
 2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard 296e3b1174 Request renego before write in ssl_server2 
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
 2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard e08660e612 Fix ssl_read() and close_notify error handling in programs 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard 67686c42e6 Fix undocumented option in ssl_server2 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard 250b1ca6f3 Fix ssl_server2 exiting on recoverable errors 2014-08-19 10:34:37 +02:00
Paul Bakker bc3e54c70d Fix overly rigorous defines in ssl_server2.c 2014-08-18 14:36:17 +02:00
Paul Bakker 09c9dd80ef Revert 42cc641. Issue already fixed in 333fdec. 2014-08-18 11:06:56 +02:00
Paul Bakker c1283d3f4c Only use signal() in ssl_server2 on non-Windows platforms 2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard dcab293bd4 Get rid of SERVERQUIT code in ssl_{client,server}2 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard db49330e08 ssl_server2 aborts cleanly on SIGTERM 
(while waiting for a new connection)
 2014-08-14 18:33:00 +02:00
Alfred Klomp 7c03424d1c ssl_mail_client.c: silence warning, check base64_encode() status 
Found with Clang's `scan-build` tool.

ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value.  This causes
scan-build to issue a warning.

Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard 42cc641159 Don't print uninitialized buffer in ssl_mail_client 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 9dbe7c5f17 Remove unreachable code from ssl_pthread_server 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 955028f858 Fix compile error in ssl_pthread_server 2014-08-14 11:34:33 +02:00
Paul Bakker 333fdeca3a Properly initialize buf 2014-08-04 12:12:09 +02:00
Paul Bakker a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Manuel Pégourié-Gonnard c5fd391e04 Check return value of ssl_set_xxx() in programs 2014-07-08 14:20:26 +02:00
Paul Bakker 8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard 481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard fae355e8ee Add tests for ssl_set_renegotiation_enforced() 2014-07-04 14:32:27 +02:00
Paul Bakker 2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard dea29c51fd Extend request_size to small sizes in ssl_client2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard 0669f272e9 Fix printing large packets in ssl_server2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard 8a4d571af8 Fix warnings in no-SSL configs 2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard 4505ed3c90 Fix missing free() with recent ssl_server2 options 2014-06-20 18:35:16 +02:00
Paul Bakker 9b7fb6f68e Prevent warning for possibly uninitialized variable in ssl_server2 2014-06-12 23:01:43 +02:00
Manuel Pégourié-Gonnard 8de259b953 Minor code simplification in ssl programs 2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard 95c0a63023 Add tests for ssl_get_bytes_avail() 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard e7a3b10dcc Use ssl_get_bytes_avail() in ssl_server2. 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard 6dc0781aba Add version_suites option to ssl_server2 2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard dc019b9559 Use ssl_set_psk() only when a psk is given 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard fdee74b8d6 Simplify some option parsing code 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard 80c8553a1a Add psk_list option to ssl_server2: PSK callback 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard 9e27163acd Refactor PSK parsing in ssl_server2 2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard 736699c08c Add a dhm_file option to ssl_server2 2014-06-10 15:32:01 +02:00
Paul Bakker 1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker 525f87559f Cast alpn_list to void * to prevent MSVC compiler warnings 2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker 93c32b21b3 Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN 2014-04-25 16:58:12 +02:00
Paul Bakker df71dd1618 Cleaner initialization (values did not matter, but were uninitialized) 2014-04-17 16:03:48 +02:00
Paul Bakker 030decdb4e Actually increment the loop counter to quit in ssl_fork_server 2014-04-17 16:03:23 +02:00
Paul Bakker 0c22610693 Cleaned up location of init and free for some programs to prevent memory 
leaks on incorrect arguments
 2014-04-17 16:02:36 +02:00
Manuel Pégourié-Gonnard 1bd2281260 Add an alpn option to ssl_client2 and ssl_server2 2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard 6b0d268bc9 Add ssl_close_notify() to servers that missed it 2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard 00d538f8f9 Disable renegotiation by default in example cli/srv 2014-03-31 11:03:06 +02:00
Paul Bakker a4b0343edf Merged massive SSL Testing improvements 2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard 84fd6877c6 Use ssl_client2 to terminate ssl_server2 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 5b2d776d2a GnuTLS in compat.sh: server-side 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 3e1b178ba2 Add options for no certificates in test srv/cli 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 5575316385 Add options for non-blocking I/O in test cli & srv 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 0d8780b2cd Add a server_adrr option to ssl_client2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 5d917ff6a8 Add a 'sni' option to ssl_server2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard dbe1ee1988 Add tests for session ticket lifetime 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard c55a5b7d6f Add tests for cache timeout 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 4c88345f19 Add test for ssl_cache max_entries 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 780d671f9d Add tests for renegotiation 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 2fc243d06a Rearrange help messages of example cli/srv 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard fcf2fc2960 Make auth_mode=required the default in ssl_client2 2014-03-13 19:25:07 +01:00
Manuel Pégourié-Gonnard c580a00e3c Print protocol version in example cli/srv 2014-02-12 10:15:30 +01:00
Paul Bakker d75ba40cc3 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-01-24 16:12:18 +01:00
Paul Bakker f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker 3e72f6effd Only search for Pthread on Windows platforms 2013-12-30 15:28:46 +01:00
Paul Bakker f9c4953e39 Added version of the SSL pthread server example 2013-12-30 14:55:54 +01:00
Manuel Pégourié-Gonnard 18d31f8e59 Make listening address configurable in ssl_server2 2013-12-17 12:00:57 +01:00
Paul Bakker fdda785248 Removed dependency on unistd.h for MSVC in apps 2013-11-30 15:15:31 +01:00
Paul Bakker a8239a4490 Removed Windows auto-spawn client code 2013-11-29 11:16:37 +01:00
Manuel Pégourié-Gonnard 6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard 9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard 53b3e0603b Add code for testing client-initiated renegotiation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard 8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard 1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Paul Bakker 1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker 1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Manuel Pégourié-Gonnard a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard 641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard ac8474fb1c Changed default cert loading in ssl_server2 2013-09-25 11:35:15 +02:00
Manuel Pégourié-Gonnard b095a7bf29 Offer both RSA and ECDSA by default in ssl_server2 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard 3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard abd6e02b7b Rm _CRT_SECURE_NO_DEPRECATE for programs 
(Already in config.h.)
 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 3bd2aae5a5 Add forgotten initializations 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 68821da01e Fix clang warnings in applications 
Some fd would be used uninitialized if we goto exit early.
 2013-09-18 14:34:33 +02:00
Paul Bakker c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker ddf26b4e38 Renamed x509parse_* functions to new form 
e.g. x509parse_crtfile -> x509_crt_parse_file
 2013-09-18 13:46:23 +02:00
Paul Bakker 369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker 36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker 9a97c5d894 Fixed warnings in case application dependencies are not met 2013-09-15 17:07:33 +02:00
Paul Bakker 1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard e8ea0c0421 Fix exit value on SERVERQUIT 2013-09-08 20:08:24 +02:00
Paul Bakker 577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development 
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
 2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Paul Bakker 0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Manuel Pégourié-Gonnard 38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker 1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker 05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard cf2e97eae2 ssl_client2: allow reconnecting twice 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard aaa1eab55a Add an option to reconnect in ssl_client2 
Purpose: test resuming sessions.
 2013-08-14 14:08:04 +02:00
Paul Bakker 66c4810ffe Better handling of ciphersuite version range and forced version in 
ssl_client2
 2013-07-26 14:05:32 +02:00
Paul Bakker 6c85279719 Newline fixes in help text for ssl_client2 / ssl_server2 2013-07-26 14:02:13 +02:00
Paul Bakker dbd79ca617 ssl_client2 and ssl_server2 now exit with 1 on errors (shell 
limitations)
 2013-07-24 16:28:35 +02:00
Paul Bakker 8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Paul Bakker 5b55b79021 Better handling of ciphersuite version range and forced version in 
ssl_server2
 2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard e048b67d0a Misc minor fixes 
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
 2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard 0c017a55e0 Add max_frag_len option in ssl_server2 
Also reformat code and output more information in ssl_client2
 2013-07-18 14:07:36 +02:00
Paul Bakker 8e714d7aca Modified LONG_RESPONSE and comments in ssl_server2 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard bd7ce63115 Adapt ssl_server2 to test sending long messages 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard 787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard 0df6b1f068 ssl_client2: add max_frag_len option 2013-07-18 11:18:13 +02:00
Paul Bakker 82024bf7b9 ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT' 2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker fa9b10050b Also compiles / runs without time-based functions in OS 
Can now run without need of time() / localtime() and gettimeofday()
 2013-07-03 17:22:32 +02:00
Paul Bakker 03a8a79516 Programs adapted to use polarssl_strerror() instead of error_strerror() 2013-06-30 12:18:08 +02:00
Paul Bakker c1516be99d ssl_server2 and ssl_client2 adapted to support maximum protocol version 2013-06-29 18:35:41 +02:00
Paul Bakker 3c5ef71322 Cleanup up non-prototyped functions (static) and const-correctness in programs 2013-06-25 16:37:45 +02:00
Paul Bakker ef3f8c747e Fixed const correctness issues in programs and tests 
(cherry picked from commit e0225e4d7f)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c
 2013-06-24 19:09:24 +02:00
Paul Bakker bcbe2d8d81 Prettier printing of the lists for longer ciphersuite names 2013-04-19 09:10:20 +02:00
Paul Bakker ed27a041e4 More granular define selections within code to allow for smaller code 
sizes
 2013-04-18 23:12:34 +02:00
Paul Bakker fbb17804d8 Added pre-shared key handling for the server side of SSL / TLS 
Server side handling of the pure PSK ciphersuites is now in the base
code.
 2013-04-18 23:12:33 +02:00
Paul Bakker d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS 
Client side handling of the pure PSK ciphersuites is now in the base
code.
 2013-04-18 23:12:33 +02:00
Paul Bakker 41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS 
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
 2013-03-20 14:39:14 +01:00
Paul Bakker 91ebfb5272 Made auth_mode as an command line option 2012-11-23 14:04:08 +01:00