Commit graph

508 commits

Author SHA1 Message Date
wslfa cc334eff3e aescrypt2.c local char array not initial
I change the main() function to a normal function, use many threads call it. so, in concurrent situation, these initial operation is necessary.
2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard 478fac4075 Fix usage string of ssl_client2
Found by Hannes Mehnert
2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard 7c9e75a836 Remove a few useless #defines 2015-01-28 15:28:29 +01:00
Rich Evans f90016aade Use platform layer in programs for consistency. 2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard 9014b6f227 Rename project in CMake
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard 6a4ae35788 Link to new name in programs & tests Makefiles 2015-01-27 14:03:24 +01:00
Manuel Pégourié-Gonnard d43ccb66fb Quit using deprecated header. 2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard c26a092b50 Rename static lib name with make 2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard 085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard 9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard 19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard 9169921271 Rename to mbed TLS in examples 2015-01-22 16:26:39 +00:00
Manuel Pégourié-Gonnard b64d9a79a4 Remove old test certificates.
Avoid duplication with those in tests/data_files
2015-01-22 16:25:32 +00:00
Manuel Pégourié-Gonnard 967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard 34377b1e1c Fix send_close_notify usage. 2015-01-22 10:46:46 +00:00
Manuel Pégourié-Gonnard 6a0017b7c0 Rename variable for clarity 2015-01-22 10:33:29 +00:00
Paul Bakker 5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Manuel Pégourié-Gonnard a92ed4845c Fix stupid error in previous commit
Since ret is no longer update by close_notify(), we need to reset it to 0
after a successful write.
2015-01-14 10:46:53 +01:00
Manuel Pégourié-Gonnard 687f89beab Don't check errors on ssl_close_notify()
Depending on timing we might get different errors (conn_reset, write failed)
and ignoring them all ends up being almost the same as just not checking
errors.
2015-01-13 21:48:12 +01:00
Paul Bakker b2eaac154b Stop assuming chars are signed 2015-01-13 17:15:31 +01:00
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Paul Bakker 8b9bcecaae Stop assuming chars are signed 2015-01-13 15:59:55 +01:00
Manuel Pégourié-Gonnard 5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Paul Bakker d9e2dd2bb0 Merge support for Encrypt-then-MAC 2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard fa06581c73 Disable RC4 by default in example programs. 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard 982865618a Stop assuming chars are signed
(They aren't on ARM by default.)
2015-01-12 19:17:05 +01:00
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard 265fe997ff Use library default for trunc-hmac in ssl_client2 2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard c82ee3555f Fix tests that were failing with record splitting 2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard 590f416142 Add tests for periodic renegotiation 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard d3b90f797d Fix bug in ssl_client2 reconnect option 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard f29e5de09d Cosmetics in ssl_server2 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard be6ce835a2 Fix typo causing MSVC errors 2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard 3a3066c3ee ssl_server2 now exits on signal during a read too 2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard 403a86f73d ssl_server2: exit cleanly on SIGINT too 2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard 49aa99e653 Fix exit codes in cert_app 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard f138874811 Properly send close_notify in ssl_client2 2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard a8c0a0dbd0 Add "exchanges" option to test server and client
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard 296e3b1174 Request renego before write in ssl_server2
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00