yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-23 13:31:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
3047 commits 88 branches 205 tags 69 MiB
Commit graph

907 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side 
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
 2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard 3ff78239fe Add tests for CBC record splitting 2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard c82ee3555f Fix tests that were failing with record splitting 2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard f46f128f4a Fix test scripts portability issues 2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard 76c99a01a1 Fix Gnu-ism in script 2014-12-11 10:33:43 +01:00
Manuel Pégourié-Gonnard 590f416142 Add tests for periodic renegotiation 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard ea29d152c7 Add recursion.pl to all.sh 2014-11-20 17:32:33 +01:00
Manuel Pégourié-Gonnard 89d69b398c Fix 3DES -> DES in all.sh (+ time estimates) 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 246978d97d Add curves.pl to all.sh 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 9bda9b3b92 Rework all.sh to use MSan instead of valgrind 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard cf4de32f58 Fix depends on individual curves in tests 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 2727dc1e09 Add script to test depends on individual curves 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 5c2aa10c15 Fix curve dependency issues in X.509 test suite 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 57a5d60abb Add tests for concatenated CRLs 2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard 4be3449dbc Add Readme about X.509 test files 2014-11-19 14:03:59 +01:00
Manuel Pégourié-Gonnard 8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard 98aa19148c Adjust warnings in different modes 2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 7c13d69cb5 Fix dependency issues 2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard a1efcb084f Implement pk_check_pair() for RSA-alt 2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard 70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard f9d778d635 Merge branch 'etm' into dtls 
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
 2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard 56d985d0a6 Merge branch 'session-hash' into dtls 
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
 2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard fedba98ede Merge branch 'fb-scsv' into dtls 
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
 2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard dd4592774b compat.sh: allow git version of gnutls 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 85a4178f82 compat.sh: make options a bit more robust 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret 
(But not the actual thing yet.)
 2014-11-05 16:00:49 +01:00
Paul Bakker f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard a6ace04c5c Test for lost HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard f1384470bf Avoid spurious timeout in ssl-opt.sh 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard 74a1378175 Avoid false positive in ssl-opt.sh with memcheck 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard e698f59a25 Add tests for ssl_set_dtls_badmac_limit() 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard caecdaed25 Cosmetics in ssl_server2 & complete tests for HVR 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard 37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 127ab88dba Give more time to lossy tests with normal timers 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard ba958b8bdc Add test for server-initiated renego 
Just assuming the HelloRequest isn't lost for now
 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard 85beb30b11 Add test for resumption with non-blocking I/O 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard a59af05dce Give more time to tests that time out too often 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard 7a26d73735 Add test for session resumption 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard df9a0a8460 Drop unexpected ApplicationData 
This is likely to happen on resumption if client speaks first at the
application level.
 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard 37a4de2cec Use shorter timeouts in ssl-opt.sh proxy tests 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard 6093d81c20 Add tests with proxy and non-blocking I/O 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard 579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard bd97fdb3a4 Make ssl_server2's HVR handling more realistic 
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 36795197d9 Rm now useless MTU setting in compat.sh 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 7a66cbca75 Rm some redundant tests 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 9590e0a176 Add proxy tests with gnutls-srv & fragmentation 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl 
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard 08a1d4bce1 Fix bug with client auth with DTLS 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 1b753f1e27 Add test for renego with proxy 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 18e519a660 Add proxy tests with more handshake flows 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard 76fe9e41c1 Test that anti-replay ignores all duplicates 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard b47368a00a Add replay detection 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 825a49ed7c Add more udp_proxy tests 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard a6189f0fb0 udp_proxy wasn't actually killed 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard a0719727da Add tests with dropped packets 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard 63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 990f9e428a Handle late handshake messages gracefully 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard be9eb877f7 Adapt ssl-opt.sh to allow using udp_proxy in tests 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard 0a65934ef3 Re-enable valgrind for all tests 
Now we can handle duplicated messages due to the peer re-sending (due to us
being soooo slow with valgrind)
 2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard 0c4cbc7895 Add test for fragmentation + renego with GnuTLS 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard f1499f602e Add interop testing for renego with GnuTLS 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard 77b0b8d100 Disable some tests with valgrind for now 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard 64dffc5d14 Make handshake reassembly work with openssl 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard a77561765f Add test with openssl with DTLS in ssl-opt.sh 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard 502bf30fb5 Handle reassembly of handshake messages 
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.

Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard c392b240c4 Fix server-initiated renegotiation with DTLS 2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard 30d16eb429 Fix client-initiated renegotiation with DTLS 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard 0eb6cab979 Add DTLS cookies test to ssl-opt.sh 2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard 53aef81a7d Work around OpenSSL bug in compat.sh 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard d1af1025d0 Add DTLS interop testing with OpenSSL server 
PSK suites failing with client auth
 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard 9bfb1226da Add DTLS interop testing with GnuTLS server 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard 29980b16bd Add DTLS interop testing (PolarSSL server) 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 3025b6cfd6 Add DTLS self-op test in compat.sh 2014-10-21 16:30:10 +02:00
Paul Bakker 9eac4f7c4e Prepare for release 1.3.9 2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard 9c911da68f Add tests for X.509 name encoding mismatch 2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard 5d8618539f Fix memory leak while parsing some X.509 certs 2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard 64938c63f0 Accept spaces at end of line/buffer in base64 2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Paul Bakker 5a5fa92bfe x509_crt_parse() did not increase total_failed on PEM error 
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
 2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard 7fa67728ad Scripts print more info on failure within buildbot 2014-08-31 17:42:53 +02:00