Manuel Pégourié-Gonnard
bc2b771af4
Move ssl_set_ca_chain() to work on config
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
2b49445876
Move session ticket keys to conf
...
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
684b0592cb
Move ssl_set_fallback() to work on conf
...
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
6bf89d6ad9
Move ssl_set_max_fragment_len to work on conf
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
17eab2b65c
Move set_cbc_record_splitting() to conf
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
d36e33fc07
Move easy ssl_set_xxx() functions to work on conf
...
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
419d5ae419
Make endpoint+transport args of config_defaults()
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
def0bbe3ab
Allocate ssl_config out of ssl_setup()
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
ee6139caea
Fix doc issue in ssl_server2
2015-05-07 10:18:26 +01:00
Manuel Pégourié-Gonnard
e36d56419e
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
fix bug in ssl_mail_client
Adapt compat.sh to GnuTLS 3.4
Fix undefined behaviour in x509
Conflicts:
programs/ssl/ssl_mail_client.c
tests/compat.sh
2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard
fa950c9480
fix bug in ssl_mail_client
2015-04-30 12:50:22 +02:00
Manuel Pégourié-Gonnard
da61ed3346
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Include changes from the 1.2 branch
Remove unused headers in o_p_test
Add countermeasure against cache-based lucky 13
Make results of (ext)KeyUsage accessible
Fix missing NULL check in MPI
Fix detection of getrandom()
Fix "make install" handling of symlinks
Fix bugs in programs displaying verify flags
Conflicts:
Makefile
include/polarssl/ssl.h
library/entropy_poll.c
library/ssl_srv.c
library/ssl_tls.c
programs/test/o_p_test.c
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
ac90673345
Remove unused headers in o_p_test
2015-04-30 10:09:50 +02:00
Manuel Pégourié-Gonnard
637376c2fe
Fix bugs in programs displaying verify flags
2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
41d479e7df
Split ssl_init() -> ssl_setup()
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
ec160c0f53
Update ctr_drbg_init() usage in programs
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
8d128efd48
Split mbedtls_ctr_drbg_init() -> seed()
2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5
Split mbedtls_hmac_drbg_init() -> seed{,_buf}()
2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265
Split mbedtls_gcm_init() -> gcm_setkey()
2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969
Split mbedtls_ccm_init() -> setkey()
2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
7cfbaf05b3
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix bugs in programs displaying verify flags
Conflicts:
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
2015-04-24 14:10:04 +02:00
Manuel Pégourié-Gonnard
9ce1bdc151
Fix bugs in programs displaying verify flags
2015-04-24 14:07:07 +02:00
Manuel Pégourié-Gonnard
e6028c93f5
Fix some X509 macro names
...
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
89addc43db
manually merge 0c6ce2f
use x509_crt_verify_info()
2015-04-20 11:23:11 +01:00
Manuel Pégourié-Gonnard
0c6ce2f536
Use x509_crt_verify_info() in programs
2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
b85725c958
Fix merge issue
2015-04-15 11:58:31 +02:00
Manuel Pégourié-Gonnard
862d503c01
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix typos in Changelog
Fix macro name from wrong branch
Fix bug in pk_parse_key()
Fixed typos
Updated Travis CI config for mbedtls project
Conflicts:
include/mbedtls/ecp.h
include/polarssl/compat-1.2.h
include/polarssl/openssl.h
include/polarssl/platform.h
library/pkparse.c
programs/pkey/mpi_demo.c
2015-04-15 11:30:46 +02:00
Paul Bakker
6152b0267c
Fixed typos
2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e
The Great Renaming
...
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
6c7af4c200
Fix a few internal name choices
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
932e3934bd
Fix typos & Co
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
26c9f90cae
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Add missing depends in x509 programs
Simplify ifdef checks in programs/x509
Fix thread safety issue in RSA operations
Add test certificate for bitstring in DN
Add support for X.520 uniqueIdentifier
Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
0878a0d884
Add missing depends in x509 programs
2015-03-31 15:14:37 +02:00
Manuel Pégourié-Gonnard
8d649c66b3
Simplify ifdef checks in programs/x509
2015-03-31 15:10:03 +02:00
Manuel Pégourié-Gonnard
8c8be1ebbb
Change default min TLS version to TLS 1.0
2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard
32076e66be
Fix programs for recent ECDSA changes
2015-03-31 13:32:39 +02:00
Manuel Pégourié-Gonnard
fa44f20b9f
Change authmode default to Required on client
2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard
4b3e5ef59a
Avoid duplicate #ifdefs in programs/ssl
2015-03-27 11:24:27 +01:00
Manuel Pégourié-Gonnard
b5410dbd96
Depend on PEM_PARsE_C when using test_cas_pem
2015-03-27 11:08:49 +01:00
Manuel Pégourié-Gonnard
a958d69a70
Rename test_ca_list to test_cas_pem
2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard
2f165060f0
Start introducing test_cas NULL-terminated list
2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard
75f901006b
Add len constants to certs.c
2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard
abb674467b
Rename md_init_ctx() to md_setup()
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281
Make hmac_ctx optional
...
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
003b3b132e
Remove use of xxx_hmac() in program
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
a115def330
Fix tests and programs to use md_get_xxx()
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
aeab252fef
Quit using deprecated ssl_set_bio() in programs
2015-03-25 20:21:29 +01:00
Manuel Pégourié-Gonnard
e46c6c38c9
Fix tests to work with DEPRECATED_REMOVED
2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
d42b7c82ef
Adapt programs to new RC4 default
2015-03-20 19:44:04 +00:00
Manuel Pégourié-Gonnard
7f7aebca02
Fix incomplete changes from merge
2015-03-13 17:19:39 +00:00
Manuel Pégourié-Gonnard
cc0d084820
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Actually use armcc for the armcc test ^^'
Add more -O level variety in all.sh
Document recent make changes
build: Makefile: cleanup CFLAGS
build: Makefile: cleanup LDFLAGS
build: Makefile: simplify root Makefile
build: Makefile: remove bashism
Conflicts:
programs/Makefile
2015-03-13 16:32:40 +00:00
Alon Bar-Lev
f7a9f30348
build: Makefile: cleanup CFLAGS
...
CFLAGS are reserved for external interaction via make variable, the
following should work:
$ make CFLAGS="-O3"
$ CFLAGS="-O3" make
1. Move internal flags to LOCAL_CFLAGS
2. Respect external CFLAGS
3. CFLAGS should be last compiler flags.
4. Default CFLAGS is -O optimization, remove OFLAGS.
5. Add WARNING_CFLAGS to control warning setting and enable to remove
if compiler does not support flags.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Alon Bar-Lev
ada4105ba2
build: Makefile: cleanup LDFLAGS
...
LDFLAGS are reserved for external interaction via make variable, the
following should work:
$ make LDFLAGS="-L/xxx"
$ LDFLAGS="-L/xxx" make
1. Move internal flags to LOCAL_LDFLAGS
2. Respect external LDFLAGS
3. LDFLAGS should be last linkage flags.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Manuel Pégourié-Gonnard
b6b16bddc3
Drop pbkdf2 module (superseded by pkcs5)
2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
83b04de09b
Rename a few incidental references to PolarSSL
2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
7f8099773e
Rename include directory to mbedtls
2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
34be402270
Rm obsolete things (compat-1.2, openssl, etc)
2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard
e4d4890350
Finish renaming website
2015-03-06 13:40:52 +00:00
Manuel Pégourié-Gonnard
998897be3d
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Rename website and repository
Move private macro from header to C file
Add some missing 'static' on a few objects
Fix whitespace issues
Minor portability fix in benchmark
2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard
fe44643b0e
Rename website and repository
2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard
c439e7b099
Minor portability fix in benchmark
...
On embedded systems, argc might be 0 rather than 1 for no argument.
2015-03-03 13:12:00 +00:00
Manuel Pégourié-Gonnard
cd4cd1dd26
Merge branch 'development' into dtls
...
* development:
Fix the fix to ssl_set_psk()
Update Changelog
Finish fixing memleak in ssl_server2 arg parsing
Fix another potential memory leak found by find-mem-leak.cocci.
Add a rule for another type of memory leak to find-mem-leak.cocci.
Fix a potential memory leak found by find-mem-leak.cocci.
Add a semantic patch to find potential memory leaks.
Fix whitespace of 369e6c20
.
Apply the semantic patch rm-malloc-cast.cocci.
Add a semantic patch to remove casts of malloc.
2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard
b199095ec9
Finish fixing memleak in ssl_server2 arg parsing
...
Fixes omission in 5c078e1
2015-02-18 09:32:06 +00:00
Manuel Pégourié-Gonnard
c35e90f8d4
Merge branch 'development' into dtls
...
* development:
Fix missing #define if PLATFORM_C not here
2015-02-16 18:47:13 +00:00
Manuel Pégourié-Gonnard
c3e3395c82
Fix missing #define if PLATFORM_C not here
2015-02-16 18:46:20 +00:00
Manuel Pégourié-Gonnard
d901d17817
Merge branch 'development' into dtls
...
* development: (100 commits)
Update Changelog for the mem-measure branch
Fix issues introduced when rebasing
Fix compile error in memory_buffer_alloc_selftest
Code cosmetics
Add curve25519 to ecc-heap.sh
Add curve25519 to the benchmark program
Fix compile issue when buffer_alloc not available
New script ecc-heap.sh
Fix unused variable issue in some configs
Rm usunused member in private struct
Add heap usage for PK in benchmark
Use memory_buffer_alloc() in benchmark if available
Only define mode_func if mode is enabled (CBC etc)
PKCS8 encrypted key depend on PKCS5 or PKCS12
Disable SRV_C for client measurement
Output stack+heap usage with massif
Enable NIST_OPTIM by default for config-suite-b
Refactor memory.sh
Adapt memory.sh to config-suite-b
Adapt mini-client for config-suite-b.h
...
Conflicts:
ChangeLog
include/polarssl/net.h
library/Makefile
library/error.c
library/ssl_tls.c
programs/Makefile
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard
714929bf0d
Fix issues introduced when rebasing
2015-02-16 17:32:47 +00:00
Manuel Pégourié-Gonnard
7defc7759d
Code cosmetics
2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard
85391f2a65
Add curve25519 to the benchmark program
2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard
e579dab5f0
Fix compile issue when buffer_alloc not available
2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
71e75dc2f0
Fix unused variable issue in some configs
2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
50da0482e0
Add heap usage for PK in benchmark
2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
128657d645
Use memory_buffer_alloc() in benchmark if available
...
Allows to measure memory by primitive.
2015-02-16 17:24:57 +00:00
Manuel Pégourié-Gonnard
3b8926c9d1
Adapt mini-client for config-suite-b.h
2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard
a6fc5b2c6a
Add mini_client.c
2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard
ab025803ed
Merge remote-tracking branch 'rich/platform' into development
...
* rich/platform:
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
modify programs/*.c to use polarssl_snprintf
2015-02-16 16:10:51 +00:00
Manuel Pégourié-Gonnard
aff2976d10
Merge branch 'build' into development
...
* build:
build: make: support windows cross compile
2015-02-16 15:26:09 +00:00
Manuel Pégourié-Gonnard
09eb14c01e
Revert "Require unix-utils in path for windows make"
...
This reverts commit 5d46cca09a
.
In preparation of merging an external contribution that superseedes this
Conflicts:
ChangeLog
2015-02-16 15:25:31 +00:00
Mansour Moufid
c531b4af3c
Apply the semantic patch rm-malloc-cast.cocci.
...
for dir in library programs; do
spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
--in-place;
done
2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard
671589d9a2
Fix return code in cert_app
2015-02-16 09:24:08 +00:00
Manuel Pégourié-Gonnard
401caadebd
Align ssl_read in fork_server on ssl_server
...
It was the only program using a weird do while( 0 ) with a continue inside
2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard
f53df4fcd8
Fix unchecked return values in mpi_demo
2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard
5c078e17b9
Fix memory leak on bad arguments in ssl_server2
...
Not a big deal, but was annoying in coverity results.
2015-02-16 09:13:40 +00:00
Alon Bar-Lev
18ba0cce8b
build: make: support windows cross compile
...
Add WINDOWS_BUILD macro to enable Windows build on *NIX host.
Add optional suffix for executables.
Fix shared object suffix logic to support multiple suffixes.
Fix soname handling to always match output.
WINDOWS macro sets WINDOWS_BUILD.
WINDOWS_BUILD sets .exe executable suffix.
WINDOWS_BUILD shared mode creates dll import library.
WINDOWS_BUILD shared mode link against dll.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-02-14 01:20:17 +02:00
Rich Evans
012acfc20f
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
2015-02-13 16:52:49 +00:00
Rich Evans
b92965be74
modify programs/*.c to use polarssl_snprintf
2015-02-13 16:51:44 +00:00
Manuel Pégourié-Gonnard
ac1f76c362
Merge remote-tracking branch 'rich/platform' into development
...
* rich/platform:
Remove dependency on sscanf in lib x509
Fix extra guard in memory_buffer_alloc
rebase from development
implemented macro overriding for polarssl_* library functions
fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined
add initial symbols to config and checks to check_config to allow use of macros to define standard functions
reformat and arrange additions to config alphabetically
add missing checks to check_config
add macro definition of assert using polarssl_exit
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
add POLARSSL_PLATFORM_EXIT_ALT
modify scripts/* and tests/* to use polarssl_snprintf
modify programs/*.c to use polarssl_snprintf
modify library/debug.c to use polarssl_snprintf
modify library/x509*.c to use polarssl_snprintf
modify library/net.c to use polarssl_snprintf
modify oid.c to use polarssl_snprintf
add platform_set_snprintf
Conflicts:
library/memory_buffer_alloc.c
programs/pkey/pk_sign.c
programs/pkey/pk_verify.c
programs/pkey/rsa_sign_pss.c
programs/pkey/rsa_verify_pss.c
programs/ssl/ssl_client2.c
programs/ssl/ssl_pthread_server.c
programs/test/benchmark.c
programs/test/ssl_cert_test.c
2015-02-13 15:11:24 +00:00
Manuel Pégourié-Gonnard
6c5abfa42b
Style: fix trailing spaces
2015-02-13 14:12:07 +00:00
Manuel Pégourié-Gonnard
013bffe5a7
Style: add spaces before line continuation
2015-02-13 14:09:44 +00:00
Rich Evans
77d3638497
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
2015-02-13 13:50:26 +00:00
Rich Evans
783d9d1c3e
modify programs/*.c to use polarssl_snprintf
2015-02-13 13:50:26 +00:00
Rich Evans
85b05ec389
Cleanup programs further
...
removed casting of main args to void
2015-02-13 13:50:05 +00:00
Rich Evans
18b78c7498
cleanup programs
...
Clean up the contents of programs, add more guards to includes, move all
defines to the top of the top of files, remove some unused includes
2015-02-13 13:50:05 +00:00
Manuel Pégourié-Gonnard
5d46cca09a
Require unix-utils in path for windows make
2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard
1cc0a3405c
Fix missing includes in program
2015-02-10 12:18:15 +00:00
Manuel Pégourié-Gonnard
6f60cd848b
Move from SHA-1 to SHA-256 as default in programs
2015-02-10 11:31:58 +00:00
Manuel Pégourié-Gonnard
f224678864
Fix remaining printfs in programs
2015-01-29 13:29:20 +00:00
Manuel Pégourié-Gonnard
226d37ac6f
Fix merge issue
2015-01-29 13:15:48 +00:00
Manuel Pégourié-Gonnard
b8a923db2b
Merge branch 'development' into dtls
...
* development:
Fix left out printf's
2015-01-29 11:53:35 +00:00
Manuel Pégourié-Gonnard
7e81e7003f
Fix left out printf's
2015-01-29 11:47:41 +00:00
Manuel Pégourié-Gonnard
3d2c4b70f2
Fix url in new files
2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard
2a0718d947
Merge branch 'development' into dtls
...
* development: (46 commits)
Fix url again
Fix small bug in base64_encode()
Fix depend that was checked but not documented
Fix dependency that was not checked
Minor gitginore fixes
Move some ignore patterns to subdirectories
Ignore CMake/MSVC-related build files.
Re-categorize changelog entry
Fix misattribution
Minor nits with stdout/stderr.
Add cmake compatibility targets
Add script for polarssl symlink creation
Fix more stdio inclusion issues
Add debug info for cert/suite selection
Fix possible portability issue
Fix bug in ssl_get_verify_result()
aescrypt2.c local char array not initial
Update Changelog
Fix mips64 bignum implementation
Fix usage string of ssl_client2
...
Conflicts:
include/polarssl/ssl.h
library/CMakeLists.txt
library/Makefile
programs/Makefile
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
visualc/VS2010/PolarSSL.sln
visualc/VS2010/mbedTLS.vcxproj
visualc/VS6/mbedtls.dsp
visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
860b51642d
Fix url again
2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
3f738ca40a
Move some ignore patterns to subdirectories
2015-01-28 15:33:23 +00:00
veggie
64a5799637
Minor nits with stdout/stderr.
2015-01-28 15:21:42 +00:00
wslfa
cc334eff3e
aescrypt2.c local char array not initial
...
I change the main() function to a normal function, use many threads call it. so, in concurrent situation, these initial operation is necessary.
2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
478fac4075
Fix usage string of ssl_client2
...
Found by Hannes Mehnert
2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard
7c9e75a836
Remove a few useless #defines
2015-01-28 15:28:29 +01:00
Rich Evans
f90016aade
Use platform layer in programs for consistency.
2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard
9014b6f227
Rename project in CMake
...
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard
6a4ae35788
Link to new name in programs & tests Makefiles
2015-01-27 14:03:24 +01:00
Manuel Pégourié-Gonnard
d43ccb66fb
Quit using deprecated header.
2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard
c26a092b50
Rename static lib name with make
2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard
dba564bc79
Fix files that are not in development
2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard
df6411d8d8
Merge branch 'development' into dtls
...
* development:
Fix website url to use https.
Remove maintainer line.
Remove redundant "all rights reserved"
2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard
085ab040aa
Fix website url to use https.
2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c
Remove maintainer line.
2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa
Remove redundant "all rights reserved"
2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
eab72e2ced
Merge branch 'development' into dtls
...
* development:
Update copyright
Fix issue in compat.sh
Rename doxyfile
Rename to mbed TLS in tests/
Rename to mbed TLS in examples
Remove old test certificates.
Rename to mbed TLS in the documentation/comments
Change name to mbed TLS in the copyright notice
Conflicts:
doxygen/input/doc_mainpage.h
doxygen/mbedtls.doxyfile
include/polarssl/version.h
tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
a658a4051b
Update copyright
2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
9169921271
Rename to mbed TLS in examples
2015-01-22 16:26:39 +00:00
Manuel Pégourié-Gonnard
b64d9a79a4
Remove old test certificates.
...
Avoid duplication with those in tests/data_files
2015-01-22 16:25:32 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c
Change name to mbed TLS in the copyright notice
2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
3a173f497b
Merge branch 'development' into dtls
...
* development:
Fix error code description.
generate_errors.pl now errors on duplicate codes
Avoid nested if's without braces.
Move renego SCSV after actual ciphersuites
Fix send_close_notify usage.
Rename variable for clarity
Improve script portability
Conflicts:
library/ssl_srv.c
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard
34377b1e1c
Fix send_close_notify usage.
2015-01-22 10:46:46 +00:00
Manuel Pégourié-Gonnard
6a0017b7c0
Rename variable for clarity
2015-01-22 10:33:29 +00:00
Manuel Pégourié-Gonnard
23eb74d8b5
Fix issues with new defaults
2015-01-21 14:37:13 +00:00
Manuel Pégourié-Gonnard
67505bf9e8
Merge branch 'development' into dtls
...
* development:
Adapt tests to new defaults/errors.
Fix typos/cosmetics in Changelog
Disable RC4 by default in example programs.
Add ssl_set_arc4_support()
Set min version to TLS 1.0 in programs
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
bfccdd3c92
Merge commit '36adc36' into dtls
...
* commit '36adc36':
Add support for getrandom()
Use library default for trunc-hmac in ssl_client2
Make truncated hmac a runtime option server-side
Fix portability issue in script
Specific error for suites in common but none good
Prefer SHA-1 certificates for pre-1.2 clients
Some more refactoring/tuning.
Minor refactoring
Conflicts:
include/polarssl/error.h
include/polarssl/ssl.h
library/error.c
2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard
0017c2be48
Merge commit '9835bc0' into dtls
...
* commit '9835bc0':
Fix racy test.
Fix stupid error in previous commit
Don't check errors on ssl_close_notify()
Fix char signedness issue
Fix issue with non-blocking I/O & record splitting
Fix warning
Conflicts:
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard
8fbb01ec84
Merge commit 'b2eaac1' into dtls
...
* commit 'b2eaac1':
Stop assuming chars are signed
Add tests for CBC record splitting
Fix tests that were failing with record splitting
Allow disabling record splitting at runtime
Add 1/n-1 record splitting
Enhance doc on ssl_write()
Conflicts:
include/polarssl/ssl.h
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard
0af1ba3521
Merge commit 'f6080b8' into dtls
...
* commit 'f6080b8':
Fix warning in reduced configs
Adapt to "negative" switch for renego
Add tests for periodic renegotiation
Make renego period configurable
Auto-renegotiate before sequence number wrapping
Update Changelog for compile-option renegotiation
Switch from an enable to a disable flag
Save 48 bytes if SSLv3 is not defined
Make renegotiation a compile-time option
Add tests for renego security enforcement
Conflicts:
include/polarssl/ssl.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
programs/ssl/ssl_server2.c
tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43
Merge commit 'd7e2483' into dtls
...
* commit 'd7e2483': (57 commits)
Skip signature_algorithms ext if PSK only
Fix bug in ssl_client2 reconnect option
Cosmetics in ssl_server2
Improve debugging message.
Fix net_usleep for durations greater than 1 second
Use pk_load_file() in X509
Create ticket keys only if enabled
Fix typo in #ifdef
Clarify documentation a bit
Fix comment on resumption
Update comment from draft to RFC
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
Add recursion.pl to all.sh
Allow x509_crt_verify_child() in recursion.pl
Set a compile-time limit to X.509 chain length
Fix 3DES -> DES in all.sh (+ time estimates)
Add curves.pl to all.sh
Rework all.sh to use MSan instead of valgrind
Fix depends on individual curves in tests
Add script to test depends on individual curves
...
Conflicts:
CMakeLists.txt
programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5
Merge commit '8b9bcec' into dtls
...
* commit '8b9bcec':
Stop assuming chars are signed
Fix len miscalculation in buffer-based allocator
Fix NULL dereference in buffer-based allocator
Add test_suite_memory_buffer_alloc
Add memory_buffer_alloc_self_test()
Fix missing bound check
Add test for ctr_drbg_update() input sanitizing
Refactor for clearer correctness/security
Stop assuming chars are signed
Conflicts:
library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker
5b8f7eaa3e
Merge new security defaults for programs (RC4 disabled, SSL3 disabled)
2015-01-14 16:26:54 +01:00
Paul Bakker
c82b7e2003
Merge option to disable truncated hmac on the server-side
2015-01-14 16:16:55 +01:00
Manuel Pégourié-Gonnard
a92ed4845c
Fix stupid error in previous commit
...
Since ret is no longer update by close_notify(), we need to reset it to 0
after a successful write.
2015-01-14 10:46:53 +01:00
Manuel Pégourié-Gonnard
687f89beab
Don't check errors on ssl_close_notify()
...
Depending on timing we might get different errors (conn_reset, write failed)
and ignoring them all ends up being almost the same as just not checking
errors.
2015-01-13 21:48:12 +01:00
Paul Bakker
b2eaac154b
Stop assuming chars are signed
2015-01-13 17:15:31 +01:00
Paul Bakker
f3561154ff
Merge support for 1/n-1 record splitting
2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Paul Bakker
8b9bcecaae
Stop assuming chars are signed
2015-01-13 15:59:55 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96
Add memory_buffer_alloc_self_test()
2015-01-13 14:58:00 +01:00
Paul Bakker
d9e2dd2bb0
Merge support for Encrypt-then-MAC
2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard
fa06581c73
Disable RC4 by default in example programs.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
982865618a
Stop assuming chars are signed
...
(They aren't on ARM by default.)
2015-01-12 19:17:05 +01:00
Manuel Pégourié-Gonnard
448ea506bf
Set min version to TLS 1.0 in programs
2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
265fe997ff
Use library default for trunc-hmac in ssl_client2
2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
c82ee3555f
Fix tests that were failing with record splitting
2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard
590f416142
Add tests for periodic renegotiation
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
85d915b81d
Add tests for renego security enforcement
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
d3b90f797d
Fix bug in ssl_client2 reconnect option
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
f29e5de09d
Cosmetics in ssl_server2
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
0975ad928d
Merge branch 'etm' into dtls
...
* etm:
Fix some more warnings in reduced configs
Fix typo causing MSVC errors
2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard
be6ce835a2
Fix typo causing MSVC errors
2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard
3a3066c3ee
ssl_server2 now exits on signal during a read too
2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard
403a86f73d
ssl_server2: exit cleanly on SIGINT too
2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard
49aa99e653
Fix exit codes in cert_app
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
a6ace04c5c
Test for lost HelloRequest
2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
e698f59a25
Add tests for ssl_set_dtls_badmac_limit()
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
9b35f18f66
Add ssl_get_record_expansion()
2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
e63582a166
Add dlts_client.c and dtls_server.c
2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
dc6a75a952
ERR_NET_CONN_RESET can't happen with UDP
2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
caecdaed25
Cosmetics in ssl_server2 & complete tests for HVR
2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
2d87e419e0
Adapt ssl_{client,server}2.c to datagram write
2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
994f8b554f
Ok for close_notify to fail
2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
a9d7d03e30
SIGTERM also interrupts server2 during net_read()
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
6a2bc23f63
Allow exchanges=0 in ssl_server2
...
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
cce220d6aa
Adapt ssl_server2 to datagram-style read
2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard
85beb30b11
Add test for resumption with non-blocking I/O
2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
f1e0df3ccd
Allow ssl_client2 to resend on read timeout
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
d823bd0a04
Add handshake_timeout option to test server/client
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
ce8588c9ef
Make udp_proxy more robust
...
There seemed to be some race conditions with server closing its fd right after
sending HelloVerifyRequest causing the proxy to exit after a failed read.
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
f03651217c
Adapt programs to use nbio with DTLS
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
bd97fdb3a4
Make ssl_server2's HVR handling more realistic
...
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
fa60f128d6
Quit using "yes" in ssl-opt.sh with openssl
...
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
ae666c5092
proxy: avoid always dropping the same packet
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b
Add test with proxy and openssl server
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
8cc7e03ae0
udp_proxy: show encrypted messages as encrypted
2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
6265d305f1
Fix some delayed packets going the wrong way
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
bf02319b58
udp_proxy: don't overwrite delayed packets
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
6312e0f4e6
udp_proxy: allow successive clients
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
484b8f9ed8
Fix bug in ssl_client2 reconnect option
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
b46780edee
Enlarge udp_proxy's message buffer
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
ae8d2399a5
udp_proxy: also drop messages from the last flight
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
992e13665d
Make decisions pseudo-random in udp_proxy
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
bc010a045c
udp_proxy: don't drop messages in the last flight
...
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
b6440a496b
ssl_server2 now dies on SIGTERM during a read
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
7cf3518284
Enhance output of udp_proxy (with time)
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
a014829024
Use ssl_set_bio_timeout() in test client/server
2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
6c18a39807
Add option 'bad_ad' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
eb00bfd9c2
Add option 'mtu' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
81f2fe9f08
Add option 'delay_ccs' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
60fdd7e0f2
Add option 'drop' to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
21398c37c0
Add option 'delay' to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
2c41bd85e0
Add a 'duplicate' option to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
44d5e63e6a
Enhance output of udp_proxy
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
cb4137b646
Add test utility udp_proxy
...
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
4ba6ab6d0d
Fix glitch with HelloVerifyRequest
...
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
26820e3061
Add option 'cookies' to ssl_server2
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
336b824f07
Use ssl_set_client_transport_id() in ssl_server2
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
ae5050c212
Start adapting ssl_client2 to datagram I/O
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
798f15a500
Fix version adjustments with force_ciphersuite
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
fe3f73bdeb
Allow force_version to select DTLS
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
8a06d9c5d6
Actually use UDP for DTLS in test client/server
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
83218f1da1
Add dtls version aliases to test serv/cli
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
e29fd4beaf
Add a dtls option to test server and client
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f138874811
Properly send close_notify in ssl_client2
2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
296e3b1174
Request renego before write in ssl_server2
...
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard
e08660e612
Fix ssl_read() and close_notify error handling in programs
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
67686c42e6
Fix undocumented option in ssl_server2
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
250b1ca6f3
Fix ssl_server2 exiting on recoverable errors
2014-08-19 10:34:37 +02:00
Paul Bakker
bc3e54c70d
Fix overly rigorous defines in ssl_server2.c
2014-08-18 14:36:17 +02:00
Paul Bakker
d153ef335f
Missing dependencies on POLARSSL_ECP_C fixed
2014-08-18 12:00:28 +02:00
Paul Bakker
09c9dd80ef
Revert 42cc641
. Issue already fixed in 333fdec
.
2014-08-18 11:06:56 +02:00
Paul Bakker
c1283d3f4c
Only use signal() in ssl_server2 on non-Windows platforms
2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard
dcab293bd4
Get rid of SERVERQUIT code in ssl_{client,server}2
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
db49330e08
ssl_server2 aborts cleanly on SIGTERM
...
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
a39416ff38
Fix bounds and error checking in gen_key.c
2014-08-14 11:34:35 +02:00
Alfred Klomp
7c03424d1c
ssl_mail_client.c: silence warning, check base64_encode() status
...
Found with Clang's `scan-build` tool.
ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value. This causes
scan-build to issue a warning.
Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Alfred Klomp
5b78f219d0
ssl_test.c: remove dead store, assign at declaration
...
Found with Clang's `scan-build` tool.
The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-08-14 11:34:34 +02:00
Alfred Klomp
1d42b3ea7e
pem2der.c: fix double-free bug
...
Found with Clang's `scan-build` tool.
load_file() allocates memory to a char** parameter. It then tries to fread() a
file, and if that fails, frees the memory and returns to caller. However, the
char** is not reset to NULL, which causes a double-free error when the caller
later passes it to free().
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
42cc641159
Don't print uninitialized buffer in ssl_mail_client
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9dbe7c5f17
Remove unreachable code from ssl_pthread_server
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858
Fix compile error in ssl_pthread_server
2014-08-14 11:34:33 +02:00
Paul Bakker
333fdeca3a
Properly initialize buf
2014-08-04 12:12:09 +02:00
Paul Bakker
3966d71fa8
gen_key should open file as binary for writing DER keys
2014-07-10 15:27:09 +02:00
Paul Bakker
d2a2d61a68
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
14e8be4d33
Adapted programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Paul Bakker
8cfd9d8c59
Adapt programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard
c5fd391e04
Check return value of ssl_set_xxx() in programs
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
4e3e7c2944
Clarify comment in program
2014-07-08 14:20:26 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
fae355e8ee
Add tests for ssl_set_renegotiation_enforced()
2014-07-04 14:32:27 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dea29c51fd
Extend request_size to small sizes in ssl_client2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0669f272e9
Fix printing large packets in ssl_server2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
8a4d571af8
Fix warnings in no-SSL configs
2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard
f9378d8f11
Fix dependencies on PEM in tests and programs
2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard
4505ed3c90
Fix missing free() with recent ssl_server2 options
2014-06-20 18:35:16 +02:00
Paul Bakker
3c38f29a61
Fix DER output of gen_key app (found by Gergely Budai)
2014-06-14 16:46:43 +02:00
Manuel Pégourié-Gonnard
7680698d02
Temporarily disable timing test on non-Linux
2014-06-13 18:04:42 +02:00
Paul Bakker
8880cb52f7
Handle missing CRL parsing gracefully
2014-06-12 23:22:26 +02:00
Paul Bakker
9b7fb6f68e
Prevent warning for possibly uninitialized variable in ssl_server2
2014-06-12 23:01:43 +02:00
Paul Bakker
508e573231
Merge tests for asn1write, XTEA and Entropy modules
2014-06-12 21:26:33 +02:00
Paul Bakker
14c78c93d5
Merge more SSL tests and required ssl_server2 additions
2014-06-12 21:24:34 +02:00
Manuel Pégourié-Gonnard
e1ac0f8c5d
Add back timing selftest with new hardclock test
2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard
8de259b953
Minor code simplification in ssl programs
2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard
95c0a63023
Add tests for ssl_get_bytes_avail()
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
e7a3b10dcc
Use ssl_get_bytes_avail() in ssl_server2.
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
6dc0781aba
Add version_suites option to ssl_server2
2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard
4dd73925ab
Add entropy_self_test()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
dc019b9559
Use ssl_set_psk() only when a psk is given
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
fdee74b8d6
Simplify some option parsing code
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
80c8553a1a
Add psk_list option to ssl_server2: PSK callback
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
9e27163acd
Refactor PSK parsing in ssl_server2
2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard
736699c08c
Add a dhm_file option to ssl_server2
2014-06-10 15:32:01 +02:00
Paul Bakker
1fd325309b
Add option 'crl_file' to cert_app
2014-05-28 11:36:38 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
b5212b436f
Merge CCM cipher mode and ciphersuites
...
Conflicts:
library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker
0c5e4290e1
benchmark application also works without POLARSSL_ERROR_C
2014-05-22 14:11:13 +02:00
Manuel Pégourié-Gonnard
58d78a8d70
Add CCM to benchmark
2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
a6916fada8
Add (placeholder) CCM module
2014-05-06 11:28:09 +02:00
Paul Bakker
525f87559f
Cast alpn_list to void * to prevent MSVC compiler warnings
2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
93c32b21b3
Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN
2014-04-25 16:58:12 +02:00
Paul Bakker
fdba46885b
cert_write app should use subject of issuer certificate as issuer of cert
2014-04-25 11:48:35 +02:00
Paul Bakker
8a0c0a9ed9
Check additional return values in some test cases
2014-04-17 17:24:23 +02:00
Paul Bakker
df71dd1618
Cleaner initialization (values did not matter, but were uninitialized)
2014-04-17 16:03:48 +02:00
Paul Bakker
030decdb4e
Actually increment the loop counter to quit in ssl_fork_server
2014-04-17 16:03:23 +02:00
Paul Bakker
0c22610693
Cleaned up location of init and free for some programs to prevent memory
...
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Paul Bakker
cbe3d0d5cc
Added return value checking for correctness in programs
2014-04-17 16:00:59 +02:00
Paul Bakker
1cfc45835f
Add option 'use_dev_random' to gen_key application
2014-04-09 15:49:58 +02:00
Manuel Pégourié-Gonnard
0f79babd4b
Disable timing_selftest() for now
2014-04-09 15:49:51 +02:00
Paul Bakker
17b85cbd69
Merged additional tests and improved code coverage
...
Conflicts:
ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Shuo Chen
95a0d118a9
Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined.
2014-04-08 10:53:51 +02:00
Manuel Pégourié-Gonnard
1bd2281260
Add an alpn option to ssl_client2 and ssl_server2
2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard
13a1ef8600
Misc selftest adjustements
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5
Add timing_self_test() with consistency tests
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
388dac4037
Still test pbkdf2 while it's there
2014-04-04 16:33:00 +02:00
Manuel Pégourié-Gonnard
6b0d268bc9
Add ssl_close_notify() to servers that missed it
2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard
00d538f8f9
Disable renegotiation by default in example cli/srv
2014-03-31 11:03:06 +02:00
Paul Bakker
5a1d687274
Fixed typo introduced in 486485b
2014-03-26 11:20:05 +01:00
Manuel Pégourié-Gonnard
486485bc07
PBKDF2 -> PKCS5 in selftest.c
2014-03-20 09:59:51 +01:00
Paul Bakker
a4b0343edf
Merged massive SSL Testing improvements
2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
84fd6877c6
Use ssl_client2 to terminate ssl_server2
2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5b2d776d2a
GnuTLS in compat.sh: server-side
2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
3e1b178ba2
Add options for no certificates in test srv/cli
2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5575316385
Add options for non-blocking I/O in test cli & srv
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
0d8780b2cd
Add a server_adrr option to ssl_client2
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
5d917ff6a8
Add a 'sni' option to ssl_server2
2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
dbe1ee1988
Add tests for session ticket lifetime
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
c55a5b7d6f
Add tests for cache timeout
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
4c88345f19
Add test for ssl_cache max_entries
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
780d671f9d
Add tests for renegotiation
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
2fc243d06a
Rearrange help messages of example cli/srv
2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
fcf2fc2960
Make auth_mode=required the default in ssl_client2
2014-03-13 19:25:07 +01:00
Manuel Pégourié-Gonnard
844a4c0aef
Fix RSASSA-PSS example programs
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
c580a00e3c
Print protocol version in example cli/srv
2014-02-12 10:15:30 +01:00
Paul Bakker
64abd83b67
Fixed file descriptor leak in generic_sum
2014-02-06 15:03:06 +01:00
Paul Bakker
247b487d61
Missing 'else' in gen_key
2014-02-06 14:33:52 +01:00
Gergely Budai
a5d336bcec
Increase title size (fits to increased curve names). Give verbose errors on failures.
2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
79afaa0551
Add hmac_drbg_selftest()
2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
fef0f8f55a
Add HMAC_DRBG to benchmark
2014-01-30 23:17:33 +01:00
Paul Bakker
d75ba40cc3
SMTP lines are officially terminated with CRLF, ssl_mail_client fixed
2014-01-24 16:12:18 +01:00
Paul Bakker
5eb264cfa7
Minor fixes to o_p_test.c (CMakeLists.txt and includes)
2014-01-23 15:47:29 +01:00
Paul Bakker
5862eee4ca
Merged RIPEMD-160 support
2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b
Renamed RMD160 to RIPEMD160
2014-01-22 14:17:31 +01:00
Manuel Pégourié-Gonnard
2f5217ea02
Gitignore ssl_pthread_server
2014-01-22 12:56:06 +01:00
Manuel Pégourié-Gonnard
1744d72902
Add RIPEMD-160 to selftest
2014-01-17 14:46:36 +01:00
Manuel Pégourié-Gonnard
01b0b38421
Add RIPEMD-160 to benchmark
2014-01-17 14:29:46 +01:00
Paul Bakker
caf0e60969
Forced cast to unsigned int for %u format in the ecdsa application
2013-12-30 19:15:48 +01:00
Paul Bakker
f0fc2a27b0
Properly put the pragma comment for the MSVC linker in defines
2013-12-30 15:42:43 +01:00
Paul Bakker
29e86eae29
Removed 'z' length modifier from format in ecdsa program
2013-12-30 15:38:48 +01:00
Paul Bakker
3e72f6effd
Only search for Pthread on Windows platforms
2013-12-30 15:28:46 +01:00
Paul Bakker
f9c4953e39
Added version of the SSL pthread server example
2013-12-30 14:55:54 +01:00
Paul Bakker
5a607d26b7
Merged IPv6 support in the NET module
2013-12-17 14:34:19 +01:00
Paul Bakker
f70fe81a6e
Fixed memory leak in benchmark application
2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
18d31f8e59
Make listening address configurable in ssl_server2
2013-12-17 12:00:57 +01:00
Paul Bakker
014f143c2a
Merged EC key generation support
2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard
6e16cdb37c
Allow curve selection in gen_key
2013-11-30 15:32:47 +01:00
Paul Bakker
fdda785248
Removed dependency on unistd.h for MSVC in apps
2013-11-30 15:15:31 +01:00
Paul Bakker
840ab20ea2
Explicit conversions to int from size_t for MSVC (64-bit) in apps
2013-11-30 15:14:38 +01:00
Paul Bakker
c97f9f6465
Removed making commandline arguments case insensitive
2013-11-30 15:14:11 +01:00
Manuel Pégourié-Gonnard
49d738b50d
Ignore file generated by gen_key
2013-11-30 14:39:15 +01:00
Manuel Pégourié-Gonnard
8c237710a0
Start adding EC support in gen_key
2013-11-30 14:36:54 +01:00
Paul Bakker
a8239a4490
Removed Windows auto-spawn client code
2013-11-29 11:16:37 +01:00
Manuel Pégourié-Gonnard
0f2eacbd09
crypt_and_hash: check MAC earlier
2013-11-26 15:19:57 +01:00
Paul Bakker
e4c71f0e11
Merged Prime generation improvements
2013-11-25 14:27:28 +01:00
Paul Bakker
8fc30b178c
Various const fixes
2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
5e1e61124a
Insert warning about time in dh_genprime
2013-11-22 21:16:10 +01:00
Paul Bakker
993e386a73
Merged renegotiation refactoring
2013-10-31 14:32:38 +01:00
Manuel Pégourié-Gonnard
291f9af935
Make all hash checking in programs constant-time
2013-10-31 14:22:27 +01:00
Paul Bakker
424cd6943c
Check HMAC in constant-time in crypt_and_hash
2013-10-31 14:22:08 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba
Server: enforce renegotiation
2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6
Move some code around, improve documentation
2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d
Add code for testing server-initiated renegotiation
2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
53b3e0603b
Add code for testing client-initiated renegotiation
2013-10-30 16:46:46 +01:00
Paul Bakker
60b1d10131
Fixed spelling / typos (from PowerDNS:codespell)
2013-10-29 10:02:51 +01:00
Paul Bakker
93c6aa4014
Fixed that selfsign copies issuer_name to subject_name
2013-10-28 22:29:11 +01:00
Paul Bakker
08bb187bb6
Merged Public Key framwork tests
2013-10-28 14:11:09 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d
X509 key identifiers depend on SHA1
2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard
b0a467fdbe
Start adding a PK test suite
2013-10-15 15:19:59 +02:00
Paul Bakker
f34673e37b
Merged RSA-PSK key-exchange and ciphersuites
2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0
Merged ECDHE-PSK ciphersuites
2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f
Fix and simplify *-PSK ifdef's
2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d
Fix dependencies and related issues
2013-10-14 14:02:19 +02:00
Paul Bakker
b799dec4c0
Merged support for Brainpool curves and ciphersuites
2013-10-11 10:05:43 +02:00
Manuel Pégourié-Gonnard
2f77ce3658
Fix forgotten snprintf define for MSVC
2013-10-11 09:17:19 +02:00
Manuel Pégourié-Gonnard
22f64c8a9a
Cosmetics in benchmark
2013-10-10 13:21:48 +02:00
Paul Bakker
1337affc91
Buffer allocator threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
1ffefaca1e
Introduced entropy_free()
2013-09-29 15:01:42 +02:00
Paul Bakker
396333e0a3
Updated ssl_test to handle EOF return value
2013-09-28 11:08:43 +02:00
Manuel Pégourié-Gonnard
a0fdf8b0a0
Simplify the way default certs are used
2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard
641de714b6
Use both RSA and ECDSA CA if available
2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
ac8474fb1c
Changed default cert loading in ssl_server2
2013-09-25 11:35:15 +02:00
Manuel Pégourié-Gonnard
b095a7bf29
Offer both RSA and ECDSA by default in ssl_server2
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52
Add support for multiple server certificates
2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861
RSA and ECDSA key exchanges don't depend on CRL
2013-09-24 21:25:53 +02:00
Paul Bakker
15b9b3a7e0
Key generation tool
2013-09-23 13:25:44 +02:00
Manuel Pégourié-Gonnard
abd6e02b7b
Rm _CRT_SECURE_NO_DEPRECATE for programs
...
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
3bd2aae5a5
Add forgotten initializations
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
7831b0cb3c
A few more issues with small configurations
2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard
a7496f00ff
Fix a few more warnings in small configurations
2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
92e5b59355
Fix some dependencies/warnings in programs
2013-09-20 10:58:58 +02:00
Manuel Pégourié-Gonnard
da179e4870
Add ecp_curve_list(), hide ecp_supported_curves
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e
Add human-friendly name in ecp_curve_info
2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
803bb312a3
Remove ecp-bench (now in general benchmark)
2013-09-18 15:37:43 +02:00
Paul Bakker
940f9ce515
Added pk_decrypt, pk_encrypt, pk_sign, pk_verify example applications
2013-09-18 15:34:57 +02:00
Paul Bakker
2e24ca74b0
Updated key_app.c and key_app_writer.c for EC key printing
2013-09-18 15:25:16 +02:00
Manuel Pégourié-Gonnard
cc34f95b43
Include ECDSA and ECDH in benchmark
2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
ed7cbe92d5
Allow selection of what to benchmark
2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
8271f2ffb5
Shorten benchmark source using macros and loops
2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
568c9cf878
Add ecp_supported_curves and simplify some code
2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
1b57878e4a
Add missing VS project files, generated by script
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
68821da01e
Fix clang warnings in applications
...
Some fd would be used uninitialized if we goto exit early.
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
4cf0686d6d
Remove spurious '+ 3' in ecdsa_write_signature()
2013-09-18 14:34:33 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e
Generalized function names of x509 functions not parse-specific
...
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
7fc7fa630f
cert_write application also works without POLARSSL_X509_CSR_PARSE_C
2013-09-17 14:44:00 +02:00
Paul Bakker
36713e8ed9
Fixed bunch of X509_PARSE related defines / dependencies
2013-09-17 13:25:29 +02:00
Paul Bakker
30520d1776
Moved rsa_sign_pss / rsa_verify_pss to use PK for key reading
2013-09-17 11:39:31 +02:00
Paul Bakker
1525495330
Key app updated to support pk_context / ECP keypairs
2013-09-17 11:24:56 +02:00
Paul Bakker
7504d7f806
Fixed X509 define in selftest.c
2013-09-16 22:56:18 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
ace02867f6
Do not lowercase key values in arguments in cert_app.c
2013-09-16 21:40:34 +02:00
Paul Bakker
40ce79f1e6
Moved DHM parsing from X509 module to DHM module
2013-09-15 17:43:54 +02:00
Paul Bakker
9a97c5d894
Fixed warnings in case application dependencies are not met
2013-09-15 17:07:33 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Paul Bakker
9013af76a3
Merged major refactoring of x509write module into development
...
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
26b4d45f49
Fix key_app_writer
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2
Add missing f_rng/p_rng arguments to x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5
Convert x509write_crt interface to PK
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
ee73179b2f
Adapt x509write_csr prototypes for PK
2013-09-12 11:57:00 +02:00
Paul Bakker
8f0423afbc
Fix for benchmark app after GCM refactoring merge
2013-09-10 14:51:50 +02:00
Paul Bakker
c0dcf0ceb1
Merged blinding additions for EC, RSA and DHM into development
2013-09-10 14:44:27 +02:00
Paul Bakker
b2d7f23592
Ability to selfsign certificates added to cert_write app
2013-09-09 16:24:18 +02:00
Paul Bakker
4122f3eacf
Removed POLARSSL_ERROR_C define and added as requirement defing for
...
cert_req and cert_write apps
2013-09-09 16:01:46 +02:00
Paul Bakker
80d44fee2e
Moved 'define handling code' to top
2013-09-09 15:59:20 +02:00
Paul Bakker
e2673fb34b
cert_write app now parses presented CSR for subject name and key
2013-09-09 15:56:09 +02:00
Paul Bakker
f9f377e652
CSR Parsing (without attributes / extensions) implemented
2013-09-09 15:35:10 +02:00
Paul Bakker
8693274219
Small typo in usage of cert_req app
2013-09-09 14:09:42 +02:00
Paul Bakker
1014e95775
Use issuer_name from the issuer_certificate in cert_write app
2013-09-09 13:59:42 +02:00
Paul Bakker
52be08c299
Added support for writing Key Usage and NS Cert Type extensions
2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684
Changes x509_csr to x509write_csr
2013-09-09 12:38:45 +02:00
Manuel Pégourié-Gonnard
e8ea0c0421
Fix exit value on SERVERQUIT
2013-09-08 20:08:24 +02:00
Manuel Pégourié-Gonnard
ce6352a791
Add benchmark for fixed-DHM with blinding
2013-09-07 13:05:52 +02:00
Manuel Pégourié-Gonnard
1a2012459b
Fix undetected errors in benchmark
...
dhm_calc_secret() was exiting early, leading to wrong results
2013-09-07 12:27:35 +02:00
Manuel Pégourié-Gonnard
337b29c334
Test and document EC blinding overhead
2013-09-07 11:52:27 +02:00
Paul Bakker
15162a054a
Writing of X509v3 extensions supported
...
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
9397dcb0e8
Base X509 certificate writing functinality
2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
cac5f7d737
Update benchmarks for new prototypes
2013-09-04 17:19:18 +02:00
Manuel Pégourié-Gonnard
2d627649bf
Change dhm_calc_secret() prototype
2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98
Split tag handling out of cipher_finish()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346
Split cipher_update_ad() out or cipher_reset()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
9c853b910c
Split cipher_set_iv() out of cipher_reset()
2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
9241be7ac5
Change cipher prototypes for GCM
2013-08-31 18:07:42 +02:00
Paul Bakker
548957dd49
Refactored RSA to have random generator in every RSA operation
...
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80
Merged refactored x509write module into development
2013-08-28 16:32:51 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
ac75523593
Adapt ssl_set_own_cert() to generic keys
2013-08-27 22:21:20 +02:00
Paul Bakker
0be444a8b1
Ability to disable server_name extension (RFC 6066)
2013-08-27 21:55:01 +02:00
Paul Bakker
f3df61ad10
Generalized PEM writing in x509write module for RSA keys as well
2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70
Move PEM conversion of DER data to x509write module
2013-08-26 17:37:18 +02:00
Paul Bakker
57be6e22cf
cert_req now supports key_usage and ns_cert_type command line options
2013-08-26 17:37:18 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5
Move verify_result from ssl_context to session
2013-08-26 14:26:02 +02:00
Paul Bakker
8adf13bd92
Added pem2der utility application
2013-08-26 10:38:54 +02:00
Paul Bakker
82e2945ed2
Changed naming and prototype convention for x509write functions
...
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
384d4351ce
Added cert_req to CMakeLists.txt
2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461
Rewrote x509 certificate request writing to use structure for storing
2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
7e56de1671
Adapt ssl_cert_test to changes in PK
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
bf3109fd41
Add forgotten ecdsa_free() in ecdsa example
2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
e09631b7c4
Create ecp_group_copy() and use it
2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
aa431613b3
Add ecdsa example program
2013-08-20 20:08:29 +02:00
Paul Bakker
1f2bc6238b
Made support for the truncated_hmac extension configurable
2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3
Made support for the max_fragment_length extension configurable
2013-08-15 13:33:48 +02:00
Paul Bakker
a503a63b85
Made session tickets support configurable from config.h
2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff
Add ssl_set_session_tickets()
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37
Fix reusing session more than once
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
cf2e97eae2
ssl_client2: allow reconnecting twice
2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aaa1eab55a
Add an option to reconnect in ssl_client2
...
Purpose: test resuming sessions.
2013-08-14 14:08:04 +02:00
Paul Bakker
66c4810ffe
Better handling of ciphersuite version range and forced version in
...
ssl_client2
2013-07-26 14:05:32 +02:00
Paul Bakker
6c85279719
Newline fixes in help text for ssl_client2 / ssl_server2
2013-07-26 14:02:13 +02:00
Paul Bakker
dbd79ca617
ssl_client2 and ssl_server2 now exit with 1 on errors (shell
...
limitations)
2013-07-24 16:28:35 +02:00
Paul Bakker
8c1ede655f
Changed prototype for ssl_set_truncated_hmac() to allow disabling
2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0
Add interface for truncated hmac
2013-07-19 14:51:47 +02:00
Paul Bakker
5b55b79021
Better handling of ciphersuite version range and forced version in
...
ssl_server2
2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard
e048b67d0a
Misc minor fixes
...
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
0c017a55e0
Add max_frag_len option in ssl_server2
...
Also reformat code and output more information in ssl_client2
2013-07-18 14:07:36 +02:00
Paul Bakker
8e714d7aca
Modified LONG_RESPONSE and comments in ssl_server2
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
bd7ce63115
Adapt ssl_server2 to test sending long messages
2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
787b658bb3
Implement max_frag_len write restriction
2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
0df6b1f068
ssl_client2: add max_frag_len option
2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
be50680a8c
Fix use of x509_cert.rsa in programs
2013-07-17 15:59:43 +02:00
Paul Bakker
82024bf7b9
ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT'
2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Paul Bakker
44618dd798
SSL Test and Benchmark now handle missing POLARSSL_TIMING_C
2013-07-04 11:30:32 +02:00
Paul Bakker
fa9b10050b
Also compiles / runs without time-based functions in OS
...
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
6e339b52e8
Memory-allocation abstraction layer and buffer-based allocator added
2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
62534dd1d8
programs/util/strerror now handles decimal and hexidecimal input
2013-06-30 12:45:07 +02:00
Paul Bakker
03a8a79516
Programs adapted to use polarssl_strerror() instead of error_strerror()
2013-06-30 12:18:08 +02:00
Paul Bakker
5dc6b5fb05
Made supported curves configurable
2013-06-29 23:26:34 +02:00
Paul Bakker
c1516be99d
ssl_server2 and ssl_client2 adapted to support maximum protocol version
2013-06-29 18:35:41 +02:00
Paul Bakker
3c5ef71322
Cleanup up non-prototyped functions (static) and const-correctness in programs
2013-06-25 16:37:45 +02:00
Paul Bakker
ef3f8c747e
Fixed const correctness issues in programs and tests
...
(cherry picked from commit e0225e4d7f
)
Conflicts:
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
programs/test/ssl_test.c
programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
777a5757d6
ca_path and ca_file arguments added to support chain validation in
...
cert_app
2013-05-21 16:20:04 +02:00
Paul Bakker
bcbe2d8d81
Prettier printing of the lists for longer ciphersuite names
2013-04-19 09:10:20 +02:00
Paul Bakker
ed27a041e4
More granular define selections within code to allow for smaller code
...
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
fbb17804d8
Added pre-shared key handling for the server side of SSL / TLS
...
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
d4a56ec6bf
Added pre-shared key handling for the client side of SSL / TLS
...
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
41c83d3f67
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
...
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743
Merge branch 'ecc-devel-mpg' into development
2013-03-13 16:31:01 +01:00
Paul Bakker
68884e3c09
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-03-13 14:48:32 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
a95919b4c7
Added ECP files to Makefiles as well
2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
b4a310b472
Added a selftest about SPA resistance
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
52a422f6a1
Added ecp-bench specialized benchmark
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e870c0a5d6
Added benchmark for DHM
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c
Moved tests from selftest to tests/test_suite_ecp
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae
Implemented multiplication
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c
Got first tests working, fixed ecp_copy()
2013-01-16 16:31:49 +01:00
Paul Bakker
91ebfb5272
Made auth_mode as an command line option
2012-11-23 14:04:08 +01:00
Paul Bakker
1f9d02dc90
Added more notes / comments on own_cert, trust_ca purposes
2012-11-20 10:30:55 +01:00
Paul Bakker
25338d74ac
Added proper gitignores for Linux CMake use
2012-11-18 22:56:39 +01:00
Paul Bakker
90f309ffe7
Added proper gitignores for linux compilation
2012-11-17 00:04:49 +01:00
Paul Bakker
75242c30fb
Added checking of CA peer cert to ssl_client1 as sane default
2012-11-17 00:03:46 +01:00
Paul Bakker
580153573b
- Do not free uninitialized ssl context
2012-11-14 12:15:41 +00:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
21654f392e
- Smaller default values
2012-10-24 14:29:17 +00:00
Paul Bakker
520ea911f6
- Fixed to support 4096 bit DHM params as well
2012-10-24 14:17:01 +00:00
Paul Bakker
f1ab0ec1ff
- Changed default compiler flags to include -O2
2012-10-23 12:12:53 +00:00
Paul Bakker
1d56958963
- Updated examples to use appropriate sizes for larger RSA keys (up to 16k)
2012-10-03 20:35:44 +00:00
Paul Bakker
3ad34d4110
- Added key_app_writer to CMakeLists.txt
2012-10-03 20:34:37 +00:00
Paul Bakker
3fad7b3fdd
- Changed saved value to RCF 3526 2048 MODP group
2012-10-03 19:50:54 +00:00
Paul Bakker
5da01caa50
- Added warning about example use
2012-10-03 19:48:33 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
5d19f86fdd
- Added comment
2012-09-28 07:33:00 +00:00
Paul Bakker
cbbd9998da
- SSL/TLS now has default group
2012-09-28 07:32:06 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
819370c7b7
- Removed lowercasing of parameters
2012-09-28 07:04:41 +00:00
Paul Bakker
5ef9db2ae3
- Added rsa_check_privkey() check to rsa_sign
2012-09-27 13:19:22 +00:00
Paul Bakker
db2509c9cd
- Added password and password_file options for reading private keys
2012-09-27 12:44:31 +00:00
Paul Bakker
d43241060b
- Removed clutter from my_dhm values
2012-09-26 08:29:38 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
4811b56524
- Added util/CMakelists.txt
2012-09-25 11:45:38 +00:00
Paul Bakker
29b64761fd
- Added predefined DHM groups from RFC 5114
2012-09-25 09:36:44 +00:00
Paul Bakker
b60b95fd7f
- Added first version of ssl_server2 example application
2012-09-25 09:05:17 +00:00
Paul Bakker
0f409a1911
- Added missing subdirectory line for util
2012-09-25 08:19:18 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
835b29e7c3
- Should not be debug_level 5 in repo (reset to 0)
2012-08-23 08:31:59 +00:00
Paul Bakker
3d58fe8af6
- Added Blowfish to benchmarks
2012-07-04 17:15:31 +00:00
Paul Bakker
26c4e3cb0b
- Made crypt_and_cipher more robust with other ciphers / hashes
2012-07-04 17:08:33 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00