Commit graph

1119 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 9835bc077a Fix racy test.
With exchanges == renego period, sometimes the connection will be closed by
the client before the server had time to read the ClientHello, making the test
fail. The extra exchange avoids that.
2015-01-14 14:41:58 +01:00
Manuel Pégourié-Gonnard a852cf4833 Fix issue with non-blocking I/O & record splitting 2015-01-13 20:56:15 +01:00
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard 765bb31d24 Add test_suite_memory_buffer_alloc 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard f5f25b3a0d Add test for ctr_drbg_update() input sanitizing 2015-01-13 14:56:59 +01:00
Paul Bakker d9e2dd2bb0 Merge support for Encrypt-then-MAC 2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard a65d5082b6 Merge branch 'development' into dtls
* development:
  Fix previous commit
  Allow flexible location of valgrind
  Fix test scripts portability issues
  Fix Gnu-ism in script

Conflicts:
	tests/ssl-opt.sh
2015-01-12 14:54:55 +01:00
Paul Bakker 54b1a8fa4d Merge support for Extended Master Secret (session-hash) 2015-01-12 14:14:07 +01:00
Paul Bakker b52b015c0b Merge support for FALLBACK_SCSV 2015-01-12 14:07:59 +01:00
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard f01768c55e Specific error for suites in common but none good 2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard df331a55d2 Prefer SHA-1 certificates for pre-1.2 clients 2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard 3ff78239fe Add tests for CBC record splitting 2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard c82ee3555f Fix tests that were failing with record splitting 2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard f46f128f4a Fix test scripts portability issues 2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard 76c99a01a1 Fix Gnu-ism in script 2014-12-11 10:33:43 +01:00
Manuel Pégourié-Gonnard 590f416142 Add tests for periodic renegotiation 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard ea29d152c7 Add recursion.pl to all.sh 2014-11-20 17:32:33 +01:00
Manuel Pégourié-Gonnard 89d69b398c Fix 3DES -> DES in all.sh (+ time estimates) 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 246978d97d Add curves.pl to all.sh 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 9bda9b3b92 Rework all.sh to use MSan instead of valgrind 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard cf4de32f58 Fix depends on individual curves in tests 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 2727dc1e09 Add script to test depends on individual curves 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard 5c2aa10c15 Fix curve dependency issues in X.509 test suite 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 57a5d60abb Add tests for concatenated CRLs 2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard 4be3449dbc Add Readme about X.509 test files 2014-11-19 14:03:59 +01:00
Manuel Pégourié-Gonnard 8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard 98aa19148c Adjust warnings in different modes 2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 7c13d69cb5 Fix dependency issues 2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard a1efcb084f Implement pk_check_pair() for RSA-alt 2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard 70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard 2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard 56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard dd4592774b compat.sh: allow git version of gnutls 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 85a4178f82 compat.sh: make options a bit more robust 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Paul Bakker f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard a6ace04c5c Test for lost HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard f1384470bf Avoid spurious timeout in ssl-opt.sh 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard 74a1378175 Avoid false positive in ssl-opt.sh with memcheck 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard e698f59a25 Add tests for ssl_set_dtls_badmac_limit() 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard caecdaed25 Cosmetics in ssl_server2 & complete tests for HVR 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard 37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 127ab88dba Give more time to lossy tests with normal timers 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard ba958b8bdc Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard 85beb30b11 Add test for resumption with non-blocking I/O 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard a59af05dce Give more time to tests that time out too often 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard 7a26d73735 Add test for session resumption 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard df9a0a8460 Drop unexpected ApplicationData
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard 37a4de2cec Use shorter timeouts in ssl-opt.sh proxy tests 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard 6093d81c20 Add tests with proxy and non-blocking I/O 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard 579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard bd97fdb3a4 Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 36795197d9 Rm now useless MTU setting in compat.sh 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 7a66cbca75 Rm some redundant tests 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 9590e0a176 Add proxy tests with gnutls-srv & fragmentation 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard 08a1d4bce1 Fix bug with client auth with DTLS 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 1b753f1e27 Add test for renego with proxy 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 18e519a660 Add proxy tests with more handshake flows 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard 76fe9e41c1 Test that anti-replay ignores all duplicates 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard b47368a00a Add replay detection 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 825a49ed7c Add more udp_proxy tests 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard a6189f0fb0 udp_proxy wasn't actually killed 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard a0719727da Add tests with dropped packets 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard 63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 990f9e428a Handle late handshake messages gracefully 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard be9eb877f7 Adapt ssl-opt.sh to allow using udp_proxy in tests 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard 0a65934ef3 Re-enable valgrind for all tests
Now we can handle duplicated messages due to the peer re-sending (due to us
being soooo slow with valgrind)
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard 0c4cbc7895 Add test for fragmentation + renego with GnuTLS 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard f1499f602e Add interop testing for renego with GnuTLS 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard 77b0b8d100 Disable some tests with valgrind for now 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard 64dffc5d14 Make handshake reassembly work with openssl 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard a77561765f Add test with openssl with DTLS in ssl-opt.sh 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard 502bf30fb5 Handle reassembly of handshake messages
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.

Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard c392b240c4 Fix server-initiated renegotiation with DTLS 2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard 30d16eb429 Fix client-initiated renegotiation with DTLS 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard 0eb6cab979 Add DTLS cookies test to ssl-opt.sh 2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard 53aef81a7d Work around OpenSSL bug in compat.sh 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard d1af1025d0 Add DTLS interop testing with OpenSSL server
PSK suites failing with client auth
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard 9bfb1226da Add DTLS interop testing with GnuTLS server 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard 29980b16bd Add DTLS interop testing (PolarSSL server) 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 3025b6cfd6 Add DTLS self-op test in compat.sh 2014-10-21 16:30:10 +02:00
Paul Bakker 9eac4f7c4e Prepare for release 1.3.9 2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard 9c911da68f Add tests for X.509 name encoding mismatch 2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard 5d8618539f Fix memory leak while parsing some X.509 certs 2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard 64938c63f0 Accept spaces at end of line/buffer in base64 2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Paul Bakker 5a5fa92bfe x509_crt_parse() did not increase total_failed on PEM error
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard 7fa67728ad Scripts print more info on failure within buildbot 2014-08-31 17:42:53 +02:00
Manuel Pégourié-Gonnard c2b0092a1b Fix leaving around temporary file in ssl-opt.sh 2014-08-31 17:17:36 +02:00
Manuel Pégourié-Gonnard 1287f11d54 Detect GnuTLS presence and version in compat.sh 2014-08-31 16:31:32 +02:00
Manuel Pégourié-Gonnard 16494496db Fix details in compat.sh 2014-08-31 10:37:14 +02:00
Manuel Pégourié-Gonnard 72e51ee7be Use arithmetic expansion in scripts, avoid bashisms 2014-08-31 10:22:11 +02:00
Manuel Pégourié-Gonnard c0f6a692fb Add client timeout to ssl-opt.sh and compat.sh 2014-08-30 22:59:55 +02:00
Manuel Pégourié-Gonnard decaf0b182 Clean up unused variable in compat.sh 2014-08-30 22:22:09 +02:00
Manuel Pégourié-Gonnard a4afadfccd Fix bug in OpenSSL v2 support testing 2014-08-30 22:09:36 +02:00
Manuel Pégourié-Gonnard 644e8f377d Adapt debug_level in ssl-opt.sh to new levels
The meaning of debug_level was shift by one during the last debug overhaul.
(The new one is more rational, previously debug_level=1 didn't do anything.)
2014-08-30 21:59:31 +02:00
Manuel Pégourié-Gonnard 8e03c71b23 Normalize names in ssl-opt.sh
No numbering: does not add value, and painful to maintain, esp. with branches
2014-08-30 21:42:40 +02:00
Manuel Pégourié-Gonnard 51362961b8 Add interop testing of renegotiation 2014-08-30 21:22:47 +02:00
Manuel Pégourié-Gonnard f2629b965e Rm now useless tricks from ssl-opt.sh 2014-08-30 14:20:14 +02:00
Manuel Pégourié-Gonnard 480905d563 Fix selection of hash from sig_alg ClientHello ext. 2014-08-30 14:19:59 +02:00
Manuel Pégourié-Gonnard baa7f07809 Add GnuTLS support to ssl-opt.sh 2014-08-20 20:15:53 +02:00
Manuel Pégourié-Gonnard f07f421759 Fix server-initiated renego with non-blocking I/O 2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard a8c0a0dbd0 Add "exchanges" option to test server and client
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard 6591962f06 Allow delay on renego on client
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Paul Bakker d153ef335f Missing dependencies on POLARSSL_ECP_C fixed 2014-08-18 12:00:28 +02:00
Manuel Pégourié-Gonnard 74b11702d7 Simplify terminating ssl_server2 in test scripts 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard 6f4fbbb3e1 Add a "skip" feature in ssl-opt.sh 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard 61bc57af99 Optimize all.sh for new build options 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard 39141fed63 Add warnings in debug build, and -Werror with ASan
- warnings in debug build allows the to be caught earlier
- -Werror with ASan make tests/scripts/all.sh a bit shorter
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard 192253aaa9 Fix buffer size in pk_write_*_pem() 2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard e46aa5e336 Update GnuTLS version requirements in compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 7e0a5183db Add a missing suite to compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard e73b26391d Add config-full to all.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 7457cb3a56 Fix some version/peer requirements in compat.sh 2014-08-14 11:34:34 +02:00
Paul Bakker 8dcb2d7d7e Support escaping of commas in x509_string_to_names() 2014-08-11 11:59:52 +02:00
Paul Bakker bd51b262d1 Add 'exit' label and variable initialization to relevant test suite functions 2014-07-10 16:37:50 +02:00
Paul Bakker 318d0fe844 Auto add 'exit' label in every test function. Failed assert now goes there 2014-07-10 15:27:11 +02:00
Paul Bakker 4d0cfe80ea Split assert() with side effects in test suite helper 2014-07-10 15:27:11 +02:00
Paul Bakker 6c343d7d9a Fix mpi_write_string() to write "00" as hex output for empty MPI 2014-07-10 15:27:10 +02:00
Paul Bakker 5b11d026cd Fix dependencies and includes without FS_IO and PLATFORM_C 2014-07-10 15:27:10 +02:00
Paul Bakker ec3a617d40 Make ready for release of 1.3.8 and soversion 7 2014-07-09 10:21:28 +02:00
Paul Bakker d2a2d61a68 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker 14e8be4d33 Adapted programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Paul Bakker 8cfd9d8c59 Adapt programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Paul Bakker 6697b6c13b Properly free memory in new base64 tests 2014-07-04 18:35:50 +02:00
Paul Bakker 8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Paul Bakker b9e08b086b Merge server-side enforced renegotiation requests 2014-07-04 15:01:37 +02:00
Paul Bakker d598318661 Fix base64_decode() to return and check length correctly 2014-07-04 15:01:00 +02:00
Manuel Pégourié-Gonnard cc10f4ddfe Use SSL_CIPHERSUITES in example configs 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard fae355e8ee Add tests for ssl_set_renegotiation_enforced() 2014-07-04 14:32:27 +02:00
Manuel Pégourié-Gonnard a9964dbcd5 Add ssl_set_renegotiation_enforced() 2014-07-04 14:16:07 +02:00
Paul Bakker 237a847f1c Fix typos in comments 2014-06-25 14:45:24 +02:00
Paul Bakker 2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard d249b7ab9a Restore ability to trust non-CA selfsigned EE cert 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard c4eff16516 Restore ability to use v1 CA if trusted locally 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard 8920f69fef Add test for packets of max size 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard ee415031e5 Add tests for small packets
Some truncated HMAC test failing right now.
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard e38eb0b7be Optimize config-suite-b for low RAM usage 2014-06-24 17:30:05 +02:00
Manuel Pégourié-Gonnard f87cad9397 Fix some curve-specific depends in tests 2014-06-24 16:55:17 +02:00
Manuel Pégourié-Gonnard 1a74a26f77 Add config based on PSK-CCM 2014-06-24 15:51:32 +02:00
Manuel Pégourié-Gonnard 8f625632bb Fix dependencies: GCM != AEAD != CCM 2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard f9378d8f11 Fix dependencies on PEM in tests and programs 2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard 0f7b619875 Fix tests dependencies in X509_USE_C 2014-06-24 12:54:46 +02:00
Manuel Pégourié-Gonnard fea3102dcb Fix dependencies on X509_CRT_C in tests 2014-06-24 12:54:46 +02:00
Manuel Pégourié-Gonnard 43b29861fe Add reduced configuration used by picocoin 2014-06-24 12:54:45 +02:00
Paul Bakker 1c98ff96b5 Merge more test improvements and tests
Conflicts:
	tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Manuel Pégourié-Gonnard 398c57b0b3 Blowfish accepts variable key len in cipher layer 2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard ed5c03ff1d Add tests for Blowfish-ECB via the cipher layer 2014-06-23 12:05:11 +02:00
Manuel Pégourié-Gonnard f3b47243df Split x509_csr_parse_der() out of x509_csr_parse() 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard 15f58a86f7 Add test for mpi_gen_prime() 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard fab2a3c3d6 Fix port selection in ssl test scripts
Port was selected in the 1000-1999 range which is bad (system ports).
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard 0dc5e0d80b Add helper function zero_malloc for tests 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard b25f81665f Add test for bad arguments to MD functions 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard 5e7693f6ba Add tests for bad arguments to cipher functions 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard 6deaac0e62 Add tests vectors for (3)DES via cipher layer 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard 255fe4b10e Add tests for Blowfish-ECB via the cipher layer 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard d77cd5d0c3 Add tests for x509_csr_parse 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard 66aca931bc Add tests for pkcs5_pbes2 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard 0c1ec479fe Make ssl-opt.sh faster and more robust 2014-06-20 20:03:33 +02:00
Paul Bakker 3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard bbcb1ce703 Revert "Avoid sleep 1 at server start in ssl-opt.sh"
This reverts commit db2a6c1a20.

Does not seem to work as expected on the buildbots. Reverted while
investigating, since it had no other used than speeding up the test script.
2014-06-13 18:05:23 +02:00
Paul Bakker fe0984d727 Let all.sh work without shell expansion 2014-06-13 00:13:45 +02:00
Paul Bakker c2ff2083ee Merge parsing and verification of RSASSA-PSS in X.509 modules 2014-06-12 22:02:47 +02:00
Paul Bakker 508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00
Paul Bakker 14c78c93d5 Merge more SSL tests and required ssl_server2 additions 2014-06-12 21:24:34 +02:00
Paul Bakker c939e8d51f Merge improvements to SSL test scripts 2014-06-12 21:19:14 +02:00
Manuel Pégourié-Gonnard 95c0a63023 Add tests for ssl_get_bytes_avail() 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard 90805a8d01 Add test for ssl_set_ciphersuites_for_version() 2014-06-11 14:08:10 +02:00
Manuel Pégourié-Gonnard c7c56b2e82 Add more tests for the entropy module 2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard 2c25eb0b0a Add test_suite_entropy 2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard 7b4919c399 Add test vectors for XTEA CBC
Generate using an independent implementation found at:
https://code.google.com/p/zzt-code-base/source/browse/trunk/src/python/xtea.py
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard c22bb4994c Add tests for asn1_write_ia5_string() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard 36178ffb87 Add tests for asn1_write_octet_string() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard 10c3c9fda8 Add test for PSK without a key 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard a6781c99ee Add tests for PSK callback 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard 0cc7e31ad1 Add test for ssl_set_dh_param_ctx() 2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard 57255b147d Tweak test ordering in all.sh 2014-06-09 11:22:25 +02:00
Manuel Pégourié-Gonnard 5873b00b7f Add pathological RSASSA-PSS test certificates
Certificates announcing different PSS options than the ones actually used for
the signature. Makes sure the options are correctly passed to the verification
function.
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard 97049c26d8 Add forgotten depends in test 2014-06-06 17:00:03 +02:00
Manuel Pégourié-Gonnard d1539b1e88 Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT 2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard 854036956d Add tests for x509 rsassa_pss params parsing 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard 3d49b9d220 Add test helper function unhexify_alloc() 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard b29a7ba3f2 Fix missing depends in test_suite_pk 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard eacccb7fb9 Add RSASSA-PSS certificate with all defaults 2014-06-05 18:00:08 +02:00
Manuel Pégourié-Gonnard 53882023e7 Also verify CRLs signed with RSASSA-PSS 2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard 20422e9a3a Add pk_verify_ext() 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard 3a6a95d67c Cleanup depends in PKCS#1 v2.1 test suite 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard 5ec628a2b9 Add rsa_rsassa_pss_verify_ext() 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard 920e1cd5e2 Add basic PSS cert verification
Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here
2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard 78117d57b0 Consider trailerField a constant 2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard 39868ee301 Parse CSRs signed with RSASSA-PSS 2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard 2a8d7fd76e Add tests for parsing CSRs 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard 8e42ff6bde Parse CRLs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard 9df5c96214 Fix dependencies 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard e76b750b69 Finish parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard f346bab139 Start parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard 59a75d5b9d Basic parsing of certs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard db2a6c1a20 Avoid sleep 1 at server start in ssl-opt.sh
On my machine, brings running time from 135 to 45 seconds...
3 times faster :)
2014-05-29 12:15:40 +02:00
Manuel Pégourié-Gonnard 32f8f4d1a0 Catch SERVERQUIT timeout in ssl test scripts 2014-05-29 11:57:44 +02:00
Manuel Pégourié-Gonnard bc3b16c7e2 Also use unique names for temp files 2014-05-29 11:57:43 +02:00
Manuel Pégourié-Gonnard 8066b81a54 Pick a "unique" port in SSL test scripts 2014-05-29 11:57:43 +02:00
Andre Heinecke f7ced9232b Fix symlink command for cross compiling
Check for the host system to determine which command should be used
to create a symlink. Otherwise symlinking will fail when cross
compiling polarssl on a unix host for windows.
2014-05-28 11:38:28 +02:00
Paul Bakker 1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Manuel Pégourié-Gonnard 17cde5f8ef Fix ssl-opt.sh for new ciphersuites order 2014-05-22 14:42:39 +02:00
Manuel Pégourié-Gonnard 2594859bc6 Add CCM suites to compat.sh (self-op only) 2014-05-22 14:36:02 +02:00
Paul Bakker 4cdb4d9bb7 X509 time-related tests depend on POLARSSL_HAVE_TIME 2014-05-22 14:22:59 +02:00
Manuel Pégourié-Gonnard 4a9dc2a474 Test memory a bit more often in all.sh 2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard 542eac5aba Add tests for CCM via cipher layer 2014-05-20 17:26:16 +02:00
Manuel Pégourié-Gonnard 64bf996fd9 Add test vectors for Camellia-CCM 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard 0f6b66dba1 CCM operations allow input == output 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard e8b8d01782 Use tighter buffers in CCM test suite 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard 87df5ba0a1 Add test for length checks 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard ce77d55023 Implement ccm_auth_decrypt() 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard 002323340a Refactor to prepare for CCM decryption 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard 9322e49037 Add NIST CAVS 11.0 test vectors for AES-CCM
Since there are 2160 test vectors fro encryption, which is a lot,
only the first one (out of ten) for each length quadruple was kept.
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard 637eb3d31d Add ccm_encrypt_and_tag() 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard 9fe0d13e8d Add ccm_init/free() 2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker da13016d84 Prepped for 1.3.7 release 2014-05-01 14:27:19 +02:00
Markus Pfeiffer a26a005acf Make compilation on DragonFly work 2014-04-30 16:52:28 +02:00
Paul Bakker 2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard 827b6cee7f Minor cleanups in test-ref-configs.pl 2014-04-30 16:40:23 +02:00
Manuel Pégourié-Gonnard 0bc1f23dfd Adapt script and instructions for alt config.h 2014-04-30 16:40:22 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker f96f7b607a On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-04-30 16:02:38 +02:00
Paul Bakker 24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Paul Bakker 0f90d7d2b5 version_check_feature() added to check for compile-time options at run-time 2014-04-30 11:49:44 +02:00
Manuel Pégourié-Gonnard 3d41370645 Fix hash dependencies in X.509 tests 2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard edc81ff8c2 Fix some more curve depends in X.509 tests 2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard ec4d27398a Fix curve dependencies in *keyusage tests 2014-04-29 15:06:41 +02:00
Paul Bakker c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker 92478c37a6 Debug module only outputs full lines instead of parts 2014-04-25 16:58:15 +02:00
Paul Bakker eaebbd5eaa debug_set_log_mode() added to determine raw or full logging 2014-04-25 16:58:14 +02:00
Paul Bakker 57ffa5570d Add tests for debug_print_ret() and debug_print_buf(). 2014-04-25 16:58:13 +02:00
Paul Bakker 2b34657b39 Updated Debug test suite data 2014-04-25 16:58:12 +02:00
Paul Bakker 1f69a93ab1 Move configs to 'configs/' and activate-config.pl should be called from root 2014-04-25 10:04:49 +02:00
Paul Bakker 8a0c0a9ed9 Check additional return values in some test cases 2014-04-17 17:24:23 +02:00
Paul Bakker 94b916c7b5 Split assignment and assert check into seperate lines in tests 2014-04-17 16:07:20 +02:00
Paul Bakker dd0aae92e0 Replaced strcpy() with strncpy() in tests suites 2014-04-17 16:06:37 +02:00
Paul Bakker b6487dade9 Fixed result for test case in test_suite_x509parse 2014-04-17 16:04:33 +02:00
Paul Bakker 784b04ff9a Prepared for version 1.3.6 2014-04-11 15:33:59 +02:00
Paul Bakker d8b0c5ef01 Fixed typo 2014-04-11 15:31:33 +02:00
Paul Bakker 52c5af7d2d Merge support for verifying the extendedKeyUsage extension in X.509 2014-04-11 13:58:57 +02:00
Paul Bakker 1630058dde Potential buffer overwrite in pem_write_buffer() fixed
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard add05d7125 Fix some dependency declarations in X.509 tests 2014-04-11 11:12:40 +02:00
Manuel Pégourié-Gonnard 0408fd1fbb Add extendedKeyUsage checking in SSL modules 2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard 7afb8a0dca Add x509_crt_check_extended_key_usage() 2014-04-11 11:09:00 +02:00
Paul Bakker 5c986f5244 Make test suite checks dependent on POLARSSL_X509_CHECK_KEY_USAGE 2014-04-09 16:58:51 +02:00
Manuel Pégourié-Gonnard a9db85df73 Add tests for keyUsage with client auth 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 99d4f19111 Add keyUsage checking for CAs 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard 7f2a07d7b2 Check keyUsage in SSL client and server 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard 603116c570 Add x509_crt_check_key_usage() 2014-04-09 15:50:57 +02:00
Paul Bakker 17b85cbd69 Merged additional tests and improved code coverage
Conflicts:
	ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker 0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Manuel Pégourié-Gonnard 563ad02663 Fix final report in compat.sh
Only affect what's printed, the exit code was already correct.
2014-04-08 11:56:35 +02:00
Manuel Pégourié-Gonnard 83d8c73c91 Disable ALPN by default 2014-04-07 13:24:21 +02:00
Manuel Pégourié-Gonnard f6521de17b Add ALPN tests to ssl-opt.sh
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard 0148875cfc Add tests and fix bugs for RSA-alt contexts 2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard edb242fb2f Minimally test md_process and associated wrappers 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard f8708ddc95 Also test shax_hmac_reset in test_suite_hmac_shax 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard 9ce7e8414a Add test for des_key_check_weak() 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard 3fec220a33 Add test for dhm_parse_dhmfile 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard 66dfc5a689 Add test for cipher_list() 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard f3013830cc Tests for MD info functions 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard 5819db1384 Test RIPEMD160 via MD layer more completely 2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard 59ba4e983b Test generic md_hmac_reset() 2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard 58319e7f5c Test mdX_hmax_reset() functions 2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard 7afdb88216 Test and fix x509_oid functions 2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard 6c1a73e061 Improve x509xrite_csr testing: extensions, version 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard c5ce83a3b8 Improve x509xrite_csr testing: extensions, ECDSA 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard 913030c286 Enable SSLv2 testing if OPENSSL_CMD is set 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard 2be0b5225e Add selftest program to the list of tests 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard 52a555cd7d Also test backwards compat strerror() function 2014-04-04 16:33:00 +02:00