Manuel Pégourié-Gonnard
9835bc077a
Fix racy test.
...
With exchanges == renego period, sometimes the connection will be closed by
the client before the server had time to read the ClientHello, making the test
fail. The extra exchange avoids that.
2015-01-14 14:41:58 +01:00
Manuel Pégourié-Gonnard
a852cf4833
Fix issue with non-blocking I/O & record splitting
2015-01-13 20:56:15 +01:00
Paul Bakker
f3561154ff
Merge support for 1/n-1 record splitting
2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
765bb31d24
Add test_suite_memory_buffer_alloc
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
f5f25b3a0d
Add test for ctr_drbg_update() input sanitizing
2015-01-13 14:56:59 +01:00
Paul Bakker
d9e2dd2bb0
Merge support for Encrypt-then-MAC
2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
a65d5082b6
Merge branch 'development' into dtls
...
* development:
Fix previous commit
Allow flexible location of valgrind
Fix test scripts portability issues
Fix Gnu-ism in script
Conflicts:
tests/ssl-opt.sh
2015-01-12 14:54:55 +01:00
Paul Bakker
54b1a8fa4d
Merge support for Extended Master Secret (session-hash)
2015-01-12 14:14:07 +01:00
Paul Bakker
b52b015c0b
Merge support for FALLBACK_SCSV
2015-01-12 14:07:59 +01:00
Manuel Pégourié-Gonnard
448ea506bf
Set min version to TLS 1.0 in programs
2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
f01768c55e
Specific error for suites in common but none good
2015-01-08 17:06:16 +01:00
Manuel Pégourié-Gonnard
df331a55d2
Prefer SHA-1 certificates for pre-1.2 clients
2015-01-08 16:43:07 +01:00
Manuel Pégourié-Gonnard
3ff78239fe
Add tests for CBC record splitting
2015-01-08 11:15:09 +01:00
Manuel Pégourié-Gonnard
c82ee3555f
Fix tests that were failing with record splitting
2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard
f46f128f4a
Fix test scripts portability issues
2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard
76c99a01a1
Fix Gnu-ism in script
2014-12-11 10:33:43 +01:00
Manuel Pégourié-Gonnard
590f416142
Add tests for periodic renegotiation
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
85d915b81d
Add tests for renego security enforcement
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
ea29d152c7
Add recursion.pl to all.sh
2014-11-20 17:32:33 +01:00
Manuel Pégourié-Gonnard
89d69b398c
Fix 3DES -> DES in all.sh (+ time estimates)
2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard
246978d97d
Add curves.pl to all.sh
2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard
9bda9b3b92
Rework all.sh to use MSan instead of valgrind
2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard
cf4de32f58
Fix depends on individual curves in tests
2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard
2727dc1e09
Add script to test depends on individual curves
2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard
5c2aa10c15
Fix curve dependency issues in X.509 test suite
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
57a5d60abb
Add tests for concatenated CRLs
2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard
4be3449dbc
Add Readme about X.509 test files
2014-11-19 14:03:59 +01:00
Manuel Pégourié-Gonnard
8c9223df84
Add text view to debug_print_buf()
2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard
98aa19148c
Adjust warnings in different modes
2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
7c13d69cb5
Fix dependency issues
2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard
a1efcb084f
Implement pk_check_pair() for RSA-alt
2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard
70bdadf54b
Add pk_check_pair()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d
Add ecp_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
b575b54cb9
Forbid extended master secret with SSLv3
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
169dd6a514
Adjust minimum length for EtM
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
dd4592774b
compat.sh: allow git version of gnutls
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
78e745fc0a
Don't send back EtM extension if not using CBC
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
0098e7dc70
Preparation for EtM
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
85a4178f82
compat.sh: make options a bit more robust
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
01b2699198
Implement FALLBACK_SCSV server-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Paul Bakker
f2a459df05
Preparation for PolarSSL 1.4.0
2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
a6ace04c5c
Test for lost HelloRequest
2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
f1384470bf
Avoid spurious timeout in ssl-opt.sh
2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
74a1378175
Avoid false positive in ssl-opt.sh with memcheck
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
e698f59a25
Add tests for ssl_set_dtls_badmac_limit()
2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
caecdaed25
Cosmetics in ssl_server2 & complete tests for HVR
2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
37e08e1689
Fix max_fragment_length with DTLS
2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
127ab88dba
Give more time to lossy tests with normal timers
2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
85beb30b11
Add test for resumption with non-blocking I/O
2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
a59af05dce
Give more time to tests that time out too often
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
7a26d73735
Add test for session resumption
2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
df9a0a8460
Drop unexpected ApplicationData
...
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
37a4de2cec
Use shorter timeouts in ssl-opt.sh proxy tests
2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
6093d81c20
Add tests with proxy and non-blocking I/O
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
579950c2bb
Fix bug with non-blocking I/O and cookies
2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
bd97fdb3a4
Make ssl_server2's HVR handling more realistic
...
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
36795197d9
Rm now useless MTU setting in compat.sh
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
7a66cbca75
Rm some redundant tests
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
9590e0a176
Add proxy tests with gnutls-srv & fragmentation
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
fa60f128d6
Quit using "yes" in ssl-opt.sh with openssl
...
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
08a1d4bce1
Fix bug with client auth with DTLS
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b
Add test with proxy and openssl server
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
1b753f1e27
Add test for renego with proxy
2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
18e519a660
Add proxy tests with more handshake flows
2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
76fe9e41c1
Test that anti-replay ignores all duplicates
2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
b47368a00a
Add replay detection
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
825a49ed7c
Add more udp_proxy tests
2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
a6189f0fb0
udp_proxy wasn't actually killed
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
a0719727da
Add tests with dropped packets
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
990f9e428a
Handle late handshake messages gracefully
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
be9eb877f7
Adapt ssl-opt.sh to allow using udp_proxy in tests
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
0a65934ef3
Re-enable valgrind for all tests
...
Now we can handle duplicated messages due to the peer re-sending (due to us
being soooo slow with valgrind)
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
0c4cbc7895
Add test for fragmentation + renego with GnuTLS
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
f1499f602e
Add interop testing for renego with GnuTLS
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
77b0b8d100
Disable some tests with valgrind for now
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
a77561765f
Add test with openssl with DTLS in ssl-opt.sh
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
c392b240c4
Fix server-initiated renegotiation with DTLS
2014-10-21 16:30:21 +02:00
Manuel Pégourié-Gonnard
30d16eb429
Fix client-initiated renegotiation with DTLS
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
0eb6cab979
Add DTLS cookies test to ssl-opt.sh
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
53aef81a7d
Work around OpenSSL bug in compat.sh
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
d1af1025d0
Add DTLS interop testing with OpenSSL server
...
PSK suites failing with client auth
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
9bfb1226da
Add DTLS interop testing with GnuTLS server
2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard
29980b16bd
Add DTLS interop testing (PolarSSL server)
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
3025b6cfd6
Add DTLS self-op test in compat.sh
2014-10-21 16:30:10 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard
9c911da68f
Add tests for X.509 name encoding mismatch
2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard
64938c63f0
Accept spaces at end of line/buffer in base64
2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard
da1b4de0e4
Increase MPI_MAX_BYTES to allow RSA 8192
2014-10-15 22:06:46 +02:00
Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Manuel Pégourié-Gonnard
7fa67728ad
Scripts print more info on failure within buildbot
2014-08-31 17:42:53 +02:00
Manuel Pégourié-Gonnard
c2b0092a1b
Fix leaving around temporary file in ssl-opt.sh
2014-08-31 17:17:36 +02:00
Manuel Pégourié-Gonnard
1287f11d54
Detect GnuTLS presence and version in compat.sh
2014-08-31 16:31:32 +02:00
Manuel Pégourié-Gonnard
16494496db
Fix details in compat.sh
2014-08-31 10:37:14 +02:00
Manuel Pégourié-Gonnard
72e51ee7be
Use arithmetic expansion in scripts, avoid bashisms
2014-08-31 10:22:11 +02:00
Manuel Pégourié-Gonnard
c0f6a692fb
Add client timeout to ssl-opt.sh and compat.sh
2014-08-30 22:59:55 +02:00
Manuel Pégourié-Gonnard
decaf0b182
Clean up unused variable in compat.sh
2014-08-30 22:22:09 +02:00
Manuel Pégourié-Gonnard
a4afadfccd
Fix bug in OpenSSL v2 support testing
2014-08-30 22:09:36 +02:00
Manuel Pégourié-Gonnard
644e8f377d
Adapt debug_level in ssl-opt.sh to new levels
...
The meaning of debug_level was shift by one during the last debug overhaul.
(The new one is more rational, previously debug_level=1 didn't do anything.)
2014-08-30 21:59:31 +02:00
Manuel Pégourié-Gonnard
8e03c71b23
Normalize names in ssl-opt.sh
...
No numbering: does not add value, and painful to maintain, esp. with branches
2014-08-30 21:42:40 +02:00
Manuel Pégourié-Gonnard
51362961b8
Add interop testing of renegotiation
2014-08-30 21:22:47 +02:00
Manuel Pégourié-Gonnard
f2629b965e
Rm now useless tricks from ssl-opt.sh
2014-08-30 14:20:14 +02:00
Manuel Pégourié-Gonnard
480905d563
Fix selection of hash from sig_alg ClientHello ext.
2014-08-30 14:19:59 +02:00
Manuel Pégourié-Gonnard
baa7f07809
Add GnuTLS support to ssl-opt.sh
2014-08-20 20:15:53 +02:00
Manuel Pégourié-Gonnard
f07f421759
Fix server-initiated renego with non-blocking I/O
2014-08-19 13:32:15 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Paul Bakker
d153ef335f
Missing dependencies on POLARSSL_ECP_C fixed
2014-08-18 12:00:28 +02:00
Manuel Pégourié-Gonnard
74b11702d7
Simplify terminating ssl_server2 in test scripts
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
6f4fbbb3e1
Add a "skip" feature in ssl-opt.sh
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
61bc57af99
Optimize all.sh for new build options
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
39141fed63
Add warnings in debug build, and -Werror with ASan
...
- warnings in debug build allows the to be caught earlier
- -Werror with ASan make tests/scripts/all.sh a bit shorter
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
Manuel Pégourié-Gonnard
e46aa5e336
Update GnuTLS version requirements in compat.sh
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
7e0a5183db
Add a missing suite to compat.sh
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
e73b26391d
Add config-full to all.sh
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
7457cb3a56
Fix some version/peer requirements in compat.sh
2014-08-14 11:34:34 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
bd51b262d1
Add 'exit' label and variable initialization to relevant test suite functions
2014-07-10 16:37:50 +02:00
Paul Bakker
318d0fe844
Auto add 'exit' label in every test function. Failed assert now goes there
2014-07-10 15:27:11 +02:00
Paul Bakker
4d0cfe80ea
Split assert() with side effects in test suite helper
2014-07-10 15:27:11 +02:00
Paul Bakker
6c343d7d9a
Fix mpi_write_string() to write "00" as hex output for empty MPI
2014-07-10 15:27:10 +02:00
Paul Bakker
5b11d026cd
Fix dependencies and includes without FS_IO and PLATFORM_C
2014-07-10 15:27:10 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
d2a2d61a68
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
14e8be4d33
Adapted programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Paul Bakker
8cfd9d8c59
Adapt programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Paul Bakker
6697b6c13b
Properly free memory in new base64 tests
2014-07-04 18:35:50 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Paul Bakker
b9e08b086b
Merge server-side enforced renegotiation requests
2014-07-04 15:01:37 +02:00
Paul Bakker
d598318661
Fix base64_decode() to return and check length correctly
2014-07-04 15:01:00 +02:00
Manuel Pégourié-Gonnard
cc10f4ddfe
Use SSL_CIPHERSUITES in example configs
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
fae355e8ee
Add tests for ssl_set_renegotiation_enforced()
2014-07-04 14:32:27 +02:00
Manuel Pégourié-Gonnard
a9964dbcd5
Add ssl_set_renegotiation_enforced()
2014-07-04 14:16:07 +02:00
Paul Bakker
237a847f1c
Fix typos in comments
2014-06-25 14:45:24 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a
Restore ability to trust non-CA selfsigned EE cert
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516
Restore ability to use v1 CA if trusted locally
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
8920f69fef
Add test for packets of max size
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
ee415031e5
Add tests for small packets
...
Some truncated HMAC test failing right now.
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
e38eb0b7be
Optimize config-suite-b for low RAM usage
2014-06-24 17:30:05 +02:00
Manuel Pégourié-Gonnard
f87cad9397
Fix some curve-specific depends in tests
2014-06-24 16:55:17 +02:00
Manuel Pégourié-Gonnard
1a74a26f77
Add config based on PSK-CCM
2014-06-24 15:51:32 +02:00
Manuel Pégourié-Gonnard
8f625632bb
Fix dependencies: GCM != AEAD != CCM
2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard
f9378d8f11
Fix dependencies on PEM in tests and programs
2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard
0f7b619875
Fix tests dependencies in X509_USE_C
2014-06-24 12:54:46 +02:00
Manuel Pégourié-Gonnard
fea3102dcb
Fix dependencies on X509_CRT_C in tests
2014-06-24 12:54:46 +02:00
Manuel Pégourié-Gonnard
43b29861fe
Add reduced configuration used by picocoin
2014-06-24 12:54:45 +02:00
Paul Bakker
1c98ff96b5
Merge more test improvements and tests
...
Conflicts:
tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Manuel Pégourié-Gonnard
398c57b0b3
Blowfish accepts variable key len in cipher layer
2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard
ed5c03ff1d
Add tests for Blowfish-ECB via the cipher layer
2014-06-23 12:05:11 +02:00
Manuel Pégourié-Gonnard
f3b47243df
Split x509_csr_parse_der() out of x509_csr_parse()
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
15f58a86f7
Add test for mpi_gen_prime()
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
fab2a3c3d6
Fix port selection in ssl test scripts
...
Port was selected in the 1000-1999 range which is bad (system ports).
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
0dc5e0d80b
Add helper function zero_malloc for tests
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
b25f81665f
Add test for bad arguments to MD functions
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
5e7693f6ba
Add tests for bad arguments to cipher functions
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
6deaac0e62
Add tests vectors for (3)DES via cipher layer
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
255fe4b10e
Add tests for Blowfish-ECB via the cipher layer
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
d77cd5d0c3
Add tests for x509_csr_parse
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
66aca931bc
Add tests for pkcs5_pbes2
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
0c1ec479fe
Make ssl-opt.sh faster and more robust
2014-06-20 20:03:33 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard
bbcb1ce703
Revert "Avoid sleep 1 at server start in ssl-opt.sh"
...
This reverts commit db2a6c1a20
.
Does not seem to work as expected on the buildbots. Reverted while
investigating, since it had no other used than speeding up the test script.
2014-06-13 18:05:23 +02:00
Paul Bakker
fe0984d727
Let all.sh work without shell expansion
2014-06-13 00:13:45 +02:00
Paul Bakker
c2ff2083ee
Merge parsing and verification of RSASSA-PSS in X.509 modules
2014-06-12 22:02:47 +02:00
Paul Bakker
508e573231
Merge tests for asn1write, XTEA and Entropy modules
2014-06-12 21:26:33 +02:00
Paul Bakker
14c78c93d5
Merge more SSL tests and required ssl_server2 additions
2014-06-12 21:24:34 +02:00
Paul Bakker
c939e8d51f
Merge improvements to SSL test scripts
2014-06-12 21:19:14 +02:00
Manuel Pégourié-Gonnard
95c0a63023
Add tests for ssl_get_bytes_avail()
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
90805a8d01
Add test for ssl_set_ciphersuites_for_version()
2014-06-11 14:08:10 +02:00
Manuel Pégourié-Gonnard
c7c56b2e82
Add more tests for the entropy module
2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard
2c25eb0b0a
Add test_suite_entropy
2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard
7b4919c399
Add test vectors for XTEA CBC
...
Generate using an independent implementation found at:
https://code.google.com/p/zzt-code-base/source/browse/trunk/src/python/xtea.py
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
c22bb4994c
Add tests for asn1_write_ia5_string()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
36178ffb87
Add tests for asn1_write_octet_string()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
10c3c9fda8
Add test for PSK without a key
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
a6781c99ee
Add tests for PSK callback
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
0cc7e31ad1
Add test for ssl_set_dh_param_ctx()
2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard
57255b147d
Tweak test ordering in all.sh
2014-06-09 11:22:25 +02:00
Manuel Pégourié-Gonnard
5873b00b7f
Add pathological RSASSA-PSS test certificates
...
Certificates announcing different PSS options than the ones actually used for
the signature. Makes sure the options are correctly passed to the verification
function.
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard
97049c26d8
Add forgotten depends in test
2014-06-06 17:00:03 +02:00
Manuel Pégourié-Gonnard
d1539b1e88
Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT
2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard
854036956d
Add tests for x509 rsassa_pss params parsing
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
3d49b9d220
Add test helper function unhexify_alloc()
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
b29a7ba3f2
Fix missing depends in test_suite_pk
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
eacccb7fb9
Add RSASSA-PSS certificate with all defaults
2014-06-05 18:00:08 +02:00
Manuel Pégourié-Gonnard
53882023e7
Also verify CRLs signed with RSASSA-PSS
2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard
20422e9a3a
Add pk_verify_ext()
2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
3a6a95d67c
Cleanup depends in PKCS#1 v2.1 test suite
2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
5ec628a2b9
Add rsa_rsassa_pss_verify_ext()
2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
920e1cd5e2
Add basic PSS cert verification
...
Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here
2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard
78117d57b0
Consider trailerField a constant
2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard
39868ee301
Parse CSRs signed with RSASSA-PSS
2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard
2a8d7fd76e
Add tests for parsing CSRs
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
8e42ff6bde
Parse CRLs signed with RSASSA-PSS
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
9df5c96214
Fix dependencies
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
e76b750b69
Finish parsing RSASSA-PSS parameters
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
f346bab139
Start parsing RSASSA-PSS parameters
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
59a75d5b9d
Basic parsing of certs signed with RSASSA-PSS
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
db2a6c1a20
Avoid sleep 1 at server start in ssl-opt.sh
...
On my machine, brings running time from 135 to 45 seconds...
3 times faster :)
2014-05-29 12:15:40 +02:00
Manuel Pégourié-Gonnard
32f8f4d1a0
Catch SERVERQUIT timeout in ssl test scripts
2014-05-29 11:57:44 +02:00
Manuel Pégourié-Gonnard
bc3b16c7e2
Also use unique names for temp files
2014-05-29 11:57:43 +02:00
Manuel Pégourié-Gonnard
8066b81a54
Pick a "unique" port in SSL test scripts
2014-05-29 11:57:43 +02:00
Andre Heinecke
f7ced9232b
Fix symlink command for cross compiling
...
Check for the host system to determine which command should be used
to create a symlink. Otherwise symlinking will fail when cross
compiling polarssl on a unix host for windows.
2014-05-28 11:38:28 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
b5212b436f
Merge CCM cipher mode and ciphersuites
...
Conflicts:
library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Manuel Pégourié-Gonnard
17cde5f8ef
Fix ssl-opt.sh for new ciphersuites order
2014-05-22 14:42:39 +02:00
Manuel Pégourié-Gonnard
2594859bc6
Add CCM suites to compat.sh (self-op only)
2014-05-22 14:36:02 +02:00
Paul Bakker
4cdb4d9bb7
X509 time-related tests depend on POLARSSL_HAVE_TIME
2014-05-22 14:22:59 +02:00
Manuel Pégourié-Gonnard
4a9dc2a474
Test memory a bit more often in all.sh
2014-05-22 13:52:53 +02:00
Manuel Pégourié-Gonnard
542eac5aba
Add tests for CCM via cipher layer
2014-05-20 17:26:16 +02:00
Manuel Pégourié-Gonnard
64bf996fd9
Add test vectors for Camellia-CCM
2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
0f6b66dba1
CCM operations allow input == output
2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
e8b8d01782
Use tighter buffers in CCM test suite
2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
87df5ba0a1
Add test for length checks
2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
ce77d55023
Implement ccm_auth_decrypt()
2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
002323340a
Refactor to prepare for CCM decryption
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
9322e49037
Add NIST CAVS 11.0 test vectors for AES-CCM
...
Since there are 2160 test vectors fro encryption, which is a lot,
only the first one (out of ten) for each length quadruple was kept.
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
637eb3d31d
Add ccm_encrypt_and_tag()
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
9fe0d13e8d
Add ccm_init/free()
2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard
a6916fada8
Add (placeholder) CCM module
2014-05-06 11:28:09 +02:00
Paul Bakker
da13016d84
Prepped for 1.3.7 release
2014-05-01 14:27:19 +02:00
Markus Pfeiffer
a26a005acf
Make compilation on DragonFly work
2014-04-30 16:52:28 +02:00
Paul Bakker
2a024ac86a
Merge dependency fixes
2014-04-30 16:50:59 +02:00
Manuel Pégourié-Gonnard
827b6cee7f
Minor cleanups in test-ref-configs.pl
2014-04-30 16:40:23 +02:00
Manuel Pégourié-Gonnard
0bc1f23dfd
Adapt script and instructions for alt config.h
2014-04-30 16:40:22 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
f96f7b607a
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-04-30 16:02:38 +02:00
Paul Bakker
24f37ccaed
rsa_check_pubkey() now allows an E up to N
2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5
version_check_feature() added to check for compile-time options at run-time
2014-04-30 11:49:44 +02:00
Manuel Pégourié-Gonnard
3d41370645
Fix hash dependencies in X.509 tests
2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2
Fix some more curve depends in X.509 tests
2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
ec4d27398a
Fix curve dependencies in *keyusage tests
2014-04-29 15:06:41 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6
Debug module only outputs full lines instead of parts
2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa
debug_set_log_mode() added to determine raw or full logging
2014-04-25 16:58:14 +02:00
Paul Bakker
57ffa5570d
Add tests for debug_print_ret() and debug_print_buf().
2014-04-25 16:58:13 +02:00
Paul Bakker
2b34657b39
Updated Debug test suite data
2014-04-25 16:58:12 +02:00
Paul Bakker
1f69a93ab1
Move configs to 'configs/' and activate-config.pl should be called from root
2014-04-25 10:04:49 +02:00
Paul Bakker
8a0c0a9ed9
Check additional return values in some test cases
2014-04-17 17:24:23 +02:00
Paul Bakker
94b916c7b5
Split assignment and assert check into seperate lines in tests
2014-04-17 16:07:20 +02:00
Paul Bakker
dd0aae92e0
Replaced strcpy() with strncpy() in tests suites
2014-04-17 16:06:37 +02:00
Paul Bakker
b6487dade9
Fixed result for test case in test_suite_x509parse
2014-04-17 16:04:33 +02:00
Paul Bakker
784b04ff9a
Prepared for version 1.3.6
2014-04-11 15:33:59 +02:00
Paul Bakker
d8b0c5ef01
Fixed typo
2014-04-11 15:31:33 +02:00
Paul Bakker
52c5af7d2d
Merge support for verifying the extendedKeyUsage extension in X.509
2014-04-11 13:58:57 +02:00
Paul Bakker
1630058dde
Potential buffer overwrite in pem_write_buffer() fixed
...
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard
add05d7125
Fix some dependency declarations in X.509 tests
2014-04-11 11:12:40 +02:00
Manuel Pégourié-Gonnard
0408fd1fbb
Add extendedKeyUsage checking in SSL modules
2014-04-11 11:09:09 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca
Add x509_crt_check_extended_key_usage()
2014-04-11 11:09:00 +02:00
Paul Bakker
5c986f5244
Make test suite checks dependent on POLARSSL_X509_CHECK_KEY_USAGE
2014-04-09 16:58:51 +02:00
Manuel Pégourié-Gonnard
a9db85df73
Add tests for keyUsage with client auth
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
99d4f19111
Add keyUsage checking for CAs
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
7f2a07d7b2
Check keyUsage in SSL client and server
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
603116c570
Add x509_crt_check_key_usage()
2014-04-09 15:50:57 +02:00
Paul Bakker
17b85cbd69
Merged additional tests and improved code coverage
...
Conflicts:
ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7
Merged support for the ALPN extension
2014-04-08 14:37:12 +02:00
Manuel Pégourié-Gonnard
563ad02663
Fix final report in compat.sh
...
Only affect what's printed, the exit code was already correct.
2014-04-08 11:56:35 +02:00
Manuel Pégourié-Gonnard
83d8c73c91
Disable ALPN by default
2014-04-07 13:24:21 +02:00
Manuel Pégourié-Gonnard
f6521de17b
Add ALPN tests to ssl-opt.sh
...
Only self-op for now, required peer versions are a bit high:
- OpenSSL 1.0.2-beta
- GnuTLS 3.2.0 (released 2013-05-10) (gnutls-cli only)
2014-04-07 12:42:04 +02:00
Manuel Pégourié-Gonnard
0148875cfc
Add tests and fix bugs for RSA-alt contexts
2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
edb242fb2f
Minimally test md_process and associated wrappers
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
f8708ddc95
Also test shax_hmac_reset in test_suite_hmac_shax
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
9ce7e8414a
Add test for des_key_check_weak()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33
Add test for dhm_parse_dhmfile
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
66dfc5a689
Add test for cipher_list()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
f3013830cc
Tests for MD info functions
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
5819db1384
Test RIPEMD160 via MD layer more completely
2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
59ba4e983b
Test generic md_hmac_reset()
2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
58319e7f5c
Test mdX_hmax_reset() functions
2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
7afdb88216
Test and fix x509_oid functions
2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
6c1a73e061
Improve x509xrite_csr testing: extensions, version
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
c5ce83a3b8
Improve x509xrite_csr testing: extensions, ECDSA
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
913030c286
Enable SSLv2 testing if OPENSSL_CMD is set
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
2be0b5225e
Add selftest program to the list of tests
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
52a555cd7d
Also test backwards compat strerror() function
2014-04-04 16:33:00 +02:00