veggie
64a5799637
Minor nits with stdout/stderr.
2015-01-28 15:21:42 +00:00
wslfa
cc334eff3e
aescrypt2.c local char array not initial
...
I change the main() function to a normal function, use many threads call it. so, in concurrent situation, these initial operation is necessary.
2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
478fac4075
Fix usage string of ssl_client2
...
Found by Hannes Mehnert
2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard
7c9e75a836
Remove a few useless #defines
2015-01-28 15:28:29 +01:00
Rich Evans
f90016aade
Use platform layer in programs for consistency.
2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard
9014b6f227
Rename project in CMake
...
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard
6a4ae35788
Link to new name in programs & tests Makefiles
2015-01-27 14:03:24 +01:00
Manuel Pégourié-Gonnard
d43ccb66fb
Quit using deprecated header.
2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard
c26a092b50
Rename static lib name with make
2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard
085ab040aa
Fix website url to use https.
2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c
Remove maintainer line.
2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa
Remove redundant "all rights reserved"
2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b
Update copyright
2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
9169921271
Rename to mbed TLS in examples
2015-01-22 16:26:39 +00:00
Manuel Pégourié-Gonnard
b64d9a79a4
Remove old test certificates.
...
Avoid duplication with those in tests/data_files
2015-01-22 16:25:32 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c
Change name to mbed TLS in the copyright notice
2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
34377b1e1c
Fix send_close_notify usage.
2015-01-22 10:46:46 +00:00
Manuel Pégourié-Gonnard
6a0017b7c0
Rename variable for clarity
2015-01-22 10:33:29 +00:00
Paul Bakker
5b8f7eaa3e
Merge new security defaults for programs (RC4 disabled, SSL3 disabled)
2015-01-14 16:26:54 +01:00
Paul Bakker
c82b7e2003
Merge option to disable truncated hmac on the server-side
2015-01-14 16:16:55 +01:00
Manuel Pégourié-Gonnard
a92ed4845c
Fix stupid error in previous commit
...
Since ret is no longer update by close_notify(), we need to reset it to 0
after a successful write.
2015-01-14 10:46:53 +01:00
Manuel Pégourié-Gonnard
687f89beab
Don't check errors on ssl_close_notify()
...
Depending on timing we might get different errors (conn_reset, write failed)
and ignoring them all ends up being almost the same as just not checking
errors.
2015-01-13 21:48:12 +01:00
Paul Bakker
b2eaac154b
Stop assuming chars are signed
2015-01-13 17:15:31 +01:00
Paul Bakker
f3561154ff
Merge support for 1/n-1 record splitting
2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557
Merge support for enabling / disabling renegotiation support at compile-time
2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Paul Bakker
8b9bcecaae
Stop assuming chars are signed
2015-01-13 15:59:55 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96
Add memory_buffer_alloc_self_test()
2015-01-13 14:58:00 +01:00
Paul Bakker
d9e2dd2bb0
Merge support for Encrypt-then-MAC
2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard
fa06581c73
Disable RC4 by default in example programs.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
bd47a58221
Add ssl_set_arc4_support()
...
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
982865618a
Stop assuming chars are signed
...
(They aren't on ARM by default.)
2015-01-12 19:17:05 +01:00
Manuel Pégourié-Gonnard
448ea506bf
Set min version to TLS 1.0 in programs
2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
265fe997ff
Use library default for trunc-hmac in ssl_client2
2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d
Make truncated hmac a runtime option server-side
...
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
c82ee3555f
Fix tests that were failing with record splitting
2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard
590f416142
Add tests for periodic renegotiation
2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
615e677c0b
Make renegotiation a compile-time option
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
85d915b81d
Add tests for renego security enforcement
2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
d3b90f797d
Fix bug in ssl_client2 reconnect option
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
f29e5de09d
Cosmetics in ssl_server2
2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
be6ce835a2
Fix typo causing MSVC errors
2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard
3a3066c3ee
ssl_server2 now exits on signal during a read too
2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard
403a86f73d
ssl_server2: exit cleanly on SIGINT too
2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard
49aa99e653
Fix exit codes in cert_app
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
f138874811
Properly send close_notify in ssl_client2
2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
296e3b1174
Request renego before write in ssl_server2
...
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard
e08660e612
Fix ssl_read() and close_notify error handling in programs
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
67686c42e6
Fix undocumented option in ssl_server2
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
250b1ca6f3
Fix ssl_server2 exiting on recoverable errors
2014-08-19 10:34:37 +02:00
Paul Bakker
bc3e54c70d
Fix overly rigorous defines in ssl_server2.c
2014-08-18 14:36:17 +02:00
Paul Bakker
d153ef335f
Missing dependencies on POLARSSL_ECP_C fixed
2014-08-18 12:00:28 +02:00
Paul Bakker
09c9dd80ef
Revert 42cc641
. Issue already fixed in 333fdec
.
2014-08-18 11:06:56 +02:00
Paul Bakker
c1283d3f4c
Only use signal() in ssl_server2 on non-Windows platforms
2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard
dcab293bd4
Get rid of SERVERQUIT code in ssl_{client,server}2
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
db49330e08
ssl_server2 aborts cleanly on SIGTERM
...
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
a39416ff38
Fix bounds and error checking in gen_key.c
2014-08-14 11:34:35 +02:00
Alfred Klomp
7c03424d1c
ssl_mail_client.c: silence warning, check base64_encode() status
...
Found with Clang's `scan-build` tool.
ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value. This causes
scan-build to issue a warning.
Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Alfred Klomp
5b78f219d0
ssl_test.c: remove dead store, assign at declaration
...
Found with Clang's `scan-build` tool.
The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-08-14 11:34:34 +02:00
Alfred Klomp
1d42b3ea7e
pem2der.c: fix double-free bug
...
Found with Clang's `scan-build` tool.
load_file() allocates memory to a char** parameter. It then tries to fread() a
file, and if that fails, frees the memory and returns to caller. However, the
char** is not reset to NULL, which causes a double-free error when the caller
later passes it to free().
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
42cc641159
Don't print uninitialized buffer in ssl_mail_client
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9dbe7c5f17
Remove unreachable code from ssl_pthread_server
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858
Fix compile error in ssl_pthread_server
2014-08-14 11:34:33 +02:00
Paul Bakker
333fdeca3a
Properly initialize buf
2014-08-04 12:12:09 +02:00
Paul Bakker
3966d71fa8
gen_key should open file as binary for writing DER keys
2014-07-10 15:27:09 +02:00
Paul Bakker
d2a2d61a68
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
14e8be4d33
Adapted programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Paul Bakker
8cfd9d8c59
Adapt programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard
c5fd391e04
Check return value of ssl_set_xxx() in programs
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
4e3e7c2944
Clarify comment in program
2014-07-08 14:20:26 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
fae355e8ee
Add tests for ssl_set_renegotiation_enforced()
2014-07-04 14:32:27 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dea29c51fd
Extend request_size to small sizes in ssl_client2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0669f272e9
Fix printing large packets in ssl_server2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
8a4d571af8
Fix warnings in no-SSL configs
2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard
f9378d8f11
Fix dependencies on PEM in tests and programs
2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard
4505ed3c90
Fix missing free() with recent ssl_server2 options
2014-06-20 18:35:16 +02:00
Paul Bakker
3c38f29a61
Fix DER output of gen_key app (found by Gergely Budai)
2014-06-14 16:46:43 +02:00
Manuel Pégourié-Gonnard
7680698d02
Temporarily disable timing test on non-Linux
2014-06-13 18:04:42 +02:00
Paul Bakker
8880cb52f7
Handle missing CRL parsing gracefully
2014-06-12 23:22:26 +02:00
Paul Bakker
9b7fb6f68e
Prevent warning for possibly uninitialized variable in ssl_server2
2014-06-12 23:01:43 +02:00
Paul Bakker
508e573231
Merge tests for asn1write, XTEA and Entropy modules
2014-06-12 21:26:33 +02:00
Paul Bakker
14c78c93d5
Merge more SSL tests and required ssl_server2 additions
2014-06-12 21:24:34 +02:00
Manuel Pégourié-Gonnard
e1ac0f8c5d
Add back timing selftest with new hardclock test
2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard
8de259b953
Minor code simplification in ssl programs
2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard
95c0a63023
Add tests for ssl_get_bytes_avail()
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
e7a3b10dcc
Use ssl_get_bytes_avail() in ssl_server2.
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
6dc0781aba
Add version_suites option to ssl_server2
2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard
4dd73925ab
Add entropy_self_test()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
dc019b9559
Use ssl_set_psk() only when a psk is given
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
fdee74b8d6
Simplify some option parsing code
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
80c8553a1a
Add psk_list option to ssl_server2: PSK callback
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
9e27163acd
Refactor PSK parsing in ssl_server2
2014-06-10 15:32:01 +02:00