Commit graph

714 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 994f8b554f Ok for close_notify to fail 2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard ba958b8bdc Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard a9d7d03e30 SIGTERM also interrupts server2 during net_read() 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard 6a2bc23f63 Allow exchanges=0 in ssl_server2
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard cce220d6aa Adapt ssl_server2 to datagram-style read 2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard 85beb30b11 Add test for resumption with non-blocking I/O 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard f1e0df3ccd Allow ssl_client2 to resend on read timeout 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard 6b65141718 Implement ssl_read() timeout (DTLS only for now) 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard d823bd0a04 Add handshake_timeout option to test server/client 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard ce8588c9ef Make udp_proxy more robust
There seemed to be some race conditions with server closing its fd right after
sending HelloVerifyRequest causing the proxy to exit after a failed read.
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard f03651217c Adapt programs to use nbio with DTLS 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard bd97fdb3a4 Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard ae666c5092 proxy: avoid always dropping the same packet 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 8cc7e03ae0 udp_proxy: show encrypted messages as encrypted 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard 6265d305f1 Fix some delayed packets going the wrong way 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard bf02319b58 udp_proxy: don't overwrite delayed packets 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 6312e0f4e6 udp_proxy: allow successive clients 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard 484b8f9ed8 Fix bug in ssl_client2 reconnect option 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard b46780edee Enlarge udp_proxy's message buffer 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard ae8d2399a5 udp_proxy: also drop messages from the last flight 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard 992e13665d Make decisions pseudo-random in udp_proxy 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard bc010a045c udp_proxy: don't drop messages in the last flight
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard b6440a496b ssl_server2 now dies on SIGTERM during a read 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard 7cf3518284 Enhance output of udp_proxy (with time) 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard a014829024 Use ssl_set_bio_timeout() in test client/server 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard 63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 6c18a39807 Add option 'bad_ad' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard eb00bfd9c2 Add option 'mtu' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard 81f2fe9f08 Add option 'delay_ccs' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard 60fdd7e0f2 Add option 'drop' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard 21398c37c0 Add option 'delay' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard 2c41bd85e0 Add a 'duplicate' option to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard 44d5e63e6a Enhance output of udp_proxy 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard cb4137b646 Add test utility udp_proxy
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard 4ba6ab6d0d Fix glitch with HelloVerifyRequest
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard 26820e3061 Add option 'cookies' to ssl_server2 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard a64acd4f84 Add separate SSL_COOKIE_C define 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard 232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard 82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 336b824f07 Use ssl_set_client_transport_id() in ssl_server2 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard ae5050c212 Start adapting ssl_client2 to datagram I/O 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 798f15a500 Fix version adjustments with force_ciphersuite 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard fe3f73bdeb Allow force_version to select DTLS 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard 8a06d9c5d6 Actually use UDP for DTLS in test client/server 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard f5a1312eaa Add UDP support to the NET module 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard 83218f1da1 Add dtls version aliases to test serv/cli 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard 864a81fdc0 More ssl_set_XXX() functions can return BAD_INPUT 2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard e29fd4beaf Add a dtls option to test server and client 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard f138874811 Properly send close_notify in ssl_client2 2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard a8c0a0dbd0 Add "exchanges" option to test server and client
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard 296e3b1174 Request renego before write in ssl_server2
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard e08660e612 Fix ssl_read() and close_notify error handling in programs 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard 67686c42e6 Fix undocumented option in ssl_server2 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard 250b1ca6f3 Fix ssl_server2 exiting on recoverable errors 2014-08-19 10:34:37 +02:00
Paul Bakker bc3e54c70d Fix overly rigorous defines in ssl_server2.c 2014-08-18 14:36:17 +02:00
Paul Bakker d153ef335f Missing dependencies on POLARSSL_ECP_C fixed 2014-08-18 12:00:28 +02:00
Paul Bakker 09c9dd80ef Revert 42cc641. Issue already fixed in 333fdec. 2014-08-18 11:06:56 +02:00
Paul Bakker c1283d3f4c Only use signal() in ssl_server2 on non-Windows platforms 2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard dcab293bd4 Get rid of SERVERQUIT code in ssl_{client,server}2 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard db49330e08 ssl_server2 aborts cleanly on SIGTERM
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard a39416ff38 Fix bounds and error checking in gen_key.c 2014-08-14 11:34:35 +02:00
Alfred Klomp 7c03424d1c ssl_mail_client.c: silence warning, check base64_encode() status
Found with Clang's `scan-build` tool.

ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value.  This causes
scan-build to issue a warning.

Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Alfred Klomp 5b78f219d0 ssl_test.c: remove dead store, assign at declaration
Found with Clang's `scan-build` tool.

The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-08-14 11:34:34 +02:00
Alfred Klomp 1d42b3ea7e pem2der.c: fix double-free bug
Found with Clang's `scan-build` tool.

load_file() allocates memory to a char** parameter. It then tries to fread() a
file, and if that fails, frees the memory and returns to caller. However, the
char** is not reset to NULL, which causes a double-free error when the caller
later passes it to free().
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 42cc641159 Don't print uninitialized buffer in ssl_mail_client 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 9dbe7c5f17 Remove unreachable code from ssl_pthread_server 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 955028f858 Fix compile error in ssl_pthread_server 2014-08-14 11:34:33 +02:00
Paul Bakker 333fdeca3a Properly initialize buf 2014-08-04 12:12:09 +02:00
Paul Bakker 3966d71fa8 gen_key should open file as binary for writing DER keys 2014-07-10 15:27:09 +02:00
Paul Bakker d2a2d61a68 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker 14e8be4d33 Adapted programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Paul Bakker 8cfd9d8c59 Adapt programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard c5fd391e04 Check return value of ssl_set_xxx() in programs 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard 4e3e7c2944 Clarify comment in program 2014-07-08 14:20:26 +02:00
Paul Bakker 8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard 481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard fae355e8ee Add tests for ssl_set_renegotiation_enforced() 2014-07-04 14:32:27 +02:00
Paul Bakker 2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard dea29c51fd Extend request_size to small sizes in ssl_client2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard 0669f272e9 Fix printing large packets in ssl_server2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard 8a4d571af8 Fix warnings in no-SSL configs 2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard f9378d8f11 Fix dependencies on PEM in tests and programs 2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard 4505ed3c90 Fix missing free() with recent ssl_server2 options 2014-06-20 18:35:16 +02:00
Paul Bakker 3c38f29a61 Fix DER output of gen_key app (found by Gergely Budai) 2014-06-14 16:46:43 +02:00
Manuel Pégourié-Gonnard 7680698d02 Temporarily disable timing test on non-Linux 2014-06-13 18:04:42 +02:00
Paul Bakker 8880cb52f7 Handle missing CRL parsing gracefully 2014-06-12 23:22:26 +02:00
Paul Bakker 9b7fb6f68e Prevent warning for possibly uninitialized variable in ssl_server2 2014-06-12 23:01:43 +02:00
Paul Bakker 508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00
Paul Bakker 14c78c93d5 Merge more SSL tests and required ssl_server2 additions 2014-06-12 21:24:34 +02:00
Manuel Pégourié-Gonnard e1ac0f8c5d Add back timing selftest with new hardclock test 2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard 8de259b953 Minor code simplification in ssl programs 2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard 95c0a63023 Add tests for ssl_get_bytes_avail() 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard e7a3b10dcc Use ssl_get_bytes_avail() in ssl_server2. 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard 6dc0781aba Add version_suites option to ssl_server2 2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard 4dd73925ab Add entropy_self_test() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard dc019b9559 Use ssl_set_psk() only when a psk is given 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard fdee74b8d6 Simplify some option parsing code 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard 80c8553a1a Add psk_list option to ssl_server2: PSK callback 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard 9e27163acd Refactor PSK parsing in ssl_server2 2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard 736699c08c Add a dhm_file option to ssl_server2 2014-06-10 15:32:01 +02:00
Paul Bakker 1fd325309b Add option 'crl_file' to cert_app 2014-05-28 11:36:38 +02:00
Paul Bakker 1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker 0c5e4290e1 benchmark application also works without POLARSSL_ERROR_C 2014-05-22 14:11:13 +02:00
Manuel Pégourié-Gonnard 58d78a8d70 Add CCM to benchmark 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker 525f87559f Cast alpn_list to void * to prevent MSVC compiler warnings 2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker 93c32b21b3 Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN 2014-04-25 16:58:12 +02:00
Paul Bakker fdba46885b cert_write app should use subject of issuer certificate as issuer of cert 2014-04-25 11:48:35 +02:00
Paul Bakker 8a0c0a9ed9 Check additional return values in some test cases 2014-04-17 17:24:23 +02:00
Paul Bakker df71dd1618 Cleaner initialization (values did not matter, but were uninitialized) 2014-04-17 16:03:48 +02:00
Paul Bakker 030decdb4e Actually increment the loop counter to quit in ssl_fork_server 2014-04-17 16:03:23 +02:00
Paul Bakker 0c22610693 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Paul Bakker cbe3d0d5cc Added return value checking for correctness in programs 2014-04-17 16:00:59 +02:00
Paul Bakker 1cfc45835f Add option 'use_dev_random' to gen_key application 2014-04-09 15:49:58 +02:00
Manuel Pégourié-Gonnard 0f79babd4b Disable timing_selftest() for now 2014-04-09 15:49:51 +02:00
Paul Bakker 17b85cbd69 Merged additional tests and improved code coverage
Conflicts:
	ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker 0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Shuo Chen 95a0d118a9 Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined. 2014-04-08 10:53:51 +02:00
Manuel Pégourié-Gonnard 1bd2281260 Add an alpn option to ssl_client2 and ssl_server2 2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard 13a1ef8600 Misc selftest adjustements 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard 470fc935b5 Add timing_self_test() with consistency tests 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard 388dac4037 Still test pbkdf2 while it's there 2014-04-04 16:33:00 +02:00
Manuel Pégourié-Gonnard 6b0d268bc9 Add ssl_close_notify() to servers that missed it 2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard 00d538f8f9 Disable renegotiation by default in example cli/srv 2014-03-31 11:03:06 +02:00
Paul Bakker 5a1d687274 Fixed typo introduced in 486485b 2014-03-26 11:20:05 +01:00
Manuel Pégourié-Gonnard 486485bc07 PBKDF2 -> PKCS5 in selftest.c 2014-03-20 09:59:51 +01:00
Paul Bakker a4b0343edf Merged massive SSL Testing improvements 2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard 84fd6877c6 Use ssl_client2 to terminate ssl_server2 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 5b2d776d2a GnuTLS in compat.sh: server-side 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 3e1b178ba2 Add options for no certificates in test srv/cli 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 5575316385 Add options for non-blocking I/O in test cli & srv 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 0d8780b2cd Add a server_adrr option to ssl_client2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 5d917ff6a8 Add a 'sni' option to ssl_server2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard dbe1ee1988 Add tests for session ticket lifetime 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard c55a5b7d6f Add tests for cache timeout 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 4c88345f19 Add test for ssl_cache max_entries 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 780d671f9d Add tests for renegotiation 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 2fc243d06a Rearrange help messages of example cli/srv 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard fcf2fc2960 Make auth_mode=required the default in ssl_client2 2014-03-13 19:25:07 +01:00
Manuel Pégourié-Gonnard 844a4c0aef Fix RSASSA-PSS example programs 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard c580a00e3c Print protocol version in example cli/srv 2014-02-12 10:15:30 +01:00
Paul Bakker 64abd83b67 Fixed file descriptor leak in generic_sum 2014-02-06 15:03:06 +01:00
Paul Bakker 247b487d61 Missing 'else' in gen_key 2014-02-06 14:33:52 +01:00
Gergely Budai a5d336bcec Increase title size (fits to increased curve names). Give verbose errors on failures. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard fef0f8f55a Add HMAC_DRBG to benchmark 2014-01-30 23:17:33 +01:00
Paul Bakker d75ba40cc3 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-01-24 16:12:18 +01:00
Paul Bakker 5eb264cfa7 Minor fixes to o_p_test.c (CMakeLists.txt and includes) 2014-01-23 15:47:29 +01:00
Paul Bakker 5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker 61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Manuel Pégourié-Gonnard 2f5217ea02 Gitignore ssl_pthread_server 2014-01-22 12:56:06 +01:00
Manuel Pégourié-Gonnard 1744d72902 Add RIPEMD-160 to selftest 2014-01-17 14:46:36 +01:00
Manuel Pégourié-Gonnard 01b0b38421 Add RIPEMD-160 to benchmark 2014-01-17 14:29:46 +01:00
Paul Bakker caf0e60969 Forced cast to unsigned int for %u format in the ecdsa application 2013-12-30 19:15:48 +01:00
Paul Bakker f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker 29e86eae29 Removed 'z' length modifier from format in ecdsa program 2013-12-30 15:38:48 +01:00
Paul Bakker 3e72f6effd Only search for Pthread on Windows platforms 2013-12-30 15:28:46 +01:00
Paul Bakker f9c4953e39 Added version of the SSL pthread server example 2013-12-30 14:55:54 +01:00
Paul Bakker 5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Paul Bakker f70fe81a6e Fixed memory leak in benchmark application 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard 18d31f8e59 Make listening address configurable in ssl_server2 2013-12-17 12:00:57 +01:00
Paul Bakker 014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard 6e16cdb37c Allow curve selection in gen_key 2013-11-30 15:32:47 +01:00
Paul Bakker fdda785248 Removed dependency on unistd.h for MSVC in apps 2013-11-30 15:15:31 +01:00
Paul Bakker 840ab20ea2 Explicit conversions to int from size_t for MSVC (64-bit) in apps 2013-11-30 15:14:38 +01:00
Paul Bakker c97f9f6465 Removed making commandline arguments case insensitive 2013-11-30 15:14:11 +01:00
Manuel Pégourié-Gonnard 49d738b50d Ignore file generated by gen_key 2013-11-30 14:39:15 +01:00
Manuel Pégourié-Gonnard 8c237710a0 Start adding EC support in gen_key 2013-11-30 14:36:54 +01:00
Paul Bakker a8239a4490 Removed Windows auto-spawn client code 2013-11-29 11:16:37 +01:00
Manuel Pégourié-Gonnard 0f2eacbd09 crypt_and_hash: check MAC earlier 2013-11-26 15:19:57 +01:00
Paul Bakker e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker 8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard 5e1e61124a Insert warning about time in dh_genprime 2013-11-22 21:16:10 +01:00
Paul Bakker 993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Manuel Pégourié-Gonnard 291f9af935 Make all hash checking in programs constant-time 2013-10-31 14:22:27 +01:00
Paul Bakker 424cd6943c Check HMAC in constant-time in crypt_and_hash 2013-10-31 14:22:08 +01:00
Manuel Pégourié-Gonnard 6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard 9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard 53b3e0603b Add code for testing client-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker 60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker 93c6aa4014 Fixed that selfsign copies issuer_name to subject_name 2013-10-28 22:29:11 +01:00
Paul Bakker 08bb187bb6 Merged Public Key framwork tests 2013-10-28 14:11:09 +01:00
Manuel Pégourié-Gonnard 3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard b0a467fdbe Start adding a PK test suite 2013-10-15 15:19:59 +02:00
Paul Bakker f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker 376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard 8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard 1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Paul Bakker b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Manuel Pégourié-Gonnard 2f77ce3658 Fix forgotten snprintf define for MSVC 2013-10-11 09:17:19 +02:00
Manuel Pégourié-Gonnard 22f64c8a9a Cosmetics in benchmark 2013-10-10 13:21:48 +02:00
Paul Bakker 1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker 1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker 396333e0a3 Updated ssl_test to handle EOF return value 2013-09-28 11:08:43 +02:00
Manuel Pégourié-Gonnard a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard 641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard ac8474fb1c Changed default cert loading in ssl_server2 2013-09-25 11:35:15 +02:00
Manuel Pégourié-Gonnard b095a7bf29 Offer both RSA and ECDSA by default in ssl_server2 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard 3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Paul Bakker 15b9b3a7e0 Key generation tool 2013-09-23 13:25:44 +02:00
Manuel Pégourié-Gonnard abd6e02b7b Rm _CRT_SECURE_NO_DEPRECATE for programs
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 3bd2aae5a5 Add forgotten initializations 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 7831b0cb3c A few more issues with small configurations 2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard 92e5b59355 Fix some dependencies/warnings in programs 2013-09-20 10:58:58 +02:00
Manuel Pégourié-Gonnard da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 803bb312a3 Remove ecp-bench (now in general benchmark) 2013-09-18 15:37:43 +02:00
Paul Bakker 940f9ce515 Added pk_decrypt, pk_encrypt, pk_sign, pk_verify example applications 2013-09-18 15:34:57 +02:00
Paul Bakker 2e24ca74b0 Updated key_app.c and key_app_writer.c for EC key printing 2013-09-18 15:25:16 +02:00
Manuel Pégourié-Gonnard cc34f95b43 Include ECDSA and ECDH in benchmark 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard ed7cbe92d5 Allow selection of what to benchmark 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard 8271f2ffb5 Shorten benchmark source using macros and loops 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard 15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard 568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard 1b57878e4a Add missing VS project files, generated by script 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard 68821da01e Fix clang warnings in applications
Some fd would be used uninitialized if we goto exit early.
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard 4cf0686d6d Remove spurious '+ 3' in ecdsa_write_signature() 2013-09-18 14:34:33 +02:00
Paul Bakker c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker 369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker 86d0c1949e Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker 7fc7fa630f cert_write application also works without POLARSSL_X509_CSR_PARSE_C 2013-09-17 14:44:00 +02:00
Paul Bakker 36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker 30520d1776 Moved rsa_sign_pss / rsa_verify_pss to use PK for key reading 2013-09-17 11:39:31 +02:00
Paul Bakker 1525495330 Key app updated to support pk_context / ECP keypairs 2013-09-17 11:24:56 +02:00
Paul Bakker 7504d7f806 Fixed X509 define in selftest.c 2013-09-16 22:56:18 +02:00
Paul Bakker 7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker ace02867f6 Do not lowercase key values in arguments in cert_app.c 2013-09-16 21:40:34 +02:00
Paul Bakker 40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker 9a97c5d894 Fixed warnings in case application dependencies are not met 2013-09-15 17:07:33 +02:00
Paul Bakker c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker 1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard 92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Paul Bakker 9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard 26b4d45f49 Fix key_app_writer 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00