Commit graph

1045 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 003b3b132e Remove use of xxx_hmac() in program 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard a115def330 Fix tests and programs to use md_get_xxx() 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard aeab252fef Quit using deprecated ssl_set_bio() in programs 2015-03-25 20:21:29 +01:00
Manuel Pégourié-Gonnard e46c6c38c9 Fix tests to work with DEPRECATED_REMOVED 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard d42b7c82ef Adapt programs to new RC4 default 2015-03-20 19:44:04 +00:00
Manuel Pégourié-Gonnard 7f7aebca02 Fix incomplete changes from merge 2015-03-13 17:19:39 +00:00
Manuel Pégourié-Gonnard cc0d084820 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Actually use armcc for the armcc test ^^'
  Add more -O level variety in all.sh
  Document recent make changes
  build: Makefile: cleanup CFLAGS
  build: Makefile: cleanup LDFLAGS
  build: Makefile: simplify root Makefile
  build: Makefile: remove bashism

Conflicts:
	programs/Makefile
2015-03-13 16:32:40 +00:00
Alon Bar-Lev f7a9f30348 build: Makefile: cleanup CFLAGS
CFLAGS are reserved for external interaction via make variable, the
following should work:

$ make CFLAGS="-O3"
$ CFLAGS="-O3" make

1. Move internal flags to LOCAL_CFLAGS
2. Respect external CFLAGS
3. CFLAGS should be last compiler flags.
4. Default CFLAGS is -O optimization, remove OFLAGS.
5. Add WARNING_CFLAGS to control warning setting and enable to remove
   if compiler does not support flags.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Alon Bar-Lev ada4105ba2 build: Makefile: cleanup LDFLAGS
LDFLAGS are reserved for external interaction via make variable, the
following should work:

$ make LDFLAGS="-L/xxx"
$ LDFLAGS="-L/xxx" make

1. Move internal flags to LOCAL_LDFLAGS
2. Respect external LDFLAGS
3. LDFLAGS should be last linkage flags.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Manuel Pégourié-Gonnard b6b16bddc3 Drop pbkdf2 module (superseded by pkcs5) 2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard 83b04de09b Rename a few incidental references to PolarSSL 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard 7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard 34be402270 Rm obsolete things (compat-1.2, openssl, etc) 2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard e4d4890350 Finish renaming website 2015-03-06 13:40:52 +00:00
Manuel Pégourié-Gonnard 998897be3d Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Rename website and repository
  Move private macro from header to C file
  Add some missing 'static' on a few objects
  Fix whitespace issues
  Minor portability fix in benchmark
2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard c439e7b099 Minor portability fix in benchmark
On embedded systems, argc might be 0 rather than 1 for no argument.
2015-03-03 13:12:00 +00:00
Manuel Pégourié-Gonnard cd4cd1dd26 Merge branch 'development' into dtls
* development:
  Fix the fix to ssl_set_psk()
  Update Changelog
  Finish fixing memleak in ssl_server2 arg parsing
  Fix another potential memory leak found by find-mem-leak.cocci.
  Add a rule for another type of memory leak to find-mem-leak.cocci.
  Fix a potential memory leak found by find-mem-leak.cocci.
  Add a semantic patch to find potential memory leaks.
  Fix whitespace of 369e6c20.
  Apply the semantic patch rm-malloc-cast.cocci.
  Add a semantic patch to remove casts of malloc.
2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard b199095ec9 Finish fixing memleak in ssl_server2 arg parsing
Fixes omission in 5c078e1
2015-02-18 09:32:06 +00:00
Manuel Pégourié-Gonnard c35e90f8d4 Merge branch 'development' into dtls
* development:
  Fix missing #define if PLATFORM_C not here
2015-02-16 18:47:13 +00:00
Manuel Pégourié-Gonnard c3e3395c82 Fix missing #define if PLATFORM_C not here 2015-02-16 18:46:20 +00:00
Manuel Pégourié-Gonnard d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard 714929bf0d Fix issues introduced when rebasing 2015-02-16 17:32:47 +00:00
Manuel Pégourié-Gonnard 7defc7759d Code cosmetics 2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard 85391f2a65 Add curve25519 to the benchmark program 2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard e579dab5f0 Fix compile issue when buffer_alloc not available 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard 71e75dc2f0 Fix unused variable issue in some configs 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard 50da0482e0 Add heap usage for PK in benchmark 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard 128657d645 Use memory_buffer_alloc() in benchmark if available
Allows to measure memory by primitive.
2015-02-16 17:24:57 +00:00
Manuel Pégourié-Gonnard 3b8926c9d1 Adapt mini-client for config-suite-b.h 2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard a6fc5b2c6a Add mini_client.c 2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard ab025803ed Merge remote-tracking branch 'rich/platform' into development
* rich/platform:
  modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
  modify programs/*.c to use polarssl_snprintf
2015-02-16 16:10:51 +00:00
Manuel Pégourié-Gonnard aff2976d10 Merge branch 'build' into development
* build:
  build: make: support windows cross compile
2015-02-16 15:26:09 +00:00
Manuel Pégourié-Gonnard 09eb14c01e Revert "Require unix-utils in path for windows make"
This reverts commit 5d46cca09a.

In preparation of merging an external contribution that superseedes this

Conflicts:
	ChangeLog
2015-02-16 15:25:31 +00:00
Mansour Moufid c531b4af3c Apply the semantic patch rm-malloc-cast.cocci.
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard 671589d9a2 Fix return code in cert_app 2015-02-16 09:24:08 +00:00
Manuel Pégourié-Gonnard 401caadebd Align ssl_read in fork_server on ssl_server
It was the only program using a weird do while( 0 ) with a continue inside
2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard f53df4fcd8 Fix unchecked return values in mpi_demo 2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard 5c078e17b9 Fix memory leak on bad arguments in ssl_server2
Not a big deal, but was annoying in coverity results.
2015-02-16 09:13:40 +00:00
Alon Bar-Lev 18ba0cce8b build: make: support windows cross compile
Add WINDOWS_BUILD macro to enable Windows build on *NIX host.

Add optional suffix for executables.

Fix shared object suffix logic to support multiple suffixes.

Fix soname handling to always match output.

WINDOWS macro sets WINDOWS_BUILD.

WINDOWS_BUILD sets .exe executable suffix.

WINDOWS_BUILD shared mode creates dll import library.

WINDOWS_BUILD shared mode link against dll.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-02-14 01:20:17 +02:00
Rich Evans 012acfc20f modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 16:52:49 +00:00
Rich Evans b92965be74 modify programs/*.c to use polarssl_snprintf 2015-02-13 16:51:44 +00:00
Manuel Pégourié-Gonnard ac1f76c362 Merge remote-tracking branch 'rich/platform' into development
* rich/platform:
  Remove dependency on sscanf in lib x509
  Fix extra guard in memory_buffer_alloc
  rebase from development
  implemented macro overriding for polarssl_* library functions
  fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined
  add initial symbols to config and checks to check_config to allow use of macros to define standard functions
  reformat and arrange additions to config alphabetically
  add missing checks to check_config
  add macro definition of assert using polarssl_exit
  modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
  add POLARSSL_PLATFORM_EXIT_ALT
  modify scripts/* and tests/* to use polarssl_snprintf
  modify programs/*.c to use polarssl_snprintf
  modify library/debug.c to use polarssl_snprintf
  modify library/x509*.c to use polarssl_snprintf
  modify library/net.c to use polarssl_snprintf
  modify oid.c to use polarssl_snprintf
  add platform_set_snprintf

Conflicts:
	library/memory_buffer_alloc.c
	programs/pkey/pk_sign.c
	programs/pkey/pk_verify.c
	programs/pkey/rsa_sign_pss.c
	programs/pkey/rsa_verify_pss.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_pthread_server.c
	programs/test/benchmark.c
	programs/test/ssl_cert_test.c
2015-02-13 15:11:24 +00:00
Manuel Pégourié-Gonnard 6c5abfa42b Style: fix trailing spaces 2015-02-13 14:12:07 +00:00
Manuel Pégourié-Gonnard 013bffe5a7 Style: add spaces before line continuation 2015-02-13 14:09:44 +00:00
Rich Evans 77d3638497 modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 13:50:26 +00:00
Rich Evans 783d9d1c3e modify programs/*.c to use polarssl_snprintf 2015-02-13 13:50:26 +00:00
Rich Evans 85b05ec389 Cleanup programs further
removed casting of main args to void
2015-02-13 13:50:05 +00:00
Rich Evans 18b78c7498 cleanup programs
Clean up the contents of programs, add more guards to includes, move all
defines to the top of the top of files, remove some unused includes
2015-02-13 13:50:05 +00:00
Manuel Pégourié-Gonnard 5d46cca09a Require unix-utils in path for windows make 2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard 1cc0a3405c Fix missing includes in program 2015-02-10 12:18:15 +00:00
Manuel Pégourié-Gonnard 6f60cd848b Move from SHA-1 to SHA-256 as default in programs 2015-02-10 11:31:58 +00:00
Manuel Pégourié-Gonnard f224678864 Fix remaining printfs in programs 2015-01-29 13:29:20 +00:00
Manuel Pégourié-Gonnard 226d37ac6f Fix merge issue 2015-01-29 13:15:48 +00:00
Manuel Pégourié-Gonnard b8a923db2b Merge branch 'development' into dtls
* development:
  Fix left out printf's
2015-01-29 11:53:35 +00:00
Manuel Pégourié-Gonnard 7e81e7003f Fix left out printf's 2015-01-29 11:47:41 +00:00
Manuel Pégourié-Gonnard 3d2c4b70f2 Fix url in new files 2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard 2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard 860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard 3f738ca40a Move some ignore patterns to subdirectories 2015-01-28 15:33:23 +00:00
veggie 64a5799637 Minor nits with stdout/stderr. 2015-01-28 15:21:42 +00:00
wslfa cc334eff3e aescrypt2.c local char array not initial
I change the main() function to a normal function, use many threads call it. so, in concurrent situation, these initial operation is necessary.
2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard 478fac4075 Fix usage string of ssl_client2
Found by Hannes Mehnert
2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard 7c9e75a836 Remove a few useless #defines 2015-01-28 15:28:29 +01:00
Rich Evans f90016aade Use platform layer in programs for consistency. 2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard 9014b6f227 Rename project in CMake
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard 6a4ae35788 Link to new name in programs & tests Makefiles 2015-01-27 14:03:24 +01:00
Manuel Pégourié-Gonnard d43ccb66fb Quit using deprecated header. 2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard c26a092b50 Rename static lib name with make 2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard dba564bc79 Fix files that are not in development 2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard df6411d8d8 Merge branch 'development' into dtls
* development:
  Fix website url to use https.
  Remove maintainer line.
  Remove redundant "all rights reserved"
2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard 085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard 9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard 19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard 9169921271 Rename to mbed TLS in examples 2015-01-22 16:26:39 +00:00
Manuel Pégourié-Gonnard b64d9a79a4 Remove old test certificates.
Avoid duplication with those in tests/data_files
2015-01-22 16:25:32 +00:00
Manuel Pégourié-Gonnard 967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard 3a173f497b Merge branch 'development' into dtls
* development:
  Fix error code description.
  generate_errors.pl now errors on duplicate codes
  Avoid nested if's without braces.
  Move renego SCSV after actual ciphersuites
  Fix send_close_notify usage.
  Rename variable for clarity
  Improve script portability

Conflicts:
	library/ssl_srv.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard 34377b1e1c Fix send_close_notify usage. 2015-01-22 10:46:46 +00:00
Manuel Pégourié-Gonnard 6a0017b7c0 Rename variable for clarity 2015-01-22 10:33:29 +00:00
Manuel Pégourié-Gonnard 23eb74d8b5 Fix issues with new defaults 2015-01-21 14:37:13 +00:00
Manuel Pégourié-Gonnard 67505bf9e8 Merge branch 'development' into dtls
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard bfccdd3c92 Merge commit '36adc36' into dtls
* commit '36adc36':
  Add support for getrandom()
  Use library default for trunc-hmac in ssl_client2
  Make truncated hmac a runtime option server-side
  Fix portability issue in script
  Specific error for suites in common but none good
  Prefer SHA-1 certificates for pre-1.2 clients
  Some more refactoring/tuning.
  Minor refactoring

Conflicts:
	include/polarssl/error.h
	include/polarssl/ssl.h
	library/error.c
2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard 0017c2be48 Merge commit '9835bc0' into dtls
* commit '9835bc0':
  Fix racy test.
  Fix stupid error in previous commit
  Don't check errors on ssl_close_notify()
  Fix char signedness issue
  Fix issue with non-blocking I/O & record splitting
  Fix warning

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard 8fbb01ec84 Merge commit 'b2eaac1' into dtls
* commit 'b2eaac1':
  Stop assuming chars are signed
  Add tests for CBC record splitting
  Fix tests that were failing with record splitting
  Allow disabling record splitting at runtime
  Add 1/n-1 record splitting
  Enhance doc on ssl_write()

Conflicts:
	include/polarssl/ssl.h
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard 0af1ba3521 Merge commit 'f6080b8' into dtls
* commit 'f6080b8':
  Fix warning in reduced configs
  Adapt to "negative" switch for renego
  Add tests for periodic renegotiation
  Make renego period configurable
  Auto-renegotiate before sequence number wrapping
  Update Changelog for compile-option renegotiation
  Switch from an enable to a disable flag
  Save 48 bytes if SSLv3 is not defined
  Make renegotiation a compile-time option
  Add tests for renego security enforcement

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard f9c8a606b5 Merge commit '8b9bcec' into dtls
* commit '8b9bcec':
  Stop assuming chars are signed
  Fix len miscalculation in buffer-based allocator
  Fix NULL dereference in buffer-based allocator
  Add test_suite_memory_buffer_alloc
  Add memory_buffer_alloc_self_test()
  Fix missing bound check
  Add test for ctr_drbg_update() input sanitizing
  Refactor for clearer correctness/security
  Stop assuming chars are signed

Conflicts:
	library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker 5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Manuel Pégourié-Gonnard a92ed4845c Fix stupid error in previous commit
Since ret is no longer update by close_notify(), we need to reset it to 0
after a successful write.
2015-01-14 10:46:53 +01:00
Manuel Pégourié-Gonnard 687f89beab Don't check errors on ssl_close_notify()
Depending on timing we might get different errors (conn_reset, write failed)
and ignoring them all ends up being almost the same as just not checking
errors.
2015-01-13 21:48:12 +01:00
Paul Bakker b2eaac154b Stop assuming chars are signed 2015-01-13 17:15:31 +01:00
Paul Bakker f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Paul Bakker 8b9bcecaae Stop assuming chars are signed 2015-01-13 15:59:55 +01:00
Manuel Pégourié-Gonnard 5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Paul Bakker d9e2dd2bb0 Merge support for Encrypt-then-MAC 2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard fa06581c73 Disable RC4 by default in example programs. 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard 982865618a Stop assuming chars are signed
(They aren't on ARM by default.)
2015-01-12 19:17:05 +01:00
Manuel Pégourié-Gonnard 448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard 265fe997ff Use library default for trunc-hmac in ssl_client2 2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard c82ee3555f Fix tests that were failing with record splitting 2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard 590f416142 Add tests for periodic renegotiation 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard 615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard 85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard d3b90f797d Fix bug in ssl_client2 reconnect option 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard f29e5de09d Cosmetics in ssl_server2 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard 0975ad928d Merge branch 'etm' into dtls
* etm:
  Fix some more warnings in reduced configs
  Fix typo causing MSVC errors
2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard be6ce835a2 Fix typo causing MSVC errors 2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard 3a3066c3ee ssl_server2 now exits on signal during a read too 2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard 403a86f73d ssl_server2: exit cleanly on SIGINT too 2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard 49aa99e653 Fix exit codes in cert_app 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard 56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard a6ace04c5c Test for lost HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard e698f59a25 Add tests for ssl_set_dtls_badmac_limit() 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard 9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard e63582a166 Add dlts_client.c and dtls_server.c 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard dc6a75a952 ERR_NET_CONN_RESET can't happen with UDP 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard caecdaed25 Cosmetics in ssl_server2 & complete tests for HVR 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard 2d87e419e0 Adapt ssl_{client,server}2.c to datagram write 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 994f8b554f Ok for close_notify to fail 2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard ba958b8bdc Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard a9d7d03e30 SIGTERM also interrupts server2 during net_read() 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard 6a2bc23f63 Allow exchanges=0 in ssl_server2
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard cce220d6aa Adapt ssl_server2 to datagram-style read 2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard 85beb30b11 Add test for resumption with non-blocking I/O 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard f1e0df3ccd Allow ssl_client2 to resend on read timeout 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard 6b65141718 Implement ssl_read() timeout (DTLS only for now) 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard d823bd0a04 Add handshake_timeout option to test server/client 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard ce8588c9ef Make udp_proxy more robust
There seemed to be some race conditions with server closing its fd right after
sending HelloVerifyRequest causing the proxy to exit after a failed read.
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard f03651217c Adapt programs to use nbio with DTLS 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard bd97fdb3a4 Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard ae666c5092 proxy: avoid always dropping the same packet 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 8cc7e03ae0 udp_proxy: show encrypted messages as encrypted 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard 6265d305f1 Fix some delayed packets going the wrong way 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard bf02319b58 udp_proxy: don't overwrite delayed packets 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 6312e0f4e6 udp_proxy: allow successive clients 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard 484b8f9ed8 Fix bug in ssl_client2 reconnect option 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard b46780edee Enlarge udp_proxy's message buffer 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard ae8d2399a5 udp_proxy: also drop messages from the last flight 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard 992e13665d Make decisions pseudo-random in udp_proxy 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard bc010a045c udp_proxy: don't drop messages in the last flight
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard b6440a496b ssl_server2 now dies on SIGTERM during a read 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard 7cf3518284 Enhance output of udp_proxy (with time) 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard a014829024 Use ssl_set_bio_timeout() in test client/server 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard 63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 6c18a39807 Add option 'bad_ad' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard eb00bfd9c2 Add option 'mtu' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard 81f2fe9f08 Add option 'delay_ccs' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard 60fdd7e0f2 Add option 'drop' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard 21398c37c0 Add option 'delay' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard 2c41bd85e0 Add a 'duplicate' option to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard 44d5e63e6a Enhance output of udp_proxy 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard cb4137b646 Add test utility udp_proxy
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard 4ba6ab6d0d Fix glitch with HelloVerifyRequest
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard 26820e3061 Add option 'cookies' to ssl_server2 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard a64acd4f84 Add separate SSL_COOKIE_C define 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard 232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard 82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 336b824f07 Use ssl_set_client_transport_id() in ssl_server2 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard ae5050c212 Start adapting ssl_client2 to datagram I/O 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 798f15a500 Fix version adjustments with force_ciphersuite 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard fe3f73bdeb Allow force_version to select DTLS 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard 8a06d9c5d6 Actually use UDP for DTLS in test client/server 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard f5a1312eaa Add UDP support to the NET module 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard 83218f1da1 Add dtls version aliases to test serv/cli 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard 864a81fdc0 More ssl_set_XXX() functions can return BAD_INPUT 2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard e29fd4beaf Add a dtls option to test server and client 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard f138874811 Properly send close_notify in ssl_client2 2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard a8c0a0dbd0 Add "exchanges" option to test server and client
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard 296e3b1174 Request renego before write in ssl_server2
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard e08660e612 Fix ssl_read() and close_notify error handling in programs 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard 67686c42e6 Fix undocumented option in ssl_server2 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard 250b1ca6f3 Fix ssl_server2 exiting on recoverable errors 2014-08-19 10:34:37 +02:00
Paul Bakker bc3e54c70d Fix overly rigorous defines in ssl_server2.c 2014-08-18 14:36:17 +02:00
Paul Bakker d153ef335f Missing dependencies on POLARSSL_ECP_C fixed 2014-08-18 12:00:28 +02:00
Paul Bakker 09c9dd80ef Revert 42cc641. Issue already fixed in 333fdec. 2014-08-18 11:06:56 +02:00
Paul Bakker c1283d3f4c Only use signal() in ssl_server2 on non-Windows platforms 2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard dcab293bd4 Get rid of SERVERQUIT code in ssl_{client,server}2 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard db49330e08 ssl_server2 aborts cleanly on SIGTERM
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard a39416ff38 Fix bounds and error checking in gen_key.c 2014-08-14 11:34:35 +02:00
Alfred Klomp 7c03424d1c ssl_mail_client.c: silence warning, check base64_encode() status
Found with Clang's `scan-build` tool.

ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value.  This causes
scan-build to issue a warning.

Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Alfred Klomp 5b78f219d0 ssl_test.c: remove dead store, assign at declaration
Found with Clang's `scan-build` tool.

The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-08-14 11:34:34 +02:00
Alfred Klomp 1d42b3ea7e pem2der.c: fix double-free bug
Found with Clang's `scan-build` tool.

load_file() allocates memory to a char** parameter. It then tries to fread() a
file, and if that fails, frees the memory and returns to caller. However, the
char** is not reset to NULL, which causes a double-free error when the caller
later passes it to free().
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 42cc641159 Don't print uninitialized buffer in ssl_mail_client 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 9dbe7c5f17 Remove unreachable code from ssl_pthread_server 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 955028f858 Fix compile error in ssl_pthread_server 2014-08-14 11:34:33 +02:00
Paul Bakker 333fdeca3a Properly initialize buf 2014-08-04 12:12:09 +02:00
Paul Bakker 3966d71fa8 gen_key should open file as binary for writing DER keys 2014-07-10 15:27:09 +02:00
Paul Bakker d2a2d61a68 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker 14e8be4d33 Adapted programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Paul Bakker 8cfd9d8c59 Adapt programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard c5fd391e04 Check return value of ssl_set_xxx() in programs 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard 4e3e7c2944 Clarify comment in program 2014-07-08 14:20:26 +02:00
Paul Bakker 8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard 481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard fae355e8ee Add tests for ssl_set_renegotiation_enforced() 2014-07-04 14:32:27 +02:00
Paul Bakker 2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard dea29c51fd Extend request_size to small sizes in ssl_client2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard 0669f272e9 Fix printing large packets in ssl_server2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard 8a4d571af8 Fix warnings in no-SSL configs 2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard f9378d8f11 Fix dependencies on PEM in tests and programs 2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard 4505ed3c90 Fix missing free() with recent ssl_server2 options 2014-06-20 18:35:16 +02:00
Paul Bakker 3c38f29a61 Fix DER output of gen_key app (found by Gergely Budai) 2014-06-14 16:46:43 +02:00
Manuel Pégourié-Gonnard 7680698d02 Temporarily disable timing test on non-Linux 2014-06-13 18:04:42 +02:00
Paul Bakker 8880cb52f7 Handle missing CRL parsing gracefully 2014-06-12 23:22:26 +02:00
Paul Bakker 9b7fb6f68e Prevent warning for possibly uninitialized variable in ssl_server2 2014-06-12 23:01:43 +02:00
Paul Bakker 508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00
Paul Bakker 14c78c93d5 Merge more SSL tests and required ssl_server2 additions 2014-06-12 21:24:34 +02:00
Manuel Pégourié-Gonnard e1ac0f8c5d Add back timing selftest with new hardclock test 2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard 8de259b953 Minor code simplification in ssl programs 2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard 95c0a63023 Add tests for ssl_get_bytes_avail() 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard e7a3b10dcc Use ssl_get_bytes_avail() in ssl_server2. 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard 6dc0781aba Add version_suites option to ssl_server2 2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard 4dd73925ab Add entropy_self_test() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard dc019b9559 Use ssl_set_psk() only when a psk is given 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard fdee74b8d6 Simplify some option parsing code 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard 80c8553a1a Add psk_list option to ssl_server2: PSK callback 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard 9e27163acd Refactor PSK parsing in ssl_server2 2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard 736699c08c Add a dhm_file option to ssl_server2 2014-06-10 15:32:01 +02:00
Paul Bakker 1fd325309b Add option 'crl_file' to cert_app 2014-05-28 11:36:38 +02:00
Paul Bakker 1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker 0c5e4290e1 benchmark application also works without POLARSSL_ERROR_C 2014-05-22 14:11:13 +02:00
Manuel Pégourié-Gonnard 58d78a8d70 Add CCM to benchmark 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker 525f87559f Cast alpn_list to void * to prevent MSVC compiler warnings 2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker 93c32b21b3 Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN 2014-04-25 16:58:12 +02:00
Paul Bakker fdba46885b cert_write app should use subject of issuer certificate as issuer of cert 2014-04-25 11:48:35 +02:00
Paul Bakker 8a0c0a9ed9 Check additional return values in some test cases 2014-04-17 17:24:23 +02:00
Paul Bakker df71dd1618 Cleaner initialization (values did not matter, but were uninitialized) 2014-04-17 16:03:48 +02:00
Paul Bakker 030decdb4e Actually increment the loop counter to quit in ssl_fork_server 2014-04-17 16:03:23 +02:00
Paul Bakker 0c22610693 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Paul Bakker cbe3d0d5cc Added return value checking for correctness in programs 2014-04-17 16:00:59 +02:00
Paul Bakker 1cfc45835f Add option 'use_dev_random' to gen_key application 2014-04-09 15:49:58 +02:00
Manuel Pégourié-Gonnard 0f79babd4b Disable timing_selftest() for now 2014-04-09 15:49:51 +02:00
Paul Bakker 17b85cbd69 Merged additional tests and improved code coverage
Conflicts:
	ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker 0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Shuo Chen 95a0d118a9 Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined. 2014-04-08 10:53:51 +02:00
Manuel Pégourié-Gonnard 1bd2281260 Add an alpn option to ssl_client2 and ssl_server2 2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard 13a1ef8600 Misc selftest adjustements 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard 470fc935b5 Add timing_self_test() with consistency tests 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard 388dac4037 Still test pbkdf2 while it's there 2014-04-04 16:33:00 +02:00
Manuel Pégourié-Gonnard 6b0d268bc9 Add ssl_close_notify() to servers that missed it 2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard 00d538f8f9 Disable renegotiation by default in example cli/srv 2014-03-31 11:03:06 +02:00
Paul Bakker 5a1d687274 Fixed typo introduced in 486485b 2014-03-26 11:20:05 +01:00
Manuel Pégourié-Gonnard 486485bc07 PBKDF2 -> PKCS5 in selftest.c 2014-03-20 09:59:51 +01:00
Paul Bakker a4b0343edf Merged massive SSL Testing improvements 2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard 84fd6877c6 Use ssl_client2 to terminate ssl_server2 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 5b2d776d2a GnuTLS in compat.sh: server-side 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 3e1b178ba2 Add options for no certificates in test srv/cli 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 5575316385 Add options for non-blocking I/O in test cli & srv 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 0d8780b2cd Add a server_adrr option to ssl_client2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 5d917ff6a8 Add a 'sni' option to ssl_server2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard dbe1ee1988 Add tests for session ticket lifetime 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard c55a5b7d6f Add tests for cache timeout 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 4c88345f19 Add test for ssl_cache max_entries 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 780d671f9d Add tests for renegotiation 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 2fc243d06a Rearrange help messages of example cli/srv 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard fcf2fc2960 Make auth_mode=required the default in ssl_client2 2014-03-13 19:25:07 +01:00
Manuel Pégourié-Gonnard 844a4c0aef Fix RSASSA-PSS example programs 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard c580a00e3c Print protocol version in example cli/srv 2014-02-12 10:15:30 +01:00
Paul Bakker 64abd83b67 Fixed file descriptor leak in generic_sum 2014-02-06 15:03:06 +01:00
Paul Bakker 247b487d61 Missing 'else' in gen_key 2014-02-06 14:33:52 +01:00
Gergely Budai a5d336bcec Increase title size (fits to increased curve names). Give verbose errors on failures. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard 79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard fef0f8f55a Add HMAC_DRBG to benchmark 2014-01-30 23:17:33 +01:00
Paul Bakker d75ba40cc3 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-01-24 16:12:18 +01:00
Paul Bakker 5eb264cfa7 Minor fixes to o_p_test.c (CMakeLists.txt and includes) 2014-01-23 15:47:29 +01:00
Paul Bakker 5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker 61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Manuel Pégourié-Gonnard 2f5217ea02 Gitignore ssl_pthread_server 2014-01-22 12:56:06 +01:00
Manuel Pégourié-Gonnard 1744d72902 Add RIPEMD-160 to selftest 2014-01-17 14:46:36 +01:00
Manuel Pégourié-Gonnard 01b0b38421 Add RIPEMD-160 to benchmark 2014-01-17 14:29:46 +01:00
Paul Bakker caf0e60969 Forced cast to unsigned int for %u format in the ecdsa application 2013-12-30 19:15:48 +01:00
Paul Bakker f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker 29e86eae29 Removed 'z' length modifier from format in ecdsa program 2013-12-30 15:38:48 +01:00
Paul Bakker 3e72f6effd Only search for Pthread on Windows platforms 2013-12-30 15:28:46 +01:00
Paul Bakker f9c4953e39 Added version of the SSL pthread server example 2013-12-30 14:55:54 +01:00
Paul Bakker 5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Paul Bakker f70fe81a6e Fixed memory leak in benchmark application 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard 18d31f8e59 Make listening address configurable in ssl_server2 2013-12-17 12:00:57 +01:00
Paul Bakker 014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard 6e16cdb37c Allow curve selection in gen_key 2013-11-30 15:32:47 +01:00
Paul Bakker fdda785248 Removed dependency on unistd.h for MSVC in apps 2013-11-30 15:15:31 +01:00
Paul Bakker 840ab20ea2 Explicit conversions to int from size_t for MSVC (64-bit) in apps 2013-11-30 15:14:38 +01:00
Paul Bakker c97f9f6465 Removed making commandline arguments case insensitive 2013-11-30 15:14:11 +01:00
Manuel Pégourié-Gonnard 49d738b50d Ignore file generated by gen_key 2013-11-30 14:39:15 +01:00
Manuel Pégourié-Gonnard 8c237710a0 Start adding EC support in gen_key 2013-11-30 14:36:54 +01:00
Paul Bakker a8239a4490 Removed Windows auto-spawn client code 2013-11-29 11:16:37 +01:00
Manuel Pégourié-Gonnard 0f2eacbd09 crypt_and_hash: check MAC earlier 2013-11-26 15:19:57 +01:00
Paul Bakker e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker 8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard 5e1e61124a Insert warning about time in dh_genprime 2013-11-22 21:16:10 +01:00
Paul Bakker 993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Manuel Pégourié-Gonnard 291f9af935 Make all hash checking in programs constant-time 2013-10-31 14:22:27 +01:00
Paul Bakker 424cd6943c Check HMAC in constant-time in crypt_and_hash 2013-10-31 14:22:08 +01:00
Manuel Pégourié-Gonnard 6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard 9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard 53b3e0603b Add code for testing client-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker 60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker 93c6aa4014 Fixed that selfsign copies issuer_name to subject_name 2013-10-28 22:29:11 +01:00
Paul Bakker 08bb187bb6 Merged Public Key framwork tests 2013-10-28 14:11:09 +01:00
Manuel Pégourié-Gonnard 3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard b0a467fdbe Start adding a PK test suite 2013-10-15 15:19:59 +02:00
Paul Bakker f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker 376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard 8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard 1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Paul Bakker b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Manuel Pégourié-Gonnard 2f77ce3658 Fix forgotten snprintf define for MSVC 2013-10-11 09:17:19 +02:00
Manuel Pégourié-Gonnard 22f64c8a9a Cosmetics in benchmark 2013-10-10 13:21:48 +02:00
Paul Bakker 1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker 1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker 396333e0a3 Updated ssl_test to handle EOF return value 2013-09-28 11:08:43 +02:00
Manuel Pégourié-Gonnard a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard 641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard ac8474fb1c Changed default cert loading in ssl_server2 2013-09-25 11:35:15 +02:00
Manuel Pégourié-Gonnard b095a7bf29 Offer both RSA and ECDSA by default in ssl_server2 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard 3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Paul Bakker 15b9b3a7e0 Key generation tool 2013-09-23 13:25:44 +02:00
Manuel Pégourié-Gonnard abd6e02b7b Rm _CRT_SECURE_NO_DEPRECATE for programs
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 3bd2aae5a5 Add forgotten initializations 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard 7831b0cb3c A few more issues with small configurations 2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard 92e5b59355 Fix some dependencies/warnings in programs 2013-09-20 10:58:58 +02:00
Manuel Pégourié-Gonnard da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard 803bb312a3 Remove ecp-bench (now in general benchmark) 2013-09-18 15:37:43 +02:00
Paul Bakker 940f9ce515 Added pk_decrypt, pk_encrypt, pk_sign, pk_verify example applications 2013-09-18 15:34:57 +02:00
Paul Bakker 2e24ca74b0 Updated key_app.c and key_app_writer.c for EC key printing 2013-09-18 15:25:16 +02:00
Manuel Pégourié-Gonnard cc34f95b43 Include ECDSA and ECDH in benchmark 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard ed7cbe92d5 Allow selection of what to benchmark 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard 8271f2ffb5 Shorten benchmark source using macros and loops 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard 15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard 568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard 1b57878e4a Add missing VS project files, generated by script 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard 68821da01e Fix clang warnings in applications
Some fd would be used uninitialized if we goto exit early.
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard 4cf0686d6d Remove spurious '+ 3' in ecdsa_write_signature() 2013-09-18 14:34:33 +02:00
Paul Bakker c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker 369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker 86d0c1949e Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker 7fc7fa630f cert_write application also works without POLARSSL_X509_CSR_PARSE_C 2013-09-17 14:44:00 +02:00
Paul Bakker 36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker 30520d1776 Moved rsa_sign_pss / rsa_verify_pss to use PK for key reading 2013-09-17 11:39:31 +02:00
Paul Bakker 1525495330 Key app updated to support pk_context / ECP keypairs 2013-09-17 11:24:56 +02:00
Paul Bakker 7504d7f806 Fixed X509 define in selftest.c 2013-09-16 22:56:18 +02:00
Paul Bakker 7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker ace02867f6 Do not lowercase key values in arguments in cert_app.c 2013-09-16 21:40:34 +02:00
Paul Bakker 40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker 9a97c5d894 Fixed warnings in case application dependencies are not met 2013-09-15 17:07:33 +02:00
Paul Bakker c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker 1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard 92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Paul Bakker 9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard 26b4d45f49 Fix key_app_writer 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Paul Bakker 8f0423afbc Fix for benchmark app after GCM refactoring merge 2013-09-10 14:51:50 +02:00
Paul Bakker c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker b2d7f23592 Ability to selfsign certificates added to cert_write app 2013-09-09 16:24:18 +02:00
Paul Bakker 4122f3eacf Removed POLARSSL_ERROR_C define and added as requirement defing for
cert_req and cert_write apps
2013-09-09 16:01:46 +02:00
Paul Bakker 80d44fee2e Moved 'define handling code' to top 2013-09-09 15:59:20 +02:00
Paul Bakker e2673fb34b cert_write app now parses presented CSR for subject name and key 2013-09-09 15:56:09 +02:00
Paul Bakker f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker 8693274219 Small typo in usage of cert_req app 2013-09-09 14:09:42 +02:00
Paul Bakker 1014e95775 Use issuer_name from the issuer_certificate in cert_write app 2013-09-09 13:59:42 +02:00
Paul Bakker 52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Manuel Pégourié-Gonnard e8ea0c0421 Fix exit value on SERVERQUIT 2013-09-08 20:08:24 +02:00
Manuel Pégourié-Gonnard ce6352a791 Add benchmark for fixed-DHM with blinding 2013-09-07 13:05:52 +02:00
Manuel Pégourié-Gonnard 1a2012459b Fix undetected errors in benchmark
dhm_calc_secret() was exiting early, leading to wrong results
2013-09-07 12:27:35 +02:00
Manuel Pégourié-Gonnard 337b29c334 Test and document EC blinding overhead 2013-09-07 11:52:27 +02:00
Paul Bakker 15162a054a Writing of X509v3 extensions supported
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker 9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard cac5f7d737 Update benchmarks for new prototypes 2013-09-04 17:19:18 +02:00
Manuel Pégourié-Gonnard 2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard 2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard 9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard 9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Paul Bakker 548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker 577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Paul Bakker 0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker f3df61ad10 Generalized PEM writing in x509write module for RSA keys as well 2013-08-26 17:37:18 +02:00
Paul Bakker 135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker 57be6e22cf cert_req now supports key_usage and ns_cert_type command line options 2013-08-26 17:37:18 +02:00
Manuel Pégourié-Gonnard 38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker 8adf13bd92 Added pem2der utility application 2013-08-26 10:38:54 +02:00
Paul Bakker 82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker 384d4351ce Added cert_req to CMakeLists.txt 2013-08-25 10:51:18 +02:00
Paul Bakker 8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard 7e56de1671 Adapt ssl_cert_test to changes in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard bf3109fd41 Add forgotten ecdsa_free() in ecdsa example 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard e09631b7c4 Create ecp_group_copy() and use it 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard aa431613b3 Add ecdsa example program 2013-08-20 20:08:29 +02:00
Paul Bakker 1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker 05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard cf2e97eae2 ssl_client2: allow reconnecting twice 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard aaa1eab55a Add an option to reconnect in ssl_client2
Purpose: test resuming sessions.
2013-08-14 14:08:04 +02:00
Paul Bakker 66c4810ffe Better handling of ciphersuite version range and forced version in
ssl_client2
2013-07-26 14:05:32 +02:00
Paul Bakker 6c85279719 Newline fixes in help text for ssl_client2 / ssl_server2 2013-07-26 14:02:13 +02:00
Paul Bakker dbd79ca617 ssl_client2 and ssl_server2 now exit with 1 on errors (shell
limitations)
2013-07-24 16:28:35 +02:00
Paul Bakker 8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Paul Bakker 5b55b79021 Better handling of ciphersuite version range and forced version in
ssl_server2
2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard e048b67d0a Misc minor fixes
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard 0c017a55e0 Add max_frag_len option in ssl_server2
Also reformat code and output more information in ssl_client2
2013-07-18 14:07:36 +02:00
Paul Bakker 8e714d7aca Modified LONG_RESPONSE and comments in ssl_server2 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard bd7ce63115 Adapt ssl_server2 to test sending long messages 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard 787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard 0df6b1f068 ssl_client2: add max_frag_len option 2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard be50680a8c Fix use of x509_cert.rsa in programs 2013-07-17 15:59:43 +02:00
Paul Bakker 82024bf7b9 ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT' 2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker 44618dd798 SSL Test and Benchmark now handle missing POLARSSL_TIMING_C 2013-07-04 11:30:32 +02:00
Paul Bakker fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker 6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker 9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker 62534dd1d8 programs/util/strerror now handles decimal and hexidecimal input 2013-06-30 12:45:07 +02:00
Paul Bakker 03a8a79516 Programs adapted to use polarssl_strerror() instead of error_strerror() 2013-06-30 12:18:08 +02:00