Manuel Pégourié-Gonnard
992e13665d
Make decisions pseudo-random in udp_proxy
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
bc010a045c
udp_proxy: don't drop messages in the last flight
...
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
b6440a496b
ssl_server2 now dies on SIGTERM during a read
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
7cf3518284
Enhance output of udp_proxy (with time)
2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
a014829024
Use ssl_set_bio_timeout() in test client/server
2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
6c18a39807
Add option 'bad_ad' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
eb00bfd9c2
Add option 'mtu' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
81f2fe9f08
Add option 'delay_ccs' to udp_proxy
2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
60fdd7e0f2
Add option 'drop' to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
21398c37c0
Add option 'delay' to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
2c41bd85e0
Add a 'duplicate' option to udp_proxy
2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
44d5e63e6a
Enhance output of udp_proxy
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
cb4137b646
Add test utility udp_proxy
...
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
4ba6ab6d0d
Fix glitch with HelloVerifyRequest
...
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
26820e3061
Add option 'cookies' to ssl_server2
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
336b824f07
Use ssl_set_client_transport_id() in ssl_server2
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
ae5050c212
Start adapting ssl_client2 to datagram I/O
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
798f15a500
Fix version adjustments with force_ciphersuite
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
fe3f73bdeb
Allow force_version to select DTLS
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
8a06d9c5d6
Actually use UDP for DTLS in test client/server
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
83218f1da1
Add dtls version aliases to test serv/cli
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
e29fd4beaf
Add a dtls option to test server and client
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f138874811
Properly send close_notify in ssl_client2
2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0
Add "exchanges" option to test server and client
...
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).
Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
296e3b1174
Request renego before write in ssl_server2
...
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard
e08660e612
Fix ssl_read() and close_notify error handling in programs
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
67686c42e6
Fix undocumented option in ssl_server2
2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
250b1ca6f3
Fix ssl_server2 exiting on recoverable errors
2014-08-19 10:34:37 +02:00
Paul Bakker
bc3e54c70d
Fix overly rigorous defines in ssl_server2.c
2014-08-18 14:36:17 +02:00
Paul Bakker
d153ef335f
Missing dependencies on POLARSSL_ECP_C fixed
2014-08-18 12:00:28 +02:00
Paul Bakker
09c9dd80ef
Revert 42cc641
. Issue already fixed in 333fdec
.
2014-08-18 11:06:56 +02:00
Paul Bakker
c1283d3f4c
Only use signal() in ssl_server2 on non-Windows platforms
2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard
dcab293bd4
Get rid of SERVERQUIT code in ssl_{client,server}2
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
db49330e08
ssl_server2 aborts cleanly on SIGTERM
...
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
a39416ff38
Fix bounds and error checking in gen_key.c
2014-08-14 11:34:35 +02:00
Alfred Klomp
7c03424d1c
ssl_mail_client.c: silence warning, check base64_encode() status
...
Found with Clang's `scan-build` tool.
ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value. This causes
scan-build to issue a warning.
Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Alfred Klomp
5b78f219d0
ssl_test.c: remove dead store, assign at declaration
...
Found with Clang's `scan-build` tool.
The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-08-14 11:34:34 +02:00
Alfred Klomp
1d42b3ea7e
pem2der.c: fix double-free bug
...
Found with Clang's `scan-build` tool.
load_file() allocates memory to a char** parameter. It then tries to fread() a
file, and if that fails, frees the memory and returns to caller. However, the
char** is not reset to NULL, which causes a double-free error when the caller
later passes it to free().
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
42cc641159
Don't print uninitialized buffer in ssl_mail_client
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9dbe7c5f17
Remove unreachable code from ssl_pthread_server
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858
Fix compile error in ssl_pthread_server
2014-08-14 11:34:33 +02:00
Paul Bakker
333fdeca3a
Properly initialize buf
2014-08-04 12:12:09 +02:00
Paul Bakker
3966d71fa8
gen_key should open file as binary for writing DER keys
2014-07-10 15:27:09 +02:00
Paul Bakker
d2a2d61a68
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
14e8be4d33
Adapted programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Paul Bakker
8cfd9d8c59
Adapt programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard
c5fd391e04
Check return value of ssl_set_xxx() in programs
2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
4e3e7c2944
Clarify comment in program
2014-07-08 14:20:26 +02:00
Paul Bakker
8fb99abaac
Merge changes for leaner memory footprint
2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard
481fcfde93
Make PSK_LEN configurable and adjust PMS size
2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
fae355e8ee
Add tests for ssl_set_renegotiation_enforced()
2014-07-04 14:32:27 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dea29c51fd
Extend request_size to small sizes in ssl_client2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0669f272e9
Fix printing large packets in ssl_server2
2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
8a4d571af8
Fix warnings in no-SSL configs
2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard
f9378d8f11
Fix dependencies on PEM in tests and programs
2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard
4505ed3c90
Fix missing free() with recent ssl_server2 options
2014-06-20 18:35:16 +02:00
Paul Bakker
3c38f29a61
Fix DER output of gen_key app (found by Gergely Budai)
2014-06-14 16:46:43 +02:00
Manuel Pégourié-Gonnard
7680698d02
Temporarily disable timing test on non-Linux
2014-06-13 18:04:42 +02:00
Paul Bakker
8880cb52f7
Handle missing CRL parsing gracefully
2014-06-12 23:22:26 +02:00
Paul Bakker
9b7fb6f68e
Prevent warning for possibly uninitialized variable in ssl_server2
2014-06-12 23:01:43 +02:00
Paul Bakker
508e573231
Merge tests for asn1write, XTEA and Entropy modules
2014-06-12 21:26:33 +02:00
Paul Bakker
14c78c93d5
Merge more SSL tests and required ssl_server2 additions
2014-06-12 21:24:34 +02:00
Manuel Pégourié-Gonnard
e1ac0f8c5d
Add back timing selftest with new hardclock test
2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard
8de259b953
Minor code simplification in ssl programs
2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard
95c0a63023
Add tests for ssl_get_bytes_avail()
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
e7a3b10dcc
Use ssl_get_bytes_avail() in ssl_server2.
2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
6dc0781aba
Add version_suites option to ssl_server2
2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard
4dd73925ab
Add entropy_self_test()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
dc019b9559
Use ssl_set_psk() only when a psk is given
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
fdee74b8d6
Simplify some option parsing code
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
80c8553a1a
Add psk_list option to ssl_server2: PSK callback
2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
9e27163acd
Refactor PSK parsing in ssl_server2
2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard
736699c08c
Add a dhm_file option to ssl_server2
2014-06-10 15:32:01 +02:00
Paul Bakker
1fd325309b
Add option 'crl_file' to cert_app
2014-05-28 11:36:38 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
b5212b436f
Merge CCM cipher mode and ciphersuites
...
Conflicts:
library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker
0c5e4290e1
benchmark application also works without POLARSSL_ERROR_C
2014-05-22 14:11:13 +02:00
Manuel Pégourié-Gonnard
58d78a8d70
Add CCM to benchmark
2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
a6916fada8
Add (placeholder) CCM module
2014-05-06 11:28:09 +02:00
Paul Bakker
525f87559f
Cast alpn_list to void * to prevent MSVC compiler warnings
2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard
cef4ad2509
Adapt sources to configurable config.h name
2014-04-30 16:40:20 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
93c32b21b3
Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN
2014-04-25 16:58:12 +02:00
Paul Bakker
fdba46885b
cert_write app should use subject of issuer certificate as issuer of cert
2014-04-25 11:48:35 +02:00
Paul Bakker
8a0c0a9ed9
Check additional return values in some test cases
2014-04-17 17:24:23 +02:00
Paul Bakker
df71dd1618
Cleaner initialization (values did not matter, but were uninitialized)
2014-04-17 16:03:48 +02:00
Paul Bakker
030decdb4e
Actually increment the loop counter to quit in ssl_fork_server
2014-04-17 16:03:23 +02:00
Paul Bakker
0c22610693
Cleaned up location of init and free for some programs to prevent memory
...
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Paul Bakker
cbe3d0d5cc
Added return value checking for correctness in programs
2014-04-17 16:00:59 +02:00
Paul Bakker
1cfc45835f
Add option 'use_dev_random' to gen_key application
2014-04-09 15:49:58 +02:00