yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 11:01:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
2828 commits 88 branches 205 tags 69 MiB
Commit graph

828 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard f9d778d635 Merge branch 'etm' into dtls 
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
 2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard 56d985d0a6 Merge branch 'session-hash' into dtls 
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
 2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard fedba98ede Merge branch 'fb-scsv' into dtls 
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
 2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard b575b54cb9 Forbid extended master secret with SSLv3 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard dd4592774b compat.sh: allow git version of gnutls 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 78e745fc0a Don't send back EtM extension if not using CBC 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 699cafaea2 Implement initial negotiation of EtM 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 85a4178f82 compat.sh: make options a bit more robust 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret 
(But not the actual thing yet.)
 2014-11-05 16:00:49 +01:00
Paul Bakker f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard a6ace04c5c Test for lost HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard f1384470bf Avoid spurious timeout in ssl-opt.sh 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard 74a1378175 Avoid false positive in ssl-opt.sh with memcheck 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard e698f59a25 Add tests for ssl_set_dtls_badmac_limit() 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard caecdaed25 Cosmetics in ssl_server2 & complete tests for HVR 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard 37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 127ab88dba Give more time to lossy tests with normal timers 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard ba958b8bdc Add test for server-initiated renego 
Just assuming the HelloRequest isn't lost for now
 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard 85beb30b11 Add test for resumption with non-blocking I/O 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard a59af05dce Give more time to tests that time out too often 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard 7a26d73735 Add test for session resumption 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard df9a0a8460 Drop unexpected ApplicationData 
This is likely to happen on resumption if client speaks first at the
application level.
 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard 37a4de2cec Use shorter timeouts in ssl-opt.sh proxy tests 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard 6093d81c20 Add tests with proxy and non-blocking I/O 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard 579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard bd97fdb3a4 Make ssl_server2's HVR handling more realistic 
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 36795197d9 Rm now useless MTU setting in compat.sh 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 7a66cbca75 Rm some redundant tests 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 9590e0a176 Add proxy tests with gnutls-srv & fragmentation 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl 
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard 08a1d4bce1 Fix bug with client auth with DTLS 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 1b753f1e27 Add test for renego with proxy 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 18e519a660 Add proxy tests with more handshake flows 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard 76fe9e41c1 Test that anti-replay ignores all duplicates 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard b47368a00a Add replay detection 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 825a49ed7c Add more udp_proxy tests 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard a6189f0fb0 udp_proxy wasn't actually killed 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard a0719727da Add tests with dropped packets 2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard 63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 990f9e428a Handle late handshake messages gracefully 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard be9eb877f7 Adapt ssl-opt.sh to allow using udp_proxy in tests 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard 0a65934ef3 Re-enable valgrind for all tests 
Now we can handle duplicated messages due to the peer re-sending (due to us
being soooo slow with valgrind)
 2014-10-21 16:30:24 +02:00