Commit graph

1104 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
32076e66be Fix programs for recent ECDSA changes 2015-03-31 13:32:39 +02:00
Manuel Pégourié-Gonnard
fa44f20b9f Change authmode default to Required on client 2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard
4b3e5ef59a Avoid duplicate #ifdefs in programs/ssl 2015-03-27 11:24:27 +01:00
Manuel Pégourié-Gonnard
b5410dbd96 Depend on PEM_PARsE_C when using test_cas_pem 2015-03-27 11:08:49 +01:00
Manuel Pégourié-Gonnard
a958d69a70 Rename test_ca_list to test_cas_pem 2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard
2f165060f0 Start introducing test_cas NULL-terminated list 2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard
75f901006b Add len constants to certs.c 2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard
abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281 Make hmac_ctx optional
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
003b3b132e Remove use of xxx_hmac() in program 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
a115def330 Fix tests and programs to use md_get_xxx() 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
aeab252fef Quit using deprecated ssl_set_bio() in programs 2015-03-25 20:21:29 +01:00
Manuel Pégourié-Gonnard
e46c6c38c9 Fix tests to work with DEPRECATED_REMOVED 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
d42b7c82ef Adapt programs to new RC4 default 2015-03-20 19:44:04 +00:00
Manuel Pégourié-Gonnard
7f7aebca02 Fix incomplete changes from merge 2015-03-13 17:19:39 +00:00
Manuel Pégourié-Gonnard
cc0d084820 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Actually use armcc for the armcc test ^^'
  Add more -O level variety in all.sh
  Document recent make changes
  build: Makefile: cleanup CFLAGS
  build: Makefile: cleanup LDFLAGS
  build: Makefile: simplify root Makefile
  build: Makefile: remove bashism

Conflicts:
	programs/Makefile
2015-03-13 16:32:40 +00:00
Alon Bar-Lev
f7a9f30348 build: Makefile: cleanup CFLAGS
CFLAGS are reserved for external interaction via make variable, the
following should work:

$ make CFLAGS="-O3"
$ CFLAGS="-O3" make

1. Move internal flags to LOCAL_CFLAGS
2. Respect external CFLAGS
3. CFLAGS should be last compiler flags.
4. Default CFLAGS is -O optimization, remove OFLAGS.
5. Add WARNING_CFLAGS to control warning setting and enable to remove
   if compiler does not support flags.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Alon Bar-Lev
ada4105ba2 build: Makefile: cleanup LDFLAGS
LDFLAGS are reserved for external interaction via make variable, the
following should work:

$ make LDFLAGS="-L/xxx"
$ LDFLAGS="-L/xxx" make

1. Move internal flags to LOCAL_LDFLAGS
2. Respect external LDFLAGS
3. LDFLAGS should be last linkage flags.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-03-13 13:34:25 +00:00
Manuel Pégourié-Gonnard
b6b16bddc3 Drop pbkdf2 module (superseded by pkcs5) 2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
83b04de09b Rename a few incidental references to PolarSSL 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
34be402270 Rm obsolete things (compat-1.2, openssl, etc) 2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard
e4d4890350 Finish renaming website 2015-03-06 13:40:52 +00:00
Manuel Pégourié-Gonnard
998897be3d Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Rename website and repository
  Move private macro from header to C file
  Add some missing 'static' on a few objects
  Fix whitespace issues
  Minor portability fix in benchmark
2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard
c439e7b099 Minor portability fix in benchmark
On embedded systems, argc might be 0 rather than 1 for no argument.
2015-03-03 13:12:00 +00:00
Manuel Pégourié-Gonnard
cd4cd1dd26 Merge branch 'development' into dtls
* development:
  Fix the fix to ssl_set_psk()
  Update Changelog
  Finish fixing memleak in ssl_server2 arg parsing
  Fix another potential memory leak found by find-mem-leak.cocci.
  Add a rule for another type of memory leak to find-mem-leak.cocci.
  Fix a potential memory leak found by find-mem-leak.cocci.
  Add a semantic patch to find potential memory leaks.
  Fix whitespace of 369e6c20.
  Apply the semantic patch rm-malloc-cast.cocci.
  Add a semantic patch to remove casts of malloc.
2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard
b199095ec9 Finish fixing memleak in ssl_server2 arg parsing
Fixes omission in 5c078e1
2015-02-18 09:32:06 +00:00
Manuel Pégourié-Gonnard
c35e90f8d4 Merge branch 'development' into dtls
* development:
  Fix missing #define if PLATFORM_C not here
2015-02-16 18:47:13 +00:00
Manuel Pégourié-Gonnard
c3e3395c82 Fix missing #define if PLATFORM_C not here 2015-02-16 18:46:20 +00:00
Manuel Pégourié-Gonnard
d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard
714929bf0d Fix issues introduced when rebasing 2015-02-16 17:32:47 +00:00
Manuel Pégourié-Gonnard
7defc7759d Code cosmetics 2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard
85391f2a65 Add curve25519 to the benchmark program 2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard
e579dab5f0 Fix compile issue when buffer_alloc not available 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
71e75dc2f0 Fix unused variable issue in some configs 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
50da0482e0 Add heap usage for PK in benchmark 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
128657d645 Use memory_buffer_alloc() in benchmark if available
Allows to measure memory by primitive.
2015-02-16 17:24:57 +00:00
Manuel Pégourié-Gonnard
3b8926c9d1 Adapt mini-client for config-suite-b.h 2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard
a6fc5b2c6a Add mini_client.c 2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard
ab025803ed Merge remote-tracking branch 'rich/platform' into development
* rich/platform:
  modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
  modify programs/*.c to use polarssl_snprintf
2015-02-16 16:10:51 +00:00
Manuel Pégourié-Gonnard
aff2976d10 Merge branch 'build' into development
* build:
  build: make: support windows cross compile
2015-02-16 15:26:09 +00:00
Manuel Pégourié-Gonnard
09eb14c01e Revert "Require unix-utils in path for windows make"
This reverts commit 5d46cca09a.

In preparation of merging an external contribution that superseedes this

Conflicts:
	ChangeLog
2015-02-16 15:25:31 +00:00
Mansour Moufid
c531b4af3c Apply the semantic patch rm-malloc-cast.cocci.
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard
671589d9a2 Fix return code in cert_app 2015-02-16 09:24:08 +00:00
Manuel Pégourié-Gonnard
401caadebd Align ssl_read in fork_server on ssl_server
It was the only program using a weird do while( 0 ) with a continue inside
2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard
f53df4fcd8 Fix unchecked return values in mpi_demo 2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard
5c078e17b9 Fix memory leak on bad arguments in ssl_server2
Not a big deal, but was annoying in coverity results.
2015-02-16 09:13:40 +00:00
Alon Bar-Lev
18ba0cce8b build: make: support windows cross compile
Add WINDOWS_BUILD macro to enable Windows build on *NIX host.

Add optional suffix for executables.

Fix shared object suffix logic to support multiple suffixes.

Fix soname handling to always match output.

WINDOWS macro sets WINDOWS_BUILD.

WINDOWS_BUILD sets .exe executable suffix.

WINDOWS_BUILD shared mode creates dll import library.

WINDOWS_BUILD shared mode link against dll.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-02-14 01:20:17 +02:00
Rich Evans
012acfc20f modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 16:52:49 +00:00
Rich Evans
b92965be74 modify programs/*.c to use polarssl_snprintf 2015-02-13 16:51:44 +00:00
Manuel Pégourié-Gonnard
ac1f76c362 Merge remote-tracking branch 'rich/platform' into development
* rich/platform:
  Remove dependency on sscanf in lib x509
  Fix extra guard in memory_buffer_alloc
  rebase from development
  implemented macro overriding for polarssl_* library functions
  fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined
  add initial symbols to config and checks to check_config to allow use of macros to define standard functions
  reformat and arrange additions to config alphabetically
  add missing checks to check_config
  add macro definition of assert using polarssl_exit
  modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
  add POLARSSL_PLATFORM_EXIT_ALT
  modify scripts/* and tests/* to use polarssl_snprintf
  modify programs/*.c to use polarssl_snprintf
  modify library/debug.c to use polarssl_snprintf
  modify library/x509*.c to use polarssl_snprintf
  modify library/net.c to use polarssl_snprintf
  modify oid.c to use polarssl_snprintf
  add platform_set_snprintf

Conflicts:
	library/memory_buffer_alloc.c
	programs/pkey/pk_sign.c
	programs/pkey/pk_verify.c
	programs/pkey/rsa_sign_pss.c
	programs/pkey/rsa_verify_pss.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_pthread_server.c
	programs/test/benchmark.c
	programs/test/ssl_cert_test.c
2015-02-13 15:11:24 +00:00
Manuel Pégourié-Gonnard
6c5abfa42b Style: fix trailing spaces 2015-02-13 14:12:07 +00:00
Manuel Pégourié-Gonnard
013bffe5a7 Style: add spaces before line continuation 2015-02-13 14:09:44 +00:00
Rich Evans
77d3638497 modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 13:50:26 +00:00
Rich Evans
783d9d1c3e modify programs/*.c to use polarssl_snprintf 2015-02-13 13:50:26 +00:00
Rich Evans
85b05ec389 Cleanup programs further
removed casting of main args to void
2015-02-13 13:50:05 +00:00
Rich Evans
18b78c7498 cleanup programs
Clean up the contents of programs, add more guards to includes, move all
defines to the top of the top of files, remove some unused includes
2015-02-13 13:50:05 +00:00
Manuel Pégourié-Gonnard
5d46cca09a Require unix-utils in path for windows make 2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard
1cc0a3405c Fix missing includes in program 2015-02-10 12:18:15 +00:00
Manuel Pégourié-Gonnard
6f60cd848b Move from SHA-1 to SHA-256 as default in programs 2015-02-10 11:31:58 +00:00
Manuel Pégourié-Gonnard
f224678864 Fix remaining printfs in programs 2015-01-29 13:29:20 +00:00
Manuel Pégourié-Gonnard
226d37ac6f Fix merge issue 2015-01-29 13:15:48 +00:00
Manuel Pégourié-Gonnard
b8a923db2b Merge branch 'development' into dtls
* development:
  Fix left out printf's
2015-01-29 11:53:35 +00:00
Manuel Pégourié-Gonnard
7e81e7003f Fix left out printf's 2015-01-29 11:47:41 +00:00
Manuel Pégourié-Gonnard
3d2c4b70f2 Fix url in new files 2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard
2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
3f738ca40a Move some ignore patterns to subdirectories 2015-01-28 15:33:23 +00:00
veggie
64a5799637 Minor nits with stdout/stderr. 2015-01-28 15:21:42 +00:00
wslfa
cc334eff3e aescrypt2.c local char array not initial
I change the main() function to a normal function, use many threads call it. so, in concurrent situation, these initial operation is necessary.
2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard
478fac4075 Fix usage string of ssl_client2
Found by Hannes Mehnert
2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard
7c9e75a836 Remove a few useless #defines 2015-01-28 15:28:29 +01:00
Rich Evans
f90016aade Use platform layer in programs for consistency. 2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard
9014b6f227 Rename project in CMake
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard
6a4ae35788 Link to new name in programs & tests Makefiles 2015-01-27 14:03:24 +01:00
Manuel Pégourié-Gonnard
d43ccb66fb Quit using deprecated header. 2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard
c26a092b50 Rename static lib name with make 2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard
dba564bc79 Fix files that are not in development 2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard
df6411d8d8 Merge branch 'development' into dtls
* development:
  Fix website url to use https.
  Remove maintainer line.
  Remove redundant "all rights reserved"
2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
9169921271 Rename to mbed TLS in examples 2015-01-22 16:26:39 +00:00
Manuel Pégourié-Gonnard
b64d9a79a4 Remove old test certificates.
Avoid duplication with those in tests/data_files
2015-01-22 16:25:32 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
3a173f497b Merge branch 'development' into dtls
* development:
  Fix error code description.
  generate_errors.pl now errors on duplicate codes
  Avoid nested if's without braces.
  Move renego SCSV after actual ciphersuites
  Fix send_close_notify usage.
  Rename variable for clarity
  Improve script portability

Conflicts:
	library/ssl_srv.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard
34377b1e1c Fix send_close_notify usage. 2015-01-22 10:46:46 +00:00
Manuel Pégourié-Gonnard
6a0017b7c0 Rename variable for clarity 2015-01-22 10:33:29 +00:00
Manuel Pégourié-Gonnard
23eb74d8b5 Fix issues with new defaults 2015-01-21 14:37:13 +00:00
Manuel Pégourié-Gonnard
67505bf9e8 Merge branch 'development' into dtls
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard
bfccdd3c92 Merge commit '36adc36' into dtls
* commit '36adc36':
  Add support for getrandom()
  Use library default for trunc-hmac in ssl_client2
  Make truncated hmac a runtime option server-side
  Fix portability issue in script
  Specific error for suites in common but none good
  Prefer SHA-1 certificates for pre-1.2 clients
  Some more refactoring/tuning.
  Minor refactoring

Conflicts:
	include/polarssl/error.h
	include/polarssl/ssl.h
	library/error.c
2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard
0017c2be48 Merge commit '9835bc0' into dtls
* commit '9835bc0':
  Fix racy test.
  Fix stupid error in previous commit
  Don't check errors on ssl_close_notify()
  Fix char signedness issue
  Fix issue with non-blocking I/O & record splitting
  Fix warning

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard
8fbb01ec84 Merge commit 'b2eaac1' into dtls
* commit 'b2eaac1':
  Stop assuming chars are signed
  Add tests for CBC record splitting
  Fix tests that were failing with record splitting
  Allow disabling record splitting at runtime
  Add 1/n-1 record splitting
  Enhance doc on ssl_write()

Conflicts:
	include/polarssl/ssl.h
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard
0af1ba3521 Merge commit 'f6080b8' into dtls
* commit 'f6080b8':
  Fix warning in reduced configs
  Adapt to "negative" switch for renego
  Add tests for periodic renegotiation
  Make renego period configurable
  Auto-renegotiate before sequence number wrapping
  Update Changelog for compile-option renegotiation
  Switch from an enable to a disable flag
  Save 48 bytes if SSLv3 is not defined
  Make renegotiation a compile-time option
  Add tests for renego security enforcement

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/ssl/ssl_server2.c
	tests/ssl-opt.sh
2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5 Merge commit '8b9bcec' into dtls
* commit '8b9bcec':
  Stop assuming chars are signed
  Fix len miscalculation in buffer-based allocator
  Fix NULL dereference in buffer-based allocator
  Add test_suite_memory_buffer_alloc
  Add memory_buffer_alloc_self_test()
  Fix missing bound check
  Add test for ctr_drbg_update() input sanitizing
  Refactor for clearer correctness/security
  Stop assuming chars are signed

Conflicts:
	library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker
5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Paul Bakker
c82b7e2003 Merge option to disable truncated hmac on the server-side 2015-01-14 16:16:55 +01:00
Manuel Pégourié-Gonnard
a92ed4845c Fix stupid error in previous commit
Since ret is no longer update by close_notify(), we need to reset it to 0
after a successful write.
2015-01-14 10:46:53 +01:00
Manuel Pégourié-Gonnard
687f89beab Don't check errors on ssl_close_notify()
Depending on timing we might get different errors (conn_reset, write failed)
and ignoring them all ends up being almost the same as just not checking
errors.
2015-01-13 21:48:12 +01:00
Paul Bakker
b2eaac154b Stop assuming chars are signed 2015-01-13 17:15:31 +01:00
Paul Bakker
f3561154ff Merge support for 1/n-1 record splitting 2015-01-13 16:31:34 +01:00
Paul Bakker
f6080b8557 Merge support for enabling / disabling renegotiation support at compile-time 2015-01-13 16:18:23 +01:00
Paul Bakker
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Paul Bakker
8b9bcecaae Stop assuming chars are signed 2015-01-13 15:59:55 +01:00
Manuel Pégourié-Gonnard
5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Paul Bakker
d9e2dd2bb0 Merge support for Encrypt-then-MAC 2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard
fa06581c73 Disable RC4 by default in example programs. 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
bd47a58221 Add ssl_set_arc4_support()
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard
982865618a Stop assuming chars are signed
(They aren't on ARM by default.)
2015-01-12 19:17:05 +01:00
Manuel Pégourié-Gonnard
448ea506bf Set min version to TLS 1.0 in programs 2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard
265fe997ff Use library default for trunc-hmac in ssl_client2 2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard
e117a8fc0d Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard
c82ee3555f Fix tests that were failing with record splitting 2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard
590f416142 Add tests for periodic renegotiation 2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard
615e677c0b Make renegotiation a compile-time option 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
85d915b81d Add tests for renego security enforcement 2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard
d3b90f797d Fix bug in ssl_client2 reconnect option 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
f29e5de09d Cosmetics in ssl_server2 2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard
0975ad928d Merge branch 'etm' into dtls
* etm:
  Fix some more warnings in reduced configs
  Fix typo causing MSVC errors
2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard
be6ce835a2 Fix typo causing MSVC errors 2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard
3a3066c3ee ssl_server2 now exits on signal during a read too 2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard
403a86f73d ssl_server2: exit cleanly on SIGINT too 2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard
49aa99e653 Fix exit codes in cert_app 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
f9d778d635 Merge branch 'etm' into dtls
* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM

Conflicts:
	include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
fedba98ede Merge branch 'fb-scsv' into dtls
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
a6ace04c5c Test for lost HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
e698f59a25 Add tests for ssl_set_dtls_badmac_limit() 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
e63582a166 Add dlts_client.c and dtls_server.c 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
dc6a75a952 ERR_NET_CONN_RESET can't happen with UDP 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
caecdaed25 Cosmetics in ssl_server2 & complete tests for HVR 2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard
2d87e419e0 Adapt ssl_{client,server}2.c to datagram write 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
994f8b554f Ok for close_notify to fail 2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
a9d7d03e30 SIGTERM also interrupts server2 during net_read() 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
6a2bc23f63 Allow exchanges=0 in ssl_server2
Useful for testing with defensics with no data exchange
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
cce220d6aa Adapt ssl_server2 to datagram-style read 2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard
85beb30b11 Add test for resumption with non-blocking I/O 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
f1e0df3ccd Allow ssl_client2 to resend on read timeout 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
6b65141718 Implement ssl_read() timeout (DTLS only for now) 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
d823bd0a04 Add handshake_timeout option to test server/client 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
ce8588c9ef Make udp_proxy more robust
There seemed to be some race conditions with server closing its fd right after
sending HelloVerifyRequest causing the proxy to exit after a failed read.
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
f03651217c Adapt programs to use nbio with DTLS 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard
bd97fdb3a4 Make ssl_server2's HVR handling more realistic
It makes not sense to keep the connection open until the client is verified.
Until now it was useful since closing it crates a race where the second
ClientHello might be lost. But now that our client is able to resend, that's
not an issue any more.
2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard
fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
ae666c5092 proxy: avoid always dropping the same packet 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
8cc7e03ae0 udp_proxy: show encrypted messages as encrypted 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
6265d305f1 Fix some delayed packets going the wrong way 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
bf02319b58 udp_proxy: don't overwrite delayed packets 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
6312e0f4e6 udp_proxy: allow successive clients 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
484b8f9ed8 Fix bug in ssl_client2 reconnect option 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
b46780edee Enlarge udp_proxy's message buffer 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
ae8d2399a5 udp_proxy: also drop messages from the last flight 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
992e13665d Make decisions pseudo-random in udp_proxy 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
bc010a045c udp_proxy: don't drop messages in the last flight
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
b6440a496b ssl_server2 now dies on SIGTERM during a read 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
7cf3518284 Enhance output of udp_proxy (with time) 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
a014829024 Use ssl_set_bio_timeout() in test client/server 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard
63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
6c18a39807 Add option 'bad_ad' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
eb00bfd9c2 Add option 'mtu' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
81f2fe9f08 Add option 'delay_ccs' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
60fdd7e0f2 Add option 'drop' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
21398c37c0 Add option 'delay' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
2c41bd85e0 Add a 'duplicate' option to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
44d5e63e6a Enhance output of udp_proxy 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
cb4137b646 Add test utility udp_proxy
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
4ba6ab6d0d Fix glitch with HelloVerifyRequest
With the close-rebind strategy, sometimes the second ClientHello was lost (if
received before close), and since our client doesn't resend yet, the tests
would fail (no problem with other client that resend). Anyway, it's not really
clean to lose messages.
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
26820e3061 Add option 'cookies' to ssl_server2 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
a64acd4f84 Add separate SSL_COOKIE_C define 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
336b824f07 Use ssl_set_client_transport_id() in ssl_server2 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
ae5050c212 Start adapting ssl_client2 to datagram I/O 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
798f15a500 Fix version adjustments with force_ciphersuite 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
fe3f73bdeb Allow force_version to select DTLS 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
8a06d9c5d6 Actually use UDP for DTLS in test client/server 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa Add UDP support to the NET module 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
83218f1da1 Add dtls version aliases to test serv/cli 2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0 More ssl_set_XXX() functions can return BAD_INPUT 2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
e29fd4beaf Add a dtls option to test server and client 2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
f138874811 Properly send close_notify in ssl_client2 2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard
a8c0a0dbd0 Add "exchanges" option to test server and client
Goal is to test renegotiation better: we need more than one exchange for
server-initiated renego to work reliably (the previous hack for this wouldn't
work with non-blocking I/O and probably not with DTLS either).

Also check message termination in a semi-realistic way.
2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard
296e3b1174 Request renego before write in ssl_server2
Will be useful for:
- detecting termination of messages by other means than connection close
- DTLS (can be seen as a special case of the above: datagram-oriented)
2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard
e08660e612 Fix ssl_read() and close_notify error handling in programs 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
67686c42e6 Fix undocumented option in ssl_server2 2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard
250b1ca6f3 Fix ssl_server2 exiting on recoverable errors 2014-08-19 10:34:37 +02:00
Paul Bakker
bc3e54c70d Fix overly rigorous defines in ssl_server2.c 2014-08-18 14:36:17 +02:00
Paul Bakker
d153ef335f Missing dependencies on POLARSSL_ECP_C fixed 2014-08-18 12:00:28 +02:00
Paul Bakker
09c9dd80ef Revert 42cc641. Issue already fixed in 333fdec. 2014-08-18 11:06:56 +02:00
Paul Bakker
c1283d3f4c Only use signal() in ssl_server2 on non-Windows platforms 2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard
dcab293bd4 Get rid of SERVERQUIT code in ssl_{client,server}2 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
db49330e08 ssl_server2 aborts cleanly on SIGTERM
(while waiting for a new connection)
2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard
a39416ff38 Fix bounds and error checking in gen_key.c 2014-08-14 11:34:35 +02:00
Alfred Klomp
7c03424d1c ssl_mail_client.c: silence warning, check base64_encode() status
Found with Clang's `scan-build` tool.

ssl_mail_client.c does a dead store by assigning the return value of
base64_encode() to `len` and not using the value.  This causes
scan-build to issue a warning.

Instead of storing the return value into `len`, store it to `ret`, since
base64_encode() returns a status code, not a length. Also check if the
return value is nonzero and print an error; this silences scan-build.
2014-08-14 11:34:35 +02:00
Alfred Klomp
5b78f219d0 ssl_test.c: remove dead store, assign at declaration
Found with Clang's `scan-build` tool.

The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-08-14 11:34:34 +02:00
Alfred Klomp
1d42b3ea7e pem2der.c: fix double-free bug
Found with Clang's `scan-build` tool.

load_file() allocates memory to a char** parameter. It then tries to fread() a
file, and if that fails, frees the memory and returns to caller. However, the
char** is not reset to NULL, which causes a double-free error when the caller
later passes it to free().
2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
42cc641159 Don't print uninitialized buffer in ssl_mail_client 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
9dbe7c5f17 Remove unreachable code from ssl_pthread_server 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard
955028f858 Fix compile error in ssl_pthread_server 2014-08-14 11:34:33 +02:00
Paul Bakker
333fdeca3a Properly initialize buf 2014-08-04 12:12:09 +02:00
Paul Bakker
3966d71fa8 gen_key should open file as binary for writing DER keys 2014-07-10 15:27:09 +02:00
Paul Bakker
d2a2d61a68 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker
14e8be4d33 Adapted programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Paul Bakker
8cfd9d8c59 Adapt programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard
c5fd391e04 Check return value of ssl_set_xxx() in programs 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
4e3e7c2944 Clarify comment in program 2014-07-08 14:20:26 +02:00
Paul Bakker
8fb99abaac Merge changes for leaner memory footprint 2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard
481fcfde93 Make PSK_LEN configurable and adjust PMS size 2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard
fae355e8ee Add tests for ssl_set_renegotiation_enforced() 2014-07-04 14:32:27 +02:00
Paul Bakker
2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
dea29c51fd Extend request_size to small sizes in ssl_client2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
0669f272e9 Fix printing large packets in ssl_server2 2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard
8a4d571af8 Fix warnings in no-SSL configs 2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard
f9378d8f11 Fix dependencies on PEM in tests and programs 2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard
4505ed3c90 Fix missing free() with recent ssl_server2 options 2014-06-20 18:35:16 +02:00
Paul Bakker
3c38f29a61 Fix DER output of gen_key app (found by Gergely Budai) 2014-06-14 16:46:43 +02:00
Manuel Pégourié-Gonnard
7680698d02 Temporarily disable timing test on non-Linux 2014-06-13 18:04:42 +02:00
Paul Bakker
8880cb52f7 Handle missing CRL parsing gracefully 2014-06-12 23:22:26 +02:00
Paul Bakker
9b7fb6f68e Prevent warning for possibly uninitialized variable in ssl_server2 2014-06-12 23:01:43 +02:00
Paul Bakker
508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00
Paul Bakker
14c78c93d5 Merge more SSL tests and required ssl_server2 additions 2014-06-12 21:24:34 +02:00
Manuel Pégourié-Gonnard
e1ac0f8c5d Add back timing selftest with new hardclock test 2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard
8de259b953 Minor code simplification in ssl programs 2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard
95c0a63023 Add tests for ssl_get_bytes_avail() 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
e7a3b10dcc Use ssl_get_bytes_avail() in ssl_server2. 2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard
6dc0781aba Add version_suites option to ssl_server2 2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard
4dd73925ab Add entropy_self_test() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
dc019b9559 Use ssl_set_psk() only when a psk is given 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
fdee74b8d6 Simplify some option parsing code 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
80c8553a1a Add psk_list option to ssl_server2: PSK callback 2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard
9e27163acd Refactor PSK parsing in ssl_server2 2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard
736699c08c Add a dhm_file option to ssl_server2 2014-06-10 15:32:01 +02:00
Paul Bakker
1fd325309b Add option 'crl_file' to cert_app 2014-05-28 11:36:38 +02:00
Paul Bakker
1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker
b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker
0c5e4290e1 benchmark application also works without POLARSSL_ERROR_C 2014-05-22 14:11:13 +02:00
Manuel Pégourié-Gonnard
58d78a8d70 Add CCM to benchmark 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker
525f87559f Cast alpn_list to void * to prevent MSVC compiler warnings 2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker
93c32b21b3 Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN 2014-04-25 16:58:12 +02:00
Paul Bakker
fdba46885b cert_write app should use subject of issuer certificate as issuer of cert 2014-04-25 11:48:35 +02:00
Paul Bakker
8a0c0a9ed9 Check additional return values in some test cases 2014-04-17 17:24:23 +02:00
Paul Bakker
df71dd1618 Cleaner initialization (values did not matter, but were uninitialized) 2014-04-17 16:03:48 +02:00
Paul Bakker
030decdb4e Actually increment the loop counter to quit in ssl_fork_server 2014-04-17 16:03:23 +02:00
Paul Bakker
0c22610693 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Paul Bakker
cbe3d0d5cc Added return value checking for correctness in programs 2014-04-17 16:00:59 +02:00
Paul Bakker
1cfc45835f Add option 'use_dev_random' to gen_key application 2014-04-09 15:49:58 +02:00
Manuel Pégourié-Gonnard
0f79babd4b Disable timing_selftest() for now 2014-04-09 15:49:51 +02:00
Paul Bakker
17b85cbd69 Merged additional tests and improved code coverage
Conflicts:
	ChangeLog
2014-04-08 14:38:48 +02:00
Paul Bakker
0763a401a7 Merged support for the ALPN extension 2014-04-08 14:37:12 +02:00
Shuo Chen
95a0d118a9 Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined. 2014-04-08 10:53:51 +02:00
Manuel Pégourié-Gonnard
1bd2281260 Add an alpn option to ssl_client2 and ssl_server2 2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard
13a1ef8600 Misc selftest adjustements 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5 Add timing_self_test() with consistency tests 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
388dac4037 Still test pbkdf2 while it's there 2014-04-04 16:33:00 +02:00
Manuel Pégourié-Gonnard
6b0d268bc9 Add ssl_close_notify() to servers that missed it 2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard
00d538f8f9 Disable renegotiation by default in example cli/srv 2014-03-31 11:03:06 +02:00
Paul Bakker
5a1d687274 Fixed typo introduced in 486485b 2014-03-26 11:20:05 +01:00
Manuel Pégourié-Gonnard
486485bc07 PBKDF2 -> PKCS5 in selftest.c 2014-03-20 09:59:51 +01:00
Paul Bakker
a4b0343edf Merged massive SSL Testing improvements 2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard
84fd6877c6 Use ssl_client2 to terminate ssl_server2 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5b2d776d2a GnuTLS in compat.sh: server-side 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
3e1b178ba2 Add options for no certificates in test srv/cli 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard
5575316385 Add options for non-blocking I/O in test cli & srv 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
0d8780b2cd Add a server_adrr option to ssl_client2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
5d917ff6a8 Add a 'sni' option to ssl_server2 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard
dbe1ee1988 Add tests for session ticket lifetime 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
c55a5b7d6f Add tests for cache timeout 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
4c88345f19 Add test for ssl_cache max_entries 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
780d671f9d Add tests for renegotiation 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
2fc243d06a Rearrange help messages of example cli/srv 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard
fcf2fc2960 Make auth_mode=required the default in ssl_client2 2014-03-13 19:25:07 +01:00
Manuel Pégourié-Gonnard
844a4c0aef Fix RSASSA-PSS example programs 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
c580a00e3c Print protocol version in example cli/srv 2014-02-12 10:15:30 +01:00
Paul Bakker
64abd83b67 Fixed file descriptor leak in generic_sum 2014-02-06 15:03:06 +01:00
Paul Bakker
247b487d61 Missing 'else' in gen_key 2014-02-06 14:33:52 +01:00
Gergely Budai
a5d336bcec Increase title size (fits to increased curve names). Give verbose errors on failures. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
fef0f8f55a Add HMAC_DRBG to benchmark 2014-01-30 23:17:33 +01:00
Paul Bakker
d75ba40cc3 SMTP lines are officially terminated with CRLF, ssl_mail_client fixed 2014-01-24 16:12:18 +01:00
Paul Bakker
5eb264cfa7 Minor fixes to o_p_test.c (CMakeLists.txt and includes) 2014-01-23 15:47:29 +01:00
Paul Bakker
5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Manuel Pégourié-Gonnard
2f5217ea02 Gitignore ssl_pthread_server 2014-01-22 12:56:06 +01:00
Manuel Pégourié-Gonnard
1744d72902 Add RIPEMD-160 to selftest 2014-01-17 14:46:36 +01:00
Manuel Pégourié-Gonnard
01b0b38421 Add RIPEMD-160 to benchmark 2014-01-17 14:29:46 +01:00
Paul Bakker
caf0e60969 Forced cast to unsigned int for %u format in the ecdsa application 2013-12-30 19:15:48 +01:00
Paul Bakker
f0fc2a27b0 Properly put the pragma comment for the MSVC linker in defines 2013-12-30 15:42:43 +01:00
Paul Bakker
29e86eae29 Removed 'z' length modifier from format in ecdsa program 2013-12-30 15:38:48 +01:00
Paul Bakker
3e72f6effd Only search for Pthread on Windows platforms 2013-12-30 15:28:46 +01:00
Paul Bakker
f9c4953e39 Added version of the SSL pthread server example 2013-12-30 14:55:54 +01:00
Paul Bakker
5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Paul Bakker
f70fe81a6e Fixed memory leak in benchmark application 2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
18d31f8e59 Make listening address configurable in ssl_server2 2013-12-17 12:00:57 +01:00
Paul Bakker
014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard
6e16cdb37c Allow curve selection in gen_key 2013-11-30 15:32:47 +01:00
Paul Bakker
fdda785248 Removed dependency on unistd.h for MSVC in apps 2013-11-30 15:15:31 +01:00
Paul Bakker
840ab20ea2 Explicit conversions to int from size_t for MSVC (64-bit) in apps 2013-11-30 15:14:38 +01:00
Paul Bakker
c97f9f6465 Removed making commandline arguments case insensitive 2013-11-30 15:14:11 +01:00
Manuel Pégourié-Gonnard
49d738b50d Ignore file generated by gen_key 2013-11-30 14:39:15 +01:00
Manuel Pégourié-Gonnard
8c237710a0 Start adding EC support in gen_key 2013-11-30 14:36:54 +01:00
Paul Bakker
a8239a4490 Removed Windows auto-spawn client code 2013-11-29 11:16:37 +01:00
Manuel Pégourié-Gonnard
0f2eacbd09 crypt_and_hash: check MAC earlier 2013-11-26 15:19:57 +01:00
Paul Bakker
e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker
8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
5e1e61124a Insert warning about time in dh_genprime 2013-11-22 21:16:10 +01:00
Paul Bakker
993e386a73 Merged renegotiation refactoring 2013-10-31 14:32:38 +01:00
Manuel Pégourié-Gonnard
291f9af935 Make all hash checking in programs constant-time 2013-10-31 14:22:27 +01:00
Paul Bakker
424cd6943c Check HMAC in constant-time in crypt_and_hash 2013-10-31 14:22:08 +01:00
Manuel Pégourié-Gonnard
6d8404d6ba Server: enforce renegotiation 2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard
9c1e1898b6 Move some code around, improve documentation 2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard
f3dc2f6a1d Add code for testing server-initiated renegotiation 2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard
53b3e0603b Add code for testing client-initiated renegotiation 2013-10-30 16:46:46 +01:00
Paul Bakker
60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker
93c6aa4014 Fixed that selfsign copies issuer_name to subject_name 2013-10-28 22:29:11 +01:00
Paul Bakker
08bb187bb6 Merged Public Key framwork tests 2013-10-28 14:11:09 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard
b0a467fdbe Start adding a PK test suite 2013-10-15 15:19:59 +02:00
Paul Bakker
f34673e37b Merged RSA-PSK key-exchange and ciphersuites 2013-10-15 12:46:41 +02:00
Paul Bakker
376e8153a0 Merged ECDHE-PSK ciphersuites 2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard
8a3c64d73f Fix and simplify *-PSK ifdef's 2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard
1b62c7f93d Fix dependencies and related issues 2013-10-14 14:02:19 +02:00
Paul Bakker
b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Manuel Pégourié-Gonnard
2f77ce3658 Fix forgotten snprintf define for MSVC 2013-10-11 09:17:19 +02:00
Manuel Pégourié-Gonnard
22f64c8a9a Cosmetics in benchmark 2013-10-10 13:21:48 +02:00
Paul Bakker
1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker
1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker
396333e0a3 Updated ssl_test to handle EOF return value 2013-09-28 11:08:43 +02:00
Manuel Pégourié-Gonnard
a0fdf8b0a0 Simplify the way default certs are used 2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard
641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
ac8474fb1c Changed default cert loading in ssl_server2 2013-09-25 11:35:15 +02:00
Manuel Pégourié-Gonnard
b095a7bf29 Offer both RSA and ECDSA by default in ssl_server2 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
3ebb2cdb52 Add support for multiple server certificates 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Paul Bakker
15b9b3a7e0 Key generation tool 2013-09-23 13:25:44 +02:00
Manuel Pégourié-Gonnard
abd6e02b7b Rm _CRT_SECURE_NO_DEPRECATE for programs
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
3bd2aae5a5 Add forgotten initializations 2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
7831b0cb3c A few more issues with small configurations 2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard
a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
92e5b59355 Fix some dependencies/warnings in programs 2013-09-20 10:58:58 +02:00
Manuel Pégourié-Gonnard
da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
803bb312a3 Remove ecp-bench (now in general benchmark) 2013-09-18 15:37:43 +02:00
Paul Bakker
940f9ce515 Added pk_decrypt, pk_encrypt, pk_sign, pk_verify example applications 2013-09-18 15:34:57 +02:00
Paul Bakker
2e24ca74b0 Updated key_app.c and key_app_writer.c for EC key printing 2013-09-18 15:25:16 +02:00
Manuel Pégourié-Gonnard
cc34f95b43 Include ECDSA and ECDH in benchmark 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
ed7cbe92d5 Allow selection of what to benchmark 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
8271f2ffb5 Shorten benchmark source using macros and loops 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
568c9cf878 Add ecp_supported_curves and simplify some code 2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard
1b57878e4a Add missing VS project files, generated by script 2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
68821da01e Fix clang warnings in applications
Some fd would be used uninitialized if we goto exit early.
2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard
4cf0686d6d Remove spurious '+ 3' in ecdsa_write_signature() 2013-09-18 14:34:33 +02:00
Paul Bakker
c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
7fc7fa630f cert_write application also works without POLARSSL_X509_CSR_PARSE_C 2013-09-17 14:44:00 +02:00
Paul Bakker
36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker
30520d1776 Moved rsa_sign_pss / rsa_verify_pss to use PK for key reading 2013-09-17 11:39:31 +02:00
Paul Bakker
1525495330 Key app updated to support pk_context / ECP keypairs 2013-09-17 11:24:56 +02:00
Paul Bakker
7504d7f806 Fixed X509 define in selftest.c 2013-09-16 22:56:18 +02:00
Paul Bakker
7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker
ace02867f6 Do not lowercase key values in arguments in cert_app.c 2013-09-16 21:40:34 +02:00
Paul Bakker
40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker
9a97c5d894 Fixed warnings in case application dependencies are not met 2013-09-15 17:07:33 +02:00
Paul Bakker
c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Paul Bakker
9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
26b4d45f49 Fix key_app_writer 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Paul Bakker
8f0423afbc Fix for benchmark app after GCM refactoring merge 2013-09-10 14:51:50 +02:00
Paul Bakker
c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker
b2d7f23592 Ability to selfsign certificates added to cert_write app 2013-09-09 16:24:18 +02:00
Paul Bakker
4122f3eacf Removed POLARSSL_ERROR_C define and added as requirement defing for
cert_req and cert_write apps
2013-09-09 16:01:46 +02:00
Paul Bakker
80d44fee2e Moved 'define handling code' to top 2013-09-09 15:59:20 +02:00
Paul Bakker
e2673fb34b cert_write app now parses presented CSR for subject name and key 2013-09-09 15:56:09 +02:00
Paul Bakker
f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker
8693274219 Small typo in usage of cert_req app 2013-09-09 14:09:42 +02:00
Paul Bakker
1014e95775 Use issuer_name from the issuer_certificate in cert_write app 2013-09-09 13:59:42 +02:00
Paul Bakker
52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Manuel Pégourié-Gonnard
e8ea0c0421 Fix exit value on SERVERQUIT 2013-09-08 20:08:24 +02:00
Manuel Pégourié-Gonnard
ce6352a791 Add benchmark for fixed-DHM with blinding 2013-09-07 13:05:52 +02:00
Manuel Pégourié-Gonnard
1a2012459b Fix undetected errors in benchmark
dhm_calc_secret() was exiting early, leading to wrong results
2013-09-07 12:27:35 +02:00
Manuel Pégourié-Gonnard
337b29c334 Test and document EC blinding overhead 2013-09-07 11:52:27 +02:00
Paul Bakker
15162a054a Writing of X509v3 extensions supported
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard
cac5f7d737 Update benchmarks for new prototypes 2013-09-04 17:19:18 +02:00
Manuel Pégourié-Gonnard
2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker
577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Paul Bakker
0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker
f3df61ad10 Generalized PEM writing in x509write module for RSA keys as well 2013-08-26 17:37:18 +02:00
Paul Bakker
135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker
57be6e22cf cert_req now supports key_usage and ns_cert_type command line options 2013-08-26 17:37:18 +02:00
Manuel Pégourié-Gonnard
38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker
8adf13bd92 Added pem2der utility application 2013-08-26 10:38:54 +02:00
Paul Bakker
82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
384d4351ce Added cert_req to CMakeLists.txt 2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
7e56de1671 Adapt ssl_cert_test to changes in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
bf3109fd41 Add forgotten ecdsa_free() in ecdsa example 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
e09631b7c4 Create ecp_group_copy() and use it 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard
aa431613b3 Add ecdsa example program 2013-08-20 20:08:29 +02:00
Paul Bakker
1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker
05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker
a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard
aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
cf2e97eae2 ssl_client2: allow reconnecting twice 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard
aaa1eab55a Add an option to reconnect in ssl_client2
Purpose: test resuming sessions.
2013-08-14 14:08:04 +02:00
Paul Bakker
66c4810ffe Better handling of ciphersuite version range and forced version in
ssl_client2
2013-07-26 14:05:32 +02:00
Paul Bakker
6c85279719 Newline fixes in help text for ssl_client2 / ssl_server2 2013-07-26 14:02:13 +02:00
Paul Bakker
dbd79ca617 ssl_client2 and ssl_server2 now exit with 1 on errors (shell
limitations)
2013-07-24 16:28:35 +02:00
Paul Bakker
8c1ede655f Changed prototype for ssl_set_truncated_hmac() to allow disabling 2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard
e980a994f0 Add interface for truncated hmac 2013-07-19 14:51:47 +02:00
Paul Bakker
5b55b79021 Better handling of ciphersuite version range and forced version in
ssl_server2
2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard
e048b67d0a Misc minor fixes
- avoid "multi-line comment" warning in ssl_client2.c
- rm useless initialisation of mfl_code in ssl_init()
- const-correctness of ssl_parse_*_ext()
- a code formating issue
2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard
0c017a55e0 Add max_frag_len option in ssl_server2
Also reformat code and output more information in ssl_client2
2013-07-18 14:07:36 +02:00
Paul Bakker
8e714d7aca Modified LONG_RESPONSE and comments in ssl_server2 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
bd7ce63115 Adapt ssl_server2 to test sending long messages 2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard
787b658bb3 Implement max_frag_len write restriction 2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard
0df6b1f068 ssl_client2: add max_frag_len option 2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard
be50680a8c Fix use of x509_cert.rsa in programs 2013-07-17 15:59:43 +02:00
Paul Bakker
82024bf7b9 ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT' 2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard
ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker
44618dd798 SSL Test and Benchmark now handle missing POLARSSL_TIMING_C 2013-07-04 11:30:32 +02:00
Paul Bakker
fa9b10050b Also compiles / runs without time-based functions in OS
Can now run without need of time() / localtime() and gettimeofday()
2013-07-03 17:22:32 +02:00
Paul Bakker
6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
62534dd1d8 programs/util/strerror now handles decimal and hexidecimal input 2013-06-30 12:45:07 +02:00
Paul Bakker
03a8a79516 Programs adapted to use polarssl_strerror() instead of error_strerror() 2013-06-30 12:18:08 +02:00
Paul Bakker
5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker
c1516be99d ssl_server2 and ssl_client2 adapted to support maximum protocol version 2013-06-29 18:35:41 +02:00
Paul Bakker
3c5ef71322 Cleanup up non-prototyped functions (static) and const-correctness in programs 2013-06-25 16:37:45 +02:00
Paul Bakker
ef3f8c747e Fixed const correctness issues in programs and tests
(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
777a5757d6 ca_path and ca_file arguments added to support chain validation in
cert_app
2013-05-21 16:20:04 +02:00
Paul Bakker
bcbe2d8d81 Prettier printing of the lists for longer ciphersuite names 2013-04-19 09:10:20 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
fbb17804d8 Added pre-shared key handling for the server side of SSL / TLS
Server side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
d4a56ec6bf Added pre-shared key handling for the client side of SSL / TLS
Client side handling of the pure PSK ciphersuites is now in the base
code.
2013-04-18 23:12:33 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker
8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Paul Bakker
a95919b4c7 Added ECP files to Makefiles as well 2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
b4a310b472 Added a selftest about SPA resistance 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
52a422f6a1 Added ecp-bench specialized benchmark 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e870c0a5d6 Added benchmark for DHM 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c Moved tests from selftest to tests/test_suite_ecp 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae Implemented multiplication 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c Got first tests working, fixed ecp_copy() 2013-01-16 16:31:49 +01:00
Paul Bakker
91ebfb5272 Made auth_mode as an command line option 2012-11-23 14:04:08 +01:00
Paul Bakker
1f9d02dc90 Added more notes / comments on own_cert, trust_ca purposes 2012-11-20 10:30:55 +01:00
Paul Bakker
25338d74ac Added proper gitignores for Linux CMake use 2012-11-18 22:56:39 +01:00
Paul Bakker
90f309ffe7 Added proper gitignores for linux compilation 2012-11-17 00:04:49 +01:00
Paul Bakker
75242c30fb Added checking of CA peer cert to ssl_client1 as sane default 2012-11-17 00:03:46 +01:00
Paul Bakker
580153573b - Do not free uninitialized ssl context 2012-11-14 12:15:41 +00:00
Paul Bakker
645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9 - Added ssl_get_peer_cert() to SSL API 2012-10-30 07:51:03 +00:00
Paul Bakker
21654f392e - Smaller default values 2012-10-24 14:29:17 +00:00
Paul Bakker
520ea911f6 - Fixed to support 4096 bit DHM params as well 2012-10-24 14:17:01 +00:00
Paul Bakker
f1ab0ec1ff - Changed default compiler flags to include -O2 2012-10-23 12:12:53 +00:00
Paul Bakker
1d56958963 - Updated examples to use appropriate sizes for larger RSA keys (up to 16k) 2012-10-03 20:35:44 +00:00
Paul Bakker
3ad34d4110 - Added key_app_writer to CMakeLists.txt 2012-10-03 20:34:37 +00:00
Paul Bakker
3fad7b3fdd - Changed saved value to RCF 3526 2048 MODP group 2012-10-03 19:50:54 +00:00
Paul Bakker
5da01caa50 - Added warning about example use 2012-10-03 19:48:33 +00:00
Paul Bakker
1d29fb5e33 - Added option to add minimum accepted SSL/TLS protocol version 2012-09-28 13:28:45 +00:00
Paul Bakker
5d19f86fdd - Added comment 2012-09-28 07:33:00 +00:00
Paul Bakker
cbbd9998da - SSL/TLS now has default group 2012-09-28 07:32:06 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
819370c7b7 - Removed lowercasing of parameters 2012-09-28 07:04:41 +00:00