mbedtls

Author	SHA1	Message	Date
Andres AG	a592dcc1c6	Clean up of formatting, and potential integer overflow fix	2016-10-06 15:23:39 +01:00
Simon Butcher	b981b16379	Minor fixes to formatting and compilation conditions	2016-10-06 12:51:24 +01:00
Simon Butcher	549dc3d75e	Add CMAC functions to the benchmark sample application	2016-10-05 14:19:18 +01:00
Brian Murray	8b4111c516	Fix build failure for thread config	2016-10-05 14:19:17 +01:00
Brian Murray	57863ad7ed	selftest supports cmac if only MBEDTLS_DES_C is defined Other minor typo fixes	2016-10-05 14:19:16 +01:00
Robert Cragie	dc5c7b98ac	Add support for AES-128-CMAC and AES-CMAC-PRF-128	2016-10-05 14:19:13 +01:00
Andres AG	788aa4a812	Rename net.{c,h} to net_sockets.{c,h} The library/net.c and its corresponding include/mbedtls/net.h file are renamed to library/net_sockets.c and include/mbedtls/net_sockets.h respectively. This is to avoid naming collisions in projects which also have files with the common name 'net'.	2016-09-26 23:23:52 +01:00
Paul Bakker	5e8c62f53d	Do not add empty cert / key in cert_app	2016-09-26 20:30:13 +01:00
Paul Bakker	f2b92bb25b	Actually apply debug_level settings in cert_app	2016-09-26 20:30:13 +01:00
Paul Bakker	243f48e1e2	Fix for #441 - crypt and hash gcm (#546 ) * Fix crypt_and_hash to support decrypting GCM encrypted files * Fix documentation in crypt_and_hash for the generic case * Remove unused lastn from crypt_and_hash lastn is not used with the cipher layer as it already provides padding and understanding of length of the original data.	2016-09-02 23:44:09 +03:00
Andres AG	e7723ec284	Make entropy bias self test poll multiple times Instead of polling the hardware entropy source a single time and comparing the output with itself, the source is polled at least twice and make sure that the separate outputs are different.	2016-08-30 16:50:48 +01:00
Andres AG	b34e42e69e	Add a new self test to entropy module The self test is a quick way to check at startup whether the entropy sources are functioning correctly. The self test only polls 8 bytes from the default entropy source and performs the following checks: - The bytes are not all 0x00 or 0xFF. - The hardware does not return an error when polled. - The entropy does not provide data in a patter. Only check pattern at byte, word and long word sizes.	2016-08-30 16:50:48 +01:00
Simon Butcher	0e7d38739f	Fix warning on implicit casting in aescrypt.c (#584 )	2016-08-30 14:25:24 +01:00
Paul Bakker	70940caeeb	Allow compilation without MBEDTLS_SELF_TEST enabled	2016-08-25 15:42:28 +01:00
Simon Butcher	4982e527c6	Adds stdlib.h header to dh_genprime sample app Use of the atoi() function requires stdlib.h to be included when MBEDTLS_PLATFORM_C is not defined.	2016-08-24 20:24:21 +03:00
Simon Butcher	cdb3ad03ed	Remove redundant definitions of exit codes In the ssl/mini_client.c sample application the exit codes were redundantly being redefined, causing compiler warnings.	2016-08-24 20:24:20 +03:00
Simon Butcher	b5b6af2663	Puts platform time abstraction into its own header Separates platform time abstraction into it's own header from the general platform abstraction as both depend on different build options. (MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)	2016-07-13 14:46:18 +01:00
Simon Butcher	ab069c6b46	Merge branch 'development' into development-restricted	2016-06-23 21:42:26 +01:00
Simon Butcher	b6a73c9b76	Add provision to create the entropy seedfile for selftest sample In the selftest sample application, if no seedfile is present, one will be created so the test can execute.	2016-06-23 11:46:41 +01:00
Janos Follath	15ab7ed0f3	Merge branch 'development' into development-restricted Conflicts: programs/pkey/rsa_decrypt.c programs/pkey/rsa_encrypt.c programs/test/selftest.c	2016-06-14 09:20:46 +01:00
Janos Follath	352dbe2334	Make error messages in crypt_and_hash better.	2016-06-09 13:41:28 +01:00
Janos Follath	98e28a74e3	Address user reported coverity issues.	2016-06-09 13:41:28 +01:00
Janos Follath	8eb64132da	Address issues find by manual coverity scan.	2016-06-09 13:41:28 +01:00
Janos Follath	04b591ee79	Merge branch 'development' for weekly test report.	2016-05-31 10:18:41 +01:00
-~- redtangent ~-~	9fa2e86d93	Add missing mbedtls_time_t definitions (#493 ) Add missing mbedtls_time_t definitions to sample applications and the error.c generation script. Fixes #490.	2016-05-26 10:07:49 +01:00
Paul Bakker	440ce420bd	Put clang analyzer fix inside __clang_analyzer__ guard	2016-05-23 14:29:31 +01:00
Nicholas Wilson	e735303026	Shut up a few clang-analyze warnings about use of uninitialized variables The functions are all safe, Clang just isn't clever enough to realise it.	2016-05-23 14:29:28 +01:00
Simon Butcher	94bafdf834	Merge branch 'development'	2016-05-18 18:40:46 +01:00
Simon Butcher	db0feca55c	Fixes platform time_t abstraction Fixes platform abstraction in error.c and the file that it's generated from as well as DTLS samples.	2016-05-17 00:03:14 +01:00
Simon Butcher	c21bec8af4	Merge branch 'development'	2016-05-16 16:15:20 +01:00
Paul Bakker	d1fe7aabc9	Put clang analyzer fix inside __clang_analyzer__ guard	2016-05-12 12:46:02 +01:00
Paul Bakker	f4743a6f5e	Merge pull request #457 from NWilson/clang-analyze-fixes Clang analyze fixes	2016-05-11 20:20:42 +02:00
Janos Follath	98c2b0ea7d	Improves and makes pretty the ssl_fork_server output	2016-05-03 15:43:42 +01:00
Janos Follath	e609a08c2f	Fix issue #429 in ssl_fork_server.c	2016-05-03 15:43:31 +01:00
Janos Follath	582a461a49	Improves and makes pretty the ssl_fork_server output	2016-04-29 00:12:35 +01:00
Janos Follath	fe049db8ef	Fix issue #429 in ssl_fork_server.c	2016-04-29 00:12:19 +01:00
Simon Butcher	e4a46f696f	Merge branch 'development'	2016-04-27 18:44:37 +01:00
Simon Butcher	b2d5dd105d	Fixes X509 sample app and SSL test suite Fixes the X.509 cert_app and the SSL test suite for the non-default configs which don't build with if MBEDTLS_PLATFORM_C isn't defined.	2016-04-27 13:35:37 +01:00
Simon Butcher	d3138c35c6	Fixes SSL sample apps for non-default configs Fixes the SSL sample applications to build for the non-default configs which don't build if MBEDTLS_PLATFORM_C isn't defined.	2016-04-27 01:26:50 +01:00
SimonB	d5800b7761	Abstracts away time()/stdlib.h into platform Substitutes time() into a configurable platform interface to allow it to be easily substituted.	2016-04-26 14:49:59 +01:00
Janos Follath	0c539447c1	Fixes no return value warning in selftest.c	2016-04-18 09:59:16 +01:00
Simon Butcher	1ef918ddca	Add missing stdlib.h header to rsa sample programs	2016-04-13 11:56:27 +01:00
Nicholas Wilson	409401c044	Shut up a few clang-analyze warnings about use of uninitialized variables The functions are all safe, Clang just isn't clever enough to realise it.	2016-04-13 11:56:22 +01:00
Simon Butcher	6b46c62d77	Fixes error and exit paths in rsa sample programs	2016-04-12 13:25:08 +01:00
Janos Follath	f713b0a6ce	Fix memory leaks in example programs.	2016-04-11 23:32:39 +01:00
Simon Butcher	cd0ee5e499	Fixes following review of 'iotssl-682-selftest-ci-break'	2016-03-21 22:54:37 +00:00
Janos Follath	2e3aca2c9e	Fix test break in 'test-ref-configs.pl'	2016-03-18 16:25:52 +00:00
Simon Butcher	f1547632dc	Fixes to style following review Made code spacing consistent with guidelines, and corrected the misnamed test steps in basic-build-test.sh	2016-03-14 23:12:32 +00:00
SimonB	5a8afb848a	Fix exit code and add a count of the test suites Now counts and displays the number of test suites executed, which can vary depending on build configurations. All tests are now executed as this is a sample and test program, rather than exit on first failure. Exit code now restricted to SUCCESS or FAILURE.	2016-03-14 23:12:29 +00:00
Manuel Pégourié-Gonnard	90ab4a45b5	Fix Unix detection in mini_client fixes #398	2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard	644c2e0fdb	Add new program to gitignore	2015-11-02 06:34:29 +09:00
Manuel Pégourié-Gonnard	1c6f19aa47	Merge pull request #317 from Inikup/fix-issue-315 cert_write : fix "Destination buffer is too small" error	2015-11-02 05:52:26 +09:00
Manuel Pégourié-Gonnard	54eeecfff3	Merge pull request #316 from Inikup/help-key_cert_sign-fix Fix help message for cert_req/cert_write programs	2015-10-30 14:50:42 +01:00
Simon Butcher	204606238c	Merge branch 'development' into misc	2015-10-27 16:57:34 +00:00
Manuel Pégourié-Gonnard	fadacb9d0b	Merge branch 'development' into iotssl-461-ecjpake-finalization * development: (73 commits) Bump yotta dependencies version Fix typo in documentation Corrected misleading fn description in ssl_cache.h Corrected URL/reference to MPI library Fix yotta dependencies Fix minor spelling mistake in programs/pkey/gen_key.c Bump version to 2.1.2 Fix CVE number in ChangeLog Add 'inline' workaround where needed Fix references to non-standard SIZE_T_MAX Fix yotta version dependencies again Upgrade yotta dependency versions Fix compile error in net.c with musl libc Add missing warning in doc Remove inline workaround when not useful Fix macroization of inline in C++ Changed attribution for Guido Vranken Merge of IOTSSL-476 - Random malloc in pem_read() Fix for IOTSSL-473 Double free error Fix potential overflow in CertificateRequest ... Conflicts: include/mbedtls/ssl_internal.h library/ssl_cli.c	2015-10-20 15:00:29 +02:00
Jonathan Leroy	bbc75d9791	cert_write : fix "Destination buffer is too small" error This commit fixes the `Destination buffer is too small` error returned by `mbedtls_cert_write` command when the values of `subject_name` or `issuer_name` parameters exceed 128 characters. I have increased the size of these varaibles from 128 to 256 characters, but I don't know if it's the best way to solve this issue... Fixes #315.	2015-10-10 21:58:07 +02:00
Jonathan Leroy	81962c36e3	Fix help message for cert_req/cert_write programs In cert_req and cert_write programs, "key_certificate_sign" is not an allowed velue for "key_usage" parameter. The correct value is "key_cert_sign". See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208 and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323.	2015-10-10 21:42:29 +02:00
Manuel Pégourié-Gonnard	3eb8c34e6a	Add example program for Curve25519 Getting a lot of questions about how to use it. This will hopefully get people started.	2015-10-09 12:13:29 +01:00
Manuel Pégourié-Gonnard	262c137d8c	Merge pull request #311 from jcowgill/spelling-fix Fix minor spelling mistake in programs/pkey/gen_key.c	2015-10-09 09:38:52 +01:00
James Cowgill	07a92d720a	Fix minor spelling mistake in programs/pkey/gen_key.c	2015-10-09 00:28:14 +01:00
Manuel Pégourié-Gonnard	70905a7855	Add ecjpake_pw option to ssl_client2/server2	2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard	2ed05a049a	Fix typos	2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard	22311ae62e	Improve help message of ssl_*2.c	2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard	3f09b6d4c2	Fix API	2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard	dbd23079d0	Add option reconnect_hard to ssl_client2 - interrupt the connection abruptly (no close_notify) - reconnect from the same port while server sill has an active connection from this port. Some real-world clients do that, see section 4.2.8 of RFC 6347.	2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard	4d8685b4ff	Add skeleton for EC J-PAKE module	2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard	37ff14062e	Change main license to Apache 2.0	2015-09-04 14:21:07 +02:00
Simon Butcher	ed51594337	Merge pull request #265 from ARMmbed/iotssl-460-bugfixes Iotssl 460 bugfixes	2015-09-02 23:36:36 +01:00
Manuel Pégourié-Gonnard	a2cda6bfaf	Add mbedtls_ssl_get_max_frag_len() This is not very useful for TLS as mbedtls_ssl_write() will automatically fragment and return the length used, and the application should check for that anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an error, and the application needs to be able to query the maximum length instead of just guessing.	2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard	cf9ab63863	Fix error reporting in pkey/pk_* programs	2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard	ce7a08ba49	Fix more comments/outputs in verify programs	2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard	102a620c9a	Fix hash buffer size in pkey programs	2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard	d224ff1f63	Change default RSA key size in rsa_genkey	2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard	1d8f2da7df	Fix comments about filenames in some programs	2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard	d74c697035	Fix memory corruption in rsa sign/verify programs We have no guarantee there is enough room in the argv strings. Fixes #210	2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard	ea35666f50	Fix -Wshadow warnings Checked that it is supported by gcc 4.2.1 (FreeBSD 9). fixes #240	2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard	fa1304a51d	Use Unix line endings in wince_main.c too The compiler needs to accept Unix line endings anyway, as this is what we use everywhere, and it makes things more consistent.	2015-08-06 19:03:31 +02:00
Manuel Pégourié-Gonnard	d73896581b	Fix typos (found by Francesco Pompò) Manually merging as the pull requests are based on an old branch. closes #215 closes #216	2015-08-06 18:22:26 +02:00
Manuel Pégourié-Gonnard	6fb8187279	Update date in copyright line	2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard	4f3368e31e	Fix bug in benchmark.c with DHM params	2015-07-19 15:01:28 +02:00
Manuel Pégourié-Gonnard	78ec2b049c	Cosmetics in Makefiles	2015-07-08 22:12:06 +01:00
Manuel Pégourié-Gonnard	a6dbddce0c	Fix benchmark.c for removal of small DH params	2015-07-06 11:20:33 +02:00
Manuel Pégourié-Gonnard	77c656217b	Update dh_genprime program - default size 2048 bits - make size a command-line argument - remove warning about using own params	2015-07-03 16:57:52 +02:00
Manuel Pégourié-Gonnard	6755717f18	Fix stupid typo in ssl_server2.c	2015-07-02 11:15:48 +02:00
Manuel Pégourié-Gonnard	046589e424	Rm obsolete defines for snprintf in programs Now centralized in the platform layer	2015-07-01 17:26:20 +02:00
Manuel Pégourié-Gonnard	9de64f5af1	Fix MSVC warnings in library and programs	2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard	052f28853b	Cosmetics in debug in ssl_{client,server}2.c Print only the basename from the file, and print level too.	2015-07-01 12:01:13 +02:00
Manuel Pégourié-Gonnard	abc729e664	Simplify net_accept() with UDP sockets This is made possible by the new API where net_accept() gets a pointer to bind_ctx, so it can update it.	2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard	3d7d00ad23	Rename mbedtls_net_close() to mbedtls_net_free() close() may be more meaningful, but free() is symmetric with _init(), and more consistent with all other modules	2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard	5db64328ab	Adapt programs to the new NET API	2015-06-30 16:48:17 +02:00
Manuel Pégourié-Gonnard	a7c8903ca6	Add missing programs to Makefile	2015-06-29 19:14:04 +02:00
Manuel Pégourié-Gonnard	1c5b9fc19f	Avoid truncating peer cert info in ssl_server2	2015-06-27 14:38:51 +02:00
Manuel Pégourié-Gonnard	fc36708697	Use $(MAKE), not make For the sake of systems where we want gmake.	2015-06-26 16:50:24 +02:00
Manuel Pégourié-Gonnard	633c6b6485	Run timing selftest on all platforms Used to fail on our FreeBSD and Windows buildbots. Seems to be working at least on my Darwin physical machine and on my Windows VM with MSYS2 now.	2015-06-26 16:17:30 +02:00
Manuel Pégourié-Gonnard	4b00f08e20	Fix snprintf test Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes writes two terminating NULLs. Allow for that, but obviously bytes past the end of the buffer mustn't be touched.	2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard	ea9556a76e	Fix mistaken changes in Makefile's clean target I was a bit too trigger-happy with copy-pasting in a previous commit...	2015-06-25 14:19:25 +02:00
Manuel Pégourié-Gonnard	216a1831de	Fix whitespace in CMakeLists.txt - all spaces no tabs - indent with 4 spaces everywhere	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	21e1ac205e	Fix linking order with make GNU ld cares about the order in which static libs are mentioned on the command line: if A depends on B then A must com first.	2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard	5c59a4fea5	Split libs with make + general make cleanups	2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard	8d4a613cc5	Small Makefile improvements - fix old build commands still using OFLAGS - make everything work with --warn-undefined-variables, which can be useful for debugging typos	2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard	61ee351af4	Adapt programs to the new debug API	2015-06-23 23:30:16 +02:00
Manuel Pégourié-Gonnard	c0d749418b	Make 'port' a string in NET module - avoids dependency on snprintf - allows using "smtps" instead of "456" if desired	2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard	07894338a0	Rename M255 to Curve25519	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	6ea831dcf4	Add tests for mbedtls_set_hs_ca_chain()	2015-06-22 17:30:18 +02:00
Manuel Pégourié-Gonnard	4d6f178376	Add support for SNI CA and authmode in ssl_server2	2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard	7b6dcbe993	Add tests for snprintf - Added in each tests program to be sure they are run (putting them in a test suite/function specific to the platform layer would cause them to be skipped when PLATFORM_C is not defined). - Platforms have already moved from a standard to a broken snprintf in the past [1], so make sure to catch that if it ever happens again. [1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/	2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard	7580ba475d	Add a concept of entropy source strength. The main goal is, we want and error if cycle counter is the only source.	2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard	c0696c216b	Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen	2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard	797f48ace6	Rename ecp_curve_info.size to bit_size	2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard	898e0aa210	Rename key_length in cipher_info	2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard	b31c5f68b1	Add SSL presets. No need to use a separate profile as in X.509, everything we need is already in ssl_config. Just load appropriate values.	2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard	9096682352	Add dhmlen option in ssl_client2.c	2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard	bf27eaac79	Fix help string in ssl_client2.c	2015-06-12 11:22:02 +02:00
Manuel Pégourié-Gonnard	ba56136b5c	Avoid in-out length in base64	2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard	3335205a21	Avoid in-out length in dhm_calc_secret()	2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard	d14acbc31a	Test assumptions we make about the platform Things that are not guaranteed by the standard but should be true of all platforms of interest to us: - 8-bit chars - NULL pointers represented by all-bits-zero	2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard	06d5d61302	Adapt programs to generic md_file()	2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard	b327168e22	Remove non-generic md_file() programs	2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard	b2a18a2a98	Remove references to malloc in strings/names	2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard	7551cb9ee9	Replace malloc with calloc - platform layer currently broken (not adapted yet) - memmory_buffer_alloc too	2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard	56273daea0	Move some includes to ssl_internal.h Also removed one from ssl.h and add it in programs where it belongs	2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard	a0adc1bbe4	Make cipher used in ssl tickets configurable	2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard	b596abfdc0	Refine cli/srv ifdefs for session tickets - Only the server needs to generate/parse tickets - Only the client needs to store them Also adjust prototype of ssl_conf_session_tickets() while at it.	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	d59675d92c	Move to callback for session tickets	2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard	53ebe138c6	Fix copyright lines still mentioning Brainspark	2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard	0b104b056b	Adapt prototype of net_accept() for explicit size	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	d9e6a3ac10	Rename pk_init_ctx() -> pk_setup()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	d4f04dba42	net.c now depends on select() unconditionally	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	a63bc94a2d	Remove timing_m_sleep() -> net_usleep()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	151dc77732	Fix some old names that remained - most in doxygen doc that was never renamed - some re-introduced in comments/doc/strings by me	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	8473f87984	Rename cipher_init_ctx() to cipher_setup()	2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard	66dc5555f0	mbedtls_ssl_conf_arc4_support() depends on ARC4_C	2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard	d2377e7e78	ssl_client/server2 shouln't depend on timing.c Would break test-ref-configs.pl.	2015-05-13 13:58:56 +02:00
Manuel Pégourié-Gonnard	e3c41ad8a4	Use the new timer callback API in programs	2015-05-13 10:04:32 +02:00
Manuel Pégourié-Gonnard	db1cc76091	Fix depend issue in program/ssl/ssl_*2.c	2015-05-12 11:27:25 +02:00
Manuel Pégourié-Gonnard	e6ef16f98c	Change X.509 verify flags to uint32_t	2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard	e85fef10b5	Fix option names in benchmark.c	2015-05-11 19:38:25 +02:00
Manuel Pégourié-Gonnard	e3a062ba1f	Rename ecp_use_known_dp -> mbedtls_ecp_group_load()	2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard	159c82ecc6	Fix ssl_set_hostname usage (duplication, ifdef)	2015-05-11 17:59:14 +02:00
Manuel Pégourié-Gonnard	55fab2de5d	Fix a few more #ifdef's	2015-05-11 17:54:38 +02:00
Manuel Pégourié-Gonnard	30eceb766a	Fix warning in ssl_pthread_server GCC 4.9 with ASan + UBSan on OS X complains that we were casting to int from a wider integer type. Anyway, this cast is totally non-portable (pthread_t could even be structure), switching to long gets rid of the warning...	2015-05-11 14:42:56 +02:00
Manuel Pégourié-Gonnard	fd862b14c5	Fix typos in mini_client.c	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	0af00e865b	Optimize config usage in concurrent server examples	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	06939cebef	Fix order of ssl_conf vs ssl_setup in programs Except ssl_phtread_server that will be done later	2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard	01e5e8c1f8	Change a few ssl_conf return types to void	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	6729e79482	Rename ssl_set_xxx() to ssl_conf_xxx()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	17a40cd255	Change ssl_own_cert to work on ssl_config	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	1af6c8500b	Add ssl_set_hs_own_cert()	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	120fdbdb3d	Change ssl_set_psk() to act on ssl_config	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	4b68296626	Use a specific function in the PSK callback	2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard	750e4d7769	Move ssl_set_rng() to act on config	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	5cb3308e5f	Merge contexts for session cache	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	ae31914990	Rename ssl_legacy_renegotiation() to ssl_set_...	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	1028b74cff	Upgrade default DHM params size	2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard	8836994f6b	Move WANT_READ/WANT_WRITE codes to SSL	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	1b511f93c6	Rename ssl_set_bio_timeout() to set_bio() Initially thought it was best to keep the old function around and add a new one, but this so many ssl_set_xxx() functions are changing anyway...	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	97fd52c529	Split ssl_set_read_timeout() out of bio_timeout()	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	bc2b771af4	Move ssl_set_ca_chain() to work on config	2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard	2b49445876	Move session ticket keys to conf This is temporary, they will soon be replaced by callbacks. !!! In this intermediate step security is removed !!!	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	684b0592cb	Move ssl_set_fallback() to work on conf Initially thought it would be per-connection, but since max_version is in conf too, and you need to lower that for a fallback connection, the fallback flag should be in the same place	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	6bf89d6ad9	Move ssl_set_max_fragment_len to work on conf	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	17eab2b65c	Move set_cbc_record_splitting() to conf	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	d36e33fc07	Move easy ssl_set_xxx() functions to work on conf mbedtls_ssl_set_alpn_protocols mbedtls_ssl_set_arc4_support mbedtls_ssl_set_authmode mbedtls_ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites_for_version mbedtls_ssl_set_curves mbedtls_ssl_set_dbg mbedtls_ssl_set_dh_param mbedtls_ssl_set_dh_param_ctx mbedtls_ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_cookies mbedtls_ssl_set_encrypt_then_mac mbedtls_ssl_set_endpoint mbedtls_ssl_set_extended_master_secret mbedtls_ssl_set_handshake_timeout mbedtls_ssl_legacy_renegotiation mbedtls_ssl_set_max_version mbedtls_ssl_set_min_version mbedtls_ssl_set_psk_cb mbedtls_ssl_set_renegotiation mbedtls_ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_period mbedtls_ssl_set_session_cache mbedtls_ssl_set_session_ticket_lifetime mbedtls_ssl_set_sni mbedtls_ssl_set_transport mbedtls_ssl_set_truncated_hmac mbedtls_ssl_set_verify	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	419d5ae419	Make endpoint+transport args of config_defaults()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	def0bbe3ab	Allocate ssl_config out of ssl_setup()	2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard	ee6139caea	Fix doc issue in ssl_server2	2015-05-07 10:18:26 +01:00
Manuel Pégourié-Gonnard	e36d56419e	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: fix bug in ssl_mail_client Adapt compat.sh to GnuTLS 3.4 Fix undefined behaviour in x509 Conflicts: programs/ssl/ssl_mail_client.c tests/compat.sh	2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard	fa950c9480	fix bug in ssl_mail_client	2015-04-30 12:50:22 +02:00
Manuel Pégourié-Gonnard	da61ed3346	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Include changes from the 1.2 branch Remove unused headers in o_p_test Add countermeasure against cache-based lucky 13 Make results of (ext)KeyUsage accessible Fix missing NULL check in MPI Fix detection of getrandom() Fix "make install" handling of symlinks Fix bugs in programs displaying verify flags Conflicts: Makefile include/polarssl/ssl.h library/entropy_poll.c library/ssl_srv.c library/ssl_tls.c programs/test/o_p_test.c programs/test/ssl_cert_test.c programs/x509/cert_app.c	2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard	ac90673345	Remove unused headers in o_p_test	2015-04-30 10:09:50 +02:00
Manuel Pégourié-Gonnard	637376c2fe	Fix bugs in programs displaying verify flags	2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard	41d479e7df	Split ssl_init() -> ssl_setup()	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	ec160c0f53	Update ctr_drbg_init() usage in programs	2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard	8d128efd48	Split mbedtls_ctr_drbg_init() -> seed()	2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard	f9e9481bc5	Split mbedtls_hmac_drbg_init() -> seed{,_buf}()	2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard	c34e8dd265	Split mbedtls_gcm_init() -> gcm_setkey()	2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard	6963ff0969	Split mbedtls_ccm_init() -> setkey()	2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard	7cfbaf05b3	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Fix bugs in programs displaying verify flags Conflicts: programs/test/ssl_cert_test.c programs/x509/cert_app.c	2015-04-24 14:10:04 +02:00
Manuel Pégourié-Gonnard	9ce1bdc151	Fix bugs in programs displaying verify flags	2015-04-24 14:07:07 +02:00
Manuel Pégourié-Gonnard	e6028c93f5	Fix some X509 macro names For some reason, during the great renaming, some names that should have been prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_	2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard	89addc43db	manually merge `0c6ce2f` use x509_crt_verify_info()	2015-04-20 11:23:11 +01:00
Manuel Pégourié-Gonnard	0c6ce2f536	Use x509_crt_verify_info() in programs	2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard	b85725c958	Fix merge issue	2015-04-15 11:58:31 +02:00
Manuel Pégourié-Gonnard	862d503c01	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Fix typos in Changelog Fix macro name from wrong branch Fix bug in pk_parse_key() Fixed typos Updated Travis CI config for mbedtls project Conflicts: include/mbedtls/ecp.h include/polarssl/compat-1.2.h include/polarssl/openssl.h include/polarssl/platform.h library/pkparse.c programs/pkey/mpi_demo.c	2015-04-15 11:30:46 +02:00
Paul Bakker	6152b0267c	Fixed typos	2015-04-14 15:00:09 +02:00
Manuel Pégourié-Gonnard	2cf5a7c98e	The Great Renaming A simple execution of tmp/invoke-rename.pl	2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard	6c7af4c200	Fix a few internal name choices	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	932e3934bd	Fix typos & Co	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	26c9f90cae	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Add missing depends in x509 programs Simplify ifdef checks in programs/x509 Fix thread safety issue in RSA operations Add test certificate for bitstring in DN Add support for X.520 uniqueIdentifier Accept bitstrings in X.509 names	2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard	0878a0d884	Add missing depends in x509 programs	2015-03-31 15:14:37 +02:00
Manuel Pégourié-Gonnard	8d649c66b3	Simplify ifdef checks in programs/x509	2015-03-31 15:10:03 +02:00
Manuel Pégourié-Gonnard	8c8be1ebbb	Change default min TLS version to TLS 1.0	2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard	32076e66be	Fix programs for recent ECDSA changes	2015-03-31 13:32:39 +02:00
Manuel Pégourié-Gonnard	fa44f20b9f	Change authmode default to Required on client	2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard	4b3e5ef59a	Avoid duplicate #ifdefs in programs/ssl	2015-03-27 11:24:27 +01:00
Manuel Pégourié-Gonnard	b5410dbd96	Depend on PEM_PARsE_C when using test_cas_pem	2015-03-27 11:08:49 +01:00
Manuel Pégourié-Gonnard	a958d69a70	Rename test_ca_list to test_cas_pem	2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard	2f165060f0	Start introducing test_cas NULL-terminated list	2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard	75f901006b	Add len constants to certs.c	2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard	abb674467b	Rename md_init_ctx() to md_setup()	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	4063ceb281	Make hmac_ctx optional Note from future self: actually md_init_ctx will be re-introduced with the same signature later, and a new function with the additional argument will be added.	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	003b3b132e	Remove use of xxx_hmac() in program	2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard	a115def330	Fix tests and programs to use md_get_xxx()	2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard	aeab252fef	Quit using deprecated ssl_set_bio() in programs	2015-03-25 20:21:29 +01:00
Manuel Pégourié-Gonnard	e46c6c38c9	Fix tests to work with DEPRECATED_REMOVED	2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard	d42b7c82ef	Adapt programs to new RC4 default	2015-03-20 19:44:04 +00:00
Manuel Pégourié-Gonnard	7f7aebca02	Fix incomplete changes from merge	2015-03-13 17:19:39 +00:00
Manuel Pégourié-Gonnard	cc0d084820	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Actually use armcc for the armcc test ^^' Add more -O level variety in all.sh Document recent make changes build: Makefile: cleanup CFLAGS build: Makefile: cleanup LDFLAGS build: Makefile: simplify root Makefile build: Makefile: remove bashism Conflicts: programs/Makefile	2015-03-13 16:32:40 +00:00
Alon Bar-Lev	f7a9f30348	build: Makefile: cleanup CFLAGS CFLAGS are reserved for external interaction via make variable, the following should work: $ make CFLAGS="-O3" $ CFLAGS="-O3" make 1. Move internal flags to LOCAL_CFLAGS 2. Respect external CFLAGS 3. CFLAGS should be last compiler flags. 4. Default CFLAGS is -O optimization, remove OFLAGS. 5. Add WARNING_CFLAGS to control warning setting and enable to remove if compiler does not support flags. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-03-13 13:34:25 +00:00
Alon Bar-Lev	ada4105ba2	build: Makefile: cleanup LDFLAGS LDFLAGS are reserved for external interaction via make variable, the following should work: $ make LDFLAGS="-L/xxx" $ LDFLAGS="-L/xxx" make 1. Move internal flags to LOCAL_LDFLAGS 2. Respect external LDFLAGS 3. LDFLAGS should be last linkage flags. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-03-13 13:34:25 +00:00
Manuel Pégourié-Gonnard	b6b16bddc3	Drop pbkdf2 module (superseded by pkcs5)	2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard	83b04de09b	Rename a few incidental references to PolarSSL	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	7f8099773e	Rename include directory to mbedtls	2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard	34be402270	Rm obsolete things (compat-1.2, openssl, etc)	2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard	e4d4890350	Finish renaming website	2015-03-06 13:40:52 +00:00
Manuel Pégourié-Gonnard	998897be3d	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Rename website and repository Move private macro from header to C file Add some missing 'static' on a few objects Fix whitespace issues Minor portability fix in benchmark	2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard	fe44643b0e	Rename website and repository	2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard	c439e7b099	Minor portability fix in benchmark On embedded systems, argc might be 0 rather than 1 for no argument.	2015-03-03 13:12:00 +00:00
Manuel Pégourié-Gonnard	cd4cd1dd26	Merge branch 'development' into dtls * development: Fix the fix to ssl_set_psk() Update Changelog Finish fixing memleak in ssl_server2 arg parsing Fix another potential memory leak found by find-mem-leak.cocci. Add a rule for another type of memory leak to find-mem-leak.cocci. Fix a potential memory leak found by find-mem-leak.cocci. Add a semantic patch to find potential memory leaks. Fix whitespace of `369e6c20`. Apply the semantic patch rm-malloc-cast.cocci. Add a semantic patch to remove casts of malloc.	2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard	b199095ec9	Finish fixing memleak in ssl_server2 arg parsing Fixes omission in `5c078e1`	2015-02-18 09:32:06 +00:00
Manuel Pégourié-Gonnard	c35e90f8d4	Merge branch 'development' into dtls * development: Fix missing #define if PLATFORM_C not here	2015-02-16 18:47:13 +00:00
Manuel Pégourié-Gonnard	c3e3395c82	Fix missing #define if PLATFORM_C not here	2015-02-16 18:46:20 +00:00
Manuel Pégourié-Gonnard	d901d17817	Merge branch 'development' into dtls * development: (100 commits) Update Changelog for the mem-measure branch Fix issues introduced when rebasing Fix compile error in memory_buffer_alloc_selftest Code cosmetics Add curve25519 to ecc-heap.sh Add curve25519 to the benchmark program Fix compile issue when buffer_alloc not available New script ecc-heap.sh Fix unused variable issue in some configs Rm usunused member in private struct Add heap usage for PK in benchmark Use memory_buffer_alloc() in benchmark if available Only define mode_func if mode is enabled (CBC etc) PKCS8 encrypted key depend on PKCS5 or PKCS12 Disable SRV_C for client measurement Output stack+heap usage with massif Enable NIST_OPTIM by default for config-suite-b Refactor memory.sh Adapt memory.sh to config-suite-b Adapt mini-client for config-suite-b.h ... Conflicts: ChangeLog include/polarssl/net.h library/Makefile library/error.c library/ssl_tls.c programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/Makefile	2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard	714929bf0d	Fix issues introduced when rebasing	2015-02-16 17:32:47 +00:00
Manuel Pégourié-Gonnard	7defc7759d	Code cosmetics	2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard	85391f2a65	Add curve25519 to the benchmark program	2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard	e579dab5f0	Fix compile issue when buffer_alloc not available	2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard	71e75dc2f0	Fix unused variable issue in some configs	2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard	50da0482e0	Add heap usage for PK in benchmark	2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard	128657d645	Use memory_buffer_alloc() in benchmark if available Allows to measure memory by primitive.	2015-02-16 17:24:57 +00:00
Manuel Pégourié-Gonnard	3b8926c9d1	Adapt mini-client for config-suite-b.h	2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard	a6fc5b2c6a	Add mini_client.c	2015-02-16 17:22:46 +00:00
Manuel Pégourié-Gonnard	ab025803ed	Merge remote-tracking branch 'rich/platform' into development * rich/platform: modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit modify programs/*.c to use polarssl_snprintf	2015-02-16 16:10:51 +00:00
Manuel Pégourié-Gonnard	aff2976d10	Merge branch 'build' into development * build: build: make: support windows cross compile	2015-02-16 15:26:09 +00:00
Manuel Pégourié-Gonnard	09eb14c01e	Revert "Require unix-utils in path for windows make" This reverts commit `5d46cca09a`. In preparation of merging an external contribution that superseedes this Conflicts: ChangeLog	2015-02-16 15:25:31 +00:00
Mansour Moufid	c531b4af3c	Apply the semantic patch rm-malloc-cast.cocci. for dir in library programs; do spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \ --in-place; done	2015-02-16 10:43:52 +00:00
Manuel Pégourié-Gonnard	671589d9a2	Fix return code in cert_app	2015-02-16 09:24:08 +00:00
Manuel Pégourié-Gonnard	401caadebd	Align ssl_read in fork_server on ssl_server It was the only program using a weird do while( 0 ) with a continue inside	2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard	f53df4fcd8	Fix unchecked return values in mpi_demo	2015-02-16 09:13:40 +00:00
Manuel Pégourié-Gonnard	5c078e17b9	Fix memory leak on bad arguments in ssl_server2 Not a big deal, but was annoying in coverity results.	2015-02-16 09:13:40 +00:00
Alon Bar-Lev	18ba0cce8b	build: make: support windows cross compile Add WINDOWS_BUILD macro to enable Windows build on *NIX host. Add optional suffix for executables. Fix shared object suffix logic to support multiple suffixes. Fix soname handling to always match output. WINDOWS macro sets WINDOWS_BUILD. WINDOWS_BUILD sets .exe executable suffix. WINDOWS_BUILD shared mode creates dll import library. WINDOWS_BUILD shared mode link against dll. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>	2015-02-14 01:20:17 +02:00
Rich Evans	012acfc20f	modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit	2015-02-13 16:52:49 +00:00
Rich Evans	b92965be74	modify programs/*.c to use polarssl_snprintf	2015-02-13 16:51:44 +00:00
Manuel Pégourié-Gonnard	ac1f76c362	Merge remote-tracking branch 'rich/platform' into development * rich/platform: Remove dependency on sscanf in lib x509 Fix extra guard in memory_buffer_alloc rebase from development implemented macro overriding for polarssl_* library functions fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined add initial symbols to config and checks to check_config to allow use of macros to define standard functions reformat and arrange additions to config alphabetically add missing checks to check_config add macro definition of assert using polarssl_exit modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit add POLARSSL_PLATFORM_EXIT_ALT modify scripts/* and tests/* to use polarssl_snprintf modify programs/.c to use polarssl_snprintf modify library/debug.c to use polarssl_snprintf modify library/x509.c to use polarssl_snprintf modify library/net.c to use polarssl_snprintf modify oid.c to use polarssl_snprintf add platform_set_snprintf Conflicts: library/memory_buffer_alloc.c programs/pkey/pk_sign.c programs/pkey/pk_verify.c programs/pkey/rsa_sign_pss.c programs/pkey/rsa_verify_pss.c programs/ssl/ssl_client2.c programs/ssl/ssl_pthread_server.c programs/test/benchmark.c programs/test/ssl_cert_test.c	2015-02-13 15:11:24 +00:00
Manuel Pégourié-Gonnard	6c5abfa42b	Style: fix trailing spaces	2015-02-13 14:12:07 +00:00
Manuel Pégourié-Gonnard	013bffe5a7	Style: add spaces before line continuation	2015-02-13 14:09:44 +00:00
Rich Evans	77d3638497	modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit	2015-02-13 13:50:26 +00:00
Rich Evans	783d9d1c3e	modify programs/*.c to use polarssl_snprintf	2015-02-13 13:50:26 +00:00
Rich Evans	85b05ec389	Cleanup programs further removed casting of main args to void	2015-02-13 13:50:05 +00:00
Rich Evans	18b78c7498	cleanup programs Clean up the contents of programs, add more guards to includes, move all defines to the top of the top of files, remove some unused includes	2015-02-13 13:50:05 +00:00
Manuel Pégourié-Gonnard	5d46cca09a	Require unix-utils in path for windows make	2015-02-13 12:02:45 +00:00
Manuel Pégourié-Gonnard	1cc0a3405c	Fix missing includes in program	2015-02-10 12:18:15 +00:00
Manuel Pégourié-Gonnard	6f60cd848b	Move from SHA-1 to SHA-256 as default in programs	2015-02-10 11:31:58 +00:00
Manuel Pégourié-Gonnard	f224678864	Fix remaining printfs in programs	2015-01-29 13:29:20 +00:00
Manuel Pégourié-Gonnard	226d37ac6f	Fix merge issue	2015-01-29 13:15:48 +00:00
Manuel Pégourié-Gonnard	b8a923db2b	Merge branch 'development' into dtls * development: Fix left out printf's	2015-01-29 11:53:35 +00:00
Manuel Pégourié-Gonnard	7e81e7003f	Fix left out printf's	2015-01-29 11:47:41 +00:00
Manuel Pégourié-Gonnard	3d2c4b70f2	Fix url in new files	2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard	2a0718d947	Merge branch 'development' into dtls * development: (46 commits) Fix url again Fix small bug in base64_encode() Fix depend that was checked but not documented Fix dependency that was not checked Minor gitginore fixes Move some ignore patterns to subdirectories Ignore CMake/MSVC-related build files. Re-categorize changelog entry Fix misattribution Minor nits with stdout/stderr. Add cmake compatibility targets Add script for polarssl symlink creation Fix more stdio inclusion issues Add debug info for cert/suite selection Fix possible portability issue Fix bug in ssl_get_verify_result() aescrypt2.c local char array not initial Update Changelog Fix mips64 bignum implementation Fix usage string of ssl_client2 ... Conflicts: include/polarssl/ssl.h library/CMakeLists.txt library/Makefile programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c visualc/VS2010/PolarSSL.sln visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw	2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard	860b51642d	Fix url again	2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard	3f738ca40a	Move some ignore patterns to subdirectories	2015-01-28 15:33:23 +00:00
veggie	64a5799637	Minor nits with stdout/stderr.	2015-01-28 15:21:42 +00:00
wslfa	cc334eff3e	aescrypt2.c local char array not initial I change the main() function to a normal function, use many threads call it. so, in concurrent situation, these initial operation is necessary.	2015-01-28 15:28:30 +01:00
Manuel Pégourié-Gonnard	478fac4075	Fix usage string of ssl_client2 Found by Hannes Mehnert	2015-01-28 15:28:29 +01:00
Manuel Pégourié-Gonnard	7c9e75a836	Remove a few useless #defines	2015-01-28 15:28:29 +01:00
Rich Evans	f90016aade	Use platform layer in programs for consistency.	2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard	9014b6f227	Rename project in CMake TODO: to create symlinks to the old names!	2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard	6a4ae35788	Link to new name in programs & tests Makefiles	2015-01-27 14:03:24 +01:00
Manuel Pégourié-Gonnard	d43ccb66fb	Quit using deprecated header.	2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard	c26a092b50	Rename static lib name with make	2015-01-23 12:57:33 +00:00
Manuel Pégourié-Gonnard	dba564bc79	Fix files that are not in development	2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard	df6411d8d8	Merge branch 'development' into dtls * development: Fix website url to use https. Remove maintainer line. Remove redundant "all rights reserved"	2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard	085ab040aa	Fix website url to use https.	2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard	9698f5852c	Remove maintainer line.	2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard	19f6b5dfaa	Remove redundant "all rights reserved"	2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard	eab72e2ced	Merge branch 'development' into dtls * development: Update copyright Fix issue in compat.sh Rename doxyfile Rename to mbed TLS in tests/ Rename to mbed TLS in examples Remove old test certificates. Rename to mbed TLS in the documentation/comments Change name to mbed TLS in the copyright notice Conflicts: doxygen/input/doc_mainpage.h doxygen/mbedtls.doxyfile include/polarssl/version.h tests/compat.sh	2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard	a658a4051b	Update copyright	2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard	9169921271	Rename to mbed TLS in examples	2015-01-22 16:26:39 +00:00
Manuel Pégourié-Gonnard	b64d9a79a4	Remove old test certificates. Avoid duplication with those in tests/data_files	2015-01-22 16:25:32 +00:00
Manuel Pégourié-Gonnard	967a2a5f8c	Change name to mbed TLS in the copyright notice	2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard	3a173f497b	Merge branch 'development' into dtls * development: Fix error code description. generate_errors.pl now errors on duplicate codes Avoid nested if's without braces. Move renego SCSV after actual ciphersuites Fix send_close_notify usage. Rename variable for clarity Improve script portability Conflicts: library/ssl_srv.c programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-22 13:30:33 +00:00
Manuel Pégourié-Gonnard	34377b1e1c	Fix send_close_notify usage.	2015-01-22 10:46:46 +00:00
Manuel Pégourié-Gonnard	6a0017b7c0	Rename variable for clarity	2015-01-22 10:33:29 +00:00
Manuel Pégourié-Gonnard	23eb74d8b5	Fix issues with new defaults	2015-01-21 14:37:13 +00:00
Manuel Pégourié-Gonnard	67505bf9e8	Merge branch 'development' into dtls * development: Adapt tests to new defaults/errors. Fix typos/cosmetics in Changelog Disable RC4 by default in example programs. Add ssl_set_arc4_support() Set min version to TLS 1.0 in programs Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c tests/compat.sh	2015-01-21 13:57:33 +00:00
Manuel Pégourié-Gonnard	bfccdd3c92	Merge commit '36adc36' into dtls * commit '36adc36': Add support for getrandom() Use library default for trunc-hmac in ssl_client2 Make truncated hmac a runtime option server-side Fix portability issue in script Specific error for suites in common but none good Prefer SHA-1 certificates for pre-1.2 clients Some more refactoring/tuning. Minor refactoring Conflicts: include/polarssl/error.h include/polarssl/ssl.h library/error.c	2015-01-21 13:48:45 +00:00
Manuel Pégourié-Gonnard	0017c2be48	Merge commit '9835bc0' into dtls * commit '9835bc0': Fix racy test. Fix stupid error in previous commit Don't check errors on ssl_close_notify() Fix char signedness issue Fix issue with non-blocking I/O & record splitting Fix warning Conflicts: programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:42:16 +00:00
Manuel Pégourié-Gonnard	8fbb01ec84	Merge commit 'b2eaac1' into dtls * commit 'b2eaac1': Stop assuming chars are signed Add tests for CBC record splitting Fix tests that were failing with record splitting Allow disabling record splitting at runtime Add 1/n-1 record splitting Enhance doc on ssl_write() Conflicts: include/polarssl/ssl.h programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c	2015-01-21 13:37:08 +00:00
Manuel Pégourié-Gonnard	0af1ba3521	Merge commit 'f6080b8' into dtls * commit 'f6080b8': Fix warning in reduced configs Adapt to "negative" switch for renego Add tests for periodic renegotiation Make renego period configurable Auto-renegotiate before sequence number wrapping Update Changelog for compile-option renegotiation Switch from an enable to a disable flag Save 48 bytes if SSLv3 is not defined Make renegotiation a compile-time option Add tests for renego security enforcement Conflicts: include/polarssl/ssl.h library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c programs/ssl/ssl_server2.c tests/ssl-opt.sh	2015-01-21 11:54:33 +00:00
Manuel Pégourié-Gonnard	edb7ed3a43	Merge commit 'd7e2483' into dtls * commit 'd7e2483': (57 commits) Skip signature_algorithms ext if PSK only Fix bug in ssl_client2 reconnect option Cosmetics in ssl_server2 Improve debugging message. Fix net_usleep for durations greater than 1 second Use pk_load_file() in X509 Create ticket keys only if enabled Fix typo in #ifdef Clarify documentation a bit Fix comment on resumption Update comment from draft to RFC Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c Add recursion.pl to all.sh Allow x509_crt_verify_child() in recursion.pl Set a compile-time limit to X.509 chain length Fix 3DES -> DES in all.sh (+ time estimates) Add curves.pl to all.sh Rework all.sh to use MSan instead of valgrind Fix depends on individual curves in tests Add script to test depends on individual curves ... Conflicts: CMakeLists.txt programs/ssl/ssl_client2.c	2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard	f9c8a606b5	Merge commit '8b9bcec' into dtls * commit '8b9bcec': Stop assuming chars are signed Fix len miscalculation in buffer-based allocator Fix NULL dereference in buffer-based allocator Add test_suite_memory_buffer_alloc Add memory_buffer_alloc_self_test() Fix missing bound check Add test for ctr_drbg_update() input sanitizing Refactor for clearer correctness/security Stop assuming chars are signed Conflicts: library/ssl_tls.c	2015-01-20 16:38:39 +00:00
Paul Bakker	5b8f7eaa3e	Merge new security defaults for programs (RC4 disabled, SSL3 disabled)	2015-01-14 16:26:54 +01:00
Paul Bakker	c82b7e2003	Merge option to disable truncated hmac on the server-side	2015-01-14 16:16:55 +01:00
Manuel Pégourié-Gonnard	a92ed4845c	Fix stupid error in previous commit Since ret is no longer update by close_notify(), we need to reset it to 0 after a successful write.	2015-01-14 10:46:53 +01:00
Manuel Pégourié-Gonnard	687f89beab	Don't check errors on ssl_close_notify() Depending on timing we might get different errors (conn_reset, write failed) and ignoring them all ends up being almost the same as just not checking errors.	2015-01-13 21:48:12 +01:00
Paul Bakker	b2eaac154b	Stop assuming chars are signed	2015-01-13 17:15:31 +01:00
Paul Bakker	f3561154ff	Merge support for 1/n-1 record splitting	2015-01-13 16:31:34 +01:00
Paul Bakker	f6080b8557	Merge support for enabling / disabling renegotiation support at compile-time	2015-01-13 16:18:23 +01:00
Paul Bakker	d7e2483bfc	Merge miscellaneous fixes into development	2015-01-13 16:04:38 +01:00
Paul Bakker	8b9bcecaae	Stop assuming chars are signed	2015-01-13 15:59:55 +01:00
Manuel Pégourié-Gonnard	5ba1d52f96	Add memory_buffer_alloc_self_test()	2015-01-13 14:58:00 +01:00
Paul Bakker	d9e2dd2bb0	Merge support for Encrypt-then-MAC	2015-01-13 14:23:56 +01:00
Manuel Pégourié-Gonnard	fa06581c73	Disable RC4 by default in example programs.	2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard	bd47a58221	Add ssl_set_arc4_support() Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting.	2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard	982865618a	Stop assuming chars are signed (They aren't on ARM by default.)	2015-01-12 19:17:05 +01:00
Manuel Pégourié-Gonnard	448ea506bf	Set min version to TLS 1.0 in programs	2015-01-12 12:32:04 +01:00
Manuel Pégourié-Gonnard	265fe997ff	Use library default for trunc-hmac in ssl_client2	2015-01-09 12:53:19 +01:00
Manuel Pégourié-Gonnard	e117a8fc0d	Make truncated hmac a runtime option server-side Reading the documentation of ssl_set_truncated_hmac() may give the impression I changed the default for clients but I didn't, the old documentation was wrong.	2015-01-09 12:52:20 +01:00
Manuel Pégourié-Gonnard	c82ee3555f	Fix tests that were failing with record splitting	2015-01-07 16:39:10 +01:00
Manuel Pégourié-Gonnard	590f416142	Add tests for periodic renegotiation	2014-12-02 10:40:55 +01:00
Manuel Pégourié-Gonnard	615e677c0b	Make renegotiation a compile-time option	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	85d915b81d	Add tests for renego security enforcement	2014-12-02 10:40:54 +01:00
Manuel Pégourié-Gonnard	d3b90f797d	Fix bug in ssl_client2 reconnect option	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	f29e5de09d	Cosmetics in ssl_server2	2014-11-27 17:44:46 +01:00
Manuel Pégourié-Gonnard	0975ad928d	Merge branch 'etm' into dtls * etm: Fix some more warnings in reduced configs Fix typo causing MSVC errors	2014-11-17 15:07:17 +01:00
Manuel Pégourié-Gonnard	be6ce835a2	Fix typo causing MSVC errors	2014-11-17 14:29:36 +01:00
Manuel Pégourié-Gonnard	3a3066c3ee	ssl_server2 now exits on signal during a read too	2014-11-17 12:50:34 +01:00
Manuel Pégourié-Gonnard	403a86f73d	ssl_server2: exit cleanly on SIGINT too	2014-11-17 12:46:49 +01:00
Manuel Pégourié-Gonnard	49aa99e653	Fix exit codes in cert_app	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	f9d778d635	Merge branch 'etm' into dtls * etm: Fix warning in reduced config Update Changelog for EtM Keep EtM state across renegotiations Adjust minimum length for EtM Don't send back EtM extension if not using CBC Fix for the RFC erratum Implement EtM Preparation for EtM Implement initial negotiation of EtM Conflicts: include/polarssl/check_config.h	2014-11-06 01:36:32 +01:00
Manuel Pégourié-Gonnard	56d985d0a6	Merge branch 'session-hash' into dtls * session-hash: Update Changelog for session-hash Make session-hash depend on TLS versions Forbid extended master secret with SSLv3 compat.sh: allow git version of gnutls compat.sh: make options a bit more robust Implement extended master secret Add negotiation of Extended Master Secret Conflicts: include/polarssl/check_config.h programs/ssl/ssl_server2.c	2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard	fedba98ede	Merge branch 'fb-scsv' into dtls * fb-scsv: Update Changelog for FALLBACK_SCSV Implement FALLBACK_SCSV server-side Implement FALLBACK_SCSV client-side	2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard	699cafaea2	Implement initial negotiation of EtM Not implemented yet: - actually using EtM - conditions on renegotiation	2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard	1cbd39dbeb	Implement FALLBACK_SCSV client-side	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	367381fddd	Add negotiation of Extended Master Secret (But not the actual thing yet.)	2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard	a6ace04c5c	Test for lost HelloRequest	2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard	e698f59a25	Add tests for ssl_set_dtls_badmac_limit()	2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard	9b35f18f66	Add ssl_get_record_expansion()	2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard	e63582a166	Add dlts_client.c and dtls_server.c	2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard	dc6a75a952	ERR_NET_CONN_RESET can't happen with UDP	2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard	caecdaed25	Cosmetics in ssl_server2 & complete tests for HVR	2014-10-21 16:32:54 +02:00
Manuel Pégourié-Gonnard	2d87e419e0	Adapt ssl_{client,server}2.c to datagram write	2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard	994f8b554f	Ok for close_notify to fail	2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard	ba958b8bdc	Add test for server-initiated renego Just assuming the HelloRequest isn't lost for now	2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard	a9d7d03e30	SIGTERM also interrupts server2 during net_read()	2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard	6a2bc23f63	Allow exchanges=0 in ssl_server2 Useful for testing with defensics with no data exchange	2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard	cce220d6aa	Adapt ssl_server2 to datagram-style read	2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard	85beb30b11	Add test for resumption with non-blocking I/O	2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard	f1e0df3ccd	Allow ssl_client2 to resend on read timeout	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	6b65141718	Implement ssl_read() timeout (DTLS only for now)	2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard	d823bd0a04	Add handshake_timeout option to test server/client	2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard	ce8588c9ef	Make udp_proxy more robust There seemed to be some race conditions with server closing its fd right after sending HelloVerifyRequest causing the proxy to exit after a failed read.	2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard	f03651217c	Adapt programs to use nbio with DTLS	2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard	bd97fdb3a4	Make ssl_server2's HVR handling more realistic It makes not sense to keep the connection open until the client is verified. Until now it was useful since closing it crates a race where the second ClientHello might be lost. But now that our client is able to resend, that's not an issue any more.	2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard	fa60f128d6	Quit using "yes" in ssl-opt.sh with openssl It caused s_server to send an AppData record of 16Kb every millisecond or so, which destroyed readability of the proxy and client logs.	2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard	ae666c5092	proxy: avoid always dropping the same packet	2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard	d0fd1daa6b	Add test with proxy and openssl server	2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard	8cc7e03ae0	udp_proxy: show encrypted messages as encrypted	2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard	6265d305f1	Fix some delayed packets going the wrong way	2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard	bf02319b58	udp_proxy: don't overwrite delayed packets	2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard	2739313cea	Make anti-replay a runtime option	2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard	6312e0f4e6	udp_proxy: allow successive clients	2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard	484b8f9ed8	Fix bug in ssl_client2 reconnect option	2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard	b46780edee	Enlarge udp_proxy's message buffer	2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard	ae8d2399a5	udp_proxy: also drop messages from the last flight	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	992e13665d	Make decisions pseudo-random in udp_proxy	2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard	bc010a045c	udp_proxy: don't drop messages in the last flight Resending the last flight is on the todo-list, but I want to be able to test what's already done now.	2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard	b6440a496b	ssl_server2 now dies on SIGTERM during a read	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	7cf3518284	Enhance output of udp_proxy (with time)	2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard	a014829024	Use ssl_set_bio_timeout() in test client/server	2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard	63eca930d7	Drop invalid records with DTLS	2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard	6c18a39807	Add option 'bad_ad' to udp_proxy	2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard	eb00bfd9c2	Add option 'mtu' to udp_proxy	2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard	81f2fe9f08	Add option 'delay_ccs' to udp_proxy	2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard	60fdd7e0f2	Add option 'drop' to udp_proxy	2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard	21398c37c0	Add option 'delay' to udp_proxy	2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard	2c41bd85e0	Add a 'duplicate' option to udp_proxy	2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard	44d5e63e6a	Enhance output of udp_proxy	2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard	cb4137b646	Add test utility udp_proxy Currently just forwards: will delay, duplicate and drop later.	2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard	4ba6ab6d0d	Fix glitch with HelloVerifyRequest With the close-rebind strategy, sometimes the second ClientHello was lost (if received before close), and since our client doesn't resend yet, the tests would fail (no problem with other client that resend). Anyway, it's not really clean to lose messages.	2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard	26820e3061	Add option 'cookies' to ssl_server2	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	a64acd4f84	Add separate SSL_COOKIE_C define	2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard	232edd46be	Move cookie callbacks implementation to own module	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	d485d194f9	Move to a callback interface for DTLS cookies	2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard	82202f0a9c	Make DTLS_HELLO_VERIFY a compile option	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	98545f128a	Generate random key for HelloVerifyRequest	2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard	336b824f07	Use ssl_set_client_transport_id() in ssl_server2	2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard	ae5050c212	Start adapting ssl_client2 to datagram I/O	2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard	798f15a500	Fix version adjustments with force_ciphersuite	2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard	fe3f73bdeb	Allow force_version to select DTLS	2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard	8a06d9c5d6	Actually use UDP for DTLS in test client/server	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	f5a1312eaa	Add UDP support to the NET module	2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard	83218f1da1	Add dtls version aliases to test serv/cli	2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard	864a81fdc0	More ssl_set_XXX() functions can return BAD_INPUT	2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard	e29fd4beaf	Add a dtls option to test server and client	2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard	f138874811	Properly send close_notify in ssl_client2	2014-08-19 16:14:36 +02:00
Manuel Pégourié-Gonnard	a8c0a0dbd0	Add "exchanges" option to test server and client Goal is to test renegotiation better: we need more than one exchange for server-initiated renego to work reliably (the previous hack for this wouldn't work with non-blocking I/O and probably not with DTLS either). Also check message termination in a semi-realistic way.	2014-08-19 13:26:05 +02:00
Manuel Pégourié-Gonnard	296e3b1174	Request renego before write in ssl_server2 Will be useful for: - detecting termination of messages by other means than connection close - DTLS (can be seen as a special case of the above: datagram-oriented)	2014-08-19 12:59:03 +02:00
Manuel Pégourié-Gonnard	e08660e612	Fix ssl_read() and close_notify error handling in programs	2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard	67686c42e6	Fix undocumented option in ssl_server2	2014-08-19 10:34:37 +02:00
Manuel Pégourié-Gonnard	250b1ca6f3	Fix ssl_server2 exiting on recoverable errors	2014-08-19 10:34:37 +02:00
Paul Bakker	bc3e54c70d	Fix overly rigorous defines in ssl_server2.c	2014-08-18 14:36:17 +02:00
Paul Bakker	d153ef335f	Missing dependencies on POLARSSL_ECP_C fixed	2014-08-18 12:00:28 +02:00
Paul Bakker	09c9dd80ef	Revert `42cc641`. Issue already fixed in `333fdec`.	2014-08-18 11:06:56 +02:00
Paul Bakker	c1283d3f4c	Only use signal() in ssl_server2 on non-Windows platforms	2014-08-18 11:05:51 +02:00
Manuel Pégourié-Gonnard	dcab293bd4	Get rid of SERVERQUIT code in ssl_{client,server}2	2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard	db49330e08	ssl_server2 aborts cleanly on SIGTERM (while waiting for a new connection)	2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard	a39416ff38	Fix bounds and error checking in gen_key.c	2014-08-14 11:34:35 +02:00
Alfred Klomp	7c03424d1c	ssl_mail_client.c: silence warning, check base64_encode() status Found with Clang's `scan-build` tool. ssl_mail_client.c does a dead store by assigning the return value of base64_encode() to `len` and not using the value. This causes scan-build to issue a warning. Instead of storing the return value into `len`, store it to `ret`, since base64_encode() returns a status code, not a length. Also check if the return value is nonzero and print an error; this silences scan-build.	2014-08-14 11:34:35 +02:00
Alfred Klomp	5b78f219d0	ssl_test.c: remove dead store, assign at declaration Found with Clang's `scan-build` tool. The store to `ret` is not used, it's overwritten shortly after. Assign the value of 1 at declaration time instead to silence scan-build.	2014-08-14 11:34:34 +02:00
Alfred Klomp	1d42b3ea7e	pem2der.c: fix double-free bug Found with Clang's `scan-build` tool. load_file() allocates memory to a char parameter. It then tries to fread() a file, and if that fails, frees the memory and returns to caller. However, the char is not reset to NULL, which causes a double-free error when the caller later passes it to free().	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	42cc641159	Don't print uninitialized buffer in ssl_mail_client	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	9dbe7c5f17	Remove unreachable code from ssl_pthread_server	2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard	955028f858	Fix compile error in ssl_pthread_server	2014-08-14 11:34:33 +02:00
Paul Bakker	333fdeca3a	Properly initialize buf	2014-08-04 12:12:09 +02:00
Paul Bakker	3966d71fa8	gen_key should open file as binary for writing DER keys	2014-07-10 15:27:09 +02:00
Paul Bakker	d2a2d61a68	Adapt programs / test suites	2014-07-09 10:19:24 +02:00
Paul Bakker	a317a98221	Adapt programs / test suites	2014-07-09 10:19:24 +02:00
Paul Bakker	14e8be4d33	Adapted programs / test suites to _init() and _free()	2014-07-09 10:19:23 +02:00
Paul Bakker	8cfd9d8c59	Adapt programs / test suites to _init() and _free()	2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard	c5fd391e04	Check return value of ssl_set_xxx() in programs	2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard	4e3e7c2944	Clarify comment in program	2014-07-08 14:20:26 +02:00
Paul Bakker	8fb99abaac	Merge changes for leaner memory footprint	2014-07-04 15:02:19 +02:00
Manuel Pégourié-Gonnard	481fcfde93	Make PSK_LEN configurable and adjust PMS size	2014-07-04 14:59:08 +02:00
Manuel Pégourié-Gonnard	fae355e8ee	Add tests for ssl_set_renegotiation_enforced()	2014-07-04 14:32:27 +02:00
Paul Bakker	2a45d1c8bb	Merge changes to config examples and configuration issues	2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard	dea29c51fd	Extend request_size to small sizes in ssl_client2	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	0669f272e9	Fix printing large packets in ssl_server2	2014-06-25 11:26:11 +02:00
Manuel Pégourié-Gonnard	8a4d571af8	Fix warnings in no-SSL configs	2014-06-24 14:19:59 +02:00
Manuel Pégourié-Gonnard	f9378d8f11	Fix dependencies on PEM in tests and programs	2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard	4505ed3c90	Fix missing free() with recent ssl_server2 options	2014-06-20 18:35:16 +02:00
Paul Bakker	3c38f29a61	Fix DER output of gen_key app (found by Gergely Budai)	2014-06-14 16:46:43 +02:00
Manuel Pégourié-Gonnard	7680698d02	Temporarily disable timing test on non-Linux	2014-06-13 18:04:42 +02:00
Paul Bakker	8880cb52f7	Handle missing CRL parsing gracefully	2014-06-12 23:22:26 +02:00
Paul Bakker	9b7fb6f68e	Prevent warning for possibly uninitialized variable in ssl_server2	2014-06-12 23:01:43 +02:00
Paul Bakker	508e573231	Merge tests for asn1write, XTEA and Entropy modules	2014-06-12 21:26:33 +02:00
Paul Bakker	14c78c93d5	Merge more SSL tests and required ssl_server2 additions	2014-06-12 21:24:34 +02:00
Manuel Pégourié-Gonnard	e1ac0f8c5d	Add back timing selftest with new hardclock test	2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard	8de259b953	Minor code simplification in ssl programs	2014-06-11 18:35:33 +02:00
Manuel Pégourié-Gonnard	95c0a63023	Add tests for ssl_get_bytes_avail()	2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard	e7a3b10dcc	Use ssl_get_bytes_avail() in ssl_server2.	2014-06-11 18:34:47 +02:00
Manuel Pégourié-Gonnard	6dc0781aba	Add version_suites option to ssl_server2	2014-06-11 14:07:14 +02:00
Manuel Pégourié-Gonnard	4dd73925ab	Add entropy_self_test()	2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard	dc019b9559	Use ssl_set_psk() only when a psk is given	2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard	fdee74b8d6	Simplify some option parsing code	2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard	80c8553a1a	Add psk_list option to ssl_server2: PSK callback	2014-06-10 15:32:02 +02:00
Manuel Pégourié-Gonnard	9e27163acd	Refactor PSK parsing in ssl_server2	2014-06-10 15:32:01 +02:00
Manuel Pégourié-Gonnard	736699c08c	Add a dhm_file option to ssl_server2	2014-06-10 15:32:01 +02:00
Paul Bakker	1fd325309b	Add option 'crl_file' to cert_app	2014-05-28 11:36:38 +02:00
Paul Bakker	1ebc0c592c	Fix typos	2014-05-22 15:47:58 +02:00
Paul Bakker	b5212b436f	Merge CCM cipher mode and ciphersuites Conflicts: library/ssl_tls.c	2014-05-22 15:30:31 +02:00
Paul Bakker	0c5e4290e1	benchmark application also works without POLARSSL_ERROR_C	2014-05-22 14:11:13 +02:00
Manuel Pégourié-Gonnard	58d78a8d70	Add CCM to benchmark	2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard	a6916fada8	Add (placeholder) CCM module	2014-05-06 11:28:09 +02:00
Paul Bakker	525f87559f	Cast alpn_list to void * to prevent MSVC compiler warnings	2014-05-01 10:59:27 +02:00
Manuel Pégourié-Gonnard	cef4ad2509	Adapt sources to configurable config.h name	2014-04-30 16:40:20 +02:00
Paul Bakker	c73079a78c	Add debug_set_threshold() and thresholding of messages	2014-04-25 16:58:16 +02:00
Paul Bakker	93c32b21b3	Allow ssl_client to pad request to SSL_MAX_CONTENT_LEN	2014-04-25 16:58:12 +02:00
Paul Bakker	fdba46885b	cert_write app should use subject of issuer certificate as issuer of cert	2014-04-25 11:48:35 +02:00
Paul Bakker	8a0c0a9ed9	Check additional return values in some test cases	2014-04-17 17:24:23 +02:00
Paul Bakker	df71dd1618	Cleaner initialization (values did not matter, but were uninitialized)	2014-04-17 16:03:48 +02:00
Paul Bakker	030decdb4e	Actually increment the loop counter to quit in ssl_fork_server	2014-04-17 16:03:23 +02:00
Paul Bakker	0c22610693	Cleaned up location of init and free for some programs to prevent memory leaks on incorrect arguments	2014-04-17 16:02:36 +02:00
Paul Bakker	cbe3d0d5cc	Added return value checking for correctness in programs	2014-04-17 16:00:59 +02:00
Paul Bakker	1cfc45835f	Add option 'use_dev_random' to gen_key application	2014-04-09 15:49:58 +02:00
Manuel Pégourié-Gonnard	0f79babd4b	Disable timing_selftest() for now	2014-04-09 15:49:51 +02:00
Paul Bakker	17b85cbd69	Merged additional tests and improved code coverage Conflicts: ChangeLog	2014-04-08 14:38:48 +02:00
Paul Bakker	0763a401a7	Merged support for the ALPN extension	2014-04-08 14:37:12 +02:00
Shuo Chen	95a0d118a9	Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined.	2014-04-08 10:53:51 +02:00
Manuel Pégourié-Gonnard	1bd2281260	Add an alpn option to ssl_client2 and ssl_server2	2014-04-05 14:51:42 +02:00
Manuel Pégourié-Gonnard	13a1ef8600	Misc selftest adjustements	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	470fc935b5	Add timing_self_test() with consistency tests	2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard	388dac4037	Still test pbkdf2 while it's there	2014-04-04 16:33:00 +02:00
Manuel Pégourié-Gonnard	6b0d268bc9	Add ssl_close_notify() to servers that missed it	2014-03-31 11:28:11 +02:00
Manuel Pégourié-Gonnard	00d538f8f9	Disable renegotiation by default in example cli/srv	2014-03-31 11:03:06 +02:00
Paul Bakker	5a1d687274	Fixed typo introduced in `486485b`	2014-03-26 11:20:05 +01:00
Manuel Pégourié-Gonnard	486485bc07	PBKDF2 -> PKCS5 in selftest.c	2014-03-20 09:59:51 +01:00
Paul Bakker	a4b0343edf	Merged massive SSL Testing improvements	2014-03-14 16:30:36 +01:00
Manuel Pégourié-Gonnard	84fd6877c6	Use ssl_client2 to terminate ssl_server2	2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard	5b2d776d2a	GnuTLS in compat.sh: server-side	2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard	3e1b178ba2	Add options for no certificates in test srv/cli	2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard	5575316385	Add options for non-blocking I/O in test cli & srv	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	0d8780b2cd	Add a server_adrr option to ssl_client2	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	5d917ff6a8	Add a 'sni' option to ssl_server2	2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard	dbe1ee1988	Add tests for session ticket lifetime	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	c55a5b7d6f	Add tests for cache timeout	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	4c88345f19	Add test for ssl_cache max_entries	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	780d671f9d	Add tests for renegotiation	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	2fc243d06a	Rearrange help messages of example cli/srv	2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard	fcf2fc2960	Make auth_mode=required the default in ssl_client2	2014-03-13 19:25:07 +01:00
Manuel Pégourié-Gonnard	844a4c0aef	Fix RSASSA-PSS example programs	2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard	c580a00e3c	Print protocol version in example cli/srv	2014-02-12 10:15:30 +01:00
Paul Bakker	64abd83b67	Fixed file descriptor leak in generic_sum	2014-02-06 15:03:06 +01:00
Paul Bakker	247b487d61	Missing 'else' in gen_key	2014-02-06 14:33:52 +01:00
Gergely Budai	a5d336bcec	Increase title size (fits to increased curve names). Give verbose errors on failures.	2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard	79afaa0551	Add hmac_drbg_selftest()	2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard	fef0f8f55a	Add HMAC_DRBG to benchmark	2014-01-30 23:17:33 +01:00
Paul Bakker	d75ba40cc3	SMTP lines are officially terminated with CRLF, ssl_mail_client fixed	2014-01-24 16:12:18 +01:00
Paul Bakker	5eb264cfa7	Minor fixes to o_p_test.c (CMakeLists.txt and includes)	2014-01-23 15:47:29 +01:00
Paul Bakker	5862eee4ca	Merged RIPEMD-160 support	2014-01-22 14:18:34 +01:00
Paul Bakker	61b699ed1b	Renamed RMD160 to RIPEMD160	2014-01-22 14:17:31 +01:00
Manuel Pégourié-Gonnard	2f5217ea02	Gitignore ssl_pthread_server	2014-01-22 12:56:06 +01:00
Manuel Pégourié-Gonnard	1744d72902	Add RIPEMD-160 to selftest	2014-01-17 14:46:36 +01:00
Manuel Pégourié-Gonnard	01b0b38421	Add RIPEMD-160 to benchmark	2014-01-17 14:29:46 +01:00
Paul Bakker	caf0e60969	Forced cast to unsigned int for %u format in the ecdsa application	2013-12-30 19:15:48 +01:00
Paul Bakker	f0fc2a27b0	Properly put the pragma comment for the MSVC linker in defines	2013-12-30 15:42:43 +01:00
Paul Bakker	29e86eae29	Removed 'z' length modifier from format in ecdsa program	2013-12-30 15:38:48 +01:00
Paul Bakker	3e72f6effd	Only search for Pthread on Windows platforms	2013-12-30 15:28:46 +01:00
Paul Bakker	f9c4953e39	Added version of the SSL pthread server example	2013-12-30 14:55:54 +01:00
Paul Bakker	5a607d26b7	Merged IPv6 support in the NET module	2013-12-17 14:34:19 +01:00
Paul Bakker	f70fe81a6e	Fixed memory leak in benchmark application	2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard	18d31f8e59	Make listening address configurable in ssl_server2	2013-12-17 12:00:57 +01:00
Paul Bakker	014f143c2a	Merged EC key generation support	2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard	6e16cdb37c	Allow curve selection in gen_key	2013-11-30 15:32:47 +01:00
Paul Bakker	fdda785248	Removed dependency on unistd.h for MSVC in apps	2013-11-30 15:15:31 +01:00
Paul Bakker	840ab20ea2	Explicit conversions to int from size_t for MSVC (64-bit) in apps	2013-11-30 15:14:38 +01:00
Paul Bakker	c97f9f6465	Removed making commandline arguments case insensitive	2013-11-30 15:14:11 +01:00
Manuel Pégourié-Gonnard	49d738b50d	Ignore file generated by gen_key	2013-11-30 14:39:15 +01:00
Manuel Pégourié-Gonnard	8c237710a0	Start adding EC support in gen_key	2013-11-30 14:36:54 +01:00
Paul Bakker	a8239a4490	Removed Windows auto-spawn client code	2013-11-29 11:16:37 +01:00
Manuel Pégourié-Gonnard	0f2eacbd09	crypt_and_hash: check MAC earlier	2013-11-26 15:19:57 +01:00
Paul Bakker	e4c71f0e11	Merged Prime generation improvements	2013-11-25 14:27:28 +01:00
Paul Bakker	8fc30b178c	Various const fixes	2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard	5e1e61124a	Insert warning about time in dh_genprime	2013-11-22 21:16:10 +01:00
Paul Bakker	993e386a73	Merged renegotiation refactoring	2013-10-31 14:32:38 +01:00
Manuel Pégourié-Gonnard	291f9af935	Make all hash checking in programs constant-time	2013-10-31 14:22:27 +01:00
Paul Bakker	424cd6943c	Check HMAC in constant-time in crypt_and_hash	2013-10-31 14:22:08 +01:00
Manuel Pégourié-Gonnard	6d8404d6ba	Server: enforce renegotiation	2013-10-30 16:48:10 +01:00
Manuel Pégourié-Gonnard	9c1e1898b6	Move some code around, improve documentation	2013-10-30 16:48:09 +01:00
Manuel Pégourié-Gonnard	f3dc2f6a1d	Add code for testing server-initiated renegotiation	2013-10-30 16:46:46 +01:00
Manuel Pégourié-Gonnard	53b3e0603b	Add code for testing client-initiated renegotiation	2013-10-30 16:46:46 +01:00
Paul Bakker	60b1d10131	Fixed spelling / typos (from PowerDNS:codespell)	2013-10-29 10:02:51 +01:00
Paul Bakker	93c6aa4014	Fixed that selfsign copies issuer_name to subject_name	2013-10-28 22:29:11 +01:00
Paul Bakker	08bb187bb6	Merged Public Key framwork tests	2013-10-28 14:11:09 +01:00
Manuel Pégourié-Gonnard	3daaf3d21d	X509 key identifiers depend on SHA1	2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard	b0a467fdbe	Start adding a PK test suite	2013-10-15 15:19:59 +02:00
Paul Bakker	f34673e37b	Merged RSA-PSK key-exchange and ciphersuites	2013-10-15 12:46:41 +02:00
Paul Bakker	376e8153a0	Merged ECDHE-PSK ciphersuites	2013-10-15 12:45:36 +02:00
Manuel Pégourié-Gonnard	8a3c64d73f	Fix and simplify *-PSK ifdef's	2013-10-14 19:54:10 +02:00
Manuel Pégourié-Gonnard	1b62c7f93d	Fix dependencies and related issues	2013-10-14 14:02:19 +02:00
Paul Bakker	b799dec4c0	Merged support for Brainpool curves and ciphersuites	2013-10-11 10:05:43 +02:00
Manuel Pégourié-Gonnard	2f77ce3658	Fix forgotten snprintf define for MSVC	2013-10-11 09:17:19 +02:00
Manuel Pégourié-Gonnard	22f64c8a9a	Cosmetics in benchmark	2013-10-10 13:21:48 +02:00
Paul Bakker	1337affc91	Buffer allocator threading support	2013-09-29 15:02:11 +02:00
Paul Bakker	1ffefaca1e	Introduced entropy_free()	2013-09-29 15:01:42 +02:00
Paul Bakker	396333e0a3	Updated ssl_test to handle EOF return value	2013-09-28 11:08:43 +02:00
Manuel Pégourié-Gonnard	a0fdf8b0a0	Simplify the way default certs are used	2013-09-25 14:05:49 +02:00
Manuel Pégourié-Gonnard	641de714b6	Use both RSA and ECDSA CA if available	2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard	ac8474fb1c	Changed default cert loading in ssl_server2	2013-09-25 11:35:15 +02:00
Manuel Pégourié-Gonnard	b095a7bf29	Offer both RSA and ECDSA by default in ssl_server2	2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard	3ebb2cdb52	Add support for multiple server certificates	2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard	cbf3ef3861	RSA and ECDSA key exchanges don't depend on CRL	2013-09-24 21:25:53 +02:00
Paul Bakker	15b9b3a7e0	Key generation tool	2013-09-23 13:25:44 +02:00
Manuel Pégourié-Gonnard	abd6e02b7b	Rm _CRT_SECURE_NO_DEPRECATE for programs (Already in config.h.)	2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard	3bd2aae5a5	Add forgotten initializations	2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard	7831b0cb3c	A few more issues with small configurations	2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard	a7496f00ff	Fix a few more warnings in small configurations	2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard	92e5b59355	Fix some dependencies/warnings in programs	2013-09-20 10:58:58 +02:00
Manuel Pégourié-Gonnard	da179e4870	Add ecp_curve_list(), hide ecp_supported_curves	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	56cd319f0e	Add human-friendly name in ecp_curve_info	2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard	803bb312a3	Remove ecp-bench (now in general benchmark)	2013-09-18 15:37:43 +02:00
Paul Bakker	940f9ce515	Added pk_decrypt, pk_encrypt, pk_sign, pk_verify example applications	2013-09-18 15:34:57 +02:00
Paul Bakker	2e24ca74b0	Updated key_app.c and key_app_writer.c for EC key printing	2013-09-18 15:25:16 +02:00
Manuel Pégourié-Gonnard	cc34f95b43	Include ECDSA and ECDH in benchmark	2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard	ed7cbe92d5	Allow selection of what to benchmark	2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard	8271f2ffb5	Shorten benchmark source using macros and loops	2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard	15d5de1969	Simplify usage of DHM blinding	2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard	568c9cf878	Add ecp_supported_curves and simplify some code	2013-09-18 14:34:34 +02:00
Manuel Pégourié-Gonnard	1b57878e4a	Add missing VS project files, generated by script	2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard	68821da01e	Fix clang warnings in applications Some fd would be used uninitialized if we goto exit early.	2013-09-18 14:34:33 +02:00
Manuel Pégourié-Gonnard	4cf0686d6d	Remove spurious '+ 3' in ecdsa_write_signature()	2013-09-18 14:34:33 +02:00
Paul Bakker	c559c7a680	Renamed x509_cert structure to x509_crt for consistency	2013-09-18 14:32:52 +02:00
Paul Bakker	ddf26b4e38	Renamed x509parse_* functions to new form e.g. x509parse_crtfile -> x509_crt_parse_file	2013-09-18 13:46:23 +02:00
Paul Bakker	369d2eb2a2	Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()	2013-09-18 12:01:43 +02:00
Paul Bakker	86d0c1949e	Generalized function names of x509 functions not parse-specific x509parse_serial_gets -> x509_serial_gets x509parse_dn_gets -> x509_dn_gets x509parse_time_expired -> x509_time_expired	2013-09-18 12:01:42 +02:00
Paul Bakker	7fc7fa630f	cert_write application also works without POLARSSL_X509_CSR_PARSE_C	2013-09-17 14:44:00 +02:00
Paul Bakker	36713e8ed9	Fixed bunch of X509_PARSE related defines / dependencies	2013-09-17 13:25:29 +02:00
Paul Bakker	30520d1776	Moved rsa_sign_pss / rsa_verify_pss to use PK for key reading	2013-09-17 11:39:31 +02:00
Paul Bakker	1525495330	Key app updated to support pk_context / ECP keypairs	2013-09-17 11:24:56 +02:00
Paul Bakker	7504d7f806	Fixed X509 define in selftest.c	2013-09-16 22:56:18 +02:00
Paul Bakker	7c6b2c320e	Split up X509 files into smaller modules	2013-09-16 21:41:54 +02:00
Paul Bakker	ace02867f6	Do not lowercase key values in arguments in cert_app.c	2013-09-16 21:40:34 +02:00
Paul Bakker	40ce79f1e6	Moved DHM parsing from X509 module to DHM module	2013-09-15 17:43:54 +02:00
Paul Bakker	9a97c5d894	Fixed warnings in case application dependencies are not met	2013-09-15 17:07:33 +02:00
Paul Bakker	c7bb02be77	Moved PK key writing from X509 module to PK module	2013-09-15 14:54:56 +02:00
Paul Bakker	1a7550ac67	Moved PK key parsing from X509 module to PK module	2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard	92cb1d3a91	Make CBC an option, step 3: individual ciphers	2013-09-13 17:25:43 +02:00
Paul Bakker	9013af76a3	Merged major refactoring of x509write module into development This refactoring adds support for proper CSR writing and X509 certificate generation / signing	2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard	26b4d45f49	Fix key_app_writer	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	31e59400d2	Add missing f_rng/p_rng arguments to x509write_crt	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	f38e71afd5	Convert x509write_crt interface to PK	2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard	ee73179b2f	Adapt x509write_csr prototypes for PK	2013-09-12 11:57:00 +02:00
Paul Bakker	8f0423afbc	Fix for benchmark app after GCM refactoring merge	2013-09-10 14:51:50 +02:00
Paul Bakker	c0dcf0ceb1	Merged blinding additions for EC, RSA and DHM into development	2013-09-10 14:44:27 +02:00
Paul Bakker	b2d7f23592	Ability to selfsign certificates added to cert_write app	2013-09-09 16:24:18 +02:00
Paul Bakker	4122f3eacf	Removed POLARSSL_ERROR_C define and added as requirement defing for cert_req and cert_write apps	2013-09-09 16:01:46 +02:00
Paul Bakker	80d44fee2e	Moved 'define handling code' to top	2013-09-09 15:59:20 +02:00
Paul Bakker	e2673fb34b	cert_write app now parses presented CSR for subject name and key	2013-09-09 15:56:09 +02:00
Paul Bakker	f9f377e652	CSR Parsing (without attributes / extensions) implemented	2013-09-09 15:35:10 +02:00
Paul Bakker	8693274219	Small typo in usage of cert_req app	2013-09-09 14:09:42 +02:00
Paul Bakker	1014e95775	Use issuer_name from the issuer_certificate in cert_write app	2013-09-09 13:59:42 +02:00
Paul Bakker	52be08c299	Added support for writing Key Usage and NS Cert Type extensions	2013-09-09 12:38:45 +02:00
Paul Bakker	cd35803684	Changes x509_csr to x509write_csr	2013-09-09 12:38:45 +02:00
Manuel Pégourié-Gonnard	e8ea0c0421	Fix exit value on SERVERQUIT	2013-09-08 20:08:24 +02:00
Manuel Pégourié-Gonnard	ce6352a791	Add benchmark for fixed-DHM with blinding	2013-09-07 13:05:52 +02:00
Manuel Pégourié-Gonnard	1a2012459b	Fix undetected errors in benchmark dhm_calc_secret() was exiting early, leading to wrong results	2013-09-07 12:27:35 +02:00
Manuel Pégourié-Gonnard	337b29c334	Test and document EC blinding overhead	2013-09-07 11:52:27 +02:00
Paul Bakker	15162a054a	Writing of X509v3 extensions supported Standard extensions already in: basicConstraints, subjectKeyIdentifier and authorityKeyIdentifier	2013-09-06 19:27:21 +02:00
Paul Bakker	9397dcb0e8	Base X509 certificate writing functinality	2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard	cac5f7d737	Update benchmarks for new prototypes	2013-09-04 17:19:18 +02:00
Manuel Pégourié-Gonnard	2d627649bf	Change dhm_calc_secret() prototype	2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard	aa9ffc5e98	Split tag handling out of cipher_finish()	2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard	2adc40c346	Split cipher_update_ad() out or cipher_reset()	2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard	9c853b910c	Split cipher_set_iv() out of cipher_reset()	2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard	9241be7ac5	Change cipher prototypes for GCM	2013-08-31 18:07:42 +02:00
Paul Bakker	548957dd49	Refactored RSA to have random generator in every RSA operation Primarily so that rsa_private() receives an RNG for blinding purposes.	2013-08-30 10:30:02 +02:00
Paul Bakker	ca174fef80	Merged refactored x509write module into development	2013-08-28 16:32:51 +02:00
Paul Bakker	577e006c2f	Merged ECDSA-based key-exchange and ciphersuites into development Conflicts: include/polarssl/config.h library/ssl_cli.c library/ssl_srv.c library/ssl_tls.c	2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard	ac75523593	Adapt ssl_set_own_cert() to generic keys	2013-08-27 22:21:20 +02:00
Paul Bakker	0be444a8b1	Ability to disable server_name extension (RFC 6066)	2013-08-27 21:55:01 +02:00
Paul Bakker	f3df61ad10	Generalized PEM writing in x509write module for RSA keys as well	2013-08-26 17:37:18 +02:00
Paul Bakker	135f1e9c70	Move PEM conversion of DER data to x509write module	2013-08-26 17:37:18 +02:00
Paul Bakker	57be6e22cf	cert_req now supports key_usage and ns_cert_type command line options	2013-08-26 17:37:18 +02:00
Manuel Pégourié-Gonnard	38d1eba3b5	Move verify_result from ssl_context to session	2013-08-26 14:26:02 +02:00
Paul Bakker	8adf13bd92	Added pem2der utility application	2013-08-26 10:38:54 +02:00
Paul Bakker	82e2945ed2	Changed naming and prototype convention for x509write functions CSR writing functions now start with x509write_csr_*() DER writing functions now have the context at the start instead of the end conforming to other modules.	2013-08-25 11:01:31 +02:00
Paul Bakker	384d4351ce	Added cert_req to CMakeLists.txt	2013-08-25 10:51:18 +02:00
Paul Bakker	8eabfc1461	Rewrote x509 certificate request writing to use structure for storing	2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard	7e56de1671	Adapt ssl_cert_test to changes in PK	2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard	bf3109fd41	Add forgotten ecdsa_free() in ecdsa example	2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard	e09631b7c4	Create ecp_group_copy() and use it	2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard	aa431613b3	Add ecdsa example program	2013-08-20 20:08:29 +02:00
Paul Bakker	1f2bc6238b	Made support for the truncated_hmac extension configurable	2013-08-15 13:45:55 +02:00
Paul Bakker	05decb24c3	Made support for the max_fragment_length extension configurable	2013-08-15 13:33:48 +02:00
Paul Bakker	a503a63b85	Made session tickets support configurable from config.h	2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard	aa0d4d1aff	Add ssl_set_session_tickets()	2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard	06650f6a37	Fix reusing session more than once	2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard	cf2e97eae2	ssl_client2: allow reconnecting twice	2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard	aaa1eab55a	Add an option to reconnect in ssl_client2 Purpose: test resuming sessions.	2013-08-14 14:08:04 +02:00
Paul Bakker	66c4810ffe	Better handling of ciphersuite version range and forced version in ssl_client2	2013-07-26 14:05:32 +02:00
Paul Bakker	6c85279719	Newline fixes in help text for ssl_client2 / ssl_server2	2013-07-26 14:02:13 +02:00
Paul Bakker	dbd79ca617	ssl_client2 and ssl_server2 now exit with 1 on errors (shell limitations)	2013-07-24 16:28:35 +02:00
Paul Bakker	8c1ede655f	Changed prototype for ssl_set_truncated_hmac() to allow disabling	2013-07-19 14:51:47 +02:00
Manuel Pégourié-Gonnard	e980a994f0	Add interface for truncated hmac	2013-07-19 14:51:47 +02:00
Paul Bakker	5b55b79021	Better handling of ciphersuite version range and forced version in ssl_server2	2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard	e048b67d0a	Misc minor fixes - avoid "multi-line comment" warning in ssl_client2.c - rm useless initialisation of mfl_code in ssl_init() - const-correctness of ssl_parse_*_ext() - a code formating issue	2013-07-19 12:56:08 +02:00
Manuel Pégourié-Gonnard	0c017a55e0	Add max_frag_len option in ssl_server2 Also reformat code and output more information in ssl_client2	2013-07-18 14:07:36 +02:00
Paul Bakker	8e714d7aca	Modified LONG_RESPONSE and comments in ssl_server2	2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard	bd7ce63115	Adapt ssl_server2 to test sending long messages	2013-07-18 11:23:48 +02:00
Manuel Pégourié-Gonnard	787b658bb3	Implement max_frag_len write restriction	2013-07-18 11:18:14 +02:00
Manuel Pégourié-Gonnard	0df6b1f068	ssl_client2: add max_frag_len option	2013-07-18 11:18:13 +02:00
Manuel Pégourié-Gonnard	be50680a8c	Fix use of x509_cert.rsa in programs	2013-07-17 15:59:43 +02:00
Paul Bakker	82024bf7b9	ssl_server2 now uses alloc_buffer if present and can be 'SERVERQUIT'	2013-07-16 17:48:58 +02:00
Manuel Pégourié-Gonnard	ba4878aa64	Rename x509parse_key & co with _rsa suffix	2013-07-08 15:31:18 +02:00
Paul Bakker	44618dd798	SSL Test and Benchmark now handle missing POLARSSL_TIMING_C	2013-07-04 11:30:32 +02:00
Paul Bakker	fa9b10050b	Also compiles / runs without time-based functions in OS Can now run without need of time() / localtime() and gettimeofday()	2013-07-03 17:22:32 +02:00
Paul Bakker	6e339b52e8	Memory-allocation abstraction layer and buffer-based allocator added	2013-07-03 17:22:31 +02:00
Paul Bakker	d2681d82e2	Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}	2013-06-30 14:49:12 +02:00
Paul Bakker	9e36f0475f	SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly The SHA4 name was not clear with regards to the new SHA-3 standard. So SHA2 and SHA4 have been renamed to better represent what they are: SHA256 and SHA512 modules.	2013-06-30 14:34:05 +02:00
Paul Bakker	62534dd1d8	programs/util/strerror now handles decimal and hexidecimal input	2013-06-30 12:45:07 +02:00
Paul Bakker	03a8a79516	Programs adapted to use polarssl_strerror() instead of error_strerror()	2013-06-30 12:18:08 +02:00
Paul Bakker	5dc6b5fb05	Made supported curves configurable	2013-06-29 23:26:34 +02:00
Paul Bakker	c1516be99d	ssl_server2 and ssl_client2 adapted to support maximum protocol version	2013-06-29 18:35:41 +02:00
Paul Bakker	3c5ef71322	Cleanup up non-prototyped functions (static) and const-correctness in programs	2013-06-25 16:37:45 +02:00
Paul Bakker	ef3f8c747e	Fixed const correctness issues in programs and tests (cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d) Conflicts: programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c programs/test/ssl_test.c programs/x509/cert_app.c	2013-06-24 19:09:24 +02:00
Paul Bakker	777a5757d6	ca_path and ca_file arguments added to support chain validation in cert_app	2013-05-21 16:20:04 +02:00
Paul Bakker	bcbe2d8d81	Prettier printing of the lists for longer ciphersuite names	2013-04-19 09:10:20 +02:00
Paul Bakker	ed27a041e4	More granular define selections within code to allow for smaller code sizes	2013-04-18 23:12:34 +02:00
Paul Bakker	fbb17804d8	Added pre-shared key handling for the server side of SSL / TLS Server side handling of the pure PSK ciphersuites is now in the base code.	2013-04-18 23:12:33 +02:00
Paul Bakker	d4a56ec6bf	Added pre-shared key handling for the client side of SSL / TLS Client side handling of the pure PSK ciphersuites is now in the base code.	2013-04-18 23:12:33 +02:00
Paul Bakker	c70b982056	OID functionality moved to a separate module. A new OID module has been created that contains the main OID searching functionality based on type-dependent arrays. A base type is used to contain the basic values (oid_descriptor_t) and that type is extended to contain type specific information (like a pk_alg_t). As a result the rsa sign and verify function prototypes have changed. They now expect a md_type_t identifier instead of the removed RSA_SIG_XXX defines. All OID definitions have been moved to oid.h All OID matching code is in the OID module. The RSA PKCS#1 functions cleaned up as a result and adapted to use the MD layer. The SSL layer cleanup up as a result and adapted to use the MD layer. The X509 parser cleaned up and matches OIDs in certificates with new module and adapted to use the MD layer. The X509 writer cleaned up and adapted to use the MD layer. Apps and tests modified accordingly	2013-04-07 22:00:46 +02:00
Paul Bakker	41c83d3f67	Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS Made all modifications to include Ephemeral Elliptic Curve Diffie Hellman ciphersuites into the existing SSL/TLS modules. All basic handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) has been included.	2013-03-20 14:39:14 +01:00
Paul Bakker	00c1f43743	Merge branch 'ecc-devel-mpg' into development	2013-03-13 16:31:01 +01:00
Paul Bakker	68884e3c09	Moved to advanced ciphersuite representation and more dynamic SSL code	2013-03-13 14:48:32 +01:00
Paul Bakker	8fe40dcd7d	Allow enabling of dummy error_strerror() to support some use-cases Enable a dummy error function to make use of error_strerror() in third party libraries easier. Disable if you run into name conflicts and want to really remove the error_strerror()	2013-02-02 12:43:08 +01:00
Paul Bakker	a95919b4c7	Added ECP files to Makefiles as well	2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard	b4a310b472	Added a selftest about SPA resistance	2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard	52a422f6a1	Added ecp-bench specialized benchmark	2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard	e870c0a5d6	Added benchmark for DHM	2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard	4b8c3f2a1c	Moved tests from selftest to tests/test_suite_ecp	2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard	efaa31e9ae	Implemented multiplication	2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard	b505c2796c	Got first tests working, fixed ecp_copy()	2013-01-16 16:31:49 +01:00
Paul Bakker	91ebfb5272	Made auth_mode as an command line option	2012-11-23 14:04:08 +01:00
Paul Bakker	1f9d02dc90	Added more notes / comments on own_cert, trust_ca purposes	2012-11-20 10:30:55 +01:00
Paul Bakker	25338d74ac	Added proper gitignores for Linux CMake use	2012-11-18 22:56:39 +01:00
Paul Bakker	90f309ffe7	Added proper gitignores for linux compilation	2012-11-17 00:04:49 +01:00
Paul Bakker	75242c30fb	Added checking of CA peer cert to ssl_client1 as sane default	2012-11-17 00:03:46 +01:00
Paul Bakker	580153573b	- Do not free uninitialized ssl context	2012-11-14 12:15:41 +00:00
Paul Bakker	645ce3a2b4	- Moved ciphersuite naming scheme to IANA reserved names	2012-10-31 12:32:41 +00:00
Paul Bakker	b0550d90c9	- Added ssl_get_peer_cert() to SSL API	2012-10-30 07:51:03 +00:00
Paul Bakker	21654f392e	- Smaller default values	2012-10-24 14:29:17 +00:00
Paul Bakker	520ea911f6	- Fixed to support 4096 bit DHM params as well	2012-10-24 14:17:01 +00:00
Paul Bakker	f1ab0ec1ff	- Changed default compiler flags to include -O2	2012-10-23 12:12:53 +00:00
Paul Bakker	1d56958963	- Updated examples to use appropriate sizes for larger RSA keys (up to 16k)	2012-10-03 20:35:44 +00:00
Paul Bakker	3ad34d4110	- Added key_app_writer to CMakeLists.txt	2012-10-03 20:34:37 +00:00
Paul Bakker	3fad7b3fdd	- Changed saved value to RCF 3526 2048 MODP group	2012-10-03 19:50:54 +00:00
Paul Bakker	5da01caa50	- Added warning about example use	2012-10-03 19:48:33 +00:00
Paul Bakker	1d29fb5e33	- Added option to add minimum accepted SSL/TLS protocol version	2012-09-28 13:28:45 +00:00
Paul Bakker	5d19f86fdd	- Added comment	2012-09-28 07:33:00 +00:00
Paul Bakker	cbbd9998da	- SSL/TLS now has default group	2012-09-28 07:32:06 +00:00
Paul Bakker	915275ba78	- Revamped x509_verify() and the SSL f_vrfy callback implementations	2012-09-28 07:10:55 +00:00
Paul Bakker	819370c7b7	- Removed lowercasing of parameters	2012-09-28 07:04:41 +00:00
Paul Bakker	5ef9db2ae3	- Added rsa_check_privkey() check to rsa_sign	2012-09-27 13:19:22 +00:00
Paul Bakker	db2509c9cd	- Added password and password_file options for reading private keys	2012-09-27 12:44:31 +00:00
Paul Bakker	d43241060b	- Removed clutter from my_dhm values	2012-09-26 08:29:38 +00:00
Paul Bakker	0a59707523	- Added simple SSL session cache implementation - Revamped session resumption handling	2012-09-25 21:55:46 +00:00
Paul Bakker	4811b56524	- Added util/CMakelists.txt	2012-09-25 11:45:38 +00:00
Paul Bakker	29b64761fd	- Added predefined DHM groups from RFC 5114	2012-09-25 09:36:44 +00:00
Paul Bakker	b60b95fd7f	- Added first version of ssl_server2 example application	2012-09-25 09:05:17 +00:00
Paul Bakker	0f409a1911	- Added missing subdirectory line for util	2012-09-25 08:19:18 +00:00
Paul Bakker	d0f6fa7bdc	- Sending of handshake_failures during renegotiation added - Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION	2012-09-17 09:18:12 +00:00
Paul Bakker	48916f9b67	- Added Secure Renegotiation (RFC 5746)	2012-09-16 19:57:18 +00:00
Paul Bakker	f518b16f97	- Added PKCS#5 PBKDF2 key derivation function	2012-08-23 13:03:18 +00:00
Paul Bakker	835b29e7c3	- Should not be debug_level 5 in repo (reset to 0)	2012-08-23 08:31:59 +00:00
Paul Bakker	3d58fe8af6	- Added Blowfish to benchmarks	2012-07-04 17:15:31 +00:00
Paul Bakker	26c4e3cb0b	- Made crypt_and_cipher more robust with other ciphers / hashes	2012-07-04 17:08:33 +00:00
Paul Bakker	a9379c0ed1	- Added base blowfish algorithm	2012-07-04 11:02:11 +00:00
Paul Bakker	92eeea4627	- Modified CMakeLists to support zlib	2012-07-03 15:10:33 +00:00
Paul Bakker	2770fbd651	- Added DEFLATE compression support as per RFC3749 (requires zlib)	2012-07-03 13:30:23 +00:00
Paul Bakker	8d914583f3	- Added X509 CA Path support	2012-06-04 12:46:42 +00:00
Paul Bakker	e6ee41f932	- Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL) - Handle encryption with private key and decryption with public key as per RFC 2313	2012-05-19 08:43:48 +00:00
Paul Bakker	4248823f43	- Updated to handle x509parse_crtfile() positive return values	2012-05-16 08:21:05 +00:00
Paul Bakker	62f88dc473	Makefile more compatible with WINDOWS environment	2012-05-10 21:26:28 +00:00
Paul Bakker	cd5b529d6d	- Added automatic WINDOWS define in Makefile	2012-05-10 20:49:10 +00:00
Paul Bakker	4d2c1243b1	- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.	2012-05-10 14:12:46 +00:00
Paul Bakker	01cc394848	- Added commandline error code convertor (util/strerror)	2012-05-08 08:36:15 +00:00
Paul Bakker	88f17b8549	- Fixed for new DHM handling (TLS 1.2)	2012-04-26 18:52:13 +00:00
Paul Bakker	ca4ab49158	- Added GCM ciphersuites to TLS implementation	2012-04-18 14:23:57 +00:00
Paul Bakker	0b22e3e989	- Print return codes properly	2012-04-18 14:23:29 +00:00
Paul Bakker	6f3578cfc8	- Report proper error number	2012-04-16 06:46:01 +00:00
Paul Bakker	10cd225962	- Added support for the SHA256 ciphersuites of AES and Camellia	2012-04-12 21:26:34 +00:00
Paul Bakker	570267f01a	- print error string in useful format	2012-04-10 08:22:46 +00:00
Paul Bakker	c7ffd36a97	- Added automatic debug flags to CFLAGS if DEBUG is set in shell	2012-04-05 12:08:29 +00:00
Paul Bakker	b78c74551f	- Use standard IV of 12	2012-03-20 15:05:59 +00:00
Paul Bakker	89e80c9a43	- Added base Galois/Counter mode (GCM) for AES	2012-03-20 13:50:09 +00:00
Paul Bakker	12f5dbb8b4	- Fixed MD type to SHA1	2012-03-05 13:37:13 +00:00
Paul Bakker	92101f2d02	- Keep requests for future use	2012-02-16 14:09:31 +00:00
Paul Bakker	89f3fc5bf1	- Removed superfluous debugging info	2012-02-16 13:36:38 +00:00
Paul Bakker	bdb912db69	- Added preliminary ASN.1 buffer writing support - Added preliminary X509 Certificate Request writing support - Added key_app_writer example application - Added cert_req example application	2012-02-13 23:11:30 +00:00
Paul Bakker	57b12982b3	- Multi-domain certificates support wildcards as well	2012-02-11 17:38:38 +00:00
Paul Bakker	a8cd239d6b	- Added support for wildcard certificates - Added support for multi-domain certificates through the X509 Subject Alternative Name extension	2012-02-11 16:09:32 +00:00
Paul Bakker	fab5c829e7	- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!	2012-02-06 16:45:10 +00:00
Paul Bakker	13eb9f01cf	- Added error exit code	2012-02-06 15:35:10 +00:00
Paul Bakker	1052784054	- Fixed typo	2012-01-14 18:00:00 +00:00
Paul Bakker	fb3a83f9e3	- Added appropriate error handling to ctr_drbg_init()	2011-12-15 20:05:53 +00:00
Paul Bakker	3f9b650b4b	- Fixed renumber error code for POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR	2011-12-15 19:50:22 +00:00
Paul Bakker	b1dee1cfd2	- Changed commands to lowercase where it was not the case	2011-12-11 11:29:51 +00:00
Paul Bakker	69e095cc15	- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it. - As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules. - Programs and tests were adapted accordingly	2011-12-10 21:55:01 +00:00
Paul Bakker	b8ba90b316	- Enlarged default CRL size buffer	2011-12-05 14:34:12 +00:00
Paul Bakker	fc754a9178	- Addedd writing and updating of seedfiles as functions to CTR_DRBG	2011-12-05 13:23:51 +00:00
Paul Bakker	508ad5ab6d	- Moved all examples programs to use the new entropy and CTR_DRBG	2011-12-04 17:09:26 +00:00
Paul Bakker	4dc6457274	- Added public key of server1.key	2011-12-04 17:09:08 +00:00
Paul Bakker	310c25e564	- Fixed minor bug by zeroizing result memory	2011-12-04 17:06:56 +00:00
Paul Bakker	6c0ceb3f9a	- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error	2011-12-04 12:24:18 +00:00
Paul Bakker	a17bcc3033	- Fixed typo	2011-12-03 21:45:50 +00:00
Paul Bakker	6083fd252d	- Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources	2011-12-03 21:45:14 +00:00
Paul Bakker	02faf45d8b	- Added random generator benchmarks	2011-11-29 11:23:58 +00:00
Paul Bakker	a3d195c41f	- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs	2011-11-27 21:07:34 +00:00
Paul Bakker	0e04d0e9a3	- Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator	2011-11-27 14:46:59 +00:00
Paul Bakker	5c356d6f8f	- Fixed typo	2011-11-25 13:17:45 +00:00
Paul Bakker	14cb63a40c	- cert_app now prints all certificates in the file given, not just the first	2011-11-25 12:44:31 +00:00
Paul Bakker	cce9d77745	- Lots of minimal changes to better support WINCE as a build target	2011-11-18 14:26:47 +00:00
Paul Bakker	61da752077	- Changed read from server loop to read more than a single read.	2011-11-11 10:28:58 +00:00
Paul Bakker	436e4c59c3	- Removed redundant "ok" printing	2011-11-11 10:28:24 +00:00
Paul Bakker	d3b486a743	- Fixed typo in usage	2011-10-12 10:15:05 +00:00
Paul Bakker	b892b1326c	- Prevented compiler warning	2011-10-12 09:19:43 +00:00
Paul Bakker	5a8352294b	- Added Windows dependent header code	2011-10-12 09:19:31 +00:00
Paul Bakker	d246ed30bd	- Fixed rsa_encrypt and rsa_decrypt example programs to use public key for encryption and private key for decryption (Fixes ticket #34 )	2011-10-06 13:18:27 +00:00
Paul Bakker	7eb013face	- Added ssl_session_reset() to allow re-use of already set non-connection specific context information	2011-10-06 12:37:39 +00:00
Paul Bakker	b81b3abb45	- Added safeguard not to build in WIN32 environment.	2011-08-25 09:47:36 +00:00
Paul Bakker	7bc05ff4a6	- Added rsa_encrypt and rsa_decrypt example programs	2011-08-09 10:30:36 +00:00
Paul Bakker	ed56b224de	- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )	2011-07-13 11:26:43 +00:00
Paul Bakker	a585beb87e	- Introduced windows DLL build and SYS_LDFLAGS	2011-06-21 08:59:44 +00:00
Paul Bakker	25b5fe5ac6	- Fixed dual use of n	2011-05-26 14:02:58 +00:00
Paul Bakker	5690efccc4	- Fixed a whole bunch of dependencies on defines between files, examples and tests	2011-05-26 13:16:06 +00:00
Paul Bakker	2c0994e973	- Fixed typedness and size_t printing	2011-05-25 13:51:57 +00:00
Paul Bakker	dcca6b74dc	- Removed debug information	2011-05-25 11:16:50 +00:00
Paul Bakker	135b98ef69	- Adapted to compile without POLARSSL_SELF_TEST defined	2011-05-25 11:13:47 +00:00
Paul Bakker	e22d7030c6	- Fixed warnings with cast	2011-05-23 16:02:34 +00:00
Paul Bakker	1496d38028	- Added the ssl_mail_client example application	2011-05-23 12:07:29 +00:00
Paul Bakker	cb79ae0b9b	- Fixed description in header	2011-05-20 12:44:16 +00:00
Paul Bakker	896ac22071	- Added ssl_fork_server example program	2011-05-20 12:33:05 +00:00
Paul Bakker	f357131a7b	- Gather data until server gives EOF	2011-05-20 12:32:35 +00:00
Paul Bakker	831a755d9e	- Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake. - Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN	2011-05-18 13:32:51 +00:00
Paul Bakker	91b4159834	- Added missing rsa_init() statement	2011-05-05 12:01:31 +00:00
Paul Bakker	6c591fab72	- mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases.	2011-05-05 11:49:20 +00:00
Paul Bakker	494c0b8d36	- Changed define from WIN32 to _WIN32 to also support 64-bit windows platforms	2011-04-24 15:30:07 +00:00
Paul Bakker	23986e5d5d	- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops	2011-04-24 08:57:21 +00:00
Paul Bakker	af5c85fc10	- Improved portability with Microsoft Visual C	2011-04-18 03:47:52 +00:00
Paul Bakker	1ffc1b9885	- Added rsa_sign_pss and rsa_verify_pss to CMakeLists.txt	2011-03-25 14:26:42 +00:00
Paul Bakker	31acc6b0aa	- Fixed uppercase type for gen_random	2011-03-25 14:24:09 +00:00
Paul Bakker	2291f6c19d	- Added test application for RSASSA-PSS signing and verification	2011-03-25 14:07:53 +00:00
Paul Bakker	e77db2e119	- Added bugfix info for previous checkin	2011-03-25 14:01:32 +00:00
Paul Bakker	9dcc32236b	- Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21)	2011-03-08 14:16:06 +00:00
Paul Bakker	5193688682	- Added force_ciphersuite option to ssl_client2 application	2011-02-20 16:05:58 +00:00
Paul Bakker	400ff6f0fd	- Corrected parsing of UTCTime dates before 1990 and after 1950 - Support more exotic OID's when parsing certificates - Support more exotic name representations when parsing certificates - Replaced the expired test certificates	2011-02-20 10:40:16 +00:00
Paul Bakker	a9507c063b	- Added crl_app program to allow easy reading and printing of X509 CRLs from file	2011-02-12 15:27:28 +00:00
Paul Bakker	f17ed288ad	- Fixed reference to generic digest key	2011-02-09 17:10:48 +00:00
Paul Bakker	1a207ec8af	- Set sane start values for structures that are closed or freed.	2011-02-06 13:22:40 +00:00
Paul Bakker	6d44032cba	- Do not close NULL stream	2011-02-06 12:49:19 +00:00
Paul Bakker	46eb13828e	- Makefiles now respect external CFLAGS and LDFLAGS. Closes ticket #2	2011-01-30 17:10:13 +00:00
Paul Bakker	e3166ce040	- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether - Adapted in the rest of using code as well	2011-01-27 17:40:50 +00:00
Paul Bakker	fc36d16e84	- Added random generation example application	2011-01-27 16:50:02 +00:00
Paul Bakker	fb6c7e2688	- Added generic_sum example application to show use of generic message digest layer.	2011-01-21 10:21:11 +00:00
Paul Bakker	20a7808d13	- Addec crypt_and_hash example program of the generic hash and cipher layers	2011-01-21 09:32:12 +00:00
Paul Bakker	e9426948fa	- Added extra compiler warnings by default	2011-01-18 16:28:42 +00:00
Paul Bakker	b06819bb5d	- Adapted CMake files for the PKCS#11 support	2011-01-18 16:18:38 +00:00
Paul Bakker	43b7e35b25	- Support for PKCS#11 through the use of the pkcs11-helper library	2011-01-18 15:27:19 +00:00
Paul Bakker	b63b0afc05	- Added verification callback in certificate verification chain in order to allow external blacklisting	2011-01-13 17:54:59 +00:00
Paul Bakker	547f73d66f	- Added install targets to the CMake files	2011-01-05 15:07:54 +00:00
Paul Bakker	eaca51d739	- Minor text/debug fixes for release	2010-08-16 12:00:14 +00:00
Paul Bakker	a802e1ac10	- Updated to new rsa_init, rsa_gen_key prototypes	2010-08-16 11:56:45 +00:00
Paul Bakker	b96f154e51	- Fixed copyright message	2010-07-18 20:36:00 +00:00
Paul Bakker	84f12b76fc	- Updated Copyright to correct entity	2010-07-18 10:13:04 +00:00
Paul Bakker	6796839695		2010-07-18 08:28:20 +00:00
Paul Bakker	77a43580da	- Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites	2010-06-15 21:32:46 +00:00
Paul Bakker	fc8c4360b8	- Updated copyright line to 2010	2010-03-21 17:37:16 +00:00
Paul Bakker	1f3c39c194	- Removed copyright line for Christophe Devine for clarity	2010-03-21 17:30:05 +00:00
Paul Bakker	baad6504d4	- Changed ARC4 to use seperate input/output buffer	2010-03-21 15:42:15 +00:00
Paul Bakker	4fc45522f1	- Added cert_app application	2010-03-18 20:11:58 +00:00
Paul Bakker	43f7ff6906	- Removed debug print	2010-03-18 20:10:27 +00:00
Paul Bakker	f80d4539d1	- Small fix to initialize value	2010-03-16 21:16:04 +00:00
Paul Bakker	ff60ee6c2a	- Added const-correctness to main codebase	2010-03-16 21:09:09 +00:00
Paul Bakker	9caf2d2d38	- Added option parsing for ssl_client2 to select host and port	2010-02-18 19:37:19 +00:00
Paul Bakker	757e2507fd	- Fixed port number to ssl_server's	2010-02-18 19:29:00 +00:00
Paul Bakker	361e6382db	- Test SSL information	2010-02-18 16:55:49 +00:00
Paul Bakker	1d4da2e123	- Added benchmark of 2048 and 4096 bits RSA	2009-10-25 12:36:53 +00:00
Paul Bakker	77b385e91a	- Updated copyright messages on all relevant files	2009-07-28 17:23:11 +00:00
Paul Bakker	5d4a193e77	- Also generate CRL's with all the digests	2009-07-19 20:31:02 +00:00
Paul Bakker	9cdc87c1ad	- Longer valid CRL	2009-07-12 11:04:30 +00:00
Paul Bakker	e23166f7e8	- Added generation of all digest certificates from a single key	2009-07-12 11:00:06 +00:00
Paul Bakker	1973e4c582	- Fixed selftest of X509parse code	2009-07-10 22:32:40 +00:00
Paul Bakker	367dae44b2	- Added CMake makefiles as alternative to regular Makefiles. - Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and HMAC-SHA-family.	2009-06-28 21:50:27 +00:00
Paul Bakker	860d36b9d8	- Updated ssl_cert_test to properly parse return values from x509parse_verify().	2009-05-03 17:29:56 +00:00
Paul Bakker	40ea7de46d	- Added CRL revocation support to x509parse_verify() - Fixed an off-by-one allocation in ssl_set_hostname() - Added CRL support to SSL/TLS code	2009-05-03 10:18:48 +00:00
Paul Bakker	d98030e7d6	- Added prelimenary CRL parsing and info support	2009-05-02 15:13:40 +00:00
Paul Bakker	026c03b7f4	- Made changes for better compatibility with old-style C compilers	2009-03-28 17:53:03 +00:00
Paul Bakker	a1d3e5f835	- Add checking of certificate and key match	2009-03-28 17:30:26 +00:00
Paul Bakker	0e6975b7ed	- Fixed use of correct ca certificate (test_ca_cert) instead of xyssl_ca_cert	2009-02-10 22:19:10 +00:00
Paul Bakker	c03d9258f6	- Fixed server2 certificate to CN=localhost	2009-02-10 22:17:58 +00:00
Paul Bakker	92f880bf47	- Second server should be called localhost	2009-02-10 22:17:38 +00:00
Paul Bakker	5a0aa77564	- Fixed buffer overrun because of SHA-512	2009-02-09 22:38:52 +00:00
Paul Bakker	3a3c3c2a55	- Added SHA-512 benchmark	2009-02-09 22:33:30 +00:00
Paul Bakker	4593aeadaf	- Added support for RFC4055 SHA2 and SHA4 signature algorithms for use with PKCS#1 v1.5 signing and verification. - Added extra certificates to test-ca and test code to further test functionality of SHA2 and SHA4 signing and verification. - Updated other program files accordingly	2009-02-09 22:32:35 +00:00
Paul Bakker	b29e23c586	- Enhanced generation CA script and config to further automate different actions	2009-02-09 21:06:41 +00:00
Paul Bakker	785a9eeece	- Added email address to header license information	2009-01-25 14:15:10 +00:00
Paul Bakker	3375b21081	- Fixed last mistake	2009-01-15 20:46:08 +00:00
Paul Bakker	222aa4bd61	- New PolarSSL test CA, servers and clients	2009-01-14 22:44:12 +00:00
Paul Bakker	b159ed234a	- Added test-ca generation script	2009-01-14 22:39:57 +00:00
Paul Bakker	b5ef0bada4	- Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL	2009-01-11 20:25:36 +00:00
Paul Bakker	38119b18d6	- Added first version of Camellia	2009-01-10 23:31:23 +00:00
Paul Bakker	7a7c78fd02	- Added XTEA Algorithm (Not used in SSL)	2009-01-04 18:15:48 +00:00
Paul Bakker	e0ccd0a7c3	- Updated Copyright notices	2009-01-04 16:27:10 +00:00
Paul Bakker	b749d68f9c	- Updates to PolarSSL - Added ignores	2009-01-04 16:08:55 +00:00
Paul Bakker	40e46940df	- First replacement of xyssl by polarssl where needed	2009-01-03 21:51:57 +00:00
Paul Bakker	5121ce5bdb	- Renamed include directory to polarssl	2009-01-03 21:22:43 +00:00

... 23 24 25 26 27 ...

2046 commits