Commit graph

641 commits

Author SHA1 Message Date
Hanno Becker
01ea778363 UDP proxy: Add option to delay specific handshake messages 2018-08-17 16:52:08 +01:00
Jaeden Amero
4ed32d065b cpp_dummy_build: Add NIST key wrapping header 2018-07-24 16:51:09 +01:00
Ron Eldor
9ab746c7c9 Add selftests
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Simon Butcher
7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher
fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Ron Eldor
278af4536c Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-05 14:33:22 +03:00
Andrzej Kurek
991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Andrzej Kurek
037ec4b416 Replace tabs with spaces 2018-06-28 05:07:08 -04:00
Andrzej Kurek
89c048c101 Tests: add a test for cpp linking
Change the name of header_test to cpp_dumy_build
Update the test description to better reflect its contents
2018-06-28 05:07:08 -04:00
Andrzej Kurek
0211c32c9a Change the cpp test to be optional
Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
2018-06-28 05:07:08 -04:00
Andrzej Kurek
40741f8ce5 Add a test with a cpp executable including all mbed TLS headers
In case of any problems with the 'extern "C"' directives,
building the executable will fail
2018-06-28 05:05:40 -04:00
Manuel Pégourié-Gonnard
51d7cfe026 Fix coverity warnings in benchmark.c
Functions time with TIME_AND_TSC() didn't have their return values checked.
I'm not sure whether Coverity complained about existing uses, but it did about
new ones, since we consistently check their return values everywhere but here,
which it rightfully finds suspicious.

So, let's check return values. This probably adds a few cycles to existing
loop overhead, but on my machine (x86_64) the added overhead is less than the
random-looking variation between various runs, so it's acceptable.

Some calls had their own particular error checking; remove that in favour of
the new general solution.
2018-06-25 11:19:51 +02:00
Manuel Pégourié-Gonnard
0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Andres Amaya Garcia
7d42965ea8 Fix typo in platform macro defines for examples 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
357b0b283a Fix ret code in ssl_cert_test.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
80081a68cd Fix ret code in udp_proxy.c 2018-06-14 23:01:55 +01:00
Jaeden Amero
09317083b5 benchmark: Add comma at end of help message
The help message was missing a comma after "hmac_drbg". Add the missing
comma.
2018-06-13 12:16:25 +01:00
Jaeden Amero
9366feb504 aes: xts: Add new context structure
Add a new context structure for XTS. Adjust the API for XTS to use the new
context structure, including tests suites and the benchmark program. Update
Doxgen documentation accordingly.
2018-06-13 12:05:04 +01:00
Jaeden Amero
e9ecf00007 aes: Remove AES-XEX
AES-XEX is a building block for other cryptographic standards and not yet a
standard in and of itself. We'll just provide the standardized AES-XTS
algorithm, and not AES-XEX. The AES-XTS algorithm and interface provided
can be used to perform the AES-XEX algorithm when the length of the input
is a multiple of the AES block size.
2018-06-13 12:03:29 +01:00
Aorimn
5f77801ac3 Implement AES-XTS mode
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn
daf7045372 Add benchmark for AES-XEX
This commit adds benchmark based on what has already been done with
AES-CBC mode.
2018-06-13 12:02:30 +01:00
Manuel Pégourié-Gonnard
39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Azim Khan
1a8ef0772c Fix coverity defects 2018-06-06 03:44:03 +01:00
Manuel Pégourié-Gonnard
9c82e2ce49 Fix some whitespace issues 2018-06-04 12:30:16 +02:00
Manuel Pégourié-Gonnard
3dc62a0a9b chachapoly: force correct mode for integrated API
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00
Manuel Pégourié-Gonnard
d6aea18749 Add Chacha20-Poly1305 to benchmark.c 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
b1ac5e7842 poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-24 13:37:31 +02:00
Daniel King
4d8f87b1ca Add ChaCha20/Poly1305 ciphers to the selftest program 2018-05-24 13:37:31 +02:00
Daniel King
adc32c0b50 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-24 13:37:31 +02:00
Daniel King
34b822ce7b Initial implementation of ChaCha20 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
a3712beb9b Merge branch 'development' into iotssl-1941-aria-ciphersuites
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
2018-05-22 15:58:50 +02:00
Andres Amaya Garcia
eecea0e281 Update zeroize test to use mbedtls_platform_zeroize() 2018-04-17 10:14:53 -05:00
Andres Amaya Garcia
82934be144 Do not install zeroize program in CMakeLists 2018-04-17 10:02:17 -05:00
Andres Amaya Garcia
ae8e306973 Fix docs typos for zeroize related features/test 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
757cd72edf Update license headers year and branding 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
42defd10a6 Improve docs for zeroize.c and test_zeroize.gdb 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
6e34e63eb3 Fix style in programs/test/zeroize.c 2018-04-17 09:19:05 -05:00
Andres Amaya Garcia
88f8f41e5a Move zeroize func call to end of program in zeroize.c 2018-04-17 09:19:05 -05:00
Andres Amaya Garcia
5ab74a1401 Add programs/test/zeroize.c to test mbedtls_zeroize
The idea is to use the simple program that is expected to be modified
rarely to set a breakpoint in a specific line and check that the
function mbedtls_zeroize() does actually set the buffer to 0 and is not
optimised out by the compiler.
2018-04-17 09:17:38 -05:00
Gilles Peskine
80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Nicholas Wilson
08f3ef1861 Basic support for Curve448, similar to the current level of support for Curve25519 2018-03-29 14:29:06 +01:00
Hanno Becker
2bd57578af Merge branch 'development' into iotssl-1204 2018-03-28 14:52:35 +01:00
Brendan Shanks
e61514d70d benchmark: Fix incompatibility with C89 compilers
Initializing arrays using non-constant expressions is not permitted in
C89, and was causing errors when compiling with Metrowerks CodeWarrior
(for classic MacOS) in C89 mode. Clang also produces a warning when
compiling with '-Wc99-extensions':

test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
                                         ^~~~~~~~~~
test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions]
        const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
                                         ^~~~~~~~~~

Declaring the arrays as 'static' makes them constant expressions.

fixes #1353
2018-03-08 17:41:40 -08:00
Manuel Pégourié-Gonnard
62e813ca62 Add aria to benchmark program 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
3c0b53b2b0 ARIA build integration 2018-02-27 12:39:12 +01:00
Jaeden Amero
784de59ccd Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted
- Resolve ChangeLog conflicts
- Update Doxygen warning block in dhm.h to render correctly
- Prefix the exported identifier deprecated_constant_t with mbedtls_
2018-01-26 18:43:04 +00:00
Jaeden Amero
934fb55aa3 Merge remote-tracking branch 'upstream-public/pr/1036' into development 2018-01-26 15:12:43 +00:00
Gilles Peskine
9e4f77c606 New MD API: rename functions from _ext to _ret
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Manuel Pégourié-Gonnard
ae3925c774 Merge remote-tracking branch 'public/pr/1136' into development
* public/pr/1136:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:20 +01:00
Gilles Peskine
ff79d27f5c selftest: allow excluding a subset of the tests
E.g. "selftest -x timing" runs all the self-tests except timing.
2017-12-20 21:57:48 +01:00
Gilles Peskine
c82fbb4e14 selftest: allow running a subset of the tests
If given command line arguments, interpret them as test names and only
run those tests.
2017-12-20 20:23:13 +01:00
Gilles Peskine
319ac801a8 selftest: refactor to separate the list of tests from the logic
No behavior change.
2017-12-20 20:19:27 +01:00
Hanno Becker
a5e68979ca Resolve integer type conversion problem on MSVC
MSVC rightfully complained that there was some conversion from `size_t`
to `unsigned int` that could come with a loss of data. This commit
re-types the corresponding struct field `ctx_buffer::len` to `size_t`.
Also, the function `ctx_buffer_append` has an integer return value
which is supposed to be the (positive) length of the appended data
on success, and a check is inserted that the data to be appended does
not exceed MAX_INT in length.
2017-12-06 08:37:39 +00:00
Ron Eldor
0728d69d6d Change kB to KiB
Change the style of the units to KiB, according to
https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/
2017-11-29 12:08:35 +02:00
Ron Eldor
a0748019f1 Change KB to kB
Change KB to kB, as this is the proper way to write kilo bytes
2017-11-28 16:48:51 +02:00
Hanno Becker
77abef5cba Don't use busy-waiting in udp_proxy
Also, correct inconsistent use of unsigned integer types in udp_proxy.
2017-11-02 14:03:18 +00:00
Hanno Becker
0cc7774dab Only add pack option to UDP proxy if MBEDTLS_TIMING_C is enabled 2017-10-31 14:14:10 +00:00
Hanno Becker
92474da0a2 Use Mbed TLS timing module to obtain ellapsed time in udp_proxy 2017-10-31 14:14:08 +00:00
Hanno Becker
211f44c928 Rename merge option in UDP proxy to pack 2017-10-31 14:08:10 +00:00
Hanno Becker
df4180a235 Don't break debug messages 2017-10-27 15:04:14 +01:00
Gilles Peskine
8149321fed udp_proxy_wrapper.sh: fix cleanup not cleaning up
Fixed cleanup leaving the actual udp_proxy behind and only killing an
intermediate shell process.

Fixed trap handler cleaning up but then not dying.
2017-10-24 11:25:19 +01:00
Gilles Peskine
afc4f892d1 udp_proxy_wrapper.sh: more robust
Don't mangle arguments containing spaces and other special characters,
pass them unchanged to the proxy or server as applicable.

More robust parsing of server parameters: don't hit on partial words;
use ssl_server2's default values.

Minor style improvements.
2017-10-24 10:05:55 +01:00
Hanno Becker
a677cdd459 Detect IPv6 in udp_proxy_wrapper.sh grepping for server_addr=::1 2017-10-23 15:29:31 +01:00
Hanno Becker
22829e9860 Don't use sed -r in udp_proxy_wrapper.sh 2017-10-23 15:29:24 +01:00
Hanno Becker
fbb0b701e4 Corrupt application data in the beginning instead of the end in UDP proxy
The UDP proxy corrupts application data at the end of the datagram. If
there are multiple DTLS records within the same datagram, this leads
to the wrong message being corrupted. This commit always corrupts the
beginning of the message to prevent this.

Overall, the UDP proxy needs reworking if it is supposed to reliably
support multiple records within a single datagram, because it
determines its actions from the type of the first record in the
current datagram only.
2017-10-10 16:02:36 +01:00
Hanno Becker
1dd62ea811 Add packing option to UDP proxy
This commit provides the new option pack=TIME for the udp proxy
./programs/test/udp_proxy. If used, udp packets with the same
destination will be queued and concatenated for up to TIME
milliseconds before being delivered.

This is useful to test how mbed TLS's deals with multiple DTLS records
within a single datagram.
2017-10-10 16:01:15 +01:00
Hanno Becker
f65ca329b6 Introduce UDP proxy wrapper script
This commit introduces the script `programs/test/udp_proxy_wrapper.sh` which can
be used to wrap the SSL server binary `programs/ssl/ssl_server2` by the UDP
proxy application `programs/test/udp_proxy` while maintaining the same
interface from the command line.

Specifically, given UDP proxy arguments ARGS_UDP and SSL server arguments
ARGS_SSL, the command line

> ./udp_proxy_wrapper.sh ARGS_UDP -- ARGS_SSL

behaves like

> ./ssl_server2 ARGS_SSL

wrapped by

> ./udp_proxy ARGS_UDP

The motivation and benefit of this is that scripts like `ssl-opt.sh` can be used
with the server command line `P_SRV` modified to `./udp_proxy_wrapper.sh
ARGS_UDP -- DEFAULT_ARGS_SSL` which will result in all tests being executed for
an SSL server behind a UDP proxy.
2017-10-10 16:01:15 +01:00
Hanno Becker
b953921a4e Adapt benchmark application to naming and binary format 2017-10-04 13:13:34 +01:00
Hanno Becker
d4d856265e Don't use deprecated macro form of DHM moduli in benchmark program 2017-10-02 15:06:27 +01:00
Peter Huewe
38fc3a0548 Remove duplicated defintion of PRINT_ERROR
The PRINT_ERROR macros are already defined exactly the same in line
101ff, so we can remove them here.
2017-07-29 02:01:22 +02:00
Andres Amaya Garcia
1ff60f437f Change examples to use the new MD API and check ret code 2017-06-28 13:26:36 +01:00
Ron Eldor
46cf773f2f Fix wrong output in the benchmark application
The benchmark application prints the performance in Kb/s,
While it actually calculates KB/s.
Resolves issue #850
2017-05-14 15:55:06 +03:00
Andres AG
a592dcc1c6 Clean up of formatting, and potential integer overflow fix 2016-10-06 15:23:39 +01:00
Simon Butcher
b981b16379 Minor fixes to formatting and compilation conditions 2016-10-06 12:51:24 +01:00
Simon Butcher
549dc3d75e Add CMAC functions to the benchmark sample application 2016-10-05 14:19:18 +01:00
Brian Murray
8b4111c516 Fix build failure for thread config 2016-10-05 14:19:17 +01:00
Brian Murray
57863ad7ed selftest supports cmac if only MBEDTLS_DES_C is defined
Other minor typo fixes
2016-10-05 14:19:16 +01:00
Robert Cragie
dc5c7b98ac Add support for AES-128-CMAC and AES-CMAC-PRF-128 2016-10-05 14:19:13 +01:00
Andres AG
788aa4a812 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-09-26 23:23:52 +01:00
Andres AG
e7723ec284 Make entropy bias self test poll multiple times
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG
b34e42e69e Add a new self test to entropy module
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:

- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
  at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Paul Bakker
70940caeeb Allow compilation without MBEDTLS_SELF_TEST enabled 2016-08-25 15:42:28 +01:00
Simon Butcher
ab069c6b46 Merge branch 'development' into development-restricted 2016-06-23 21:42:26 +01:00
Simon Butcher
b6a73c9b76 Add provision to create the entropy seedfile for selftest sample
In the selftest sample application, if no seedfile is present, one will be
created so the test can execute.
2016-06-23 11:46:41 +01:00
Janos Follath
15ab7ed0f3 Merge branch 'development' into development-restricted
Conflicts:
	programs/pkey/rsa_decrypt.c
	programs/pkey/rsa_encrypt.c
	programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Janos Follath
98e28a74e3 Address user reported coverity issues. 2016-06-09 13:41:28 +01:00
Simon Butcher
e4a46f696f Merge branch 'development' 2016-04-27 18:44:37 +01:00
Simon Butcher
d3138c35c6 Fixes SSL sample apps for non-default configs
Fixes the SSL sample applications to build for the non-default configs
which don't build if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 01:26:50 +01:00
Janos Follath
0c539447c1 Fixes no return value warning in selftest.c 2016-04-18 09:59:16 +01:00
Simon Butcher
cd0ee5e499 Fixes following review of 'iotssl-682-selftest-ci-break' 2016-03-21 22:54:37 +00:00
Janos Follath
2e3aca2c9e Fix test break in 'test-ref-configs.pl' 2016-03-18 16:25:52 +00:00
Simon Butcher
f1547632dc Fixes to style following review
Made code spacing consistent with guidelines, and corrected the misnamed test
steps in basic-build-test.sh
2016-03-14 23:12:32 +00:00
SimonB
5a8afb848a Fix exit code and add a count of the test suites
Now counts and displays the number of test suites executed, which can vary
depending on build configurations.
All tests are now executed as this is a sample and test program, rather than
exit on first failure.
Exit code now restricted to SUCCESS or FAILURE.
2016-03-14 23:12:29 +00:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
ea35666f50 Fix -Wshadow warnings
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).

fixes #240
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
4f3368e31e Fix bug in benchmark.c with DHM params 2015-07-19 15:01:28 +02:00
Manuel Pégourié-Gonnard
a6dbddce0c Fix benchmark.c for removal of small DH params 2015-07-06 11:20:33 +02:00
Manuel Pégourié-Gonnard
046589e424 Rm obsolete defines for snprintf in programs
Now centralized in the platform layer
2015-07-01 17:26:20 +02:00
Manuel Pégourié-Gonnard
9de64f5af1 Fix MSVC warnings in library and programs 2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard
abc729e664 Simplify net_accept() with UDP sockets
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
3d7d00ad23 Rename mbedtls_net_close() to mbedtls_net_free()
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard
5db64328ab Adapt programs to the new NET API 2015-06-30 16:48:17 +02:00
Manuel Pégourié-Gonnard
633c6b6485 Run timing selftest on all platforms
Used to fail on our FreeBSD and Windows buildbots. Seems to be working at
least on my Darwin physical machine and on my Windows VM with MSYS2 now.
2015-06-26 16:17:30 +02:00
Manuel Pégourié-Gonnard
4b00f08e20 Fix snprintf test
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
216a1831de Fix whitespace in CMakeLists.txt
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
c0d749418b Make 'port' a string in NET module
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
7b6dcbe993 Add tests for snprintf
- Added in each tests program to be sure they are run (putting them in a test
  suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
  past [1], so make sure to catch that if it ever happens again.

[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
d14acbc31a Test assumptions we make about the platform
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98 Remove references to malloc in strings/names 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
53ebe138c6 Fix copyright lines still mentioning Brainspark 2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard
0b104b056b Adapt prototype of net_accept() for explicit size 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e85fef10b5 Fix option names in benchmark.c 2015-05-11 19:38:25 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f Rename ecp_use_known_dp -> mbedtls_ecp_group_load() 2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
da61ed3346 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
ac90673345 Remove unused headers in o_p_test 2015-04-30 10:09:50 +02:00
Manuel Pégourié-Gonnard
637376c2fe Fix bugs in programs displaying verify flags 2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
8d128efd48 Split mbedtls_ctr_drbg_init() -> seed() 2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5 Split mbedtls_hmac_drbg_init() -> seed{,_buf}() 2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265 Split mbedtls_gcm_init() -> gcm_setkey() 2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969 Split mbedtls_ccm_init() -> setkey() 2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
7cfbaf05b3 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix bugs in programs displaying verify flags

Conflicts:
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-24 14:10:04 +02:00
Manuel Pégourié-Gonnard
9ce1bdc151 Fix bugs in programs displaying verify flags 2015-04-24 14:07:07 +02:00
Manuel Pégourié-Gonnard
89addc43db manually merge 0c6ce2f use x509_crt_verify_info() 2015-04-20 11:23:11 +01:00
Manuel Pégourié-Gonnard
0c6ce2f536 Use x509_crt_verify_info() in programs 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
32076e66be Fix programs for recent ECDSA changes 2015-03-31 13:32:39 +02:00
Manuel Pégourié-Gonnard
e46c6c38c9 Fix tests to work with DEPRECATED_REMOVED 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
b6b16bddc3 Drop pbkdf2 module (superseded by pkcs5) 2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
34be402270 Rm obsolete things (compat-1.2, openssl, etc) 2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard
e4d4890350 Finish renaming website 2015-03-06 13:40:52 +00:00
Manuel Pégourié-Gonnard
998897be3d Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Rename website and repository
  Move private macro from header to C file
  Add some missing 'static' on a few objects
  Fix whitespace issues
  Minor portability fix in benchmark
2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard
c439e7b099 Minor portability fix in benchmark
On embedded systems, argc might be 0 rather than 1 for no argument.
2015-03-03 13:12:00 +00:00
Manuel Pégourié-Gonnard
c35e90f8d4 Merge branch 'development' into dtls
* development:
  Fix missing #define if PLATFORM_C not here
2015-02-16 18:47:13 +00:00
Manuel Pégourié-Gonnard
c3e3395c82 Fix missing #define if PLATFORM_C not here 2015-02-16 18:46:20 +00:00
Manuel Pégourié-Gonnard
d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard
714929bf0d Fix issues introduced when rebasing 2015-02-16 17:32:47 +00:00
Manuel Pégourié-Gonnard
7defc7759d Code cosmetics 2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard
85391f2a65 Add curve25519 to the benchmark program 2015-02-16 17:28:11 +00:00
Manuel Pégourié-Gonnard
e579dab5f0 Fix compile issue when buffer_alloc not available 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
71e75dc2f0 Fix unused variable issue in some configs 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
50da0482e0 Add heap usage for PK in benchmark 2015-02-16 17:28:10 +00:00
Manuel Pégourié-Gonnard
128657d645 Use memory_buffer_alloc() in benchmark if available
Allows to measure memory by primitive.
2015-02-16 17:24:57 +00:00
Manuel Pégourié-Gonnard
ab025803ed Merge remote-tracking branch 'rich/platform' into development
* rich/platform:
  modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
  modify programs/*.c to use polarssl_snprintf
2015-02-16 16:10:51 +00:00
Mansour Moufid
c531b4af3c Apply the semantic patch rm-malloc-cast.cocci.
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
2015-02-16 10:43:52 +00:00
Rich Evans
012acfc20f modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 16:52:49 +00:00
Rich Evans
b92965be74 modify programs/*.c to use polarssl_snprintf 2015-02-13 16:51:44 +00:00
Manuel Pégourié-Gonnard
ac1f76c362 Merge remote-tracking branch 'rich/platform' into development
* rich/platform:
  Remove dependency on sscanf in lib x509
  Fix extra guard in memory_buffer_alloc
  rebase from development
  implemented macro overriding for polarssl_* library functions
  fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined
  add initial symbols to config and checks to check_config to allow use of macros to define standard functions
  reformat and arrange additions to config alphabetically
  add missing checks to check_config
  add macro definition of assert using polarssl_exit
  modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
  add POLARSSL_PLATFORM_EXIT_ALT
  modify scripts/* and tests/* to use polarssl_snprintf
  modify programs/*.c to use polarssl_snprintf
  modify library/debug.c to use polarssl_snprintf
  modify library/x509*.c to use polarssl_snprintf
  modify library/net.c to use polarssl_snprintf
  modify oid.c to use polarssl_snprintf
  add platform_set_snprintf

Conflicts:
	library/memory_buffer_alloc.c
	programs/pkey/pk_sign.c
	programs/pkey/pk_verify.c
	programs/pkey/rsa_sign_pss.c
	programs/pkey/rsa_verify_pss.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_pthread_server.c
	programs/test/benchmark.c
	programs/test/ssl_cert_test.c
2015-02-13 15:11:24 +00:00
Manuel Pégourié-Gonnard
6c5abfa42b Style: fix trailing spaces 2015-02-13 14:12:07 +00:00
Manuel Pégourié-Gonnard
013bffe5a7 Style: add spaces before line continuation 2015-02-13 14:09:44 +00:00
Rich Evans
77d3638497 modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 13:50:26 +00:00
Rich Evans
783d9d1c3e modify programs/*.c to use polarssl_snprintf 2015-02-13 13:50:26 +00:00
Rich Evans
85b05ec389 Cleanup programs further
removed casting of main args to void
2015-02-13 13:50:05 +00:00
Rich Evans
18b78c7498 cleanup programs
Clean up the contents of programs, add more guards to includes, move all
defines to the top of the top of files, remove some unused includes
2015-02-13 13:50:05 +00:00
Manuel Pégourié-Gonnard
f224678864 Fix remaining printfs in programs 2015-01-29 13:29:20 +00:00
Manuel Pégourié-Gonnard
3d2c4b70f2 Fix url in new files 2015-01-29 11:34:14 +00:00
Manuel Pégourié-Gonnard
2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
7c9e75a836 Remove a few useless #defines 2015-01-28 15:28:29 +01:00
Rich Evans
f90016aade Use platform layer in programs for consistency. 2015-01-28 15:28:28 +01:00
Manuel Pégourié-Gonnard
9014b6f227 Rename project in CMake
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard
d43ccb66fb Quit using deprecated header. 2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard
dba564bc79 Fix files that are not in development 2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard
df6411d8d8 Merge branch 'development' into dtls
* development:
  Fix website url to use https.
  Remove maintainer line.
  Remove redundant "all rights reserved"
2015-01-23 11:23:08 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
9169921271 Rename to mbed TLS in examples 2015-01-22 16:26:39 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5 Merge commit '8b9bcec' into dtls
* commit '8b9bcec':
  Stop assuming chars are signed
  Fix len miscalculation in buffer-based allocator
  Fix NULL dereference in buffer-based allocator
  Add test_suite_memory_buffer_alloc
  Add memory_buffer_alloc_self_test()
  Fix missing bound check
  Add test for ctr_drbg_update() input sanitizing
  Refactor for clearer correctness/security
  Stop assuming chars are signed

Conflicts:
	library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Manuel Pégourié-Gonnard
5ba1d52f96 Add memory_buffer_alloc_self_test() 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
ba958b8bdc Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
ce8588c9ef Make udp_proxy more robust
There seemed to be some race conditions with server closing its fd right after
sending HelloVerifyRequest causing the proxy to exit after a failed read.
2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
fa60f128d6 Quit using "yes" in ssl-opt.sh with openssl
It caused s_server to send an AppData record of 16Kb every millisecond or so,
which destroyed readability of the proxy and client logs.
2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
ae666c5092 proxy: avoid always dropping the same packet 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
d0fd1daa6b Add test with proxy and openssl server 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
8cc7e03ae0 udp_proxy: show encrypted messages as encrypted 2014-10-21 16:32:37 +02:00
Manuel Pégourié-Gonnard
6265d305f1 Fix some delayed packets going the wrong way 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
bf02319b58 udp_proxy: don't overwrite delayed packets 2014-10-21 16:32:36 +02:00
Manuel Pégourié-Gonnard
6312e0f4e6 udp_proxy: allow successive clients 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
b46780edee Enlarge udp_proxy's message buffer 2014-10-21 16:32:32 +02:00
Manuel Pégourié-Gonnard
ae8d2399a5 udp_proxy: also drop messages from the last flight 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
992e13665d Make decisions pseudo-random in udp_proxy 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
bc010a045c udp_proxy: don't drop messages in the last flight
Resending the last flight is on the todo-list, but I want to be able to test
what's already done now.
2014-10-21 16:32:30 +02:00
Manuel Pégourié-Gonnard
7cf3518284 Enhance output of udp_proxy (with time) 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard
6c18a39807 Add option 'bad_ad' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
eb00bfd9c2 Add option 'mtu' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
81f2fe9f08 Add option 'delay_ccs' to udp_proxy 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard
60fdd7e0f2 Add option 'drop' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
21398c37c0 Add option 'delay' to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
2c41bd85e0 Add a 'duplicate' option to udp_proxy 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard
44d5e63e6a Enhance output of udp_proxy 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
cb4137b646 Add test utility udp_proxy
Currently just forwards: will delay, duplicate and drop later.
2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa Add UDP support to the NET module 2014-10-21 16:30:09 +02:00
Alfred Klomp
5b78f219d0 ssl_test.c: remove dead store, assign at declaration
Found with Clang's `scan-build` tool.

The store to `ret` is not used, it's overwritten shortly after. Assign
the value of 1 at declaration time instead to silence scan-build.
2014-08-14 11:34:34 +02:00
Paul Bakker
a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker
8cfd9d8c59 Adapt programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Manuel Pégourié-Gonnard
c5fd391e04 Check return value of ssl_set_xxx() in programs 2014-07-08 14:20:26 +02:00
Manuel Pégourié-Gonnard
7680698d02 Temporarily disable timing test on non-Linux 2014-06-13 18:04:42 +02:00
Paul Bakker
508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00
Manuel Pégourié-Gonnard
e1ac0f8c5d Add back timing selftest with new hardclock test 2014-06-12 21:15:50 +02:00
Manuel Pégourié-Gonnard
4dd73925ab Add entropy_self_test() 2014-06-10 15:38:43 +02:00
Paul Bakker
b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker
0c5e4290e1 benchmark application also works without POLARSSL_ERROR_C 2014-05-22 14:11:13 +02:00
Manuel Pégourié-Gonnard
58d78a8d70 Add CCM to benchmark 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
df71dd1618 Cleaner initialization (values did not matter, but were uninitialized) 2014-04-17 16:03:48 +02:00
Paul Bakker
0c22610693 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Paul Bakker
cbe3d0d5cc Added return value checking for correctness in programs 2014-04-17 16:00:59 +02:00
Manuel Pégourié-Gonnard
0f79babd4b Disable timing_selftest() for now 2014-04-09 15:49:51 +02:00
Manuel Pégourié-Gonnard
13a1ef8600 Misc selftest adjustements 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
470fc935b5 Add timing_self_test() with consistency tests 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
388dac4037 Still test pbkdf2 while it's there 2014-04-04 16:33:00 +02:00
Paul Bakker
5a1d687274 Fixed typo introduced in 486485b 2014-03-26 11:20:05 +01:00
Manuel Pégourié-Gonnard
486485bc07 PBKDF2 -> PKCS5 in selftest.c 2014-03-20 09:59:51 +01:00
Gergely Budai
a5d336bcec Increase title size (fits to increased curve names). Give verbose errors on failures. 2014-02-06 10:28:38 +01:00
Manuel Pégourié-Gonnard
79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
fef0f8f55a Add HMAC_DRBG to benchmark 2014-01-30 23:17:33 +01:00
Paul Bakker
5eb264cfa7 Minor fixes to o_p_test.c (CMakeLists.txt and includes) 2014-01-23 15:47:29 +01:00
Paul Bakker
61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Manuel Pégourié-Gonnard
1744d72902 Add RIPEMD-160 to selftest 2014-01-17 14:46:36 +01:00
Manuel Pégourié-Gonnard
01b0b38421 Add RIPEMD-160 to benchmark 2014-01-17 14:29:46 +01:00
Paul Bakker
f70fe81a6e Fixed memory leak in benchmark application 2013-12-17 13:09:12 +01:00
Paul Bakker
840ab20ea2 Explicit conversions to int from size_t for MSVC (64-bit) in apps 2013-11-30 15:14:38 +01:00
Paul Bakker
c97f9f6465 Removed making commandline arguments case insensitive 2013-11-30 15:14:11 +01:00
Paul Bakker
b799dec4c0 Merged support for Brainpool curves and ciphersuites 2013-10-11 10:05:43 +02:00
Manuel Pégourié-Gonnard
2f77ce3658 Fix forgotten snprintf define for MSVC 2013-10-11 09:17:19 +02:00
Manuel Pégourié-Gonnard
22f64c8a9a Cosmetics in benchmark 2013-10-10 13:21:48 +02:00
Paul Bakker
1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker
1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Paul Bakker
396333e0a3 Updated ssl_test to handle EOF return value 2013-09-28 11:08:43 +02:00
Manuel Pégourié-Gonnard
641de714b6 Use both RSA and ECDSA CA if available 2013-09-25 13:23:33 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Manuel Pégourié-Gonnard
abd6e02b7b Rm _CRT_SECURE_NO_DEPRECATE for programs
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
7831b0cb3c A few more issues with small configurations 2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard
da179e4870 Add ecp_curve_list(), hide ecp_supported_curves 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
56cd319f0e Add human-friendly name in ecp_curve_info 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
803bb312a3 Remove ecp-bench (now in general benchmark) 2013-09-18 15:37:43 +02:00
Manuel Pégourié-Gonnard
cc34f95b43 Include ECDSA and ECDH in benchmark 2013-09-18 14:35:57 +02:00
Manuel Pégourié-Gonnard
ed7cbe92d5 Allow selection of what to benchmark 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
8271f2ffb5 Shorten benchmark source using macros and loops 2013-09-18 14:35:56 +02:00
Manuel Pégourié-Gonnard
15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
68821da01e Fix clang warnings in applications
Some fd would be used uninitialized if we goto exit early.
2013-09-18 14:34:33 +02:00
Paul Bakker
c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker
36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker
7504d7f806 Fixed X509 define in selftest.c 2013-09-16 22:56:18 +02:00
Paul Bakker
40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker
9a97c5d894 Fixed warnings in case application dependencies are not met 2013-09-15 17:07:33 +02:00
Paul Bakker
1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Paul Bakker
8f0423afbc Fix for benchmark app after GCM refactoring merge 2013-09-10 14:51:50 +02:00
Manuel Pégourié-Gonnard
ce6352a791 Add benchmark for fixed-DHM with blinding 2013-09-07 13:05:52 +02:00
Manuel Pégourié-Gonnard
1a2012459b Fix undetected errors in benchmark
dhm_calc_secret() was exiting early, leading to wrong results
2013-09-07 12:27:35 +02:00
Manuel Pégourié-Gonnard
337b29c334 Test and document EC blinding overhead 2013-09-07 11:52:27 +02:00
Manuel Pégourié-Gonnard
cac5f7d737 Update benchmarks for new prototypes 2013-09-04 17:19:18 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Manuel Pégourié-Gonnard
ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard
7e56de1671 Adapt ssl_cert_test to changes in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
be50680a8c Fix use of x509_cert.rsa in programs 2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker
44618dd798 SSL Test and Benchmark now handle missing POLARSSL_TIMING_C 2013-07-04 11:30:32 +02:00
Paul Bakker
6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker
3c5ef71322 Cleanup up non-prototyped functions (static) and const-correctness in programs 2013-06-25 16:37:45 +02:00
Paul Bakker
ef3f8c747e Fixed const correctness issues in programs and tests
(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Manuel Pégourié-Gonnard
b4a310b472 Added a selftest about SPA resistance 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
52a422f6a1 Added ecp-bench specialized benchmark 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e870c0a5d6 Added benchmark for DHM 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c Moved tests from selftest to tests/test_suite_ecp 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae Implemented multiplication 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b505c2796c Got first tests working, fixed ecp_copy() 2013-01-16 16:31:49 +01:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
f518b16f97 - Added PKCS#5 PBKDF2 key derivation function 2012-08-23 13:03:18 +00:00
Paul Bakker
3d58fe8af6 - Added Blowfish to benchmarks 2012-07-04 17:15:31 +00:00
Paul Bakker
92eeea4627 - Modified CMakeLists to support zlib 2012-07-03 15:10:33 +00:00
Paul Bakker
e6ee41f932 - Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (Requires OpenSSL)
- Handle encryption with private key and decryption with public key as per RFC 2313
2012-05-19 08:43:48 +00:00
Paul Bakker
b78c74551f - Use standard IV of 12 2012-03-20 15:05:59 +00:00
Paul Bakker
89e80c9a43 - Added base Galois/Counter mode (GCM) for AES 2012-03-20 13:50:09 +00:00
Paul Bakker
b1dee1cfd2 - Changed commands to lowercase where it was not the case 2011-12-11 11:29:51 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
508ad5ab6d - Moved all examples programs to use the new entropy and CTR_DRBG 2011-12-04 17:09:26 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
02faf45d8b - Added random generator benchmarks 2011-11-29 11:23:58 +00:00
Paul Bakker
a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3 - Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator 2011-11-27 14:46:59 +00:00
Paul Bakker
cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker
5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker
135b98ef69 - Adapted to compile without POLARSSL_SELF_TEST defined 2011-05-25 11:13:47 +00:00
Paul Bakker
831a755d9e - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
f17ed288ad - Fixed reference to generic digest key 2011-02-09 17:10:48 +00:00
Paul Bakker
e3166ce040 - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
b06819bb5d - Adapted CMake files for the PKCS#11 support 2011-01-18 16:18:38 +00:00
Paul Bakker
b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker
547f73d66f - Added install targets to the CMake files 2011-01-05 15:07:54 +00:00
Paul Bakker
a802e1ac10 - Updated to new rsa_init, rsa_gen_key prototypes 2010-08-16 11:56:45 +00:00
Paul Bakker
b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker
fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker
baad6504d4 - Changed ARC4 to use seperate input/output buffer 2010-03-21 15:42:15 +00:00
Paul Bakker
ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker
1d4da2e123 - Added benchmark of 2048 and 4096 bits RSA 2009-10-25 12:36:53 +00:00
Paul Bakker
77b385e91a - Updated copyright messages on all relevant files 2009-07-28 17:23:11 +00:00
Paul Bakker
1973e4c582 - Fixed selftest of X509parse code 2009-07-10 22:32:40 +00:00
Paul Bakker
367dae44b2 - Added CMake makefiles as alternative to regular Makefiles.
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and  HMAC-SHA-family.
2009-06-28 21:50:27 +00:00
Paul Bakker
860d36b9d8 - Updated ssl_cert_test to properly parse return values from
x509parse_verify().
2009-05-03 17:29:56 +00:00
Paul Bakker
40ea7de46d - Added CRL revocation support to x509parse_verify()
- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker
d98030e7d6 - Added prelimenary CRL parsing and info support 2009-05-02 15:13:40 +00:00
Paul Bakker
026c03b7f4 - Made changes for better compatibility with old-style C compilers 2009-03-28 17:53:03 +00:00
Paul Bakker
a1d3e5f835 - Add checking of certificate and key match 2009-03-28 17:30:26 +00:00
Paul Bakker
5a0aa77564 - Fixed buffer overrun because of SHA-512 2009-02-09 22:38:52 +00:00
Paul Bakker
3a3c3c2a55 - Added SHA-512 benchmark 2009-02-09 22:33:30 +00:00
Paul Bakker
4593aeadaf - Added support for RFC4055 SHA2 and SHA4 signature algorithms for
use with PKCS#1 v1.5 signing and verification.
 - Added extra certificates to test-ca and test code to further test
   functionality of SHA2 and SHA4 signing and verification.
 - Updated other program files accordingly
2009-02-09 22:32:35 +00:00
Paul Bakker
785a9eeece - Added email address to header license information 2009-01-25 14:15:10 +00:00
Paul Bakker
b5ef0bada4 - Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL 2009-01-11 20:25:36 +00:00
Paul Bakker
38119b18d6 - Added first version of Camellia 2009-01-10 23:31:23 +00:00
Paul Bakker
7a7c78fd02 - Added XTEA Algorithm (Not used in SSL) 2009-01-04 18:15:48 +00:00
Paul Bakker
e0ccd0a7c3 - Updated Copyright notices 2009-01-04 16:27:10 +00:00
Paul Bakker
40e46940df - First replacement of xyssl by polarssl where needed 2009-01-03 21:51:57 +00:00
Paul Bakker
5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00