Gilles Peskine
dd57d75dfa
Allow SHA-1 in X.509 and TLS tests
...
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 19:08:23 +02:00
Andres AG
0ac1392cd8
Remove use of inttypes.h in MSVC from ssl_server2
...
The sample application programs/ssl/ssl_server2.c was previously
modifies to use inttypes.h to parse a string to a 64-bit integer.
However, MSVC does not support C99, so compilation fails. This
patch modifies the sample app to use the MSVC specific parsing
functions instead of inttypes.h.
2017-03-01 23:33:29 +00:00
Ron Eldor
78011d9656
fix for issue 1101: missing rsa context initialization
...
added mbedtls_rsa_init in rsa_decrypt sample application
2017-03-01 16:05:25 +00:00
Paul Bakker
c60c31226f
Fix default hostname for verification used in ssl_client1
2017-02-28 23:33:28 +00:00
Andres AG
9b1927bf9b
Add DTLS test to check 6 byte record ctr is cmp
...
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-02-04 23:35:14 +00:00
Andres AG
9d32bd91b0
Fix examples that failed to compile without PEM
2017-02-02 17:08:46 +00:00
Simon Butcher
5214607f75
Add extra compilation conditions to X.509 samples
...
The sample applications programs/pkey/cert_req.c and
programs/pkey/cert_write.c use the library functions
mbedtls_pk_write_csr_pem() and mbedtls_pk_write_crt_pem() respectively which
are dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option
isn't defined the build breaks.
This change adds the compilation condition MBEDTLS_PEM_WRITE_C to these
sample application.
2016-10-10 09:45:17 +01:00
Simon Butcher
411fd7c23a
Add extra compilation conditions to gen_key.c #559
...
The sample application programs/pkey/gen_key.c uses the library function
mbedtls_pk_write_key_pem() which is dependent on the configuration option
MBEDTLS_PEM_WRITE_C. If the option isn't defined the build breaks.
This change adds the compilation condition MBEDTLS_PEM_WRITE_C to the gen_key.c
sample application.
2016-10-07 14:17:22 +01:00
Simon Butcher
d7fb3fd4e6
Fix error text and whitespace in crypt_and_hash.c
2016-10-07 14:16:57 +01:00
Paul Bakker
3ef29f6e48
Do not add empty cert / key in cert_app
2016-09-26 20:46:10 +01:00
Paul Bakker
11a7d7cf68
Actually apply debug_level settings in cert_app
2016-09-26 20:45:57 +01:00
Paul Bakker
a9f02c8c21
Fix for #441 - crypt and hash gcm ( #546 )
...
* Fix crypt_and_hash to support decrypting GCM encrypted files
* Fix documentation in crypt_and_hash for the generic case
* Remove unused lastn from crypt_and_hash
lastn is not used with the cipher layer as it already provides padding
and understanding of length of the original data.
2016-09-02 22:08:18 +01:00
Simon Butcher
c019035e8e
Add missing stdlib.h header to rsa sample programs
2016-05-18 19:36:03 +01:00
Simon Butcher
663638d202
Corrects platform return values in rsa sample programs
2016-05-18 19:36:03 +01:00
Simon Butcher
4529c48c42
Fixes error and exit paths in rsa sample programs
2016-05-18 19:36:03 +01:00
Janos Follath
bffa68d3ca
Fix memory leaks in example programs.
2016-05-18 19:36:03 +01:00
Janos Follath
c89a62e809
Improves and makes pretty the ssl_fork_server output
2016-04-28 23:57:42 +01:00
Janos Follath
56a7347841
Fix issue #429 in ssl_fork_server.c
2016-04-28 23:57:28 +01:00
Jonathan Leroy
3dd85ddfdf
cert_write : fix "Destination buffer is too small" error
...
This commit fixes the `Destination buffer is too small` error returned
by `mbedtls_cert_write` command when the values of `subject_name` or
`issuer_name` parameters exceed 128 characters.
I have increased the size of these varaibles from 128 to 256 characters,
but I don't know if it's the best way to solve this issue...
Fixes #315 .
2015-11-02 05:58:30 +09:00
Jonathan Leroy
1f8c20ac9a
Fix help message for cert_req/cert_write programs
...
In cert_req and cert_write programs, "key_certificate_sign" is not an
allowed velue for "key_usage" parameter. The correct value is
"key_cert_sign".
See https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c#L208
and https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c#L323 .
2015-10-30 16:56:44 +01:00
James Cowgill
6bfa1d826e
Fix minor spelling mistake in programs/pkey/gen_key.c
2015-10-27 10:27:51 +01:00
Manuel Pégourié-Gonnard
2ed05a049a
Fix typos
2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard
22311ae62e
Improve help message of ssl_*2.c
2015-09-09 11:22:58 +02:00
Manuel Pégourié-Gonnard
3f09b6d4c2
Fix API
2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard
dbd23079d0
Add option reconnect_hard to ssl_client2
...
- interrupt the connection abruptly (no close_notify)
- reconnect from the same port while server sill has an active connection from
this port.
Some real-world clients do that, see section 4.2.8 of RFC 6347.
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
Simon Butcher
ed51594337
Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
...
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
Manuel Pégourié-Gonnard
a2cda6bfaf
Add mbedtls_ssl_get_max_frag_len()
...
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard
cf9ab63863
Fix error reporting in pkey/pk_* programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
ce7a08ba49
Fix more comments/outputs in verify programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
102a620c9a
Fix hash buffer size in pkey programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
d224ff1f63
Change default RSA key size in rsa_genkey
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
1d8f2da7df
Fix comments about filenames in some programs
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
d74c697035
Fix memory corruption in rsa sign/verify programs
...
We have no guarantee there is enough room in the argv strings.
Fixes #210
2015-08-31 10:34:27 +02:00
Manuel Pégourié-Gonnard
ea35666f50
Fix -Wshadow warnings
...
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).
fixes #240
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard
fa1304a51d
Use Unix line endings in wince_main.c too
...
The compiler needs to accept Unix line endings anyway, as this is what we use
everywhere, and it makes things more consistent.
2015-08-06 19:03:31 +02:00
Manuel Pégourié-Gonnard
d73896581b
Fix typos (found by Francesco Pompò)
...
Manually merging as the pull requests are based on an old branch.
closes #215
closes #216
2015-08-06 18:22:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
4f3368e31e
Fix bug in benchmark.c with DHM params
2015-07-19 15:01:28 +02:00
Manuel Pégourié-Gonnard
78ec2b049c
Cosmetics in Makefiles
2015-07-08 22:12:06 +01:00
Manuel Pégourié-Gonnard
a6dbddce0c
Fix benchmark.c for removal of small DH params
2015-07-06 11:20:33 +02:00
Manuel Pégourié-Gonnard
77c656217b
Update dh_genprime program
...
- default size 2048 bits
- make size a command-line argument
- remove warning about using own params
2015-07-03 16:57:52 +02:00
Manuel Pégourié-Gonnard
6755717f18
Fix stupid typo in ssl_server2.c
2015-07-02 11:15:48 +02:00
Manuel Pégourié-Gonnard
046589e424
Rm obsolete defines for snprintf in programs
...
Now centralized in the platform layer
2015-07-01 17:26:20 +02:00
Manuel Pégourié-Gonnard
9de64f5af1
Fix MSVC warnings in library and programs
2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard
052f28853b
Cosmetics in debug in ssl_{client,server}2.c
...
Print only the basename from the file, and print level too.
2015-07-01 12:01:13 +02:00
Manuel Pégourié-Gonnard
abc729e664
Simplify net_accept() with UDP sockets
...
This is made possible by the new API where net_accept() gets a pointer to
bind_ctx, so it can update it.
2015-07-01 01:28:24 +02:00
Manuel Pégourié-Gonnard
3d7d00ad23
Rename mbedtls_net_close() to mbedtls_net_free()
...
close() may be more meaningful, but free() is symmetric with _init(), and more
consistent with all other modules
2015-06-30 16:50:37 +02:00
Manuel Pégourié-Gonnard
5db64328ab
Adapt programs to the new NET API
2015-06-30 16:48:17 +02:00
Manuel Pégourié-Gonnard
a7c8903ca6
Add missing programs to Makefile
2015-06-29 19:14:04 +02:00
Manuel Pégourié-Gonnard
1c5b9fc19f
Avoid truncating peer cert info in ssl_server2
2015-06-27 14:38:51 +02:00
Manuel Pégourié-Gonnard
fc36708697
Use $(MAKE), not make
...
For the sake of systems where we want gmake.
2015-06-26 16:50:24 +02:00
Manuel Pégourié-Gonnard
633c6b6485
Run timing selftest on all platforms
...
Used to fail on our FreeBSD and Windows buildbots. Seems to be working at
least on my Darwin physical machine and on my Windows VM with MSYS2 now.
2015-06-26 16:17:30 +02:00
Manuel Pégourié-Gonnard
4b00f08e20
Fix snprintf test
...
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
ea9556a76e
Fix mistaken changes in Makefile's clean target
...
I was a bit too trigger-happy with copy-pasting in a previous commit...
2015-06-25 14:19:25 +02:00
Manuel Pégourié-Gonnard
216a1831de
Fix whitespace in CMakeLists.txt
...
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
21e1ac205e
Fix linking order with make
...
GNU ld cares about the order in which static libs are mentioned on the command
line: if A depends on B then A must com first.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
5c59a4fea5
Split libs with make + general make cleanups
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
8d4a613cc5
Small Makefile improvements
...
- fix old build commands still using OFLAGS
- make everything work with --warn-undefined-variables, which can be useful
for debugging typos
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
61ee351af4
Adapt programs to the new debug API
2015-06-23 23:30:16 +02:00
Manuel Pégourié-Gonnard
c0d749418b
Make 'port' a string in NET module
...
- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
07894338a0
Rename M255 to Curve25519
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
6ea831dcf4
Add tests for mbedtls_set_hs_ca_chain()
2015-06-22 17:30:18 +02:00
Manuel Pégourié-Gonnard
4d6f178376
Add support for SNI CA and authmode in ssl_server2
2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard
7b6dcbe993
Add tests for snprintf
...
- Added in each tests program to be sure they are run (putting them in a test
suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
past [1], so make sure to catch that if it ever happens again.
[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
7580ba475d
Add a concept of entropy source strength.
...
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
c0696c216b
Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen
2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
797f48ace6
Rename ecp_curve_info.size to bit_size
2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
898e0aa210
Rename key_length in cipher_info
2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
b31c5f68b1
Add SSL presets.
...
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
9096682352
Add dhmlen option in ssl_client2.c
2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard
bf27eaac79
Fix help string in ssl_client2.c
2015-06-12 11:22:02 +02:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21
Avoid in-out length in dhm_calc_secret()
2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
d14acbc31a
Test assumptions we make about the platform
...
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
06d5d61302
Adapt programs to generic md_file()
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
b327168e22
Remove non-generic md_file() programs
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
b2a18a2a98
Remove references to malloc in strings/names
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9
Replace malloc with calloc
...
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
56273daea0
Move some includes to ssl_internal.h
...
Also removed one from ssl.h and add it in programs where it belongs
2015-05-26 15:01:37 +02:00
Manuel Pégourié-Gonnard
a0adc1bbe4
Make cipher used in ssl tickets configurable
2015-05-25 10:35:16 +02:00
Manuel Pégourié-Gonnard
b596abfdc0
Refine cli/srv ifdefs for session tickets
...
- Only the server needs to generate/parse tickets
- Only the client needs to store them
Also adjust prototype of ssl_conf_session_tickets() while at it.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
d59675d92c
Move to callback for session tickets
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard
53ebe138c6
Fix copyright lines still mentioning Brainspark
2015-05-15 12:01:12 +02:00
Manuel Pégourié-Gonnard
0b104b056b
Adapt prototype of net_accept() for explicit size
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d9e6a3ac10
Rename pk_init_ctx() -> pk_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
d4f04dba42
net.c now depends on select() unconditionally
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
a63bc94a2d
Remove timing_m_sleep() -> net_usleep()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
151dc77732
Fix some old names that remained
...
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
8473f87984
Rename cipher_init_ctx() to cipher_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
66dc5555f0
mbedtls_ssl_conf_arc4_support() depends on ARC4_C
2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard
d2377e7e78
ssl_client/server2 shouln't depend on timing.c
...
Would break test-ref-configs.pl.
2015-05-13 13:58:56 +02:00
Manuel Pégourié-Gonnard
e3c41ad8a4
Use the new timer callback API in programs
2015-05-13 10:04:32 +02:00
Manuel Pégourié-Gonnard
db1cc76091
Fix depend issue in program/ssl/ssl_*2.c
2015-05-12 11:27:25 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c
Change X.509 verify flags to uint32_t
2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e85fef10b5
Fix option names in benchmark.c
2015-05-11 19:38:25 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f
Rename ecp_use_known_dp -> mbedtls_ecp_group_load()
2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
159c82ecc6
Fix ssl_set_hostname usage (duplication, ifdef)
2015-05-11 17:59:14 +02:00
Manuel Pégourié-Gonnard
55fab2de5d
Fix a few more #ifdef's
2015-05-11 17:54:38 +02:00
Manuel Pégourié-Gonnard
30eceb766a
Fix warning in ssl_pthread_server
...
GCC 4.9 with ASan + UBSan on OS X complains that we were casting to int from a
wider integer type. Anyway, this cast is totally non-portable (pthread_t could
even be structure), switching to long gets rid of the warning...
2015-05-11 14:42:56 +02:00