yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
29777 commits 89 branches 205 tags 114 MiB
Commit graph

224 commits

Author SHA1 Message Date
Gilles Peskine 62469d95e2 Allow SHA-1 in test scripts 2017-06-06 18:44:14 +02:00
Andres AG f181e25e5b Remove specific GnuTLS and OpenSSL version requirements 2016-09-15 20:45:53 +01:00
Simon Butcher ac22d1113c Remove references to PolarSSL in compat.sh 
Removed references to PolarSSL for mbed TLS for clarity.
 2016-09-05 13:17:25 +01:00
Simon Butcher 3ea7f52fdf Update interop tests to default configuration 
Removed SSLv3 from the default tests in compat.sh, and adapted the test
cases in all.sh to include an additional SSLv3 regression test suite.
 2016-03-09 19:32:11 +00:00
Manuel Pégourié-Gonnard 9afdc83d77 Fix bashisms in test scripts 2015-08-04 17:15:13 +02:00
Manuel Pégourié-Gonnard 39e2ca9194 Use OpenSSL in compat.sh on Travis, except DTLS 
Less heavy-handed than skipping all OpenSSL interop
 2015-08-04 16:43:37 +02:00
Manuel Pégourié-Gonnard 7eb58cbae8 Rm obsolete hack in ssl-opt.sh 2015-07-07 11:54:14 +02:00
Manuel Pégourié-Gonnard 03db6b0da1 Cosmetics in test scripts 
Some versions of "which" print on stderr.
 2015-06-26 15:45:30 +02:00
Manuel Pégourié-Gonnard 6195767554 Fix default of openssl s_server 
openssl s_server up to 1.0.2.a included uses a 512-bit prime for DH by
default. Since we now require 1024 bit at least, make s_server use decent
params. (1.0.2b and up use acceptable params by default.)
 2015-06-22 14:40:55 +02:00
Manuel Pégourié-Gonnard e36d56419e Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  fix bug in ssl_mail_client
  Adapt compat.sh to GnuTLS 3.4
  Fix undefined behaviour in x509

Conflicts:
	programs/ssl/ssl_mail_client.c
	tests/compat.sh
 2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard f52248a959 Adapt compat.sh to GnuTLS 3.4 2015-04-30 12:15:16 +02:00
Manuel Pégourié-Gonnard 2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard ea0920f079 Adjust test scripts to new RC4 defaults 2015-03-24 10:14:23 +01:00
Manuel Pégourié-Gonnard 751286be39 Make tests/*.sh runnable from anywhere 2015-03-10 13:43:56 +00:00
Manuel Pégourié-Gonnard 19db8eaf9b Make tests/*.sh runnable from anywhere 2015-03-10 13:42:28 +00:00
Manuel Pégourié-Gonnard 82cf0a1f9a Fix for openssl s_server oddity in 1.0.2 2015-02-09 13:05:54 +00:00
Manuel Pégourié-Gonnard dba564bc79 Fix files that are not in development 2015-01-23 11:37:14 +00:00
Manuel Pégourié-Gonnard eab72e2ced Merge branch 'development' into dtls 
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
 2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard a8f3b75f54 Fix issue in compat.sh 2015-01-22 17:20:35 +00:00
Manuel Pégourié-Gonnard e4f6edcda1 Rename to mbed TLS in tests/ 2015-01-22 16:43:54 +00:00
Manuel Pégourié-Gonnard 67505bf9e8 Merge branch 'development' into dtls 
* development:
  Adapt tests to new defaults/errors.
  Fix typos/cosmetics in Changelog
  Disable RC4 by default in example programs.
  Add ssl_set_arc4_support()
  Set min version to TLS 1.0 in programs

Conflicts:
	include/polarssl/ssl.h
	library/ssl_cli.c
	library/ssl_srv.c
	tests/compat.sh
 2015-01-21 13:57:33 +00:00
Paul Bakker 5b8f7eaa3e Merge new security defaults for programs (RC4 disabled, SSL3 disabled) 2015-01-14 16:26:54 +01:00
Manuel Pégourié-Gonnard bd47a58221 Add ssl_set_arc4_support() 
Rationale: if people want to disable RC4 but otherwise keep the default suite
list, it was cumbersome. Also, since it uses a global array,
ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like
the best place, even if it means temporarily adding one SSL setting.
 2015-01-13 13:03:06 +01:00
Manuel Pégourié-Gonnard a65d5082b6 Merge branch 'development' into dtls 
* development:
  Fix previous commit
  Allow flexible location of valgrind
  Fix test scripts portability issues
  Fix Gnu-ism in script

Conflicts:
	tests/ssl-opt.sh
 2015-01-12 14:54:55 +01:00
Paul Bakker 54b1a8fa4d Merge support for Extended Master Secret (session-hash) 2015-01-12 14:14:07 +01:00
Manuel Pégourié-Gonnard f46f128f4a Fix test scripts portability issues 2014-12-11 17:26:09 +01:00
Manuel Pégourié-Gonnard 56d985d0a6 Merge branch 'session-hash' into dtls 
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
 2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard dd4592774b compat.sh: allow git version of gnutls 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard 85a4178f82 compat.sh: make options a bit more robust 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 36795197d9 Rm now useless MTU setting in compat.sh 2014-10-21 16:32:40 +02:00
Manuel Pégourié-Gonnard 53aef81a7d Work around OpenSSL bug in compat.sh 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard d1af1025d0 Add DTLS interop testing with OpenSSL server 
PSK suites failing with client auth
 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard 9bfb1226da Add DTLS interop testing with GnuTLS server 2014-10-21 16:30:12 +02:00
Manuel Pégourié-Gonnard 29980b16bd Add DTLS interop testing (PolarSSL server) 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 3025b6cfd6 Add DTLS self-op test in compat.sh 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard 7fa67728ad Scripts print more info on failure within buildbot 2014-08-31 17:42:53 +02:00
Manuel Pégourié-Gonnard 1287f11d54 Detect GnuTLS presence and version in compat.sh 2014-08-31 16:31:32 +02:00
Manuel Pégourié-Gonnard 16494496db Fix details in compat.sh 2014-08-31 10:37:14 +02:00
Manuel Pégourié-Gonnard 72e51ee7be Use arithmetic expansion in scripts, avoid bashisms 2014-08-31 10:22:11 +02:00
Manuel Pégourié-Gonnard c0f6a692fb Add client timeout to ssl-opt.sh and compat.sh 2014-08-30 22:59:55 +02:00
Manuel Pégourié-Gonnard decaf0b182 Clean up unused variable in compat.sh 2014-08-30 22:22:09 +02:00
Manuel Pégourié-Gonnard 74b11702d7 Simplify terminating ssl_server2 in test scripts 2014-08-14 18:33:00 +02:00
Manuel Pégourié-Gonnard e46aa5e336 Update GnuTLS version requirements in compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 7e0a5183db Add a missing suite to compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 8d4ad07706 SHA-2 ciphersuites now require TLS 1.x 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard 7457cb3a56 Fix some version/peer requirements in compat.sh 2014-08-14 11:34:34 +02:00
Manuel Pégourié-Gonnard fab2a3c3d6 Fix port selection in ssl test scripts 
Port was selected in the 1000-1999 range which is bad (system ports).
 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard 32f8f4d1a0 Catch SERVERQUIT timeout in ssl test scripts 2014-05-29 11:57:44 +02:00
Manuel Pégourié-Gonnard bc3b16c7e2 Also use unique names for temp files 2014-05-29 11:57:43 +02:00
Manuel Pégourié-Gonnard 8066b81a54 Pick a "unique" port in SSL test scripts 2014-05-29 11:57:43 +02:00
Paul Bakker 1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Manuel Pégourié-Gonnard 2594859bc6 Add CCM suites to compat.sh (self-op only) 2014-05-22 14:36:02 +02:00
Paul Bakker 17b85cbd69 Merged additional tests and improved code coverage 
Conflicts:
	ChangeLog
 2014-04-08 14:38:48 +02:00
Manuel Pégourié-Gonnard 563ad02663 Fix final report in compat.sh 
Only affect what's printed, the exit code was already correct.
 2014-04-08 11:56:35 +02:00
Manuel Pégourié-Gonnard 913030c286 Enable SSLv2 testing if OPENSSL_CMD is set 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard e9a9a61c61 Deduplicate suites in compat.sh 2014-03-26 12:58:56 +01:00
Manuel Pégourié-Gonnard 12b8472f2f Test against GnuTLS for every common ciphersuite 2014-03-26 12:58:54 +01:00
Manuel Pégourié-Gonnard a1a9f9a639 Allow GnuTLS to be enabled via environment 2014-03-26 12:58:53 +01:00
Manuel Pégourié-Gonnard e01af4cd37 Tune compat.sh and ssl-opt.sh error reporting 2014-03-26 12:58:48 +01:00
Manuel Pégourié-Gonnard 5de31ecf9c Don't use dummy CA in compat.sh 2014-03-19 17:43:25 +01:00
Manuel Pégourié-Gonnard 3947d04b24 Fix too aggressive test for gnutls commands 2014-03-14 18:13:53 +01:00
Manuel Pégourié-Gonnard 74faf3c400 Fix usage of environment variables for commands 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 84fd6877c6 Use ssl_client2 to terminate ssl_server2 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard ba0b8442f0 compat.sh and ssl-opt.sh cosmetics 
- do not print '0 memory errors' when memcheck was not used
- add commands to the log files
 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 9edba77c06 Add --exclude and --peers options to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard a4371447e4 Start adding GnuTLS client support to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 213c67adfc Adapt to new ssl_client2 default 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 5b2d776d2a GnuTLS in compat.sh: server-side 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 3eec60402f Add memcheck support to compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 1b149ef746 Use no cert when none is required in compat.sh 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard f7a2690561 Make the openssl command configurable in sh tests 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 911622d84a compat.sh: never kill our server 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 87ae3031ac compat.sh: use file output (prep. for valgrind) 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 42d195acc1 compat.sh: don't start server if no ciphersuite 2014-03-14 08:41:02 +01:00
Manuel Pégourié-Gonnard 9dea8bd658 Minor compat.sh clean-up 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard a9062e96e7 shell scripts: clean up when exiting on signal 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard 4145b89091 compat.sh cosmetics 2014-03-14 08:41:01 +01:00
Manuel Pégourié-Gonnard da782c9458 compat.sh: better certificate verification testing 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard eaadc508fb New ssl-opt.sh test script 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard c57e98b5fa compat.sh: terminate ssl_server2 cleanly 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 5f593f07f7 compat.sh: rm a useless sleep 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 95957717f3 compat.sh: source cosmetics 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 330e4111cb compat.sh: factor code into run_client() function 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 304beef2ae compat.sh: function to start server 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 9ada01a70c compat.sh: regroup arguments even more 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 1b31d7fd97 compat.sh: remove useless server restart 2014-03-14 08:41:00 +01:00
Manuel Pégourié-Gonnard 48f196cda5 compat.sh refactoring: group ciphersuite lists 2014-03-14 08:40:59 +01:00
Manuel Pégourié-Gonnard d941a796be compat.sh refectoring: regroup argument setting 2014-03-14 08:40:59 +01:00
Paul Bakker fe40f484fb Do not print error on missing kill target in compat.sh 2013-12-19 17:47:24 +01:00
Paul Bakker 5a607d26b7 Merged IPv6 support in the NET module 2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard c9baa873ca Force server to IPv4 in compat.s 2013-12-17 14:10:58 +01:00
Manuel Pégourié-Gonnard 0759d369e6 Fix ciphersuite selection in compat.sh 2013-12-17 11:50:52 +01:00
Manuel Pégourié-Gonnard 31a2325810 Add ECDH_ECDSA suites to compat.sh 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard 07b54e06da Fix EC suites version requirements in compat.sh 2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard 452f6ba1a6 compat.sh cleanups 2013-12-17 11:26:59 +01:00
Manuel Pégourié-Gonnard c6f03faeaf Update compat.sh ciphersuite versions 2013-11-26 14:29:13 +01:00
Manuel Pégourié-Gonnard 65ea372f9b Rm unsupported suites (export) from compat.sh 2013-10-25 18:44:07 +02:00
Manuel Pégourié-Gonnard 8d01eea7af Add Camellia-GCM ciphersuites 2013-10-25 16:46:05 +02:00
Manuel Pégourié-Gonnard eebb5ad6cc Add RSA-PSK and ECDHE-PSK suites to compat.sh 2013-10-15 12:27:22 +02:00
Manuel Pégourié-Gonnard eb1714e9c8 Fix certs/psk arguments in compat.sh 2013-09-20 12:44:08 +02:00
Manuel Pégourié-Gonnard d331319a38 Check -m option in compat.sh 2013-09-18 14:34:32 +02:00
Manuel Pégourié-Gonnard 70064fd721 compat.sh: report results 2013-08-27 22:21:22 +02:00
Manuel Pégourié-Gonnard 7ebaf376f9 Add ECDSA suites to compat.sh 2013-08-27 22:21:22 +02:00
Manuel Pégourié-Gonnard dfc8d5accc Small adjustments in compat.sh 2013-08-27 22:21:22 +02:00
Manuel Pégourié-Gonnard 9791a4043e Refactor compat.sh to prepare for ECDSA 2013-08-27 22:21:22 +02:00
Paul Bakker 0f2f0bfc87 CAMELLIA-based PSK and DHE-PSK ciphersuites added 2013-07-26 15:04:03 +02:00
Paul Bakker 524691c0a0 Added --modes option to tests/compat.sh 2013-07-25 17:01:20 +02:00
Paul Bakker accd4eb665 compat.sh now has -f command-line option to filter used ciphersuites 2013-07-19 14:51:31 +02:00
Paul Bakker 89fe7f4388 compat.sh modified to support new ssl_server2 and ssl_client2 
capabilities
 2013-06-29 18:35:41 +02:00
Paul Bakker 40afb4ba13 Added PSK GCM, SHA256 and SHA384 ciphers from RFC5487 2013-04-19 22:03:30 +02:00
Paul Bakker a1bf92ddb4 Added PSK NULL ciphers from RFC4785 2013-04-19 20:47:26 +02:00
Paul Bakker 48f7a5d724 DHE-PSK based ciphersuite support added and cleaner key exchange based 
code selection

The base RFC 4279 DHE-PSK ciphersuites are now supported and added.

The SSL code cuts out code not relevant for defined key exchange methods
 2013-04-19 20:47:26 +02:00
Paul Bakker 7e5e7ca205 Added PSK ciphersuite tests to compat.sh 2013-04-18 23:12:34 +02:00
Paul Bakker abfdfbfd46 Removed duplicate value from compat.sh ciphersuite list 2013-04-08 14:07:43 +02:00
Paul Bakker 27714b1aa1 Added Camellia ECDHE-based CBC ciphersuites 
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
 2013-04-07 23:07:12 +02:00
Paul Bakker a54e493bc0 Added ECDHE-based SHA256 and SHA384 ciphersuites 
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
 2013-03-20 15:31:54 +01:00
Paul Bakker 41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS 
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
 2013-03-20 14:39:14 +01:00
Paul Bakker 1eeceaeac8 More expansive testing 2012-11-23 14:25:34 +01:00
Paul Bakker 645ce3a2b4 - Moved ciphersuite naming scheme to IANA reserved names 2012-10-31 12:32:41 +00:00
Paul Bakker 0c93d126bc - Ability to define openssl at top 
- Also add SHA256 ciphersuites in non-tls 1.2 modes
 2012-09-13 14:26:09 +00:00
Paul Bakker ca4ab49158 - Added GCM ciphersuites to TLS implementation 2012-04-18 14:23:57 +00:00
Paul Bakker 10cd225962 - Added support for the SHA256 ciphersuites of AES and Camellia 2012-04-12 21:26:34 +00:00
Paul Bakker 398cb514e2 - Allow to test for multiple modes 2012-04-10 08:22:31 +00:00
Paul Bakker fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00