Commit Graph

7638 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
3879fdfece Merge remote-tracking branch 'public/pr/1955' into iotssl-165-dtls-hs-fragmentation-new
* public/pr/1955:
  Adapt ChangeLog
  Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-17 10:49:47 +02:00
Hanno Becker
eb2b15accd Improve ChangeLog wording for the commmit that Fixes #1954. 2018-08-17 09:47:22 +01:00
Andres Amaya Garcia
248e27c487 Remove redundant statement from x509_get_current_time 2018-08-16 21:50:23 +01:00
Andres Amaya Garcia
a7b9f15f27 Add ChangeLog entry for configurable gmtime() in platform 2018-08-16 21:46:35 +01:00
Andres Amaya Garcia
1abb368b87 Make gmtime() configurable at compile-time 2018-08-16 21:42:09 +01:00
Hanno Becker
ad0fe92fb6 Adapt ChangeLog 2018-08-16 15:52:22 +01:00
Hanno Becker
ad17fe9c37 Fix overly strict bounds check in ssl_parse_certificate_request() 2018-08-16 15:51:34 +01:00
Jaeden Amero
aa9f3fd6b1 Merge remote-tracking branch 'upstream-public/pr/930' into development 2018-08-16 15:29:58 +01:00
Manuel Pégourié-Gonnard
2d56f0d346 Add test with unreliable connection 2018-08-16 11:09:03 +02:00
Manuel Pégourié-Gonnard
19c62f90e4 Add test for session resumption 2018-08-16 10:50:39 +02:00
Manuel Pégourié-Gonnard
7e89c17788 Fix two typos in comments 2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
72c2707d9c Add tests for MTU with renegotiation
This exercises our computation of record expansion.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
b747c6cf9b Add basic first tests for MTU setting
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
637e234d9f Merge remote-tracking branch 'public/pr/1915' into iotssl-165-dtls-hs-fragmentation-new
* public/pr/1915:
  Adapt ChangeLog
  Fix mbedtls_ssl_get_record_expansion() for ChaChaPoly and CBC
2018-08-16 10:01:21 +02:00
Manuel Pégourié-Gonnard
9468ff1966 Implement support for MTU setting 2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
0b1d9b2c75 Declare ssl_conf_mtu() 2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
01ec4af023 Add ChangeLog entry 2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
2cb17e201b Make handshake fragmentation follow max_frag_len
Note: no interop tests in ssl-opt.sh for now, as some of them make us run into
bugs in (the CI's default versions of) OpenSSL and GnuTLS, so interop tests
will be added later once the situation is clarified. <- TODO
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
28f4beab1c Start implementing fragmentation 2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
87a346f64e Always save flight first, (re)send later
This will allow fragmentation to always happen in the same place, always from
a buffer distinct from ssl->out_msg, and with the same way of resuming after
returning WANT_WRITE
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
9c3a8caa92 Clarify code a bit in write_handshake_msg()
- take advantage of the fact that we're only called for first send
- put all sanity checks at the top
- rename and constify shortcut variables
- improve comments
2018-08-16 10:00:35 +02:00
Manuel Pégourié-Gonnard
31c1586893 Start separating handshake from record writing 2018-08-16 10:00:27 +02:00
Mohammad Azim Khan
2c069dfad3 Fix typo in test_suite_entropy.function 2018-08-15 13:55:37 +01:00
Janos Follath
08a4aebc46 HKDF: Add warning to partial functions
The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is
used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are
called in succession carefully and an equivalent way.

Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would
prevent any misuse, but doing so would require the TLS 1.3 stack to
break abstraction and bypass the module API.

To reduce the risk of misuse we add warnings to the function
descriptions.
2018-08-14 16:08:38 +01:00
Janos Follath
d0a78e91b3 HKDF: Fix style issue 2018-08-14 16:08:37 +01:00
Hanno Becker
9dc3be7601 Improve wording in ChangeLog 2018-08-14 15:22:05 +01:00
Mohammad Azim Khan
9ebdcffef4 Fix Wformat-overflow warning in ssl_mail_client.c
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-14 11:02:23 +01:00
Hanno Becker
361f254eab Adapt ChangeLog 2018-08-13 16:36:58 +01:00
Hanno Becker
7864090ec1 Reset session_in/out pointers in ssl_session_reset_int()
Fixes #1941.
2018-08-13 16:35:15 +01:00
Ron Eldor
446227a1bd Enhance nist_kw with some NULL buffers tests
Enhance the nist_kw test suite, with setting zero length input\output
buffers. Resolves #1882.
2018-08-13 14:46:45 +03:00
Ron Eldor
d1a4762adb Use mbedtls_printf instead of printf
Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes #1908
2018-08-13 13:49:52 +03:00
Jaeden Amero
d8f41698d2 Merge remote-tracking branch 'upstream-public/pr/1598' into development
Add a Changelog entry
2018-08-10 11:23:15 +01:00
Jaeden Amero
03bd4847b3 Merge remote-tracking branch 'upstream-public/pr/1861' into development
Add Changelog entry
2018-08-10 11:17:14 +01:00
Jaeden Amero
cac0c1a250 Merge remote-tracking branch 'upstream-public/pr/1378' into development 2018-08-10 10:59:53 +01:00
Jaeden Amero
603aee0c46 Merge remote-tracking branch 'upstream-public/pr/1816' into development 2018-08-10 10:56:48 +01:00
Jaeden Amero
372b50b252 Add a ChangeLog entry for #1816 2018-08-10 10:56:31 +01:00
Jaeden Amero
f48163a960 Merge remote-tracking branch 'upstream-public/pr/1834' into development 2018-08-10 10:49:10 +01:00
Andres Amaya Garcia
d7177435e3 Fix check-names.sh fail with USE_GMTIME macro 2018-08-08 09:41:17 +01:00
Andres Amaya Garcia
97f3ecb972 Document dependency on gmtime, gmtime_r & gmtime_s 2018-08-07 20:39:27 +01:00
Andres Amaya Garcia
824dfb34b4 Add ChangeLog entry for use of gmtime 2018-08-07 20:29:57 +01:00
Andres Amaya Garcia
ce6eebb0b8 Use gmtime when target is not windows or posix 2018-08-07 20:26:55 +01:00
Mohammad Azim Khan
58e9c1833b Fix Wformat-overflow warning in ssl_mail_client.c
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-06 12:02:02 +01:00
Mohammad Azim Khan
5cb7017077 Less obscure test suites template 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
d2d0112ca8 Style fixes 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
440d8737c6 Fix macro validation regex 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
ee6529eb83 Add generate_test_code.py unit tests in all.sh 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
21798105f6 Pylint tests in all.sh 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
539aa06f64 Fix Python 2 & 3 compatibility in test_generate_test_code.py 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
32cbcdac8f Fix Pylint errors in Python scripts 2018-08-06 11:42:56 +01:00
Azim Khan
630281349e Replaced escaped_split() logic with regex 2018-08-06 11:42:56 +01:00