Hanno Becker
d26bb2090f
Add tests for empty CA list in CertificateRequest, TLS 1.0 & 1.1
2018-08-17 09:57:36 +01:00
Manuel Pégourié-Gonnard
0794d49566
Skip some tests with valgrind (spurious resend)
2018-08-17 10:54:24 +02:00
Manuel Pégourié-Gonnard
1218bc0f74
Add simple interop tests (reliable connection)
2018-08-17 10:51:26 +02:00
Manuel Pégourié-Gonnard
3879fdfece
Merge remote-tracking branch 'public/pr/1955' into iotssl-165-dtls-hs-fragmentation-new
...
* public/pr/1955:
Adapt ChangeLog
Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-17 10:49:47 +02:00
Hanno Becker
eb2b15accd
Improve ChangeLog wording for the commmit that Fixes #1954 .
2018-08-17 09:47:22 +01:00
Andres Amaya Garcia
248e27c487
Remove redundant statement from x509_get_current_time
2018-08-16 21:50:23 +01:00
Andres Amaya Garcia
a7b9f15f27
Add ChangeLog entry for configurable gmtime() in platform
2018-08-16 21:46:35 +01:00
Andres Amaya Garcia
1abb368b87
Make gmtime() configurable at compile-time
2018-08-16 21:42:09 +01:00
Hanno Becker
ad0fe92fb6
Adapt ChangeLog
2018-08-16 15:52:22 +01:00
Hanno Becker
ad17fe9c37
Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-16 15:51:34 +01:00
Jaeden Amero
aa9f3fd6b1
Merge remote-tracking branch 'upstream-public/pr/930' into development
2018-08-16 15:29:58 +01:00
Manuel Pégourié-Gonnard
2d56f0d346
Add test with unreliable connection
2018-08-16 11:09:03 +02:00
Manuel Pégourié-Gonnard
19c62f90e4
Add test for session resumption
2018-08-16 10:50:39 +02:00
Manuel Pégourié-Gonnard
7e89c17788
Fix two typos in comments
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
72c2707d9c
Add tests for MTU with renegotiation
...
This exercises our computation of record expansion.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
b747c6cf9b
Add basic first tests for MTU setting
...
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
637e234d9f
Merge remote-tracking branch 'public/pr/1915' into iotssl-165-dtls-hs-fragmentation-new
...
* public/pr/1915:
Adapt ChangeLog
Fix mbedtls_ssl_get_record_expansion() for ChaChaPoly and CBC
2018-08-16 10:01:21 +02:00
Manuel Pégourié-Gonnard
9468ff1966
Implement support for MTU setting
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
0b1d9b2c75
Declare ssl_conf_mtu()
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
01ec4af023
Add ChangeLog entry
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
2cb17e201b
Make handshake fragmentation follow max_frag_len
...
Note: no interop tests in ssl-opt.sh for now, as some of them make us run into
bugs in (the CI's default versions of) OpenSSL and GnuTLS, so interop tests
will be added later once the situation is clarified. <- TODO
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
28f4beab1c
Start implementing fragmentation
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
87a346f64e
Always save flight first, (re)send later
...
This will allow fragmentation to always happen in the same place, always from
a buffer distinct from ssl->out_msg, and with the same way of resuming after
returning WANT_WRITE
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
9c3a8caa92
Clarify code a bit in write_handshake_msg()
...
- take advantage of the fact that we're only called for first send
- put all sanity checks at the top
- rename and constify shortcut variables
- improve comments
2018-08-16 10:00:35 +02:00
Manuel Pégourié-Gonnard
31c1586893
Start separating handshake from record writing
2018-08-16 10:00:27 +02:00
Mohammad Azim Khan
2c069dfad3
Fix typo in test_suite_entropy.function
2018-08-15 13:55:37 +01:00
Janos Follath
08a4aebc46
HKDF: Add warning to partial functions
...
The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is
used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are
called in succession carefully and an equivalent way.
Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would
prevent any misuse, but doing so would require the TLS 1.3 stack to
break abstraction and bypass the module API.
To reduce the risk of misuse we add warnings to the function
descriptions.
2018-08-14 16:08:38 +01:00
Janos Follath
d0a78e91b3
HKDF: Fix style issue
2018-08-14 16:08:37 +01:00
Hanno Becker
9dc3be7601
Improve wording in ChangeLog
2018-08-14 15:22:05 +01:00
Mohammad Azim Khan
9ebdcffef4
Fix Wformat-overflow warning in ssl_mail_client.c
...
sprintf( (char *) buf, "%s\r\n", base );
Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-14 11:02:23 +01:00
Hanno Becker
361f254eab
Adapt ChangeLog
2018-08-13 16:36:58 +01:00
Hanno Becker
7864090ec1
Reset session_in/out pointers in ssl_session_reset_int()
...
Fixes #1941 .
2018-08-13 16:35:15 +01:00
Ron Eldor
446227a1bd
Enhance nist_kw with some NULL buffers tests
...
Enhance the nist_kw test suite, with setting zero length input\output
buffers. Resolves #1882 .
2018-08-13 14:46:45 +03:00
Ron Eldor
d1a4762adb
Use mbedtls_printf instead of printf
...
Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes #1908
2018-08-13 13:49:52 +03:00
Jaeden Amero
d8f41698d2
Merge remote-tracking branch 'upstream-public/pr/1598' into development
...
Add a Changelog entry
2018-08-10 11:23:15 +01:00
Jaeden Amero
03bd4847b3
Merge remote-tracking branch 'upstream-public/pr/1861' into development
...
Add Changelog entry
2018-08-10 11:17:14 +01:00
Jaeden Amero
cac0c1a250
Merge remote-tracking branch 'upstream-public/pr/1378' into development
2018-08-10 10:59:53 +01:00
Jaeden Amero
603aee0c46
Merge remote-tracking branch 'upstream-public/pr/1816' into development
2018-08-10 10:56:48 +01:00
Jaeden Amero
372b50b252
Add a ChangeLog entry for #1816
2018-08-10 10:56:31 +01:00
Jaeden Amero
f48163a960
Merge remote-tracking branch 'upstream-public/pr/1834' into development
2018-08-10 10:49:10 +01:00
Gilles Peskine
ffbdc61449
Add test/zeroize.c
2018-08-10 11:48:52 +02:00
Gilles Peskine
0b54419bc8
More grammar alignment
2018-08-10 11:32:11 +02:00
Andres Amaya Garcia
d7177435e3
Fix check-names.sh fail with USE_GMTIME macro
2018-08-08 09:41:17 +01:00
Andres Amaya Garcia
97f3ecb972
Document dependency on gmtime, gmtime_r & gmtime_s
2018-08-07 20:39:27 +01:00
Andres Amaya Garcia
824dfb34b4
Add ChangeLog entry for use of gmtime
2018-08-07 20:29:57 +01:00
Andres Amaya Garcia
ce6eebb0b8
Use gmtime when target is not windows or posix
2018-08-07 20:26:55 +01:00
Gilles Peskine
aa22030e21
Further wording improvements
2018-08-06 20:19:50 +02:00
Gilles Peskine
27a046058a
Unify the grammar of descriptions
...
Use "program: does this and then does that" throughout.
2018-08-06 20:09:16 +02:00
Mohammad Azim Khan
58e9c1833b
Fix Wformat-overflow warning in ssl_mail_client.c
...
sprintf( (char *) buf, "%s\r\n", base );
Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-06 12:02:02 +01:00
Mohammad Azim Khan
5cb7017077
Less obscure test suites template
2018-08-06 11:42:56 +01:00