Nir Sonnenschein
b7ebbcaa2c
compile time warning of 128bit ctr_drbg keys and standardized warnings
...
a compile time print was added warning in case of 128bit ctr_drbg keys.
This was don't to avoid an actual warning in these cases
(making build with warnings as errors possible).
Additional warnings on the Changelog/headers were set to use the same phrasing
phrasing was approved by Gilles and Janos.
2018-08-29 10:20:12 +03:00
Nir Sonnenschein
ce266e4ca2
use single define for 128bit key for ctr_drbg and update test dependencies
...
the change is designed to make configuring 128bit keys for ctr_drbg more similar to other configuration options. Tests have been updated accordingly.
also clarified test naming.
2018-08-29 10:11:46 +03:00
Hanno Becker
f34a4c176c
UDP proxy: Correct debug output for delay_srv option
2018-08-28 17:52:53 +01:00
Hanno Becker
a591c48302
Correct typo in debug message
2018-08-28 17:52:53 +01:00
Hanno Becker
83ab41c665
Correct typo in comment
2018-08-28 17:52:53 +01:00
Hanno Becker
cd9dcda0a0
Add const qualifier to handshake header reading functions
2018-08-28 17:52:53 +01:00
Hanno Becker
39b8bc9aef
Change wording of debug message
2018-08-28 17:52:49 +01:00
Hanno Becker
ef7afdfa5a
Rename another_record_in_datagram to next_record_is_in_datagram
2018-08-28 17:16:31 +01:00
Hanno Becker
c573ac33dd
Fix typos in debug message and comment in ssl-tls.c
2018-08-28 17:15:25 +01:00
Hanno Becker
7c48dd11db
ssl-opt.sh: Add function extracting val or default val from config.h
2018-08-28 16:09:22 +01:00
Hanno Becker
dc1e950170
DTLS reordering: Add test for buffering a proper fragment
...
This commit adds a test to ssl-opt.sh which exercises the behavior
of the library in the situation where a single proper fragment
of a future handshake message is received prior to the next
expected handshake message (concretely, the client receives
the first fragment of the server's Certificate message prior
to the server's ServerHello).
2018-08-28 16:02:33 +01:00
Simon Butcher
8a552cf9d6
Merge remote-tracking branch 'public/pr/1920' into development-restricted
2018-08-28 15:39:38 +01:00
Simon Butcher
3af567d4a7
Merge remote-tracking branch 'restricted/pr/437' into development-restricted
2018-08-28 15:33:59 +01:00
Simon Butcher
129fa82908
Merge remote-tracking branch 'restricted/pr/470' into development-restricted
2018-08-28 15:26:11 +01:00
Simon Butcher
7f85563f9b
Merge remote-tracking branch 'restricted/pr/491' into development-restricted
2018-08-28 15:22:40 +01:00
Hanno Becker
97a1c134b2
Correct typo in documentation of MBEDTLS_SSL_DTLS_MAX_BUFFERING
2018-08-28 14:42:15 +01:00
Hanno Becker
02f6f5af26
Adapt ChangeLog
...
Make explicit that buffering support is about DTLS.
2018-08-28 12:54:27 +01:00
Simon Butcher
9ce5160fea
Merge remote-tracking branch 'public/pr/1965' into development
2018-08-28 12:34:14 +01:00
Simon Butcher
676d3fd116
Merge remote-tracking branch 'public/pr/1129' into development
2018-08-28 12:31:23 +01:00
Simon Butcher
9d5a9e1213
Merge remote-tracking branch 'public/pr/1625' into development
2018-08-28 12:23:40 +01:00
Simon Butcher
14dac0953e
Merge remote-tracking branch 'public/pr/1918' into development
2018-08-28 12:21:41 +01:00
Simon Butcher
1846e406c8
Merge remote-tracking branch 'public/pr/1939' into development
2018-08-28 12:19:56 +01:00
Simon Butcher
9598845d11
Merge remote-tracking branch 'public/pr/1955' into development
2018-08-28 12:00:18 +01:00
Simon Butcher
4613772dea
Merge remote-tracking branch 'public/pr/1915' into development
2018-08-28 11:45:44 +01:00
Hanno Becker
e604556feb
ssl-opt.sh: Don't hardcode varname in requires_config_value_xxx()
2018-08-28 11:24:55 +01:00
Hanno Becker
41038108e9
Style: Correct indentation in UDP proxy code
2018-08-28 11:15:32 +01:00
Hanno Becker
eefe084f72
Style: Spell out PMTU in ssl.h
2018-08-28 10:29:17 +01:00
Hanno Becker
0207e533b2
Style: Correct typo in ssl-tls.c
2018-08-28 10:28:28 +01:00
Hanno Becker
b841b4f107
ssl-opt.sh: Remove reference to Github issue
2018-08-28 10:25:51 +01:00
Hanno Becker
3b8b40c16d
ssl-opt.sh: Add function to skip next test
2018-08-28 10:25:41 +01:00
Simon Butcher
6f032a60c9
Merge remote-tracking branch 'public/pr/1963' into development
2018-08-28 10:21:06 +01:00
Simon Butcher
badeb07872
Merge remote-tracking branch 'public/pr/1967' into development
2018-08-28 10:20:23 +01:00
Hanno Becker
b9a0086975
ssl-opt.sh: Explain use of --insecure in GnuTLS client tests
2018-08-28 10:20:22 +01:00
Simon Butcher
ea85848b39
Merge remote-tracking branch 'public/pr/1979' into development
2018-08-28 10:17:27 +01:00
Hanno Becker
bc2498a9ff
Style: Add numerous comments indicating condition guarded by #endif
2018-08-28 10:13:29 +01:00
Hanno Becker
cf469458ca
Style: Add empty line before comment in UDP proxy code
2018-08-28 10:09:47 +01:00
Hanno Becker
d58477769d
Style: Group buffering-related forward declarations in ssl_tls.c
2018-08-28 10:09:23 +01:00
Hanno Becker
360bef3fe3
Reordering: Document that only HS and CCS msgs are buffered
2018-08-28 10:04:33 +01:00
Hanno Becker
4f432ad44d
Style: Don't use abbreviations in comments
2018-08-28 10:02:32 +01:00
Hanno Becker
b8f50147ee
Add explicit MBEDTLS_DEBUG_C-guard around debugging code
2018-08-28 10:01:34 +01:00
Hanno Becker
f0da6670dc
Style: Add braces around if-branch where else-branch has them
2018-08-28 09:55:10 +01:00
Hanno Becker
ecbdf1c048
Style: Correct indentation of debug msgs in mbedtls_ssl_write_record
2018-08-28 09:54:44 +01:00
Hanno Becker
3f7b973e32
Correct typo in mbedtls_ssl_flight_transmit()
2018-08-28 09:53:25 +01:00
Hanno Becker
280075104e
DTLS Reordering: Improve doc of MBEDTLS_SSL_DTLS_MAX_BUFFERING
2018-08-28 09:46:44 +01:00
Andrzej Kurek
6a4f224ac3
ssl-opt.sh: change expected output for large srv packet test with SSLv3
...
This test also exercises a protection against BEAST
and should expect message splitting.
2018-08-27 08:00:13 -04:00
Hanno Becker
159a37f75d
config.h: Don't use arithmetical exp for SSL_DTLS_MAX_BUFFERING
...
The functions requires_config_value_at_least and requires_config_value_at_most
only work with numerical constants.
2018-08-24 15:07:29 +01:00
Hanno Becker
2f5aa4c64e
all.sh: Add builds allowing to test dropping buffered messages
...
This commit adds two builds to all.sh which use a value of
MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the
reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 14:48:11 +01:00
Hanno Becker
a1adcca1da
ssl-opt.sh: Add tests exercising freeing of buffered messages
...
This commit adds tests to ssl-opt.sh which trigger code-paths
responsible for freeing future buffered messages when the buffering
limitations set by MBEDTLS_SSL_DTLS_MAX_BUFFERING don't allow the
next expected message to be reassembled.
These tests only work for very specific ranges of
MBEDTLS_SSL_DTLS_MAX_BUFFERING and will therefore be skipped
on a run of ssl-opt.sh in ordinary configurations.
2018-08-24 14:48:11 +01:00
Hanno Becker
5cd017f931
ssl-opt.sh: Allow numerical constraints for tests
...
This commit adds functions requires_config_value_at_most()
and requires_config_value_at_least() which can be used to
only run tests when a numerical value from config.h
(e.g. MBEDTLS_SSL_IN_CONTENT_LEN) is within a certain range.
2018-08-24 14:48:11 +01:00
Hanno Becker
6e12c1ea7d
Enhance debugging output
2018-08-24 14:48:08 +01:00