mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 06:33:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,482 Commits 170 Branches 263 Tags
Commit Graph

1178 Commits

Author SHA1 Message Date
Gilles Peskine
7ab9867fa7
Merge pull request #9290 from sezrab/replace_MBEDTLS_MD_CAN_MD5_with_PSA_WANT 
Add MD5 support for `requires_hash_alg`
 2024-07-18 09:41:17 +00:00
Wenxing Hou
b4d03cc179 Fix some typo for include folder 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
 2024-07-12 15:16:33 +08:00
David Horstmann
184c4f09b9 Use variable for data_files path in ssl-opt.sh 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-05 15:49:28 +01:00
David Horstmann
dcf18dd876 Update paths pointing to tests/data_files 
These now point to framework/data_files instead.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-05 15:49:03 +01:00
Sam Berry
8121879b3a Reverted requires_cipher_enabled AES 
Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-06-26 13:53:47 +01:00
Sam Berry
bd743eb5a0 Changed some tests to use requires_cipher_enabled 
I expect some will still skip due to `MBEDTLS_CIPHER_MODE_CBC` being unset.

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-06-21 11:52:37 +01:00
Sam Berry
d50e843ba7 Added support for MD5 in requires_hash_alg 
Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-06-20 10:09:23 +01:00
Gilles Peskine
39c5207d79 ssl-opt.sh, compat.sh: Error out if not executing any tests 
Alert if all tests are filtered out or skipped: that probably indicates a
test script that set up an unintended configuration or an overly strict
filter. You can pass `--min 0` to bypass this check. You can pass `--min`
with a larger value to require that many test cases to run.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-23 13:38:26 +02:00
Gilles Peskine
fc73aa02b0 Add missing dependency that isn't autodetected 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-13 21:18:41 +02:00
Gilles Peskine
f5a30afdae Remove redundant RSA dependency 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-13 21:18:28 +02:00
Gilles Peskine
d9c7be775e Explicitly use TLS 1.2 on <=1.2-specific keyUsage/extKeyusage tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-13 21:17:35 +02:00
Gilles Peskine
f9f3d21a67 Fix PSK invocation: GnuTLS PSK length (more) 
Replace more sample PSK by longer (GnuTLS-compatible) strings, taking care
of keeping distinct PSK distinct for wrong-PSK tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-13 21:06:26 +02:00
Gilles Peskine
6191f4aeb5 Add seme missing dependencies on renegotiation support 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-30 16:20:20 +02:00
Gilles Peskine
dd782f4197 Default NEXT versions to be the base executables 
This allows many tests to pass with the system openssl and gnutls-*. As
before, not all test cases will pass due to differences between versions and
build options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-30 16:20:20 +02:00
Gilles Peskine
01fde2c3cc Force some test cases to use TLS 1.2 
Some OpenSSL or GnuTLS interoperability test cases fail if the other
implementation is recent enough to support TLS 1.3. Force those test cases
to use TLS 1.2 so that the script works with more recent $OPENSSL or
$GNUTLS_CLI or $GNUTLS_SERV than our official CI versions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-30 16:20:20 +02:00
Gilles Peskine
3b81ea1e9c Add some missing dependencies on crypto features 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-30 16:20:20 +02:00
Gilles Peskine
77c13e67d4 Fix PSK invocation: GnuTLS PSK length 
ssl-opt.sh uses a 3-byte PSK in many test cases. Unfortunately GnuTLS >=3.4.0
rejects a PSK that is less than 4 bytes long:

> Error setting the PSK credentials: The request is invalid.

Use a longer PSK throughout ssl-opt. Only the test cases involving GnuTLS
need to change, but it's easier to do a global search-and-replace, and it's
easier to not have to worry about mismatches in constructed test cases
later, so replace everything.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 16:09:52 +02:00
Gilles Peskine
c158fe6eb8 Fix PSK invocation: GnuTLS prompting 
When given a PSK key but no username, gnutls-cli prompts for a password.
Prevent that by passing --pskusername with the same identity that
ssl_server2 uses by default.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 16:05:54 +02:00
Gilles Peskine
2776240af4 Fix PSK invocation: OpenSSL client 
Only s_server has a -nocert option, s_client doesn't. Fixes OpenSSL client
test cases in PSK-only builds.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 16:05:38 +02:00
Gilles Peskine
d00b93b621 Require RSA when using server1* key or certificate 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 16:03:29 +02:00
Gilles Peskine
e855317957 Fix skipped tests in configurations without RSA 
Tighten the matching when detecting which certificates are in use to
determine algorithm requirements. This fixes a bug whereby all tests were
skipped in configurations without RSA except for an Mbed TLS client against
a GnuTLS or OpenSSL server, due to *server2* matching ssl_server2.
Fixes #8366.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-26 21:28:49 +02:00
Manuel Pégourié-Gonnard
1fb4750aed
Merge pull request #8998 from ronald-cron-arm/openssl3 
Use latest installed OpenSSL 3 as OPENSSL_NEXT
 2024-04-15 08:32:42 +00:00
Manuel Pégourié-Gonnard
a4b773d3bb
Merge pull request #6955 from inorick/nofa_no_session_tickets 
Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:17 +00:00
Ronald Cron
ceea3e26c6 ssl-opt.sh: Adapt tests to OpenSSL 3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 14:30:26 +02:00
minosgalanakis
e146940714
Merge pull request #1216 from Mbed-TLS/mbedtls-3.6.0_mergeback 
Mbedtls 3.6.0 mergeback
 2024-03-28 14:31:03 +00:00
Norbert Fabritius
4f1c9278cc ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
35884a4301 ssl-opt.sh: Improve version selection test titles 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-21 09:44:28 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Manuel Pégourié-Gonnard
62ac993d89
Merge pull request #8918 from ronald-cron-arm/improve-tls-srv-version-nego-testing 
TLS: Improve server version negotiation testing
 2024-03-15 14:29:56 +00:00
Ronald Cron
f1ad73f6ca ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:05 +01:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Manuel Pégourié-Gonnard
e7c08af465
Merge pull request #8575 from lpy4105/issue/wrong-suite-name-in-check_test_cases_py 
Fix wrong suite name in check_test_cases.py
 2024-03-14 15:31:27 +00:00
Ronald Cron
10797e3da1 ssl-opt.sh: Add O->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:16:05 +01:00
Ronald Cron
114c5f0321 ssl-opt.sh: Expand MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dcfd00c128 ssl-opt.sh: Change MbedTLS only version negotiation tests 
Change description and dependencies before to
expand MbedTLS only version negotiation tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
fe18d8db76 ssl-opt.sh: Group MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
a1e7b6a66a ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dfad493e8b ssl-opt.sh: Expand G->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:35 +01:00
Ronald Cron
98bdcc4f29 ssl-opt.sh: Change G->m server version selection tests 
Change description and dependencies before
to expand G->m server version selection tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:45:27 +01:00
Ronald Cron
cd1370e8d8 ssl-opt.sh: Group G->m server version selection checks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:44:37 +01:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Ronald Cron
9422725aba tls13: cli: Discard ticket with zero lifetime 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-10 17:48:26 +01:00
Jerry Yu
ce79488dd5 tls13: srv: Fail connection if ticket lifetime exceed 7 days 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-10 17:42:43 +01:00
Ronald Cron
90abb224f7 ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session 
Add a test where first we establish a
TLS 1.3 session, then a TLS 1.2 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:12:58 +01:00
Ronald Cron
587cfe65ca ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection 
Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:09:42 +01:00
Valerio Setti
05754d8e85 ssl-opt: add DH groups requirements in test cases using FFDH 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 09:47:00 +01:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext 
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
 2024-01-12 13:39:15 +00:00
Waleed Elmelegy
4b09dcd19c Change renegotiation test to use G_NEXT_SRV 
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:50:25 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check 
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
 2024-01-11 13:34:09 +00:00
Waleed Elmelegy
e83be5f639 Change renegotiation tests to work with TLS 1.2 only 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 23:39:54 +00:00