mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-07 04:13:46 +00:00

Author	SHA1	Message	Date
Minos Galanakis	871469a106	ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:20:41 +00:00
Minos Galanakis	48aa2deb0b	ssl-opt: Added tls 1.2 tests for HS defragmentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:20:40 +00:00
Minos Galanakis	1d47cebde1	ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:20:40 +00:00
Minos Galanakis	502da02817	ssl-opt: Adjusted the wording on handshake fragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:20:40 +00:00
Minos Galanakis	9886fd17db	ssl-opt: Added requires_openssl_3_x to defragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:20:40 +00:00
Minos Galanakis	afb428e584	ssl-opt: Updated the keywords to look up during handshake fragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:20:40 +00:00
Waleed Elmelegy	c5f1ba3d50	Add missing client certificate check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:40 +00:00
Waleed Elmelegy	5fc8d3f035	Test Handshake defragmentation only for TLS 1.3 only for small values Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:39 +00:00
Waleed Elmelegy	be59ab5671	Add guard to handshake defragmentation tests for client certificate Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:39 +00:00
Waleed Elmelegy	99f4691bd6	Add a comment to elaborate using split_send_frag in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:39 +00:00
Waleed Elmelegy	57f61f82fd	Enforce client authentication in handshake fragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:39 +00:00
Waleed Elmelegy	826fc5c383	Remove unneeded mtu option from handshake fragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:39 +00:00
Waleed Elmelegy	e9b08846da	Add client authentication to handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:38 +00:00
Waleed Elmelegy	1b2590b125	Require openssl to support TLS 1.3 in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:38 +00:00
Waleed Elmelegy	5b7c8bb064	Remove unnecessary string check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:38 +00:00
Waleed Elmelegy	8870b99da4	Fix typo in TLS Handshake defrafmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:38 +00:00
Waleed Elmelegy	e11d8c9333	Improve TLS handshake defragmentation tests * Add tests for the server side. * Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3. * Use latest version of openSSL to make sure -max_send_frag & -split_send_frag flags are supported. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:38 +00:00
Waleed Elmelegy	29581ce229	Add TLS Hanshake defragmentation tests Tests uses openssl s_server with a mix of max_send_frag and split_send_frag options. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-27 15:20:37 +00:00
Manuel Pégourié-Gonnard	cca140b1e1	Merge pull request #9981 from gilles-peskine-arm/tls_hs_defrag_in-3.6-badmac_seen [Backport 3.6] Defragment incoming TLS handshake messages (reuse badmac_seen)	2025-02-24 09:28:06 +01:00
Waleed Elmelegy	4726d20320	Remove unused variable in ssl_server.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-19 22:03:28 +01:00
Deomid rojer Ryabkov	716aead3b9	Update the changelog message Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-19 22:03:19 +01:00
Deomid rojer Ryabkov	2878a0559e	Remove obselete checks due to the introduction of handhsake defragmen... tation. h/t @waleed-elmelegy-arm `909e71672f` Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-19 22:03:13 +01:00
Gilles Peskine	c52273d017	Add a note about badmac_seen's new name in ssl_context_info Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-18 14:11:25 +01:00
Gilles Peskine	55151d3da6	Fix Doxygen misuse Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 23:09:00 +01:00
Gilles Peskine	cb72cd2ec3	Don't reset badmac_seen on a DTLS client reconnect Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:36:36 +01:00
Gilles Peskine	b710599e4a	Merge in_hsfraglen with badmac_seen_or_in_hsfraglen In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into `badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it was in Mbed TLS 3.6.0 through 3.6.2. The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only used for DTLS (despite being present in non-DTLS builds), and the field `in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can be stored in the same field. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:28:51 +01:00
Gilles Peskine	ebdd405f68	Change the type of in_hsfraglen to unsigned In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen` from `size_t` to `unsigned`. This is in preparation for merging `in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type `unsigned` and cannot change since we do not want to change the ABI. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:26:27 +01:00
Gilles Peskine	f6a676d93f	Rename badmac_seen to badmac_seen_or_in_hsfraglen Prepare to unify two fields of the `mbedtls_ssl_context` structure: `badmac_seen` (always present but only used in DTLS) and `in_hsfraglen` (always present but only used in non-DTLS TLS). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:10:14 +01:00
Gilles Peskine	69f8f45e6f	Minor readability improvement No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:08:59 +01:00
Deomid rojer Ryabkov	bbe8745d19	Remove in_hshdr The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it. Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:55 +01:00
Deomid rojer Ryabkov	85ec2b3632	Add a safety check for in_hsfraglen Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov	5c853ea2c5	Allow fragments less HS msg header size (4 bytes) Except the first Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov	96e2290e3d	Remove mbedtls_ssl_reset_in_out_pointers Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov	1f4088ceda	Review comments Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Deomid Ryabkov	db2da526ff	Update ChangeLog.d/tls-hs-defrag-in.txt Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com> Signed-off-by: Deomid Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov	3fc5a4dc86	Defragment incoming TLS handshake messages Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Ronald Cron	c811fb79ad	Merge pull request #9941 from valeriosetti/issue94-3.6 [Backport 3.6] Move test_psa_*.py scripts to the framework	2025-02-05 13:55:44 +00:00
Valerio Setti	411f7dc167	framework: update reference Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:09:13 +01:00
Valerio Setti	aa7bd59dbe	components-compliance.sh: update references to test_psa_compliance.py Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:07:25 +01:00
Valerio Setti	d673acf89e	components-configuration.sh: update references to test_psa_constant_names.py Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:07:25 +01:00
Valerio Setti	7297e8d440	Move files out of Mbed TLS The following files are moved to the framework repo (deleted here): tests/scripts/test_psa_compliance.py tests/scripts/test_psa_constant_names.py Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:07:25 +01:00
Ronald Cron	204588678e	Merge pull request #9937 from valeriosetti/issue9688-backport [Backport 3.6] Migrate DHE test cases to ECDHE	2025-01-29 09:59:11 +00:00
Valerio Setti	1a0ee063e2	test_suite_ssl: update description for conf_curve and conf_gruop tests These tests are about EC curves/groups, not DH ones, so the description should be updated accordingly. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-01-28 11:42:15 +01:00
Valerio Setti	e94ab3cbdf	test_suite_ssl: add ECDHE-RSA case for handshake_fragmentation() This is the backport of commit b8ef2a4455 from the "development" branch which adapts handshake_fragmentation() to use ECDHE-RSA instead of DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch, here tests are added instead of replaced. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-01-28 11:42:14 +01:00
Valerio Setti	4f2a74d275	test_suite_ssl: add new ECDHE-RSA tests PR #9916 adapt some DHE-RSA tests to use ECDHE-RSA instead. However, since DHE-RSA is not deprecated in mbedtls-3.6 branch, this commit adds these new tests alongside DHE-RSA ones intead of replacing them in order to increase test coverage. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-01-27 17:40:15 +01:00
Manuel Pégourié-Gonnard	b6fff90ed1	Merge pull request #9907 from mpg/conf-curves-3.6 [3.6 backport]: mbedtls_conf_curves()	2025-01-27 08:21:30 +00:00
Janos Follath	79d5ea234c	Merge pull request #9495 from minosgalanakis/doc/add_mbedtls_ecp_check_privkey_comment_bp36 [Backport 3.6] Refactored a minor check in ecp check privkey	2025-01-24 09:44:39 +00:00
minosgalanakis	484776547c	Update tf-psa-crypto/drivers/builtin/src/ecp.c Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>	2025-01-23 15:31:35 +00:00
Manuel Pégourié-Gonnard	ea18c7e1e5	Fix incorrect test function We should not manually set the TLS version, the tests are supposed to pass in 1.3-only builds as well. Instead do the normal thing of setting defaults. This doesn't interfere with the rest of the testing, so I'm not sure why we were not doing it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-01-22 10:31:43 +01:00
Manuel Pégourié-Gonnard	632667e394	Remove useless dependency from test function This dependency was never right in the first place. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-01-22 10:31:19 +01:00

1 2 3 4 5 ...

31736 Commits