mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-06 19:13:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,731 Commits 172 Branches 263 Tags
Commit Graph

31731 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Minos Galanakis
afb428e584 ssl-opt: Updated the keywords to look up during handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
c5f1ba3d50 Add missing client certificate check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
5fc8d3f035 Test Handshake defragmentation only for TLS 1.3 only for small values 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
be59ab5671 Add guard to handshake defragmentation tests for client certificate 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
99f4691bd6 Add a comment to elaborate using split_send_frag in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
57f61f82fd Enforce client authentication in handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
826fc5c383 Remove unneeded mtu option from handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
e9b08846da Add client authentication to handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
1b2590b125 Require openssl to support TLS 1.3 in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
5b7c8bb064 Remove unnecessary string check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
8870b99da4 Fix typo in TLS Handshake defrafmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
e11d8c9333 Improve TLS handshake defragmentation tests 
* Add tests for the server side.
* Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3.
* Use latest version of openSSL to make sure -max_send_frag &
  -split_send_frag flags are supported.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
29581ce229 Add TLS Hanshake defragmentation tests 
Tests uses openssl s_server with a mix of max_send_frag
and split_send_frag options.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:37 +00:00
Manuel Pégourié-Gonnard
cca140b1e1
Merge pull request #9981 from gilles-peskine-arm/tls_hs_defrag_in-3.6-badmac_seen 
[Backport 3.6] Defragment incoming TLS handshake messages (reuse badmac_seen)
 2025-02-24 09:28:06 +01:00
Waleed Elmelegy
4726d20320 Remove unused variable in ssl_server.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-19 22:03:28 +01:00
Deomid rojer Ryabkov
716aead3b9 Update the changelog message 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-19 22:03:19 +01:00
Deomid rojer Ryabkov
2878a0559e Remove obselete checks due to the introduction of handhsake defragmen... 
tation. h/t @waleed-elmelegy-arm

909e71672f

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-19 22:03:13 +01:00
Gilles Peskine
c52273d017 Add a note about badmac_seen's new name in ssl_context_info 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-18 14:11:25 +01:00
Gilles Peskine
55151d3da6 Fix Doxygen misuse 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-17 23:09:00 +01:00
Gilles Peskine
cb72cd2ec3 Don't reset badmac_seen on a DTLS client reconnect 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-17 16:36:36 +01:00
Gilles Peskine
b710599e4a Merge in_hsfraglen with badmac_seen_or_in_hsfraglen 
In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into
`badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it
was in Mbed TLS 3.6.0 through 3.6.2.

The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only
used for DTLS (despite being present in non-DTLS builds), and the field
`in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can
be stored in the same field.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-17 16:28:51 +01:00
Gilles Peskine
ebdd405f68 Change the type of in_hsfraglen to unsigned 
In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen`
from `size_t` to `unsigned`. This is in preparation for merging
`in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type
`unsigned` and cannot change since we do not want to change the ABI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-17 16:26:27 +01:00
Gilles Peskine
f6a676d93f Rename badmac_seen to badmac_seen_or_in_hsfraglen 
Prepare to unify two fields of the `mbedtls_ssl_context` structure:
`badmac_seen` (always present but only used in DTLS) and
`in_hsfraglen` (always present but only used in non-DTLS TLS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-17 16:10:14 +01:00
Gilles Peskine
69f8f45e6f Minor readability improvement 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-17 16:08:59 +01:00
Deomid rojer Ryabkov
bbe8745d19 Remove in_hshdr 
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:55 +01:00
Deomid rojer Ryabkov
85ec2b3632 Add a safety check for in_hsfraglen 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov
5c853ea2c5 Allow fragments less HS msg header size (4 bytes) 
Except the first

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov
96e2290e3d Remove mbedtls_ssl_reset_in_out_pointers 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov
1f4088ceda Review comments 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid Ryabkov
db2da526ff Update ChangeLog.d/tls-hs-defrag-in.txt 
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov
3fc5a4dc86 Defragment incoming TLS handshake messages 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-17 15:59:04 +01:00
Ronald Cron
c811fb79ad
Merge pull request #9941 from valeriosetti/issue94-3.6 
[Backport 3.6] Move test_psa_*.py scripts to the framework
 2025-02-05 13:55:44 +00:00
Valerio Setti
411f7dc167 framework: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:09:13 +01:00
Valerio Setti
aa7bd59dbe components-compliance.sh: update references to test_psa_compliance.py 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:07:25 +01:00
Valerio Setti
d673acf89e components-configuration.sh: update references to test_psa_constant_names.py 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:07:25 +01:00
Valerio Setti
7297e8d440 Move files out of Mbed TLS 
The following files are moved to the framework repo (deleted here):

tests/scripts/test_psa_compliance.py
tests/scripts/test_psa_constant_names.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:07:25 +01:00
Ronald Cron
204588678e
Merge pull request #9937 from valeriosetti/issue9688-backport 
[Backport 3.6] Migrate DHE test cases to ECDHE
 2025-01-29 09:59:11 +00:00
Valerio Setti
1a0ee063e2 test_suite_ssl: update description for conf_curve and conf_gruop tests 
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-28 11:42:15 +01:00
Valerio Setti
e94ab3cbdf test_suite_ssl: add ECDHE-RSA case for handshake_fragmentation() 
This is the backport of commit b8ef2a4455 from the "development" branch
which adapts handshake_fragmentation() to use ECDHE-RSA instead of
DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch,
here tests are added instead of replaced.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-28 11:42:14 +01:00
Valerio Setti
4f2a74d275 test_suite_ssl: add new ECDHE-RSA tests 
PR #9916 adapt some DHE-RSA tests to use ECDHE-RSA instead. However,
since DHE-RSA is not deprecated in mbedtls-3.6 branch, this commit adds
these new tests alongside DHE-RSA ones intead of replacing them in order
to increase test coverage.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 17:40:15 +01:00
Manuel Pégourié-Gonnard
b6fff90ed1
Merge pull request #9907 from mpg/conf-curves-3.6 
[3.6 backport]: mbedtls_conf_curves()
 2025-01-27 08:21:30 +00:00
Janos Follath
79d5ea234c
Merge pull request #9495 from minosgalanakis/doc/add_mbedtls_ecp_check_privkey_comment_bp36 
[Backport 3.6] Refactored a minor check in ecp check privkey
 2025-01-24 09:44:39 +00:00
minosgalanakis
484776547c Update tf-psa-crypto/drivers/builtin/src/ecp.c 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
 2025-01-23 15:31:35 +00:00
Manuel Pégourié-Gonnard
ea18c7e1e5 Fix incorrect test function 
We should not manually set the TLS version, the tests are supposed to
pass in 1.3-only builds as well. Instead do the normal thing of setting
defaults. This doesn't interfere with the rest of the testing, so I'm
not sure why we were not doing it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-22 10:31:43 +01:00
Manuel Pégourié-Gonnard
632667e394 Remove useless dependency from test function 
This dependency was never right in the first place.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-22 10:31:19 +01:00
Gilles Peskine
18e4b3f08b
Merge pull request #9857 from gilles-peskine-arm/psa-storage-test-cases-never-supported-negative-3.6 
Backport 3.6: Switch generate_psa_test.py to automatic dependencies for negative test cases
 2025-01-20 18:44:52 +00:00
Gilles Peskine
a6c1f56a36 Add ignore list entries for ECDH/FFDH algorithm without key type 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-20 15:55:56 +01:00
Gilles Peskine
a2a0c394dd Remove test coverage exceptions that are no longer needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-20 15:55:56 +01:00
Gilles Peskine
8e07e27d9b Update framework 
Catch up with https://github.com/Mbed-TLS/mbedtls-framework/pull/104 =
"Switch generate_psa_test.py to automatic dependencies for negative test cases"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-20 15:55:54 +01:00
Ronald Cron
c1b1aa3148
Merge pull request #9903 from Harry-Ramsey/independent-check-files-3.6 
[Backport 3.6] Independent check files
 2025-01-15 16:43:34 +00:00