mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,587 Commits 170 Branches 263 Tags
Commit Graph

1151 Commits

Author SHA1 Message Date
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Manuel Pégourié-Gonnard
62ac993d89
Merge pull request #8918 from ronald-cron-arm/improve-tls-srv-version-nego-testing 
TLS: Improve server version negotiation testing
 2024-03-15 14:29:56 +00:00
Ronald Cron
f1ad73f6ca ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:05 +01:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Manuel Pégourié-Gonnard
e7c08af465
Merge pull request #8575 from lpy4105/issue/wrong-suite-name-in-check_test_cases_py 
Fix wrong suite name in check_test_cases.py
 2024-03-14 15:31:27 +00:00
Ronald Cron
10797e3da1 ssl-opt.sh: Add O->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:16:05 +01:00
Ronald Cron
114c5f0321 ssl-opt.sh: Expand MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dcfd00c128 ssl-opt.sh: Change MbedTLS only version negotiation tests 
Change description and dependencies before to
expand MbedTLS only version negotiation tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
fe18d8db76 ssl-opt.sh: Group MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
a1e7b6a66a ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dfad493e8b ssl-opt.sh: Expand G->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:35 +01:00
Ronald Cron
98bdcc4f29 ssl-opt.sh: Change G->m server version selection tests 
Change description and dependencies before
to expand G->m server version selection tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:45:27 +01:00
Ronald Cron
cd1370e8d8 ssl-opt.sh: Group G->m server version selection checks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:44:37 +01:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Ronald Cron
9422725aba tls13: cli: Discard ticket with zero lifetime 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-10 17:48:26 +01:00
Jerry Yu
ce79488dd5 tls13: srv: Fail connection if ticket lifetime exceed 7 days 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-10 17:42:43 +01:00
Ronald Cron
90abb224f7 ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session 
Add a test where first we establish a
TLS 1.3 session, then a TLS 1.2 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:12:58 +01:00
Ronald Cron
587cfe65ca ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection 
Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:09:42 +01:00
Valerio Setti
05754d8e85 ssl-opt: add DH groups requirements in test cases using FFDH 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 09:47:00 +01:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext 
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
 2024-01-12 13:39:15 +00:00
Waleed Elmelegy
4b09dcd19c Change renegotiation test to use G_NEXT_SRV 
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:50:25 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check 
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
 2024-01-11 13:34:09 +00:00
Waleed Elmelegy
e83be5f639 Change renegotiation tests to work with TLS 1.2 only 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 23:39:54 +00:00
Waleed Elmelegy
1487760b55 Change order of checking of record size limit client tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2fa99b2ddd Add tests for client complying with record size limit 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
9457e67afd update record size limit tests to be more consistent 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
3a37756496 Improve record size limit tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
598ea09dd5 TLS1.3: SRV/CLI: add support for sending Record Size Limit extension 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943 tls13: server: write Record Size Limit ext in EncryptedExtensions 
- add the support in library
- update corresponding test cases.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9 tls13: cli: write Record Size Limit ext in ClientHello 
- add the support in library
- update corresponding test case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
60f0f727c3 Add config dependencies to record size tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-04 14:57:31 +00:00
Waleed Elmelegy
3d46b7f81a Fix Max fragmen length test to use TLS 1.2 maximum output size 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-01 20:50:53 +00:00
Waleed Elmelegy
bae705c12b Fix TLS 1.2 test to use TLS 1.2 maximum output size 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-01 14:21:21 +00:00
Waleed Elmelegy
ea03183bd7 Adjust TLS 1.3 tests to new maximum output changes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-29 15:36:51 +00:00
Waleed Elmelegy
87a373eea6 Improve Record size limit testing 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-28 17:49:36 +00:00
Waleed Elmelegy
26e3698357 Revert back checking on handshake messages length 
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-14 16:23:25 +00:00
Yanray Wang
177e49ad7a tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-08 11:00:33 +08:00
Waleed Elmelegy
9aec1c71f2 Add record size checking during handshake 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-06 15:18:15 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension 
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-12-06 15:18:08 +00:00
Yanray Wang
3d82ffce5b ssl-opt: test handshake for TLS 1.2 only cli with TLS 1.3 only srv 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-04 17:50:43 +08:00
Pengyu Lv
d1198060a5 Merge branch 'development' into issue/wrong-suite-name-in-check_test_cases_py 2023-11-30 10:05:54 +08:00
Pengyu Lv
3c170d3298 Print suite name when listing test cases 
When a test script has multiple suites, it is not
true to determine the suite name from the file name
of the script. We need the script to list the suite
name for every test cases.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-29 13:53:34 +08:00
Ronald Cron
60f76663c0 Align forced ciphersuite with test description 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-11-28 17:52:42 +01:00
Ronald Cron
29ad2d7609 ssl-opt.sh: Remove unnecessary symmetric crypto dependencies 
Same test cases as in the previous commit.
Remove the redundant symmetric crypto dependency.
The dependency is ensured by the fact that:
1) the test case forces a cipher suite
2) ssl-opt.sh enforces automatically that the
   forced ciphersuite is available.
3) The fact that the forced ciphersuite is
   available implies that the symmetric
   cipher algorithm it uses is available as
   well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-11-28 17:44:39 +01:00
Ronald Cron
41bc42ac1b ssl-opt.sh: Fix some symmetric crypto dependencies 
Fix some dependencies on symmetric crypto that
were not correct in case of driver but not
builtin support. Revealed by "Analyze driver
test_psa_crypto_config_accel_cipher_aead vs reference
test_psa_crypto_config_reference_cipher_aead" in
analyze_outcomes.py.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-11-28 15:59:40 +01:00
Ronald Cron
5b73de8ddb ssl-opt.sh: Add a check of the list of supported ciphersuites 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-11-28 15:59:03 +01:00
Ronald Cron
34915fac3a ssl-opt.sh: Fix getting the list of supported ciphersuites. 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-11-23 17:20:19 +01:00
Gilles Peskine
8b1a124126
Merge pull request #8438 from yuhaoth/pr/disable-stdout-for-config-query-call 
Disable stdout in require_*_configs_* functions
 2023-11-20 18:27:03 +00:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323 
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
 2023-11-14 11:39:06 +00:00