ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-10 17:01:41 +08:00
Code Issues Releases Wiki Activity
32,047 Commits 172 Branches 267 Tags
Commit Graph

11872 Commits

Author SHA1 Message Date
Gilles Peskine
aa9b45535b Pacify ancient clang -Wmissing-initializer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:48 +02:00
Gilles Peskine
ad84044386 Test split, coalesced-split and empty handshake records 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:48 +02:00
Gilles Peskine
39bcbb6036 Create handshake record coalescing tests 
Create tests that coalesce the handshake messages in the first flight from
the server. This lets us test the behavior of the library when a handshake
record contains multiple handshake messages.

Only non-protected (non-encrypted, non-authenticated) handshake messages are
supported.

The test code works for all protocol versions, but it is only effective in
TLS 1.2. In TLS 1.3, there is only a single non-encrypted handshake record,
so we can't test records containing more than one handshake message without
a lot more work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:44 +02:00
Gilles Peskine
adefe78939 Document gotcha of move_handshake_to_state 
A single call to move_handshake_to_state() can't do a full handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:09 +02:00
Ronald Cron
f810d44956 cmake: Generate test_keys.h and test_certs.h in the build tree 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-25 09:49:22 +01:00
Minos Galanakis
05657d9dee Revert "Add auto-generated files" 
This reverts commit 22098d41c6620ce07cf8a0134d37302355e1e5ef.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-23 13:09:30 +00:00
Minos Galanakis
22098d41c6 Add auto-generated files 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 09:33:09 +00:00
Minos Galanakis
e62ef05344 Version Bump for 3.6.3 
./scripts/bump_version.sh --version 3.6.3

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 17:11:54 +00:00
Minos Galanakis
7a95d16a31 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:28:26 +00:00
Gilles Peskine
f985bee481
Merge pull request #10065 from minosgalanakis/task9887_extend_defragmentation_tests_36 
[Backport 3.6]  Extend ssl-opt testing for TLS HS defragmentation
 2025-03-18 12:46:29 +00:00
Minos Galanakis
6c129c36ff ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:32:06 +00:00
Minos Galanakis
5c6d3173fa ssl-opt: Fixed a minor typo. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:25:42 +00:00
Manuel Pégourié-Gonnard
b6ad19b2b8
Merge pull request #9976 from mpg/defragment-ext-test-3.6 
Defragment ext test 3.6
 2025-03-17 11:44:28 +00:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Gilles Peskine
c03cd1124c
Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error 
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
 2025-03-14 10:11:40 +00:00
Manuel Pégourié-Gonnard
43a04e7640 Re-introduce log asserts on positive cases 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8476c38b21 Improve a test assertion 
That way if it ever fails it will print the values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
29073e3a00 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
b59caea309 Add test cases for EOF in the middle of fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
4712b3e6b8 Adjust logic around log pattern 
This is more flexible: the test data gets to decide whether we want to
assert the presence of a pattern or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
d2197afa37 Add test for length larger than 2^16 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8577510009 Adapt "large ClientHello" tests to incremental 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
c6cf7e5b19 Cleanly reject non-HS in-between HS fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
051b1e21d6 Reduce the level of logging used in tests 
This should avoid running into a bug with printf format specifiers one
windows.

It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
adad47634e Move new tests to their own data file 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
996c4c00a6 Fix dependency issues 
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
6b25c504e1 New test function for large ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
89cc61a9fa Fix hash dependencies for TLS 1.2 tests 
We're not sending a signature_algorithm extension, which means SHA-1.

Caught by depends.py hashes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
2b1ec8f63e Fix curve dependencies 
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.

Caught by depends.py curves

Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
428ce0aff9 Add missing dependency declaration 
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
3a7f1d229b Fix dependency issues 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
31253cdafd Add test with non-HS record in-between HS fragments 
Two of these tests reveal bugs in the code, so they're commented out for
now.

For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.

To be fixed in future commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
bde37cedde Add test to TLS 1.3 ClientHello fragmentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
ba71610fa3 Add reference tests with 1.3 ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
f83bc798e1 Add supported_curves/groups extension 
This allows us to use a ciphersuite that will still be supported in 4.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
00ad6f6b03 New test function inject_client_content_on_the_wire() 
Not used for real stuff so far, just getting the tooling in place.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Minos Galanakis
bde759b792 ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:17:08 +00:00
Minos Galanakis
875cce945a ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
e61d0e9f7c ssl-opt: Added client-initiated server-rejected renegotation test. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
27988889e5 ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
2a1eacc0b6 ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
e5a3fd2f9d ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
5b6ec1566d ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
620e8c29a3 ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
135aed519e ssl-opt: Fragmented HS renegotiation, updated matching regex 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
9d78547692 ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
9d1aa0870e ssl-opt: Refactored fragmented HS renegotiation tests. 
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
44c1c5fc69 ssl-opt: Fragmented HS renegotiation, updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
6d1491d6c4 ssl-opt: Removed mock-tests from HS renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
a23e697ef3 sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00