ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-10 17:01:41 +08:00
Code Issues Releases Wiki Activity
32,047 Commits 172 Branches 267 Tags
Commit Graph

11872 Commits

Author SHA1 Message Date
Minos Galanakis
12cf388856 Added Mock Renegotiation negative test for testing. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Minos Galanakis
a37a936beb ssl-opt: Added fragmented HS tests for server-initiated renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Minos Galanakis
c4595a4c6a ssl-opt: Added fragmented HS tests for client-initiated renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Minos Galanakis
1e6438d8b9 ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:09 +00:00
Bence Szépkúti
b22247b85b
Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6 
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:13 +00:00
Bence Szépkúti
c64b7bc664 Use an array of strings instead of pointer smuggling 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 19:12:44 +01:00
Bence Szépkúti
a029387d1b Use dummy typedef instead of macro 
Use a dummy definition of mbedtls_ms_time_t in builds without
MBEDTLS_HAVE_TIME.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Minos Galanakis
104bd06826 Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:21:56 +00:00
Bence Szépkúti
1e62c95148 Disable fatal assertions in Windows printf tests 
The Windows CRT treats any invalid format specifiers passed to the CRT
as fatal assertion failures. Disable thie behaviour temporarily while
testing if the format specifiers we use are supported.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:45:27 +01:00
Bence Szépkúti
9cde9d4b2c Add testcase for MBEDTLS_PRINTF_MS_TIME 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:45:26 +01:00
Bence Szépkúti
85d92ec1ce Test handling of format macros defined in debug.h 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:45:26 +01:00
Bence Szépkúti
d5102c9d7c Run test_suite_debug without MBEDTLS_SSL_TLS_C 
Move the suite's global dependency on MBEDTLS_SSL_TLS_C to the
individual test cases.

Add an preprocesor guard around string_debug to prevent warning about unused
functions.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:45:26 +01:00
Gilles Peskine
cc856a2c0e Handshake defragmentation: reassemble incrementally 
Reassemble handshake fragments incrementally instead of all at the end. That
is, every time we receive a non-initial handshake fragment, append it to the
initial fragment. Since we only have to deal with at most two handshake
fragments at the same time, this simplifies the code (no re-parsing of a
record) and is a little more memory-efficient (no need to store one record
header per record).

This commit also fixes a bug. The previous code did not calculate offsets
correctly when records use an explicit IV, which is the case in TLS 1.2 with
CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and
ChachaPoly). This led to the wrong data when an encrypted handshake message
was fragmented (Finished or renegotiation). The new code handles this
correctly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:03:20 +01:00
Gilles Peskine
9d54be57b0 Generate handshake defragmentation test cases: update analyze_outcomes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 10:08:21 +01:00
Gilles Peskine
2e7f2a2e48 Switch to generated handshake tests 
Replace `tests/opt-testcases/handshake-manual.sh` by
`tests/opt-testcases/handshake-generated.sh`. They are identical except for
comments, and for some extra dependencies on
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED` which are needed in `development,
but not in `mbedtls-3.6. Those dependencies don't hurt the useful coverage
of the tests, so we'll live with them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:03:22 +01:00
Gilles Peskine
6183a645fc Normalize requirements in defragmentation test cases 
Be more uniform in where certificate authentication and ECDSA are explicitly
required. A few test cases now run in PSK-only configurations where they
always could. Add a missing requirement on ECDSA to test cases that are
currently skipped.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:50 +01:00
Gilles Peskine
49e1ed277e Normalize messages in defragmentation test cases 
Make some test case descriptions and log patterns follow more systematic
patterns.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:50 +01:00
Gilles Peskine
8321ab574c Normalize whitespace in defragmentation test cases 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:50 +01:00
Gilles Peskine
8ef2e74704 Move most TLS handshake defragmentation tests to a separate file 
Prepare for those test cases to be automatically generated by a script.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:48 +01:00
Gilles Peskine
28f953c5ec New generated file: tests/opt-testcases/handshake-generated.sh 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 20:58:32 +01:00
Waleed Elmelegy
cba05ece2b Replace zero by PSA_ALG_NONE in key derivation test function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:48:40 +00:00
Waleed Elmelegy
07e5739115 Replace zero by PSA_ALG_NONE in key derivation testing 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:48:16 +00:00
Waleed Elmelegy
b6ed6f72cd Simplify testing psa_key_derivation_input_*() bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:45:43 +00:00
Waleed Elmelegy
72b391fe07 Fix psa_key_derivation_input_integer() not detecting bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:37:02 +00:00
Gilles Peskine
e0f1240cd5 Merge remote-tracking branch 'mbedtls-3.6' into tls-defragmentation-merge-3.6-20250303 2025-03-02 21:16:08 +01:00
Minos Galanakis
5764816335 ssl-opt: Re-introduce certificate dependency for HS negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 22:39:56 +00:00
Minos Galanakis
97a24ebdb1 ssl-opt: Removed dependencies for HS defrag negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 18:11:20 +00:00
Minos Galanakis
48348261d4 ssl-opt: Adjusted reference hs defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:26:25 +00:00
Minos Galanakis
19d857d74c ssl-opt: Minor typos and documentation fixes. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:26:24 +00:00
Minos Galanakis
21e4f21df9 analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:50 +00:00
Minos Galanakis
618ad79395 ssl-opt: Updated documentation of HS-Defrag tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:50 +00:00
Minos Galanakis
bb1bd8bf9e ssl-opt: Removed redundant dependencies: requires_openssl_3_x 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:49 +00:00
Minos Galanakis
065b89c7ad ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:37 +00:00
Minos Galanakis
4335125664 ssl-opt: Replaced max_send_frag with split_send_frag 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:37 +00:00
Minos Galanakis
ee8e7c3fb3 ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:35 +00:00
Minos Galanakis
e6dbf495b1 ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:23:38 +00:00
Minos Galanakis
79693bf48a ssl-opt: Added negative tests for handshake fragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
03ae352340 ssl-opt: Added handshake fragmentation tests for 4 byte fragments. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
871469a106 ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
48aa2deb0b ssl-opt: Added tls 1.2 tests for HS defragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
1d47cebde1 ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
502da02817 ssl-opt: Adjusted the wording on handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
9886fd17db ssl-opt: Added requires_openssl_3_x to defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
afb428e584 ssl-opt: Updated the keywords to look up during handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
c5f1ba3d50 Add missing client certificate check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
5fc8d3f035 Test Handshake defragmentation only for TLS 1.3 only for small values 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
be59ab5671 Add guard to handshake defragmentation tests for client certificate 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
99f4691bd6 Add a comment to elaborate using split_send_frag in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
57f61f82fd Enforce client authentication in handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
826fc5c383 Remove unneeded mtu option from handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00