ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-13 10:57:11 +08:00
Code Issues Releases Wiki Activity
33,186 Commits 172 Branches 268 Tags
Commit Graph

33186 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
92122edf4b Create handshake record coalescing tests 
Create tests that coalesce the handshake messages in the first flight from
the server. This lets us test the behavior of the library when a handshake
record contains multiple handshake messages.

Only non-protected (non-encrypted, non-authenticated) handshake messages are
supported.

The test code works for all protocol versions, but it is only effective in
TLS 1.2. In TLS 1.3, there is only a single non-encrypted handshake record,
so we can't test records containing more than one handshake message without
a lot more work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:26 +02:00
Gilles Peskine
a4bf00227f Document gotcha of move_handshake_to_state 
A single call to move_handshake_to_state() can't do a full handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:26 +02:00
Gilles Peskine
c67befee6a Add a log message on every SSL state transition 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:26 +02:00
Gilles Peskine
f670ba5e52 Always call mbedtls_ssl_handshake_set_state 
Call a single function for all handshake state changes, for easier tracing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:22 +02:00
Felix Conway
52bed3fcef Update tf-psa-crypto & framework pointers 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-04-09 11:35:29 +01:00
Gilles Peskine
4580c71f67
Merge pull request #10118 from mpg/issue-template 
Update bug report template for security issues
 2025-04-09 10:07:41 +00:00
Felix Conway
1ef121c9b9 Move script and update shebang to fix CI 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-04-09 09:51:13 +01:00
Felix Conway
e6605f9185 Adjust build scripts to accommodate public header move 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-04-08 14:26:29 +01:00
Gilles Peskine
946bf14608 Fix some test helper functions returning 0 on some failures 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-08 09:48:40 +02:00
Gilles Peskine
55b8bb43e7 Check the status of mbedtls_ssl_set_hostname() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-08 09:44:34 +02:00
Gilles Peskine
3b819cf22f
Merge pull request #10109 from mpg/merge-from-restricted 
Merge from restricted
 2025-04-07 14:04:06 +00:00
Manuel Pégourié-Gonnard
f02784bb2c Tune wording 
- add more emphasis
- fix a typo

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-04-07 10:49:49 +02:00
Ronald Cron
16be0f09cf
Merge pull request #10008 from valeriosetti/issue138-development 
[development] Add test_tf_psa_crypto_cmake_shared to components-build-system.sh
 2025-04-04 18:11:00 +02:00
Valerio Setti
48e5c958a7 tf-psa-crypto: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-04-04 13:51:28 +02:00
Valerio Setti
0690a63472 framework: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-04-04 13:51:22 +02:00
Manuel Pégourié-Gonnard
09e35e7ac8 Update bug report template for security issues 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-04-04 12:59:49 +02:00
Ronald Cron
8bbe60a67f
Merge pull request #10102 from ronald-cron-arm/check-generated-files-follow-up 
Check generated files follow-up
 2025-04-02 20:55:45 +00:00
Ronald Cron
33770e75c3 Update tf-psa-crypto pointer 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-04-01 22:30:42 +02:00
Ronald Cron
96121ed94f Update framework pointer 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-04-01 22:30:33 +02:00
Manuel Pégourié-Gonnard
ed4a2b4f0a Merge branch 'development-restricted' into merge-from-restricted 
* development-restricted:
  Add missing credit for set_hostname issue
  Add changelog entry for TLS 1.2 Finished fix
  TLS1.2: Check for failures in Finished calculation
  ssl_session_reset: preserve HOSTNAME_SET flag
  Document the need to call mbedtls_ssl_set_hostname
  Improve documentation of mbedtls_ssl_set_hostname
  Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients
  Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
  mbedtls_ssl_set_hostname tests: add tests with CA callback
  Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
  Require calling mbedtls_ssl_set_hostname() for security
  Create error code for mbedtls_ssl_set_hostname not called
  Keep track of whether mbedtls_ssl_set_hostname() has been called
  Access ssl->hostname through abstractions in certificate verification
  mbedtls_ssl_set_hostname tests: baseline
  Add a flags field to mbedtls_ssl_context
  Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
  Make guards more consistent between X.509-has-certs and SSL-has-certs
  Fix Doxygen markup
  Make ticket_alpn field private

 Conflicts:
	programs/ssl/ssl_test_common_source.c
 2025-04-01 09:40:47 +02:00
Manuel Pégourié-Gonnard
e2359585e4
Merge pull request #10078 from bjwtaylor/pk_rsa_alt-removal 
Pk rsa alt removal
 2025-04-01 07:32:46 +00:00
Ronald Cron
762c80199d Use make_generated_files.py in make_generated_files.bat 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-31 17:18:03 +02:00
Ronald Cron
444db895f7 Remove check-generated-files.sh 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-31 17:18:03 +02:00
Ronald Cron
694cbfa6de
Merge pull request #10101 from ronald-cron-arm/remove-all-sh-wrapper 
Remove all.sh wrapper
 2025-03-31 09:36:25 +00:00
Ronald Cron
5d9b9d244f Rename mbedtls-all.sh to just all.sh 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-29 10:06:38 +01:00
Ronald Cron
8e2d40dbec Remove all.sh wrapper 
Now that in TF-PSA-Crypto CI, the TF-PSA-Crypto
all.sh components are run in pure TF-PSA-Crypto
context, there is no need to run them as part of
mbedtls CI anymore. The all.sh wrapper wrapping
./tests/scripts/mbedtls-all.sh and
./tf-psa-crypto/tests/scripts/all.sh can be
removed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-29 10:01:53 +01:00
Max Fillinger
1a1ec2fcce Fix up merge conflict resolution 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:54:08 +01:00
Max Fillinger
29f8f9a49d Fix dependencies for TLS-Exporter tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
7577c9e373 Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT 
Error was introduced while resolving a merge conflict.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
af2035fcad Fix mistake in previous comment change 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
ee33b31f0b Fix HkdfLabel comment 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
5826883ca5 Allow maximum label length in Hkdf-Expand-Label 
Previously, the length of the label was limited to the maximal length
that would be used in the TLS 1.3 key schedule. With the keying material
exporter, labels of up to 249 bytes may be used.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
9f843332e8 Exporter: Add min. and max. label tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
9c5bae5026 Fix max. label length in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
53d9168502 Document BAD_INPUT_DATA error in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
d23579c746 Fix requirements for TLS 1.3 Exporter compat test 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
22728dc5e3 Use mbedtls_calloc, not regular calloc 
Also fix the allocation size.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
4e21703bcf Add fixed compatibility test for TLS 1.3 Exporter 
When testing TLS 1.3, use O_NEXT_CLI.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
7b97712164 Remove exporter compatibility test for TLS 1.3 
The openssl version in the docker image doesn't support TLS 1.3, so we
can't run the test.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
6d53a3a647 Fix openssl s_client invocation 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
f8059db4ee Print names of new tests properly 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
144cccecb7 Fix memory leak in example programs 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
92b7a7e233 ssl-opt.sh: Add tests for keying material export 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
ee467aae69 mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:08:12 +01:00
Max Fillinger
d6e0095478 Exporter tests: Don't use unavailbable constant 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
8e0b8c9d9f Exporter tests: Add missing depends-ons 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:10 +01:00
Max Fillinger
c6fd1a24d2 Use one maximum key_len for all exported keys 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
a9a9e99a6b Exporter tests: Reduce key size in long key tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
9dc7b19a6a Exporter tests: Free endpoints before PSA_DONE() 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
364afea9d3 Exporter tests: Fix possible uninitialized variable use 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:06:48 +01:00