ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-11 17:32:34 +08:00
Code Issues Releases Wiki Activity
31,953 Commits 172 Branches 267 Tags
Commit Graph

31953 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
28f953c5ec New generated file: tests/opt-testcases/handshake-generated.sh 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 20:58:32 +01:00
Waleed Elmelegy
82cd324fd4 Fix code style for key derivation input function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 15:04:17 +00:00
David Horstmann
abb08f1088
Merge pull request #10024 from gilles-peskine-arm/tls-defragmentation-merge-3.6-20250303 
[tls-defragmentation/3.6] Update main branch
 2025-03-03 14:03:37 +00:00
Waleed Elmelegy
cba05ece2b Replace zero by PSA_ALG_NONE in key derivation test function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:48:40 +00:00
Waleed Elmelegy
07e5739115 Replace zero by PSA_ALG_NONE in key derivation testing 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:48:16 +00:00
Waleed Elmelegy
b6ed6f72cd Simplify testing psa_key_derivation_input_*() bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:45:43 +00:00
Waleed Elmelegy
72b391fe07 Fix psa_key_derivation_input_integer() not detecting bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 12:37:02 +00:00
Gilles Peskine
e0f1240cd5 Merge remote-tracking branch 'mbedtls-3.6' into tls-defragmentation-merge-3.6-20250303 2025-03-02 21:16:08 +01:00
Gilles Peskine
b55fd70a05
Merge pull request #10016 from minosgalanakis/issue9887_add_basic_defragmentation_tests_36 
[3.6 Backport] Add basic handshake defragmentation tests in ssl-opt
 2025-02-28 12:55:56 +01:00
Valerio Setti
bc55af83d3 framework: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-28 12:18:03 +01:00
Minos Galanakis
5764816335 ssl-opt: Re-introduce certificate dependency for HS negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 22:39:56 +00:00
Minos Galanakis
97a24ebdb1 ssl-opt: Removed dependencies for HS defrag negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 18:11:20 +00:00
Minos Galanakis
48348261d4 ssl-opt: Adjusted reference hs defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:26:25 +00:00
Minos Galanakis
19d857d74c ssl-opt: Minor typos and documentation fixes. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:26:24 +00:00
Minos Galanakis
21e4f21df9 analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:50 +00:00
Minos Galanakis
618ad79395 ssl-opt: Updated documentation of HS-Defrag tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:50 +00:00
Minos Galanakis
bb1bd8bf9e ssl-opt: Removed redundant dependencies: requires_openssl_3_x 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:49 +00:00
Minos Galanakis
065b89c7ad ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:37 +00:00
Minos Galanakis
4335125664 ssl-opt: Replaced max_send_frag with split_send_frag 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:37 +00:00
Minos Galanakis
ee8e7c3fb3 ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:35 +00:00
Minos Galanakis
2622aea537 ChangeLog: Updated the entry for tls-hs-defragmentation 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:23:38 +00:00
Minos Galanakis
e6dbf495b1 ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:23:38 +00:00
Minos Galanakis
79693bf48a ssl-opt: Added negative tests for handshake fragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
03ae352340 ssl-opt: Added handshake fragmentation tests for 4 byte fragments. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
871469a106 ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
48aa2deb0b ssl-opt: Added tls 1.2 tests for HS defragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
1d47cebde1 ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
502da02817 ssl-opt: Adjusted the wording on handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
9886fd17db ssl-opt: Added requires_openssl_3_x to defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
afb428e584 ssl-opt: Updated the keywords to look up during handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
c5f1ba3d50 Add missing client certificate check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
5fc8d3f035 Test Handshake defragmentation only for TLS 1.3 only for small values 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
be59ab5671 Add guard to handshake defragmentation tests for client certificate 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
99f4691bd6 Add a comment to elaborate using split_send_frag in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
57f61f82fd Enforce client authentication in handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
826fc5c383 Remove unneeded mtu option from handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
e9b08846da Add client authentication to handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
1b2590b125 Require openssl to support TLS 1.3 in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
5b7c8bb064 Remove unnecessary string check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
8870b99da4 Fix typo in TLS Handshake defrafmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
e11d8c9333 Improve TLS handshake defragmentation tests 
* Add tests for the server side.
* Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3.
* Use latest version of openSSL to make sure -max_send_frag &
  -split_send_frag flags are supported.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
29581ce229 Add TLS Hanshake defragmentation tests 
Tests uses openssl s_server with a mix of max_send_frag
and split_send_frag options.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:37 +00:00
Gilles Peskine
9dfe548008 Document the need to call mbedtls_ssl_set_hostname 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Gilles Peskine
5ee008d15f Improve documentation of mbedtls_ssl_set_hostname 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Gilles Peskine
4f563e7d90 Expand and rectify the documentation of mbedtls_ssl_context::hostname 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Gilles Peskine
20c7748575 Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Gilles Peskine
11f74c5751 Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:17 +01:00
Gilles Peskine
cbe6529170 Run part of ssl-opt.sh in full_no_deprecated 
In particular, run the test case
"Authentication: hostname unset, client required, secure config, CA callback"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:46:12 +01:00
Manuel Pégourié-Gonnard
cca140b1e1
Merge pull request #9981 from gilles-peskine-arm/tls_hs_defrag_in-3.6-badmac_seen 
[Backport 3.6] Defragment incoming TLS handshake messages (reuse badmac_seen)
 2025-02-24 09:28:06 +01:00
Valerio Setti
cc1b26bd9a changelog: add note for MD changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-21 15:01:04 +01:00