mbedtls

mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-25 07:51:07 +08:00

Author	SHA1	Message	Date
Minos Galanakis	eddbb5a829	ChangeLog: Updated the entry for tls-hs-defragmentation Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	d708a63857	ssl-opt: Updated documentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	36c81f5f05	ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	74ce7498d7	ssl-opt: Added negative tests for handshake fragmentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	1c106afd22	ssl-opt: Added handshake fragmentation tests for 4 byte fragments. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	41782a9cd0	ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	85fe73d55d	ssl-opt: Added tls 1.2 tests for HS defragmentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	a4dde77cbe	ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	a8a298c9d6	ssl-opt: Adjusted the wording on handshake fragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	a1b9117f17	ssl-opt: Added requires_openssl_3_x to defragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	270dd7462e	ssl-opt: Updated the keywords to look up during handshake fragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	4028cfd9ca	Add missing client certificate check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	5f21537c2a	Test Handshake defragmentation only for TLS 1.3 only for small values Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	a75c7e09c8	Add guard to handshake defragmentation tests for client certificate Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	f162249e87	Add a comment to elaborate using split_send_frag in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	61b8e2d225	Enforce client authentication in handshake fragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	39d83dd38d	Remove unneeded mtu option from handshake fragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	48874b3aba	Add client authentication to handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	f9120311e3	Require openssl to support TLS 1.3 in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	fccd014c2d	Remove unnecessary string check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	c0118d87b9	Fix typo in TLS Handshake defrafmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	0e0d5d4dc8	Improve TLS handshake defragmentation tests * Add tests for the server side. * Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3. * Use latest version of openSSL to make sure -max_send_frag & -split_send_frag flags are supported. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	79a8ded315	Add TLS Hanshake defragmentation tests Tests uses openssl s_server with a mix of max_send_frag and split_send_frag options. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Manuel Pégourié-Gonnard	28f8e205eb	Merge pull request #9872 from rojer/tls_hs_defrag_in Defragment incoming TLS handshake messages	2025-02-24 09:28:11 +01:00
Deomid rojer Ryabkov	dd14c0a11e	Remove in_hshdr The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it. Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-13 13:41:51 +03:00
Ronald Cron	03e704018a	Merge pull request #9917 from valeriosetti/issue9685 [development] Remove the DHE-RSA key exchange	2025-02-09 11:43:50 +00:00
Valerio Setti	bfc1ec15e6	tf-psa-crypto: update reference Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-07 17:48:11 +01:00
Valerio Setti	683e49e781	framework: update reference Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-07 17:47:59 +01:00
Valerio Setti	c8cac1d22f	changelog: add note abot DHE-RSA removal Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:12:02 +01:00
Valerio Setti	1494a09ff7	test_suite_ssl: require GCM or ChaChaPoly in handshake_serialization() Hanshake serialization requires that the selected ciphersuite uses an AEAD algorithm. However, following the DHE-RSA removal, trying to still use RSA signature might select a ciphersuite which is not using AEAD, but CBC instead (see preference order in "ssl_ciphersuite.c"). This is especially problematic in tests scenarios where both GCM and ChaChaPoly are disabled, so that CCM remains as the only AEAD algorithm. Ciphersuites using RSA signature and CCM are very low on the preference list, so very unlikely to be picked in tests. This cause a CBC one to be selected in this case and the handshake_serialization() function to fail. In order to prevent failures from happening, in this commit we require that either GCM or ChaChaPoly are enabled, so that ciphersuites using one of these are likely to be picked. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:12:02 +01:00
Valerio Setti	d137f15e1b	mbedtls_config.h: remove definition of MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:12:02 +01:00
Valerio Setti	f886924eec	docs: remove references to DHE-RSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:12:01 +01:00
Valerio Setti	02ae66830e	check_config.h: remove checks for DHE-RSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Valerio Setti	8438c637ee	tests: remove references to DHE-RSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Valerio Setti	b7e2eccf1f	ssl_ciphersuites: remove MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED This symbol is unused in the code so it can be removed. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Valerio Setti	b8621b6f9d	ssl_ciphersuites: remove references to DHE-RSA key exchanges In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed. This cause some code in "ssl_ciphersuites_internal.h" and "ssl_tls12_server.c" to became useless, so these blocks are removed as well. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Valerio Setti	89743b5db5	ssl_tls: remove code related to DHE-RSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Valerio Setti	98f348a2c5	ssl-opt.sh\|compat.sh: remove references to DHE-RSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Ronald Cron	0baf3611e6	Merge pull request #9940 from valeriosetti/issue94-development [Development] Move test_psa_*.py scripts to the framework	2025-02-05 13:55:38 +00:00
Waleed Elmelegy	cf4e6a18e6	Remove unused variable in ssl_server.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-05 13:10:01 +02:00
Deomid rojer Ryabkov	eb77e5b1c7	Update the changelog message Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-05 13:09:26 +02:00
Valerio Setti	c96d75bba3	framework: update reference Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:05:01 +01:00
Valerio Setti	da1673c013	components-compliance.sh: update references to test_psa_compliance.py Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:04:36 +01:00
Valerio Setti	2ef55352e8	components-configuration.sh: update references to test_psa_constant_names.py Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:04:36 +01:00
Valerio Setti	40e14a7559	Move files out of Mbed TLS The following files are moved to the framework repo (deleted here): tests/scripts/test_psa_compliance.py tests/scripts/test_psa_constant_names.py Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-05 12:04:36 +01:00
David Horstmann	be658c47c8	Merge pull request #9938 from bjwtaylor/ssl-ticket-api Move ssl_ticket to the PSA API	2025-02-05 10:41:09 +00:00
Ronald Cron	7b4b176aca	Merge pull request #9908 from Harry-Ramsey/move-configs-to-tf-psa-crypto Move configs to TF-PSA-Crypto	2025-02-04 17:42:04 +00:00
Ben Taylor	7d4c48ba4f	fixed trailing whitespace Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-02-04 15:27:53 +00:00
Harry Ramsey	94c386a8ea	Update config paths in scripts This commit updates the moved config paths in multiple script files. Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>	2025-02-04 12:54:15 +00:00
Harry Ramsey	c89fa17ba3	Update configs README This commit updates configs/ext/README.md to reflect the necessary files which were removed from Mbed TLS. Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>	2025-02-04 12:54:15 +00:00

1 2 3 4 5 ...

32776 Commits