625c8fd2d9
ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 10:31:37 +00:00
dfc082e16c
ssl-opt: Fixed a minor typo.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 10:25:24 +00:00
54a6386485
Merge pull request #10052 from mpg/defragment-ext-test-dev
...
Defragment ext test dev
2025-03-17 11:44:34 +00:00
d9028228c9
Merge pull request #10063 from davidhorstmann-arm/update-3.0-migration-guide
...
Update the 3.0 migration guide and fix broken README link
2025-03-14 13:32:28 +00:00
1d181102fe
Reword slightly to be more tentative
...
We don't guarantee ABI stability, but we do try to maintain it where we
can.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-14 10:50:20 +00:00
6dcfdf1f48
Adapt dependencies to the new world
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
af4606d743
Re-introduce log asserts on positive cases
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
47d0b796af
Improve a test assertion
...
That way if it ever fails it will print the values.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
f4a67cf892
Fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
e5ddf36a66
Add test cases for EOF in the middle of fragments
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
ed873f9e59
Adjust logic around log pattern
...
This is more flexible: the test data gets to decide whether we want to
assert the presence of a pattern or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
2285d6122d
Add test for length larger than 2^16
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
4f1b38a65e
Adapt "large ClientHello" tests to incremental
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
757040c47f
Cleanly reject non-HS in-between HS fragments
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
1038b22d74
Reduce the level of logging used in tests
...
This should avoid running into a bug with printf format specifiers one
windows.
It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
55d9124bb0
Move new tests to their own data file
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
299f94a5d2
Fix dependency issues
...
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
1bed827d22
New test function for large ClientHello
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
6e79ff5bb5
Fix hash dependencies for TLS 1.2 tests
...
We're not sending a signature_algorithm extension, which means SHA-1.
Caught by depends.py hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
e760d7be41
Fix curve dependencies
...
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.
Caught by depends.py curves
Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
ae567ad011
Add missing dependency declaration
...
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
73247c6e19
Fix dependency issues
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
5d0a921e7a
Add test with non-HS record in-between HS fragments
...
Two of these tests reveal bugs in the code, so they're commented out for
now.
For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.
To be fixed in future commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
de7aac782e
Add test to TLS 1.3 ClientHello fragmentation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
4afdf340dd
Add reference tests with 1.3 ClientHello
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
e916652390
Add supported_curves/groups extension
...
This allows us to use a ciphersuite that will still be supported in 4.0.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
6637ef798f
New test function inject_client_content_on_the_wire()
...
Not used for real stuff so far, just getting the tooling in place.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:22:09 +01:00
f475a15d5d
ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:15:40 +00:00
e35672940c
Update broken link to PSA driver dev examples
...
This link is broken in development as the document has been moved to the
TF-PSA-Crypto repository.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-13 16:53:27 +00:00
079d7909a1
Add note about MBEDTLS_PRIVATE() in 3.6
...
Note that in the Mbed TLS 3.6 LTS, users can generally rely on being
able to access struct members through the MBEDTLS_PRIVATE() macro, since
we try to maintain ABI stability within an LTS version.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-13 16:49:08 +00:00
c4dd970386
Merge pull request #9096 from noahp/noahp/mbedtls_net_send-api-desc-tweak
...
mbedtls_net_send API description typo fix
2025-03-13 16:22:55 +00:00
edebcc04f8
Fix typos in the 3.0 migration guide
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-13 15:52:00 +00:00
641e08e2aa
ssl-opt: Updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:43:08 +00:00
1d78c7d58d
ssl-opt: Added client-initiated server-rejected renegotation test.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:44 +00:00
a8f14384f8
ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:44 +00:00
df4ddfdf0c
ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:44 +00:00
0b830f145f
ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:44 +00:00
9b2e4b80e7
ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
af0e60b38f
ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
70be67b97e
ssl-opt: Fragmented HS renegotiation, updated matching regex
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
ae54c749fc
ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
a7b19aa857
ssl-opt: Refactored fragmented HS renegotiation tests.
...
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
990a10909d
ssl-opt: Fragmented HS renegotiation, updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
135ebd3241
ssl-opt: Removed mock-tests from HS renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
87be69a3fc
sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
7134e52dec
programs -> ssl_client2.c: Added option renego_delay to set record buffer depth.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
05009c736c
Added Mock Renegotiation negative test for testing.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
529188f30b
ssl-opt: Added fragmented HS tests for server-initiated renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
5aaa6e048b
ssl-opt: Added fragmented HS tests for client-initiated renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
daa14a4212
ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-13 11:06:43 +00:00
