mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00

Author	SHA1	Message	Date
Gilles Peskine	6eabe58c84	Merge pull request #9989 from minosgalanakis/issue9887_add_basic_defragmentation_tests Add basic handshake defragmentation tests in ssl-opt	2025-02-28 12:55:58 +01:00
Minos Galanakis	4354dc646f	ssl-opt: Re-introduce certificate dependency for HS negative tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 22:40:37 +00:00
Minos Galanakis	0dd57a9913	ssl-opt: Removed dependencies for HS defrag negative tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 18:05:48 +00:00
Minos Galanakis	d01ac30cfa	ssl-opt: Adjusted reference hs defragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:11:21 +00:00
Minos Galanakis	76957cceab	ssl-opt: Minor typos and documentation fixes. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 15:11:21 +00:00
David Horstmann	243e13fb2a	Merge pull request #10006 from stgloorious/fix/before_colon Rename BEFORE_COLON/BC to avoid conflicts	2025-02-27 11:59:12 +00:00
Minos Galanakis	19dbbe0958	analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 11:46:36 +00:00
Minos Galanakis	17170a5ed2	ssl-opt: Updated documentation of HS-Defrag tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-27 11:40:33 +00:00
Minos Galanakis	c8709c6a85	ssl-opt: Removed redundant dependencies: requires_openssl_3_x Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-26 17:12:01 +00:00
Gilles Peskine	fd89acc735	ssl_session_reset: preserve HOSTNAME_SET flag When we don't reset `ssl->hostname`, we must not reset the `MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET` flag either. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	eb2d29eb6b	Document the need to call mbedtls_ssl_set_hostname Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	96073fb997	Improve documentation of mbedtls_ssl_set_hostname Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	02e303ec86	Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	825c3d075a	Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	640512eb90	mbedtls_ssl_set_hostname tests: add tests with CA callback Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	856a370628	Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	488b91929d	Require calling mbedtls_ssl_set_hostname() for security In a TLS client, when using certificate authentication, the client should check that the certificate is valid for the server name that the client expects. Otherwise, in most scenarios, a malicious server can impersonate another server. Normally, the application code should call mbedtls_ssl_set_hostname(). However, it's easy to forget. So raise an error if mandatory certificate authentication is in effect and mbedtls_ssl_set_hostname() has not been called. Raise the new error code MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy identification. But don't raise the error if the backward compatibility option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is enabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	59a5117072	Create error code for mbedtls_ssl_set_hostname not called Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:48:49 +01:00
Gilles Peskine	434016e2eb	Keep track of whether mbedtls_ssl_set_hostname() has been called No behavior change apart from now emitting a different log message depending on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-24 18:47:44 +01:00
Minos Galanakis	cd6a24b288	ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:27:09 +00:00
Minos Galanakis	99ca6680f2	ssl-opt: Replaced max_send_frag with split_send_frag Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	a5a8c9f5c9	ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	eddbb5a829	ChangeLog: Updated the entry for tls-hs-defragmentation Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	d708a63857	ssl-opt: Updated documentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	36c81f5f05	ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	74ce7498d7	ssl-opt: Added negative tests for handshake fragmentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	1c106afd22	ssl-opt: Added handshake fragmentation tests for 4 byte fragments. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	41782a9cd0	ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	85fe73d55d	ssl-opt: Added tls 1.2 tests for HS defragmentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	a4dde77cbe	ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	a8a298c9d6	ssl-opt: Adjusted the wording on handshake fragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	a1b9117f17	ssl-opt: Added requires_openssl_3_x to defragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Minos Galanakis	270dd7462e	ssl-opt: Updated the keywords to look up during handshake fragmentation tests. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	4028cfd9ca	Add missing client certificate check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	5f21537c2a	Test Handshake defragmentation only for TLS 1.3 only for small values Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	a75c7e09c8	Add guard to handshake defragmentation tests for client certificate Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	f162249e87	Add a comment to elaborate using split_send_frag in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	61b8e2d225	Enforce client authentication in handshake fragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	39d83dd38d	Remove unneeded mtu option from handshake fragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	48874b3aba	Add client authentication to handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	f9120311e3	Require openssl to support TLS 1.3 in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	fccd014c2d	Remove unnecessary string check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	c0118d87b9	Fix typo in TLS Handshake defrafmentation tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	0e0d5d4dc8	Improve TLS handshake defragmentation tests * Add tests for the server side. * Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3. * Use latest version of openSSL to make sure -max_send_frag & -split_send_frag flags are supported. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Waleed Elmelegy	79a8ded315	Add TLS Hanshake defragmentation tests Tests uses openssl s_server with a mix of max_send_frag and split_send_frag options. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-02-24 09:16:06 +00:00
Manuel Pégourié-Gonnard	28f8e205eb	Merge pull request #9872 from rojer/tls_hs_defrag_in Defragment incoming TLS handshake messages	2025-02-24 09:28:11 +01:00
Ronald Cron	ede8494d73	Merge pull request #9986 from valeriosetti/issue9971-development [development] Move benchmark program to TF-PSA-Crypto	2025-02-21 14:26:49 +00:00
Valerio Setti	aa380c4a82	tf-psa-crypto: update reference Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-21 11:31:33 +01:00
Valerio Setti	69d0781576	scripts: move ecc-heap.sh to tf-psa-crypto Since benchmark programs was moved to tf-psa-crypto, this script should be moved as well. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-21 11:21:40 +01:00
Valerio Setti	f8244d49b0	programs: update .gitignore Remove entry for benchmark program since it was moved to the tf-psa-crypto repo. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-21 11:20:47 +01:00

... 14 15 16 17 18 ...

33583 Commits