6fb5120fde
Remove .gitmodules
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2025-05-08 16:06:32 +01:00
22098d41c6
Add auto-generated files
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-20 09:33:09 +00:00
2c824b4fe5
Added framework as a flattened directory
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-20 09:28:45 +00:00
b41194ce7f
Unlinked framework as a submodule.
...
- git rm --cached framework
- rm -rf .git/modules/framework
- rm -rf framework/.git*
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-20 09:26:53 +00:00
03d424bf94
Updated BRANCHES.md
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-20 09:23:47 +00:00
b215873972
Finalise ChangeLog
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 17:22:59 +00:00
e62ef05344
Version Bump for 3.6.3
...
./scripts/bump_version.sh --version 3.6.3
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 17:11:54 +00:00
a3c020d2cf
Assemble Changelog
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 16:50:40 +00:00
688494ae41
Changelog: Added CVE.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 16:48:02 +00:00
7a95d16a31
Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 16:28:26 +00:00
f985bee481
Merge pull request #10065 from minosgalanakis/task9887_extend_defragmentation_tests_36
...
[Backport 3.6] Extend ssl-opt testing for TLS HS defragmentation
2025-03-18 12:46:29 +00:00
6c129c36ff
ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 10:32:06 +00:00
5c6d3173fa
ssl-opt: Fixed a minor typo.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 10:25:42 +00:00
b6ad19b2b8
Merge pull request #9976 from mpg/defragment-ext-test-3.6
...
Defragment ext test 3.6
2025-03-17 11:44:28 +00:00
739ad37249
Merge pull request #1324 from Mbed-TLS/pre-3.6.3-upstream-merge
...
Merge upstream mbedtls3.6 into mbedtls3.6-restricted
2025-03-17 09:36:34 +01:00
dfc8e43614
Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge
2025-03-14 14:23:23 +00:00
d3ca688b4b
Merge pull request #10064 from davidhorstmann-arm/update-3.0-migration-guide-3.6
...
[Backport 3.6] Update the 3.0 migration guide
2025-03-14 13:28:49 +00:00
20220f09b4
Reword slightly to be more tentative
...
We don't guarantee ABI stability, but we do try to maintain it where we
can.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-14 10:51:22 +00:00
c03cd1124c
Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error
...
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
2025-03-14 10:11:40 +00:00
43a04e7640
Re-introduce log asserts on positive cases
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
8476c38b21
Improve a test assertion
...
That way if it ever fails it will print the values.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
29073e3a00
Fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
b59caea309
Add test cases for EOF in the middle of fragments
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
4712b3e6b8
Adjust logic around log pattern
...
This is more flexible: the test data gets to decide whether we want to
assert the presence of a pattern or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
d2197afa37
Add test for length larger than 2^16
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
8577510009
Adapt "large ClientHello" tests to incremental
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
c6cf7e5b19
Cleanly reject non-HS in-between HS fragments
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
051b1e21d6
Reduce the level of logging used in tests
...
This should avoid running into a bug with printf format specifiers one
windows.
It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
adad47634e
Move new tests to their own data file
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
996c4c00a6
Fix dependency issues
...
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
6b25c504e1
New test function for large ClientHello
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
89cc61a9fa
Fix hash dependencies for TLS 1.2 tests
...
We're not sending a signature_algorithm extension, which means SHA-1.
Caught by depends.py hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
2b1ec8f63e
Fix curve dependencies
...
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.
Caught by depends.py curves
Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
428ce0aff9
Add missing dependency declaration
...
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
3a7f1d229b
Fix dependency issues
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
31253cdafd
Add test with non-HS record in-between HS fragments
...
Two of these tests reveal bugs in the code, so they're commented out for
now.
For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.
To be fixed in future commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
bde37cedde
Add test to TLS 1.3 ClientHello fragmentation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
ba71610fa3
Add reference tests with 1.3 ClientHello
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
f83bc798e1
Add supported_curves/groups extension
...
This allows us to use a ciphersuite that will still be supported in 4.0.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
00ad6f6b03
New test function inject_client_content_on_the_wire()
...
Not used for real stuff so far, just getting the tooling in place.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
0ed5cb8074
Merge pull request #10004 from gilles-peskine-arm/doc-threading-needed-by-psa-3.6
...
Backport 3.6: Document PSA's need for threading
2025-03-14 03:51:52 +00:00
bde759b792
ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:17:08 +00:00
875cce945a
ssl-opt: Updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:13 +00:00
e61d0e9f7c
ssl-opt: Added client-initiated server-rejected renegotation test.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:13 +00:00
27988889e5
ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:13 +00:00
2a1eacc0b6
ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
e5a3fd2f9d
ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
5b6ec1566d
ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
620e8c29a3
ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
135aed519e
ssl-opt: Fragmented HS renegotiation, updated matching regex
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
