9d78547692
ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
9d1aa0870e
ssl-opt: Refactored fragmented HS renegotiation tests.
...
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
44c1c5fc69
ssl-opt: Fragmented HS renegotiation, updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
6d1491d6c4
ssl-opt: Removed mock-tests from HS renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
a23e697ef3
sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
eec6eb9cd4
programs -> ssl_client2.c: Added option renego_delay to set record buffer depth.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
12cf388856
Added Mock Renegotiation negative test for testing.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
a37a936beb
ssl-opt: Added fragmented HS tests for server-initiated renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
c4595a4c6a
ssl-opt: Added fragmented HS tests for client-initiated renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
1e6438d8b9
ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:09 +00:00
235dfc2b8c
Add note about MBEDTLS_PRIVATE() in 3.6
...
Note that in the Mbed TLS 3.6 LTS, users can generally rely on being
able to access struct members through the MBEDTLS_PRIVATE() macro, since
we try to maintain ABI stability within an LTS version.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-13 17:01:35 +00:00
cd5053465a
Fix typos in the 3.0 migration guide
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-13 17:01:35 +00:00
ba4f16691c
Merge pull request #10058 from gilles-peskine-arm/mbedtls_net_send-api-desc-tweak-3.6
...
Backport 3.6: mbedtls_net_send API description typo fix
2025-03-13 16:29:57 +00:00
b22247b85b
Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6
...
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
2025-03-13 10:09:13 +00:00
b05b3b19d7
mbedtls_net_send API description typo fix
...
Signed-off-by: Noah Pendleton <noah.pendleton@gmail.com >
2025-03-13 10:32:27 +01:00
3dbe333ab0
Merge pull request #10051 from Vge0rge/key_id_range_backport
...
PSA core: Allow enabling one volatile/builtin key
2025-03-13 09:27:12 +00:00
5b114163e4
Merge pull request #10056 from minosgalanakis/feature_merge_defragmentation_36
...
Merge defragmentation feature branch onto 3.6
2025-03-13 08:36:11 +00:00
c64b7bc664
Use an array of strings instead of pointer smuggling
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 19:12:44 +01:00
26f0044ad0
Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6
...
[Backport 3.6] TLS1.2: Check for failures in Finished calculation
2025-03-12 17:35:40 +00:00
a029387d1b
Use dummy typedef instead of macro
...
Use a dummy definition of mbedtls_ms_time_t in builds without
MBEDTLS_HAVE_TIME.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 17:28:30 +01:00
f525505886
Clarify changelog
...
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.
Clarify the affected CRT headers.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 17:28:30 +01:00
51668e5249
Updated framework pointer.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-12 15:22:27 +00:00
104bd06826
Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-12 15:21:56 +00:00
26932b811b
Merge pull request #10055 from gilles-peskine-arm/tls-defragment-doc-3.6
...
Backport 3.6: Document the limitations of TLS handshake message defragmentation
2025-03-12 13:00:23 +01:00
a7c020d6cb
Update the location of defragmentation limitations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:48 +01:00
858900656e
State globally that the limitations don't apply to DTLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:47 +01:00
bc0255592f
Clarify DTLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:11 +01:00
c3af2f48c4
ClientHello may be fragmented in renegotiation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:11 +01:00
494e4943b5
Move the defragmentation documentation to mbedtls_ssl_handshake
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:10 +01:00
1933932e55
Refer to the API documentation for details
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:53:11 +01:00
b5ccd32390
Document the limitations of TLS handshake message defragmentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:53:11 +01:00
43f636ff4d
Merge pull request #1316 from gilles-peskine-arm/zeroize-psa-202503-3.6
...
Backport 3.6: Zeroize PSA temporary heap buffers
2025-03-11 17:38:28 +01:00
0326decca7
Add changelog entry for TLS 1.2 Finished fix
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-11 15:53:26 +00:00
d3b3c6740f
More generally, what needs psa_crypto_init also needs threading
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-11 14:45:54 +01:00
579f91ad44
Merge pull request #10046 from mpg/fix-defrag-interleave-3.6
...
Fix defrag interleave 3.6
2025-03-11 12:38:21 +01:00
d5e64f71db
PSA core: Allow enabling one volatile/builtin key
...
The current impelementation asserts if the user
sets MBEDTLS_PSA_KEY_SLOT_COUNT to one or if they
limit their builtin range to one key.
This removes the requirement and allows for only
one key volatile/builtin to be enabled.
Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no >
2025-03-11 09:37:29 +01:00
8a4ec49671
Cleanly reject non-HS in-between HS fragments
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-10 21:38:48 +01:00
443908bc5d
Replace zero by PSA_ALG_NONE in key derivation input functions
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2025-03-10 14:20:09 +00:00
db475821f9
Fix comments
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-08 01:02:57 +01:00
23e941a2e7
Update changelog to call out MinGW
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-08 00:42:44 +01:00
b5ef7da7cb
TLS1.2: Check for failures in Finished calculation
...
If the calc_finished function returns an error code, don't ignore it but
instead return the error code to stop the handshake as the Finished
message may be incorrect.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-07 17:25:54 +00:00
c6934ff670
Never use %zu on MinGW
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-07 17:54:20 +01:00
8154c5823e
Remove Everest VS2010 compatibility headers
...
These headers were necessary for compatibility with Visual Studio 2010,
and interfere with the system headers on Visual Studio 2013+, eg. when
building Mbed TLS using the .sln file shipped with the project.
Move the still-required definition of "inline" to callconv.h, where the
definition for GCC also lives.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-07 17:54:19 +01:00
f65983d670
Fix MSVC version guard for C99 format size specifiers
...
Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it
on 2015 and above (_MSC_VER >= 1900).
%ldd works on Visual Studio 2013, but this patch keeps the two macro
definitions together, for simplicity's sake.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-07 17:45:27 +01:00
1e62c95148
Disable fatal assertions in Windows printf tests
...
The Windows CRT treats any invalid format specifiers passed to the CRT
as fatal assertion failures. Disable thie behaviour temporarily while
testing if the format specifiers we use are supported.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-07 17:45:27 +01:00
9cde9d4b2c
Add testcase for MBEDTLS_PRINTF_MS_TIME
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-07 17:45:26 +01:00
85d92ec1ce
Test handling of format macros defined in debug.h
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-07 17:45:26 +01:00
d5102c9d7c
Run test_suite_debug without MBEDTLS_SSL_TLS_C
...
Move the suite's global dependency on MBEDTLS_SSL_TLS_C to the
individual test cases.
Add an preprocesor guard around string_debug to prevent warning about unused
functions.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-07 17:45:26 +01:00
26c378cb73
Merge pull request #10030 from gilles-peskine-arm/tls-defragment-incremental-3.6
...
Backport 3.6: Incremental TLS handshake defragmentation
2025-03-07 13:17:39 +01:00
c22e315086
Fix a log message
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-07 10:44:57 +01:00
