lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-23 10:25:35 +03:00
Code
32,028 Commits 172 Branches 267 Tags
Commit Graph

32028 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Minos Galanakis
2c824b4fe5 Added framework as a flattened directory 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 09:28:45 +00:00
Minos Galanakis
b41194ce7f Unlinked framework as a submodule. 
- git rm --cached framework
- rm -rf .git/modules/framework
- rm -rf framework/.git*

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 09:26:53 +00:00
Minos Galanakis
03d424bf94 Updated BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 09:23:47 +00:00
Minos Galanakis
b215873972 Finalise ChangeLog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 17:22:59 +00:00
Minos Galanakis
e62ef05344 Version Bump for 3.6.3 
./scripts/bump_version.sh --version 3.6.3

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 17:11:54 +00:00
Minos Galanakis
a3c020d2cf Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:50:40 +00:00
Minos Galanakis
688494ae41 Changelog: Added CVE. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:48:02 +00:00
Minos Galanakis
7a95d16a31 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:28:26 +00:00
Gilles Peskine
f985bee481
Merge pull request #10065 from minosgalanakis/task9887_extend_defragmentation_tests_36 
[Backport 3.6]  Extend ssl-opt testing for TLS HS defragmentation
 2025-03-18 12:46:29 +00:00
Minos Galanakis
6c129c36ff ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:32:06 +00:00
Minos Galanakis
5c6d3173fa ssl-opt: Fixed a minor typo. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:25:42 +00:00
Manuel Pégourié-Gonnard
b6ad19b2b8
Merge pull request #9976 from mpg/defragment-ext-test-3.6 
Defragment ext test 3.6
 2025-03-17 11:44:28 +00:00
Manuel Pégourié-Gonnard
739ad37249
Merge pull request #1324 from Mbed-TLS/pre-3.6.3-upstream-merge 
Merge upstream mbedtls3.6 into mbedtls3.6-restricted
 2025-03-17 09:36:34 +01:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Manuel Pégourié-Gonnard
d3ca688b4b
Merge pull request #10064 from davidhorstmann-arm/update-3.0-migration-guide-3.6 
[Backport 3.6] Update the 3.0 migration guide
 2025-03-14 13:28:49 +00:00
David Horstmann
20220f09b4 Reword slightly to be more tentative 
We don't guarantee ABI stability, but we do try to maintain it where we
can.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-14 10:51:22 +00:00
Gilles Peskine
c03cd1124c
Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error 
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
 2025-03-14 10:11:40 +00:00
Manuel Pégourié-Gonnard
43a04e7640 Re-introduce log asserts on positive cases 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8476c38b21 Improve a test assertion 
That way if it ever fails it will print the values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
29073e3a00 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
b59caea309 Add test cases for EOF in the middle of fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
4712b3e6b8 Adjust logic around log pattern 
This is more flexible: the test data gets to decide whether we want to
assert the presence of a pattern or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
d2197afa37 Add test for length larger than 2^16 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8577510009 Adapt "large ClientHello" tests to incremental 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
c6cf7e5b19 Cleanly reject non-HS in-between HS fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
051b1e21d6 Reduce the level of logging used in tests 
This should avoid running into a bug with printf format specifiers one
windows.

It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
adad47634e Move new tests to their own data file 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
996c4c00a6 Fix dependency issues 
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
6b25c504e1 New test function for large ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
89cc61a9fa Fix hash dependencies for TLS 1.2 tests 
We're not sending a signature_algorithm extension, which means SHA-1.

Caught by depends.py hashes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
2b1ec8f63e Fix curve dependencies 
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.

Caught by depends.py curves

Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
428ce0aff9 Add missing dependency declaration 
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
3a7f1d229b Fix dependency issues 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
31253cdafd Add test with non-HS record in-between HS fragments 
Two of these tests reveal bugs in the code, so they're commented out for
now.

For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.

To be fixed in future commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
bde37cedde Add test to TLS 1.3 ClientHello fragmentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
ba71610fa3 Add reference tests with 1.3 ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
f83bc798e1 Add supported_curves/groups extension 
This allows us to use a ciphersuite that will still be supported in 4.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
00ad6f6b03 New test function inject_client_content_on_the_wire() 
Not used for real stuff so far, just getting the tooling in place.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Gilles Peskine
0ed5cb8074
Merge pull request #10004 from gilles-peskine-arm/doc-threading-needed-by-psa-3.6 
Backport 3.6: Document PSA's need for threading
 2025-03-14 03:51:52 +00:00
Minos Galanakis
bde759b792 ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:17:08 +00:00
Minos Galanakis
875cce945a ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
e61d0e9f7c ssl-opt: Added client-initiated server-rejected renegotation test. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
27988889e5 ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
2a1eacc0b6 ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
e5a3fd2f9d ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
5b6ec1566d ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
620e8c29a3 ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
135aed519e ssl-opt: Fragmented HS renegotiation, updated matching regex 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
9d78547692 ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
9d1aa0870e ssl-opt: Refactored fragmented HS renegotiation tests. 
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00