1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-26 00:37:41 +03:00
Commit Graph

33441 Commits

Author SHA1 Message Date
Valerio Setti
692d855b4d tf-psa-crypto: udpate reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-07 09:57:18 +01:00
Gilles Peskine
dab1cb5b45 Note unused variables when debugging is disabled
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-06 21:33:08 +01:00
Gilles Peskine
b8f1e4bae3 Pacify uncrustify
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-06 21:33:08 +01:00
Gilles Peskine
afb254c5fe Unify handshake fragment log messages
There is no longer any different processing at this point, just
near-identical log messages.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-06 19:23:22 +01:00
Gilles Peskine
15c072f0de Fix handshake defragmentation when the record has multiple messages
A handshake record may contain multiple handshake messages, or multiple
fragments (there can be the final fragment of a pending message, then zero
or more whole messages, and an initial fragment of an incomplete message).
This was previously untested, but supported, so don't break it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-06 19:03:00 +01:00
Gabor Mezei
149509362b TLS context serialization needs an AEAD ciphersuite
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-06 16:06:42 +01:00
Gilles Peskine
0851ec9344 Fix end check before memmove
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-06 15:15:20 +01:00
Gilles Peskine
e4a3fc2f58 Update framework
Changed log messages and added more tests in
`tests/opt-testcases/handshake-generated.sh`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-06 09:34:56 +01:00
David Horstmann
b58618a869 Merge pull request #1314 from gilles-peskine-arm/ssl-hostname-unset-reject-dev
Require setting the hostname for verification
2025-03-05 17:58:59 +00:00
Gilles Peskine
1b785e2201 Refer to the API documentation for details
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:44:20 +01:00
Gilles Peskine
36edd48c61 Document the limitations of TLS handshake message defragmentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:41:59 +01:00
Gilles Peskine
90a9593bbd Fix dodgy printf calls
Pacify `clang -Wformat-pedantic`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Gilles Peskine
e85ece6584 Handshake defragmentation: reassemble incrementally
Reassemble handshake fragments incrementally instead of all at the end. That
is, every time we receive a non-initial handshake fragment, append it to the
initial fragment. Since we only have to deal with at most two handshake
fragments at the same time, this simplifies the code (no re-parsing of a
record) and is a little more memory-efficient (no need to store one record
header per record).

This commit also fixes a bug. The previous code did not calculate offsets
correctly when records use an explicit IV, which is the case in TLS 1.2 with
CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and
ChachaPoly). This led to the wrong data when an encrypted handshake message
was fragmented (Finished or renegotiation). The new code handles this
correctly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Gilles Peskine
235eae9e03 mbedtls_ssl_prepare_handshake_record(): log offsets after decryption
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Gilles Peskine
7a17696c34 mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep
Minor refactoring of the initial checks and preparation when receiving the
first fragment. Use `ssl->in_hsfraglen` to determine whether there is a
pending handshake fragment, for consistency, and possibly for more
robustness in case handshake fragments are mixed with non-handshake
records (although this is not currently supported anyway).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Gilles Peskine
07027722cb Tweak handshake fragment log message
In preparation for reworking mbedtls_ssl_prepare_handshake_record(),
tweak the "handshake fragment:" log message.

This changes what information is displayed when a record contains data
beyond the expected end of the handshake message. This case is currently
untested and its handling will change in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Gilles Peskine
9bdc8aa80b Tweak "waiting for more handshake fragments" log message
In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak
the "waiting for more handshake fragments" log message in
ssl_consume_current_message(), and add a similar one in
mbedtls_ssl_prepare_handshake_record(). Assert both.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Gilles Peskine
2e5a7ea9bc Fix Doxygen markup
Pacify `clang -Wdocumentation`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Gilles Peskine
6811978045 Merge pull request #10021 from gilles-peskine-arm/tls-defragment-generate-tests-dev
Generate TLS handshake defragmentation tests
2025-03-05 16:49:32 +01:00
Gabor Mezei
ea4df49272 Update test dependencies
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:47 +01:00
Gabor Mezei
dcbe4ce9db Update dependencies
Pre-existing but not having TLS 1.3 in the build does not seem to be
necessary actually. These test functions set the dtls flag when
calling `test_resize_buffers` and then `test_resize_buffers` sets the
`options.dtls` flag which eventually forces the TLS 1.2 version of the
protocol (in `mbedtls_test_ssl_endpoint_init()` call of
`mbedtls_ssl_config_defaults()` with `MBEDTLS_SSL_TRANSPORT_DATAGRAM`
as the transport).

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:47 +01:00
Gabor Mezei
92e49e1bca Update comment
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:47 +01:00
Gabor Mezei
c27757b1eb Add new test component
New test component added to run test cases with ECDHE_ECDSA ciphersuits and
without TLS 1.3.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:47 +01:00
Gabor Mezei
8adcfc8240 Add ECDSA ciphersuite support for resize_buffer tests
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:47 +01:00
Gabor Mezei
ab02cd5e7b Revert "Delete test cases"
This reverts commit ecc5d31139dc6877f135e8090e805c250e32a31d.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:46 +01:00
Gabor Mezei
cdd34742cf Fix test case name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:46 +01:00
Gabor Mezei
973a712dd8 Migrate to a usable ciphersuite
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:46 +01:00
Gabor Mezei
ff9b2e742a Delete test cases
Only RSA cipgersuits are accepted for these tests and there is no ECDHE-RSA
alternative for AES-128-CCM so delete them.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:46 +01:00
Gabor Mezei
dd7c0f1e66 Fix ciphersuit
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:46 +01:00
Gabor Mezei
9d7fd3dfe1 Migrate the RSA key exchage tests
Migrate to ECDHE-ECDSA instead of PSK

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:46 +01:00
Gabor Mezei
00ab71035e Delete SSL async decryption tests
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:46 +01:00
Gabor Mezei
fc42c22c7b Migrate RSA key exchange tests
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-03-05 12:18:30 +01:00
Valerio Setti
371a1aab87 psasim: update README file
The README file content dates back to the early stages of PSASIM
development. Since then a lot of things have changed, so the README
file required a complete rewrite.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 11:02:32 +01:00
Valerio Setti
05c23fbf86 ChangeLog: add note for removal of DHM related functions in SSL
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:23 +01:00
Valerio Setti
28c645b951 docs: remove references to DHM
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:23 +01:00
Valerio Setti
d7a465431c library: do not include dhm.c in the build
The file was cancelled from the tf-psa-crypto repo following the removal
of MBEDTLS_DHM_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:23 +01:00
Valerio Setti
ddc4b042f8 scripts: generate_errors: remove DHM occurrence
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:23 +01:00
Valerio Setti
15fd5c9925 ssl: remove support for MBEDTLS_DHM_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:23 +01:00
Valerio Setti
461899e382 analyze_outcomes.py: remove exceptions for MBEDTLS_DHM_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
eb63eb2a6a etests: remove MBEDTLS_DHM_C/DHM occurrencies
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
c56cda7ad6 scripts: query_config.fmt: do not include "dhm.h"
The file is being removed together with the removal of MBEDTLS_DHM_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
12e67eaa5b programs: remove DHM_C usage from selftest
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
73cd415c0b programs: remove DHM_C from ssl_client2 and ssl_server2
MBEDTLS_DHM_C is being removed so all its occurencies should be removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
540e7f3738 programs: remove dh_client and dh_server
These sample programs depend on MBEDTLS_DHM_C which is being removed, so
they should be as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Gilles Peskine
2d23a9a464 Update framework
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-04 18:51:27 +01:00
Gilles Peskine
e0bd20bd58 Generate handshake defragmentation test cases: update analyze_outcomes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-04 18:24:52 +01:00
Gilles Peskine
3b3c652ddc Merge pull request #10027 from valeriosetti/md-psa-dispatch-development
[development] md: allow dispatch to PSA whenever CRYPTO_CLIENT is enabled
2025-03-04 11:22:23 +00:00
Valerio Setti
5328d8f55c tf-psa-crypto: update reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-04 09:41:33 +01:00
Gilles Peskine
f89bc27603 Switch to generated handshake tests
Replace `tests/opt-testcases/handshake-manual.sh` by
`tests/opt-testcases/handshake-generated.sh`. They are identical except for
comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-03 16:13:19 +01:00
Gilles Peskine
5071a25320 Normalize requirements in defragmentation test cases
Be more uniform in where certificate authentication and ECDSA are explicitly
required. A few test cases now run in PSK-only configurations where they
always could. Add a missing requirement on ECDSA to test cases that are
currently skipped.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-03 16:13:19 +01:00