lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-24 21:47:04 +03:00
Code
31,946 Commits 174 Branches 267 Tags
Commit Graph

31946 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
aa9b45535b Pacify ancient clang -Wmissing-initializer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:48 +02:00
Gilles Peskine
ad84044386 Test split, coalesced-split and empty handshake records 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:48 +02:00
Gilles Peskine
39bcbb6036 Create handshake record coalescing tests 
Create tests that coalesce the handshake messages in the first flight from
the server. This lets us test the behavior of the library when a handshake
record contains multiple handshake messages.

Only non-protected (non-encrypted, non-authenticated) handshake messages are
supported.

The test code works for all protocol versions, but it is only effective in
TLS 1.2. In TLS 1.3, there is only a single non-encrypted handshake record,
so we can't test records containing more than one handshake message without
a lot more work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:44 +02:00
Gilles Peskine
adefe78939 Document gotcha of move_handshake_to_state 
A single call to move_handshake_to_state() can't do a full handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:09 +02:00
Gilles Peskine
da5f5b23d0 Add a log message on every SSL state transition 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:09 +02:00
Gilles Peskine
49f179d9c8 Always call mbedtls_ssl_handshake_set_state 
Call a single function for all handshake state changes, for easier tracing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-01 10:39:04 +02:00
David Horstmann
3623414113
Merge pull request #10092 from davidhorstmann-arm/add-missing-credit-3.6 
[3.6] Add missing credit for `set_hostname` issue
 2025-03-27 09:11:21 +00:00
Ronald Cron
a1dd7fa1f2
Merge pull request #10069 from ronald-cron-arm/check-generated-files-3.6 
[Backport 3.6] Adapt test_keys.h and test_cert.h generation
The PR is based on mbedtls-3.6, no PR in the merging queue for mbedtls-3.6, thus merging directly without going through the merge queue.
 2025-03-27 08:35:30 +01:00
David Horstmann
70807520ec Add missing credit for set_hostname issue 
Correctly credit Daniel Stenberg for reporting the problem with
mbedtls_ssl_set_hostname().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-25 16:01:30 +00:00
Ronald Cron
f810d44956 cmake: Generate test_keys.h and test_certs.h in the build tree 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-25 09:49:22 +01:00
Ronald Cron
9449eedb81 Update framework pointer 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-25 09:49:16 +01:00
minosgalanakis
0c0f5f200f
Merge pull request #1332 from Mbed-TLS/mbedtls-3.6.3_mergeback 
Mbedtls 3.6.3 mergeback
 2025-03-24 16:49:08 +00:00
Minos Galanakis
3b56d92581 Merge branch 'mbedtls-3.6.3rc' into mbedtls-3.6.3_mergeback 2025-03-23 13:14:46 +00:00
Minos Galanakis
05657d9dee Revert "Add auto-generated files" 
This reverts commit 22098d41c6620ce07cf8a0134d37302355e1e5ef.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-23 13:09:30 +00:00
minosgalanakis
a68d1d2caa
Merge pull request #1328 from Mbed-TLS/mbedtls-3.6.3rc0-pr 
Mbedtls 3.6.3rc0 pr
 2025-03-20 23:14:23 +00:00
Minos Galanakis
8cf5666a17 Restored framework as a submodule 
- git submodule add https://github.com/Mbed-TLS/mbedtls-framework framework
- git submodule init
- pushd framework && git checkout cab0c5 && popd
- git add framework

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 11:11:05 +00:00
Minos Galanakis
c90c6d8ff7 Deleted flattened framework dir. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 11:06:31 +00:00
Minos Galanakis
22098d41c6 Add auto-generated files 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
v3.6.3 mbedtls-3.6.3 		2025-03-20 09:33:09 +00:00
Minos Galanakis
2c824b4fe5 Added framework as a flattened directory 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 09:28:45 +00:00
Minos Galanakis
b41194ce7f Unlinked framework as a submodule. 
- git rm --cached framework
- rm -rf .git/modules/framework
- rm -rf framework/.git*

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 09:26:53 +00:00
Minos Galanakis
03d424bf94 Updated BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-20 09:23:47 +00:00
Minos Galanakis
b215873972 Finalise ChangeLog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 17:22:59 +00:00
Minos Galanakis
e62ef05344 Version Bump for 3.6.3 
./scripts/bump_version.sh --version 3.6.3

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 17:11:54 +00:00
Minos Galanakis
a3c020d2cf Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:50:40 +00:00
Minos Galanakis
688494ae41 Changelog: Added CVE. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:48:02 +00:00
Minos Galanakis
7a95d16a31 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:28:26 +00:00
Gilles Peskine
f985bee481
Merge pull request #10065 from minosgalanakis/task9887_extend_defragmentation_tests_36 
[Backport 3.6]  Extend ssl-opt testing for TLS HS defragmentation
 2025-03-18 12:46:29 +00:00
Minos Galanakis
6c129c36ff ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:32:06 +00:00
Minos Galanakis
5c6d3173fa ssl-opt: Fixed a minor typo. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:25:42 +00:00
Manuel Pégourié-Gonnard
b6ad19b2b8
Merge pull request #9976 from mpg/defragment-ext-test-3.6 
Defragment ext test 3.6
 2025-03-17 11:44:28 +00:00
Manuel Pégourié-Gonnard
739ad37249
Merge pull request #1324 from Mbed-TLS/pre-3.6.3-upstream-merge 
Merge upstream mbedtls3.6 into mbedtls3.6-restricted
 2025-03-17 09:36:34 +01:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Manuel Pégourié-Gonnard
d3ca688b4b
Merge pull request #10064 from davidhorstmann-arm/update-3.0-migration-guide-3.6 
[Backport 3.6] Update the 3.0 migration guide
 2025-03-14 13:28:49 +00:00
David Horstmann
20220f09b4 Reword slightly to be more tentative 
We don't guarantee ABI stability, but we do try to maintain it where we
can.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-14 10:51:22 +00:00
Gilles Peskine
c03cd1124c
Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error 
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
 2025-03-14 10:11:40 +00:00
Manuel Pégourié-Gonnard
43a04e7640 Re-introduce log asserts on positive cases 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8476c38b21 Improve a test assertion 
That way if it ever fails it will print the values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
29073e3a00 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
b59caea309 Add test cases for EOF in the middle of fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
4712b3e6b8 Adjust logic around log pattern 
This is more flexible: the test data gets to decide whether we want to
assert the presence of a pattern or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
d2197afa37 Add test for length larger than 2^16 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8577510009 Adapt "large ClientHello" tests to incremental 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
c6cf7e5b19 Cleanly reject non-HS in-between HS fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
051b1e21d6 Reduce the level of logging used in tests 
This should avoid running into a bug with printf format specifiers one
windows.

It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
adad47634e Move new tests to their own data file 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
996c4c00a6 Fix dependency issues 
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
6b25c504e1 New test function for large ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
89cc61a9fa Fix hash dependencies for TLS 1.2 tests 
We're not sending a signature_algorithm extension, which means SHA-1.

Caught by depends.py hashes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
2b1ec8f63e Fix curve dependencies 
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.

Caught by depends.py curves

Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
428ce0aff9 Add missing dependency declaration 
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00