lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
31,946 Commits 176 Branches 276 Tags
aa9b45535bf01b08510600bf173f085fcab03dc6
Commit Graph

11822 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
32bdf19a01 Minor updates in doc/comments/debug 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:47 +02:00
Manuel Pégourié-Gonnard
8cd0dfaa32 Merge pull request #9537 from mpg/tickets13-followup 
[3.6] Follow-up to 9507 Disable new session tickets at runtime
 2024-09-10 07:05:29 +00:00
Manuel Pégourié-Gonnard
f59d7b9292 Merge pull request #9493 from yanesca/rsapub_additional_tests 
[3.6] Rsapub additional tests
 2024-09-09 09:36:33 +00:00
Manuel Pégourié-Gonnard
aa80f5380c Use libary default in ssl_client2 for new_session_tickets 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-06 10:06:38 +02:00
Gilles Peskine
d210bf73b2 Merge pull request #9338 from sezrab/analyze_driver_vs_reference_header_correction-3.6 
Backport 3.6:  Fix inconsistent ordering of driver vs reference in analyze_outcomes
 2024-09-05 16:36:02 +00:00
Manuel Pégourié-Gonnard
15fa9ceedd Misc improvements to comments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-03 10:10:18 +02:00
Manuel Pégourié-Gonnard
33a2918a48 Merge pull request #9390 from eleuzi01/backport-9327 
[Backport 3.6] Remove hacks about asm vs constant-flow testing
 2024-09-03 07:37:07 +00:00
Elena Uziunaite
6496d56329 Make error line consistent with the header 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-02 15:34:02 +01:00
Manuel Pégourié-Gonnard
9ec6d45e99 Fix code style (for real this time, hopefully) 
For some reason I didn't think about other files in the previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:41:05 +02:00
Janos Follath
0a75adcf4e Prepare codepath tests for early termination 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-09-02 10:30:47 +02:00
Janos Follath
e9cc10d2af Fix incorrect test result 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-09-02 10:30:47 +02:00
Janos Follath
96cfd7a77a Move bignum code path testing out of the library 
Without this, it's not at all obvious that turning on MBEDTLS_TEST_HOOKS
doesn't change the functional behavior of the code.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-09-02 10:30:47 +02:00
Janos Follath
55be79b500 Add tests for optionally safe code paths in RSA 
Only add the test hooks where it is meaningful. That is, not adding
where the operation is essentially the same or the target is not the
function that is being tested.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-09-02 10:30:47 +02:00
Janos Follath
5fc20fc56a Add tests for optionally safe code paths in bignum 
Not adding _unsafe version to the tests targeting behaviour related to
RR as it is independent from the secret involved in the safe/unsafe
distinction.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-09-02 10:30:47 +02:00
David Horstmann
fbc34eeb69 Revert "Add generated files" 
This reverts commit 0d1117692e.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-30 11:03:51 +01:00
David Horstmann
0d1117692e Add generated files 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:56:16 +01:00
David Horstmann
1d2dcfce6f Bump version to 3.6.1 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:56:16 +01:00
David Horstmann
636367f757 Don't clean test_keys.h and test_certs.h 
This is in keeping with other generated files (such as generated .data
files) that are added to releases.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:56:16 +01:00
David Horstmann
204c4b41f5 Fix typos in make clean target for Windows 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:56:16 +01:00
David Horstmann
9f10979853 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:48:27 +01:00
Ronald Cron
9f44c883f4 Rename some "new_session_tickets" symbols 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 17:47:46 +02:00
Ronald Cron
97dc5832c5 Improve debug logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:42:01 +02:00
Ronald Cron
d67f801c63 Do not add a new field in the SSL config 
We cannot add a new field in SSL config in
an LTS. Use `session_tickets` field instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:41:54 +02:00
Ronald Cron
57ad182644 ssl_client2: Fix new_session_tickets option parsing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:30:24 +02:00
Ronald Cron
23303a47f4 Enable TLS 1.3 ticket handling in resumption tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-27 16:20:40 +02:00
Gilles Peskine
5950301740 Don't call psa_crypto_init in unit tests when not required for TLS 1.3 
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.

This commit changes our unit tests to validate that the library
does not have the compatibility-breaking requirement.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-25 10:44:39 +02:00
Gilles Peskine
4002e6fdee Merge remote-tracking branch 'mbedtls-3.6' into mbedtls-3.6-restricted 2024-08-23 11:15:11 +02:00
Gilles Peskine
86a4c25136 Merge pull request #9499 from waleed-elmelegy-arm/fix-legacy-compression-issue-3.6 
[Backport 3.6] Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello()
 2024-08-22 18:23:33 +00:00
Gilles Peskine
df0ef8a624 Merge pull request #9281 from mpg/rsapub 
[3.6] Reduce performance regression in RSA public operations
 2024-08-22 16:50:38 +00:00
Waleed Elmelegy
1297309fdb Remove redundant legacy compression test 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-08-22 15:50:46 +00:00
Waleed Elmelegy
38c8757b2c Improve legacy compression regression testing 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-08-22 15:50:46 +00:00
Waleed Elmelegy
790f3b16d4 Add regression testing to handling Legacy_compression_methods 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-08-22 15:50:45 +00:00
Janos Follath
5f316972b2 Add header for mbedtls_mpi_exp_mod_unsafe() 
To silence no previous prototype warnings. And this is the proper way to
do it anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-08-22 15:00:09 +01:00
Manuel Pégourié-Gonnard
273d07b0c0 Merge pull request #9240 from gilles-peskine-arm/psa-keystore-dynamic-3.6 
Backport 3.6: dynamically sized key store
 2024-08-22 12:53:32 +00:00
Manuel Pégourié-Gonnard
ff28e4c7f4 Fix two dependency declarations in ssl-opt 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
dee6ffa961 Add support for context f_vrfy callback in 1.3 
This was only supported in 1.2 for no good reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Ronald Cron
8d5da8f4a3 ssl-opt.sh: Test trusted certificate callback in TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Ronald Cron
84442a3bff ssl-opt.sh: Fix test case titles 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
2b98a4ee3b Allow no authentication of the server in 1.3 
See notes about optional two commits ago for why we're doing this.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
a0a781eadd Reorder some tests in ssl-opt.sh 
The tests above are required then optional then none. Follow the same
pattern here.

Just moving things around (see git's --color-moved option).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
e1cc926717 Allow optional authentication of the server in 1.3 
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.

In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
4192bba54f Test cert alert REVOKED -> CERT_REVOKED 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:09 +02:00
Manuel Pégourié-Gonnard
d6e20692dd Test cert alert NOT_TRUSTED -> UNKNOWN_CA 
In terms of line coverage, this was covered, except we never checked the
behaviour was as intended.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:09 +02:00
Manuel Pégourié-Gonnard
a3cf1a53b4 Fix ordering of a test case in ssl-opt.sh 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:09 +02:00
Manuel Pégourié-Gonnard
060e284dee Add test forcing TLS 1.2 for clearer coverage 
This is a duplicate from the previous test, except it forces TLS 1.2.

The previous test does not force a version, so it picks 1.3 in the
default/full config. However we have a build with 1.2 only in all.sh, in
which the previous test would pick 1.2. So, there was no test gap and
the behaviour was indeed tested with 1.2.

However when measuring code coverage with lcov, currently we can only
use a single build. So, I'm adding this variant of the test case as a
so that the 1.2 code looks covered in the report from
basic-build-test.sh. This is for my convenience while I make sure
everything is covered before refactoring.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:09 +02:00
Janos Follath
878af12807 Fix memory corruption in exp_mod tests 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-08-20 12:33:42 +01:00
Janos Follath
8786dd79f7 Disable optionally safe test hook in threading builds 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-08-20 10:21:54 +01:00
Elena Uziunaite
04db1fb481 Add test cases for extKeyUsage 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-16 17:19:37 +01:00
Elena Uziunaite
e74c840b5e Rationalize extKeyUsage tests 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-15 15:33:26 +01:00
Janos Follath
7342656098 Add tests for optionally unsafe code paths 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-08-13 11:39:03 +01:00