lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity
31,946 Commits 174 Branches 272 Tags
aa9b45535bf01b08510600bf173f085fcab03dc6
Commit Graph

31946 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
3a7f1d229b Fix dependency issues 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
31253cdafd Add test with non-HS record in-between HS fragments 
Two of these tests reveal bugs in the code, so they're commented out for
now.

For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.

To be fixed in future commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
bde37cedde Add test to TLS 1.3 ClientHello fragmentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
ba71610fa3 Add reference tests with 1.3 ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
f83bc798e1 Add supported_curves/groups extension 
This allows us to use a ciphersuite that will still be supported in 4.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
00ad6f6b03 New test function inject_client_content_on_the_wire() 
Not used for real stuff so far, just getting the tooling in place.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Gilles Peskine
0ed5cb8074 Merge pull request #10004 from gilles-peskine-arm/doc-threading-needed-by-psa-3.6 
Backport 3.6: Document PSA's need for threading
 2025-03-14 03:51:52 +00:00
Minos Galanakis
bde759b792 ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:17:08 +00:00
Minos Galanakis
875cce945a ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
e61d0e9f7c ssl-opt: Added client-initiated server-rejected renegotation test. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
27988889e5 ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:13 +00:00
Minos Galanakis
2a1eacc0b6 ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
e5a3fd2f9d ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
5b6ec1566d ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
620e8c29a3 ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
135aed519e ssl-opt: Fragmented HS renegotiation, updated matching regex 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:12 +00:00
Minos Galanakis
9d78547692 ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
9d1aa0870e ssl-opt: Refactored fragmented HS renegotiation tests. 
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
44c1c5fc69 ssl-opt: Fragmented HS renegotiation, updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
6d1491d6c4 ssl-opt: Removed mock-tests from HS renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
a23e697ef3 sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:11 +00:00
Minos Galanakis
eec6eb9cd4 programs -> ssl_client2.c: Added option renego_delay to set record buffer depth. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Minos Galanakis
12cf388856 Added Mock Renegotiation negative test for testing. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Minos Galanakis
a37a936beb ssl-opt: Added fragmented HS tests for server-initiated renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Minos Galanakis
c4595a4c6a ssl-opt: Added fragmented HS tests for client-initiated renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Minos Galanakis
1e6438d8b9 ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:09 +00:00
David Horstmann
235dfc2b8c Add note about MBEDTLS_PRIVATE() in 3.6 
Note that in the Mbed TLS 3.6 LTS, users can generally rely on being
able to access struct members through the MBEDTLS_PRIVATE() macro, since
we try to maintain ABI stability within an LTS version.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-13 17:01:35 +00:00
David Horstmann
cd5053465a Fix typos in the 3.0 migration guide 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-13 17:01:35 +00:00
Gilles Peskine
ba4f16691c Merge pull request #10058 from gilles-peskine-arm/mbedtls_net_send-api-desc-tweak-3.6 
Backport 3.6: mbedtls_net_send API description typo fix
 2025-03-13 16:29:57 +00:00
Bence Szépkúti
b22247b85b Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6 
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:13 +00:00
Noah Pendleton
b05b3b19d7 mbedtls_net_send API description typo fix 
Signed-off-by: Noah Pendleton <noah.pendleton@gmail.com>
 2025-03-13 10:32:27 +01:00
Gilles Peskine
3dbe333ab0 Merge pull request #10051 from Vge0rge/key_id_range_backport 
PSA core: Allow enabling one volatile/builtin key
 2025-03-13 09:27:12 +00:00
Manuel Pégourié-Gonnard
5b114163e4 Merge pull request #10056 from minosgalanakis/feature_merge_defragmentation_36 
Merge defragmentation feature branch onto 3.6
 2025-03-13 08:36:11 +00:00
Bence Szépkúti
c64b7bc664 Use an array of strings instead of pointer smuggling 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 19:12:44 +01:00
David Horstmann
26f0044ad0 Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6 
[Backport 3.6] TLS1.2: Check for failures in Finished calculation
 2025-03-12 17:35:40 +00:00
Bence Szépkúti
a029387d1b Use dummy typedef instead of macro 
Use a dummy definition of mbedtls_ms_time_t in builds without
MBEDTLS_HAVE_TIME.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Bence Szépkúti
f525505886 Clarify changelog 
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.

Clarify the affected CRT headers.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Minos Galanakis
51668e5249 Updated framework pointer. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:22:27 +00:00
Minos Galanakis
104bd06826 Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:21:56 +00:00
Manuel Pégourié-Gonnard
26932b811b Merge pull request #10055 from gilles-peskine-arm/tls-defragment-doc-3.6 
Backport 3.6: Document the limitations of TLS handshake message defragmentation
 2025-03-12 13:00:23 +01:00
Gilles Peskine
a7c020d6cb Update the location of defragmentation limitations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:48 +01:00
Gilles Peskine
858900656e State globally that the limitations don't apply to DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:47 +01:00
Gilles Peskine
bc0255592f Clarify DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:11 +01:00
Gilles Peskine
c3af2f48c4 ClientHello may be fragmented in renegotiation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:11 +01:00
Gilles Peskine
494e4943b5 Move the defragmentation documentation to mbedtls_ssl_handshake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:10 +01:00
Gilles Peskine
1933932e55 Refer to the API documentation for details 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:53:11 +01:00
Gilles Peskine
b5ccd32390 Document the limitations of TLS handshake message defragmentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:53:11 +01:00
Gilles Peskine
43f636ff4d Merge pull request #1316 from gilles-peskine-arm/zeroize-psa-202503-3.6 
Backport 3.6: Zeroize PSA temporary heap buffers
 2025-03-11 17:38:28 +01:00
David Horstmann
0326decca7 Add changelog entry for TLS 1.2 Finished fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-11 15:53:26 +00:00
Gilles Peskine
d3b3c6740f More generally, what needs psa_crypto_init also needs threading 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-11 14:45:54 +01:00