051b1e21d6
Reduce the level of logging used in tests
...
This should avoid running into a bug with printf format specifiers one
windows.
It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
adad47634e
Move new tests to their own data file
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
996c4c00a6
Fix dependency issues
...
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
6b25c504e1
New test function for large ClientHello
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
89cc61a9fa
Fix hash dependencies for TLS 1.2 tests
...
We're not sending a signature_algorithm extension, which means SHA-1.
Caught by depends.py hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
2b1ec8f63e
Fix curve dependencies
...
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.
Caught by depends.py curves
Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
428ce0aff9
Add missing dependency declaration
...
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
3a7f1d229b
Fix dependency issues
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
31253cdafd
Add test with non-HS record in-between HS fragments
...
Two of these tests reveal bugs in the code, so they're commented out for
now.
For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.
To be fixed in future commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
bde37cedde
Add test to TLS 1.3 ClientHello fragmentation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
ba71610fa3
Add reference tests with 1.3 ClientHello
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
f83bc798e1
Add supported_curves/groups extension
...
This allows us to use a ciphersuite that will still be supported in 4.0.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
00ad6f6b03
New test function inject_client_content_on_the_wire()
...
Not used for real stuff so far, just getting the tooling in place.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-03-14 09:21:59 +01:00
0ed5cb8074
Merge pull request #10004 from gilles-peskine-arm/doc-threading-needed-by-psa-3.6
...
Backport 3.6: Document PSA's need for threading
2025-03-14 03:51:52 +00:00
bde759b792
ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:17:08 +00:00
875cce945a
ssl-opt: Updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:13 +00:00
e61d0e9f7c
ssl-opt: Added client-initiated server-rejected renegotation test.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:13 +00:00
27988889e5
ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:13 +00:00
2a1eacc0b6
ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
e5a3fd2f9d
ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
5b6ec1566d
ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
620e8c29a3
ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
135aed519e
ssl-opt: Fragmented HS renegotiation, updated matching regex
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:12 +00:00
9d78547692
ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
9d1aa0870e
ssl-opt: Refactored fragmented HS renegotiation tests.
...
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
44c1c5fc69
ssl-opt: Fragmented HS renegotiation, updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
6d1491d6c4
ssl-opt: Removed mock-tests from HS renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
a23e697ef3
sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:11 +00:00
eec6eb9cd4
programs -> ssl_client2.c: Added option renego_delay to set record buffer depth.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
12cf388856
Added Mock Renegotiation negative test for testing.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
a37a936beb
ssl-opt: Added fragmented HS tests for server-initiated renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
c4595a4c6a
ssl-opt: Added fragmented HS tests for client-initiated renegotiation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
1e6438d8b9
ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:09 +00:00
235dfc2b8c
Add note about MBEDTLS_PRIVATE() in 3.6
...
Note that in the Mbed TLS 3.6 LTS, users can generally rely on being
able to access struct members through the MBEDTLS_PRIVATE() macro, since
we try to maintain ABI stability within an LTS version.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-13 17:01:35 +00:00
cd5053465a
Fix typos in the 3.0 migration guide
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2025-03-13 17:01:35 +00:00
ba4f16691c
Merge pull request #10058 from gilles-peskine-arm/mbedtls_net_send-api-desc-tweak-3.6
...
Backport 3.6: mbedtls_net_send API description typo fix
2025-03-13 16:29:57 +00:00
b22247b85b
Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6
...
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
2025-03-13 10:09:13 +00:00
b05b3b19d7
mbedtls_net_send API description typo fix
...
Signed-off-by: Noah Pendleton <noah.pendleton@gmail.com >
2025-03-13 10:32:27 +01:00
3dbe333ab0
Merge pull request #10051 from Vge0rge/key_id_range_backport
...
PSA core: Allow enabling one volatile/builtin key
2025-03-13 09:27:12 +00:00
5b114163e4
Merge pull request #10056 from minosgalanakis/feature_merge_defragmentation_36
...
Merge defragmentation feature branch onto 3.6
2025-03-13 08:36:11 +00:00
c64b7bc664
Use an array of strings instead of pointer smuggling
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 19:12:44 +01:00
26f0044ad0
Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6
...
[Backport 3.6] TLS1.2: Check for failures in Finished calculation
2025-03-12 17:35:40 +00:00
a029387d1b
Use dummy typedef instead of macro
...
Use a dummy definition of mbedtls_ms_time_t in builds without
MBEDTLS_HAVE_TIME.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 17:28:30 +01:00
f525505886
Clarify changelog
...
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.
Clarify the affected CRT headers.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 17:28:30 +01:00
51668e5249
Updated framework pointer.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-12 15:22:27 +00:00
104bd06826
Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-12 15:21:56 +00:00
26932b811b
Merge pull request #10055 from gilles-peskine-arm/tls-defragment-doc-3.6
...
Backport 3.6: Document the limitations of TLS handshake message defragmentation
2025-03-12 13:00:23 +01:00
a7c020d6cb
Update the location of defragmentation limitations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:48 +01:00
858900656e
State globally that the limitations don't apply to DTLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:47 +01:00
bc0255592f
Clarify DTLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:55:11 +01:00
