cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-23 20:48:33 -04:00
Code Issues Packages Projects Releases Wiki Activity
33,061 Commits 7 Branches 115 Tags
Commit Graph

33061 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
235eae9e03 mbedtls_ssl_prepare_handshake_record(): log offsets after decryption 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:02:18 +01:00
Gilles Peskine
7a17696c34 mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep 
Minor refactoring of the initial checks and preparation when receiving the
first fragment. Use `ssl->in_hsfraglen` to determine whether there is a
pending handshake fragment, for consistency, and possibly for more
robustness in case handshake fragments are mixed with non-handshake
records (although this is not currently supported anyway).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:02:18 +01:00
Gilles Peskine
07027722cb Tweak handshake fragment log message 
In preparation for reworking mbedtls_ssl_prepare_handshake_record(),
tweak the "handshake fragment:" log message.

This changes what information is displayed when a record contains data
beyond the expected end of the handshake message. This case is currently
untested and its handling will change in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:02:18 +01:00
Gilles Peskine
9bdc8aa80b Tweak "waiting for more handshake fragments" log message 
In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak
the "waiting for more handshake fragments" log message in
ssl_consume_current_message(), and add a similar one in
mbedtls_ssl_prepare_handshake_record(). Assert both.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:02:18 +01:00
Gilles Peskine
2e5a7ea9bc Fix Doxygen markup 
Pacify `clang -Wdocumentation`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:02:18 +01:00
Gilles Peskine
6811978045
Merge pull request #10021 from gilles-peskine-arm/tls-defragment-generate-tests-dev 
Generate TLS handshake defragmentation tests
 2025-03-05 16:49:32 +01:00
Gabor Mezei
ea4df49272
Update test dependencies 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:47 +01:00
Gabor Mezei
dcbe4ce9db
Update dependencies 
Pre-existing but not having TLS 1.3 in the build does not seem to be
necessary actually. These test functions set the dtls flag when
calling `test_resize_buffers` and then `test_resize_buffers` sets the
`options.dtls` flag which eventually forces the TLS 1.2 version of the
protocol (in `mbedtls_test_ssl_endpoint_init()` call of
`mbedtls_ssl_config_defaults()` with `MBEDTLS_SSL_TRANSPORT_DATAGRAM`
as the transport).

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:47 +01:00
Gabor Mezei
92e49e1bca
Update comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:47 +01:00
Gabor Mezei
c27757b1eb
Add new test component 
New test component added to run test cases with ECDHE_ECDSA ciphersuits and
without TLS 1.3.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:47 +01:00
Gabor Mezei
8adcfc8240
Add ECDSA ciphersuite support for resize_buffer tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:47 +01:00
Gabor Mezei
ab02cd5e7b
Revert "Delete test cases" 
This reverts commit ecc5d31139dc6877f135e8090e805c250e32a31d.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
cdd34742cf
Fix test case name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
973a712dd8
Migrate to a usable ciphersuite 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
ff9b2e742a
Delete test cases 
Only RSA cipgersuits are accepted for these tests and there is no ECDHE-RSA
alternative for AES-128-CCM so delete them.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
dd7c0f1e66
Fix ciphersuit 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
9d7fd3dfe1
Migrate the RSA key exchage tests 
Migrate to ECDHE-ECDSA instead of PSK

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
00ab71035e
Delete SSL async decryption tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
fc42c22c7b
Migrate RSA key exchange tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:30 +01:00
Valerio Setti
371a1aab87 psasim: update README file 
The README file content dates back to the early stages of PSASIM
development. Since then a lot of things have changed, so the README
file required a complete rewrite.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 11:02:32 +01:00
Valerio Setti
05c23fbf86 ChangeLog: add note for removal of DHM related functions in SSL 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:23 +01:00
Valerio Setti
28c645b951 docs: remove references to DHM 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:23 +01:00
Valerio Setti
d7a465431c library: do not include dhm.c in the build 
The file was cancelled from the tf-psa-crypto repo following the removal
of MBEDTLS_DHM_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:23 +01:00
Valerio Setti
ddc4b042f8 scripts: generate_errors: remove DHM occurrence 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:23 +01:00
Valerio Setti
15fd5c9925 ssl: remove support for MBEDTLS_DHM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:23 +01:00
Valerio Setti
461899e382 analyze_outcomes.py: remove exceptions for MBEDTLS_DHM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Valerio Setti
eb63eb2a6a etests: remove MBEDTLS_DHM_C/DHM occurrencies 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Valerio Setti
c56cda7ad6 scripts: query_config.fmt: do not include "dhm.h" 
The file is being removed together with the removal of MBEDTLS_DHM_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Valerio Setti
12e67eaa5b programs: remove DHM_C usage from selftest 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Valerio Setti
73cd415c0b programs: remove DHM_C from ssl_client2 and ssl_server2 
MBEDTLS_DHM_C is being removed so all its occurencies should be removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Valerio Setti
540e7f3738 programs: remove dh_client and dh_server 
These sample programs depend on MBEDTLS_DHM_C which is being removed, so
they should be as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Gilles Peskine
2d23a9a464 Update framework 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-04 18:51:27 +01:00
Gilles Peskine
e0bd20bd58 Generate handshake defragmentation test cases: update analyze_outcomes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-04 18:24:52 +01:00
Gilles Peskine
3b3c652ddc
Merge pull request #10027 from valeriosetti/md-psa-dispatch-development 
[development] md: allow dispatch to PSA whenever CRYPTO_CLIENT is enabled
 2025-03-04 11:22:23 +00:00
Valerio Setti
5328d8f55c tf-psa-crypto: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-04 09:41:33 +01:00
Gilles Peskine
f89bc27603 Switch to generated handshake tests 
Replace `tests/opt-testcases/handshake-manual.sh` by
`tests/opt-testcases/handshake-generated.sh`. They are identical except for
comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
5071a25320 Normalize requirements in defragmentation test cases 
Be more uniform in where certificate authentication and ECDSA are explicitly
required. A few test cases now run in PSK-only configurations where they
always could. Add a missing requirement on ECDSA to test cases that are
currently skipped.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
46cb8a2aa9 Normalize messages in defragmentation test cases 
Make some test case descriptions and log patterns follow more systematic
patterns.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
aaab090ad8 Normalize whitespace in defragmentation test cases 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
b40d33b7c8 Move most TLS handshake defragmentation tests to a separate file 
Prepare for those test cases to be automatically generated by a script.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
4773333dc6 New generated file: tests/opt-testcases/handshake-generated.sh 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Valerio Setti
1027c4cc3c psasim: add support for psa_can_do_hash() 
This commit also includes regenerated C and H files.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-03 15:36:14 +01:00
Valerio Setti
886fa8d71a psasim: add support for psa_export_public_key_iop 
This commit also includes regenerated C and H files.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-03 15:35:47 +01:00
David Horstmann
32707bdc99
Merge pull request #10023 from gilles-peskine-arm/tls-defragmentation-merge-development-20250303 
[tls-defragmentation/development] Update main branch
 2025-03-03 14:03:33 +00:00
Gilles Peskine
5df993dcc9 Merge remote-tracking branch 'development' into tls-defragmentation-merge-development-20250303 2025-03-02 21:15:58 +01:00
Gilles Peskine
6eabe58c84
Merge pull request #9989 from minosgalanakis/issue9887_add_basic_defragmentation_tests 
Add basic handshake defragmentation tests in ssl-opt
 2025-02-28 12:55:58 +01:00
Minos Galanakis
4354dc646f ssl-opt: Re-introduce certificate dependency for HS negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 22:40:37 +00:00
Minos Galanakis
0dd57a9913 ssl-opt: Removed dependencies for HS defrag negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 18:05:48 +00:00
Minos Galanakis
d01ac30cfa ssl-opt: Adjusted reference hs defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:11:21 +00:00
Minos Galanakis
76957cceab ssl-opt: Minor typos and documentation fixes. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:11:21 +00:00