For each received ClientHello fragment, check
that its epoch is zero and update the
record-level sequence number.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In DTLS reassembly tests, the server may receive a close_notify alert at the
end of a test. In this case, the Mbed TLS server logs an error, so these tests
should not check for the absence of the string "error" in the server logs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The compile time guards were too restrictive, excluding builds with
drivers, updating them will allow driver tests to run as well.
Signed-off-by: Janos Follath <janos.follath@arm.com>
When we are doing PSK, we'd like to set verify_result to
0 to indicate success. Previously this was done in
mbedtls_ssl_set_hs_psk() but this is inadequate since this function may
be called for early data (where certificate verification happens later
in the handshake).
Instead, set this value after writing / processing the encrypted
extensions on the server / client respectively, so that we know whether
we are doing certificate verification or not for sure. This change is
effective only for TLS 1.3 as TLS 1.2 sets verify_result for PSK in
ssl_parse_certificate_coordinate().
Signed-off-by: David Horstmann <david.horstmann@arm.com>
In builds with only a nonvolatile seed but no actual entropy source, the
naive protection against fork() by reseeding in the child doesn't work:
every child forked from the same RNG state gets the same RNG state. To make
the child's RNG state unique in that case, use a public but unique
personalization string.
The personalization string includes the time. Use `mbedtls_ms_time()` if
available. Fall back to the classic (but obsolescent) `gettimeofday()`
otherwise.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If a process forks with the PSA subsystem active, the PSA RNG state is
duplicated. This led to the parent process and the child process generating
the same sequence of random numbers.
Fix this by forcing a reseed if the value of `getpid()` changes. This is the
same technique used in OpenSSL ≥1.1.1d.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Assert that two forked children have distinct RNG states, and also that the
state is distinct from their parent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit fixes two problems:
1. In 3.6 the SSL unit test framework ignores option.cipher, we need to
enforce it manually
2. In 3.6 we still have RSA key exchange and we need to condition the
RSA test on the presence of ECDHE_RSA key exchange modes as well
Signed-off-by: Janos Follath <janos.follath@arm.com>
In 3.6 we still have RSA key exchange and the existing preprocessor
guards are insufficient. Use the same macro to guard the definition that
guards the call.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Simplify and improve error reporting and remove unnecessary
initialisation (the caller is responsible for initialising those
values).
Signed-off-by: Janos Follath <janos.follath@arm.com>
DEBUG_C supposed to have been removed from the test dependencies, still
being there is an oversight. Removing it was the sole purpose of
3e58109fbd.
Signed-off-by: Janos Follath <janos.follath@arm.com>
