lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-11 12:10:46 +03:00
Code Activity
33,728 Commits 174 Branches 272 Tags
coverity_scan
Commit Graph

1334 Commits

Author SHA1 Message Date
Ronald Cron
5df9d9d53e ssl-opt.sh: Fix dependency on ECDSA 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-08 15:40:12 +02:00
Ronald Cron
8fc000ec2c ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency adjustment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-08-25 15:19:59 +02:00
Minos Galanakis
a1e867981b ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-08-21 15:57:00 +01:00
Valerio Setti
d0d0791aed remove usage of secp192[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Valerio Setti
70a4a31cb5 remove secp224[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Ben Taylor
c454b5b658 Fix rebase failure 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
8519c3e0ba corrected copy paste error for MBEDTLS_USE_PSA_CRYPTO enabled/disabled 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
6164e92d3b Restore comment in ssl-opt.sh as it is still relevent 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
07687266b9 restoring test comment that refer to USE_PSA 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
39a68bf347 removed additional references to USE_PSA in tests and comments 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
9020426b14 remove MBEDTLS_USE_PSA_CRYPTO from tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ronald Cron
fbd5157989 ssl-opt.sh: Replace MBEDTLS_ECP_DP_* dependencies 
In preparation of the removal of MBEDTLS_ECP_DP_*
configuration options, replace them by their
PSA_WANT_ECC_* equivalent in dependencies.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-11 17:59:29 +02:00
Ronald Cron
68ba7f7ab7 ssl-opt.sh: Replace MBEDTLS_RSA_C dependencies 
In preparation of the removal of MBEDTLS_RSA_C,
replace MBEDTLS_RSA_C by its PSA_WANT_ closest
equivalent PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
in dependencies.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-11 17:59:29 +02:00
Ronald Cron
bd28acf240 ssl-opt.sh: Remove dependencies on built-in CBC and AES 
Remove dependencies on MBEDTLS_CIPHER_MODE_CBC and
MBEDTLS_AES_C, as these options will no longer be
available once they are removed from the configuration.

The affected tests rely on the built-in CBC and AES
implementations. With the removal of
MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C as
configuration options, there is no longer a mechanism
in ssl-opt.sh to express these dependencies.

As a result, filter out these tests at the all.sh
component level when the built-in CBC and AES
implementations are not available.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-11 17:59:16 +02:00
Ari Weiler-Ofek
6ee4d9220e Fixed the same typo in ssl-opt.sh 
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
 2025-06-11 17:40:42 +01:00
Felix Conway
e0ce40bc8f Change hardcoded error values in ssl-opt to take in the PSA error alias 
ssl-opt checks for specific error code values in the output, but as
MBEDTLS_ERR_ECP_IN_PROGRESS is becoming an alias of PSA_OPERATION_INCOMPLETE
then this hardcoded value will change.

Therefore allow the result to be either the old mbedtls error, or the new PSA
error, as not to break the CI.

Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-05-19 16:22:05 +01:00
David Horstmann
232da48471 Merge pull request #9421 from mfil/feature/implement_tls_exporter 
Implement TLS-Exporter
 2025-04-17 14:47:13 +00:00
Manuel Pégourié-Gonnard
ed4a2b4f0a Merge branch 'development-restricted' into merge-from-restricted 
* development-restricted:
  Add missing credit for set_hostname issue
  Add changelog entry for TLS 1.2 Finished fix
  TLS1.2: Check for failures in Finished calculation
  ssl_session_reset: preserve HOSTNAME_SET flag
  Document the need to call mbedtls_ssl_set_hostname
  Improve documentation of mbedtls_ssl_set_hostname
  Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients
  Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
  mbedtls_ssl_set_hostname tests: add tests with CA callback
  Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
  Require calling mbedtls_ssl_set_hostname() for security
  Create error code for mbedtls_ssl_set_hostname not called
  Keep track of whether mbedtls_ssl_set_hostname() has been called
  Access ssl->hostname through abstractions in certificate verification
  mbedtls_ssl_set_hostname tests: baseline
  Add a flags field to mbedtls_ssl_context
  Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
  Make guards more consistent between X.509-has-certs and SSL-has-certs
  Fix Doxygen markup
  Make ticket_alpn field private

 Conflicts:
	programs/ssl/ssl_test_common_source.c
 2025-04-01 09:40:47 +02:00
Max Fillinger
d23579c746 Fix requirements for TLS 1.3 Exporter compat test 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
4e21703bcf Add fixed compatibility test for TLS 1.3 Exporter 
When testing TLS 1.3, use O_NEXT_CLI.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
7b97712164 Remove exporter compatibility test for TLS 1.3 
The openssl version in the docker image doesn't support TLS 1.3, so we
can't run the test.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
6d53a3a647 Fix openssl s_client invocation 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
f8059db4ee Print names of new tests properly 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
92b7a7e233 ssl-opt.sh: Add tests for keying material export 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Gabor Mezei
1ac784c5a5 Fix test case migration 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:55:35 +01:00
Gabor Mezei
3ead04a12d Remove/migrate tests for key exchange based on decryption 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
e1e27300a2 Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:01 +01:00
Minos Galanakis
625c8fd2d9 ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:31:37 +00:00
Minos Galanakis
dfc082e16c ssl-opt: Fixed a minor typo. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 10:25:24 +00:00
Minos Galanakis
f475a15d5d ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:15:40 +00:00
Minos Galanakis
641e08e2aa ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:43:08 +00:00
Minos Galanakis
1d78c7d58d ssl-opt: Added client-initiated server-rejected renegotation test. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:44 +00:00
Minos Galanakis
a8f14384f8 ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:44 +00:00
Minos Galanakis
df4ddfdf0c ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:44 +00:00
Minos Galanakis
0b830f145f ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:44 +00:00
Minos Galanakis
9b2e4b80e7 ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
af0e60b38f ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
70be67b97e ssl-opt: Fragmented HS renegotiation, updated matching regex 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
ae54c749fc ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
a7b19aa857 ssl-opt: Refactored fragmented HS renegotiation tests. 
- Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency.
- Re-ordered tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
990a10909d ssl-opt: Fragmented HS renegotiation, updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
135ebd3241 ssl-opt: Removed mock-tests from HS renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
87be69a3fc sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
05009c736c Added Mock Renegotiation negative test for testing. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
529188f30b ssl-opt: Added fragmented HS tests for server-initiated renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
5aaa6e048b ssl-opt: Added fragmented HS tests for client-initiated renegotiation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
daa14a4212 ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-13 11:06:43 +00:00
Minos Galanakis
a2a0c2cbe7 Merge remote-tracking branch 'origin/features/tls-defragmentation/development' into feature_merge_defragmentation_dev 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:25:06 +00:00
Gabor Mezei
dd7c0f1e66 Fix ciphersuit 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
00ab71035e Delete SSL async decryption tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00