lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity
33,531 Commits 174 Branches 272 Tags
development
Commit Graph

33531 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
4580c71f67 Merge pull request #10118 from mpg/issue-template 
Update bug report template for security issues
 2025-04-09 10:07:41 +00:00
Felix Conway
1ef121c9b9 Move script and update shebang to fix CI 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-04-09 09:51:13 +01:00
Felix Conway
e6605f9185 Adjust build scripts to accommodate public header move 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-04-08 14:26:29 +01:00
Gilles Peskine
946bf14608 Fix some test helper functions returning 0 on some failures 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-08 09:48:40 +02:00
Gilles Peskine
55b8bb43e7 Check the status of mbedtls_ssl_set_hostname() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-08 09:44:34 +02:00
Gilles Peskine
3b819cf22f Merge pull request #10109 from mpg/merge-from-restricted 
Merge from restricted
 2025-04-07 14:04:06 +00:00
Manuel Pégourié-Gonnard
f02784bb2c Tune wording 
- add more emphasis
- fix a typo

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-04-07 10:49:49 +02:00
Ronald Cron
16be0f09cf Merge pull request #10008 from valeriosetti/issue138-development 
[development] Add test_tf_psa_crypto_cmake_shared to components-build-system.sh
 2025-04-04 18:11:00 +02:00
Valerio Setti
48e5c958a7 tf-psa-crypto: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-04-04 13:51:28 +02:00
Valerio Setti
0690a63472 framework: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-04-04 13:51:22 +02:00
Manuel Pégourié-Gonnard
09e35e7ac8 Update bug report template for security issues 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-04-04 12:59:49 +02:00
Ronald Cron
8bbe60a67f Merge pull request #10102 from ronald-cron-arm/check-generated-files-follow-up 
Check generated files follow-up
 2025-04-02 20:55:45 +00:00
Ronald Cron
33770e75c3 Update tf-psa-crypto pointer 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-04-01 22:30:42 +02:00
Ronald Cron
96121ed94f Update framework pointer 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-04-01 22:30:33 +02:00
Manuel Pégourié-Gonnard
ed4a2b4f0a Merge branch 'development-restricted' into merge-from-restricted 
* development-restricted:
  Add missing credit for set_hostname issue
  Add changelog entry for TLS 1.2 Finished fix
  TLS1.2: Check for failures in Finished calculation
  ssl_session_reset: preserve HOSTNAME_SET flag
  Document the need to call mbedtls_ssl_set_hostname
  Improve documentation of mbedtls_ssl_set_hostname
  Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients
  Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
  mbedtls_ssl_set_hostname tests: add tests with CA callback
  Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
  Require calling mbedtls_ssl_set_hostname() for security
  Create error code for mbedtls_ssl_set_hostname not called
  Keep track of whether mbedtls_ssl_set_hostname() has been called
  Access ssl->hostname through abstractions in certificate verification
  mbedtls_ssl_set_hostname tests: baseline
  Add a flags field to mbedtls_ssl_context
  Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
  Make guards more consistent between X.509-has-certs and SSL-has-certs
  Fix Doxygen markup
  Make ticket_alpn field private

 Conflicts:
	programs/ssl/ssl_test_common_source.c
 2025-04-01 09:40:47 +02:00
Manuel Pégourié-Gonnard
e2359585e4 Merge pull request #10078 from bjwtaylor/pk_rsa_alt-removal 
Pk rsa alt removal
 2025-04-01 07:32:46 +00:00
Ronald Cron
762c80199d Use make_generated_files.py in make_generated_files.bat 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-31 17:18:03 +02:00
Ronald Cron
444db895f7 Remove check-generated-files.sh 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-31 17:18:03 +02:00
Ronald Cron
694cbfa6de Merge pull request #10101 from ronald-cron-arm/remove-all-sh-wrapper 
Remove all.sh wrapper
 2025-03-31 09:36:25 +00:00
Ronald Cron
5d9b9d244f Rename mbedtls-all.sh to just all.sh 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-29 10:06:38 +01:00
Ronald Cron
8e2d40dbec Remove all.sh wrapper 
Now that in TF-PSA-Crypto CI, the TF-PSA-Crypto
all.sh components are run in pure TF-PSA-Crypto
context, there is no need to run them as part of
mbedtls CI anymore. The all.sh wrapper wrapping
./tests/scripts/mbedtls-all.sh and
./tf-psa-crypto/tests/scripts/all.sh can be
removed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-03-29 10:01:53 +01:00
Max Fillinger
1a1ec2fcce Fix up merge conflict resolution 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:54:08 +01:00
Max Fillinger
29f8f9a49d Fix dependencies for TLS-Exporter tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
7577c9e373 Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT 
Error was introduced while resolving a merge conflict.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
af2035fcad Fix mistake in previous comment change 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
ee33b31f0b Fix HkdfLabel comment 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
5826883ca5 Allow maximum label length in Hkdf-Expand-Label 
Previously, the length of the label was limited to the maximal length
that would be used in the TLS 1.3 key schedule. With the keying material
exporter, labels of up to 249 bytes may be used.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
9f843332e8 Exporter: Add min. and max. label tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
9c5bae5026 Fix max. label length in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
53d9168502 Document BAD_INPUT_DATA error in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
d23579c746 Fix requirements for TLS 1.3 Exporter compat test 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
22728dc5e3 Use mbedtls_calloc, not regular calloc 
Also fix the allocation size.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
4e21703bcf Add fixed compatibility test for TLS 1.3 Exporter 
When testing TLS 1.3, use O_NEXT_CLI.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
7b97712164 Remove exporter compatibility test for TLS 1.3 
The openssl version in the docker image doesn't support TLS 1.3, so we
can't run the test.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
6d53a3a647 Fix openssl s_client invocation 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
f8059db4ee Print names of new tests properly 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
144cccecb7 Fix memory leak in example programs 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
92b7a7e233 ssl-opt.sh: Add tests for keying material export 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
ee467aae69 mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:08:12 +01:00
Max Fillinger
d6e0095478 Exporter tests: Don't use unavailbable constant 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
8e0b8c9d9f Exporter tests: Add missing depends-ons 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:10 +01:00
Max Fillinger
c6fd1a24d2 Use one maximum key_len for all exported keys 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
a9a9e99a6b Exporter tests: Reduce key size in long key tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
9dc7b19a6a Exporter tests: Free endpoints before PSA_DONE() 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
364afea9d3 Exporter tests: Fix possible uninitialized variable use 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:06:48 +01:00
Max Fillinger
ea1e777c01 Coding style cleanup 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:06:48 +01:00
Max Fillinger
8a2d2adf8c Exporter tests: Initialize allocated memory 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:06:48 +01:00
Max Fillinger
8f12e31223 Exportert tests: Free endpoints and options 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:06:48 +01:00
Max Fillinger
3e1291866d Fix output size check for key material exporter 
HKDF-Expand can produce at most 255 * hash_size bytes of key material,
so this limit applies to the TLS 1.3 key material exporter.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
28916ac8fe Increase allowed output size of HKDF-Expand-Label 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00