lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
33,789 Commits 176 Branches 276 Tags
ff5d117df8a93b0204b4a5b22e85d12c3da31ace
Commit Graph

67 Commits

Author SHA1 Message Date
Ben Taylor
4bb98be277 initial remove of MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:13 +01:00
Gilles Peskine
6edb76cba4 mbedtls_test_ssl_endpoint_init: split configuration and setup 
Split `mbedtls_test_ssl_endpoint_init()` into two separate stages:
constructing the SSL configuration, and setting up an SSL session context
with that configuration.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-01 21:53:52 +02:00
Gilles Peskine
00eb072846 mbedtls_test_ssl_endpoint_init: store user_data_n in the endpoint object 
This will allow splitting the configuration and setup stages of
`mbedtls_test_ssl_endpoint_init()`, while still checking that the value is
carried over from the configuration to the session context.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-01 21:52:30 +02:00
Gilles Peskine
7a8fd46392 Separate test function to perform an SSL connection 
Split mbedtls_test_ssl_perform_connection() out of
mbedtls_test_ssl_perform_handshake().

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
ca8a9ac4af Remove unused parameters to endpoint init/free 
The DTLS context and the queues now conveyed inside the endpoint object.
Remove the unused parameters.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
6c154e7d51 Move queue management into mbedtls_test_ssl_dtls_join_endpoints 
This allows mbedtls_test_ssl_endpoint_init() to no longer interact with the
other endpoint.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
b092e78ab3 New auxiliary function mbedtls_test_ssl_dtls_join_endpoints 
Create an auxiliary function to perform some endpoint setup that involves
both the client and the server. This is only needed for DTLS.

The code that will eventually be in this function is currently mostly in
mbedtls_test_ssl_endpoint_init(). This commit adds the new function to the
control flow; a subsequent commit will move the relevant code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
29969593e4 Move DTLS context into the endpoint structure 
This is a step towards making mbedtls_test_ssl_endpoint_init() and
mbedtls_test_ssl_endpoint_free() more self-contained.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
9b993681fd mbedtls_test_ssl_perform_handshake: declare options as const 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
2744a43977 Refactor set_ciphersuites to work on the endpoint structure 
Link the ciphersuite list that's passed to mbedtls_ssl_conf_ciphersuites(),
and needs to survive in memory as long as the configuration object is live,
in the endpoint structure. This way it doesn't have to be a local variable
in mbedtls_test_ssl_do_handshake_with_endpoints().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
0677e02b78 Move timer into the endpoint structure 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:23:22 +02:00
Gilles Peskine
b6bb3fb6ef Flatten out mbedtls_test_ssl_endpoint_certificate structure 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-28 20:22:16 +02:00
David Horstmann
232da48471 Merge pull request #9421 from mfil/feature/implement_tls_exporter 
Implement TLS-Exporter
 2025-04-17 14:47:13 +00:00
Gilles Peskine
161cadd1cc Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:26 +02:00
Gilles Peskine
a4bf00227f Document gotcha of move_handshake_to_state 
A single call to move_handshake_to_state() can't do a full handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:26 +02:00
Max Fillinger
8f12e31223 Exportert tests: Free endpoints and options 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 17:06:48 +01:00
Max Fillinger
cf007ca8bb Add more tests for keying material export 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:47 +01:00
Gabor Mezei
e1e27300a2 Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:01 +01:00
Gabor Mezei
8829aa336c Fix code style 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-07 13:21:37 +01:00
Gabor Mezei
149509362b TLS context serialization needs an AEAD ciphersuite 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-06 16:06:42 +01:00
Valerio Setti
8438c637ee tests: remove references to DHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Elena Uziunaite
c256172b30 Replace MBEDTLS_SSL_HAVE_CCM with PSA_WANT_ALG_CCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:40:00 +01:00
Gilles Peskine
be6a47140b Merge pull request #9365 from eleuzi01/replace-gcm 
Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
 2024-08-05 09:43:23 +00:00
Gilles Peskine
9c9a3df3bf Merge pull request #9366 from eleuzi01/replace-chachapoly 
Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
 2024-08-02 14:26:27 +00:00
Elena Uziunaite
83a0d9deec Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-02 09:52:20 +01:00
Elena Uziunaite
5c70c30655 Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:31:00 +01:00
Elena Uziunaite
74342c7c2b Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:19:15 +01:00
Elena Uziunaite
6121a344dd Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-30 18:42:19 +01:00
Elena Uziunaite
0916cd702f Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-11 11:13:35 +03:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Waleed Elmelegy
4dfb0e7c90 Add ALPN checking when accepting early data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Ronald Cron
7e1f9f290f Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Ronald Cron
139a4185b1 Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration 
TLS: check RNG when calling mbedtls_ssl_setup()
 2024-03-08 07:38:39 +00:00
Ronald Cron
10b040fa6f tests: ssl_helpers: Rename rng_get to mbedtls_test_random 
mbedtls_test_ as the prefix for test APIs
_random like in mbedtls_ctr/hmac_drbg_random

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 17:00:38 +01:00
Ronald Cron
5d3036e6d5 tests: ssl: Add max_early_data_size option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Ronald Cron
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Manuel Pégourié-Gonnard
0ecb5fd6f5 Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Ronald Cron
b9a9b1f5a5 tls13: Fix/Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-15 17:19:14 +01:00
Ronald Cron
1f6e4e4a49 tests: ssl: Add helper function to get a TLS 1.3 ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
ced99be007 tests: ssl: Add early data handshake option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
fb53647b0b tests: ssl: Move group list to options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
77abfe67db ssl_helpers.c: Add ticket write/parse test functions 
Add ticket write/parse test functions as defined
by mbedtls_ssl_ticket_write/parse_t. They are
intended to be used in negative testing
involving tickets.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron
7b1921ac57 Add endpoint in TLS 1.2 session serialization data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Yanray Wang
a72bc9adf7 ssl_helpers: remove guard for rng_get() 
After adding a check in ssl_conf_check(), we have configured RNG via
mbedtls_ssl_conf_rng() for TLS tests in both test_suite_ssl.function
and test_suite_debug.function. As a result, rng_get() is not only
available when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED enabled.
Therefore, we remove the guard for rng_get() to make it accessible for
TLS tests which have call for mbedtls_ssl_setup().

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-04 11:07:00 +08:00
Yanray Wang
f88e529de3 ssl_helpers: make rng_get available for other test cases 
This is a pre-step to configure random number generator in some
TLS tests.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-04 10:50:34 +08:00
Pengyu Lv
ba6825e37b ssl: use MBEDTLS_SSL_HAVE_* in tests 
Done by commands:

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 14:09:16 +08:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 17:21:15 +02:00
Manuel Pégourié-Gonnard
56b159a12a Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00