From 0c8b25a684fa6797da338ff1fdb4786ef972823d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:24:03 +0100 Subject: [PATCH 01/60] library: ssl: add public function to retrieve the list of supported groups Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ library/ssl_tls.c | 5 +++++ 2 files changed, 23 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4fb4584362..ec69c83f15 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,6 +3660,24 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +/** + * \brief Return the list of supported groups (curves and finite fields). + * + * \note The returned list is ordered in ascending order of resource + * usage. This follows the same pattern of the default list being + * used when mbedtls_ssl_conf_groups() is not called. + * + * \note The returned list represents supported groups in the current build + * configuration, not the one set by mbedtls_ssl_conf_groups(). + * + * \note The returned list is static so the user doesn't need to worry + * about it being freed. + * + * \return The list made of IANA NamedGroups IDs (MBEDTLS_SSL_IANA_TLS_GROUP_xxx) + * with the last item always being MBEDTLS_SSL_IANA_TLS_GROUP_NONE. + */ +const uint16_t *mbedtls_ssl_get_supported_group_list(void); + /** * \brief Set the allowed groups in order of preference. * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index be071defac..e8ebe7d922 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2360,6 +2360,11 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +const uint16_t *mbedtls_ssl_get_supported_group_list(void) +{ + return ssl_preset_default_groups; +} + /* * Set the allowed groups */ From 1ab51732e2f3456457f31d012e529e1259eca494 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jan 2026 05:41:00 +0100 Subject: [PATCH 02/60] library: ssl: improve documentation of mbedtls_ssl_conf_groups() Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ec69c83f15..b413dfba67 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3703,6 +3703,10 @@ const uint16_t *mbedtls_ssl_get_supported_group_list(void); * keeping with the general principle of favoring the lowest * resource usage. * + * \note The list is not copied internally, only the reference to it + * is saved in \p conf. Do not free \p groups memory for the + * in which \p conf is being used. + * * \param conf SSL configuration * \param groups List of allowed groups ordered by preference, terminated by 0. * Must contain valid IANA NamedGroup IDs (provided via either an integer From 2707100ab7a66ec29183e9b7f7383450379a570c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:26:53 +0100 Subject: [PATCH 03/60] library: ssl: move location of ssl_preset_default_groups() Signed-off-by: Valerio Setti --- library/ssl_tls.c | 82 +++++++++++++++++++++++------------------------ 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8ebe7d922..83916dcd3a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2360,6 +2360,47 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* The selection should be the same as mbedtls_x509_crt_profile_default in + * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: + * curves with a lower resource usage come first. + * See the documentation of mbedtls_ssl_conf_groups() for what we promise + * about this list. + */ +static const uint16_t ssl_preset_default_groups[] = { +#if defined(PSA_WANT_ECC_MONTGOMERY_255) + MBEDTLS_SSL_IANA_TLS_GROUP_X25519, +#endif +#if defined(PSA_WANT_ECC_SECP_R1_256) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, +#endif +#if defined(PSA_WANT_ECC_SECP_R1_384) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, +#endif +#if defined(PSA_WANT_ECC_MONTGOMERY_448) + MBEDTLS_SSL_IANA_TLS_GROUP_X448, +#endif +#if defined(PSA_WANT_ECC_SECP_R1_521) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, +#endif +#if defined(PSA_WANT_ALG_FFDH) + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, +#endif + MBEDTLS_SSL_IANA_TLS_GROUP_NONE +}; + const uint16_t *mbedtls_ssl_get_supported_group_list(void) { return ssl_preset_default_groups; @@ -5168,47 +5209,6 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) memset(conf, 0, sizeof(mbedtls_ssl_config)); } -/* The selection should be the same as mbedtls_x509_crt_profile_default in - * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: - * curves with a lower resource usage come first. - * See the documentation of mbedtls_ssl_conf_groups() for what we promise - * about this list. - */ -static const uint16_t ssl_preset_default_groups[] = { -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - MBEDTLS_SSL_IANA_TLS_GROUP_X25519, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - MBEDTLS_SSL_IANA_TLS_GROUP_X448, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_521) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, -#endif -#if defined(PSA_WANT_ALG_FFDH) - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, -#endif - MBEDTLS_SSL_IANA_TLS_GROUP_NONE -}; - static const int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, From 67f30df5a1952a0090d11affaa8c1cb2a6f8ed67 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:29:22 +0100 Subject: [PATCH 04/60] library: ssl: use correct PSA_WANT for DH groups in ssl_preset_default_groups Use proper PSA_WANT_DH_RFC7919_xxx instead of PSA_WANT_ALG_FFDH. Signed-off-by: Valerio Setti --- library/ssl_tls.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 83916dcd3a..cadb3cbd32 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2391,11 +2391,19 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, #endif -#if defined(PSA_WANT_ALG_FFDH) +#if defined(PSA_WANT_DH_RFC7919_2048) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, +#endif +#if defined(PSA_WANT_DH_RFC7919_3072) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, +#endif +#if defined(PSA_WANT_DH_RFC7919_4096) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, +#endif +#if defined(PSA_WANT_DH_RFC7919_6144) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, +#endif +#if defined(PSA_WANT_DH_RFC7919_8192) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, #endif MBEDTLS_SSL_IANA_TLS_GROUP_NONE From 335b1b6089cf811dcec4faa01a00ed5634f595f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:31:15 +0100 Subject: [PATCH 05/60] library: ssl: add missing secp256k1 to ssl_preset_default_groups Signed-off-by: Valerio Setti --- library/ssl_tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cadb3cbd32..f3a60669b7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2373,6 +2373,9 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(PSA_WANT_ECC_SECP_R1_256) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif +#if defined(PSA_WANT_ECC_SECP_K1_256) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, +#endif #if defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif From 8686ad1a9eff5d51b3a0d1062d9758f00a89674b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 16:07:55 +0100 Subject: [PATCH 06/60] tests: ssl: add testing for mbedtls_ssl_get_supported_group_list() Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 112 +++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 19 +++++ 2 files changed, 131 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index fa61b0f435..f05477fb0d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3031,6 +3031,118 @@ ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSI Test configuration of EC groups through mbedtls_ssl_conf_groups() conf_group: +Get supported group list: x25519, positive +depends_on:PSA_WANT_ECC_MONTGOMERY_255 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:1 + +Get supported group list: x25519, negative +depends_on:!PSA_WANT_ECC_MONTGOMERY_255 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:0 + +Get supported group list: secp256r1, positive +depends_on:PSA_WANT_ECC_SECP_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:1 + +Get supported group list: secp256r1, negative +depends_on:!PSA_WANT_ECC_SECP_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:0 + +Get supported group list: secp256k1, positive +depends_on:PSA_WANT_ECC_SECP_K1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:1 + +Get supported group list: secp256k1, negative +depends_on:!PSA_WANT_ECC_SECP_K1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:0 + +Get supported group list: secp384r1, positive +depends_on:PSA_WANT_ECC_SECP_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:1 + +Get supported group list: secp384r1, negative +depends_on:!PSA_WANT_ECC_SECP_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:0 + +Get supported group list: x448, positive +depends_on:PSA_WANT_ECC_MONTGOMERY_448 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:1 + +Get supported group list: x448, negative +depends_on:!PSA_WANT_ECC_MONTGOMERY_448 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:0 + +Get supported group list: secp521r1, positive +depends_on:PSA_WANT_ECC_SECP_R1_521 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:1 + +Get supported group list: secp521r1, negative +depends_on:!PSA_WANT_ECC_SECP_R1_521 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:0 + +Get supported group list: brainpool256r1, positive +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:1 + +Get supported group list: brainpool256r1, negative +depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:0 + +Get supported group list: brainpool384r1, positive +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:1 + +Get supported group list: brainpool384r1, negative +depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:0 + +Get supported group list: brainpool512r1, positive +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:1 + +Get supported group list: brainpool512r1, negative +depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_512 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:0 + +Get supported group list: ffdhe2048, positive +depends_on:PSA_WANT_DH_RFC7919_2048 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:1 + +Get supported group list: ffdhe2048, negative +depends_on:!PSA_WANT_DH_RFC7919_2048 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:0 + +Get supported group list: ffdhe3072, positive +depends_on:PSA_WANT_DH_RFC7919_3072 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:1 + +Get supported group list: ffdhe3072, negative +depends_on:!PSA_WANT_DH_RFC7919_3072 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:0 + +Get supported group list: ffdhe4096, positive +depends_on:PSA_WANT_DH_RFC7919_4096 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:1 + +Get supported group list: ffdhe4096, negative +depends_on:!PSA_WANT_DH_RFC7919_4096 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:0 + +Get supported group list: ffdhe6144, positive +depends_on:PSA_WANT_DH_RFC7919_6144 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:1 + +Get supported group list: ffdhe6144, negative +depends_on:!PSA_WANT_DH_RFC7919_6144 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:0 + +Get supported group list: ffdhe8192, positive +depends_on:PSA_WANT_DH_RFC7919_8192 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:1 + +Get supported group list: ffdhe8192, negative +depends_on:!PSA_WANT_DH_RFC7919_8192 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:0 + Version config: valid client TLS 1.2 only depends_on:MBEDTLS_SSL_PROTO_TLS1_2 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5b6500898e..7a7771cb73 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3574,6 +3574,25 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_available) +{ + const uint16_t *list = mbedtls_ssl_get_supported_group_list(); + int found = 0; + + for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) { + if (list[i] == iana_group_id) { + found = 1; + break; + } + } + + TEST_EQUAL(found, is_available); + +exit:; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ void force_bad_session_id_len() { From 6c5a9f04dfaeb3ab95004859463adb43f147f406 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jan 2026 16:52:11 +0100 Subject: [PATCH 07/60] library: ssl: improve/fix documentation of group related functions Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b413dfba67..c21c1b1ae7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3674,7 +3674,7 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, * about it being freed. * * \return The list made of IANA NamedGroups IDs (MBEDTLS_SSL_IANA_TLS_GROUP_xxx) - * with the last item always being MBEDTLS_SSL_IANA_TLS_GROUP_NONE. + * and is terminated by #MBEDTLS_SSL_IANA_TLS_GROUP_NONE. */ const uint16_t *mbedtls_ssl_get_supported_group_list(void); @@ -3704,7 +3704,7 @@ const uint16_t *mbedtls_ssl_get_supported_group_list(void); * resource usage. * * \note The list is not copied internally, only the reference to it - * is saved in \p conf. Do not free \p groups memory for the + * is saved in \p conf. Do not free \p groups memory for the time * in which \p conf is being used. * * \param conf SSL configuration From 2aecd2cd5fe0babe94fb971b6191d75c3ceacbf9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jan 2026 17:13:44 +0100 Subject: [PATCH 08/60] library|tests: ssl: remove secp256k1 from default groups Signed-off-by: Valerio Setti --- library/ssl_tls.c | 3 --- tests/suites/test_suite_ssl.data | 8 -------- 2 files changed, 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f3a60669b7..cadb3cbd32 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2373,9 +2373,6 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(PSA_WANT_ECC_SECP_R1_256) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, -#endif #if defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index f05477fb0d..6bef4c6518 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3047,14 +3047,6 @@ Get supported group list: secp256r1, negative depends_on:!PSA_WANT_ECC_SECP_R1_256 test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:0 -Get supported group list: secp256k1, positive -depends_on:PSA_WANT_ECC_SECP_K1_256 -test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:1 - -Get supported group list: secp256k1, negative -depends_on:!PSA_WANT_ECC_SECP_K1_256 -test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:0 - Get supported group list: secp384r1, positive depends_on:PSA_WANT_ECC_SECP_R1_384 test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:1 From 7ca3c602b7f474a12ba9ce9e0c715238682c43ce Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jan 2026 10:15:12 +0100 Subject: [PATCH 09/60] library: ssl: add macro for allocating a TLS-ID <-> group-name table Being a macro allow the table to be instatiated only when/if necessary by the consuming code. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 25 +++++++++++++++++++++++++ library/ssl_tls.c | 19 ++----------------- 2 files changed, 27 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c21c1b1ae7..b9e725e99e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,6 +3660,31 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +/** + *\brief Define a TLS-ID <-> group-name table + */ +#define MBEDTLS_TLS_ID_GROUP_NAME_TABLE(table_name) \ + struct { \ + uint16_t tls_id; \ + const char *group_name; \ + } table_name[] = { \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, "" } \ + } + /** * \brief Return the list of supported groups (curves and finite fields). * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cadb3cbd32..207a69d7d5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5850,28 +5850,13 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) } #if defined(MBEDTLS_DEBUG_C) -static const struct { - uint16_t tls_id; - const char *name; -} tls_id_curve_name_table[] = -{ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, - { 0, NULL }, -}; +static MBEDTLS_TLS_ID_GROUP_NAME_TABLE(tls_id_curve_name_table); const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) { for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { if (tls_id_curve_name_table[i].tls_id == tls_id) { - return tls_id_curve_name_table[i].name; + return tls_id_curve_name_table[i].group_name; } } From c87adb64f2cb4f4d9e99798da0294e28a97a17bd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jan 2026 11:09:20 +0100 Subject: [PATCH 10/60] tests: ssl: add test for TLS-ID <-> curve-name table Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 60 ++++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 21 ++++++++++ 2 files changed, 81 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6bef4c6518..7732870cba 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3135,6 +3135,66 @@ Get supported group list: ffdhe8192, negative depends_on:!PSA_WANT_DH_RFC7919_8192 test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:0 +TLS ID <-> group name: x25519 +depends_on:PSA_WANT_ECC_MONTGOMERY_255 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:"x25519" + +TLS ID <-> group name: secp256r1 +depends_on:PSA_WANT_ECC_SECP_R1_256 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:"secp256r1" + +TLS ID <-> group name: secp256k1 +depends_on:PSA_WANT_ECC_SECP_K1_256 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:"secp256k1" + +TLS ID <-> group name: secp384r1 +depends_on:PSA_WANT_ECC_SECP_R1_384 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:"secp384r1" + +TLS ID <-> group name: x448 +depends_on:PSA_WANT_ECC_MONTGOMERY_448 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X448:"x448" + +TLS ID <-> group name: secp521r1 +depends_on:PSA_WANT_ECC_SECP_R1_521 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:"secp521r1" + +TLS ID <-> group name: brainpoolP256r1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:"brainpoolP256r1" + +TLS ID <-> group name: brainpoolP384r1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:"brainpoolP384r1" + +TLS ID <-> group name: brainpoolP512r1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:"brainpoolP512r1" + +TLS ID <-> group name: ffdhe2048 +depends_on:PSA_WANT_DH_RFC7919_2048 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:"ffdhe2048" + +TLS ID <-> group name: ffdhe3072 +depends_on:PSA_WANT_DH_RFC7919_3072 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:"ffdhe3072" + +TLS ID <-> group name: ffdhe4096 +depends_on:PSA_WANT_DH_RFC7919_4096 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:"ffdhe4096" + +TLS ID <-> group name: ffdhe6144 +depends_on:PSA_WANT_DH_RFC7919_6144 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:"ffdhe6144" + +TLS ID <-> group name: ffdhe8192 +depends_on:PSA_WANT_DH_RFC7919_8192 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:"ffdhe8192" + +TLS ID <-> group name: [NONE] +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_NONE:"" + + Version config: valid client TLS 1.2 only depends_on:MBEDTLS_SSL_PROTO_TLS1_2 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7a7771cb73..33c1d44a37 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3593,6 +3593,27 @@ exit:; } /* END_CASE */ +/* BEGIN_CASE */ +void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) +{ + MBEDTLS_TLS_ID_GROUP_NAME_TABLE(test_table); + const char *table_name = NULL; + size_t table_name_len = 0; + + for (size_t i = 0; i < ARRAY_LENGTH(test_table); i++) { + if (test_table[i].tls_id == group_id) { + table_name = test_table[i].group_name; + table_name_len = strlen(table_name); + } + } + + TEST_ASSERT(table_name != NULL); + TEST_MEMORY_COMPARE(table_name, table_name_len, group_name, strlen(group_name)); + +exit:; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ void force_bad_session_id_len() { From fb317afa9fd13c228a04a94f017301d18fc031b2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 00:36:17 +0100 Subject: [PATCH 11/60] library: ssl: rework macro to define known TLS ID <-> group name list - let the macro be an initializer for the array of known TLS IDs, not a variable declarator; - last item's group name is NULL, not an empty string - change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to MBEDTLS_SSL_IANA_TLS_GROUPS_INFO - define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to hold each element of the table and that can be used the go over the list from user code. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 26 ++++++++++++++++++-------- library/ssl_tls.c | 3 ++- tests/suites/test_suite_ssl.function | 12 ++++++++---- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b9e725e99e..aeb499586f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,14 +3660,24 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -/** - *\brief Define a TLS-ID <-> group-name table +/* + * This structure defines the correpondence between IANA's TLS-ID and its + * corresponding group name. + * This is used in macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO to define the list + * of known TLS IDs and corresponding group names. */ -#define MBEDTLS_TLS_ID_GROUP_NAME_TABLE(table_name) \ - struct { \ - uint16_t tls_id; \ - const char *group_name; \ - } table_name[] = { \ +typedef struct { + uint16_t tls_id; + const char *group_name; +} mbedtls_ssl_iana_tls_group_info_t; + +/* + * Initializer for a list of known "TLS ID" <-> "group name". + * Each entry is a structure of type mbedtls_ssl_iana_tls_group_info_t. + * The last entry has 'tls_id = 0' and 'group_name = NULL'. + */ +#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ + { \ { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, \ @@ -3682,7 +3692,7 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, "" } \ + { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL } \ } /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 207a69d7d5..f6199195cb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5850,7 +5850,8 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) } #if defined(MBEDTLS_DEBUG_C) -static MBEDTLS_TLS_ID_GROUP_NAME_TABLE(tls_id_curve_name_table); +static +mbedtls_ssl_iana_tls_group_info_t tls_id_curve_name_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) { diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 33c1d44a37..40f49a894b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3596,13 +3596,17 @@ exit:; /* BEGIN_CASE */ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) { - MBEDTLS_TLS_ID_GROUP_NAME_TABLE(test_table); + mbedtls_ssl_iana_tls_group_info_t test_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; + mbedtls_ssl_iana_tls_group_info_t *item; const char *table_name = NULL; size_t table_name_len = 0; - for (size_t i = 0; i < ARRAY_LENGTH(test_table); i++) { - if (test_table[i].tls_id == group_id) { - table_name = test_table[i].group_name; + /* Ensure that the list includes at least 1 valid entry. */ + TEST_ASSERT(test_table[0].tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE); + + for (item = &test_table[0]; item->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; item++) { + if (item->tls_id == group_id) { + table_name = item->group_name; table_name_len = strlen(table_name); } } From bb4f58487602b18cda8713f65b1a27768404834a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 00:44:56 +0100 Subject: [PATCH 12/60] tests: ssl: improve test_mbedtls_tls_id_group_name_table() Check provided group_name also against the value returned from mbedtls_ssl_get_curve_name_from_tls_id(). Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.function | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 40f49a894b..9d2e56dd38 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3599,7 +3599,6 @@ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) mbedtls_ssl_iana_tls_group_info_t test_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; mbedtls_ssl_iana_tls_group_info_t *item; const char *table_name = NULL; - size_t table_name_len = 0; /* Ensure that the list includes at least 1 valid entry. */ TEST_ASSERT(test_table[0].tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE); @@ -3607,12 +3606,16 @@ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) for (item = &test_table[0]; item->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; item++) { if (item->tls_id == group_id) { table_name = item->group_name; - table_name_len = strlen(table_name); } } TEST_ASSERT(table_name != NULL); - TEST_MEMORY_COMPARE(table_name, table_name_len, group_name, strlen(group_name)); + TEST_MEMORY_COMPARE(table_name, strlen(table_name), group_name, strlen(group_name)); + +#if defined(MBEDTLS_DEBUG_C) + const char *builtin_table_name = mbedtls_ssl_get_curve_name_from_tls_id(group_id); + TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name, strlen(group_name)); +#endif /* MBEDTLS_DEBUG_C */ exit:; } From 4f1e4fba80d13738b85a60329b9ef4165a64990c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 00:51:35 +0100 Subject: [PATCH 13/60] library: ssl: make the list of "TLS ID" <-> "group name" public when possible This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate the library size. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 8 ++++++++ library/ssl_tls.c | 10 +++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aeb499586f..225736fce7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3695,6 +3695,14 @@ typedef struct { { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL } \ } +#if defined(MBEDTLS_DEBUG_C) +/* + * List of known "TLS ID" <-> "group name". + * #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is used to initialized the list. + */ +extern mbedtls_ssl_iana_tls_group_info_t mbedtls_ssl_iana_tls_group_info[]; +#endif /* MBEDTLS_DEBUG_C */ + /** * \brief Return the list of supported groups (curves and finite fields). * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f6199195cb..5c03917719 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5850,14 +5850,14 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) } #if defined(MBEDTLS_DEBUG_C) -static -mbedtls_ssl_iana_tls_group_info_t tls_id_curve_name_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; +mbedtls_ssl_iana_tls_group_info_t mbedtls_ssl_iana_tls_group_info[] = + MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) { - for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { - if (tls_id_curve_name_table[i].tls_id == tls_id) { - return tls_id_curve_name_table[i].group_name; + for (int i = 0; mbedtls_ssl_iana_tls_group_info[i].tls_id != 0; i++) { + if (mbedtls_ssl_iana_tls_group_info[i].tls_id == tls_id) { + return mbedtls_ssl_iana_tls_group_info[i].group_name; } } From d658f3d41ec6eda187cbf768cce381bacf42481f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 11:42:59 +0100 Subject: [PATCH 14/60] tests: ssl: skip testing of MBEDTLS_SSL_IANA_TLS_GROUP_NONE This is already indirectly checked in 'test_mbedtls_tls_id_group_name_table' because it's the last item of the list. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 4 ---- tests/suites/test_suite_ssl.function | 3 ++- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7732870cba..231c4b05f3 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3191,10 +3191,6 @@ TLS ID <-> group name: ffdhe8192 depends_on:PSA_WANT_DH_RFC7919_8192 test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:"ffdhe8192" -TLS ID <-> group name: [NONE] -test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_NONE:"" - - Version config: valid client TLS 1.2 only depends_on:MBEDTLS_SSL_PROTO_TLS1_2 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9d2e56dd38..c63ad65bd2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3614,7 +3614,8 @@ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) #if defined(MBEDTLS_DEBUG_C) const char *builtin_table_name = mbedtls_ssl_get_curve_name_from_tls_id(group_id); - TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name, strlen(group_name)); + TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name, + strlen(group_name)); #endif /* MBEDTLS_DEBUG_C */ exit:; From 9b49d5dbdedc4b7758be9f7ecb3c42c29e556c5d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 17:56:34 +0100 Subject: [PATCH 15/60] library: ssl: fix documentation of IANA TLS group info Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 225736fce7..baf889ba62 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,21 +3660,25 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -/* +/** * This structure defines the correpondence between IANA's TLS-ID and its * corresponding group name. * This is used in macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO to define the list * of known TLS IDs and corresponding group names. + * + * Future versions of the library might add new fields to this structure. */ typedef struct { uint16_t tls_id; const char *group_name; } mbedtls_ssl_iana_tls_group_info_t; -/* - * Initializer for a list of known "TLS ID" <-> "group name". - * Each entry is a structure of type mbedtls_ssl_iana_tls_group_info_t. - * The last entry has 'tls_id = 0' and 'group_name = NULL'. +/** + * Initializer for a list of known TLS 1.2 named elliptic curves and + * TLS 1.3 groups, with their names. + * + * Each entry is a structure of type #mbedtls_ssl_iana_tls_group_info_t. + * The last entry has `tls_id = 0` and `group_name = NULL`. */ #define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ { \ @@ -3696,7 +3700,7 @@ typedef struct { } #if defined(MBEDTLS_DEBUG_C) -/* +/** * List of known "TLS ID" <-> "group name". * #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is used to initialized the list. */ From 476a2edea7c068b2b58ddf33009a456591350779 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 23:37:50 +0100 Subject: [PATCH 16/60] library: extend mbedtls_ssl_iana_tls_group_info_t structure Add new field that tells if the corresponding group is supported or not in the current build. Test function "test_mbedtls_ssl_get_supported_group_list" is extended to verify this new feature. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 119 ++++++++++++++++++++++----- tests/suites/test_suite_ssl.function | 13 ++- 2 files changed, 109 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index baf889ba62..95f3c3e22c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3661,18 +3661,93 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ /** - * This structure defines the correpondence between IANA's TLS-ID and its - * corresponding group name. - * This is used in macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO to define the list - * of known TLS IDs and corresponding group names. + * This structure defines each entry of the macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO. * - * Future versions of the library might add new fields to this structure. + * \note Future versions of the library might add new fields to this structure. */ typedef struct { + /** TLS-ID */ uint16_t tls_id; + + /** Group name */ const char *group_name; + + /** 1 if the group is supported; 0 otherwise */ + uint8_t is_supported; } mbedtls_ssl_iana_tls_group_info_t; +/* Helpers to check which PSA_WANT_xxx symbols are defined for groups. */ +#if defined(PSA_WANT_ECC_MONTGOMERY_255) +#define MBEDTLS_SSL_HAVE_GROUP_X25519 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_X25519 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_256) +#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 0 +#endif +#if defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_384) +#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 0 +#endif +#if defined(PSA_WANT_ECC_MONTGOMERY_448) +#define MBEDTLS_SSL_HAVE_GROUP_X448 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_X448 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_521) +#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_2048) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_3072) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_4096) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_6144) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_8192) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 0 +#endif + /** * Initializer for a list of known TLS 1.2 named elliptic curves and * TLS 1.3 groups, with their names. @@ -3680,23 +3755,23 @@ typedef struct { * Each entry is a structure of type #mbedtls_ssl_iana_tls_group_info_t. * The last entry has `tls_id = 0` and `group_name = NULL`. */ -#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ - { \ - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL } \ +#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ + { \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", MBEDTLS_SSL_HAVE_GROUP_X25519 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", MBEDTLS_SSL_HAVE_GROUP_SECP256R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", MBEDTLS_SSL_HAVE_GROUP_SECP256K1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", MBEDTLS_SSL_HAVE_GROUP_SECP384R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", MBEDTLS_SSL_HAVE_GROUP_X448 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", MBEDTLS_SSL_HAVE_GROUP_SECP521R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", MBEDTLS_SSL_HAVE_GROUP_BP256R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", MBEDTLS_SSL_HAVE_GROUP_BP384R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", MBEDTLS_SSL_HAVE_GROUP_BP512R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL, 1 } \ } #if defined(MBEDTLS_DEBUG_C) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c63ad65bd2..55f9965542 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3580,15 +3580,26 @@ void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_availab const uint16_t *list = mbedtls_ssl_get_supported_group_list(); int found = 0; + /* First: go through the list returned by mbedtls_ssl_get_supported_group_list() and + * check that the specified group ID is supported/unsupported as expected. */ for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) { if (list[i] == iana_group_id) { found = 1; break; } } - TEST_EQUAL(found, is_available); + /* Second: check that supported/unsupported property for the specified group is also + * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_NONE. */ + mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; + mbedtls_ssl_iana_tls_group_info_t *ptr; + for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) { + if (ptr->tls_id == iana_group_id) { + TEST_EQUAL(ptr->is_supported, is_available); + } + } + exit:; } /* END_CASE */ From 7bba265eed2fcd3940ef407b6c301868f73ede25 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 30 Jan 2026 12:23:16 +0000 Subject: [PATCH 17/60] Add link to TF-PSA-Crypto SECURITY.md To avoid confusion about the threat model of cryptographic code, add a link to the SECURITY.md of TF-PSA-Crypto. This should help users who are unaware that the cryptography has been split into a separate repository. Signed-off-by: David Horstmann --- SECURITY.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 98cb59bd1c..7059970bb8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -19,6 +19,12 @@ Only the maintained branches, as listed in [`BRANCHES.md`](BRANCHES.md), get security fixes. Users are urged to always use the latest version of a maintained branch. +## Use of TF-PSA-Crypto + +Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto. Its +security policy can be found +[here](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md). + ## Threat model We classify attacks based on the capabilities of the attacker. From 8b1d9e49d9032bf228e2008f5012bab0fc3a0554 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 30 Jan 2026 14:51:59 +0000 Subject: [PATCH 18/60] Reword to be more specific Specify that the cryptographic operations of Mbed TLS are governed by its threat model and point specifically to block ciphers as an important case of this. Signed-off-by: David Horstmann --- SECURITY.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7059970bb8..e36162abd7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,9 +21,13 @@ Users are urged to always use the latest version of a maintained branch. ## Use of TF-PSA-Crypto -Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto. Its -security policy can be found -[here](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md). +Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto. +Its +[threat model](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md#threat-model) +applies to all cryptographic operations performed by Mbed TLS. In particular, +users of Mbed TLS should note the considerations around +[block ciphers](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md#block-ciphers) +since they apply to the block ciphers used in TLS. ## Threat model From c3f585b8ee9c6239a2dcee8affdb70be83ebd043 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 30 Jan 2026 22:02:08 +0100 Subject: [PATCH 19/60] tests: ssl: fix typo in comment in test_mbedtls_ssl_get_supported_group_list Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 55f9965542..a12acfe83e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3591,7 +3591,7 @@ void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_availab TEST_EQUAL(found, is_available); /* Second: check that supported/unsupported property for the specified group is also - * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_NONE. */ + * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_INFO. */ mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; mbedtls_ssl_iana_tls_group_info_t *ptr; for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) { From 318e4314dfc7e591e265903f57acdf20a13a3371 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 2 Feb 2026 13:38:03 +0100 Subject: [PATCH 20/60] changelog: add notes about helpers added to get list of known/supported TLS groups Signed-off-by: Valerio Setti --- ChangeLog.d/issue10349.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/issue10349.txt diff --git a/ChangeLog.d/issue10349.txt b/ChangeLog.d/issue10349.txt new file mode 100644 index 0000000000..ab47659ed8 --- /dev/null +++ b/ChangeLog.d/issue10349.txt @@ -0,0 +1,8 @@ +Features + * Function mbedtls_ssl_get_supported_group_list() is added to return the list + of supported groups IDs (curves and finite fields). + * MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is added to allow defining the list of + mbedtls_ssl_iana_tls_group_info_t items which represent known TLS groups + with corresponding informations. + If MBEDTLS_DEBUG_C is also enabled then mbedtls_ssl_iana_tls_group_info is + also available as implementation of such list. From 4cce03530a9d887a0ccb2afadad3cb749769cc2c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Feb 2026 14:50:00 +0100 Subject: [PATCH 21/60] Remove unused variable Signed-off-by: Gilles Peskine --- scripts/bump_version.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 9966dea63b..d76f160f9e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -15,7 +15,6 @@ set -e VERSION="" -SOVERSION="" # Parse arguments # From 05d8c712023e4979f3293e1a15bdc87b58c59fd1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Feb 2026 14:50:23 +0100 Subject: [PATCH 22/60] Don't treat --help as an error Signed-off-by: Gilles Peskine --- scripts/bump_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index d76f160f9e..529d84751e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -51,7 +51,7 @@ do echo -e " --so-x509 \tSO version to bump libmbedx509 to." echo -e " --so-tls \tSO version to bump libmbedtls to." echo -e " -v|--verbose\t\tVerbose." - exit 1 + exit 0 ;; *) # print error From d3a85826065b86195dbd4c4511c21e1748c9784d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Feb 2026 11:47:24 +0100 Subject: [PATCH 23/60] Actually check committed generated files We were accidentally running the check in TF-PSA-Crypto instead of in Mbed TLS. Signed-off-by: Gilles Peskine --- tests/scripts/components-basic-checks.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 199396df30..0c5a0b19fd 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -43,6 +43,7 @@ component_check_generated_files () { cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check + cd "$MBEDTLS_ROOT_DIR" # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! From 384a16746fed5797b95f7dde8721f5212783408f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 11 Feb 2026 14:31:29 +0100 Subject: [PATCH 24/60] library: check_config: remove redundant check on hash algorithms for TLS 1.2 TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not correct. The correct version is already available few lines below in the same header file. Signed-off-by: Valerio Setti --- library/mbedtls_check_config.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 855e4e3674..96b892e038 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -142,11 +142,6 @@ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512)) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_SSL_EARLY_DATA) && \ ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ From 24c80cc536dc5f3606026c594a8eccf45b7587d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Feb 2026 16:49:11 +0100 Subject: [PATCH 25/60] Update tf-psa-crypto with mldsa-native Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f7ad6b6931..4587e3f861 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f7ad6b6931e179c2e40b3d04f3e6d207a7e3c36e +Subproject commit 4587e3f861c29a8aa1439078aef4ed593d07a34b From 26e1a7c5c80d10faab7d95231bfe514b976a99f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Feb 2026 16:49:26 +0100 Subject: [PATCH 26/60] Update framework with XOF support in psasim Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 421f7a29f7..4a57bd209d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 421f7a29f79e535fc6497b6cb4767cd7023db20b +Subproject commit 4a57bd209dd9cfd6170573c8da5452daf84190f3 From 059fe77e4b61b3f409439f9463baac4b71b3cf3f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 16 Feb 2026 16:59:20 +0000 Subject: [PATCH 27/60] Fix missing type conversion in the TLS-Exporter In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on an mbedtls_md_type_t when it should be called on a psa_algorithm_t. Fortunately, these two types have almost the same values, since we have previously aligned them to make conversion more efficient. As a result, PSA_HASH_LENGTH() produces exactly the same value when called on an mbedtls_md_type_t as with the equivalent psa_algorithm_t. Thanks to this happy coincidence, fix a largely cosmetic issue (rather than a major functional bug). Signed-off-by: David Horstmann --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 54129891a7..b803c79c8c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8938,7 +8938,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t context_len) { const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); - const size_t hash_len = PSA_HASH_LENGTH(hash_alg); + const size_t hash_len = PSA_HASH_LENGTH(psa_hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; /* The length of the label must be at most 249 bytes to fit into the HkdfLabel From 29eb9886694ebfd14bbe2601584173138657da6c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 16:15:30 +0100 Subject: [PATCH 28/60] Update framework pointer Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a57bd209d..8ed11c99fe 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a57bd209dd9cfd6170573c8da5452daf84190f3 +Subproject commit 8ed11c99fe9e6d4d96289ebc1e134949421be917 From 57b29c2fe5fa0ebb4403b7b9049a0a40f795c9a5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Jan 2026 16:03:47 +0100 Subject: [PATCH 29/60] Introduce branch specific make_generated_files.py Introduce branch specific make_generated_files.py and use it in the development branch. Signed-off-by: Ronald Cron --- scripts/make_generated_files.bat | 2 +- scripts/make_generated_files.py | 81 ++++++++++++++++++++++++ tests/scripts/components-basic-checks.sh | 8 +-- 3 files changed, 86 insertions(+), 5 deletions(-) create mode 100755 scripts/make_generated_files.py diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index f10b23b705..1c3536306e 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -12,4 +12,4 @@ python framework\scripts\make_generated_files.py || exit /b 1 cd .. @rem @@@@ mbedtls @@@@ -python framework\scripts\make_generated_files.py || exit /b 1 +python scripts\make_generated_files.py || exit /b 1 diff --git a/scripts/make_generated_files.py b/scripts/make_generated_files.py new file mode 100755 index 0000000000..93f93df811 --- /dev/null +++ b/scripts/make_generated_files.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python3 +"""Generate, check and list the generated files +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import sys +from pathlib import Path + +import framework_scripts_path # pylint: disable=unused-import + +from mbedtls_framework import build_tree +from mbedtls_framework import generated_files +from mbedtls_framework.generated_files import GenerationScript, get_generation_script_files + +GENERATION_SCRIPTS = [ + GenerationScript( + Path("scripts/generate_errors.pl"), + [Path("library/error.c")], + None, "tf-psa-crypto/drivers/builtin/include/mbedtls \ + include/mbedtls/ \ + scripts/data_files" + ), + GenerationScript( + Path("scripts/generate_features.pl"), + [Path("library/version_features.c")], + None, "include/mbedtls/ scripts/data_files" + ), + GenerationScript( + Path("framework/scripts/generate_ssl_debug_helpers.py"), + [Path("library/ssl_debug_helpers_generated.c")], + "", None + ), + GenerationScript( + Path("framework/scripts/generate_test_keys.py"), + [Path("tests/include/test/test_keys.h")], + None, "--output" + ), + GenerationScript( + Path("framework/scripts/generate_test_cert_macros.py"), + [Path("tests/include/test/test_certs.h")], + None, "--output" + ), + GenerationScript( + Path("scripts/generate_query_config.pl"), + [Path("programs/test/query_config.c")], + None, "include/mbedtls/mbedtls_config.h \ + tf-psa-crypto/include/psa/crypto_config.h \ + scripts/data_files/query_config.fmt" + ), + GenerationScript( + Path("framework/scripts/generate_config_tests.py"), + get_generation_script_files("framework/scripts/generate_config_tests.py"), + "--directory", None + ), + GenerationScript( + Path("framework/scripts/generate_tls13_compat_tests.py"), + [Path("tests/opt-testcases/tls13-compat.sh")], + None, "--output" + ), + GenerationScript( + Path("framework/scripts/generate_tls_handshake_tests.py"), + [Path("tests/opt-testcases/handshake-generated.sh")], + None, "--output" + ), + GenerationScript( + Path("scripts/generate_config_checks.py"), + get_generation_script_files("scripts/generate_config_checks.py"), + output_dir_option="", + optional=True) +] + +def main() -> int: + if not build_tree.looks_like_mbedtls_root("."): + raise RuntimeError("This script must be run from Mbed TLS.") + + return generated_files.main(GENERATION_SCRIPTS) + +if __name__ == "__main__": + sys.exit(main()) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 0c5a0b19fd..6a5bc3a1d7 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -19,14 +19,14 @@ component_check_recursion () { component_check_generated_files () { msg "Check make_generated_files.py consistency" $MAKE_COMMAND neat - $FRAMEWORK/scripts/make_generated_files.py - $FRAMEWORK/scripts/make_generated_files.py --check + scripts/make_generated_files.py + scripts/make_generated_files.py --check $MAKE_COMMAND neat msg "Check files generated with make" MBEDTLS_ROOT_DIR="$PWD" $MAKE_COMMAND generated_files - $FRAMEWORK/scripts/make_generated_files.py --check + scripts/make_generated_files.py --check cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --check @@ -39,7 +39,7 @@ component_check_generated_files () { make cd "$MBEDTLS_ROOT_DIR" - $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check + scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check From 1b5a0b187774926e05db7f2ca7ec0492faf0a0fd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Jan 2026 16:27:28 +0100 Subject: [PATCH 30/60] Add branch specific generate_tls_handshake_tests.py file Signed-off-by: Ronald Cron --- scripts/generate_tls_handshake_tests.py | 17 +++++++++++++++++ scripts/make_generated_files.py | 2 +- tests/CMakeLists.txt | 4 ++-- tests/Makefile | 4 ++-- 4 files changed, 22 insertions(+), 5 deletions(-) create mode 100755 scripts/generate_tls_handshake_tests.py diff --git a/scripts/generate_tls_handshake_tests.py b/scripts/generate_tls_handshake_tests.py new file mode 100755 index 0000000000..30f27b1b37 --- /dev/null +++ b/scripts/generate_tls_handshake_tests.py @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 +""" +Generate miscellaneous TLS test cases relating to the handshake. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import sys + +import framework_scripts_path # pylint: disable=unused-import + +from mbedtls_framework import tls_handshake_tests + +if __name__ == '__main__': + sys.argv[1:1] = ["--no-tls12-client-hello-defragmentation-support"] + tls_handshake_tests.main() diff --git a/scripts/make_generated_files.py b/scripts/make_generated_files.py index 93f93df811..5822f36f03 100755 --- a/scripts/make_generated_files.py +++ b/scripts/make_generated_files.py @@ -60,7 +60,7 @@ GENERATION_SCRIPTS = [ None, "--output" ), GenerationScript( - Path("framework/scripts/generate_tls_handshake_tests.py"), + Path("scripts/generate_tls_handshake_tests.py"), [Path("tests/opt-testcases/handshake-generated.sh")], None, "--output" ), diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index d12133d300..04beb498f3 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -58,10 +58,10 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/.. COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py" + "${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py + ${PROJECT_SOURCE_DIR}/framework/scripts/generate_tls_handshake_tests.py ) add_custom_target(handshake-generated.sh DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) diff --git a/tests/Makefile b/tests/Makefile index 45d12b72de..745a09d240 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -45,9 +45,9 @@ GENERATED_FILES = \ .PHONY: ssl-opt opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py -opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py +opt-testcases/handshake-generated.sh: ../scripts/generate_tls_handshake_tests.py echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@ + $(PYTHON) ../scripts/generate_tls_handshake_tests.py -o $@ GENERATED_FILES += opt-testcases/handshake-generated.sh ssl-opt: opt-testcases/handshake-generated.sh From 8ab14401d7ab556430892861ae732f4e93421468 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 29 Jan 2026 16:04:55 +0100 Subject: [PATCH 31/60] ssl_server2.c: Flush stdout to improve logs timeliness Signed-off-by: Ronald Cron --- programs/ssl/ssl_server2.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f4de913ed3..0ae2f79303 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3490,6 +3490,7 @@ handshake: * 5. Verify the client certificate */ mbedtls_printf(" . Verifying peer X.509 certificate..."); + fflush(stdout); if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { char vrfy_buf[512]; @@ -3507,6 +3508,7 @@ handshake: char crt_buf[512]; mbedtls_printf(" . Peer certificate information ...\n"); + fflush(stdout); mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ", mbedtls_ssl_get_peer_cert(&ssl)); mbedtls_printf("%s\n", crt_buf); @@ -3959,6 +3961,7 @@ data_exchange: size_t buf_len; mbedtls_printf(" . Serializing live connection..."); + fflush(stdout); ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len); if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { @@ -3993,6 +3996,7 @@ data_exchange: size_t b64_len; mbedtls_printf(" . Save serialized context to a file... "); + fflush(stdout); mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len); @@ -4041,6 +4045,7 @@ data_exchange: if (opt.serialize == 1) { /* nothing to do here, done by context_save() already */ mbedtls_printf(" . Context has been reset... ok\n"); + fflush(stdout); } /* @@ -4053,6 +4058,7 @@ data_exchange: */ if (opt.serialize == 2) { mbedtls_printf(" . Freeing and reinitializing context..."); + fflush(stdout); mbedtls_ssl_free(&ssl); @@ -4089,6 +4095,7 @@ data_exchange: } mbedtls_printf(" . Deserializing connection..."); + fflush(stdout); if ((ret = mbedtls_ssl_context_load(&ssl, context_buf, buf_len)) != 0) { @@ -4118,6 +4125,7 @@ data_exchange: */ close_notify: mbedtls_printf(" . Closing the connection..."); + fflush(stdout); /* No error checking, the connection might be closed already */ do { From 86b7df5591e3ce1c40cefc1d49c368f8405e630b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 09:56:11 +0100 Subject: [PATCH 32/60] ssl_tls.c: Rename and expand ssl_tls13_get_hs_msg_name Signed-off-by: Ronald Cron --- library/ssl_debug_helpers.h | 2 ++ library/ssl_tls.c | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 6f843404c7..62be3b245d 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -36,6 +36,8 @@ const char *mbedtls_ssl_named_group_to_str(uint16_t in); const char *mbedtls_ssl_get_extension_name(unsigned int extension_type); +const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type); + void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, int level, const char *file, int line, int hs_msg_type, uint32_t extensions_mask, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b803c79c8c..24ac3cec4d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -679,7 +679,7 @@ const char *mbedtls_ssl_get_extension_name(unsigned int extension_type) mbedtls_ssl_get_extension_id(extension_type)]; } -static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) +const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type) { switch (hs_msg_type) { case MBEDTLS_SSL_HS_CLIENT_HELLO: @@ -694,8 +694,16 @@ static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) return "EncryptedExtensions"; case MBEDTLS_SSL_HS_CERTIFICATE: return "Certificate"; + case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: + return "ServerKeyExchange"; case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return "CertificateRequest"; + case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: + return "CertificateVerify"; + case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: + return "ClientKeyExchange"; + case MBEDTLS_SSL_HS_FINISHED: + return "Finished"; } return "Unknown"; } @@ -710,7 +718,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, mbedtls_debug_print_msg( ssl, level, file, line, "%s: %s(%u) extension %s %s.", - ssl_tls13_get_hs_msg_name(hs_msg_type), + mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type, extra_msg0, extra_msg1); @@ -721,7 +729,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, if (extra_msg) { mbedtls_debug_print_msg( ssl, level, file, line, - "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name(hs_msg_type), + "%s: %s(%u) extension %s.", mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type, extra_msg); return; @@ -729,7 +737,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, mbedtls_debug_print_msg( ssl, level, file, line, - "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name(hs_msg_type), + "%s: %s(%u) extension.", mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type); } From 7fe38dd9343dca7e404bae1e13b01e3637184e79 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 09:58:21 +0100 Subject: [PATCH 33/60] ssl_msg.c: Improve HS message reassembly completed message Signed-off-by: Ronald Cron --- library/ssl_msg.c | 5 ++++- tests/ssl-opt.sh | 27 ++++++++++++++------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 8d04162414..66790bbf1b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -18,6 +18,7 @@ #include "mbedtls/ssl.h" #include "debug_internal.h" +#include "ssl_debug_helpers.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" @@ -4157,7 +4158,9 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load")); + MBEDTLS_SSL_DEBUG_MSG(2, ("%s handshake message has been buffered%s", + mbedtls_ssl_get_hs_msg_name(hs_buf->data[0]), + hs_buf->is_fragmented ? " and reassembled" : "")); MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)", hs_buf->data, msg_len + 12); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ab727e6a48..6ca200b52c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11496,9 +11496,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered$"\ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered"\ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11516,9 +11516,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on -c "Buffering HS message" \ -c "found fragmented DTLS handshake message"\ -c "Next handshake message 1 not or only partially buffered" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered and reassembled"\ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11539,10 +11539,11 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered and reassembled"\ + -c "ServerKeyExchange handshake message has been buffered$"\ -C "attempt to make space by freeing buffered messages" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11566,7 +11567,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -c "attempt to make space by freeing buffered future messages" \ -c "Enough space available after freeing buffered HS messages" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11582,9 +11583,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -s "Buffering HS message" \ - -s "Next handshake message has been buffered - load" \ + -s "ClientKeyExchange handshake message has been buffered$" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11601,9 +11602,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ + -S "handshake message has been buffered" \ -c "Injecting buffered CCS message" \ -c "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11619,9 +11620,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -s "Injecting buffered CCS message" \ From 8f0240c35074639d0c4ab1eae0e659b39537716d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 16:24:01 +0100 Subject: [PATCH 34/60] ssl-opt.sh: Remove CH reassembly unsupported test We are about to have full support for TLS 1.2 CH reassembly on server side. The equivalent positive test would be a duplicate of one of the tests generated by generate_tls_handshake_tests.py. Thus just removing the negative test. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6ca200b52c..98ef8a442f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13767,16 +13767,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Most test cases are in opt-testcases/handshake-generated.sh -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \ - "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "The SSL configuration is tls12 only" \ - -s "bad client hello message" \ - -s "SSL - A message could not be parsed due to a syntactic error" - # Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH From cad9c8ae715dd33165d1941c39a01ed49240effe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 11:19:52 +0100 Subject: [PATCH 35/60] ssl-opt.sh: Remove DTLS reassembly redundant test Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 98ef8a442f..732608fe72 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9973,15 +9973,7 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: some fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation (openssl server)" \ +run_test "DTLS reassembly: fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ From addf640a3b3cdf1820fa90b2a7e6fa7916f151bb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 11:18:20 +0100 Subject: [PATCH 36/60] ssl-opt.sh: Improve DTLS reassembly tests Improve DTLS reassembly tests with OpenSSL and GnuTLS server. Check that some messages have been reassembled. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 732608fe72..08f0762911 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9914,6 +9914,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -9923,6 +9924,8 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ + -c "ServerKeyExchange handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -9932,6 +9935,8 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ + -c "ServerKeyExchange handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -9942,6 +9947,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" \ @@ -9957,6 +9963,7 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" \ @@ -9972,12 +9979,17 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "found fragmented DTLS handshake message" \ -C "error" +# Minimum possible MTU for OpenSSL server: 256 bytes. +# We expect the server Certificate handshake to be fragmented and verify that +# this is the case. Depending on the configuration, other handshake messages may +# also be fragmented. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9986,6 +9998,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" # Tests for sending fragmented handshake messages with DTLS From b952ba09d66d7d000cefae958454d52644523d9b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 14:50:25 +0100 Subject: [PATCH 37/60] ssl-opt.sh: Improve DTLS proxy 3d tests Improve DTLS proxy 3d tests with OpenSSL and GnuTLS servers. Have a better control of which message is fragmented and verify it is the case. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 08f0762911..4b5d60f51a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11863,10 +11863,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ + "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \ 0 \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "Certificate handshake message has been buffered and reassembled" requires_openssl_next client_needs_more_time 8 @@ -11874,10 +11875,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ + "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \ 0 \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "Certificate handshake message has been buffered and reassembled" requires_gnutls client_needs_more_time 6 @@ -11898,10 +11900,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ - -c "Extra-header:" + -c "Extra-header:" \ + -c "Certificate handshake message has been buffered and reassembled" requires_gnutls_next client_needs_more_time 8 @@ -11910,10 +11913,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ - -c "Extra-header:" + -c "Extra-header:" \ + -c "Certificate handshake message has been buffered and reassembled" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "export keys functionality" \ From 4f0741498ca05b66ad3d0f29ec22812ac4c7b0ae Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 17:31:12 +0100 Subject: [PATCH 38/60] ssl_msg.c: Improve handshake message fragmenting message Signed-off-by: Ronald Cron --- library/ssl_msg.c | 3 ++- tests/ssl-opt.sh | 18 +++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 66790bbf1b..d159f8fd33 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2326,7 +2326,8 @@ int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) max_hs_frag_len : rem_len; if (frag_off == 0 && cur_hs_frag_len != hs_len) { - MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)", + MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting %s handshake message (%u > %u)", + mbedtls_ssl_get_hs_msg_name(cur->p[0]), (unsigned) cur_hs_frag_len, (unsigned) max_hs_frag_len)); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4b5d60f51a..2b83239efc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10662,12 +10662,12 @@ requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=2 \ + "$P_CLI dtls=1 debug_level=5 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" # We use --insecure for the GnuTLS client because it expects @@ -10689,7 +10689,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ mtu=512 force_version=dtls12" \ "$G_CLI -u --insecure 127.0.0.1" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC @@ -10701,7 +10701,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS @@ -10714,7 +10714,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" # interop tests for DTLS fragmentating with unreliable connection # @@ -10733,7 +10733,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" requires_gnutls_next @@ -10749,7 +10749,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" ## The test below requires 1.1.1a or higher version of openssl, otherwise ## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) @@ -10766,7 +10766,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" ## the test below will time out with certain seed. @@ -10784,7 +10784,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" # Tests for DTLS-SRTP (RFC 5764) requires_config_enabled MBEDTLS_SSL_DTLS_SRTP From 076ddc3ac76b0aab138a0ea2134fc89e6fcedc50 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 10:05:02 +0100 Subject: [PATCH 39/60] tests: cmake: Fix dependency on generate_tls_handshake_tests.py Signed-off-by: Ronald Cron --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 04beb498f3..ec625234dc 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -61,7 +61,7 @@ if(GEN_FILES) "${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py - ${PROJECT_SOURCE_DIR}/framework/scripts/generate_tls_handshake_tests.py + ${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py ) add_custom_target(handshake-generated.sh DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) From 73be048c8a53af0761ef1386459f0e10be36ccc9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 10:06:53 +0100 Subject: [PATCH 40/60] ssl-opt.sh: Revert leftover debug level increase Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2b83239efc..9b5987188f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10662,7 +10662,7 @@ requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=5 \ + "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ From 86eac795c9b42874b7df89a8931f18f00754252f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 16:26:18 +0100 Subject: [PATCH 41/60] Have MBEDTLS_TIMING_C require MBEDTLS_HAVE_TIME Nowadays, the timing module just builds on a function that provides a timer with millisecond resolution. In terms of platform requirements, this is almost exactly equivalent to `mbedtls_ms_time()` provides (`mbedtls_ms_time()` is arguably a little stronger because it is supposed to last longer than a single timer object, but an application could start a timer when it starts, so there's no real difference.) So it's a bit silly that `timing.c` essentially reimplements this. Rely on `mbedtls_ms_time()` instead. This is an API break because in Mbed TLS 4.0, it was possible to enable `MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only provided an implementation for Windows and Unix-like platforms, and on those platforms, it is very likely that the default implementation of `MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform that has the traditional Unix function `gettimeofday()`, but not the 1990s novelty `clock_gettime()`.) So make this an official requirement, as a belated change that really should have gone into 4.0 if we'd taken the time to dig into it. Signed-off-by: Gilles Peskine --- ChangeLog.d/timing.txt | 5 +++++ configs/config-ccm-psk-dtls1_2.h | 2 +- configs/config-symmetric-only.h | 2 +- configs/crypto-config-ccm-psk-tls1_2.h | 3 ++- configs/crypto-config-thread.h | 1 + include/mbedtls/mbedtls_config.h | 17 ++--------------- library/mbedtls_check_config.h | 5 +++++ 7 files changed, 17 insertions(+), 18 deletions(-) create mode 100644 ChangeLog.d/timing.txt diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt new file mode 100644 index 0000000000..f7d9f1a42b --- /dev/null +++ b/ChangeLog.d/timing.txt @@ -0,0 +1,5 @@ +API changes + * MBEDTLS_TIMING_C now requires MBEDTLS_HAVE_TIME to be enabled in the + TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled. + As a benefit, platforms where the default implementation is not + supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT. diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index 6712c331b0..8aaa884b4a 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -29,7 +29,7 @@ #define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C -#define MBEDTLS_TIMING_C +#define MBEDTLS_TIMING_C //Only used by test programs /* TLS protocol feature support */ #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 606f4a1bf5..5199489c21 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -12,5 +12,5 @@ #define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_VERSION_FEATURES -#define MBEDTLS_TIMING_C +#define MBEDTLS_TIMING_C //Only for benchmarking #define MBEDTLS_VERSION_C diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index c2dabc28e8..817835e33e 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -26,7 +26,8 @@ #define MBEDTLS_PSA_CRYPTO_C /* System support */ -//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ +/* Optionally used in Hello messages. Needed for DTLS testing. */ +#define MBEDTLS_HAVE_TIME /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ #define MBEDTLS_CTR_DRBG_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 1b2621cf58..5e0df736e9 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -48,6 +48,7 @@ /* System support */ #define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME //Only used by test programs #define MBEDTLS_AES_ROM_TABLES #define MBEDTLS_ECP_NIST_OPTIM diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ad843c70c3..a38b61c147 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -63,22 +63,9 @@ /** * \def MBEDTLS_TIMING_C * - * Enable the semi-portable timing interface. + * Enable a timer interface used by some sample and test programs. * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note The timing module will include time.h on suitable platforms - * regardless of the setting of MBEDTLS_HAVE_TIME, unless - * MBEDTLS_TIMING_ALT is used. See timing.c for more information. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * Requires: MBEDTLS_HAVE_TIME or MBEDTLS_TIMING_ALT * * Module: library/timing.c */ diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 855e4e3674..f92c79c0da 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -363,5 +363,10 @@ #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif +#if defined(MBEDTLS_TIMING_C) && \ + !(defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_TIMING_ALT)) +#error "MBEDTLS_TIMING_C requires either MBEDTLS_HAVE_TIME or MBEDTLS_TIMING_ALT" +#endif + /* *INDENT-ON* */ #endif /* MBEDTLS_CHECK_CONFIG_H */ From 137b5b776dbfb8dd1df8eeeb0bb88b8d2d344b33 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 18 Feb 2026 22:50:07 +0100 Subject: [PATCH 42/60] Simplify MBEDTLS_TIMING_C to use mbedtls_ms_time() Don't ship two slightly different wheels. This reduces our platform adherence by using only `clock_gettime()` in the library and not `gettimeofday()` as well. Signed-off-by: Gilles Peskine --- include/mbedtls/timing.h | 4 +- library/timing.c | 84 ++-------------------------------------- 2 files changed, 6 insertions(+), 82 deletions(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 62ae1022d9..6b7848c268 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -23,11 +23,13 @@ extern "C" { // Regular implementation // +#include + /** * \brief timer structure */ struct mbedtls_timing_hr_time { - uint64_t MBEDTLS_PRIVATE(opaque)[4]; + mbedtls_ms_time_t MBEDTLS_PRIVATE(ms); }; /** diff --git a/library/timing.c b/library/timing.c index 1ed88639ef..45a3ae1575 100644 --- a/library/timing.c +++ b/library/timing.c @@ -13,95 +13,17 @@ #if !defined(MBEDTLS_TIMING_ALT) -#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) -#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in mbedtls_config.h" -#endif - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the - * platform matches the ifdefs above, it will be used. */ -#include -#include -struct _hr_time { - struct timeval start; -}; -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -/** - * \brief Return the elapsed time in milliseconds - * - * \warning May change without notice - * - * \param val points to a timer structure - * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. - * - * \return Elapsed time since the previous reset in ms. When - * restarting, this is always 0. - * - * \note To initialize a timer, call this function with reset=1. - * - * Determining the elapsed time and resetting the timer is not - * atomic on all platforms, so after the sequence - * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = - * get_timer(0) }` the value time1+time2 is only approximately - * the delay since the first reset. - */ -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { - struct _hr_time *t = (struct _hr_time *) val; - if (reset) { - QueryPerformanceCounter(&t->start); + val->ms = mbedtls_ms_time(); return 0; } else { - unsigned long delta; - LARGE_INTEGER now, hfreq; - QueryPerformanceCounter(&now); - QueryPerformanceFrequency(&hfreq); - delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul - / hfreq.QuadPart); - return delta; + mbedtls_ms_time_t now = mbedtls_ms_time(); + return now - val->ms; } } -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) -{ - struct _hr_time *t = (struct _hr_time *) val; - - if (reset) { - gettimeofday(&t->start, NULL); - return 0; - } else { - unsigned long delta; - struct timeval now; - gettimeofday(&now, NULL); - delta = (now.tv_sec - t->start.tv_sec) * 1000ul - + (now.tv_usec - t->start.tv_usec) / 1000; - return delta; - } -} - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - /* * Set delays to watch */ From 7ea318246c0bd68f959ff74d4e0fab71fdbfbd83 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 12:30:00 +0100 Subject: [PATCH 43/60] Fix build error when MBEDTLS_TIMING_C and MBEDTLS_HAVE_TIME are both disabled Signed-off-by: Gilles Peskine --- include/mbedtls/timing.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 6b7848c268..01364dd0ba 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -29,7 +29,14 @@ extern "C" { * \brief timer structure */ struct mbedtls_timing_hr_time { - mbedtls_ms_time_t MBEDTLS_PRIVATE(ms); +#if defined(MBEDTLS_HAVE_TIME) + mbedtls_ms_time_t ms; +#else + /* Without MBEDTLS_HAVE_TIME, we expose the type definitions and + * function declarations, but they can't be implemented. We do + * need to write something here. */ + unsigned MBEDTLS_PRIVATE(unused); +#endif }; /** From 5890b22b828cfb3f76060691d31e492a174f32e3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 14:16:42 +0100 Subject: [PATCH 44/60] Fix a build error with MSVC Also fixes a minor bug on Windows with timers running over ~49 days. Signed-off-by: Gilles Peskine --- ChangeLog.d/timing.txt | 8 ++++++++ include/mbedtls/timing.h | 2 +- library/timing.c | 4 ++-- programs/test/udp_proxy.c | 4 +++- programs/x509/load_roots.c | 4 ++-- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt index f7d9f1a42b..96f4feb0e4 100644 --- a/ChangeLog.d/timing.txt +++ b/ChangeLog.d/timing.txt @@ -3,3 +3,11 @@ API changes TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled. As a benefit, platforms where the default implementation is not supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT. + * When MBEDTLS_TIMING_ALT is enabled, the function + mbedtls_timing_get_timer() now returns unsigned long long instead + of unsigned long. + +Bugfix + * mbedtls_timing_get_delay() now correctly treats a timer as expired + after more than 2^32 ms (about 49 days) on platforms where long is + a 32-bit type. diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 01364dd0ba..7a2eb938de 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -53,7 +53,7 @@ typedef struct mbedtls_timing_delay_context { #endif /* MBEDTLS_TIMING_ALT */ /* Internal use */ -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); +unsigned long long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); /** * \brief Set a pair of delays to watch diff --git a/library/timing.c b/library/timing.c index 45a3ae1575..6273f44c00 100644 --- a/library/timing.c +++ b/library/timing.c @@ -13,7 +13,7 @@ #if !defined(MBEDTLS_TIMING_ALT) -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) +unsigned long long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { if (reset) { val->ms = mbedtls_ms_time(); @@ -45,7 +45,7 @@ void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms) int mbedtls_timing_get_delay(void *data) { mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; - unsigned long elapsed_ms; + unsigned long long elapsed_ms; if (ctx->fin_ms == 0) { return -1; diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 81de042a50..eab15feb38 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -360,7 +360,9 @@ static unsigned elapsed_time(void) return 0; } - return mbedtls_timing_get_timer(&hires, 0); + /* Wraps after ~49.7 days (assuming 32-bit int). + * Don't run udp_proxy that long! */ + return (unsigned) mbedtls_timing_get_timer(&hires, 0); } typedef struct { diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 0222d0f795..8fdccdd6ab 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -82,7 +82,7 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; unsigned i, j; struct mbedtls_timing_hr_time timer; - unsigned long ms; + unsigned long long ms; psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -151,7 +151,7 @@ int main(int argc, char *argv[]) mbedtls_printf("."); } ms = mbedtls_timing_get_timer(&timer, 0); - mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms); + mbedtls_printf("\n%u iterations -> %llu ms\n", opt.iterations, ms); exit_code = MBEDTLS_EXIT_SUCCESS; exit: From e2b04b68473d020b392d268df42e75cbbfafc4da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 14:55:25 +0100 Subject: [PATCH 45/60] Don't use printf("%llu") We can't easily printf a `long long` on MingW yet, pending the work on https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/675 for which this is an early stage. A `long` is enough here anyway. Signed-off-by: Gilles Peskine --- programs/x509/load_roots.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 8fdccdd6ab..215d9453e2 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -82,7 +82,7 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; unsigned i, j; struct mbedtls_timing_hr_time timer; - unsigned long long ms; + unsigned long ms; psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -150,8 +150,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("."); } - ms = mbedtls_timing_get_timer(&timer, 0); - mbedtls_printf("\n%u iterations -> %llu ms\n", opt.iterations, ms); + /* On 64-bit Windows and 32-bit platforms, this wraps after about + * 49.7 days. This shouldn't be a problem in practice. */ + ms = (unsigned long) mbedtls_timing_get_timer(&timer, 0); + mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms); exit_code = MBEDTLS_EXIT_SUCCESS; exit: From ed642cab9e6ee5891ab88bc34651194c4ab016c7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 17:24:34 +0100 Subject: [PATCH 46/60] Fix inclusion of when MBEDTLS_HAVE_TIME is disabled Signed-off-by: Gilles Peskine --- include/mbedtls/timing.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 7a2eb938de..8c15df58e8 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -23,7 +23,9 @@ extern "C" { // Regular implementation // +#if defined(MBEDTLS_HAVE_TIME) #include +#endif /** * \brief timer structure From d507b4668464a996f04c5a22545274aabbbb262d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 19 Feb 2026 13:23:23 +0000 Subject: [PATCH 47/60] Remove DriverVsReference tasks from analyze_outcomes.py Signed-off-by: Ben Taylor --- tests/scripts/analyze_outcomes.py | 456 +----------------------------- 1 file changed, 1 insertion(+), 455 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 42464a845e..29c41beba2 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -218,463 +218,9 @@ class CoverageTask(outcome_analysis.CoverageTask): ], } - -# The names that we give to classes derived from DriverVSReference do not -# follow the usual naming convention, because it's more readable to use -# underscores and parts of the configuration names. Also, these classes -# are just there to specify some data, so they don't need repetitive -# documentation. -#pylint: disable=invalid-name,missing-class-docstring - -class DriverVSReference_hash(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa' - DRIVER = 'test_psa_crypto_config_accel_hash_use_psa' - IGNORED_SUITES = [ - # the software implementations that are being excluded - 'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax', - 'md.psa', # purposefully depends on whether drivers are present - 'psa_crypto_low_hash.generated', # testing the builtins - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_hmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hmac' - DRIVER = 'test_psa_crypto_config_accel_hmac' - IGNORED_SUITES = [ - # These suites require legacy hash support, which is disabled - # in the accelerated component. - 'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax', - # This suite tests builtins directly, but these are missing - # in the accelerated case. - 'psa_crypto_low_hash.generated', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - re.compile(r'.*\bMBEDTLS_MD_C\b') - ], - 'test_suite_md': [ - # Builtin HMAC is not supported in the accelerate component. - re.compile('.*HMAC.*'), - # Following tests make use of functions which are not available - # when MD_C is disabled, as it happens in the accelerated - # test component. - re.compile('generic .* Hash file .*'), - 'MD list', - ], - 'test_suite_md.psa': [ - # "legacy only" tests require hash algorithms to be NOT - # accelerated, but this of course false for the accelerated - # test component. - re.compile('PSA dispatch .* legacy only'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_cipher_aead_cmac' - DRIVER = 'test_psa_crypto_config_accel_cipher_aead_cmac' - # Modules replaced by drivers. - IGNORED_SUITES = [ - # low-level (block/stream) cipher modules - 'aes', 'aria', 'camellia', 'des', 'chacha20', - # AEAD modes, CMAC and POLY1305 - 'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305', - # The Cipher abstraction layer - 'cipher', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'), - re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_CIPHER_.*'), - ], - # PEM decryption is not supported so far. - # The rest of PEM (write, unencrypted read) works though. - 'test_suite_pem': [ - re.compile(r'PEM read .*(AES|DES|\bencrypt).*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on AES_C/DES_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single low error' - ], - # The en/decryption part of PKCS#12 is not supported so far. - # The rest of PKCS#12 (key derivation) works though. - 'test_suite_pkcs12': [ - re.compile(r'PBE Encrypt, .*'), - re.compile(r'PBE Decrypt, .*'), - ], - # The en/decryption part of PKCS#5 is not supported so far. - # The rest of PKCS#5 (PBKDF2) works though. - 'test_suite_pkcs5': [ - re.compile(r'PBES2 Encrypt, .*'), - re.compile(r'PBES2 Decrypt .*'), - ], - # Encrypted keys are not supported so far. - # pylint: disable=line-too-long - 'test_suite_pkparse': [ - 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)', - 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)', - re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'), - ], - # Encrypted keys are not supported so far. - 'ssl-opt': [ - 'TLS: password protected server key', - 'TLS: password protected client key', - 'TLS: password protected server key, two certificates', - ], - } - -class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ecp_light_only' - DRIVER = 'test_psa_crypto_config_accel_ecc_ecp_light_only' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # This test wants a legacy function that takes f_rng, p_rng - # arguments, and uses legacy ECDSA for that. The test is - # really about the wrapper around the PSA RNG, not ECDSA. - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # In the accelerated test ECP_C is not set (only ECP_LIGHT is) - # so we must ignore disparities in the tests for which ECP_C - # is required. - 'test_suite_ecp': [ - re.compile(r'ECP check public-private .*'), - re.compile(r'ECP calculate public: .*'), - re.compile(r'ECP gen keypair .*'), - re.compile(r'ECP point muladd .*'), - re.compile(r'ECP point multiplication .*'), - re.compile(r'ECP test vectors .*'), - ], - } - -class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_ecp_at_all' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_ecp_at_all' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - 'test_suite_pkparse': [ - # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED - # is automatically enabled in build_info.h (backward compatibility) - # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a - # consequence compressed points are supported in the reference - # component but not in the accelerated one, so they should be skipped - # while checking driver's coverage. - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - } - -class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - } - -class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - } - -class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ffdh' - DRIVER = 'test_psa_crypto_config_accel_ffdh' - IGNORED_TESTS = { - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_tfm_config(outcome_analysis.DriverVSReference): - REFERENCE = 'test_tfm_config_no_p256m' - DRIVER = 'test_tfm_config_p256m_driver_accel_ec' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'asn1parse', 'asn1write', - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*') - ], - 'test_suite_config.crypto_combinations': [ - 'Config: ECC: Weierstrass curves only', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - } - -class DriverVSReference_rsa(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_rsa_crypto' - DRIVER = 'test_psa_crypto_config_accel_rsa_crypto' - IGNORED_SUITES = [ - # Modules replaced by drivers. - 'rsa', 'pkcs1_v15', 'pkcs1_v21', - # We temporarily don't care about PK stuff. - 'pk', 'pkwrite', 'pkparse' - ] - IGNORED_TESTS = { - 'test_suite_bignum.misc': [ - re.compile(r'.*\bmbedtls_mpi_is_prime.*'), - re.compile(r'.*\bmbedtls_mpi_gen_prime.*'), - ], - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'), - re.compile(r'.*\bMBEDTLS_GENPRIME\b.*') - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on RSA_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single high error' - ], - # Constant time operations only used for PKCS1_V15 - 'test_suite_constant_time': [ - re.compile(r'mbedtls_ct_zeroize_if .*'), - re.compile(r'mbedtls_ct_memmove_left .*') - ], - 'test_suite_psa_crypto': [ - # We don't support generate_key_custom entry points - # in drivers yet. - re.compile(r'PSA generate key custom: RSA, e=.*'), - re.compile(r'PSA generate key ext: RSA, e=.*'), - ], - } - -class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference): - REFERENCE = 'test_full_block_cipher_legacy_dispatch' - DRIVER = 'test_full_block_cipher_psa_dispatch' - IGNORED_SUITES = [ - # Skipped in the accelerated component - 'aes', 'aria', 'camellia', - # These require AES_C, ARIA_C or CAMELLIA_C to be enabled in - # order for the cipher module (actually cipher_wrapper) to work - # properly. However these symbols are disabled in the accelerated - # component so we ignore them. - 'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria', - 'cipher.camellia', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - ], - 'test_suite_cmac': [ - # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - 'CMAC null arguments', - re.compile('CMAC.* (AES|ARIA|Camellia).*'), - ], - 'test_suite_cipher.padding': [ - # Following tests require AES_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), - ], - 'test_suite_pkcs5': [ - # The AES part of PKCS#5 PBES2 is not yet supported. - # The rest of PKCS#5 (PBKDF2) works, though. - re.compile(r'PBES2 .* AES-.*') - ], - 'test_suite_pkparse': [ - # PEM (called by pkparse) requires AES_C in order to decrypt - # the key, but this is not available in the accelerated - # component. - re.compile('Parse RSA Key.*(password|AES-).*'), - ], - 'test_suite_pem': [ - # Following tests require AES_C, but this is diabled in the - # accelerated component. - re.compile('PEM read .*AES.*'), - 'PEM read (unknown encryption algorithm)', - ], - 'test_suite_error': [ - # Following tests depend on AES_C but are not about them - # really, just need to know some error code is there. - 'Single low error', - 'Low and high error', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -#pylint: enable=invalid-name,missing-class-docstring - - # List of tasks with a function that can handle this task and additional arguments if required -KNOWN_TASKS = { +KNOWN_TASKS: typing.Dict[str, typing.Type[outcome_analysis.Task]] = { 'analyze_coverage': CoverageTask, - 'analyze_driver_vs_reference_hash': DriverVSReference_hash, - 'analyze_driver_vs_reference_hmac': DriverVSReference_hmac, - 'analyze_driver_vs_reference_cipher_aead_cmac': DriverVSReference_cipher_aead_cmac, - 'analyze_driver_vs_reference_ecp_light_only': DriverVSReference_ecp_light_only, - 'analyze_driver_vs_reference_no_ecp_at_all': DriverVSReference_no_ecp_at_all, - 'analyze_driver_vs_reference_ecc_no_bignum': DriverVSReference_ecc_no_bignum, - 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': DriverVSReference_ecc_ffdh_no_bignum, - 'analyze_driver_vs_reference_ffdh_alg': DriverVSReference_ffdh_alg, - 'analyze_driver_vs_reference_tfm_config': DriverVSReference_tfm_config, - 'analyze_driver_vs_reference_rsa': DriverVSReference_rsa, - 'analyze_block_cipher_dispatch': DriverVSReference_block_cipher_dispatch, } if __name__ == '__main__': From f004998303611f9514d1e7c9d3dbfe1f726632ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 21 Feb 2026 21:20:22 +0100 Subject: [PATCH 48/60] Add issue number Signed-off-by: Gilles Peskine --- ChangeLog.d/timing.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt index 96f4feb0e4..b3943cdcf2 100644 --- a/ChangeLog.d/timing.txt +++ b/ChangeLog.d/timing.txt @@ -10,4 +10,4 @@ API changes Bugfix * mbedtls_timing_get_delay() now correctly treats a timer as expired after more than 2^32 ms (about 49 days) on platforms where long is - a 32-bit type. + a 32-bit type. Fixes #10613. From 99c4159681ef5e7ebfce3ca2daf1efc93f0718b2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 21 Feb 2026 21:19:42 +0100 Subject: [PATCH 49/60] Disable Unix-like integration code in baremetal builds in all.sh Signed-off-by: Gilles Peskine --- tests/scripts/components-configuration-crypto.sh | 2 +- tests/scripts/components-configuration.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index aee412c4a8..baa59fb5f5 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -528,7 +528,7 @@ component_test_crypto_for_psa_service () { component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal - CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake . + CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/ -DMBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE" cmake . cmake --build . ctest are_empty_libraries library/libmbedx509.* library/libmbedtls.* diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 89104a3bab..dcd01c7e58 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -220,7 +220,7 @@ component_test_full_deprecated_warning () { component_build_baremetal () { msg "build: make, baremetal config" scripts/config.py baremetal - $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" + $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/ -DMBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE" } support_build_baremetal () { From 29d00fa8613033fafe27cd4c3dafa0e8360cb003 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Jan 2026 16:20:19 +0100 Subject: [PATCH 50/60] Create a mbedtls_common.h for the project We already have `x509_internal.h` which is common to all parts of the X.509 library, and `ssl_misc.h` which is common to all parts of the TLS library. Also create `mbedtls_common.h` which is for the Mbed TLS project as a whole. Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 17 +++++++++++++++++ library/mbedtls_config.c | 4 ++++ library/ssl_misc.h | 2 +- library/x509_internal.h | 2 +- 4 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 library/mbedtls_common.h diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h new file mode 100644 index 0000000000..11d7c8249f --- /dev/null +++ b/library/mbedtls_common.h @@ -0,0 +1,17 @@ +/** + * \file mbedtls_common.h + * + * \brief Utility macros for internal use in the library + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_MBEDTLS_COMMON_H +#define MBEDTLS_MBEDTLS_COMMON_H + +/* Mbed TLS requires TF-PSA-Crypto internals. */ +#include "tf_psa_crypto_common.h" + +#endif /* MBEDTLS_MBEDTLS_COMMON_H */ diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index a3deae3152..48be660015 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -6,6 +6,10 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* We are a special snowflake: we don't include "mbedtls_common.h", + * because that would pull and we need to + * tune the way it works. */ + /* Apply the TF-PSA-Crypto configuration first. We need to do this * before , because "mbedtls_config_check_before.h" * needs to run after the crypto config (including derived macros) is diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f8c03dfa2f..5f8980a20e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index ea3aeb6351..fcb996b19d 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_X509_INTERNAL_H #define MBEDTLS_X509_INTERNAL_H -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/build_info.h" #include "mbedtls/private_access.h" From 3a988859504cd3f6b4a379560837a81356d4ffab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Jan 2026 16:25:15 +0100 Subject: [PATCH 51/60] Create a header to declare platform requirements On some platforms, the system headers expose different interfaces depending on what macros are defined, for example to provide different standards compliance level. Create a common place where we can declare such macros, so that our code can behave in the same way when it's in different files. Individual .c files can still override these requirements by defining macros before including the common header, if it's really necessary. Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 10 ++++++++++ library/mbedtls_platform_requirements.h | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 library/mbedtls_platform_requirements.h diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h index 11d7c8249f..2aacfcbc22 100644 --- a/library/mbedtls_common.h +++ b/library/mbedtls_common.h @@ -11,6 +11,16 @@ #ifndef MBEDTLS_MBEDTLS_COMMON_H #define MBEDTLS_MBEDTLS_COMMON_H +/* Before including any system header, declare some macros to tell system + * headers what we expect of them. + * + * Do this before including any header from TF-PSA-Crypto, since the + * convention is first-come-first-served (so that users can + * override some macros on the command line, and individual users can + * override some macros before including the common header). + */ +#include "mbedtls_platform_requirements.h" + /* Mbed TLS requires TF-PSA-Crypto internals. */ #include "tf_psa_crypto_common.h" diff --git a/library/mbedtls_platform_requirements.h b/library/mbedtls_platform_requirements.h new file mode 100644 index 0000000000..f6dd4ce4aa --- /dev/null +++ b/library/mbedtls_platform_requirements.h @@ -0,0 +1,18 @@ +/** + * \file mbedtls_platform_requirements.h + * + * \brief Declare macros that tell system headers what we expect of them. + * + * This file must be included before any system header, and so in particular + * before build_info.h (which includes the user config, which may include + * system headers). + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H +#define MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H + +#endif /* MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H */ From 7af09b4f219583973364df691b10f060031ae544 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 Jan 2026 17:45:48 +0100 Subject: [PATCH 52/60] Add a few more test cases for printf formats Signed-off-by: Gilles Peskine --- tests/suites/test_suite_debug.data | 34 ++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 3d72056528..d9a5c5c2ed 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,12 +1,46 @@ printf "%" MBEDTLS_PRINTF_SIZET, 0 printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" +printf "%" MBEDTLS_PRINTF_SIZET, 1 byte +printf_int_expr:PRINTF_SIZET:sizeof(size_t):42:"42" + +printf "%" MBEDTLS_PRINTF_SIZET, 4 bytes +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_SIZET, 8 bytes +depends_on:SIZE_MAX>=0xffffffffffffffff +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba9876543210:"18364758544493064720" + printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" +printf "%" MBEDTLS_PRINTF_LONGLONG, 1 byte +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):42:"42" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 4 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes, negative +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):-0x7edcba9876543210:"-9141386507638288912" + printf "%" MBEDTLS_PRINTF_MS_TIME, 0 printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" +printf "%" MBEDTLS_PRINTF_MS_TIME, 1 byte +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):42:"42" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 4 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes, negative +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):-0x7edcba9876543210:"-9141386507638288912" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" From 3c67824964cc7a64eb919d98585ec412d1f5a5b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Feb 2026 17:08:12 +0100 Subject: [PATCH 53/60] test_suite_debug: test the printf used by debug.c In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses `mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of testing `mbedtls_snprintf()`, which might be subtly different (older Windows runtimes had slightly different behavior for vsnprintf() vs snprintf(); TF-PSA-Crypto might pick up a different function if the platform configuration is different in TF-PSA-Crypto and Mbed TLS). Signed-off-by: Gilles Peskine --- library/debug.c | 10 ++++++++++ library/debug_internal.h | 13 +++++++++++++ tests/suites/test_suite_debug.function | 6 +++--- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index e622ac9ed4..c27d15d12e 100644 --- a/library/debug.c +++ b/library/debug.c @@ -21,6 +21,16 @@ /* DEBUG_BUF_SIZE must be at least 2 */ #define DEBUG_BUF_SIZE 512 +int mbedtls_debug_snprintf(char *dest, size_t maxlen, + const char *format, ...) +{ + va_list argp; + va_start(argp, format); + int ret = mbedtls_vsnprintf(dest, maxlen, format, argp); + va_end(argp); + return ret; +} + static int debug_threshold = 0; void mbedtls_debug_set_threshold(int threshold) diff --git a/library/debug_internal.h b/library/debug_internal.h index d09e492094..2b869450f6 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -12,6 +12,19 @@ #include "mbedtls/debug.h" +/* This should be equivalent to mbedtls_snprintf(). But it might not be due + * to platform shenanigans. For example, Mbed TLS and TF-PSA-Crypto could + * have inconsistent platform definitions. On Mingw, some code might + * be built with a different setting of __USE_MINGW_ANSI_STDIO, resulting + * in an old non-C99 printf being used somewhere. + * + * Our library assumes that mbedtls_snprintf() and other printf functions + * are consistent throughout. This function is not an official API and + * is not meant to be used inside the library. It is provided to help + * debugging printf inconsistencies issues. If you need it, good luck! + */ +int mbedtls_debug_snprintf(char *dest, size_t maxlen, + const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(3, 4); /** * \brief Print a message to the debug output. This function is always used * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 05b0112b93..2d5e5619b6 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -116,11 +116,11 @@ void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char * /* Nominal case: buffer just large enough */ TEST_CALLOC(output, n + 1); if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (int) x)); } else if (sizeof_x == sizeof(long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long) x)); } else if (sizeof_x == sizeof(long long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long long) x)); } else { TEST_FAIL( "sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)"); From cdf3b0a535ba3dab4f72c754c512333883ca1bf7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Jan 2026 20:39:10 +0100 Subject: [PATCH 54/60] MingW: insist on standard-compliant printf() and friends Always activate `__USE_MINGW_ANSI_STDIO` unless overridden on the command line. This is necessary with older versions of MingW and/or Windows, where snprintf does not always zero-terminate the buffer, and does not support formats such as `"%zu"` for size_t and `"%lld"` for long long. Simplify debug.h accordingly. The macros `MBEDTLS_PRINTF_SIZET`, `MBEDTLS_PRINTF_SIZET_HAX` and `MBEDTLS_PRINTF_LONGLONG` are no longer needed, but they are still used in our code base and must stay in debug.h for backward compatibility. Signed-off-by: Gilles Peskine --- include/mbedtls/debug.h | 35 +++++++------------------ library/mbedtls_platform_requirements.h | 14 ++++++++++ 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 87ea6c3150..b8273bc757 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -59,10 +59,10 @@ */ #if defined(__has_attribute) #if __has_attribute(format) -#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 +#if defined(__MINGW32__) #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((__format__(gnu_printf, string_index, first_to_check))) -#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */ +#else /* defined(__MINGW32__) */ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((format(printf, string_index, first_to_check))) #endif @@ -73,30 +73,15 @@ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif -/** - * \def MBEDTLS_PRINTF_SIZET - * - * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers - * and MinGW we need to define the printf specifier for size_t - * and long long per platform. - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. +/* Legacy definitions, kept for backward compatibility. + * Since Mbed TLS 4.1, the standard specifiers are always valid. + * We still define the macros because they're part of the Mbed TLS 4.0 API. + * In the library and test code, keep using them for code that's backported + * to 3.6. */ -#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) - #include - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_SIZET_HEX PRIxPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ - #define MBEDTLS_PRINTF_SIZET "zu" - #define MBEDTLS_PRINTF_SIZET_HEX "zx" - #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ +#define MBEDTLS_PRINTF_SIZET "zu" +#define MBEDTLS_PRINTF_SIZET_HEX "zx" +#define MBEDTLS_PRINTF_LONGLONG "lld" #if !defined(MBEDTLS_PRINTF_MS_TIME) #include diff --git a/library/mbedtls_platform_requirements.h b/library/mbedtls_platform_requirements.h index f6dd4ce4aa..c86204e6fa 100644 --- a/library/mbedtls_platform_requirements.h +++ b/library/mbedtls_platform_requirements.h @@ -15,4 +15,18 @@ #ifndef MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H #define MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + * + * Defining __USE_MINGW_ANSI_STDIO=0 may work and provide a small code size + * and performance benefit for some combinations of older Mingw and Windows + * versions. Do this at your own risk and make sure that least + * test_suite_debug passes. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #endif /* MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H */ From 64ff7fc1dcd1354479664d6a42e83ea098eeaad2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Feb 2026 17:54:06 +0100 Subject: [PATCH 55/60] Stop using MBEDTLS_PRINTF_SIZET Since Mbed TLS 3.6.0, all officially supported versions of Visual Studio a printf function family that is sufficiently compliant to C99 for our purposes, in particular supporting `%zu` for `size_t`. The only platform without `%zu` that we semi-officially support is older versions of MinGW, still used in our CI. MinGW provides either a Windows legacy printf or a standards-compliant printf depending on the value of `__USE_MINGW_ANSI_STDIO` when compiling each C file. Force the use of the compliant version. Don't rely on `MBEDTLS_PRINTF_SIZET`, which is defined in `` and no longer considers the Windows legacy version in Mbed TLS >= 4.1. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_client2.c | 8 ++------ programs/ssl/ssl_context_info.c | 9 +++++++++ programs/ssl/ssl_server2.c | 2 -- programs/ssl/ssl_test_lib.h | 11 +++++++++++ programs/test/selftest.c | 12 ++++++++++-- 5 files changed, 32 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cb316706b7..fc00473cfc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -5,14 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "mbedtls/private/pk_private.h" - #include "ssl_test_lib.h" -#include "test/psa_crypto_helpers.h" - #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) { @@ -27,6 +21,8 @@ int main(void) } #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */ +#include "test/psa_crypto_helpers.h" + /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ #define MEMORY_HEAP_SIZE 120000 diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 8310bd21f3..9d7fb99e09 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0ae2f79303..79cbad877d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "ssl_test_lib.h" #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 62da9e92c8..491da1dd5f 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -8,6 +8,17 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "mbedtls/private/pk_private.h" #include "mbedtls/build_info.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 7312edf690..51cd45f026 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" @@ -441,8 +450,7 @@ int main(int argc, char *argv[]) } \ } else { \ mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \ - "\n", \ + " - cannot check type '" #TYPE "' of size %zu\n", \ sizeof(TYPE)); \ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ } \ From 4ec9536339a8209720633a78c76f74d707976522 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Feb 2026 21:34:32 +0100 Subject: [PATCH 56/60] Temporarily force standard *printf functions on MingW On MingW, temporarily force the use of the standard versions of `snprintf()` and `vsnprintf()` (since we set `__USE_MINGW_ANSI_STDIO` in `mbedtls_platform_requirements.h`). Do not honor `platform.h` configuration, because with the current TF-PSA-Crypto, `MBEDTLS_PLATFORM_VSNPRINTF_ALT and `MBEDTLS_PLATFORM_SNPRINTF_ALT` are always enabled on MinGW, so what matters is the setting of `__USE_MINGW_ANSI_STDIO` when `platform.c` is built, and until https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694, the legacy printf functions are used there. Revert this commit once the `tf-psa-crypto` module is updated with the merge of https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694. Signed-off-by: Gilles Peskine --- library/debug.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/library/debug.c b/library/debug.c index c27d15d12e..59969070c4 100644 --- a/library/debug.c +++ b/library/debug.c @@ -21,6 +21,20 @@ /* DEBUG_BUF_SIZE must be at least 2 */ #define DEBUG_BUF_SIZE 512 +/* Temporary hack: on MingW, do not honor the platform.h configuration + * for snprintf and vsnprintf. Instead, force the native functions, + * which are the standard ones, not the Windows legacy ones. + * + * This hack should be removed once TF-PSA-Crypto has been updated to + * use the standard printf family. + */ +#if defined(__MINGW32__) +#undef mbedtls_snprintf +#define mbedtls_snprintf snprintf +#undef mbedtls_vsnprintf +#define mbedtls_vsnprintf vsnprintf +#endif + int mbedtls_debug_snprintf(char *dest, size_t maxlen, const char *format, ...) { From eb1328285ba28159e8d6f0f36eb76d120ae10fb4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 28 Feb 2026 11:54:57 +0000 Subject: [PATCH 57/60] Update framework with support for standard printf on MinGW Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 8ed11c99fe..e07b6643e8 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 8ed11c99fe9e6d4d96289ebc1e134949421be917 +Subproject commit e07b6643e8db5fe2fdc20be288b91a2194316862 From a3d55d9ec71a7366e581447d2b0495d8795a22df Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Mar 2026 13:21:01 +0100 Subject: [PATCH 58/60] Document the purpose of mbedtls_common.h Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h index 2aacfcbc22..ef8448e12b 100644 --- a/library/mbedtls_common.h +++ b/library/mbedtls_common.h @@ -1,7 +1,19 @@ /** * \file mbedtls_common.h * - * \brief Utility macros for internal use in the library + * \brief Utility macros for internal use in the library. + * + * This file should be included as the first thing in all library C files + * (directly, or indirectly via x509_internal.h or ssl_misc.h). + * It must not be included by sample programs, since sample programs + * illustrate what you can do without the library sources. + * It may be included (often indirectly) by test code that isn't purely + * black-box testing. + * + * This file takes care of setting up requirements for platform headers. + * It includes the library configuration and derived macros. + * It additionally defines various utility macros and other definitions + * (but no function declarations). */ /* * Copyright The Mbed TLS Contributors From 436f1e30ad3eab1032ddf6a31bff9d054b8b9479 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Mar 2026 13:22:42 +0100 Subject: [PATCH 59/60] Include the config in mbedtls_commmon.h as promised Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h index ef8448e12b..43dac8266b 100644 --- a/library/mbedtls_common.h +++ b/library/mbedtls_common.h @@ -33,6 +33,10 @@ */ #include "mbedtls_platform_requirements.h" +/* From this point onwards, ensure we have the library configuration and + * the configuration-derived macros. */ +#include + /* Mbed TLS requires TF-PSA-Crypto internals. */ #include "tf_psa_crypto_common.h" From 29192f0a00d1fbdc8e35f7e7dbe710b340cdb761 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Mar 2026 13:23:50 +0100 Subject: [PATCH 60/60] Use the mbedtls_common.h in generated library .c files as well Signed-off-by: Gilles Peskine --- scripts/data_files/error.fmt | 4 ++-- scripts/data_files/version_features.fmt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 69bec9fe40..0d91ccbf32 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -1,11 +1,11 @@ -/* +/* -*-c-*- * Error message information * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/error.h" diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index fc71f5d777..4b28764a7e 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -1,11 +1,11 @@ -/* +/* -*-c-*- * Version feature information * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "ssl_misc.h" +#include "mbedtls_common.h" #if defined(MBEDTLS_VERSION_C)