TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-05 17:37:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,482 Commits 179 Branches 280 Tags
development
Commit Graph

12812 Commits

Author SHA1 Message Date
Gilles Peskine
a314ada082 Merge pull request #10631 from yiwu0b11/destdir_install_env_support 
Support DESTDIR for install and add build-system test
 2026-04-29 14:37:29 +00:00
Valerio Setti
51b62060de Merge pull request #10639 from valeriosetti/ecdhe-rsa-fix-check 
library: check_config: remove RSA encryption requirement from ECDHE-RSA
 2026-04-24 07:30:47 +00:00
Maokaman1
78336bb5bd Merge branch 'Mbed-TLS:development' into fix/tls12-rsa-pss-sigalgs 2026-04-17 19:13:43 +03:00
Viktor Sokolovskiy
2168fe9cda ssl: narrow TLS 1.2 RSA-PSS handling and add interop coverage 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-16 04:36:48 +03:00
Yi Wu
970df30a8f test: improve symlink checks 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-15 12:13:09 +01:00
Yi Wu
0c02d74a48 test: versioned symlink order fix 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-14 11:06:16 +01:00
Yi Wu
f38b17e7a0 test: reorder if-else structure 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-14 10:12:44 +01:00
Yi Wu
331ad77fe2 test: add debug output and fix for win config 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-13 15:13:52 +01:00
Yi Wu
e9e0409b11 tests: fix DESTDIR install checks and add macOS compatibility 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-04-13 12:48:01 +01:00
Gilles Peskine
806e1d365b Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-08 17:22:10 +02:00
Gilles Peskine
d25f03919a INTERNAL_TEST_CASES moved to a separate data-only module 
This way, when Mbed TLS's `analyze_outcomes.py` loads the python module from
TF-PSA-Crypto (because it needs to know the value of `INTERNAL_TEST_CASES`),
there's no risk that the subproject and the superproject will have different
requirements on auxiliary modules such as `mbedtls_framework.outcome_analysis`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-08 15:47:49 +02:00
Gilles Peskine
16a90a556e Add copyright line 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-08 15:31:52 +02:00
Viktor Sokolovskiy
f75c033ead ssl: add TLS 1.2 RSA-PSS regression coverage 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-07 20:20:09 +03:00
Gilles Peskine
667a3f6442 Move test currently covered by crypto from uncovered list to ignored list 
If we can't read `INTERNAL_TEST_CASES` from
`tf-psa-crypto/tests/scripts/analyze_outcomes.py` because the script doesn't
exist, hard-code the legacy value of that information.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:47:24 +02:00
Gilles Peskine
1978e1bd6b Ignore test cases that TF-PSA-Crypto tells us to ignore 
If the `tf-psa-crypto` submodule has `tests/scripts/analyze_outcomes.py`,
require it to define a global variable `INTERNAL_TEST_CASES`. Those test
cases will be ignored in Mbed TLS's coverage analysis.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:47:13 +02:00
Gilles Peskine
bb5cfbbdec Move _has_word_re to the framework 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:06:39 +02:00
Gilles Peskine
68d6b07287 Rename IGNORED_TESTS to UNCOVERED_TESTS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-04-07 11:06:39 +02:00
Viktor Sokolovskiy
c064ba0edb ssl: accept TLS 1.2 rsa_pss_rsae signature schemes 
Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
 2026-04-04 03:57:04 +03:00
Minos Galanakis
6804c92d7d Merge tag 'mbedtls-4.1.0' into mbedtls-4.1.0_mergeback 
Mbed TLS 4.1.0

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-31 15:35:49 +01:00
Minos Galanakis
e89565f92a Bump version 
./scripts/bump_version.sh --version 4.1.0 \
  --so-crypto 18 --so-tls 23 --so-x509 9

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:34:28 +00:00
Minos Galanakis
308e7fb232 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:18:31 +00:00
Yi Wu
532db3d49e Test: add symlinks and dangling link check 
Signed-off-by: Yi Wu <yi.wu2@arm.com>
 2026-03-26 09:27:41 +00:00
Ronald Cron
7a8fbc2100 Remove debug leftover 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
1141cd0fb6 Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
fbe388dc28 ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests 
In DTLS reassembly tests, the server may receive a close_notify alert at the
end of a test. In this case, the Mbed TLS server logs an error, so these tests
should not check for the absence of the string "error" in the server logs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
f285018fa3 Disable "DTLS proxy: 3d, (openssl|gnutls) client, fragmentation" tests 
The tests fail intermittently on the CI with a frequency that
significantly impacts CI throughput.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:22 +01:00
Ronald Cron
16c5dd99b3 Introduce ssl_buffering_shift_slots 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:44:16 +01:00
Ronald Cron
ade56554a6 Revert "ssl_server2.c: DTLS: Attempt to read the response to the close notification" 
This reverts commit 2e9b9681e6.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-24 18:38:37 +01:00
Gilles Peskine
aa40ca90d9 Move check_committed_generated_files to its own component 
This will probably help when a framework change causes the content of these
files to change. See https://github.com/Mbed-TLS/mbedtls-test/issues/252

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-23 15:38:32 +01:00
Gilles Peskine
61cf7bdc90 Add Python requirements from framework/util 
Any `all.sh` component that runs a script that requires a more recent
version of Python must have a `support_xxx` function that checks for the
requisite Python version or package. At this time, there is no such
requirement yet in the mbedtls repository.

The directory `framework/util` is not yet checked by `pylint` or `mypy`,
because we use older versions of these tools that don't work well with
modern Python versions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-23 15:38:28 +01:00
Gilles Peskine
260992c0f4 check_committed_generated_files.py: use the new generate_files_helper module 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-23 15:37:45 +01:00
Gilles Peskine
4a21496d6f Prepare to generalize check_option_lists.py 
We're going to have more committed generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-23 15:37:45 +01:00
Valerio Setti
a201a74b7d tests: depends.py: extend pkalgs including PSA_WANT_ALG_RSA_PKCS1V15_SIGN 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-19 17:50:26 +01:00
Valerio Setti
63df2f79a4 tests: depends.py: fix reverse dependency for RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-19 17:50:26 +01:00
Gilles Peskine
7f4fe3943d Merge pull request #10624 from gilles-peskine-arm/audit_validity_dates-move-to-framework 
Move some scripts to the framework
 2026-03-19 12:19:00 +00:00
Ronald Cron
cb0b594a9d Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure 
Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure
 2026-03-17 10:36:38 +00:00
Valerio Setti
e4d2126ad8 tests: ssl: replace dependency from RSA PSS to PKCS v1.5 in one handshake test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-16 21:31:14 +01:00
Valerio Setti
2258cb7b5a tests: pkcs7: ease requirements for parse tests 
replace PSA_HAVE_ALG_SOME_RSA_VERIFY with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-16 13:52:01 +01:00
Valerio Setti
0dfc52e740 tests: ssl: replace remaining occurrences of legacy RSA algorithms 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-16 13:52:01 +01:00
Valerio Setti
ed0aebd2c5 tests: bulk replace MBEDTLS_RSA_C with PSA_HAVE_ALG_SOME_RSA_SIGN 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-16 13:52:01 +01:00
Valerio Setti
2fab51329b tests: bulk replace MBEDTLS_RSA_C with PSA_HAVE_ALG_SOME_RSA_VERIFY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-16 13:52:01 +01:00
Valerio Setti
ff2630664a tests: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-16 13:52:01 +01:00
Janos Follath
703c2a6d7c Fix a typo and an oversight 
DEBUG_C supposed to have been removed from the test dependencies, still
being there is an oversight. Removing it was the sole purpose of
3e58109fbd.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:28:36 +00:00
Janos Follath
862c191f4f send_invalid_sig_alg: reduce debug dependency 
Run as much of the test as we can even in the abscence of
MBEDTLS_DEBUG_C.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:28:36 +00:00
Janos Follath
8d21dbf8e8 Fix dependencies 
The unit test framework always loads the client key as well, which
requires a different curve and a hash than the server key.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:28:36 +00:00
Janos Follath
75092c8262 send_invalid_sig_alg: add baseline test 
Add a test case with a successful handshake for each test case that
causes the desired handshake failure, with minimal differences between
the two.

The reason is to have more assurance that the handshake is failing for
the desired reason (as opposed to not having done something correctly in
the test code).

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:28:34 +00:00
Janos Follath
6394676a74 Fix test case dependency 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
c139e44935 Fix typos 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
6cb0d86f16 Fix some compile time guards 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
305aef1ad7 send_invalid_sig_alg: check logs 
There are other issues that can fail with the same error code. Make sure
that the handshake fails exactly the way we want it to fail by analysing
the client logs.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00