TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,301 Commits 177 Branches 276 Tags
22245cb2942531adf8010654757dcbde43c8064b
Commit Graph

34301 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
d0bff58379 Merge pull request #10514 from ng-gsmk/development 
mbedtls_ssl_get_alert(): getter for fatal alerts
 2026-01-28 16:49:09 +00:00
Minos Galanakis
7663b9c727 Updated framework pointer 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-28 16:34:54 +00:00
Valerio Setti
476a2edea7 library: extend mbedtls_ssl_iana_tls_group_info_t structure 
Add new field that tells if the corresponding group is supported or not
in the current build.

Test function "test_mbedtls_ssl_get_supported_group_list" is extended
to verify this new feature.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-28 10:52:07 +01:00
Valerio Setti
9b49d5dbde library: ssl: fix documentation of IANA TLS group info 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 17:56:34 +01:00
Minos Galanakis
1c2b690389 Test Makefiles: Updated location of psasim 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-27 12:07:05 +00:00
Minos Galanakis
097e57874f Moved tests/psa-client-server to framework. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-27 12:07:05 +00:00
Valerio Setti
d658f3d41e tests: ssl: skip testing of MBEDTLS_SSL_IANA_TLS_GROUP_NONE 
This is already indirectly checked in 'test_mbedtls_tls_id_group_name_table'
because it's the last item of the list.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 12:26:21 +01:00
Nico Geyso
cc53b069d9 Improve changelog for alert getter 
Integrate suggestions by @ronald-cron-arm for changelog for alert
getter.

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-27 10:48:55 +01:00
Valerio Setti
4f1e4fba80 library: ssl: make the list of "TLS ID" <-> "group name" public when possible 
This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate
the library size.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 00:51:35 +01:00
Valerio Setti
bb4f584876 tests: ssl: improve test_mbedtls_tls_id_group_name_table() 
Check provided group_name also against the value returned from
mbedtls_ssl_get_curve_name_from_tls_id().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 00:44:56 +01:00
Valerio Setti
fb317afa9f library: ssl: rework macro to define known TLS ID <-> group name list 
- let the macro be an initializer for the array of known TLS IDs, not
  a variable declarator;
- last item's group name is NULL, not an empty string
- change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to
  MBEDTLS_SSL_IANA_TLS_GROUPS_INFO
- define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to
  hold each element of the table and that can be used the go over the
  list from user code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 00:36:17 +01:00
Nico Geyso
8a3bcb1434 Fix coding style conventions for mbedtls_ssl_context 
Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-26 15:38:50 +01:00
Nico Geyso
6afd8367b9 remove whitespace in mbedtls_ssl_session_msg_layer 
to comply with coding style, remove blank new line for alert reset

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-26 13:22:44 +01:00
Nico Geyso
4f83ebedd1 Fix outstanding code review issues 
- adjust function name to mbedtls_ssl_get_fatal_alert
- fix missing property name changes for  mbedtls_ssl_context

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-26 13:15:07 +01:00
ng-gsmk
15c68993cb Apply suggestions from code review 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: ng-gsmk <ng@gsmk.de>
 2026-01-26 13:07:26 +01:00
Valerio Setti
c87adb64f2 tests: ssl: add test for TLS-ID <-> curve-name table 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-26 11:09:20 +01:00
Valerio Setti
7ca3c602b7 library: ssl: add macro for allocating a TLS-ID <-> group-name table 
Being a macro allow the table to be instatiated only when/if necessary
by the consuming code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-26 10:48:01 +01:00
Valerio Setti
2aecd2cd5f library|tests: ssl: remove secp256k1 from default groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 17:13:44 +01:00
Valerio Setti
6c5a9f04df library: ssl: improve/fix documentation of group related functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 17:04:46 +01:00
Valerio Setti
46a5f309d6 Merge pull request #10571 from mpg/fix-not-grep-2 
Fix more paths for "not grep"
 2026-01-22 12:52:42 +00:00
Valerio Setti
8686ad1a9e tests: ssl: add testing for mbedtls_ssl_get_supported_group_list() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 10:33:44 +01:00
Manuel Pégourié-Gonnard
499e3d13f7 Fix more paths for "not grep" 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2026-01-22 10:23:03 +01:00
Valerio Setti
335b1b6089 library: ssl: add missing secp256k1 to ssl_preset_default_groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:46 +01:00
Valerio Setti
67f30df5a1 library: ssl: use correct PSA_WANT for DH groups in ssl_preset_default_groups 
Use proper PSA_WANT_DH_RFC7919_xxx instead of PSA_WANT_ALG_FFDH.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:46 +01:00
Valerio Setti
2707100ab7 library: ssl: move location of ssl_preset_default_groups() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:45 +01:00
Valerio Setti
1ab51732e2 library: ssl: improve documentation of mbedtls_ssl_conf_groups() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:18 +01:00
Valerio Setti
0c8b25a684 library: ssl: add public function to retrieve the list of supported groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:17 +01:00
Gilles Peskine
5ed5aeb4d9 Merge pull request #10569 from gilles-peskine-arm/mldsa-pqcp-add-driver-mbedtls 
CMake: Declare pqcp driver to mbedtls
 2026-01-21 12:49:34 +00:00
David Horstmann
7294fc1c1a Merge pull request #10567 from yanesca/add_clarifications_4.x 
Add miscellaneous clarifications
 2026-01-20 16:38:53 +00:00
Gilles Peskine
abf6c3a9fb CMake: Declare pqcp driver to mbedtls 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-01-20 12:27:43 +01:00
Janos Follath
2b9f62a1be programs/README.md clarify security remark 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-20 10:39:40 +00:00
Janos Follath
a852e72746 SECURITY.md: make x509 data section more readable 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-20 10:38:16 +00:00
Janos Follath
7a9eceb53c Clarify purpose and suitability of sample programs 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-19 14:46:44 +00:00
Janos Follath
b712065a2e Clarify CRL security guarantees 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-19 14:42:11 +00:00
Valerio Setti
069cfbd43c Merge pull request #10564 from valeriosetti/issue10380-mbedtls 
Remove unused script `set_psa_test_dependencies.py`
 2026-01-16 15:11:14 +00:00
Gilles Peskine
d49372176f Merge pull request #10551 from bjwtaylor/remove-drbg-modules 
Remove use of DRBG modules from sample programs
 2026-01-15 12:14:24 +00:00
Ben Taylor
fe3f378eec Restore mbedtls_memory_buffer_alloc_free_and_self_test, as it is still required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-15 08:38:06 +00:00
Ben Taylor
4569547e59 Add fixes for defines in selftest 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-15 07:56:29 +00:00
Ben Taylor
842d2d948c Re-add mbedtls_entropy_self_test_wrapper 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:18:33 +00:00
Ben Taylor
b300692011 Remove some headers from ssl_test_lib.h, as they are no longer required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:09:15 +00:00
Ben Taylor
dcf7670825 Add further rng removals highlighted by the ci 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:23 +00:00
Ben Taylor
7d71244dc3 Remove rng_context_t, as it is no longer useful 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:23 +00:00
Ben Taylor
767a3655e5 Remove f_rng p_rng, as these are no longer used 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:23 +00:00
Ben Taylor
b6cccdf8b5 Replace mbedtls_psa_get_random 
Replace mbedtls_psa_get_random with psa_generate_random, as this is a backwards
compatibility layer that is now longer required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:23 +00:00
Ben Taylor
552f31410c Re-add the HMAC_DRBG and CTR_DRBG are cryptographic modules as they are still required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:22 +00:00
Ben Taylor
79002cc990 Remove rng_get from sample programs, as it is no longer required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:22 +00:00
Ben Taylor
99ec289535 Remove duplicated reproducable 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:22 +00:00
Ben Taylor
eace7ca23f Remove double initialisation of psa 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:22 +00:00
Ben Taylor
fe978ac1f3 Remove Deprecated Items From Sample Programs 
Remove the drbg module and entropy functions from the sample programs as these are
now handled by their PSA equivalents

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-14 13:01:22 +00:00
Valerio Setti
4e2584d681 tests: scripts: remove set_psa_test_dependencies.py 
This script was used in the past, but it has since been replaced with
other scripts and nowadays it's no more used anywhere.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-14 13:34:32 +01:00