TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,215 Commits 177 Branches 276 Tags
86eac795c9b42874b7df89a8931f18f00754252f
Commit Graph

34215 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
86eac795c9 Have MBEDTLS_TIMING_C require MBEDTLS_HAVE_TIME 
Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.

This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-19 16:53:52 +01:00
Valerio Setti
4398e83f29 Merge pull request #10600 from gilles-peskine-arm/update-submodules-20260216 
Update submodules
 2026-02-17 11:59:40 +00:00
David Horstmann
bac74a050c Merge pull request #10593 from gilles-peskine-arm/bump-version-202602-4.0 
Minor improvements to bump_version.sh
 2026-02-16 16:50:16 +00:00
Gilles Peskine
26e1a7c5c8 Update framework with XOF support in psasim 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-16 16:49:26 +01:00
Gilles Peskine
24c80cc536 Update tf-psa-crypto with mldsa-native 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-16 16:49:11 +01:00
Gilles Peskine
4602f36a93 Merge pull request #10596 from gilles-peskine-arm/check_committed_generated_files-mbedtls-actually_check_mbedtls 
Actually check committed generated files
 2026-02-12 15:11:38 +00:00
Gilles Peskine
d3a8582606 Actually check committed generated files 
We were accidentally running the check in TF-PSA-Crypto instead of in Mbed TLS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-12 13:16:18 +01:00
Gilles Peskine
05d8c71202 Don't treat --help as an error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-10 14:52:21 +01:00
Gilles Peskine
4cce03530a Remove unused variable 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-10 14:52:16 +01:00
Valerio Setti
2a72766d75 Merge pull request #10570 from valeriosetti/issue10349 
mbedtls 4.x does not expose mbedtls_ecp_curve_list()
 2026-02-03 11:01:11 +00:00
Valerio Setti
318e4314df changelog: add notes about helpers added to get list of known/supported TLS groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-02-02 13:38:03 +01:00
Valerio Setti
c3f585b8ee tests: ssl: fix typo in comment in test_mbedtls_ssl_get_supported_group_list 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-30 22:02:08 +01:00
Manuel Pégourié-Gonnard
75eec4b477 Merge pull request #10577 from h1wind/patch-1 
fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl".
 2026-01-29 10:30:18 +00:00
hi
4987340d24 fix code style in ssl_msg.c and add signoff 
Signed-off-by: hi <hi@nosec.me>
 2026-01-29 14:14:02 +08:00
hi
d823908335 fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl". 
Signed-off-by: hi <hi@nosec.me>
 2026-01-29 14:14:02 +08:00
Gilles Peskine
068ef9cbe0 Merge pull request #10511 from minosgalanakis/rework/move-psasim 
Rework/move psasim
 2026-01-28 18:05:59 +00:00
David Horstmann
d0bff58379 Merge pull request #10514 from ng-gsmk/development 
mbedtls_ssl_get_alert(): getter for fatal alerts
 2026-01-28 16:49:09 +00:00
Minos Galanakis
7663b9c727 Updated framework pointer 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-28 16:34:54 +00:00
Valerio Setti
476a2edea7 library: extend mbedtls_ssl_iana_tls_group_info_t structure 
Add new field that tells if the corresponding group is supported or not
in the current build.

Test function "test_mbedtls_ssl_get_supported_group_list" is extended
to verify this new feature.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-28 10:52:07 +01:00
Valerio Setti
9b49d5dbde library: ssl: fix documentation of IANA TLS group info 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 17:56:34 +01:00
Minos Galanakis
1c2b690389 Test Makefiles: Updated location of psasim 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-27 12:07:05 +00:00
Minos Galanakis
097e57874f Moved tests/psa-client-server to framework. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-27 12:07:05 +00:00
Valerio Setti
d658f3d41e tests: ssl: skip testing of MBEDTLS_SSL_IANA_TLS_GROUP_NONE 
This is already indirectly checked in 'test_mbedtls_tls_id_group_name_table'
because it's the last item of the list.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 12:26:21 +01:00
Nico Geyso
cc53b069d9 Improve changelog for alert getter 
Integrate suggestions by @ronald-cron-arm for changelog for alert
getter.

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-27 10:48:55 +01:00
Valerio Setti
4f1e4fba80 library: ssl: make the list of "TLS ID" <-> "group name" public when possible 
This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate
the library size.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 00:51:35 +01:00
Valerio Setti
bb4f584876 tests: ssl: improve test_mbedtls_tls_id_group_name_table() 
Check provided group_name also against the value returned from
mbedtls_ssl_get_curve_name_from_tls_id().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 00:44:56 +01:00
Valerio Setti
fb317afa9f library: ssl: rework macro to define known TLS ID <-> group name list 
- let the macro be an initializer for the array of known TLS IDs, not
  a variable declarator;
- last item's group name is NULL, not an empty string
- change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to
  MBEDTLS_SSL_IANA_TLS_GROUPS_INFO
- define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to
  hold each element of the table and that can be used the go over the
  list from user code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 00:36:17 +01:00
Nico Geyso
8a3bcb1434 Fix coding style conventions for mbedtls_ssl_context 
Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-26 15:38:50 +01:00
Nico Geyso
6afd8367b9 remove whitespace in mbedtls_ssl_session_msg_layer 
to comply with coding style, remove blank new line for alert reset

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-26 13:22:44 +01:00
Nico Geyso
4f83ebedd1 Fix outstanding code review issues 
- adjust function name to mbedtls_ssl_get_fatal_alert
- fix missing property name changes for  mbedtls_ssl_context

Signed-off-by: Nico Geyso <ng@gsmk.de>
 2026-01-26 13:15:07 +01:00
ng-gsmk
15c68993cb Apply suggestions from code review 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: ng-gsmk <ng@gsmk.de>
 2026-01-26 13:07:26 +01:00
Valerio Setti
c87adb64f2 tests: ssl: add test for TLS-ID <-> curve-name table 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-26 11:09:20 +01:00
Valerio Setti
7ca3c602b7 library: ssl: add macro for allocating a TLS-ID <-> group-name table 
Being a macro allow the table to be instatiated only when/if necessary
by the consuming code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-26 10:48:01 +01:00
Valerio Setti
2aecd2cd5f library|tests: ssl: remove secp256k1 from default groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 17:13:44 +01:00
Valerio Setti
6c5a9f04df library: ssl: improve/fix documentation of group related functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 17:04:46 +01:00
Valerio Setti
46a5f309d6 Merge pull request #10571 from mpg/fix-not-grep-2 
Fix more paths for "not grep"
 2026-01-22 12:52:42 +00:00
Valerio Setti
8686ad1a9e tests: ssl: add testing for mbedtls_ssl_get_supported_group_list() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 10:33:44 +01:00
Manuel Pégourié-Gonnard
499e3d13f7 Fix more paths for "not grep" 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2026-01-22 10:23:03 +01:00
Valerio Setti
335b1b6089 library: ssl: add missing secp256k1 to ssl_preset_default_groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:46 +01:00
Valerio Setti
67f30df5a1 library: ssl: use correct PSA_WANT for DH groups in ssl_preset_default_groups 
Use proper PSA_WANT_DH_RFC7919_xxx instead of PSA_WANT_ALG_FFDH.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:46 +01:00
Valerio Setti
2707100ab7 library: ssl: move location of ssl_preset_default_groups() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:45 +01:00
Valerio Setti
1ab51732e2 library: ssl: improve documentation of mbedtls_ssl_conf_groups() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:18 +01:00
Valerio Setti
0c8b25a684 library: ssl: add public function to retrieve the list of supported groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:17 +01:00
Gilles Peskine
5ed5aeb4d9 Merge pull request #10569 from gilles-peskine-arm/mldsa-pqcp-add-driver-mbedtls 
CMake: Declare pqcp driver to mbedtls
 2026-01-21 12:49:34 +00:00
David Horstmann
7294fc1c1a Merge pull request #10567 from yanesca/add_clarifications_4.x 
Add miscellaneous clarifications
 2026-01-20 16:38:53 +00:00
Gilles Peskine
abf6c3a9fb CMake: Declare pqcp driver to mbedtls 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-01-20 12:27:43 +01:00
Janos Follath
2b9f62a1be programs/README.md clarify security remark 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-20 10:39:40 +00:00
Janos Follath
a852e72746 SECURITY.md: make x509 data section more readable 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-20 10:38:16 +00:00
Janos Follath
7a9eceb53c Clarify purpose and suitability of sample programs 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-19 14:46:44 +00:00
Janos Follath
b712065a2e Clarify CRL security guarantees 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-01-19 14:42:11 +00:00