TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-03 02:56:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,336 Commits 179 Branches 280 Tags
971309addfdb4f026fa86561803d732d09cd18fa
Commit Graph

34336 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Janos Follath
971309addf Use API function to set sig_alg config in test 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
25f971db87 Fix the MBEDTLS_TEST_HAS_ADDITIONAL_HASH macro 
It should require a hash that is configured in TLS 1.2 SSL contexts by
default.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
e8894974cb Reintroduce ssl_parse_signature_algorithm 
The logic was easier to follow before 693a47a, which removed the
ssl_parse_signature_algorithm function and introduced the bug being
fixed in this PR.

When validating multiple conditions, it's easier to read, easier to
debug and, as we can see, easier to get right if you validate them
separately.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
f68d402029 sig_algs: add ChangeLog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
475ac34e1f sig_algs: Add non-regression test 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:18 +00:00
Janos Follath
bab37f69d9 Fix mbedtls_test_free_handshake_options 
We usually follow the pattern that a zero-initialised struct is safe to
free. This wasn't the case here.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:26:21 +00:00
Janos Follath
01f6ccf020 Fix root cert prerequisites 
This root certificate uses SECP-384 and if we don't have it in the
build, the parsing already fails even if we don't try to use it, there
is no reason to have it in the build without the SECP-384.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:26:21 +00:00
Janos Follath
d7b85b76a6 sig_algs: fix typo in client's sig_algs check 
This bug caused the client accepting sig_algs used by the server that
it explicitly wanted to disallow.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:26:21 +00:00
Manuel Pégourié-Gonnard
d8868c432f Merge pull request #1486 from ronald-cron-arm/tls12-2nd-client-hello 
Fix TLS 1.2 client hello after HRR
 2026-03-16 10:58:50 +01:00
Gilles Peskine
cb4d172ce0 Merge pull request #1507 from gilles-peskine-arm/merge-development-restricted-20260311 
Merge public development with tf-psa-crypto directory reorg prep
 2026-03-11 16:04:01 +01:00
Gilles Peskine
f51e72ab2d Update tf-psa-crypto to development 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-11 12:35:30 +01:00
Gilles Peskine
b9ff81c4c5 Merge remote-tracking branch 'development' into merge-development-restricted-20260311 2026-03-11 12:32:56 +01:00
Ronald Cron
622b69d1d0 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 19:24:19 +01:00
Ronald Cron
759895e7df tls13_hrr_then_tls12_second_client_hello: Improve client and server state checks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 19:24:19 +01:00
Ronald Cron
139ac457ab tls13_hrr_then_tls12_second_client_hello: Improve some comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 19:24:13 +01:00
Ronald Cron
b5749b88f6 Merge pull request #10576 from ronald-cron-arm/dtls-client-hello-defragmentation 
Add support for (D)TLS 1.2 client hello defragmentation
 2026-03-10 14:46:07 +00:00
Ronald Cron
e051abd5e3 tls13_hrr_then_tls12_second_client_hello: Various improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 15:43:46 +01:00
Ronald Cron
09210ea54f Restore seq number check of post-handshake ClientHello msg 
The check was wrongly removed by the commit
"ssl_tls12_server.c: Move ClientHello message_seq adjustment".

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 10:12:55 +01:00
Ronald Cron
7f40da187c ssl_tls12_server.c: Move back the digest update 
Move back the digest update just after
the call to mbedtls_ssl_read_record().
It fits well here as we explain in the
comment associated to the call to
mbedtls_ssl_read_record() that we
update it manually.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 08:25:21 +01:00
Ronald Cron
65a038198e Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 23:28:50 +01:00
Gilles Peskine
11d1f51631 Merge pull request #10464 from bensze01/abicheck-port 
Move abi_check.py to the framework
 2026-03-09 13:57:04 +00:00
Valerio Setti
109ce5e687 Merge pull request #10617 from ronald-cron-arm/tf-psa-crypto-reorg-prep 
Prepare for TF-PSA-Crypto repository reorganization
 2026-03-09 11:49:28 +00:00
Manuel Pégourié-Gonnard
fe2599ea82 Merge pull request #1487 from davidhorstmann-arm/fix-null-pointer-dereference 
Fix null pointer dereference in `mbedtls_x509_string_to_names()`
 2026-03-09 12:43:08 +01:00
Manuel Pégourié-Gonnard
b6c3aa7f31 Merge pull request #1502 from gilles-peskine-arm/merge-development-restricted-20260309 
Merge development public into restricted (ready for fork fix)
 2026-03-09 10:13:38 +01:00
Ronald Cron
bef136e607 Update framework pointer to the merge of PR 280 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:30:07 +01:00
Ronald Cron
269b390bb4 components-platform.sh: Fix path of compiler directory 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
aa024253d6 tests: make: Fix spaces instead of tab 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
32479c6a72 cmake: Introduce TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
a400a3bb8a Adapt list_internal_identifiers.py for upcoming directory changes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
f3a20d25d6 Prepare libtestdriver1 build for upcoming directory changes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
325170b962 legacy.make: Add globs and paths for tags and cscope 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
24bf98156a components*.sh: Handle current and upcoming object paths 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
03ee085e10 Remove duplicated recursion tests 
The recursion tests for the crypto code
are run in a TF-PSA-Crypto component.
No need to run them in an Mbed TLS
component as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
ae82217476 programs: metatest: Add tf-psa-crypto/platform as include dir 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
1ef64a73e4 programs: metatest: Remove include path duplication 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Gilles Peskine
ba5774387b Update framework with psasim serialise supporting unsigned and crypto dir reorg prep 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-08 20:30:08 +01:00
Gilles Peskine
cf02249039 Merge remote-tracking branch 'development' into merge-development-restricted-20260309 2026-03-08 20:24:58 +01:00
Gilles Peskine
65da2a38bf Merge pull request #10606 from gilles-peskine-arm/unix-detection-202601-4.0 
Simplify platform requirements before 4.1
 2026-03-06 18:06:08 +00:00
David Horstmann
dba3c2de82 Merge pull request #1499 from gilles-peskine-arm/inet_pton-changelog-attribution 
Update attribution to conform to contributor's request
 2026-03-05 15:00:17 +00:00
Gilles Peskine
68c44a4a97 Update attribution to conform to contributor's request 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-05 12:10:16 +01:00
Manuel Pégourié-Gonnard
73639eb35a Merge pull request #1494 from gilles-peskine-arm/merge-development-restricted-20260303 
Merge public into development-restricted
 2026-03-04 12:11:08 +01:00
Gilles Peskine
b38e28dbf0 Make sure we declare TF-PSA-Crypto platform requirements before including system headers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-04 11:54:35 +01:00
Gilles Peskine
037f3c62ff Tell MSVC to allow non-s functions where needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-04 11:32:18 +01:00
Gilles Peskine
37fd7d5210 Start from a clean baseline for C11 ext1 and POSIX features 
Define `_POSIX_C_SOURCE` and `_XOPEN_SOURCE` in a single place that
applies everywhere, to make things simple.

This may break some platforms that require special handling for POSIX
functions and types. Subsequent commits will add platform-specific hacks
as needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-04 11:32:18 +01:00
Gilles Peskine
e8dec9c031 Unify the detection of Unix-like platforms 
We were using slightly different guards to decide whether to include
`<unistd.h>` in different places. Unify those.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-04 11:32:18 +01:00
Gilles Peskine
5d479d8050 Update tf-psa-crypto with unified Unix detection 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-04 11:32:15 +01:00
Gilles Peskine
3d4b7cd3f9 Merge remote-tracking branch 'development' into development-restricted 2026-03-03 19:00:20 +01:00
Bence Szépkúti
1d088bb84e Merge pull request #10625 from gilles-peskine-arm/unix-detection-202601-mingw-prep 
Simplify platform requirements before 4.1: MingW
 2026-03-02 15:04:34 +00:00
Gilles Peskine
29192f0a00 Use the mbedtls_common.h in generated library .c files as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-02 12:25:03 +00:00
Gilles Peskine
436f1e30ad Include the config in mbedtls_commmon.h as promised 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-03-02 12:25:02 +00:00