TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-02 18:46:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,336 Commits 179 Branches 280 Tags
971309addfdb4f026fa86561803d732d09cd18fa
Commit Graph

12751 Commits

Author SHA1 Message Date
Janos Follath
971309addf Use API function to set sig_alg config in test 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
25f971db87 Fix the MBEDTLS_TEST_HAS_ADDITIONAL_HASH macro 
It should require a hash that is configured in TLS 1.2 SSL contexts by
default.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:21 +00:00
Janos Follath
475ac34e1f sig_algs: Add non-regression test 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:27:18 +00:00
Janos Follath
bab37f69d9 Fix mbedtls_test_free_handshake_options 
We usually follow the pattern that a zero-initialised struct is safe to
free. This wasn't the case here.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:26:21 +00:00
Janos Follath
01f6ccf020 Fix root cert prerequisites 
This root certificate uses SECP-384 and if we don't have it in the
build, the parsing already fails even if we don't try to use it, there
is no reason to have it in the build without the SECP-384.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-03-16 12:26:21 +00:00
Manuel Pégourié-Gonnard
d8868c432f Merge pull request #1486 from ronald-cron-arm/tls12-2nd-client-hello 
Fix TLS 1.2 client hello after HRR
 2026-03-16 10:58:50 +01:00
Gilles Peskine
b9ff81c4c5 Merge remote-tracking branch 'development' into merge-development-restricted-20260311 2026-03-11 12:32:56 +01:00
Ronald Cron
759895e7df tls13_hrr_then_tls12_second_client_hello: Improve client and server state checks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 19:24:19 +01:00
Ronald Cron
139ac457ab tls13_hrr_then_tls12_second_client_hello: Improve some comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 19:24:13 +01:00
Ronald Cron
b5749b88f6 Merge pull request #10576 from ronald-cron-arm/dtls-client-hello-defragmentation 
Add support for (D)TLS 1.2 client hello defragmentation
 2026-03-10 14:46:07 +00:00
Ronald Cron
e051abd5e3 tls13_hrr_then_tls12_second_client_hello: Various improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 15:43:46 +01:00
Ronald Cron
269b390bb4 components-platform.sh: Fix path of compiler directory 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
aa024253d6 tests: make: Fix spaces instead of tab 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
32479c6a72 cmake: Introduce TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
a400a3bb8a Adapt list_internal_identifiers.py for upcoming directory changes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
f3a20d25d6 Prepare libtestdriver1 build for upcoming directory changes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
24bf98156a components*.sh: Handle current and upcoming object paths 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Ronald Cron
03ee085e10 Remove duplicated recursion tests 
The recursion tests for the crypto code
are run in a TF-PSA-Crypto component.
No need to run them in an Mbed TLS
component as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 08:28:51 +01:00
Gilles Peskine
3d4b7cd3f9 Merge remote-tracking branch 'development' into development-restricted 2026-03-03 19:00:20 +01:00
Gilles Peskine
3c67824964 test_suite_debug: test the printf used by debug.c 
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-26 20:56:03 +01:00
Gilles Peskine
7af09b4f21 Add a few more test cases for printf formats 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-26 19:54:59 +00:00
Bence Szépkúti
c2cb8565a5 Merge pull request #10607 from gilles-peskine-arm/timing-use-mstime 
Simplify MBEDTLS_TIMING_C to use mbedtls_ms_time()
 2026-02-26 14:38:50 +00:00
Ronald Cron
ed767bada9 tls13: Do not negotiate TLS 1.2 after an HRR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-26 15:16:46 +01:00
Ronald Cron
75b8b0f4d9 Add unit test with TLS 1.2 nego after HRR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-26 14:15:30 +01:00
Ronald Cron
814f5da61a ssl-opt.sh: Use more diverse MTUs 
Do not use only power of 2 MTUs.
Use diverse MTUs in DTLS reassembly/
fragmenting/proxy tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
3ddc63d74e ssl-opt.sh: DTLS reassembly: Improve max_content_len requirements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
e436f74576 ssl-opt.sh: Fix/improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
6e270c0465 ssl-opt.sh: Add tests with CH fragmented with DTLS in default config 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
c1cbfdd072 ssl-opt.sh: Add interop test of DTLS defragmentation on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
2e9b9681e6 ssl_server2.c: DTLS: Attempt to read the response to the close notification 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
fa5e75d6f6 ssl-opt.sh: Relax deps of handshake defrag tests 
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.

TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Valerio Setti
b41c8f6e04 Merge pull request #10608 from bjwtaylor/DriverVsReference_removal 
Remove DriverVsReference tasks from analyze_outcomes.py
 2026-02-23 09:01:25 +00:00
Gilles Peskine
99c4159681 Disable Unix-like integration code in baremetal builds in all.sh 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-21 21:20:36 +01:00
Ben Taylor
d507b46684 Remove DriverVsReference tasks from analyze_outcomes.py 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-02-20 15:08:33 +00:00
Ronald Cron
73be048c8a ssl-opt.sh: Revert leftover debug level increase 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
076ddc3ac7 tests: cmake: Fix dependency on generate_tls_handshake_tests.py 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
4f0741498c ssl_msg.c: Improve handshake message fragmenting message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
b952ba09d6 ssl-opt.sh: Improve DTLS proxy 3d tests 
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
addf640a3b ssl-opt.sh: Improve DTLS reassembly tests 
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
cad9c8ae71 ssl-opt.sh: Remove DTLS reassembly redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
8f0240c350 ssl-opt.sh: Remove CH reassembly unsupported test 
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
7fe38dd934 ssl_msg.c: Improve HS message reassembly completed message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
1b5a0b1877 Add branch specific generate_tls_handshake_tests.py file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 13:02:26 +01:00
Ronald Cron
57b29c2fe5 Introduce branch specific make_generated_files.py 
Introduce branch specific make_generated_files.py
and use it in the development branch.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 13:02:26 +01:00
Gilles Peskine
d3a8582606 Actually check committed generated files 
We were accidentally running the check in TF-PSA-Crypto instead of in Mbed TLS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-12 13:16:18 +01:00
Janos Follath
d5e7465ea0 inet_pton: help ASan find the underflow 
The generated unit tests have the input parameters in large stack
buffers and therefore ASan doesn't notice under or overflows in them.
Copy the input parameter into a locally allocated buffer to trigger ASan
if something goes wrong.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-02-12 08:11:37 +00:00
Janos Follath
346720d674 Add ASan to test_sw_inet_pton 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-02-12 08:11:37 +00:00
Janos Follath
f7b4b5aac0 Add malicious ip test for inet_pton 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2026-02-11 16:34:04 +00:00
Valerio Setti
2a72766d75 Merge pull request #10570 from valeriosetti/issue10349 
mbedtls 4.x does not expose mbedtls_ecp_curve_list()
 2026-02-03 11:01:11 +00:00
Valerio Setti
c3f585b8ee tests: ssl: fix typo in comment in test_mbedtls_ssl_get_supported_group_list 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-30 22:02:08 +01:00