mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00

Author	SHA1	Message	Date
David Horstmann	bac74a050c	Merge pull request #10593 from gilles-peskine-arm/bump-version-202602-4.0 Minor improvements to bump_version.sh	2026-02-16 16:50:16 +00:00
Gilles Peskine	26e1a7c5c8	Update framework with XOF support in psasim Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-02-16 16:49:26 +01:00
Gilles Peskine	24c80cc536	Update tf-psa-crypto with mldsa-native Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-02-16 16:49:11 +01:00
Gilles Peskine	4602f36a93	Merge pull request #10596 from gilles-peskine-arm/check_committed_generated_files-mbedtls-actually_check_mbedtls Actually check committed generated files	2026-02-12 15:11:38 +00:00
Valerio Setti	384a16746f	library: check_config: remove redundant check on hash algorithms for TLS 1.2 TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not correct. The correct version is already available few lines below in the same header file. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-02-12 14:12:30 +01:00
Gilles Peskine	d3a8582606	Actually check committed generated files We were accidentally running the check in TF-PSA-Crypto instead of in Mbed TLS. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-02-12 13:16:18 +01:00
Gilles Peskine	05d8c71202	Don't treat --help as an error Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-02-10 14:52:21 +01:00
Gilles Peskine	4cce03530a	Remove unused variable Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-02-10 14:52:16 +01:00
Valerio Setti	2a72766d75	Merge pull request #10570 from valeriosetti/issue10349 mbedtls 4.x does not expose mbedtls_ecp_curve_list()	2026-02-03 11:01:11 +00:00
Valerio Setti	318e4314df	changelog: add notes about helpers added to get list of known/supported TLS groups Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-02-02 13:38:03 +01:00
Valerio Setti	c3f585b8ee	tests: ssl: fix typo in comment in test_mbedtls_ssl_get_supported_group_list Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-30 22:02:08 +01:00
David Horstmann	8b1d9e49d9	Reword to be more specific Specify that the cryptographic operations of Mbed TLS are governed by its threat model and point specifically to block ciphers as an important case of this. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-01-30 14:51:59 +00:00
David Horstmann	7bba265eed	Add link to TF-PSA-Crypto SECURITY.md To avoid confusion about the threat model of cryptographic code, add a link to the SECURITY.md of TF-PSA-Crypto. This should help users who are unaware that the cryptography has been split into a separate repository. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-01-30 12:23:16 +00:00
Manuel Pégourié-Gonnard	75eec4b477	Merge pull request #10577 from h1wind/patch-1 fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl".	2026-01-29 10:30:18 +00:00
hi	4987340d24	fix code style in ssl_msg.c and add signoff Signed-off-by: hi <hi@nosec.me>	2026-01-29 14:14:02 +08:00
hi	d823908335	fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl". Signed-off-by: hi <hi@nosec.me>	2026-01-29 14:14:02 +08:00
Gilles Peskine	068ef9cbe0	Merge pull request #10511 from minosgalanakis/rework/move-psasim Rework/move psasim	2026-01-28 18:05:59 +00:00
David Horstmann	d0bff58379	Merge pull request #10514 from ng-gsmk/development mbedtls_ssl_get_alert(): getter for fatal alerts	2026-01-28 16:49:09 +00:00
Minos Galanakis	7663b9c727	Updated framework pointer Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-01-28 16:34:54 +00:00
Valerio Setti	476a2edea7	library: extend mbedtls_ssl_iana_tls_group_info_t structure Add new field that tells if the corresponding group is supported or not in the current build. Test function "test_mbedtls_ssl_get_supported_group_list" is extended to verify this new feature. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-28 10:52:07 +01:00
Valerio Setti	9b49d5dbde	library: ssl: fix documentation of IANA TLS group info Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-27 17:56:34 +01:00
Minos Galanakis	1c2b690389	Test Makefiles: Updated location of psasim Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-01-27 12:07:05 +00:00
Minos Galanakis	097e57874f	Moved tests/psa-client-server to framework. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2026-01-27 12:07:05 +00:00
Valerio Setti	d658f3d41e	tests: ssl: skip testing of MBEDTLS_SSL_IANA_TLS_GROUP_NONE This is already indirectly checked in 'test_mbedtls_tls_id_group_name_table' because it's the last item of the list. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-27 12:26:21 +01:00
Nico Geyso	cc53b069d9	Improve changelog for alert getter Integrate suggestions by @ronald-cron-arm for changelog for alert getter. Signed-off-by: Nico Geyso <ng@gsmk.de>	2026-01-27 10:48:55 +01:00
Valerio Setti	4f1e4fba80	library: ssl: make the list of "TLS ID" <-> "group name" public when possible This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate the library size. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-27 00:51:35 +01:00
Valerio Setti	bb4f584876	tests: ssl: improve test_mbedtls_tls_id_group_name_table() Check provided group_name also against the value returned from mbedtls_ssl_get_curve_name_from_tls_id(). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-27 00:44:56 +01:00
Valerio Setti	fb317afa9f	library: ssl: rework macro to define known TLS ID <-> group name list - let the macro be an initializer for the array of known TLS IDs, not a variable declarator; - last item's group name is NULL, not an empty string - change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to MBEDTLS_SSL_IANA_TLS_GROUPS_INFO - define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to hold each element of the table and that can be used the go over the list from user code. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-27 00:36:17 +01:00
Nico Geyso	8a3bcb1434	Fix coding style conventions for mbedtls_ssl_context Signed-off-by: Nico Geyso <ng@gsmk.de>	2026-01-26 15:38:50 +01:00
Nico Geyso	6afd8367b9	remove whitespace in mbedtls_ssl_session_msg_layer to comply with coding style, remove blank new line for alert reset Signed-off-by: Nico Geyso <ng@gsmk.de>	2026-01-26 13:22:44 +01:00
Nico Geyso	4f83ebedd1	Fix outstanding code review issues - adjust function name to mbedtls_ssl_get_fatal_alert - fix missing property name changes for mbedtls_ssl_context Signed-off-by: Nico Geyso <ng@gsmk.de>	2026-01-26 13:15:07 +01:00
ng-gsmk	15c68993cb	Apply suggestions from code review Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: ng-gsmk <ng@gsmk.de>	2026-01-26 13:07:26 +01:00
Valerio Setti	c87adb64f2	tests: ssl: add test for TLS-ID <-> curve-name table Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-26 11:09:20 +01:00
Valerio Setti	7ca3c602b7	library: ssl: add macro for allocating a TLS-ID <-> group-name table Being a macro allow the table to be instatiated only when/if necessary by the consuming code. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-26 10:48:01 +01:00
Valerio Setti	2aecd2cd5f	library\|tests: ssl: remove secp256k1 from default groups Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 17:13:44 +01:00
Valerio Setti	6c5a9f04df	library: ssl: improve/fix documentation of group related functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 17:04:46 +01:00
Valerio Setti	46a5f309d6	Merge pull request #10571 from mpg/fix-not-grep-2 Fix more paths for "not grep"	2026-01-22 12:52:42 +00:00
Valerio Setti	8686ad1a9e	tests: ssl: add testing for mbedtls_ssl_get_supported_group_list() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 10:33:44 +01:00
Manuel Pégourié-Gonnard	499e3d13f7	Fix more paths for "not grep" Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-01-22 10:23:03 +01:00
Valerio Setti	335b1b6089	library: ssl: add missing secp256k1 to ssl_preset_default_groups Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 09:43:46 +01:00
Valerio Setti	67f30df5a1	library: ssl: use correct PSA_WANT for DH groups in ssl_preset_default_groups Use proper PSA_WANT_DH_RFC7919_xxx instead of PSA_WANT_ALG_FFDH. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 09:43:46 +01:00
Valerio Setti	2707100ab7	library: ssl: move location of ssl_preset_default_groups() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 09:43:45 +01:00
Valerio Setti	1ab51732e2	library: ssl: improve documentation of mbedtls_ssl_conf_groups() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 09:43:18 +01:00
Valerio Setti	0c8b25a684	library: ssl: add public function to retrieve the list of supported groups Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2026-01-22 09:43:17 +01:00
Gilles Peskine	5ed5aeb4d9	Merge pull request #10569 from gilles-peskine-arm/mldsa-pqcp-add-driver-mbedtls CMake: Declare pqcp driver to mbedtls	2026-01-21 12:49:34 +00:00
David Horstmann	7294fc1c1a	Merge pull request #10567 from yanesca/add_clarifications_4.x Add miscellaneous clarifications	2026-01-20 16:38:53 +00:00
Gilles Peskine	abf6c3a9fb	CMake: Declare pqcp driver to mbedtls Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-01-20 12:27:43 +01:00
Janos Follath	2b9f62a1be	programs/README.md clarify security remark Signed-off-by: Janos Follath <janos.follath@arm.com>	2026-01-20 10:39:40 +00:00
Janos Follath	a852e72746	SECURITY.md: make x509 data section more readable Signed-off-by: Janos Follath <janos.follath@arm.com>	2026-01-20 10:38:16 +00:00
Janos Follath	7a9eceb53c	Clarify purpose and suitability of sample programs Signed-off-by: Janos Follath <janos.follath@arm.com>	2026-01-19 14:46:44 +00:00

1 2 3 4 5 ...

34266 Commits