Minos Galanakis
308e7fb232
Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2026-03-26 22:18:31 +00:00
Ronald Cron
7a8fbc2100
Remove debug leftover
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-03-25 08:45:24 +01:00
Ronald Cron
1141cd0fb6
Improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-03-25 08:45:24 +01:00
Ronald Cron
fbe388dc28
ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests
...
In DTLS reassembly tests, the server may receive a close_notify alert at the
end of a test. In this case, the Mbed TLS server logs an error, so these tests
should not check for the absence of the string "error" in the server logs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-03-25 08:45:24 +01:00
Ronald Cron
f285018fa3
Disable "DTLS proxy: 3d, (openssl|gnutls) client, fragmentation" tests
...
The tests fail intermittently on the CI with a frequency that
significantly impacts CI throughput.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-03-25 08:45:22 +01:00
Ronald Cron
16c5dd99b3
Introduce ssl_buffering_shift_slots
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-03-25 08:44:16 +01:00
Ronald Cron
cb0b594a9d
Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure
...
Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure
2026-03-17 10:36:38 +00:00
David Horstmann
c6e1d67b1b
ssl-opt.sh: Check for cert verify skipped
...
Check that the message "! Certificate verification was skipped" is
present in the output when auth_mode=none. This indicates that the
certificate verify flag MBEDTLS_X509_BADCERT_SKIP_VERIFY was
correctly set.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2026-03-11 10:36:11 +00:00
Ronald Cron
814f5da61a
ssl-opt.sh: Use more diverse MTUs
...
Do not use only power of 2 MTUs.
Use diverse MTUs in DTLS reassembly/
fragmenting/proxy tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-23 12:12:36 +01:00
Ronald Cron
3ddc63d74e
ssl-opt.sh: DTLS reassembly: Improve max_content_len requirements
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-23 12:12:36 +01:00
Ronald Cron
e436f74576
ssl-opt.sh: Fix/improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-23 12:12:36 +01:00
Ronald Cron
6e270c0465
ssl-opt.sh: Add tests with CH fragmented with DTLS in default config
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-23 12:12:36 +01:00
Ronald Cron
c1cbfdd072
ssl-opt.sh: Add interop test of DTLS defragmentation on server side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-23 12:12:36 +01:00
Ronald Cron
fa5e75d6f6
ssl-opt.sh: Relax deps of handshake defrag tests
...
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.
TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-23 12:12:36 +01:00
Ronald Cron
73be048c8a
ssl-opt.sh: Revert leftover debug level increase
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-18 14:21:48 +01:00
Ronald Cron
4f0741498c
ssl_msg.c: Improve handshake message fragmenting message
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-18 14:21:48 +01:00
Ronald Cron
b952ba09d6
ssl-opt.sh: Improve DTLS proxy 3d tests
...
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-18 14:21:48 +01:00
Ronald Cron
addf640a3b
ssl-opt.sh: Improve DTLS reassembly tests
...
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-18 14:21:48 +01:00
Ronald Cron
cad9c8ae71
ssl-opt.sh: Remove DTLS reassembly redundant test
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-18 14:21:48 +01:00
Ronald Cron
8f0240c350
ssl-opt.sh: Remove CH reassembly unsupported test
...
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-18 14:21:48 +01:00
Ronald Cron
7fe38dd934
ssl_msg.c: Improve HS message reassembly completed message
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-02-18 14:21:48 +01:00
Ben Taylor
f77d749127
Further updates to ssl-opt tests as wrapped keys now expose the underlying type
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2026-01-12 08:19:07 +00:00
Ben Taylor
98e958c91e
Update ssl-opt tests as wrapped keys now expose the underlying type
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2026-01-12 08:19:07 +00:00
Ben Taylor
81deeb8a5a
Update ssl-opt to remove Opaque key types
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2026-01-12 08:19:07 +00:00
Ben Taylor
485d4c1343
reverting last commit as the tests cause failures
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
26cdf6ee2b
Re-adding tests for ECDH
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
df3e595536
Re-instate test for correctness of sent single supported algorithm
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
8371674048
re-add TLS_VERSION derivation
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
7b14d8228e
Reverting TLS_VERSION derivation improvement, as it appear to be causing issues
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
6f0eb79111
Use get_tls_version to determine TLS_VERSION instead of statically assigning it
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
b191c02f6b
Correct style issues
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
e16798ec67
Re-add reference to PSA_WANT_ALG_ECDH as this will be mantained
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
0fe02bb1bf
Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is no longer used
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
a1914ef453
further removals of ssh tests from ssl-opt
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
5802394451
Remove further ECDH testd from ssl-opt.sh
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
0a7c5588db
Remove further ECDH tests
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
dbf3977107
Remove tests from ssl-opt.sh that are depedendent the removed ECDH algorithm's
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
39280a4110
Remove ECDH from ssl-opt
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812
Remove support for static ECDH cipher suites
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-11 13:22:40 +01:00
Ronald Cron
5df9d9d53e
ssl-opt.sh: Fix dependency on ECDSA
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-08 15:40:12 +02:00
Ronald Cron
8fc000ec2c
ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency adjustment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-08-25 15:19:59 +02:00
Minos Galanakis
a1e867981b
ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-08-21 15:57:00 +01:00
Valerio Setti
d0d0791aed
remove usage of secp192[k|r]1 curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-08-06 09:15:35 +02:00
Valerio Setti
70a4a31cb5
remove secp224[k|r]1 curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-08-06 09:15:35 +02:00
Ben Taylor
c454b5b658
Fix rebase failure
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-07-30 07:55:14 +01:00
Ben Taylor
8519c3e0ba
corrected copy paste error for MBEDTLS_USE_PSA_CRYPTO enabled/disabled
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-07-30 07:55:14 +01:00
Ben Taylor
6164e92d3b
Restore comment in ssl-opt.sh as it is still relevent
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-07-30 07:55:14 +01:00
Ben Taylor
07687266b9
restoring test comment that refer to USE_PSA
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-07-30 07:55:14 +01:00
Ben Taylor
39a68bf347
removed additional references to USE_PSA in tests and comments
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-07-30 07:55:14 +01:00
Ben Taylor
9020426b14
remove MBEDTLS_USE_PSA_CRYPTO from tests
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-07-30 07:55:14 +01:00