TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-19 10:21:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,433 Commits 179 Branches 280 Tags
bb5cfbbdec43242901fe8a9d74291ed3300a622c
Commit Graph

1373 Commits

Author SHA1 Message Date
Minos Galanakis
308e7fb232 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.1.0.rc3 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-03-26 22:18:31 +00:00
Ronald Cron
7a8fbc2100 Remove debug leftover 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
1141cd0fb6 Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
fbe388dc28 ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests 
In DTLS reassembly tests, the server may receive a close_notify alert at the
end of a test. In this case, the Mbed TLS server logs an error, so these tests
should not check for the absence of the string "error" in the server logs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:24 +01:00
Ronald Cron
f285018fa3 Disable "DTLS proxy: 3d, (openssl|gnutls) client, fragmentation" tests 
The tests fail intermittently on the CI with a frequency that
significantly impacts CI throughput.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:45:22 +01:00
Ronald Cron
16c5dd99b3 Introduce ssl_buffering_shift_slots 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-25 08:44:16 +01:00
Ronald Cron
cb0b594a9d Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure 
Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure
 2026-03-17 10:36:38 +00:00
David Horstmann
c6e1d67b1b ssl-opt.sh: Check for cert verify skipped 
Check that the message "! Certificate verification was skipped" is
present in the output when auth_mode=none. This indicates that the
certificate verify flag MBEDTLS_X509_BADCERT_SKIP_VERIFY was
correctly set.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-03-11 10:36:11 +00:00
Ronald Cron
814f5da61a ssl-opt.sh: Use more diverse MTUs 
Do not use only power of 2 MTUs.
Use diverse MTUs in DTLS reassembly/
fragmenting/proxy tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
3ddc63d74e ssl-opt.sh: DTLS reassembly: Improve max_content_len requirements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
e436f74576 ssl-opt.sh: Fix/improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
6e270c0465 ssl-opt.sh: Add tests with CH fragmented with DTLS in default config 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
c1cbfdd072 ssl-opt.sh: Add interop test of DTLS defragmentation on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
fa5e75d6f6 ssl-opt.sh: Relax deps of handshake defrag tests 
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.

TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
73be048c8a ssl-opt.sh: Revert leftover debug level increase 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
4f0741498c ssl_msg.c: Improve handshake message fragmenting message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
b952ba09d6 ssl-opt.sh: Improve DTLS proxy 3d tests 
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
addf640a3b ssl-opt.sh: Improve DTLS reassembly tests 
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
cad9c8ae71 ssl-opt.sh: Remove DTLS reassembly redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
8f0240c350 ssl-opt.sh: Remove CH reassembly unsupported test 
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
7fe38dd934 ssl_msg.c: Improve HS message reassembly completed message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ben Taylor
f77d749127 Further updates to ssl-opt tests as wrapped keys now expose the underlying type 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
98e958c91e Update ssl-opt tests as wrapped keys now expose the underlying type 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
81deeb8a5a Update ssl-opt to remove Opaque key types 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
485d4c1343 reverting last commit as the tests cause failures 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
26cdf6ee2b Re-adding tests for ECDH 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
df3e595536 Re-instate test for correctness of sent single supported algorithm 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
8371674048 re-add TLS_VERSION derivation 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
7b14d8228e Reverting TLS_VERSION derivation improvement, as it appear to be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
6f0eb79111 Use get_tls_version to determine TLS_VERSION instead of statically assigning it 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
b191c02f6b Correct style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
e16798ec67 Re-add reference to PSA_WANT_ALG_ECDH as this will be mantained 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
0fe02bb1bf Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is no longer used 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
a1914ef453 further removals of ssh tests from ssl-opt 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
5802394451 Remove further ECDH testd from ssl-opt.sh 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
0a7c5588db Remove further ECDH tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
dbf3977107 Remove tests from ssl-opt.sh that are depedendent the removed ECDH algorithm's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
39280a4110 Remove ECDH from ssl-opt 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ronald Cron
5df9d9d53e ssl-opt.sh: Fix dependency on ECDSA 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-08 15:40:12 +02:00
Ronald Cron
8fc000ec2c ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency adjustment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-08-25 15:19:59 +02:00
Minos Galanakis
a1e867981b ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-08-21 15:57:00 +01:00
Valerio Setti
d0d0791aed remove usage of secp192[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Valerio Setti
70a4a31cb5 remove secp224[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Ben Taylor
c454b5b658 Fix rebase failure 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
8519c3e0ba corrected copy paste error for MBEDTLS_USE_PSA_CRYPTO enabled/disabled 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
6164e92d3b Restore comment in ssl-opt.sh as it is still relevent 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
07687266b9 restoring test comment that refer to USE_PSA 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
39a68bf347 removed additional references to USE_PSA in tests and comments 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
9020426b14 remove MBEDTLS_USE_PSA_CRYPTO from tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00