TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-09 03:04:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,244 Commits 179 Branches 280 Tags
c1cbfdd0722e257e1abb820d0e9adc775760d3cb
Commit Graph

34244 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
c1cbfdd072 ssl-opt.sh: Add interop test of DTLS defragmentation on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
d718a35a1f ssl_msg.c: Remove some now unnecessary code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
0db3a49330 ssl_tls12_server.c: parse_client_hello: Remove remaining record level code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
00160b910a ssl_tls12_server.c: Move ClientHello record sequence_number init 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
943c1071bb ssl_tls12_server.c: Move ClientHello message_seq adjustment 
Move ClientHello message_seq adjustment to the record layer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
a50110be71 ssl_tls12_server.c: Use mbedtls_ssl_read_record() only to read the ClientHello 
In ssl_tls12_server.c:ssl_parse_client_hello(), remove
the code that directly reads the received data to read
the record expected to contain the ClientHello message.

The function already supported handling a ClientHello
read via mbedtls_ssl_read_record() in the following
cases:
- when the ClientHello was read as a post-handshake
  message (renegotiation).
- when the ClientHello was read by
  ssl_tls13_process_client_hello() during TLS 1.3 or
  TLS 1.2 version negotiation.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
516e74ca5c ssl_tls12_server.c: Document replay check and update in ssl_parse_client_hello() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
2e9b9681e6 ssl_server2.c: DTLS: Attempt to read the response to the close notification 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
fa5e75d6f6 ssl-opt.sh: Relax deps of handshake defrag tests 
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.

TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
39813964ef ssl_tls.c: Allow client hello fragmentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Valerio Setti
b41c8f6e04 Merge pull request #10608 from bjwtaylor/DriverVsReference_removal 
Remove DriverVsReference tasks from analyze_outcomes.py
 2026-02-23 09:01:25 +00:00
Bence Szépkúti
bbf8bbbdb6 Merge pull request #10575 from ronald-cron-arm/dtls-client-hello-defragmentation-prep 
Some preparatory work for DTLS client hello defragmentation
 2026-02-22 23:30:39 +00:00
Ben Taylor
d507b46684 Remove DriverVsReference tasks from analyze_outcomes.py 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-02-20 15:08:33 +00:00
Valerio Setti
3b4984243f Merge pull request #10595 from valeriosetti/fix-tls12-sha-guards 
library: check_config: fix required hash algorithms for TLS 1.2
 2026-02-20 09:14:13 +00:00
Ronald Cron
73be048c8a ssl-opt.sh: Revert leftover debug level increase 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
076ddc3ac7 tests: cmake: Fix dependency on generate_tls_handshake_tests.py 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
4f0741498c ssl_msg.c: Improve handshake message fragmenting message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
b952ba09d6 ssl-opt.sh: Improve DTLS proxy 3d tests 
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
addf640a3b ssl-opt.sh: Improve DTLS reassembly tests 
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
cad9c8ae71 ssl-opt.sh: Remove DTLS reassembly redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
8f0240c350 ssl-opt.sh: Remove CH reassembly unsupported test 
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
7fe38dd934 ssl_msg.c: Improve HS message reassembly completed message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
86b7df5591 ssl_tls.c: Rename and expand ssl_tls13_get_hs_msg_name 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
8ab14401d7 ssl_server2.c: Flush stdout to improve logs timeliness 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 13:02:26 +01:00
Ronald Cron
1b5a0b1877 Add branch specific generate_tls_handshake_tests.py file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 13:02:26 +01:00
Ronald Cron
57b29c2fe5 Introduce branch specific make_generated_files.py 
Introduce branch specific make_generated_files.py
and use it in the development branch.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 13:02:26 +01:00
Ronald Cron
29eb988669 Update framework pointer 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 13:02:24 +01:00
David Horstmann
3f2a8b0ad3 Merge pull request #10601 from davidhorstmann-arm/fix-missing-type-conversion-tls-exporter 
Fix missing type conversion in the TLS-Exporter
 2026-02-17 18:31:01 +00:00
Valerio Setti
4398e83f29 Merge pull request #10600 from gilles-peskine-arm/update-submodules-20260216 
Update submodules
 2026-02-17 11:59:40 +00:00
David Horstmann
059fe77e4b Fix missing type conversion in the TLS-Exporter 
In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on
an mbedtls_md_type_t when it should be called on a psa_algorithm_t.

Fortunately, these two types have almost the same values, since we have
previously aligned them to make conversion more efficient. As a result,
PSA_HASH_LENGTH() produces exactly the same value when called on an
mbedtls_md_type_t as with the equivalent psa_algorithm_t.

Thanks to this happy coincidence, fix a largely cosmetic issue (rather
than a major functional bug).

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-02-16 16:59:20 +00:00
David Horstmann
bac74a050c Merge pull request #10593 from gilles-peskine-arm/bump-version-202602-4.0 
Minor improvements to bump_version.sh
 2026-02-16 16:50:16 +00:00
Gilles Peskine
26e1a7c5c8 Update framework with XOF support in psasim 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-16 16:49:26 +01:00
Gilles Peskine
24c80cc536 Update tf-psa-crypto with mldsa-native 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-16 16:49:11 +01:00
Gilles Peskine
4602f36a93 Merge pull request #10596 from gilles-peskine-arm/check_committed_generated_files-mbedtls-actually_check_mbedtls 
Actually check committed generated files
 2026-02-12 15:11:38 +00:00
Valerio Setti
384a16746f library: check_config: remove redundant check on hash algorithms for TLS 1.2 
TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not
correct. The correct version is already available few lines below in the
same header file.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-02-12 14:12:30 +01:00
Gilles Peskine
d3a8582606 Actually check committed generated files 
We were accidentally running the check in TF-PSA-Crypto instead of in Mbed TLS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-12 13:16:18 +01:00
Gilles Peskine
05d8c71202 Don't treat --help as an error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-10 14:52:21 +01:00
Gilles Peskine
4cce03530a Remove unused variable 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2026-02-10 14:52:16 +01:00
Valerio Setti
2a72766d75 Merge pull request #10570 from valeriosetti/issue10349 
mbedtls 4.x does not expose mbedtls_ecp_curve_list()
 2026-02-03 11:01:11 +00:00
Valerio Setti
318e4314df changelog: add notes about helpers added to get list of known/supported TLS groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-02-02 13:38:03 +01:00
Valerio Setti
c3f585b8ee tests: ssl: fix typo in comment in test_mbedtls_ssl_get_supported_group_list 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-30 22:02:08 +01:00
Manuel Pégourié-Gonnard
75eec4b477 Merge pull request #10577 from h1wind/patch-1 
fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl".
 2026-01-29 10:30:18 +00:00
hi
4987340d24 fix code style in ssl_msg.c and add signoff 
Signed-off-by: hi <hi@nosec.me>
 2026-01-29 14:14:02 +08:00
hi
d823908335 fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl". 
Signed-off-by: hi <hi@nosec.me>
 2026-01-29 14:14:02 +08:00
Gilles Peskine
068ef9cbe0 Merge pull request #10511 from minosgalanakis/rework/move-psasim 
Rework/move psasim
 2026-01-28 18:05:59 +00:00
David Horstmann
d0bff58379 Merge pull request #10514 from ng-gsmk/development 
mbedtls_ssl_get_alert(): getter for fatal alerts
 2026-01-28 16:49:09 +00:00
Minos Galanakis
7663b9c727 Updated framework pointer 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-28 16:34:54 +00:00
Valerio Setti
476a2edea7 library: extend mbedtls_ssl_iana_tls_group_info_t structure 
Add new field that tells if the corresponding group is supported or not
in the current build.

Test function "test_mbedtls_ssl_get_supported_group_list" is extended
to verify this new feature.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-28 10:52:07 +01:00
Valerio Setti
9b49d5dbde library: ssl: fix documentation of IANA TLS group info 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-27 17:56:34 +01:00
Minos Galanakis
1c2b690389 Test Makefiles: Updated location of psasim 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2026-01-27 12:07:05 +00:00