TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 11:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,327 Commits 177 Branches 276 Tags
cb0b594a9dedcc570fdabdd44d2a634048ccbc48
Commit Graph

1367 Commits

Author SHA1 Message Date
Ronald Cron
cb0b594a9d Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure 
Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure
 2026-03-17 10:36:38 +00:00
David Horstmann
c6e1d67b1b ssl-opt.sh: Check for cert verify skipped 
Check that the message "! Certificate verification was skipped" is
present in the output when auth_mode=none. This indicates that the
certificate verify flag MBEDTLS_X509_BADCERT_SKIP_VERIFY was
correctly set.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2026-03-11 10:36:11 +00:00
Ronald Cron
814f5da61a ssl-opt.sh: Use more diverse MTUs 
Do not use only power of 2 MTUs.
Use diverse MTUs in DTLS reassembly/
fragmenting/proxy tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
3ddc63d74e ssl-opt.sh: DTLS reassembly: Improve max_content_len requirements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
e436f74576 ssl-opt.sh: Fix/improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
6e270c0465 ssl-opt.sh: Add tests with CH fragmented with DTLS in default config 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
c1cbfdd072 ssl-opt.sh: Add interop test of DTLS defragmentation on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
fa5e75d6f6 ssl-opt.sh: Relax deps of handshake defrag tests 
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.

TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
73be048c8a ssl-opt.sh: Revert leftover debug level increase 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
4f0741498c ssl_msg.c: Improve handshake message fragmenting message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
b952ba09d6 ssl-opt.sh: Improve DTLS proxy 3d tests 
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
addf640a3b ssl-opt.sh: Improve DTLS reassembly tests 
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
cad9c8ae71 ssl-opt.sh: Remove DTLS reassembly redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
8f0240c350 ssl-opt.sh: Remove CH reassembly unsupported test 
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ronald Cron
7fe38dd934 ssl_msg.c: Improve HS message reassembly completed message 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-18 14:21:48 +01:00
Ben Taylor
f77d749127 Further updates to ssl-opt tests as wrapped keys now expose the underlying type 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
98e958c91e Update ssl-opt tests as wrapped keys now expose the underlying type 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
81deeb8a5a Update ssl-opt to remove Opaque key types 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
485d4c1343 reverting last commit as the tests cause failures 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
26cdf6ee2b Re-adding tests for ECDH 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
df3e595536 Re-instate test for correctness of sent single supported algorithm 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
8371674048 re-add TLS_VERSION derivation 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
7b14d8228e Reverting TLS_VERSION derivation improvement, as it appear to be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
6f0eb79111 Use get_tls_version to determine TLS_VERSION instead of statically assigning it 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
b191c02f6b Correct style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
e16798ec67 Re-add reference to PSA_WANT_ALG_ECDH as this will be mantained 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
0fe02bb1bf Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is no longer used 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
a1914ef453 further removals of ssh tests from ssl-opt 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
5802394451 Remove further ECDH testd from ssl-opt.sh 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
0a7c5588db Remove further ECDH tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
dbf3977107 Remove tests from ssl-opt.sh that are depedendent the removed ECDH algorithm's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
39280a4110 Remove ECDH from ssl-opt 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ronald Cron
5df9d9d53e ssl-opt.sh: Fix dependency on ECDSA 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-08 15:40:12 +02:00
Ronald Cron
8fc000ec2c ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency adjustment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-08-25 15:19:59 +02:00
Minos Galanakis
a1e867981b ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-08-21 15:57:00 +01:00
Valerio Setti
d0d0791aed remove usage of secp192[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Valerio Setti
70a4a31cb5 remove secp224[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Ben Taylor
c454b5b658 Fix rebase failure 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
8519c3e0ba corrected copy paste error for MBEDTLS_USE_PSA_CRYPTO enabled/disabled 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
6164e92d3b Restore comment in ssl-opt.sh as it is still relevent 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
07687266b9 restoring test comment that refer to USE_PSA 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
39a68bf347 removed additional references to USE_PSA in tests and comments 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
9020426b14 remove MBEDTLS_USE_PSA_CRYPTO from tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ronald Cron
fbd5157989 ssl-opt.sh: Replace MBEDTLS_ECP_DP_* dependencies 
In preparation of the removal of MBEDTLS_ECP_DP_*
configuration options, replace them by their
PSA_WANT_ECC_* equivalent in dependencies.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-11 17:59:29 +02:00
Ronald Cron
68ba7f7ab7 ssl-opt.sh: Replace MBEDTLS_RSA_C dependencies 
In preparation of the removal of MBEDTLS_RSA_C,
replace MBEDTLS_RSA_C by its PSA_WANT_ closest
equivalent PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
in dependencies.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-11 17:59:29 +02:00
Ronald Cron
bd28acf240 ssl-opt.sh: Remove dependencies on built-in CBC and AES 
Remove dependencies on MBEDTLS_CIPHER_MODE_CBC and
MBEDTLS_AES_C, as these options will no longer be
available once they are removed from the configuration.

The affected tests rely on the built-in CBC and AES
implementations. With the removal of
MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C as
configuration options, there is no longer a mechanism
in ssl-opt.sh to express these dependencies.

As a result, filter out these tests at the all.sh
component level when the built-in CBC and AES
implementations are not available.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-11 17:59:16 +02:00
Ari Weiler-Ofek
6ee4d9220e Fixed the same typo in ssl-opt.sh 
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
 2025-06-11 17:40:42 +01:00
Felix Conway
e0ce40bc8f Change hardcoded error values in ssl-opt to take in the PSA error alias 
ssl-opt checks for specific error code values in the output, but as
MBEDTLS_ERR_ECP_IN_PROGRESS is becoming an alias of PSA_OPERATION_INCOMPLETE
then this hardcoded value will change.

Therefore allow the result to be either the old mbedtls error, or the new PSA
error, as not to break the CI.

Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-05-19 16:22:05 +01:00
David Horstmann
232da48471 Merge pull request #9421 from mfil/feature/implement_tls_exporter 
Implement TLS-Exporter
 2025-04-17 14:47:13 +00:00