ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-10-21 06:21:07 +08:00
Code Issues Releases Wiki Activity
33,927 Commits 176 Branches 276 Tags
release/mbedtls4.0.0-documentation
Commit Graph

6686 Commits

Author SHA1 Message Date
Ronald Cron
b91117c32f Merge pull request #10402 from ronald-cron-arm/remove-legacy-crypto-options 
Remove legacy crypto options
 2025-09-17 18:46:05 +00:00
Valerio Setti
e2aed3a6df tests: revert changes to test_suite_ssl.data 
Revert changes previously done at following test cases:
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
91c0945def tests: fix alg and usage for some ECDHE-ECDSA opaque key tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Ronald Cron
3c6bbddfd4 Cleanup following the removal of MBEDTLS_ECDSA_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
0dd31fe523 Introduce MBEDTLS_SSL_NULL_CIPHERSUITES 
The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Gilles Peskine
fda51526b5 Merge pull request #10363 from felixc-arm/error-codes-prereq 
[1/3] Unify generic error codes (partial prerequisite)
 2025-08-29 11:04:53 +00:00
Anton Matkin
7a65ce6737 Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:40 +02:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
Felix Conway
07eb02889e Remove a redundant error test case and improve another 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-28 17:38:13 +01:00
Felix Conway
8616ee762d Change values for error tests 
Previously these tests used values that will become PSA aliases,
and so the tests will fail once they're changed.

Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-18 11:32:58 +01:00
Bence Szépkúti
b2ba9fa68b Simplify runtime version info string methods 
Return a const char* instead of taking a char* as an argument.

This aligns us with the interface used in TF PSA Crypto.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-08-18 11:39:45 +02:00
Anton Matkin
6eb5335ef0 Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-12 13:50:48 +02:00
Anton Matkin
1b70084bd9 TF-PSA-Crypto submodule link fixup 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-12 13:50:45 +02:00
Gilles Peskine
627d653863 Merge pull request #10282 from bjwtaylor/switch-to-mbedtls_pk_sigalg_t 
Switch to mbedtls pk sigalg t
 2025-08-07 11:06:31 +00:00
Ben Taylor
8b3b7e5cac Update further type mismatches 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
6816fd781e Adjust for change in mbedtls_pk_verify_new function prototype 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
1c118a564d reverted enum in pk_verify_new 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
adf5d537b2 Fix code style 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
d95ea27e8c Create new enum mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Valerio Setti
80a623089d tests: ssl: allow more groups in conf_group() 
Previously 3 different groups were allowed, but since the removal of
secp192r1 and secp224r1 only secp256r1 was left. This commit adds
other 2 options.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 11:38:45 +02:00
Valerio Setti
d0d0791aed remove usage of secp192[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Valerio Setti
70a4a31cb5 remove secp224[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Ben Taylor
4df61d408d fix style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
dbea0a9cc5 Remove additional unused no rng case 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
1e2e2ea36d Added back crypto treatment of certs as the keyfile is now passed in and the previous rng issue should no longer be relevent 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
98ecfdb440 corrected code style 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Ben Taylor
9020426b14 remove MBEDTLS_USE_PSA_CRYPTO from tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-30 07:55:14 +01:00
Valerio Setti
cd1b7ffa70 tests: x509write: replace MBEDTLS_ECDSA_DETERMINISTIC with PSA_WANT one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-07-29 10:40:12 +02:00
Ben Taylor
361ce2b484 Rename mbedtls_pk_setup_opaque to mbedtls_pk_wrap_psa 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-24 08:25:28 +01:00
Ben Taylor
5be8511151 Fix too many arguments in mbedtls_pk_verify_new 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-21 07:53:15 +01:00
Ben Taylor
0c787e3de8 Remove additional calls to mbedtls_pk_verify_ext 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-21 07:53:15 +01:00
Ben Taylor
c801d3293e include private pk.h internally 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-17 15:18:53 +01:00
Minos Galanakis
83bef5b66a Merge tag 'mbedtls-4.0.0-beta' into mbedtls-4.0.0-beta-mergeback 
Mbed TLS 4.0.0-beta
 2025-07-07 17:40:18 +03:00
Manuel Pégourié-Gonnard
921331867d Merge pull request #10197 from gilles-peskine-arm/ssl_helpers-split_perform_handshake-dev 
Break down mbedtls_test_ssl_perform_handshake
 2025-06-30 09:39:29 +00:00
Gilles Peskine
0038408f55 Properly initialize SSL endpoint objects 
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.

Use a more systematic style for initializing the stack object as soon as
it's declared.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-27 11:12:55 +01:00
Gilles Peskine
042ee3b318 Fix accidentally skipped test assertion 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-27 11:12:55 +01:00
Minos Galanakis
ed87da7ad7 Merge remote-tracking branch 'restricted/development-restricted' into future_rc 
As set by process the tf-psa-crypto submodule is set
to point to tf-psa-crypto-release-sync input.
 2025-06-27 10:50:33 +01:00
Gilles Peskine
f68f45c827 Merge pull request #10213 from valeriosetti/issue298-development 
[development] PK: try storing all private RSA keys in PSA (2/3)
 2025-06-25 15:23:27 +00:00
Valerio Setti
27eb0141b9 tests: suite_x509parse: rename variable in x509parse_crt() 
- rename result_ext to result_back_comp
- add a comment to describe its purpose

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-25 10:25:02 +02:00
Valerio Setti
210b61111b tests: suite_x509parse: fix indentation in x509parse_crt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-25 10:25:02 +02:00
Valerio Setti
2747ac1e70 tests: x509parse: fix RSA key in DER certificates 
The previous key was not correct so it could not be imported into PSA
for validation inside the PK module.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-25 10:25:02 +02:00
Valerio Setti
11345e9de3 tests: x509parse: fix return values for invalid RSA keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-25 10:25:02 +02:00
Gilles Peskine
760608d47b Properly initialize SSL endpoint objects 
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.

Use a more systematic style for initializing the stack object as soon as
it's declared.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-24 18:42:04 +02:00
Gilles Peskine
b836d46870 Fix accidentally skipped test assertion 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-24 18:42:04 +02:00
Felix Conway
5b84ae14e9 Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING 
This macro applies __attribute__((nonstring)) when using a compiler that supports it

Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-20 11:48:16 +01:00
Felix Conway
79b513894a Add __attribute__ ((nonstring)) to remove unterminated-string-initialization warning 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-20 11:48:16 +01:00
Manuel Pégourié-Gonnard
f5a63d1456 Fix invalid test data by aligning with 3.6 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-06-12 09:42:03 +02:00
Manuel Pégourié-Gonnard
d2262f2304 Uncomment tests now that crypto is fixed 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-06-12 09:42:03 +02:00
Valerio Setti
a81d6dfb05 tests|programs: remove usage of mbedtls_ecp_set_max_ops() 
PK restartable operations are now implemented using PSA interruptible
ones, so mbedtls_ecp_set_max_ops() can be removed in favor of
psa_interruptible_set_max_ops().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-12 06:39:18 +02:00