8ebca51516
Merge pull request #275 from gilles-peskine-arm/mldsa-pqcp-add-driver-framework-return-of-the-psasim
...
psasim: Read include paths from the TF-PSA-Crypto makefile
2026-01-29 12:39:49 +01:00
75eec4b477
Merge pull request #10577 from h1wind/patch-1
...
fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl".
2026-01-29 10:30:18 +00:00
4987340d24
fix code style in ssl_msg.c and add signoff
...
Signed-off-by: hi <hi@nosec.me >
2026-01-29 14:14:02 +08:00
d823908335
fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl".
...
Signed-off-by: hi <hi@nosec.me >
2026-01-29 14:14:02 +08:00
068ef9cbe0
Merge pull request #10511 from minosgalanakis/rework/move-psasim
...
Rework/move psasim
2026-01-28 18:05:59 +00:00
d0bff58379
Merge pull request #10514 from ng-gsmk/development
...
mbedtls_ssl_get_alert(): getter for fatal alerts
2026-01-28 16:49:09 +00:00
7663b9c727
Updated framework pointer
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2026-01-28 16:34:54 +00:00
476a2edea7
library: extend mbedtls_ssl_iana_tls_group_info_t structure
...
Add new field that tells if the corresponding group is supported or not
in the current build.
Test function "test_mbedtls_ssl_get_supported_group_list" is extended
to verify this new feature.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-28 10:52:07 +01:00
c5c6dda693
Read include paths from the TF-PSA-Crypto makefile
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2026-01-27 18:25:25 +01:00
9b49d5dbde
library: ssl: fix documentation of IANA TLS group info
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-27 17:56:34 +01:00
1c2b690389
Test Makefiles: Updated location of psasim
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2026-01-27 12:07:05 +00:00
097e57874f
Moved tests/psa-client-server to framework.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2026-01-27 12:07:05 +00:00
d658f3d41e
tests: ssl: skip testing of MBEDTLS_SSL_IANA_TLS_GROUP_NONE
...
This is already indirectly checked in 'test_mbedtls_tls_id_group_name_table'
because it's the last item of the list.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-27 12:26:21 +01:00
cc53b069d9
Improve changelog for alert getter
...
Integrate suggestions by @ronald-cron-arm for changelog for alert
getter.
Signed-off-by: Nico Geyso <ng@gsmk.de >
2026-01-27 10:48:55 +01:00
4f1e4fba80
library: ssl: make the list of "TLS ID" <-> "group name" public when possible
...
This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate
the library size.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-27 00:51:35 +01:00
bb4f584876
tests: ssl: improve test_mbedtls_tls_id_group_name_table()
...
Check provided group_name also against the value returned from
mbedtls_ssl_get_curve_name_from_tls_id().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-27 00:44:56 +01:00
fb317afa9f
library: ssl: rework macro to define known TLS ID <-> group name list
...
- let the macro be an initializer for the array of known TLS IDs, not
a variable declarator;
- last item's group name is NULL, not an empty string
- change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to
MBEDTLS_SSL_IANA_TLS_GROUPS_INFO
- define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to
hold each element of the table and that can be used the go over the
list from user code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-27 00:36:17 +01:00
042e954d7d
make_generated_files.py: Split data from code
...
Initial work to eventually have the list of
scripts that generate files in the branches
that consume the framework.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-01-26 15:54:59 +01:00
c678de61dc
tls_handshake_tests.py: Fix expected server log
...
The TLS 1.2 ClientHello function does not return
at the end in case of parsing error. Thus adapt
the server expected log in case of too small
fragments.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-01-26 15:53:19 +01:00
8a3bcb1434
Fix coding style conventions for mbedtls_ssl_context
...
Signed-off-by: Nico Geyso <ng@gsmk.de >
2026-01-26 15:38:50 +01:00
6afd8367b9
remove whitespace in mbedtls_ssl_session_msg_layer
...
to comply with coding style, remove blank new line for alert reset
Signed-off-by: Nico Geyso <ng@gsmk.de >
2026-01-26 13:22:44 +01:00
4f83ebedd1
Fix outstanding code review issues
...
- adjust function name to mbedtls_ssl_get_fatal_alert
- fix missing property name changes for mbedtls_ssl_context
Signed-off-by: Nico Geyso <ng@gsmk.de >
2026-01-26 13:15:07 +01:00
15c68993cb
Apply suggestions from code review
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: ng-gsmk <ng@gsmk.de >
2026-01-26 13:07:26 +01:00
c87adb64f2
tests: ssl: add test for TLS-ID <-> curve-name table
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-26 11:09:20 +01:00
7ca3c602b7
library: ssl: add macro for allocating a TLS-ID <-> group-name table
...
Being a macro allow the table to be instatiated only when/if necessary
by the consuming code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-26 10:48:01 +01:00
650159869a
tls_handshake_tests.py: Add no-tls12-client-hello-defragmentation-support arg
...
Add a no-tls12-client-hello-defragmentation-support
argument to specify if TLS 1.2 Client Hello
defragmentation is fully supported or not.
This is temporary while the support is being added
in Mbed TLS development and 3.6 branches.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-01-23 21:02:16 +01:00
5639bf9a69
Make generate_tls_handshake_tests.py a module
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2026-01-23 20:17:13 +01:00
421f7a29f7
Merge pull request #238 from minosgalanakis/rework/move-psasim
...
Move psasim into framework
2026-01-23 15:23:09 +00:00
2aecd2cd5f
library|tests: ssl: remove secp256k1 from default groups
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 17:13:44 +01:00
6c5a9f04df
library: ssl: improve/fix documentation of group related functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 17:04:46 +01:00
46a5f309d6
Merge pull request #10571 from mpg/fix-not-grep-2
...
Fix more paths for "not grep"
2026-01-22 12:52:42 +00:00
8686ad1a9e
tests: ssl: add testing for mbedtls_ssl_get_supported_group_list()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 10:33:44 +01:00
499e3d13f7
Fix more paths for "not grep"
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2026-01-22 10:23:03 +01:00
335b1b6089
library: ssl: add missing secp256k1 to ssl_preset_default_groups
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 09:43:46 +01:00
67f30df5a1
library: ssl: use correct PSA_WANT for DH groups in ssl_preset_default_groups
...
Use proper PSA_WANT_DH_RFC7919_xxx instead of PSA_WANT_ALG_FFDH.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 09:43:46 +01:00
2707100ab7
library: ssl: move location of ssl_preset_default_groups()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 09:43:45 +01:00
1ab51732e2
library: ssl: improve documentation of mbedtls_ssl_conf_groups()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 09:43:18 +01:00
0c8b25a684
library: ssl: add public function to retrieve the list of supported groups
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2026-01-22 09:43:17 +01:00
5ed5aeb4d9
Merge pull request #10569 from gilles-peskine-arm/mldsa-pqcp-add-driver-mbedtls
...
CMake: Declare pqcp driver to mbedtls
2026-01-21 12:49:34 +00:00
b4d205efc4
Merge pull request #273 from gilles-peskine-arm/mldsa-pqcp-add-driver-framework-the-split-strikes-back
...
Framework support for the pqcp driver, again
2026-01-21 13:49:24 +01:00
7294fc1c1a
Merge pull request #10567 from yanesca/add_clarifications_4.x
...
Add miscellaneous clarifications
2026-01-20 16:38:53 +00:00
abf6c3a9fb
CMake: Declare pqcp driver to mbedtls
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2026-01-20 12:27:43 +01:00
2b9f62a1be
programs/README.md clarify security remark
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2026-01-20 10:39:40 +00:00
a852e72746
SECURITY.md: make x509 data section more readable
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2026-01-20 10:38:16 +00:00
84a637899a
Add pqcp path when building in mbedtls as well
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2026-01-20 11:32:01 +01:00
93d94f4b42
c_build_helper: don't hide the compiler output
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2026-01-20 11:31:45 +01:00
ece660e1cf
Merge pull request #271 from gilles-peskine-arm/mldsa-pqcp-add-driver-framework
...
Framework support for the pqcp driver
2026-01-19 16:40:28 +01:00
7a9eceb53c
Clarify purpose and suitability of sample programs
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2026-01-19 14:46:44 +00:00
b712065a2e
Clarify CRL security guarantees
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2026-01-19 14:42:11 +00:00
390abf3b39
Fix compatibility with old CMake
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2026-01-19 12:36:38 +01:00
Gilles Peskine