lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-14 02:22:15 +03:00
Code Activity
33,843 Commits 176 Branches 276 Tags
dev/minosgalanakis/test-docs
Commit Graph

84 Commits

Author SHA1 Message Date
Ben Taylor
5cdbe30804 replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
4766a23f9c change MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED to MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
c8823a262d Remove MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED as it appears to be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
a7b3f26864 reverted change to MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED, as it appears it could be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
b2f6a69d85 Replace MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
013f8aee4e Replace MBEDTLS_KEY_EXCHANGE_PSK_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
1d651cc8a1 Remove additional occurances of static ECDH symbols 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
3116f2febe Remove further symbols 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
4d7f715c07 Remove further symbols that are not required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
558766d814 Remove additional ifdef's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
Gabor Mezei
3c7db0e5a8 Remove MBEDTLS_TLS_RSA_* ciphersuite macros 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
5814e3e566 Remove MBEDTLS_KEY_EXCHANGE_RSA key exchange type 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
e1e27300a2 Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:01 +01:00
Valerio Setti
b7e2eccf1f ssl_ciphersuites: remove MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED 
This symbol is unused in the code so it can be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
b8621b6f9d ssl_ciphersuites: remove references to DHE-RSA key exchanges 
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Manuel Pégourié-Gonnard
873816129e Rm dead !USE_PSA code: SSL ciphersuite (part 2) 
Manual removal as unifdef doesn't handle non-trivial expressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:56 +01:00
Valerio Setti
6348b46c0b ssl_ciphersuites: remove references/usages of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Janos Follath
130ece0b6e Remove USE_PSA references from SSL documentation 
MBEDTLS_USE_PSA_CRYPTO is now always enabled we need to update the
documentation accordingly.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-12-02 12:53:05 +00:00
Gilles Peskine
0068fceba3 Note the equivalence of two macros, thanks to RSA-PSK removal 
Removing the now-duplicate internal macro is left for future work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-11-05 15:49:12 +01:00
Gilles Peskine
91e7ebebfe Remove RSA_PSK suites from cipher suite lists 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-11-05 15:49:12 +01:00
Gilles Peskine
712e9a1c3e Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK 
Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the
configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the
removal of library code that supports the RSA-PSK key exchange in TLS 1.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-11-05 15:49:12 +01:00
Gilles Peskine
ac767e5c69 Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all
code guarded by it. This remove support for the RSA-PSK key exchange in TLS
1.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-11-05 15:49:01 +01:00
Elena Uziunaite
bed21b55a6 Replace MBEDTLS_PK_CAN_ECDSA_VERIFY with PSA_HAVE_ALG_ECDSA_VERIFY 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:10 +01:00
Elena Uziunaite
39c7d5dc4b Replace MBEDTLS_PK_CAN_ECDSA_SIGN with PSA_HAVE_ALG_ECDSA_SIGN 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:08 +01:00
Minos Galanakis
40d4708f17 ssl: Added session getter for ciphersuite_id. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 15:57:41 +00:00
Minos Galanakis
358b448d72 ssl_ciphersuite: Added getter methods for ciphersuite id. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 15:57:41 +00:00
Valerio Setti
d929106f36 ssl_ciphersuites: move internal functions declarations to a private header 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 15:08:28 +01:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Gilles Peskine
eda1b1f744 Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Manuel Pégourié-Gonnard
97bb726e2d Add clarifying comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 11:28:32 +02:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS" 
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-12 19:18:17 +02:00
Valerio Setti
568799fe22 ssl_ciphersuites: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-21 07:36:54 +02:00
Valerio Setti
c8ccc8f86d tls: add new symbol for generic TLS 1.2 and 1.3 support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-02 20:00:13 +02:00
Valerio Setti
2430a70fcf ssl_ciphersuites: adding new internal helper symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-01 19:02:38 +02:00
Valerio Setti
9cd8011978 tls: fix definition of symbol KEY_EXCHANGE_SOME_XXDH_PSA_ANY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 16:46:55 +02:00
Valerio Setti
ea59c43499 tls: fix a comment a rename a variable/symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:14:03 +02:00
Valerio Setti
3d237b5ff1 ssl_misc: fix guards for PSA data used in XXDH key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:16 +02:00
Valerio Setti
0a0d0d5527 ssl: keep all helper definitions in ssl_ciphersuites.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti
ed365e66bb ssl: improve/fix definitions for internal helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti
e87915b66f ssl: update new symbols to include also FFDH 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
00dc4063e2 ssl: add new helpers for TLS 1.2/1.3 ECDH(E) key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Neil Armstrong
9f4606e6d2 Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Neil Armstrong
0c9c10a401 Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:10:48 +02:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-13 00:05:48 -05:00