1ffdb18cdb
Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr()
...
Just removed from the API. We can greatly simplify error.c but that will be
for later.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-24 14:26:39 +00:00
e99e591179
Remove key exchange based on encryption/decryption
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-20 17:53:07 +01:00
3c7db0e5a8
Remove MBEDTLS_TLS_RSA_* ciphersuite macros
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-20 17:53:07 +01:00
5814e3e566
Remove MBEDTLS_KEY_EXCHANGE_RSA key exchange type
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-20 17:53:07 +01:00
e1e27300a2
Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-20 17:53:01 +01:00
4515d10163
Merge pull request #10039 from bjwtaylor/remove-rng-from-ssl
...
Remove RNG parameters from public SSL APIs
2025-03-19 11:27:51 +00:00
c4dd970386
Merge pull request #9096 from noahp/noahp/mbedtls_net_send-api-desc-tweak
...
mbedtls_net_send API description typo fix
2025-03-13 16:22:55 +00:00
906d3cdff5
Merge pull request #10020 from bensze01/msvc-format-size-macros
...
Fix preprocessor guards for C99 format size specifiers
2025-03-13 10:09:06 +00:00
011b6cb1c5
Fix comments
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 17:11:42 +01:00
a2a0c2cbe7
Merge remote-tracking branch 'origin/features/tls-defragmentation/development' into feature_merge_defragmentation_dev
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-12 15:25:06 +00:00
cd1ece7846
Never use %zu on MinGW
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 16:18:35 +01:00
becb21e668
Fix MSVC version guard for C99 format size specifiers
...
Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it
on 2015 and above (_MSC_VER >= 1900).
%ldd works on Visual Studio 2013, but this patch keeps the two macro
definitions together, for simplicity's sake.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2025-03-12 16:16:20 +01:00
2b78a5abfa
State globally that the limitations don't apply to DTLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-12 10:07:33 +01:00
d9c858039e
Clarify DTLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-11 13:47:49 +01:00
80facedad9
ClientHello may be fragmented in renegotiation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-11 13:47:14 +01:00
d8f9e22b5e
Move the defragmentation documentation to mbedtls_ssl_handshake
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-11 13:45:27 +01:00
0cfe54e4e0
remove RNG parameters from SSL API's
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-03-10 13:24:31 +00:00
36edd48c61
Document the limitations of TLS handshake message defragmentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-05 17:41:59 +01:00
15fd5c9925
ssl: remove support for MBEDTLS_DHM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-05 10:11:23 +01:00
eb2d29eb6b
Document the need to call mbedtls_ssl_set_hostname
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
96073fb997
Improve documentation of mbedtls_ssl_set_hostname
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
825c3d075a
Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
59a5117072
Create error code for mbedtls_ssl_set_hostname not called
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
434016e2eb
Keep track of whether mbedtls_ssl_set_hostname() has been called
...
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:47:44 +01:00
28f8e205eb
Merge pull request #9872 from rojer/tls_hs_defrag_in
...
Defragment incoming TLS handshake messages
2025-02-24 09:28:11 +01:00
95fe2a6df4
Add a flags field to mbedtls_ssl_context
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 19:24:16 +01:00
aa2594a52e
Make ticket_alpn field private
...
An omission in 3.x.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 18:51:14 +01:00
dd14c0a11e
Remove in_hshdr
...
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-02-13 13:41:51 +03:00
d137f15e1b
mbedtls_config.h: remove definition of MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:12:02 +01:00
02ae66830e
check_config.h: remove checks for DHE-RSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
b7e2eccf1f
ssl_ciphersuites: remove MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED
...
This symbol is unused in the code so it can be removed.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
b8621b6f9d
ssl_ciphersuites: remove references to DHE-RSA key exchanges
...
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
89743b5db5
ssl_tls: remove code related to DHE-RSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
be658c47c8
Merge pull request #9938 from bjwtaylor/ssl-ticket-api
...
Move ssl_ticket to the PSA API
2025-02-05 10:41:09 +00:00
d0498803a1
Correct typos in comments
...
Correct the typos in the mbedtls_ssl_ticket_setup function docs
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-02-03 11:35:34 +00:00
2547ae9fcc
Move SSL macro checks from TF-PSA-Crypto to Mbed TLS
...
This commit moves macro checks specifically for Mbed TLS from
TF-PSA-Crypto to Mbed TLS where they more approriately belong.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2025-01-31 13:58:43 +00:00
0c29cf87b1
Move ssl_ticket to the PSA API
...
Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto
API.
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-01-30 08:22:40 +00:00
28905b76fa
Remove mention of USE_PSA_CRYPTO in documentation
...
This was the last occurrence found by:
git grep -c 'MBEDTLS_USE_PSA_CRYPTO' library include
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:44:08 +01:00
48e0e3a356
Rm dead !USE_PSA code: check_config.h
...
Manual, as most expressions were too complex for unifdef. Most of those
were or had a part like "we need XXX or USE_PSA" (where XXX was Cipher
or MD) and those are always satisfied now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:21 +01:00
11ae619e77
Rm dead !USE_PSA code: SSL headers (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:04 +01:00
873816129e
Rm dead !USE_PSA code: SSL ciphersuite (part 2)
...
Manual removal as unifdef doesn't handle non-trivial expressions.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:14:56 +01:00
b18c8b957b
Rm dead !USE_PSA code: SSL hooks
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:14:43 +01:00
189dcf630f
Merge pull request #9910 from valeriosetti/issue9684
...
Remove DHE-PSK key exchange
2025-01-27 11:15:10 +00:00
7e1154c959
Merge pull request #9906 from mpg/rm-conf-curves
...
[dev] Remove deprecated function mbedtls_ssl_conf_curves()
2025-01-27 08:21:27 +00:00
6ba324de02
mbedtls_config: remove MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
...
This commit also removes its disabling from config_adjust_ssl.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
a07345247e
check_config: remove checks for DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
6348b46c0b
ssl_ciphersuites: remove references/usages of DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
48659a1f9c
ssl_tls: remove usage of DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
6b64a1ba37
x509: remove definition and implementation of x509write_crt_set_serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-16 15:00:10 +01:00
6b720161ca
Remove mbedtls_ssl_conf::curve_list
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:17:20 +01:00
