0cfe54e4e0
remove RNG parameters from SSL API's
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-03-10 13:24:31 +00:00
36edd48c61
Document the limitations of TLS handshake message defragmentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-05 17:41:59 +01:00
15fd5c9925
ssl: remove support for MBEDTLS_DHM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-05 10:11:23 +01:00
eb2d29eb6b
Document the need to call mbedtls_ssl_set_hostname
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
96073fb997
Improve documentation of mbedtls_ssl_set_hostname
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
825c3d075a
Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
59a5117072
Create error code for mbedtls_ssl_set_hostname not called
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
434016e2eb
Keep track of whether mbedtls_ssl_set_hostname() has been called
...
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:47:44 +01:00
28f8e205eb
Merge pull request #9872 from rojer/tls_hs_defrag_in
...
Defragment incoming TLS handshake messages
2025-02-24 09:28:11 +01:00
95fe2a6df4
Add a flags field to mbedtls_ssl_context
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 19:24:16 +01:00
aa2594a52e
Make ticket_alpn field private
...
An omission in 3.x.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 18:51:14 +01:00
dd14c0a11e
Remove in_hshdr
...
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-02-13 13:41:51 +03:00
d137f15e1b
mbedtls_config.h: remove definition of MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:12:02 +01:00
02ae66830e
check_config.h: remove checks for DHE-RSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
b7e2eccf1f
ssl_ciphersuites: remove MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED
...
This symbol is unused in the code so it can be removed.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
b8621b6f9d
ssl_ciphersuites: remove references to DHE-RSA key exchanges
...
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
89743b5db5
ssl_tls: remove code related to DHE-RSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
be658c47c8
Merge pull request #9938 from bjwtaylor/ssl-ticket-api
...
Move ssl_ticket to the PSA API
2025-02-05 10:41:09 +00:00
d0498803a1
Correct typos in comments
...
Correct the typos in the mbedtls_ssl_ticket_setup function docs
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-02-03 11:35:34 +00:00
2547ae9fcc
Move SSL macro checks from TF-PSA-Crypto to Mbed TLS
...
This commit moves macro checks specifically for Mbed TLS from
TF-PSA-Crypto to Mbed TLS where they more approriately belong.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2025-01-31 13:58:43 +00:00
0c29cf87b1
Move ssl_ticket to the PSA API
...
Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto
API.
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-01-30 08:22:40 +00:00
28905b76fa
Remove mention of USE_PSA_CRYPTO in documentation
...
This was the last occurrence found by:
git grep -c 'MBEDTLS_USE_PSA_CRYPTO' library include
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:44:08 +01:00
48e0e3a356
Rm dead !USE_PSA code: check_config.h
...
Manual, as most expressions were too complex for unifdef. Most of those
were or had a part like "we need XXX or USE_PSA" (where XXX was Cipher
or MD) and those are always satisfied now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:21 +01:00
11ae619e77
Rm dead !USE_PSA code: SSL headers (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:04 +01:00
873816129e
Rm dead !USE_PSA code: SSL ciphersuite (part 2)
...
Manual removal as unifdef doesn't handle non-trivial expressions.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:14:56 +01:00
b18c8b957b
Rm dead !USE_PSA code: SSL hooks
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:14:43 +01:00
189dcf630f
Merge pull request #9910 from valeriosetti/issue9684
...
Remove DHE-PSK key exchange
2025-01-27 11:15:10 +00:00
7e1154c959
Merge pull request #9906 from mpg/rm-conf-curves
...
[dev] Remove deprecated function mbedtls_ssl_conf_curves()
2025-01-27 08:21:27 +00:00
6ba324de02
mbedtls_config: remove MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
...
This commit also removes its disabling from config_adjust_ssl.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
a07345247e
check_config: remove checks for DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
6348b46c0b
ssl_ciphersuites: remove references/usages of DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
48659a1f9c
ssl_tls: remove usage of DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
6b64a1ba37
x509: remove definition and implementation of x509write_crt_set_serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-16 15:00:10 +01:00
6b720161ca
Remove mbedtls_ssl_conf::curve_list
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:17:20 +01:00
93d4591255
Remove deprecated function mbedtls_ssl_conf_curves()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:06:31 +01:00
bc7c523420
Remove uses of secp244k1
...
Remove all code guarded by `PSA_WANT_ECC_SECP_K1_224`, which is not and will
not be implemented. (It would be K1_225 anyway, but we don't intend to
implement it anyway.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-01-08 16:51:23 +01:00
ac2cf1f26c
Defragment incoming TLS handshake messages
...
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2024-12-25 14:34:17 +02:00
1bf85a8634
mbedtls_config: Cleaned up legacy sections.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-12-16 08:53:48 +00:00
80e76b66af
Moved options to new sections.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-12-16 08:53:47 +00:00
acd560f887
mbedtls_config: Added new section placeholders.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-12-16 08:53:47 +00:00
51f228cc1b
Switch to actual TF-PSA-Crypto build_info.h
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-11 22:32:45 +01:00
e11ae17c60
Split check_config.h
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-11 22:32:45 +01:00
ce3c2dd30c
Merge pull request #9806 from ronald-cron-arm/finalize-split-preparation-1
...
Finalize split preparation-1
2024-12-05 13:23:09 +00:00
6924564970
Move back timing.c to mbedtls
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-04 14:25:02 +01:00
18047f0b01
Move config_adjust_legacy_crypto.h to tf-psa-crypto
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-04 14:25:02 +01:00
80963c64eb
Move hkdf.h to tf-psa-crypto
...
Move hkdf.h to tf-psa-crypto as
hkdf.c was.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-04 14:25:02 +01:00
4f619e12e7
Renamed MBEDTLS_PSA_CRYPTO_CONFIG_FILE & MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
...
Files have been renamed respectively to:
- TF_PSA_CRYPTO_CONFIG_FILE
- TF_PSA_CRYPTO_USER_CONFIG_FILE
As per design proposal:
https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/config-split.md
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-12-04 09:57:56 +00:00
1f0d469e1d
Cleaned up MbedTLS/tf-psa-crypto configs.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-12-04 09:57:56 +00:00
861b90c257
Migrated General and test configuration options (contd).
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-12-04 09:50:53 +00:00
cb32d084aa
crypto_config: Migrated newer configuration options.
...
This commit, moves configuration entries that were not present
during the design-review.
It also updates the proposal accordingly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-12-04 09:50:09 +00:00
