mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-15 15:21:08 +03:00

Author	SHA1	Message	Date
Ben Taylor	0035cfb1f0	Removed unnecessary cast in mbedtls_pk_sign_ext Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-30 13:42:56 +00:00
Ben Taylor	a2de40a100	Change the return type of mbedtls_ssl_get_ciphersuite_sig_pk_alg to mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Ben Taylor	1b32994bef	Fix style issues Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Ben Taylor	2c056721d1	Tidy up debug of non ext functions Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Ben Taylor	cef9d2d31f	Revert change to mbedtls_pk_{sign,verify}_restartable and replace with ext version Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Ben Taylor	5e23093285	Fix code style issues Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Ben Taylor	c3e2b37530	Remove mbedtls_ssl_write_handshake_msg as it now replaced by mbedtls_ssl_write_handshake_msg_ext Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Ben Taylor	279dd4ab59	Remove dependencies on mbedtls_pk_verify Replace mbedtls_pk_verify with mbedtls_pk_verify_restartable, as mbedtls_pk_verify has now been removed and was origonally a pass through call to mbedtls_pk_verify_restartable. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Ben Taylor	94f1628aca	Remove dependencies on mbedtls_pk_sign Replace mbedtls_pk_sign with mbedtls_pk_sign_restartable, as mbedtls_pk_sign has now been removed and was origonally a pass through call to mbedtls_pk_sign_restartable. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-10-28 07:58:37 +00:00
Valerio Setti	bc611fe44c	[tls12\|tls13]_server: fix usage being checked on the certificate key Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-09-16 16:12:07 +02:00
Valerio Setti	0009b042ac	library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-09-16 16:12:07 +02:00
Ben Taylor	337161eb41	Remove comment referencing ECDH Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-09-11 13:22:40 +01:00
Ben Taylor	5cdbe30804	replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED After the ECDH keyexchange removal the two became synonyms so the former can be removed. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-09-11 13:22:40 +01:00
Ben Taylor	558766d814	Remove additional ifdef's Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-09-11 13:22:40 +01:00
Ben Taylor	15f1d7f812	Remove support for static ECDH cipher suites Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-09-11 13:22:40 +01:00
Anton Matkin	bc48725b64	Include fixups (headers moves to private directory) Signed-off-by: Anton Matkin <anton.matkin@arm.com>	2025-08-29 07:05:37 +02:00
Valerio Setti	ae89dcc4be	library: tls12: remove usage of MBEDTLS_PK_USE_PSA_EC_DATA PK module will now always use PSA storing pattern when working with EC keys therefore MBEDTLS_PK_USE_PSA_EC_DATA is assumed to be always enabled. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-06-12 06:21:30 +02:00
Gilles Peskine	f670ba5e52	Always call mbedtls_ssl_handshake_set_state Call a single function for all handshake state changes, for easier tracing. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-04-09 12:52:22 +02:00
Ben Taylor	1cd1e01897	Correct code style Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 13:34:03 +00:00
Ben Taylor	fd52984896	resolved ci failures Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 13:32:10 +00:00
Ben Taylor	602b2968ca	pre-test version of the mbedtls_ssl_conf_rng removal Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 13:32:10 +00:00
Ben Taylor	440cb2aac2	Remove RNG from x509 and PK remove the f_rng and p_rng parameter from x509 and PK. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 08:17:38 +00:00
Gabor Mezei	58535da8d0	Only check for certificates if it is supported Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2025-03-20 17:53:07 +01:00
Gabor Mezei	e99e591179	Remove key exchange based on encryption/decryption Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2025-03-20 17:53:07 +01:00
Gabor Mezei	e1e27300a2	Remove `MBEDTLS_KEY_EXCHANGE_RSA_ENABLED` config option Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2025-03-20 17:53:01 +01:00
Manuel Pégourié-Gonnard	28f8e205eb	Merge pull request #9872 from rojer/tls_hs_defrag_in Defragment incoming TLS handshake messages	2025-02-24 09:28:11 +01:00
Valerio Setti	b8621b6f9d	ssl_ciphersuites: remove references to DHE-RSA key exchanges In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed. This cause some code in "ssl_ciphersuites_internal.h" and "ssl_tls12_server.c" to became useless, so these blocks are removed as well. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Valerio Setti	89743b5db5	ssl_tls: remove code related to DHE-RSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-06 10:05:58 +01:00
Waleed Elmelegy	cf4e6a18e6	Remove unused variable in ssl_server.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-05 13:10:01 +02:00
Deomid rojer Ryabkov	afa11db620	Remove obselete checks due to the introduction of handhsake defragmen... tation. h/t @waleed-elmelegy-arm `909e71672f` Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-01 15:42:43 +02:00
Manuel Pégourié-Gonnard	df5e1b6864	Rm dead !USE_PSA code: ssl_tls12_server.c (part 2) Manual. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-01-28 16:17:54 +01:00
Manuel Pégourié-Gonnard	58916768b7	Rm dead !USE_PSA code: ssl_tls12_server.c (part 1) unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c framework/scripts/code_style.py --fix library/ssl_tls12_server.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-01-28 16:17:26 +01:00
Ronald Cron	189dcf630f	Merge pull request #9910 from valeriosetti/issue9684 Remove DHE-PSK key exchange	2025-01-27 11:15:10 +00:00
Valerio Setti	48659a1f9c	ssl_tls: remove usage of DHE-PSK Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-01-24 11:49:59 +01:00
Manuel Pégourié-Gonnard	6402c35eca	Remove internal helper mbedtls_ssl_get_groups() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-01-14 12:23:56 +01:00
Gilles Peskine	712e9a1c3e	Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the removal of library code that supports the RSA-PSK key exchange in TLS 1.2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-11-05 15:49:12 +01:00
Gilles Peskine	ac767e5c69	Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all code guarded by it. This remove support for the RSA-PSK key exchange in TLS 1.2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-11-05 15:49:01 +01:00
Harry Ramsey	0f6bc41a22	Update includes for each library file Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>	2024-10-09 11:18:50 +01:00
Manuel Pégourié-Gonnard	7a4aa4d133	Make mbedtls_ssl_check_cert_usage() work for 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	94f70228e9	Clean up mbedtls_ssl_check_cert_usage() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Michael Schuster	7e39028628	Fix build of v3.6 with unset MBEDTLS_DHM_C but MBEDTLS_USE_PSA_CRYPTO set (fixes #9188 ) Avoid compiler warning about size comparison (like in commit `7910cdd`): Clang builds fail, warning about comparing uint8_t to a size that may be >255. Signed-off-by: Michael Schuster <michael@schuster.ms>	2024-08-09 10:27:44 +01:00
Gilles Peskine	8c60b16188	Merge pull request #8643 from gilles-peskine-arm/tls12_server-pk_opaque-dead_code Guard configuration-specific code in ssl_tls12_server.c	2024-05-30 17:24:33 +00:00
Ronald Cron	139a4185b1	Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration TLS: check RNG when calling mbedtls_ssl_setup()	2024-03-08 07:38:39 +00:00
Gilles Peskine	84b9f1b039	mbedtls_ecp_write_key_ext(): migrate internally Stop using mbedtls_ecp_write_key() except to test it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 13:19:42 +01:00
Manuel Pégourié-Gonnard	0ecb5fd6f5	Merge pull request #8574 from ronald-cron-arm/ssl-tickets Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3	2024-02-21 09:38:46 +00:00
Valerio Setti	b4f5076270	debug: move internal functions declarations to an internal header file Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:30:46 +01:00
Ronald Cron	3c0072b58e	ssl_ticket.c: Base ticket age check on the ticket creation time Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 10:29:51 +01:00
Ronald Cron	17ef8dfddb	ssl_session: Define unconditionally the endpoint field The endpoint field is needed to serialize/deserialize a session in TLS 1.2 the same way it is needed in the TLS 1.3 case: client specific fields that should not be in the serialized version on server side if both TLS client and server are enabled in the TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Gilles Peskine	4bf4473ef0	Merge pull request #8633 from Wenxing-hou/clear_clienthello_comment Make clienthello comment clear	2023-12-21 12:09:23 +00:00
Manuel Pégourié-Gonnard	a4b38f24fd	Merge pull request #8579 from valeriosetti/issue7995 PK: clean up pkwrite	2023-12-20 08:20:10 +00:00

1 2 3 4 5

229 Commits