lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-15 15:21:08 +03:00
Code Activity
33,975 Commits 176 Branches 276 Tags
a2de40a1009552adece510fcd22916ab9ed3ff59
Commit Graph

228 Commits

Author SHA1 Message Date
Ben Taylor
a2de40a100 Change the return type of mbedtls_ssl_get_ciphersuite_sig_pk_alg to mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
1b32994bef Fix style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
2c056721d1 Tidy up debug of non ext functions 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
cef9d2d31f Revert change to mbedtls_pk_{sign,verify}_restartable and replace with ext version 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
5e23093285 Fix code style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
c3e2b37530 Remove mbedtls_ssl_write_handshake_msg as it now replaced by mbedtls_ssl_write_handshake_msg_ext 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
279dd4ab59 Remove dependencies on mbedtls_pk_verify 
Replace mbedtls_pk_verify with mbedtls_pk_verify_restartable, as mbedtls_pk_verify has now been
removed and was origonally a pass through call to mbedtls_pk_verify_restartable.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
94f1628aca Remove dependencies on mbedtls_pk_sign 
Replace mbedtls_pk_sign with mbedtls_pk_sign_restartable, as mbedtls_pk_sign has now been
removed and was origonally a pass through call to mbedtls_pk_sign_restartable.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Valerio Setti
bc611fe44c [tls12|tls13]_server: fix usage being checked on the certificate key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
0009b042ac library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Ben Taylor
337161eb41 Remove comment referencing ECDH 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
5cdbe30804 replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
558766d814 Remove additional ifdef's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
Valerio Setti
ae89dcc4be library: tls12: remove usage of MBEDTLS_PK_USE_PSA_EC_DATA 
PK module will now always use PSA storing pattern when working with
EC keys therefore MBEDTLS_PK_USE_PSA_EC_DATA is assumed to be always
enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-12 06:21:30 +02:00
Gilles Peskine
f670ba5e52 Always call mbedtls_ssl_handshake_set_state 
Call a single function for all handshake state changes, for easier tracing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:22 +02:00
Ben Taylor
1cd1e01897 Correct code style 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:34:03 +00:00
Ben Taylor
fd52984896 resolved ci failures 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:32:10 +00:00
Ben Taylor
602b2968ca pre-test version of the mbedtls_ssl_conf_rng removal 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:32:10 +00:00
Ben Taylor
440cb2aac2 Remove RNG from x509 and PK 
remove the f_rng and p_rng parameter from x509 and PK.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 08:17:38 +00:00
Gabor Mezei
58535da8d0 Only check for certificates if it is supported 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
e99e591179 Remove key exchange based on encryption/decryption 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
e1e27300a2 Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:01 +01:00
Manuel Pégourié-Gonnard
28f8e205eb Merge pull request #9872 from rojer/tls_hs_defrag_in 
Defragment incoming TLS handshake messages
 2025-02-24 09:28:11 +01:00
Valerio Setti
b8621b6f9d ssl_ciphersuites: remove references to DHE-RSA key exchanges 
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
89743b5db5 ssl_tls: remove code related to DHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Waleed Elmelegy
cf4e6a18e6 Remove unused variable in ssl_server.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-05 13:10:01 +02:00
Deomid rojer Ryabkov
afa11db620 Remove obselete checks due to the introduction of handhsake defragmen... 
tation. h/t @waleed-elmelegy-arm

909e71672f

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-01 15:42:43 +02:00
Manuel Pégourié-Gonnard
df5e1b6864 Rm dead !USE_PSA code: ssl_tls12_server.c (part 2) 
Manual.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:54 +01:00
Manuel Pégourié-Gonnard
58916768b7 Rm dead !USE_PSA code: ssl_tls12_server.c (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c
framework/scripts/code_style.py --fix library/ssl_tls12_server.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:26 +01:00
Ronald Cron
189dcf630f Merge pull request #9910 from valeriosetti/issue9684 
Remove DHE-PSK key exchange
 2025-01-27 11:15:10 +00:00
Valerio Setti
48659a1f9c ssl_tls: remove usage of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Manuel Pégourié-Gonnard
6402c35eca Remove internal helper mbedtls_ssl_get_groups() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-14 12:23:56 +01:00
Gilles Peskine
712e9a1c3e Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK 
Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the
configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the
removal of library code that supports the RSA-PSK key exchange in TLS 1.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-11-05 15:49:12 +01:00
Gilles Peskine
ac767e5c69 Remove MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED 
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all
code guarded by it. This remove support for the RSA-PSK key exchange in TLS
1.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-11-05 15:49:01 +01:00
Harry Ramsey
0f6bc41a22 Update includes for each library file 
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-10-09 11:18:50 +01:00
Manuel Pégourié-Gonnard
7a4aa4d133 Make mbedtls_ssl_check_cert_usage() work for 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
94f70228e9 Clean up mbedtls_ssl_check_cert_usage() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Michael Schuster
7e39028628 Fix build of v3.6 with unset MBEDTLS_DHM_C but MBEDTLS_USE_PSA_CRYPTO set (fixes #9188) 
Avoid compiler warning about size comparison (like in commit 7910cdd):

Clang builds fail, warning about comparing uint8_t to a size that may be >255.

Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:27:44 +01:00
Gilles Peskine
8c60b16188 Merge pull request #8643 from gilles-peskine-arm/tls12_server-pk_opaque-dead_code 
Guard configuration-specific code in ssl_tls12_server.c
 2024-05-30 17:24:33 +00:00
Ronald Cron
139a4185b1 Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration 
TLS: check RNG when calling mbedtls_ssl_setup()
 2024-03-08 07:38:39 +00:00
Gilles Peskine
84b9f1b039 mbedtls_ecp_write_key_ext(): migrate internally 
Stop using mbedtls_ecp_write_key() except to test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 13:19:42 +01:00
Manuel Pégourié-Gonnard
0ecb5fd6f5 Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Valerio Setti
b4f5076270 debug: move internal functions declarations to an internal header file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 15:30:46 +01:00
Ronald Cron
3c0072b58e ssl_ticket.c: Base ticket age check on the ticket creation time 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 10:29:51 +01:00
Ronald Cron
17ef8dfddb ssl_session: Define unconditionally the endpoint field 
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Gilles Peskine
4bf4473ef0 Merge pull request #8633 from Wenxing-hou/clear_clienthello_comment 
Make clienthello comment clear
 2023-12-21 12:09:23 +00:00
Manuel Pégourié-Gonnard
a4b38f24fd Merge pull request #8579 from valeriosetti/issue7995 
PK: clean up pkwrite
 2023-12-20 08:20:10 +00:00
Gilles Peskine
c6d2df8a67 Guard configuration-specific code 
A large block of code is only reachable if MBEDTLS_PK_USE_PSA_EC_DATA is
enabled, i.e. if MBEDTLS_USE_PSA_CRYPTO is enabled with driver-only ECC.
Compilers are likely to figure it out, but still, for clarity and
robustness, do guard that block of code with the appropriate conditional
compilation guard.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-18 20:38:38 +01:00