lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-27 12:15:33 +03:00
Code Activity
33,841 Commits 176 Branches 276 Tags
cf9b557d1c83a74bc0f94d44db12fc9e9c70df20
Commit Graph

13731 Commits

Author SHA1 Message Date
Gilles Peskine
562763b5bd Add dependency of mbedtls_config on generated config check headers 
Fix the build of libmbedx509 when generated files are not already present.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-24 17:20:35 +02:00
Gilles Peskine
cc1ac1d3dc CMake: support generated headers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-24 17:20:35 +02:00
Gilles Peskine
24d058bc6c Enable checks for bad options in the config file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-24 17:20:35 +02:00
Gilles Peskine
d57a0985ab Add dependency of tf_psa_crypto_config on generated config check headers 
Fix the build of libtfpsacrypto when generated files are not already present.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-22 15:52:06 +02:00
Gilles Peskine
6712f1b6af Use --list-for-cmake with generate_config_checks.py 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:25 +02:00
Gilles Peskine
67b115cfda Register crypto's generate_config_files.py outputs as generated files 
Mbed TLS needs to know the generated files of TF-PSA-Crypto. There's no
mechanism for TF-PSA-Crypto to declare them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Gilles Peskine
b53b443f8e Register generate_config_files.py outputs as generated files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Ronald Cron
b91117c32f Merge pull request #10402 from ronald-cron-arm/remove-legacy-crypto-options 
Remove legacy crypto options
 2025-09-17 18:46:05 +00:00
Ronald Cron
3091e40774 Remove usage of old crypto options in public headers 
The remaining occurences were related to
dead code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-17 16:06:31 +02:00
Valerio Setti
bc611fe44c [tls12|tls13]_server: fix usage being checked on the certificate key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
7b2d72aaf0 ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA 
When the key is parsed from PK it is assigned the pseudo-alg
MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded
deterministc/randomized ECDSA can make the function to fail if the proper
variant is not the one also used by PK.
This commit fixes this problem.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
0009b042ac library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Ronald Cron
feb5e26619 Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
0dd31fe523 Introduce MBEDTLS_SSL_NULL_CIPHERSUITES 
The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ben Taylor
337161eb41 Remove comment referencing ECDH 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
5cdbe30804 replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
4d7f715c07 Remove further symbols that are not required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
558766d814 Remove additional ifdef's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Anton Matkin
92129adcf2 Removed the whitespace which is causing CI to fail 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 16:09:09 +02:00
Anton Matkin
8135b84ed2 Fixed incorrect usage of key derivation procedures 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 16:09:09 +02:00
Anton Matkin
8e4d8c9227 Update ssl_tls.c to use psa_pake_get_shared_key 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 16:09:09 +02:00
Anton Matkin
7a65ce6737 Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:40 +02:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
David Horstmann
6ff9c89648 Merge pull request #10361 from bensze01/runtime-version-interface 
Simplify runtime version info string methods
 2025-08-27 14:59:15 +00:00
Ben Taylor
3f523748e0 Add const to serial argument in mbedtls_x509write_crt_set_serial_raw 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-18 13:47:50 +01:00
Bence Szépkúti
b2ba9fa68b Simplify runtime version info string methods 
Return a const char* instead of taking a char* as an argument.

This aligns us with the interface used in TF PSA Crypto.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-08-18 11:39:45 +02:00
Anton Matkin
6eb5335ef0 Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-12 13:50:48 +02:00
Anton Matkin
1b70084bd9 TF-PSA-Crypto submodule link fixup 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-12 13:50:45 +02:00
Manuel Pégourié-Gonnard
5b74c79f00 Merge pull request #10298 from bjwtaylor/remove-deprecated-items 
Remove deprecated items
 2025-08-11 07:13:08 +00:00
Ben Taylor
5a27010fab Remove group_list_heap_allocated 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-08 08:33:03 +01:00
Gilles Peskine
627d653863 Merge pull request #10282 from bjwtaylor/switch-to-mbedtls_pk_sigalg_t 
Switch to mbedtls pk sigalg t
 2025-08-07 11:06:31 +00:00
Ben Taylor
ed0db45b63 Completely remove sig_algs_heap_allocated 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 09:40:42 +01:00
Ben Taylor
8dfed9fc15 Remove pointer cast in mbedtls_x509_oid_get_sig_alg 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
8b3b7e5cac Update further type mismatches 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
6816fd781e Adjust for change in mbedtls_pk_verify_new function prototype 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
7573321f61 Fix style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
8e832b6594 Add sigalg types to x509_crt.c 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
1c118a564d reverted enum in pk_verify_new 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
b2eecc621d switch to mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
500e497c05 Fix code style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
adf5d537b2 Fix code style 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
d95ea27e8c Create new enum mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Valerio Setti
a2a1c084ef mbedtls_check_config: remove reference to MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 15:00:08 +02:00
Ben Taylor
6023652711 Remove additional references to sig_algs_heap_allocated 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-06 08:28:43 +01:00
Valerio Setti
d0d0791aed remove usage of secp192[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Valerio Setti
70a4a31cb5 remove secp224[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Ben Taylor
9f54408c31 Remove sig_algs_heap_allocated=0 as it is always 0 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-05 08:28:33 +01:00
Ben Taylor
8b91436903 Remove paragraph in comments as it is no longer required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-05 08:22:10 +01:00
Ben Taylor
27a4cc9de2 Remove mbedtls_ssl_conf_sig_hashes from comments 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-04 15:13:34 +01:00