TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,336 Commits 177 Branches 276 Tags
development
Commit Graph

245 Commits

Author SHA1 Message Date
Valerio Setti
ae885590fb library: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 
Follow the same pattern that was used in the past to remove dependency
on MBEDTLS_RSA_C and use PSA_WANT instead.

Relying on MBEDTLS_RSA_C is fine only when builtin drivers are compiled
since all PSA_WANT are converted to legacy build symbols. However when
builtin drivers are not built (ex: in case of TF-M), then part of the code
in TLS/X509 won't be compiled because MBEDTLS_RSA_C is not set. OTOH
it's not possible to declare that symbol in a configuration file because
it's a legacy one and it will be rejected by buildtime checks.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-03-16 13:52:01 +01:00
Ronald Cron
7f40da187c ssl_tls12_server.c: Move back the digest update 
Move back the digest update just after
the call to mbedtls_ssl_read_record().
It fits well here as we explain in the
comment associated to the call to
mbedtls_ssl_read_record() that we
update it manually.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-10 08:25:21 +01:00
Ronald Cron
65a038198e Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-03-09 23:28:50 +01:00
Ronald Cron
53dd7d0dce ssl_tls12_server.c: Update hs status after some validations of the ClientHello 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-24 15:28:12 +01:00
Ronald Cron
0db3a49330 ssl_tls12_server.c: parse_client_hello: Remove remaining record level code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
00160b910a ssl_tls12_server.c: Move ClientHello record sequence_number init 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
943c1071bb ssl_tls12_server.c: Move ClientHello message_seq adjustment 
Move ClientHello message_seq adjustment to the record layer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
a50110be71 ssl_tls12_server.c: Use mbedtls_ssl_read_record() only to read the ClientHello 
In ssl_tls12_server.c:ssl_parse_client_hello(), remove
the code that directly reads the received data to read
the record expected to contain the ClientHello message.

The function already supported handling a ClientHello
read via mbedtls_ssl_read_record() in the following
cases:
- when the ClientHello was read as a post-handshake
  message (renegotiation).
- when the ClientHello was read by
  ssl_tls13_process_client_hello() during TLS 1.3 or
  TLS 1.2 version negotiation.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Ronald Cron
516e74ca5c ssl_tls12_server.c: Document replay check and update in ssl_parse_client_hello() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2026-02-23 12:12:36 +01:00
Valerio Setti
c0ac4a6933 library: ssl: specify hash algorithm when checking signature in ssl_parse_certificate_verify 
Since the hash algorithm is known, this can be used when calling
"mbedtls_pk_can_do_psa()" to get a more accurate answer.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-12-09 16:18:11 +01:00
Valerio Setti
81a5a0914c library: ssl: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-12-04 16:28:44 +01:00
Manuel Pégourié-Gonnard
ea5718721f Remove two more useless internal includes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-12-02 12:06:39 +01:00
Manuel Pégourié-Gonnard
eab6d3276b ssl: rm useless private include in C file 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-12-01 10:26:28 +01:00
Juha-Pekka Kesonen
5f4cbcd336 ssl_tls12: change log level for ECDH computation 
Signed-off-by: Juha-Pekka <juha-pekka.kesonen@nordicsemi.no>
 2025-11-05 14:10:52 +02:00
Ben Taylor
b76c38334a Update name of mbedtls_ssl_pk_alg_from_sig_pk_alg to mbedtls_ssl_pk_sig_alg_from_sig 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-31 08:40:25 +00:00
Ben Taylor
5f037c7fb3 Rename mbedtls_ssl_pk_alg_from_sig to mbedtls_ssl_pk_alg_from_sig_pk_alg and update to use mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-30 14:59:24 +00:00
Ben Taylor
0035cfb1f0 Removed unnecessary cast in mbedtls_pk_sign_ext 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-30 13:42:56 +00:00
Ben Taylor
a2de40a100 Change the return type of mbedtls_ssl_get_ciphersuite_sig_pk_alg to mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
1b32994bef Fix style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
2c056721d1 Tidy up debug of non ext functions 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
cef9d2d31f Revert change to mbedtls_pk_{sign,verify}_restartable and replace with ext version 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
5e23093285 Fix code style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
c3e2b37530 Remove mbedtls_ssl_write_handshake_msg as it now replaced by mbedtls_ssl_write_handshake_msg_ext 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
279dd4ab59 Remove dependencies on mbedtls_pk_verify 
Replace mbedtls_pk_verify with mbedtls_pk_verify_restartable, as mbedtls_pk_verify has now been
removed and was origonally a pass through call to mbedtls_pk_verify_restartable.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Ben Taylor
94f1628aca Remove dependencies on mbedtls_pk_sign 
Replace mbedtls_pk_sign with mbedtls_pk_sign_restartable, as mbedtls_pk_sign has now been
removed and was origonally a pass through call to mbedtls_pk_sign_restartable.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-10-28 07:58:37 +00:00
Valerio Setti
bc611fe44c [tls12|tls13]_server: fix usage being checked on the certificate key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
0009b042ac library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Ben Taylor
337161eb41 Remove comment referencing ECDH 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
5cdbe30804 replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
558766d814 Remove additional ifdef's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
Valerio Setti
ae89dcc4be library: tls12: remove usage of MBEDTLS_PK_USE_PSA_EC_DATA 
PK module will now always use PSA storing pattern when working with
EC keys therefore MBEDTLS_PK_USE_PSA_EC_DATA is assumed to be always
enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-12 06:21:30 +02:00
Gilles Peskine
f670ba5e52 Always call mbedtls_ssl_handshake_set_state 
Call a single function for all handshake state changes, for easier tracing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:22 +02:00
Ben Taylor
1cd1e01897 Correct code style 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:34:03 +00:00
Ben Taylor
fd52984896 resolved ci failures 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:32:10 +00:00
Ben Taylor
602b2968ca pre-test version of the mbedtls_ssl_conf_rng removal 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:32:10 +00:00
Ben Taylor
440cb2aac2 Remove RNG from x509 and PK 
remove the f_rng and p_rng parameter from x509 and PK.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 08:17:38 +00:00
Gabor Mezei
58535da8d0 Only check for certificates if it is supported 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
e99e591179 Remove key exchange based on encryption/decryption 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
e1e27300a2 Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:01 +01:00
Manuel Pégourié-Gonnard
28f8e205eb Merge pull request #9872 from rojer/tls_hs_defrag_in 
Defragment incoming TLS handshake messages
 2025-02-24 09:28:11 +01:00
Valerio Setti
b8621b6f9d ssl_ciphersuites: remove references to DHE-RSA key exchanges 
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
89743b5db5 ssl_tls: remove code related to DHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Waleed Elmelegy
cf4e6a18e6 Remove unused variable in ssl_server.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-05 13:10:01 +02:00
Deomid rojer Ryabkov
afa11db620 Remove obselete checks due to the introduction of handhsake defragmen... 
tation. h/t @waleed-elmelegy-arm

909e71672f

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-01 15:42:43 +02:00
Manuel Pégourié-Gonnard
df5e1b6864 Rm dead !USE_PSA code: ssl_tls12_server.c (part 2) 
Manual.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:54 +01:00
Manuel Pégourié-Gonnard
58916768b7 Rm dead !USE_PSA code: ssl_tls12_server.c (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c
framework/scripts/code_style.py --fix library/ssl_tls12_server.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:26 +01:00
Ronald Cron
189dcf630f Merge pull request #9910 from valeriosetti/issue9684 
Remove DHE-PSK key exchange
 2025-01-27 11:15:10 +00:00
Valerio Setti
48659a1f9c ssl_tls: remove usage of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00