TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-26 06:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,028 Commits 177 Branches 276 Tags
136fe9e4be154d3dec46d65445cdb7d46d697df3
Commit Graph

7088 Commits

Author SHA1 Message Date
Max Fillinger
bd81c9d0f7 Implement TLS-Exporter feature 
The TLS-Exporter is a function to derive shared symmetric keys for the
server and client from the secrets generated during the handshake.
It is defined in RFC 8446, Section 7.5 for TLS 1.3 and in RFC 5705 for
TLS 1.2.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:57 +01:00
Ben Taylor
7a84f0f3a9 removed rng parameters from struct mbedtls_ssl_config 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-27 09:34:21 +00:00
Ben Taylor
47111a1cb1 initial remove of mbedtls_ssl_conf_rng 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:32:10 +00:00
Ben Taylor
440cb2aac2 Remove RNG from x509 and PK 
remove the f_rng and p_rng parameter from x509 and PK.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 08:17:38 +00:00
Gilles Peskine
1ffdb18cdb Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr() 
Just removed from the API. We can greatly simplify error.c but that will be
for later.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-24 14:26:39 +00:00
Gabor Mezei
e99e591179 Remove key exchange based on encryption/decryption 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
3c7db0e5a8 Remove MBEDTLS_TLS_RSA_* ciphersuite macros 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
5814e3e566 Remove MBEDTLS_KEY_EXCHANGE_RSA key exchange type 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Gabor Mezei
e1e27300a2 Remove MBEDTLS_KEY_EXCHANGE_RSA_ENABLED config option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:01 +01:00
Manuel Pégourié-Gonnard
4515d10163 Merge pull request #10039 from bjwtaylor/remove-rng-from-ssl 
Remove RNG parameters from public SSL APIs
 2025-03-19 11:27:51 +00:00
Gilles Peskine
c4dd970386 Merge pull request #9096 from noahp/noahp/mbedtls_net_send-api-desc-tweak 
mbedtls_net_send API description typo fix
 2025-03-13 16:22:55 +00:00
Bence Szépkúti
906d3cdff5 Merge pull request #10020 from bensze01/msvc-format-size-macros 
Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:06 +00:00
Bence Szépkúti
011b6cb1c5 Fix comments 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:11:42 +01:00
Minos Galanakis
a2a0c2cbe7 Merge remote-tracking branch 'origin/features/tls-defragmentation/development' into feature_merge_defragmentation_dev 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:25:06 +00:00
Bence Szépkúti
cd1ece7846 Never use %zu on MinGW 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 16:18:35 +01:00
Bence Szépkúti
becb21e668 Fix MSVC version guard for C99 format size specifiers 
Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it
on 2015 and above (_MSC_VER >= 1900).

%ldd works on Visual Studio 2013, but this patch keeps the two macro
definitions together, for simplicity's sake.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 16:16:20 +01:00
Gilles Peskine
2b78a5abfa State globally that the limitations don't apply to DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:07:33 +01:00
Gilles Peskine
d9c858039e Clarify DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-11 13:47:49 +01:00
Gilles Peskine
80facedad9 ClientHello may be fragmented in renegotiation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-11 13:47:14 +01:00
Gilles Peskine
d8f9e22b5e Move the defragmentation documentation to mbedtls_ssl_handshake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-11 13:45:27 +01:00
Ben Taylor
0cfe54e4e0 remove RNG parameters from SSL API's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-10 13:24:31 +00:00
Gilles Peskine
36edd48c61 Document the limitations of TLS handshake message defragmentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:41:59 +01:00
Valerio Setti
15fd5c9925 ssl: remove support for MBEDTLS_DHM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:23 +01:00
Manuel Pégourié-Gonnard
28f8e205eb Merge pull request #9872 from rojer/tls_hs_defrag_in 
Defragment incoming TLS handshake messages
 2025-02-24 09:28:11 +01:00
Deomid rojer Ryabkov
dd14c0a11e Remove in_hshdr 
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-02-13 13:41:51 +03:00
Valerio Setti
d137f15e1b mbedtls_config.h: remove definition of MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:12:02 +01:00
Valerio Setti
02ae66830e check_config.h: remove checks for DHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
b7e2eccf1f ssl_ciphersuites: remove MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED 
This symbol is unused in the code so it can be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
b8621b6f9d ssl_ciphersuites: remove references to DHE-RSA key exchanges 
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
89743b5db5 ssl_tls: remove code related to DHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
David Horstmann
be658c47c8 Merge pull request #9938 from bjwtaylor/ssl-ticket-api 
Move ssl_ticket to the PSA API
 2025-02-05 10:41:09 +00:00
Ben Taylor
d0498803a1 Correct typos in comments 
Correct the typos in the mbedtls_ssl_ticket_setup function docs

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-02-03 11:35:34 +00:00
Harry Ramsey
2547ae9fcc Move SSL macro checks from TF-PSA-Crypto to Mbed TLS 
This commit moves macro checks specifically for Mbed TLS from
TF-PSA-Crypto to Mbed TLS where they more approriately belong.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-01-31 13:58:43 +00:00
Ben Taylor
0c29cf87b1 Move ssl_ticket to the PSA API 
Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto
API.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-01-30 08:22:40 +00:00
Manuel Pégourié-Gonnard
28905b76fa Remove mention of USE_PSA_CRYPTO in documentation 
This was the last occurrence found by:

    git grep -c 'MBEDTLS_USE_PSA_CRYPTO' library include

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:44:08 +01:00
Manuel Pégourié-Gonnard
48e0e3a356 Rm dead !USE_PSA code: check_config.h 
Manual, as most expressions were too complex for unifdef. Most of those
were or had a part like "we need XXX or USE_PSA" (where XXX was Cipher
or MD) and those are always satisfied now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:21 +01:00
Manuel Pégourié-Gonnard
11ae619e77 Rm dead !USE_PSA code: SSL headers (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:04 +01:00
Manuel Pégourié-Gonnard
873816129e Rm dead !USE_PSA code: SSL ciphersuite (part 2) 
Manual removal as unifdef doesn't handle non-trivial expressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:56 +01:00
Manuel Pégourié-Gonnard
b18c8b957b Rm dead !USE_PSA code: SSL hooks 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch]

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:43 +01:00
Ronald Cron
189dcf630f Merge pull request #9910 from valeriosetti/issue9684 
Remove DHE-PSK key exchange
 2025-01-27 11:15:10 +00:00
Manuel Pégourié-Gonnard
7e1154c959 Merge pull request #9906 from mpg/rm-conf-curves 
[dev] Remove deprecated function mbedtls_ssl_conf_curves()
 2025-01-27 08:21:27 +00:00
Valerio Setti
6ba324de02 mbedtls_config: remove MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 
This commit also removes its disabling from config_adjust_ssl.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
a07345247e check_config: remove checks for DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
6348b46c0b ssl_ciphersuites: remove references/usages of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
48659a1f9c ssl_tls: remove usage of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
6b64a1ba37 x509: remove definition and implementation of x509write_crt_set_serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-16 15:00:10 +01:00
Manuel Pégourié-Gonnard
6b720161ca Remove mbedtls_ssl_conf::curve_list 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-14 12:17:20 +01:00
Manuel Pégourié-Gonnard
93d4591255 Remove deprecated function mbedtls_ssl_conf_curves() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-14 12:06:31 +01:00
Gilles Peskine
bc7c523420 Remove uses of secp244k1 
Remove all code guarded by `PSA_WANT_ECC_SECP_K1_224`, which is not and will
not be implemented. (It would be K1_225 anyway, but we don't intend to
implement it anyway.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-08 16:51:23 +01:00
Deomid rojer Ryabkov
ac2cf1f26c Defragment incoming TLS handshake messages 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2024-12-25 14:34:17 +02:00