TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,167 Commits 177 Branches 276 Tags
2aecd2cd5fe0babe94fb971b6191d75c3ceacbf9
Commit Graph

7204 Commits

Author SHA1 Message Date
Valerio Setti
6c5a9f04df library: ssl: improve/fix documentation of group related functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 17:04:46 +01:00
Valerio Setti
1ab51732e2 library: ssl: improve documentation of mbedtls_ssl_conf_groups() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:18 +01:00
Valerio Setti
0c8b25a684 library: ssl: add public function to retrieve the list of supported groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-22 09:43:17 +01:00
Ben Taylor
c23592d7ee Add improvements to code comments and docs 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
085aef59ca Change function name from mbedtls_pk_key_type_to_string to mbedtls_x509_pk_type_as_string 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
837a3cec40 rename function 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
f9b95cedaa Fix style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Ben Taylor
2481daa309 Replace mbedtls_pk_get_name with pk_key_type_to_string 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2026-01-12 08:19:07 +00:00
Valerio Setti
ebbaca0a99 library: debug: adjust guards for "mbedtls_debug_print_crt" 
Keep MBEDTLS_PK_WRITE_C as guard only for "debug_print_pk" but let
"mbedtls_debug_print_crt" to work also when MBEDTLS_PK_WRITE_C is disabled.
In this case the only public key won't be printed, but the rest of the
certificate will be.

This commit also updates test coverage by duplicating test cases: now there
will be one case for when MBEDTLS_PK_WRITE_C is enabled and another one
for !MBEDTLS_PK_WRITE_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-08 10:32:57 +01:00
Valerio Setti
2af638a177 library: debug: fix print format in mbedtls_debug_print_buf_ext() 
%zu creates problem in MinGW testing. Use MBEDTLS_PRINTF_SIZET intead.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-08 10:32:57 +01:00
Valerio Setti
d040eb823e include: debug: fix guards for MBEDTLS_SSL_DEBUG_CRT 
Guards for "mbedtls_debug_print_crt()" were updated in previous commit,
but those changes were not applied to MBEDTLS_SSL_DEBUG_CRT therefore
causing build failures in the CI. This commit fixes the problem.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2026-01-08 10:32:57 +01:00
Ben Taylor
23aad2cdad Replace references of mbedtls_ecp_set_max_ops with psa_interruptible_set_max_ops as it is now internal 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-12-23 16:11:49 +00:00
Manuel Pégourié-Gonnard
5341c86877 Add comments for remaining internal includes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-12-02 12:35:20 +01:00
Manuel Pégourié-Gonnard
d6551eaaa6 Add comment about internal crypto include 
Besides using an internal crypto header, error.h is arguably the wrong
place: this file's docstring says it's about "Error to string
translation", quite unrelated to the things we use from error_common.h.
This is not surprising given the history, but no longer makes sense
today.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-12-01 11:06:02 +01:00
Manuel Pégourié-Gonnard
53c511578a x509: rm useless private include in public header 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-12-01 10:04:11 +01:00
Manuel Pégourié-Gonnard
59c9ebfaae ssl: rm useless private includes in public headers 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-12-01 10:04:06 +01:00
Luc Schrijvers
ffc2606bf2 Use GNUInstallDirs CMAKE_INSTALL_INCLUDEDDIR path for headers installation 
Signed-off-by: Luc Schrijvers <begasus@gmail.com>
 2025-10-24 12:50:51 +02:00
Gilles Peskine
24d058bc6c Enable checks for bad options in the config file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-24 17:20:35 +02:00
Gilles Peskine
67f54d2213 Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default 
Checking through the history in https://github.com/Mbed-TLS/mbedtls/pull/4589,
this seems to have been what we intended from the start. But we couldn't do
it yet because the library version was still 2.x while the config version
was already 3.0, so we temporarily commented out the definition in
1cafe5ce20. But then we forgot to uncomment
it during the release since it wasn't part of any process.

Thinking about it independently of the history, I think it makes more sense
to have it uncommented by default. That way, if someone copies the config
from a given version and then keeps it around, they'll get the compatibility
mode for that version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 10:52:35 +02:00
Ronald Cron
46acbcda84 Merge pull request #10404 from gilles-peskine-arm/config-version-4.0 
Increment config version for the new product major version
 2025-09-18 09:59:08 +00:00
Gilles Peskine
ff5d117df8 Increment config version for the new product major version 
Since we're making incompatible changes to the configuration, we really
should advance the configuration version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 21:18:39 +02:00
Ronald Cron
3091e40774 Remove usage of old crypto options in public headers 
The remaining occurences were related to
dead code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-17 16:06:31 +02:00
Ronald Cron
4fe3760a27 Cleanup following the removal of MBEDTLS_BIGNUM_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
feb5e26619 Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
2ad1e5c1a2 Cleanup following the removal of MBEDTLS_ECJPAKE_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
3c6bbddfd4 Cleanup following the removal of MBEDTLS_ECDSA_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
a19ee2819e Cleanup following the removal of MBEDTLS_ECDH_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
919a1e4e22 Cleanup following the removal of RSA legacy options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
0dd31fe523 Introduce MBEDTLS_SSL_NULL_CIPHERSUITES 
The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ben Taylor
5cdbe30804 replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
4766a23f9c change MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED to MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
c8823a262d Remove MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED as it appears to be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
a7b3f26864 reverted change to MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED, as it appears it could be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
b2f6a69d85 Replace MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
013f8aee4e Replace MBEDTLS_KEY_EXCHANGE_PSK_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
1d651cc8a1 Remove additional occurances of static ECDH symbols 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
3116f2febe Remove further symbols 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
4d7f715c07 Remove further symbols that are not required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
558766d814 Remove additional ifdef's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ronald Cron
a450affbca Fix MBEDTLS_SSL_TLS1_2_SOME_ECC definition 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-08 15:40:12 +02:00
Gilles Peskine
fda51526b5 Merge pull request #10363 from felixc-arm/error-codes-prereq 
[1/3] Unify generic error codes (partial prerequisite)
 2025-08-29 11:04:53 +00:00
Anton Matkin
bb7b2b765f Fixed the mbedtls installation cmake: now private headers, which are used in the installation, are included in it too 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 08:04:35 +02:00
Anton Matkin
4e091786ca Moved the MbedTLS config adjust headers to a private subdirectory 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:40 +02:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
Felix Conway
a01ddf65b7 Revert unification for some error codes 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-28 17:39:10 +01:00
David Horstmann
6ff9c89648 Merge pull request #10361 from bensze01/runtime-version-interface 
Simplify runtime version info string methods
 2025-08-27 14:59:15 +00:00
Felix Conway
37ede2c3b4 Unify generic errors to PSA errors 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-18 14:46:39 +01:00
Ben Taylor
3f523748e0 Add const to serial argument in mbedtls_x509write_crt_set_serial_raw 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-18 13:47:50 +01:00
Bence Szépkúti
b2ba9fa68b Simplify runtime version info string methods 
Return a const char* instead of taking a char* as an argument.

This aligns us with the interface used in TF PSA Crypto.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-08-18 11:39:45 +02:00