TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,785 Commits 177 Branches 276 Tags
919a1e4e223a45b10971d8c49b2815a57cadf084
Commit Graph

7177 Commits

Author SHA1 Message Date
Ronald Cron
919a1e4e22 Cleanup following the removal of RSA legacy options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
0dd31fe523 Introduce MBEDTLS_SSL_NULL_CIPHERSUITES 
The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ben Taylor
5cdbe30804 replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
4766a23f9c change MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED to MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
c8823a262d Remove MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED as it appears to be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
a7b3f26864 reverted change to MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED, as it appears it could be causing issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
b2f6a69d85 Replace MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
013f8aee4e Replace MBEDTLS_KEY_EXCHANGE_PSK_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
1d651cc8a1 Remove additional occurances of static ECDH symbols 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
3116f2febe Remove further symbols 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
4d7f715c07 Remove further symbols that are not required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
558766d814 Remove additional ifdef's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ronald Cron
a450affbca Fix MBEDTLS_SSL_TLS1_2_SOME_ECC definition 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-08 15:40:12 +02:00
Gilles Peskine
fda51526b5 Merge pull request #10363 from felixc-arm/error-codes-prereq 
[1/3] Unify generic error codes (partial prerequisite)
 2025-08-29 11:04:53 +00:00
Anton Matkin
bb7b2b765f Fixed the mbedtls installation cmake: now private headers, which are used in the installation, are included in it too 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 08:04:35 +02:00
Anton Matkin
4e091786ca Moved the MbedTLS config adjust headers to a private subdirectory 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:40 +02:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
Felix Conway
a01ddf65b7 Revert unification for some error codes 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-28 17:39:10 +01:00
David Horstmann
6ff9c89648 Merge pull request #10361 from bensze01/runtime-version-interface 
Simplify runtime version info string methods
 2025-08-27 14:59:15 +00:00
Felix Conway
37ede2c3b4 Unify generic errors to PSA errors 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-18 14:46:39 +01:00
Ben Taylor
3f523748e0 Add const to serial argument in mbedtls_x509write_crt_set_serial_raw 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-18 13:47:50 +01:00
Bence Szépkúti
b2ba9fa68b Simplify runtime version info string methods 
Return a const char* instead of taking a char* as an argument.

This aligns us with the interface used in TF PSA Crypto.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-08-18 11:39:45 +02:00
Manuel Pégourié-Gonnard
5b74c79f00 Merge pull request #10298 from bjwtaylor/remove-deprecated-items 
Remove deprecated items
 2025-08-11 07:13:08 +00:00
Gilles Peskine
627d653863 Merge pull request #10282 from bjwtaylor/switch-to-mbedtls_pk_sigalg_t 
Switch to mbedtls pk sigalg t
 2025-08-07 11:06:31 +00:00
Ben Taylor
b2eecc621d switch to mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Valerio Setti
d0d0791aed remove usage of secp192[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Valerio Setti
70a4a31cb5 remove secp224[k|r]1 curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-06 09:15:35 +02:00
Ben Taylor
8b5c5b4daa Remove mbedtls_ssl_sig_hash_set_t as it is no longer required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-05 08:20:32 +01:00
Ben Taylor
9ff2b73636 Change referenc funtion to include/mbedtls/ssl.h in note 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-05 08:17:13 +01:00
Ben Taylor
543caa7ec4 Re-add note 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-05 08:16:12 +01:00
Ben Taylor
27a4cc9de2 Remove mbedtls_ssl_conf_sig_hashes from comments 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-04 15:13:34 +01:00
Ben Taylor
73de8aa8c6 Removal of sig_hashes in ssl.h 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-01 11:45:14 +01:00
Ben Taylor
01bf8bafcd removed mbedtls_ssl_conf_sig_hashes and temporarily re-add sig_hashes 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-01 11:45:14 +01:00
Ben Taylor
d2da53fbe6 Remove further deprecated items 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-01 11:45:14 +01:00
Ben Taylor
4a43804d69 Remove deprecated items 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-01 11:45:14 +01:00
Gilles Peskine
d6f881e8ca Merge pull request #10319 from gilles-peskine-arm/move-check-config-to-library 
check_config.h: move to library and test
 2025-07-29 14:07:33 +00:00
Gilles Peskine
ac637ac9f8 Make check_config.h private 
`check_config.h` only needs to run once on the configuration. It doesn't
need to run every time an application is built. It used to be public up to
Mbed TLS 2.x because it was included from `config.h`, and users could
substitute that file completely and should still include `check_config.h`
from their file. But since Mbed TLS 3.x, including `check_config.h` is a
purely internal thing (done in `build_info.h`). So make the file itself
purely internal.

We don't need to include `check_config.h` when building every library file,
just one: `mbedtls_config.c`, that's its job.

Give the file a unique name, to avoid any clashes with TF-PSA-Crypto's
`check_config.h`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-07-28 15:45:12 +02:00
minosgalanakis
d103046a59 Merge pull request #10324 from gilles-peskine-arm/query_config-glob-headers 
query_config.fmt: glob headers instead of listing them explicitly
 2025-07-28 13:25:51 +00:00
Gilles Peskine
1b4bfdf554 Add missing include 
Fix compilation error when `mbedtls/oid.h` is included without having first
included `mbedtls/asn1.h`. Fix #10326

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-07-26 00:07:50 +02:00
Ronald Cron
5eb9aba358 mbedtls_config.h: Update "requires" comments 
Following the removal of the legacy hash, cipher,
CMAC, AEAD, and RSA configuration options in
TF-PSA-Crypto, update the "requires" comments that
referred to the removed options.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-24 08:42:16 +02:00
Ronald Cron
0668036ada Replace MBEDTLS_AES_C 
Replace the remaining instances of MBEDTLS_AES_C
as a configuration option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-24 08:42:16 +02:00
Gilles Peskine
6582237209 Merge pull request #10304 from davidhorstmann-arm/disambiguate-doxygen-filename 
Disambiguate `version.h` in doxygen comment
 2025-07-16 23:39:19 +00:00
David Horstmann
901cca7bc3 Disambiguate version.h in doxygen comment 
Specify mbedtls/version.h, since we are about to add
include/tf-psa-crypto/version.h.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-07-16 15:35:00 +01:00
Ronald Cron
a5f36483ef Replace legacy RSA crypto options in check_config.h 
For the test_psa_crypto_config_accel_rsa_crypto component,
ignore test cases that depend on MBEDTLS_GENPRIME being enabled.
When all RSA cryptographic operations are provided by drivers,
MBEDTLS_GENPRIME will not be enabled, as it will no longer be a configuration
option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-07-15 10:33:25 +02:00
Minos Galanakis
83bef5b66a Merge tag 'mbedtls-4.0.0-beta' into mbedtls-4.0.0-beta-mergeback 
Mbed TLS 4.0.0-beta
 2025-07-07 17:40:18 +03:00
Manuel Pégourié-Gonnard
921331867d Merge pull request #10197 from gilles-peskine-arm/ssl_helpers-split_perform_handshake-dev 
Break down mbedtls_test_ssl_perform_handshake
 2025-06-30 09:39:29 +00:00
Minos Galanakis
ed87da7ad7 Merge remote-tracking branch 'restricted/development-restricted' into future_rc 
As set by process the tf-psa-crypto submodule is set
to point to tf-psa-crypto-release-sync input.
 2025-06-27 10:50:33 +01:00
Valerio Setti
eaf578978e library: remove ECDSA_C dependency from ECP_RESTARTABLE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-06-12 06:37:29 +02:00
Felix Conway
c6654fc1b0 Replace MBEDTLS_ERR_ECP_IN_PROGRESS with alias PSA_OPERATION_INCOMPLETE in documentation 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-06-11 10:22:55 +01:00