TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-05 09:33:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
33,809 Commits 179 Branches 280 Tags
c84dbee82d5a5d89f6f3cb368a63fb9a2b16ffba
Commit Graph

33809 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Janos Follath
c84dbee82d Merge pull request #10340 from gilles-peskine-arm/config-checks-generator-mbedtls 
Introduce generated config checks in mbedtls
 2025-09-19 15:39:05 +00:00
Gilles Peskine
6712f1b6af Use --list-for-cmake with generate_config_checks.py 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:25 +02:00
Gilles Peskine
67b115cfda Register crypto's generate_config_files.py outputs as generated files 
Mbed TLS needs to know the generated files of TF-PSA-Crypto. There's no
mechanism for TF-PSA-Crypto to declare them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Gilles Peskine
b53b443f8e Register generate_config_files.py outputs as generated files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Gilles Peskine
3374f6e90b Generate checks for bad options in the config file 
Just a proof-of-concept for now. Interesting checks will come later.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Gilles Peskine
ff6306655b Update submodules with config_checks_generator.py 
* Update framework with `config_checks_generator.py`.
* Update crypto with the files generated by `generate_config_checks.py`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:22 +02:00
Ronald Cron
f328de9ddd Merge pull request #10407 from gilles-peskine-arm/config-version-uncomment 
Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default
 2025-09-19 10:30:03 +00:00
Gilles Peskine
67f54d2213 Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default 
Checking through the history in https://github.com/Mbed-TLS/mbedtls/pull/4589,
this seems to have been what we intended from the start. But we couldn't do
it yet because the library version was still 2.x while the config version
was already 3.0, so we temporarily commented out the definition in
1cafe5ce20. But then we forgot to uncomment
it during the release since it wasn't part of any process.

Thinking about it independently of the history, I think it makes more sense
to have it uncommented by default. That way, if someone copies the config
from a given version and then keeps it around, they'll get the compatibility
mode for that version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 10:52:35 +02:00
Ronald Cron
46acbcda84 Merge pull request #10404 from gilles-peskine-arm/config-version-4.0 
Increment config version for the new product major version
 2025-09-18 09:59:08 +00:00
Gilles Peskine
ff5d117df8 Increment config version for the new product major version 
Since we're making incompatible changes to the configuration, we really
should advance the configuration version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 21:18:39 +02:00
Ronald Cron
b91117c32f Merge pull request #10402 from ronald-cron-arm/remove-legacy-crypto-options 
Remove legacy crypto options
 2025-09-17 18:46:05 +00:00
Ronald Cron
3091e40774 Remove usage of old crypto options in public headers 
The remaining occurences were related to
dead code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-17 16:06:31 +02:00
Gilles Peskine
d66898e9a7 Merge pull request #10333 from valeriosetti/issue10266 
[development] Migrate from mbedtls_pk_can_do_ext to mbedtls_pk_can_do_psa (2/2)
 2025-09-16 16:41:59 +00:00
Valerio Setti
e2aed3a6df tests: revert changes to test_suite_ssl.data 
Revert changes previously done at following test cases:
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
91c0945def tests: fix alg and usage for some ECDHE-ECDSA opaque key tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
bc611fe44c [tls12|tls13]_server: fix usage being checked on the certificate key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
7b2d72aaf0 ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA 
When the key is parsed from PK it is assigned the pseudo-alg
MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded
deterministc/randomized ECDSA can make the function to fail if the proper
variant is not the one also used by PK.
This commit fixes this problem.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
0009b042ac library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Ronald Cron
4fe3760a27 Cleanup following the removal of MBEDTLS_BIGNUM_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
feb5e26619 Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
6cfab2880a Cleanup following the removal of MBEDTLS_ECP_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
2ad1e5c1a2 Cleanup following the removal of MBEDTLS_ECJPAKE_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
3c6bbddfd4 Cleanup following the removal of MBEDTLS_ECDSA_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
a19ee2819e Cleanup following the removal of MBEDTLS_ECDH_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
919a1e4e22 Cleanup following the removal of RSA legacy options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
2b7f59535f Remove completely MBEDTLS_PLATFORM_GET_ENTROPY_ALT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
0dd31fe523 Introduce MBEDTLS_SSL_NULL_CIPHERSUITES 
The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
e6240f14ee Merge pull request #10403 from ronald-cron-arm/fix-readthedocs-build 
Fix readthedocs build with framework head
 2025-09-16 11:59:29 +00:00
Ronald Cron
e5eb2639b2 readthedocs: Install cmake to build the documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 12:25:09 +02:00
Ronald Cron
2ba5d6afcc Update tf-psa-crypto 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 12:25:09 +02:00
Ronald Cron
9c2727f9f2 Update framework 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 12:25:09 +02:00
Manuel Pégourié-Gonnard
07912c9e36 Merge pull request #10370 from bjwtaylor/remove-deprecated-compilation-options 
Remove deprecated compilation options
 2025-09-15 09:26:01 +00:00
Manuel Pégourié-Gonnard
1a81ab6390 Merge pull request #10379 from bjwtaylor/update-header-guards 
Update header guard use in p256m test
 2025-09-12 10:03:02 +00:00
Ben Taylor
14e1932935 Remove stray comment int components-platform.sh 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-12 10:52:23 +01:00
Ben Taylor
5a7a72ee41 testing with analyze_outcomes changes reverted for merge 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-12 10:52:23 +01:00
Ben Taylor
5496f9025c Temporarily revert changes to config.py 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-12 10:52:23 +01:00
Ben Taylor
bb877a8cbf remove further references to MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-12 10:52:23 +01:00
Manuel Pégourié-Gonnard
0d530d191f Merge pull request #10294 from bjwtaylor/remove-static-ecdh 
Remove support for static ECDH cipher suites
 2025-09-12 09:20:03 +00:00
Ben Taylor
c1e76e04fe correct whitespace style issue 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-12 08:33:38 +01:00
Ben Taylor
486ec6e9b6 Improved the text in the Changelog 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
485d4c1343 reverting last commit as the tests cause failures 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
26cdf6ee2b Re-adding tests for ECDH 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
2f3523313b Add ChangeLog 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
59474406a6 Re-instate MBEDTLS_PKCS1_V15 unset 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
337161eb41 Remove comment referencing ECDH 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
df3e595536 Re-instate test for correctness of sent single supported algorithm 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
5cdbe30804 replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 
After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
9e360b8f33 Remove MBEDTLS_RSA_C from depends.py 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
a47fd0faf4 Add bug link to test modifications 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
1a4f4b32a4 Add filter to test_tls13_only_ephemeral_ffdh to remove ffdh tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00