mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 15:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
32,714 Commits 170 Branches 263 Tags
Commit Graph

32714 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
2a992bf39b
Merge pull request #9915 from Harry-Ramsey/move-ssl-macros-development 
Move MbedTLS Macros
 2025-02-04 10:25:05 +00:00
Harry Ramsey
93a496e877 Update framework pointer 
This commit updates the framework pointer to include changes to enable
check_names.py to run independently for TF-PSA-Crypto and Mbed TLS.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-04 08:13:14 +00:00
Harry Ramsey
285722a3fe Update TF-PSA-Crypto pointer 
This commit updates the TF-PSA-Crypto pointer to include the moved
config files.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-04 08:13:11 +00:00
David Horstmann
70fbf41760
Merge pull request #9945 from minosgalanakis/update_checkboxes_crypto 
PR-Template: Updated the PR template with TF-PSA-Crypto checkbox
 2025-01-31 17:33:38 +00:00
Minos Galanakis
d5c8bf0f09 PR-Template: Updated the PR template with TF-PSA-Crypto checkbox 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-01-31 14:36:56 +00:00
Harry Ramsey
2547ae9fcc Move SSL macro checks from TF-PSA-Crypto to Mbed TLS 
This commit moves macro checks specifically for Mbed TLS from
TF-PSA-Crypto to Mbed TLS where they more approriately belong.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-01-31 13:58:43 +00:00
Manuel Pégourié-Gonnard
9c2afb44bb
Merge pull request #9923 from mpg/use-psa-crypto 
Rm dead !USE_PSA_CRYPTO code from the library
 2025-01-29 13:34:13 +00:00
Ronald Cron
ed445089c2
Merge pull request #9916 from valeriosetti/issue9688 
Migrate DHE test cases to ECDHE
 2025-01-29 09:59:22 +00:00
Manuel Pégourié-Gonnard
072c98eb75 Remove empty #if #endif block 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-29 10:40:15 +01:00
Ronald Cron
d883ba75cc
Merge pull request #9633 from gabor-mezei-arm/9143_update_depends.py_curves_domain 
Update the `curves` domain to use PSA macros in `depends.py`
 2025-01-29 07:23:44 +00:00
Manuel Pégourié-Gonnard
53fe26c5ad Update a function's doxygen 
There was two versions of this function with different arguments. Update
the documentation to match the signature of the function we kept.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:44:15 +01:00
Manuel Pégourié-Gonnard
28905b76fa Remove mention of USE_PSA_CRYPTO in documentation 
This was the last occurrence found by:

    git grep -c 'MBEDTLS_USE_PSA_CRYPTO' library include

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:44:08 +01:00
Manuel Pégourié-Gonnard
c7403edad8 Rm dead !USE_PSA code: ssl_tls12_client (part 2) 
Manually handle unifdef leftovers

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:43:57 +01:00
Manuel Pégourié-Gonnard
fef408976f Rm dead !USE_PSA code: ssl_tls12_client (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_client.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:21:09 +01:00
Manuel Pégourié-Gonnard
8fcfcf947c Appease unifdef 
I was going to describe those changes as temporary, to be undone after
applying unifdef, but it turns out they're both in dead code, so there
will be nothing to undo after unifdef has run.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:19:35 +01:00
Manuel Pégourié-Gonnard
07a1edd590 Rm dead !USE_PSA code: ssl_tls.c (part 2) 
Manually handle more complex expressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:19:15 +01:00
Manuel Pégourié-Gonnard
88800ddcc6 Rm dead !USE_PSA code: ssl_tls.c (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls.c
framework/scripts/code_style.py --fix library/ssl_tls.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:18:11 +01:00
Manuel Pégourié-Gonnard
1a3959c84e Rm dead !USE_PSA code: ssl_msg.c 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_msg.c

Took care of everything in this file

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:18:02 +01:00
Manuel Pégourié-Gonnard
df5e1b6864 Rm dead !USE_PSA code: ssl_tls12_server.c (part 2) 
Manual.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:54 +01:00
Manuel Pégourié-Gonnard
58916768b7 Rm dead !USE_PSA code: ssl_tls12_server.c (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c
framework/scripts/code_style.py --fix library/ssl_tls12_server.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:26 +01:00
Manuel Pégourié-Gonnard
0b44a81f07 Rm dead !USE_PSA code: ssl_tls13*.c part 2 
The one expression that was apparently too much for unifdef

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:40 +01:00
Manuel Pégourié-Gonnard
855f5bf244 Rm dead !USE_PSA code: ssl_tls13_xxx (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:29 +01:00
Manuel Pégourié-Gonnard
48e0e3a356 Rm dead !USE_PSA code: check_config.h 
Manual, as most expressions were too complex for unifdef. Most of those
were or had a part like "we need XXX or USE_PSA" (where XXX was Cipher
or MD) and those are always satisfied now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:21 +01:00
Manuel Pégourié-Gonnard
615914b5ac Rm dead !USE_PSA code: SSL headers (part 2) 
Expression that are too complex for unifdef - please review carefully :)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:14 +01:00
Manuel Pégourié-Gonnard
11ae619e77 Rm dead !USE_PSA code: SSL headers (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:04 +01:00
Manuel Pégourié-Gonnard
873816129e Rm dead !USE_PSA code: SSL ciphersuite (part 2) 
Manual removal as unifdef doesn't handle non-trivial expressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:56 +01:00
Manuel Pégourié-Gonnard
daeaa51943 Rm dead !USE_PSA code: SSL ciphersuites (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_ciphersuites*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:50 +01:00
Manuel Pégourié-Gonnard
b18c8b957b Rm dead !USE_PSA code: SSL hooks 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch]

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:43 +01:00
Manuel Pégourié-Gonnard
f60b09b019 Rm dead !USE_PSA code: X.509 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/x509*.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:38 +01:00
Gabor Mezei
7554eeaf4c
Disable 224K1 while testing the other curves 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:14 +01:00
Gabor Mezei
fe14d85b7c
Remove unused symbol 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:14 +01:00
Gabor Mezei
069e3e6fe7
Remove reference for PSA_WANT_ALG_SECP_K1_224 
The `PSA_WANT_ALG_SECP_K1_224` symbol has been removed.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:14 +01:00
Gabor Mezei
0a2f257492
Use symbol matching for the curves domain 
Instead of using the `crypto_knowledge.py`, use basic symbol matching for the
`PSA_WANT_ECC_*` macros to search for in the `curves` domain of `depend.py`.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:13 +01:00
Gabor Mezei
1c49cff468
Use PSA macros for the curves domain 
Exclude the SECP224K1 curve due it is unstable via the PSA API.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:13 +01:00
Valerio Setti
0ebd6de77b ssl-opt.sh: remove tests forcing DHE-RSA for which have alternatives 
Remove tests which are forcing DHE-RSA, but for which an ECDHE-RSA
alternative already exists.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:26 +01:00
Valerio Setti
3b412e283f ssl-opt.sh: remove tests which are specific for DHE-RSA 
For these ones there is no ECDHE alternative as they are testing
specific features of DHE.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:26 +01:00
Valerio Setti
309a7ec70e ssl-opt.sh: adapt tests from DHE-RSA to ECDHE-RSA 
Adapted tests do not already have an ECDHE-RSA test available.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:26 +01:00
Valerio Setti
592f6826dd test_suite_ssl: update description for conf_curve and conf_gruop tests 
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:25 +01:00
Valerio Setti
8638603ba7 test_suite_ssl: remove tests specific for DHE-RSA 
These tests were specific for DHE-RSA (which is being removed on
development branch) and also for each of them there was already the
ECDHE-RSA counterpart available.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Valerio Setti
b8ef2a4455 test_suite_ssl: adapt handshake_fragmentation() to use ECDHE-RSA 
Use ECDHE-RSA instead of DHE-RSA.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Valerio Setti
5b7bfd8d5a test_suite_ssl: adapt DHE-RSA tests to ECDHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Ronald Cron
189dcf630f
Merge pull request #9910 from valeriosetti/issue9684 
Remove DHE-PSK key exchange
 2025-01-27 11:15:10 +00:00
Manuel Pégourié-Gonnard
7e1154c959
Merge pull request #9906 from mpg/rm-conf-curves 
[dev] Remove deprecated function mbedtls_ssl_conf_curves()
 2025-01-27 08:21:27 +00:00
Valerio Setti
094fd49f5b tf-psa-crypto: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 05:24:06 +01:00
Valerio Setti
944f3ab1d6 changelog: add note about DHE-PSK removal 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
27bc56303a docs: remove references of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
6ba324de02 mbedtls_config: remove MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 
This commit also removes its disabling from config_adjust_ssl.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
a07345247e check_config: remove checks for DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
6e892cb630 components-configuration-crypto.sh: remove references to DHE_PSK kex 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
70cc4e6bd1 analyze_outcomes.py: remove exceptions related to DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00