ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-10-21 23:11:17 +08:00
Code Issues Releases Wiki Activity
33,927 Commits 176 Branches 276 Tags
release/mbedtls4.0.0-documentation
Commit Graph

12621 Commits

Author SHA1 Message Date
Ben Taylor
6f0eb79111 Use get_tls_version to determine TLS_VERSION instead of statically assigning it 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
b191c02f6b Correct style issues 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
e16798ec67 Re-add reference to PSA_WANT_ALG_ECDH as this will be mantained 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
0fe02bb1bf Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is no longer used 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
844a264317 Remove stray MBEDTLS_PKCS1_V15 and MBEDTLS_PKCS1_V21 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
1d651cc8a1 Remove additional occurances of static ECDH symbols 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
a1914ef453 further removals of ssh tests from ssl-opt 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
fbd806ae95 Remove everest ECDH test as it is no longer required 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
5802394451 Remove further ECDH testd from ssl-opt.sh 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
0a7c5588db Remove further ECDH tests 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
dbf3977107 Remove tests from ssl-opt.sh that are depedendent the removed ECDH algorithm's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
39280a4110 Remove ECDH from ssl-opt 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-11 13:22:40 +01:00
Ronald Cron
ab7610c318 Cleanup following the removal of entropy options 
Cleanup following the removal in TF-PSA-Crypto of:
- MBEDTLS_NO_PLATFORM_ENTROPY
- MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- MBEDTLS_ENTROPY_HARDWARE_ALT
- MBEDTLS_ENTROPY_MIN_HARDWARE

Only MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES was still
present in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-10 15:23:32 +02:00
Ronald Cron
eb16a9d9ea Prepare for the removal of MBEDTLS_PLATFORM_GET_ENTROPY_ALT 
We cannot remove it completely yet.
It must remain in config.py so that it is not
included in the full configuration.
A temporary exception is required for it in
analyze_outcomes.py.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-10 15:23:32 +02:00
Ronald Cron
3b30643143 Adapt configurations to stricter compile-time checks 
Adapt configurations to stricter compile-time checks
for entropy enablement and MBEDTLS_ENTROPY_NV_SEED
option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-10 15:23:32 +02:00
Ronald Cron
efcec8cecd Cleanup following the removal of MBEDTLS_ENTROPY_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-10 15:23:32 +02:00
Ronald Cron
5df9d9d53e ssl-opt.sh: Fix dependency on ECDSA 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-08 15:40:12 +02:00
Ben Taylor
a2aa7daaca Change unset of MBEDTLS config to more standard method 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-04 11:22:52 +01:00
Ben Taylor
ecde0aaa41 replace undef with deletion in p256m test 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-02 11:13:05 +01:00
Ben Taylor
dfdac46163 Update header guard use in p256m test 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-02 11:13:05 +01:00
David Horstmann
f790fb84fc Merge pull request #10367 from davidhorstmann-arm/configuration-crypto-sh-legacy-ecdsa-deterministic 
Remove component uses of `MBEDTLS_ECDSA_DETERMINISTIC`
 2025-09-02 09:36:46 +00:00
Gilles Peskine
fda51526b5 Merge pull request #10363 from felixc-arm/error-codes-prereq 
[1/3] Unify generic error codes (partial prerequisite)
 2025-08-29 11:04:53 +00:00
Anton Matkin
4e091786ca Moved the MbedTLS config adjust headers to a private subdirectory 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:40 +02:00
Anton Matkin
7a65ce6737 Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:40 +02:00
Anton Matkin
bc48725b64 Include fixups (headers moves to private directory) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-29 07:05:37 +02:00
Felix Conway
a01ddf65b7 Revert unification for some error codes 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-28 17:39:10 +01:00
Felix Conway
07eb02889e Remove a redundant error test case and improve another 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-28 17:38:13 +01:00
David Horstmann
6ff9c89648 Merge pull request #10361 from bensze01/runtime-version-interface 
Simplify runtime version info string methods
 2025-08-27 14:59:15 +00:00
David Horstmann
b907dbc4d3 Remove other cases of explicit crypto config file 
Remove unnecessary passing of the crypto config filename either with the
'-f' or '-c' switch, throughout all of the all.sh component files.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-08-27 15:19:40 +01:00
Felix Conway
a15729d38e Fix libtestdriver1 rewrite in include/mbedtls/private 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-27 13:33:02 +01:00
David Horstmann
7cbeedc607 Remove uses of the -c $CRYPTO_CONFIG_H idiom 
This is no longer needed as config.py knows where the crypto config file
is these days.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-08-26 17:27:49 +01:00
Ronald Cron
aad5f1bedd tests: Prepare to switch to SHA-256 as the default CTR_DRBG hash 
Ensure that when we switch from SHA-512 to SHA-256
as the default CTR_DRBG hash, we still properly
test CTR_DRBG with SHA-512.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-08-25 15:35:42 +02:00
Ronald Cron
8fc000ec2c ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency adjustment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-08-25 15:19:59 +02:00
Minos Galanakis
a1e867981b ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-08-21 15:57:00 +01:00
Minos Galanakis
906950d8dc config/depends.py: Removed legacy options. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-08-21 15:57:00 +01:00
Minos Galanakis
5dbc24a255 components-configuration-crypto: Removed legacy options. 
Removed setters for `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY`
and `MBEDTLS_ENTROPY_FORCE_SHA256`

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-08-21 15:56:59 +01:00
David Horstmann
3492807e0b Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC 
Remove all references to MBEDTLS_ECDSA_DETERMINISTIC from
components-configuration-crypto.sh. Replace them with
PSA_WANT_ALG_DETERMINISTIC_ECDSA.

This is safe because:
* MBEDTLS_ECDSA_DETERMINISTIC is only ever unset in components in order
  to avoid errors from disabling its dependency MBEDTLS_HMAC_DRBG_C.
* MBEDTLS_ECDSA_DETERMINISTIC is only ever defined in
  config_adjust_legacy_from_psa.h, and only if
  PSA_WANT_ALG_DETERMINISTIC_ECDSA is defined.

Therefore PSA_WANT_ALG_DETERMINISTIC_ECDSA's dependencies are a superset
of MBEDTLS_ECDSA_DETERMINISTIC's dependencies and must include
MBEDTLS_HMAC_DRBG_C, so disabling PSA_WANT_ALG_DETERMINISTIC_ECDSA is a
sufficient substitute for disabling MBEDTLS_ECDSA_DETERMINISTIC.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-08-20 10:26:11 +01:00
Minos Galanakis
f3486e198b components-configuration-crypto.sh: Added setters for MBEDTLS_PSA_CRYPTO_RNG_HASH 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-08-20 00:04:35 +01:00
Felix Conway
e984d35590 Fix ssl tests expecting old X509 error output 
Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-19 10:23:46 +01:00
Bence Szépkúti
0e5fe877cc Update PSASim tests to new call signature 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-08-18 14:38:01 +02:00
Felix Conway
8616ee762d Change values for error tests 
Previously these tests used values that will become PSA aliases,
and so the tests will fail once they're changed.

Signed-off-by: Felix Conway <felix.conway@arm.com>
 2025-08-18 11:32:58 +01:00
Bence Szépkúti
b2ba9fa68b Simplify runtime version info string methods 
Return a const char* instead of taking a char* as an argument.

This aligns us with the interface used in TF PSA Crypto.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-08-18 11:39:45 +02:00
minosgalanakis
265e98da45 Merge pull request #10355 from valeriosetti/issue10283-fix-test-coverage 
tests: configuration-crypto: enable p192 curves in test_psa_crypto_without_heap
 2025-08-15 11:22:06 +00:00
Bence Szépkúti
e96491c193 Merge pull request #10049 from amtkarm1/iss9321 
Move the PAKE hash algorithm parameter into the alg id
 2025-08-13 10:14:05 +00:00
Valerio Setti
a785eea41f tests: configuration-crypto: enable p192 curves in test_psa_crypto_without_heap 
Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto.
This is required to get the proper test coverage otherwise there are
tests in 'test_suite_psa_crypto_op_fail' that would never be executed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-13 10:57:46 +02:00
Anton Matkin
6eb5335ef0 Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash) 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-12 13:50:48 +02:00
Anton Matkin
1b70084bd9 TF-PSA-Crypto submodule link fixup 
Signed-off-by: Anton Matkin <anton.matkin@arm.com>
 2025-08-12 13:50:45 +02:00
Manuel Pégourié-Gonnard
c7a10589cf Merge pull request #10352 from valeriosetti/issue10283-development-prereq 
[development] Remove 224-bit curves (3/5)
 2025-08-12 11:39:20 +00:00
Valerio Setti
981a0c46b2 tests: remove leftover from debug session and extra spaces 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-08-12 11:31:11 +02:00