ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-10-21 14:51:23 +08:00
Code Issues Releases Wiki Activity
33,927 Commits 176 Branches 276 Tags
release/mbedtls4.0.0-documentation
Commit Graph

33927 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
f2672e3f99 Merge pull request #10409 from gilles-peskine-arm/config-error-on-removed-options-prerequisite-for-crypto 
Mechanism to error out on removed configuration options: mbedtls prerequisite for crypto
 2025-09-22 16:25:59 +00:00
Ronald Cron
7f65346177 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 18:00:26 +02:00
Ronald Cron
ee63b64892 Update README.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 18:00:26 +02:00
Ronald Cron
e7bac84a22 Remove the generation of MS visual studio files 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 18:00:26 +02:00
Ronald Cron
31f63210ec Deprecate Make 
Move and rename the root Makefile to
scripts/legacy.make. That way running
make from the root fails.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 18:00:26 +02:00
Ronald Cron
401f20fb35 Prepare test components to scripts/legacy.make 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 18:00:26 +02:00
Ronald Cron
bb02ec121e Prepare abi_check.py to scripts/legacy.make 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 18:00:26 +02:00
Ronald Cron
9a05bb901a Update framework 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 18:00:24 +02:00
Gilles Peskine
9da0dce845 Bypass config checks when setting a low-level option directly 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-22 15:55:10 +02:00
Gilles Peskine
d57a0985ab Add dependency of tf_psa_crypto_config on generated config check headers 
Fix the build of libtfpsacrypto when generated files are not already present.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-22 15:52:06 +02:00
Ronald Cron
35d59c6cb6 cmake: Install libmbedcrypto.* libraries 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 15:08:39 +02:00
Ronald Cron
a33b371f36 programs/tests/dlopen.c: Prioritize libtfpsacrypto.so 
Prioritize libtfpsacrypto.so over libmbedcrypto.so
as the crypto library to load to be sure we test
the loading of libtfpsacrypto.so.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 14:34:56 +02:00
Ronald Cron
466a1a29d9 cmake: Provide the crypto libs under their historical name 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 14:34:55 +02:00
Ronald Cron
c09a84e285 cmake: library: Rework and improve the copy of the crypto libraries 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 14:34:55 +02:00
Ronald Cron
879cba1a67 cmake: Introduce version and soversion variables 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 14:34:55 +02:00
Ronald Cron
8df65636fd Clarify target name for library generated files 
The target mbedtls_generated_files_target could
be misinterpreted as the target covering all project
generated files, but it does not.

It is specifically the target for files generated
to build the mbedtls library.

Rename it to libmbedtls_generated_files_target
and align x509.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-22 14:03:18 +02:00
Ben Taylor
fec1c002d5 Revert changes to analyze outcomes after dependencies have been merged 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-22 09:07:12 +01:00
Ben Taylor
62491a9327 Revert changes to config.py after dependencies have been merged 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-09-22 09:07:12 +01:00
Janos Follath
c84dbee82d Merge pull request #10340 from gilles-peskine-arm/config-checks-generator-mbedtls 
Introduce generated config checks in mbedtls
 2025-09-19 15:39:05 +00:00
Gilles Peskine
6712f1b6af Use --list-for-cmake with generate_config_checks.py 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:25 +02:00
Gilles Peskine
67b115cfda Register crypto's generate_config_files.py outputs as generated files 
Mbed TLS needs to know the generated files of TF-PSA-Crypto. There's no
mechanism for TF-PSA-Crypto to declare them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Gilles Peskine
b53b443f8e Register generate_config_files.py outputs as generated files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Gilles Peskine
3374f6e90b Generate checks for bad options in the config file 
Just a proof-of-concept for now. Interesting checks will come later.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:24 +02:00
Gilles Peskine
ff6306655b Update submodules with config_checks_generator.py 
* Update framework with `config_checks_generator.py`.
* Update crypto with the files generated by `generate_config_checks.py`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 13:36:22 +02:00
Ronald Cron
f328de9ddd Merge pull request #10407 from gilles-peskine-arm/config-version-uncomment 
Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default
 2025-09-19 10:30:03 +00:00
Gilles Peskine
67f54d2213 Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default 
Checking through the history in https://github.com/Mbed-TLS/mbedtls/pull/4589,
this seems to have been what we intended from the start. But we couldn't do
it yet because the library version was still 2.x while the config version
was already 3.0, so we temporarily commented out the definition in
1cafe5ce20. But then we forgot to uncomment
it during the release since it wasn't part of any process.

Thinking about it independently of the history, I think it makes more sense
to have it uncommented by default. That way, if someone copies the config
from a given version and then keeps it around, they'll get the compatibility
mode for that version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-19 10:52:35 +02:00
Ronald Cron
46acbcda84 Merge pull request #10404 from gilles-peskine-arm/config-version-4.0 
Increment config version for the new product major version
 2025-09-18 09:59:08 +00:00
Gilles Peskine
ff5d117df8 Increment config version for the new product major version 
Since we're making incompatible changes to the configuration, we really
should advance the configuration version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-09-17 21:18:39 +02:00
Ronald Cron
b91117c32f Merge pull request #10402 from ronald-cron-arm/remove-legacy-crypto-options 
Remove legacy crypto options
 2025-09-17 18:46:05 +00:00
Ronald Cron
3091e40774 Remove usage of old crypto options in public headers 
The remaining occurences were related to
dead code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-17 16:06:31 +02:00
Gilles Peskine
d66898e9a7 Merge pull request #10333 from valeriosetti/issue10266 
[development] Migrate from mbedtls_pk_can_do_ext to mbedtls_pk_can_do_psa (2/2)
 2025-09-16 16:41:59 +00:00
Valerio Setti
e2aed3a6df tests: revert changes to test_suite_ssl.data 
Revert changes previously done at following test cases:
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
91c0945def tests: fix alg and usage for some ECDHE-ECDSA opaque key tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
bc611fe44c [tls12|tls13]_server: fix usage being checked on the certificate key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
7b2d72aaf0 ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA 
When the key is parsed from PK it is assigned the pseudo-alg
MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded
deterministc/randomized ECDSA can make the function to fail if the proper
variant is not the one also used by PK.
This commit fixes this problem.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Valerio Setti
0009b042ac library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-09-16 16:12:07 +02:00
Ronald Cron
4fe3760a27 Cleanup following the removal of MBEDTLS_BIGNUM_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
feb5e26619 Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
6cfab2880a Cleanup following the removal of MBEDTLS_ECP_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
2ad1e5c1a2 Cleanup following the removal of MBEDTLS_ECJPAKE_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
3c6bbddfd4 Cleanup following the removal of MBEDTLS_ECDSA_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
a19ee2819e Cleanup following the removal of MBEDTLS_ECDH_C option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
919a1e4e22 Cleanup following the removal of RSA legacy options 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
2b7f59535f Remove completely MBEDTLS_PLATFORM_GET_ENTROPY_ALT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
0dd31fe523 Introduce MBEDTLS_SSL_NULL_CIPHERSUITES 
The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 15:53:43 +02:00
Ronald Cron
e6240f14ee Merge pull request #10403 from ronald-cron-arm/fix-readthedocs-build 
Fix readthedocs build with framework head
 2025-09-16 11:59:29 +00:00
Ronald Cron
e5eb2639b2 readthedocs: Install cmake to build the documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 12:25:09 +02:00
Ronald Cron
2ba5d6afcc Update tf-psa-crypto 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 12:25:09 +02:00
Ronald Cron
9c2727f9f2 Update framework 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2025-09-16 12:25:09 +02:00
Manuel Pégourié-Gonnard
07912c9e36 Merge pull request #10370 from bjwtaylor/remove-deprecated-compilation-options 
Remove deprecated compilation options
 2025-09-15 09:26:01 +00:00