Commit graph

141 commits

Author SHA1 Message Date
Aditya Deshpande
2f1ae5a86e Modify TFM files to allow them to build on baremetal with Mbed TLS and fix code style.
Also change the include path of crypto_spe.h in crypto_platform.h to allow the former file to be included in library-only builds.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-05-23 15:40:11 +08:00
Aditya Deshpande
16a62e3129 Bring over both necessary medium config files (regular and PSA style) from TFM.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-05-23 15:40:11 +08:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Valerio Setti
65287636f8 config: remove SHA224_C from some config files
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:29:40 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Jacob Schloss
d8a573b9d9 Fix spelling of 'features' in comment
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 10:23:14 +01:00
Gilles Peskine
d725bf75d8 Minor documentation improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 21:52:14 +02:00
Gilles Peskine
c6d197b68a ssl-opt needs debug messages
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:22:25 +01:00
Gilles Peskine
168f17c233 New sample/test configuration: small DTLS 1.2
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
   low-reliability networks
4. Reduce the SSL buffer to a very small size

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:11 +01:00
Gilles Peskine
7451e5a1c6 Minimal TLS configuration: documentation improvements
Some of the options have been moved around, but there are no semantic
changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:05:37 +01:00
Andrzej Kurek
01005b90b5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:41 -05:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
Bence Szépkúti
b2e23de0f3 Make config version symbols optional
Also remove them from the example configs, but keep the one in
mbedtls_config.h.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
c850054759 Remove reference to including check_config.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00
Bence Szépkúti
ba7248abc4 Introduce versioning in the config files
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Bence Szépkúti
c5c9eb4741 Move preprocessor logic to build_info.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:42 +01:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
d0b16303bb Determine MBEDTLS_ECP_MAX_BITS automatically
MBEDTLS_ECP_MAX_BITS doesn't make sense as a configuration option: it
must not be smaller than the largest supported curve, and it's useless
to set it to a larger value. So unconditionally set it to the size of
the largest supported curve. Remove it from the build configuration.

Alternative implementations must no longer need define this macro.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-07 13:52:23 +02:00
TRodziewicz
0f82ec6740 Remove the TLS 1.0 and 1.1 support
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:45:20 +02:00
Mateusz Starzyk
17011a3185 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
2021-05-20 14:18:12 +02:00
Mateusz Starzyk
9d2d6c9ea0 Clarfiy SHA224 and SHA256 documentation
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 11:48:52 +02:00
Mateusz Starzyk
c722ebb7d9 Update SHA-224 documentation.
Rephrase config.h documentation and add a note to template
configs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 11:38:02 +02:00
Mateusz Starzyk
4228f895c0 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
  lines where development made a change unrelated to MBEDTLS_SHAxxx and our
  branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
  `MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
  no change to what the test does. Pick the other branch's dependency
  changes then apply our SHA dpeendency change.
2021-05-19 11:37:49 +02:00
David Horstmann
95d516f319 Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-05-10 17:02:48 +01:00
Mateusz Starzyk
6326a8dd37 Fix SHA definitions and their dependencies in library and test suites.
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-10 13:51:53 +02:00
Gilles Peskine
31017d318f Remove config-psa-crypto.h
This configuration file was useful in the early days of PSA crypto
development. It stopped becoming relevant when MBEDTLS_PSA_CRYPTO_C entered
the default configuration. Remove it: better late than never.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-10 10:36:37 +02:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder
Remove deprecated functions and constants.
2021-05-07 10:05:30 +02:00
TRodziewicz
c1c479fbe9 Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-06 00:53:22 +02:00
TRodziewicz
85dfc4de20 Applying current changes
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Mateusz Starzyk
e3c48b4a88 Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Mateusz Starzyk
3352a53475 Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.

check_config is the only module which enforces that SHA512 is
enabled together with SHA384.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Ronald Cron
cee427002b Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
Fix 4416

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-27 09:34:14 +02:00
Mateusz Starzyk
f9c7b3eb11 Remove PKCS#11 library wrapper.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-21 11:05:00 +02:00
Mateusz Starzyk
a58625f90d Remove optional SHA-1 in the default TLS configuration.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 18:39:10 +02:00
Mateusz Starzyk
c301bd56f0 Merge branch 'development_3.0' into drop_old_tls_options 2021-04-15 13:55:20 +02:00
Chris Jones
9c6356881f Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
This config option has been unused for >5 years and so should be removed.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-09 16:10:48 +01:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers
Unify internal headers in library/
2021-03-29 11:18:54 +02:00
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls.
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 15:51:25 +01:00
Mateusz Starzyk
e204dbf272 Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
7e37338dda Drop single-DES ciphersuites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
5224e29f0e Drop support for RC4 TLS ciphersuites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
a3a9984a5d Drop support for TLS record-level compression.
Remove option MBEDTLS_ZLIB_SUPPORT.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:51 +01:00
Mateusz Starzyk
2012ed7560 Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:09 +01:00
Mateusz Starzyk
06b07fb839 Drop support for SSLv3.
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:05 +01:00
Mateusz Starzyk
9e9ca1a738 Drop support for parsing SSLv2 ClientHello.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-15 11:40:28 +01:00