cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-25 05:53:17 -04:00
Code Issues Packages Projects Releases Wiki Activity
32,691 Commits 7 Branches 115 Tags
Commit Graph

32691 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
28905b76fa Remove mention of USE_PSA_CRYPTO in documentation 
This was the last occurrence found by:

    git grep -c 'MBEDTLS_USE_PSA_CRYPTO' library include

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:44:08 +01:00
Manuel Pégourié-Gonnard
c7403edad8 Rm dead !USE_PSA code: ssl_tls12_client (part 2) 
Manually handle unifdef leftovers

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:43:57 +01:00
Manuel Pégourié-Gonnard
fef408976f Rm dead !USE_PSA code: ssl_tls12_client (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_client.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:21:09 +01:00
Manuel Pégourié-Gonnard
8fcfcf947c Appease unifdef 
I was going to describe those changes as temporary, to be undone after
applying unifdef, but it turns out they're both in dead code, so there
will be nothing to undo after unifdef has run.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:19:35 +01:00
Manuel Pégourié-Gonnard
07a1edd590 Rm dead !USE_PSA code: ssl_tls.c (part 2) 
Manually handle more complex expressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:19:15 +01:00
Manuel Pégourié-Gonnard
88800ddcc6 Rm dead !USE_PSA code: ssl_tls.c (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls.c
framework/scripts/code_style.py --fix library/ssl_tls.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:18:11 +01:00
Manuel Pégourié-Gonnard
1a3959c84e Rm dead !USE_PSA code: ssl_msg.c 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_msg.c

Took care of everything in this file

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:18:02 +01:00
Manuel Pégourié-Gonnard
df5e1b6864 Rm dead !USE_PSA code: ssl_tls12_server.c (part 2) 
Manual.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:54 +01:00
Manuel Pégourié-Gonnard
58916768b7 Rm dead !USE_PSA code: ssl_tls12_server.c (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c
framework/scripts/code_style.py --fix library/ssl_tls12_server.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:17:26 +01:00
Manuel Pégourié-Gonnard
0b44a81f07 Rm dead !USE_PSA code: ssl_tls13*.c part 2 
The one expression that was apparently too much for unifdef

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:40 +01:00
Manuel Pégourié-Gonnard
855f5bf244 Rm dead !USE_PSA code: ssl_tls13_xxx (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:29 +01:00
Manuel Pégourié-Gonnard
48e0e3a356 Rm dead !USE_PSA code: check_config.h 
Manual, as most expressions were too complex for unifdef. Most of those
were or had a part like "we need XXX or USE_PSA" (where XXX was Cipher
or MD) and those are always satisfied now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:21 +01:00
Manuel Pégourié-Gonnard
615914b5ac Rm dead !USE_PSA code: SSL headers (part 2) 
Expression that are too complex for unifdef - please review carefully :)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:14 +01:00
Manuel Pégourié-Gonnard
11ae619e77 Rm dead !USE_PSA code: SSL headers (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:04 +01:00
Manuel Pégourié-Gonnard
873816129e Rm dead !USE_PSA code: SSL ciphersuite (part 2) 
Manual removal as unifdef doesn't handle non-trivial expressions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:56 +01:00
Manuel Pégourié-Gonnard
daeaa51943 Rm dead !USE_PSA code: SSL ciphersuites (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_ciphersuites*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:50 +01:00
Manuel Pégourié-Gonnard
b18c8b957b Rm dead !USE_PSA code: SSL hooks 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch]

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:43 +01:00
Manuel Pégourié-Gonnard
f60b09b019 Rm dead !USE_PSA code: X.509 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/x509*.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:14:38 +01:00
Ronald Cron
189dcf630f
Merge pull request #9910 from valeriosetti/issue9684 
Remove DHE-PSK key exchange
 2025-01-27 11:15:10 +00:00
Manuel Pégourié-Gonnard
7e1154c959
Merge pull request #9906 from mpg/rm-conf-curves 
[dev] Remove deprecated function mbedtls_ssl_conf_curves()
 2025-01-27 08:21:27 +00:00
Valerio Setti
094fd49f5b tf-psa-crypto: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 05:24:06 +01:00
Valerio Setti
944f3ab1d6 changelog: add note about DHE-PSK removal 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
27bc56303a docs: remove references of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
6ba324de02 mbedtls_config: remove MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED 
This commit also removes its disabling from config_adjust_ssl.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
a07345247e check_config: remove checks for DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
6e892cb630 components-configuration-crypto.sh: remove references to DHE_PSK kex 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
70cc4e6bd1 analyze_outcomes.py: remove exceptions related to DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
6348b46c0b ssl_ciphersuites: remove references/usages of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
48659a1f9c ssl_tls: remove usage of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
64d264d2e6 compat.sh: remove usage of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
9a9c9a53c1 compat.sh: do not use DHE-PSK key exchange in gnutls tests 
DHE-PSK is being removed from Mbed TLS so we cannot use this key
exchange with gnutls testing.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
5c730c1d54 ssl-opt.sh: remove DHE-PSK only test cases 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Janos Follath
1532ea42ac
Merge pull request #9918 from davidhorstmann-arm/clarify-x509-security-md 
Add X.509 formatting validation to SECURITY.md
 2025-01-23 16:09:50 +00:00
David Horstmann
0704fbf1eb Fix missing-word typo 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-01-23 10:28:06 +00:00
Manuel Pégourié-Gonnard
490e30599b Stop recommended deprecated function in migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-23 09:33:59 +01:00
David Horstmann
faa1a0fe50 Add paragraph on undefined behaviour 
Add a note that we do aim to protect against undefined behaviour and
undefined behaviour in certificate parsing is in scope.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-01-22 14:48:58 +00:00
David Horstmann
2fe0da7947 Add X.509 formatting validation to SECURITY.md 
Clarify that strict formatting of X.509 certificates is not checked by
Mbed TLS and that it therefore should not be used to construct a CA.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-01-22 14:27:22 +00:00
Manuel Pégourié-Gonnard
c4e768a8a6 Fix incorrect test function 
We should not manually set the TLS version, the tests are supposed to
pass in 1.3-only builds as well. Instead do the normal thing of setting
defaults. This doesn't interfere with the rest of the testing, so I'm
not sure why we were not doing it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-22 10:04:43 +01:00
David Horstmann
5a77c230b1
Merge pull request #9909 from gilles-peskine-arm/psa-storage-test-cases-never-supported-negative-dev 
Switch generate_psa_test.py to automatic dependencies for negative test cases
 2025-01-21 18:34:25 +00:00
Gilles Peskine
7dc570905e Update submodule 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-20 19:43:41 +01:00
Gilles Peskine
13c418dcee Add ignore list entries for ECDH/FFDH algorithm without key type 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-20 16:00:46 +01:00
Gilles Peskine
fe683e7a1b Remove test coverage exceptions that are no longer needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-20 16:00:46 +01:00
Gilles Peskine
08c4362ad1 Update submodules 
Catch up with https://github.com/Mbed-TLS/mbedtls-framework/pull/104 =
"Switch generate_psa_test.py to automatic dependencies for negative test cases"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-01-20 16:00:44 +01:00
Ronald Cron
6daf4ef507
Merge pull request #9914 from Harry-Ramsey/remove-tf-psa-crypto-test 
Remove check_test_dependencies TF-PSA-Crypto test from Mbed TLS
 2025-01-20 10:38:53 +00:00
Ronald Cron
bff7733714
Merge pull request #9913 from valeriosetti/issue9892 
Remove deprecated function mbedtls_x509write_crt_set_serial()
 2025-01-20 10:11:57 +00:00
Harry Ramsey
cec956263d Update framework pointer 
This commit updates the framework pointer to include modified
collect_test_cases.py which can run independently for TF-PSA-Crypto.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-01-20 08:41:40 +00:00
Harry Ramsey
28eed1abff Update TF-PSA-Crypto pointer 
This commit updates TF-PSA-Crypto pointer to include the moved test in
Mbed TLS via TF-PSA-Crypto.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-01-20 08:41:31 +00:00
Harry Ramsey
e65bfe6449 Remove check_test_dependencies TF-PSA-Crypto test from Mbed TLS 
This commit removes the check_test_dependencies from Mbed TLS as it has
been added to TF-PSA-Crypto.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-01-17 09:20:23 +00:00
Valerio Setti
19846f5561 changelog: add note for mbedtls_x509write_crt_set_serial() deprecation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-16 15:06:19 +01:00
Valerio Setti
6487da15e9 tests: remove usage of mbedtls_x509write_crt_set_serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-16 15:02:15 +01:00