TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 0dd31fe523f4031ace63e4d847bb896dc06db6fc^! / . / library / ssl_ciphersuites.c
commit0dd31fe523f4031ace63e4d847bb896dc06db6fc[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Wed Sep 10 09:37:46 2025 +0200
committerRonald Cron <ronald.cron@arm.com>Tue Sep 16 15:53:43 2025 +0200
tree4aa49b1427c502bc1a1a9ebb873e92587bc67973
parente6240f14ee2940ebcbec6a8eea33a39818c48387 [diff] [blame]
Introduce MBEDTLS_SSL_NULL_CIPHERSUITES

The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 39826ee..6027b7f 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c

@@ -325,14 +325,14 @@
 #endif /* PSA_WANT_ALG_GCM */
 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES)
 #if defined(PSA_WANT_ALG_SHA_1)
     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       MBEDTLS_CIPHERSUITE_WEAK,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
@@ -415,14 +415,14 @@
 #endif /* PSA_WANT_ALG_GCM */
 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES)
 #if defined(PSA_WANT_ALG_SHA_1)
     { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       MBEDTLS_CIPHERSUITE_WEAK,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
@@ -591,7 +591,7 @@
 #endif /* PSA_WANT_KEY_TYPE_AES */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES)
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 #if defined(PSA_WANT_ALG_SHA_1)
     { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
@@ -637,7 +637,7 @@
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* PSA_WANT_ALG_SHA_384 */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */
 
 #if defined(PSA_WANT_KEY_TYPE_ARIA)