The header `mbedtls/oid.h` now belongs to the X.509 library. Move the
declarations of `mbedtls_oid_get_numeric_string()` and
`mbedtls_oid_from_numeric_string()` back to this header, which is where they
were in all previous releases of Mbed TLS. This avoids gratuitously breaking
backward compatibility.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
For each function in `x509_oid.c`, determine where it is used and only
include it in the build if it is needed by the X.509 code. Define the
corresponding internal tables only when they are consumed by a function.
This makes Mbed TLS completely independent of the compilation option
`MBEDTLS_OID_C`. This option remains present only in sample configs for
crypto, where it must stay until TF-PSA-Crypto no longer relies on this
option.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some code that parses or writes X.509 needs to know OID values. We provide a
convenient list. Don't remove this list from the public interface of the
library.
For user convenience, expose these values in the same header as before and
with the same name as before: `MBEDTLS_OID_xxx` in `<mbedtls/oid.h>`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This will be a subset of the former `<mbedtls/oid.h>`, with only macro
definitions, no function declarations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Stop referring to low-level APIs that are becoming private.
Also drop the requirement on supporting what is now
PSA_ALG_RSA_PKCS1V15_SIGN_RAW. That was needed for TLS 1.0/1.1 which signs
MD5||SHA1, but is no longer needed since Mbed TLS 3.0 dropped support for
these protocol versions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This reflects the fact that the library will not modify the list, and allows
the list to be read from a const buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* public/development: (23 commits)
tests: suite_x509parse: set PSA max operations in x509_verify_restart()
library: debug: remove mbedtls_debug_printf_ecdh()
library: debug: make mbedtls_debug_print_psa_ec() static
Remove call to pk_decrypt() in ssl_server2
Change hardcoded error values in ssl-opt to take in the PSA error alias
Test with GCC 15 with sloppy union initialization
Update crypto with the union initialization fixes
Mark ssl_tls12_preset_suiteb_sig_algs const
Mark ssl_tls12_preset_default_sig_algs const
Use PSA macros for the `pkalgs` domain
reverted compat-2.x.h removal from psa-transition.md
Correct ChangeLog file extension
Add ChangeLog
remove compat-2.x.h
Remove trace of secp224k1
Update submodules
Improve comments
Allow gcc-15 to be in $PATH
Enable drivers when testing with GCC 15
GCC 15: Silence -Wunterminated-string-initialization
...
Remove the public definition of mbedtls_debug_print_ecp(). The function
is only used internally in debug.c, so we can then make the function
static.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer
crashing with use-after-free, instead it's now failing cleanly:
failed
! mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid
That's better of course but still not great, will be fixed by future
commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- Do not store RSA-PSS signature options in CRL/CRT/CSR structures;
- During the parsing phase, just ensure that MGF1 hash alg is the same
as the one used for the message.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
* development-restricted:
Add missing credit for set_hostname issue
Add changelog entry for TLS 1.2 Finished fix
TLS1.2: Check for failures in Finished calculation
ssl_session_reset: preserve HOSTNAME_SET flag
Document the need to call mbedtls_ssl_set_hostname
Improve documentation of mbedtls_ssl_set_hostname
Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients
Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
mbedtls_ssl_set_hostname tests: add tests with CA callback
Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
Require calling mbedtls_ssl_set_hostname() for security
Create error code for mbedtls_ssl_set_hostname not called
Keep track of whether mbedtls_ssl_set_hostname() has been called
Access ssl->hostname through abstractions in certificate verification
mbedtls_ssl_set_hostname tests: baseline
Add a flags field to mbedtls_ssl_context
Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
Make guards more consistent between X.509-has-certs and SSL-has-certs
Fix Doxygen markup
Make ticket_alpn field private
Conflicts:
programs/ssl/ssl_test_common_source.c
HKDF-Expand can produce at most 255 * hash_size bytes of key material,
so this limit applies to the TLS 1.3 key material exporter.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.
This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.
Signed-off-by: Max Fillinger <max@max-fillinger.net>
The TLS-Exporter in TLS 1.2 requires client_random and server_random.
Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored
after the handshake is completed.
Therefore, mbedtls_ssl_export_keying_material() exists only if either
MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2
is *not* defined.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
The TLS-Exporter is a function to derive shared symmetric keys for the
server and client from the secrets generated during the handshake.
It is defined in RFC 8446, Section 7.5 for TLS 1.3 and in RFC 5705 for
TLS 1.2.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
