4ac4008fa0
Access ssl->hostname through abstractions in certificate verification
...
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called(), mbedtls_ssl_free_hostname().
Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().
No behavior change except for a new log message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 19:24:16 +01:00
95fe2a6df4
Add a flags field to mbedtls_ssl_context
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 19:24:16 +01:00
dd14c0a11e
Remove in_hshdr
...
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-02-13 13:41:51 +03:00
b8621b6f9d
ssl_ciphersuites: remove references to DHE-RSA key exchanges
...
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
89743b5db5
ssl_tls: remove code related to DHE-RSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-02-06 10:05:58 +01:00
cf4e6a18e6
Remove unused variable in ssl_server.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-02-05 13:10:01 +02:00
be658c47c8
Merge pull request #9938 from bjwtaylor/ssl-ticket-api
...
Move ssl_ticket to the PSA API
2025-02-05 10:41:09 +00:00
afa11db620
Remove obselete checks due to the introduction of handhsake defragmen...
...
tation. h/t @waleed-elmelegy-arm
909e71672fwaleed.elmelegy@arm.com >
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-02-01 15:42:43 +02:00
2547ae9fcc
Move SSL macro checks from TF-PSA-Crypto to Mbed TLS
...
This commit moves macro checks specifically for Mbed TLS from
TF-PSA-Crypto to Mbed TLS where they more approriately belong.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2025-01-31 13:58:43 +00:00
0c29cf87b1
Move ssl_ticket to the PSA API
...
Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto
API.
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-01-30 08:22:40 +00:00
072c98eb75
Remove empty #if #endif block
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-29 10:40:15 +01:00
53fe26c5ad
Update a function's doxygen
...
There was two versions of this function with different arguments. Update
the documentation to match the signature of the function we kept.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:44:15 +01:00
c7403edad8
Rm dead !USE_PSA code: ssl_tls12_client (part 2)
...
Manually handle unifdef leftovers
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:43:57 +01:00
fef408976f
Rm dead !USE_PSA code: ssl_tls12_client (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_client.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:21:09 +01:00
8fcfcf947c
Appease unifdef
...
I was going to describe those changes as temporary, to be undone after
applying unifdef, but it turns out they're both in dead code, so there
will be nothing to undo after unifdef has run.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:19:35 +01:00
07a1edd590
Rm dead !USE_PSA code: ssl_tls.c (part 2)
...
Manually handle more complex expressions.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:19:15 +01:00
88800ddcc6
Rm dead !USE_PSA code: ssl_tls.c (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls.c
framework/scripts/code_style.py --fix library/ssl_tls.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:18:11 +01:00
1a3959c84e
Rm dead !USE_PSA code: ssl_msg.c
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_msg.c
Took care of everything in this file
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:18:02 +01:00
df5e1b6864
Rm dead !USE_PSA code: ssl_tls12_server.c (part 2)
...
Manual.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:17:54 +01:00
58916768b7
Rm dead !USE_PSA code: ssl_tls12_server.c (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c
framework/scripts/code_style.py --fix library/ssl_tls12_server.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:17:26 +01:00
0b44a81f07
Rm dead !USE_PSA code: ssl_tls13*.c part 2
...
The one expression that was apparently too much for unifdef
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:40 +01:00
855f5bf244
Rm dead !USE_PSA code: ssl_tls13_xxx (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:29 +01:00
615914b5ac
Rm dead !USE_PSA code: SSL headers (part 2)
...
Expression that are too complex for unifdef - please review carefully :)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:14 +01:00
11ae619e77
Rm dead !USE_PSA code: SSL headers (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:04 +01:00
daeaa51943
Rm dead !USE_PSA code: SSL ciphersuites (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_ciphersuites*
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:14:50 +01:00
b18c8b957b
Rm dead !USE_PSA code: SSL hooks
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:14:43 +01:00
f60b09b019
Rm dead !USE_PSA code: X.509
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/x509*.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:14:38 +01:00
b70e76a1e6
Add a safety check for in_hsfraglen
...
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-01-27 22:37:53 +04:00
189dcf630f
Merge pull request #9910 from valeriosetti/issue9684
...
Remove DHE-PSK key exchange
2025-01-27 11:15:10 +00:00
7e1154c959
Merge pull request #9906 from mpg/rm-conf-curves
...
[dev] Remove deprecated function mbedtls_ssl_conf_curves()
2025-01-27 08:21:27 +00:00
aaa152ed91
Allow fragments less HS msg header size (4 bytes)
...
Except the first
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-01-26 11:12:25 +02:00
3dfe75e115
Remove mbedtls_ssl_reset_in_out_pointers
...
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-01-26 11:12:21 +02:00
6348b46c0b
ssl_ciphersuites: remove references/usages of DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
48659a1f9c
ssl_tls: remove usage of DHE-PSK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-24 11:49:59 +01:00
cad11ada7f
Review comments
...
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-01-18 15:59:29 +02:00
6b64a1ba37
x509: remove definition and implementation of x509write_crt_set_serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-01-16 15:00:10 +01:00
6402c35eca
Remove internal helper mbedtls_ssl_get_groups()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:23:56 +01:00
6b720161ca
Remove mbedtls_ssl_conf::curve_list
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:17:20 +01:00
93d4591255
Remove deprecated function mbedtls_ssl_conf_curves()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:06:31 +01:00
bc7c523420
Remove uses of secp244k1
...
Remove all code guarded by `PSA_WANT_ECC_SECP_K1_224`, which is not and will
not be implemented. (It would be K1_225 anyway, but we don't intend to
implement it anyway.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-01-08 16:51:23 +01:00
0d28fcb082
Merge pull request #9798 from NadavTasher/feature/more-debug-prints
...
Added debug print in tls13 ssl_tls13_write_key_share_ext
2025-01-07 16:18:35 +00:00
ac2cf1f26c
Defragment incoming TLS handshake messages
...
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2024-12-25 14:34:17 +02:00
51f228cc1b
Switch to actual TF-PSA-Crypto build_info.h
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-11 22:32:45 +01:00
6a2cbe77fa
Move driver wrappers generation to tf-psa-crypto
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-04 14:25:02 +01:00
6924564970
Move back timing.c to mbedtls
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-04 14:25:02 +01:00
8b592d28f9
Move psa_to_ssl_errors
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-04 14:25:02 +01:00
80963c64eb
Move hkdf.h to tf-psa-crypto
...
Move hkdf.h to tf-psa-crypto as
hkdf.c was.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-04 14:25:02 +01:00
685d128c0f
Make mbedTLS compile with MS-DOS DJGPP
...
Signed-off-by: SuperIlu <superilu@yahoo.com >
2024-12-01 10:05:21 +01:00
8bfa04a182
Added debug print in tls13 ssl_tls13_write_key_share_ext
...
Signed-off-by: Nadav Tasher <tashernadav@gmail.com >
2024-11-26 00:51:16 +02:00
0381a98114
cmake: Move copy of crypto libraries to mbedtls
...
Move copy of crypto libraries to mbedtls as this
copy does not make sense in TF-PSA-Crypto context.
Also copy all of them, not just tfpsacrypto.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-11-14 09:28:27 +01:00
