lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
33,816 Commits 176 Branches 276 Tags
7f6534617728524e70bc6abe0fffbf562fdf67c4
Commit Graph

362 Commits

Author SHA1 Message Date
Ben Taylor
8b3b7e5cac Update further type mismatches 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
6816fd781e Adjust for change in mbedtls_pk_verify_new function prototype 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
1c118a564d reverted enum in pk_verify_new 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
adf5d537b2 Fix code style 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
d95ea27e8c Create new enum mbedtls_pk_sigalg_t 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-08-07 08:25:52 +01:00
Ben Taylor
73b3987291 Correct rebase and add in additional type cast 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-29 07:54:44 +01:00
Ben Taylor
d3ae1701f3 Remove pragmas and use alias 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-29 07:54:44 +01:00
Ben Taylor
1c1535f153 Make pragmas more specific 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-29 07:54:43 +01:00
Ben Taylor
04b03d7712 Replace Werror removal with pragma 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-29 07:54:43 +01:00
Ben Taylor
0de87611bb Remove additional calls to mbedtls_pk_verify_ext 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-21 07:53:15 +01:00
Ben Taylor
306ffd3a36 Switch to mbedtls_pk_verify_new 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-07-21 07:53:15 +01:00
Gilles Peskine
4c83221320 Replace MBEDTLS_ERR_OID_NOT_FOUND with MBEDTLS_ERR_X509_UNKNOWN_OID 
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with
`MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not
used for anything.

Public functions in X.509 propagate this error code, so it needs to have a
public name.

Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then

```
git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-03 15:51:34 +02:00
Valerio Setti
7f6f4e6907 library: pass NULL options parameter to mbedtls_pk_verify_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-05-07 09:06:52 +02:00
Ben Taylor
440cb2aac2 Remove RNG from x509 and PK 
remove the f_rng and p_rng parameter from x509 and PK.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 08:17:38 +00:00
Gilles Peskine
a7e14dc9eb Don't expect added error codes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-24 14:13:50 +00:00
Harry Ramsey
0f6bc41a22 Update includes for each library file 
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-10-09 11:18:50 +01:00
Manuel Pégourié-Gonnard
19dd9f59bc Merge 1.2 and 1.3 certificate verification 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
843a00dec6 Add support for context f_vrfy callback in 1.3 
This was only supported in 1.2 for no good reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
fd800c2416 Improve a variable's name 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
5bdadbb1eb Restrict the scope of a few variables 
In particular, make sure pointer variables are initialized right after
being declared.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Ronald Cron
bfbecf8b34 tls13: Add support for trusted certificate callback 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
6901504ddb Allow no authentication of the server in 1.3 
See notes about optional two commits ago for why we're doing this.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
58ab9ba0bd Allow optional authentication of the server in 1.3 
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.

In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
aefc5938b0 Add comments about 1.3 server sending no cert 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
5f9428ac8a Rm translation code for unused flag 
We don't check the non-standard nsCertType extension, so this flag can't
be set, so checking if it's set is useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
7a4aa4d133 Make mbedtls_ssl_check_cert_usage() work for 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
4956e32538 Fix 1.3 failure to update flags for (ext)KeyUsage 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-16 17:23:47 +01:00
Gilles Peskine
69770aaa7b Use unsigned long rather than size_t for format string readability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-05 20:54:42 +02:00
Gilles Peskine
a9d4ef0998 Fix uint32_t printed as unsigned int 
This is ok in practice since we don't support 16-bit platforms, but it makes
`arm-none-eabi-gcc-10 -mthumb -Wformat` complain.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-03 22:16:23 +02:00
Tom Cosgrove
a2c45dc713 Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro 
Fixes #8994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-04-02 14:51:47 +01:00
Ronald Cron
93795f2639 tls13: Improve comment about cast to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 09:57:07 +01:00
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
70eab45ba6 tls13: generic: Fix log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
8571804382 tls13: srv: Enforce maximum size of early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:09 +01:00
Ronald Cron
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Ronald Cron
5fbd27055d tls13: Use a flag not a counter for CCS and HRR handling 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-15 17:19:02 +01:00
Ronald Cron
e273f7203d tls13: client: Improve CCS handling 
Call unconditionally the CCS writing function
when sending a CCS may be necessary in the
course of an handshake. Enforce in the writing
function and only in the writing function that
only one CCS is sent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-14 10:24:00 +01:00
Manuel Pégourié-Gonnard
e6c80bc6e5 Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status 
TLS 1.3: Refine and test client early data status
 2024-02-13 20:36:42 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Ronald Cron
fe59ff794d tls13: Send dummy CCS only once 
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard
32c28cebb4 Merge pull request #8715 from valeriosetti/issue7964 
Remove all internal functions from public headers
 2024-02-05 15:09:15 +00:00
Valerio Setti
b4f5076270 debug: move internal functions declarations to an internal header file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 15:30:46 +01:00
Gilles Peskine
4d4891e18a Merge pull request #8666 from valeriosetti/issue8340 
Export the mbedtls_md_psa_alg_from_type function
 2024-01-18 13:58:55 +00:00
Valerio Setti
ecaf7c5690 ssl_tls: add guards for enabled DH key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457 Change record size limit writing function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d ssl_tls13_generic: check value of RecordSizeLimit in helper function 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-01-10 16:17:27 +00:00
Tom Cosgrove
3a6059beca Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00