8c95999b38
Merge pull request #9544 from eleuzi01/replace-224k1
...
Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224
2024-09-06 15:15:35 +00:00
63cb13e494
Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-09-05 12:43:14 +01:00
9fc5be09cb
Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-09-04 18:12:59 +01:00
1d98d9d861
Merge pull request #9526 from mpg/refactor-tls123-verif-dev
...
Refactor tls123 verif dev
2024-09-03 15:29:10 +00:00
5398e58fcd
Fix guards around function now used by 1.3 as well
...
Actually moved the function rather than trying to edit guards around it,
because the relevant guards are not nearby, the function was part of
larger blocks, so it seemed risky.
Also, that seems logically correct: the function is no longer part of
the "TLS 1.2 handshake functions common to server and client" section,
it's part of the "helper functions common to 1.2 and 1.3 server and
client" block. Ideally in the future perhaps the file structure should
reflect that (`ssl_generic.c` vs `ssl_tls12_generic.c`?) but that's out
of scope here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
9e3e991d04
Fix typos in comments
...
Co-authored-by: David Horstmann <david.horstmann@arm.com >
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
a040548747
Improve some comments
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
19dd9f59bc
Merge 1.2 and 1.3 certificate verification
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
908f57dfba
Minor refactoring of generic SSL certificate verif
...
Rename as there was a name collision with a static function in another
file: ssl_parse_certificate_verify in ssl_tls12_server.c is the function
that parses the CertificateVerify message, which seems appropriate. Here
it meant "the 'verify' step after parsing the Certificate message".
Use a name that focuses on what it does: verify, not parse.
Also, take ciphersuite_info as an argument: when TLS 1.3 calls this
function, it can pass NULL as the ciphersuite has no influence there.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
843a00dec6
Add support for context f_vrfy callback in 1.3
...
This was only supported in 1.2 for no good reason.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
fd800c2416
Improve a variable's name
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
5bdadbb1eb
Restrict the scope of a few variables
...
In particular, make sure pointer variables are initialized right after
being declared.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
58ab9ba0bd
Allow optional authentication of the server in 1.3
...
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.
In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
5f9428ac8a
Rm translation code for unused flag
...
We don't check the non-standard nsCertType extension, so this flag can't
be set, so checking if it's set is useless.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
e5a916fd3c
Simplify certificate curve check for 1.2
...
The comments were about the time we were using mbedtls_pk_ec(), which
can return NULL, which we don't want to propagate to other functions.
Now we're using mbedtls_pk_get_ec_group_id() with is a safer interface
(and works even when EC is provided by drivers).
The check for GROUP_NONE was an heritage from the previous NULL check.
However it's actually useless: if NONE were returned (which can't happen
or parsing of the certificate would have failed and we wouldn't be
here), then mbedtls_ssl_check_curve() would work and just say that the
curve wasn't valid, which is OK.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
7a4aa4d133
Make mbedtls_ssl_check_cert_usage() work for 1.3
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
94f70228e9
Clean up mbedtls_ssl_check_cert_usage()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
c15ef93aa5
Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-08-28 18:20:25 +02:00
da41b60cef
Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-13 09:58:00 +01:00
6b4cd48d24
Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-09 09:49:03 +01:00
e1171bd26f
Merge pull request #9361 from eleuzi01/replace-key-aria
...
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
2024-08-08 15:41:01 +00:00
9e54a4f5ba
Merge pull request #9369 from eleuzi01/replace-ecc-keys
...
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
2024-08-08 12:10:43 +00:00
51c85a0296
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-07 11:33:14 +01:00
8dde3b3dec
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-05 15:41:58 +01:00
c256172b30
Replace MBEDTLS_SSL_HAVE_CCM with PSA_WANT_ALG_CCM
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-05 15:40:00 +01:00
be6a47140b
Merge pull request #9365 from eleuzi01/replace-gcm
...
Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
2024-08-05 09:43:23 +00:00
9c9a3df3bf
Merge pull request #9366 from eleuzi01/replace-chachapoly
...
Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
2024-08-02 14:26:27 +00:00
83a0d9deec
Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-02 09:52:20 +01:00
5c70c30655
Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-31 16:31:00 +01:00
74342c7c2b
Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-31 16:19:15 +01:00
6121a344dd
Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-30 18:42:19 +01:00
417d05f7c5
Replace MBEDTLS_ECP_HAVE_SECP256R1 with PSA_WANT_ECC_SECP_R1_256
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-29 11:31:20 +01:00
e7fdfdb913
Merge pull request #9123 from eleuzi01/replace-mbedtls-md-can-md5
...
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
2024-07-18 16:17:25 +00:00
b449476595
Merge pull request #9354 from eleuzi01/replace-ecp-have-secp512r1
...
Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521
2024-07-18 15:55:41 +00:00
df772da34e
Merge pull request #9358 from eleuzi01/replace-curve
...
Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
2024-07-18 13:54:26 +00:00
b66a991f04
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-18 14:31:59 +03:00
9a75dddb5c
Merge pull request #9350 from eleuzi01/replace-ecp-have-secp224r1
...
Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224
2024-07-17 13:48:40 +00:00
b8d10876d1
Replace MBEDTLS_ECP_HAVE_BP*R1 with PSA_WANT counterparts
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-16 21:48:55 +03:00
24e24f2b5a
Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-16 21:43:30 +03:00
eaa0cf0de6
Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-16 17:00:31 +03:00
cb854d5d19
Merge pull request #9356 from eleuzi01/replace-ecp-have-secp-k1
...
Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts
2024-07-16 13:57:46 +00:00
9e85c9f0f4
Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-15 12:11:55 +03:00
a363286c9f
Replace MBEDTLS_ECP_HAVE_SECP192R1 with PSA_WANT_ECC_SECP_R1_192
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-15 11:24:49 +03:00
0b5d48ebbf
Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-11 13:20:35 +03:00
0916cd702f
Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-11 11:13:35 +03:00
4efd1645e8
Merge pull request #8983 from Troy-Butler/handle-null-args
...
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-07-04 14:50:55 +00:00
2cf41a273e
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384
...
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
2024-07-04 08:56:52 +00:00
b476d4bf21
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-03 10:20:41 +01:00
fcc9afaf9d
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-02 11:08:04 +01:00
f41272099b
Merge pull request #9242 from sezrab/fix-function-parameter
...
Fix incorrect array length in function prototype
2024-06-13 07:55:50 +00:00
