1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-13 19:21:32 +03:00
Commit Graph

2059 Commits

Author SHA1 Message Date
8c95999b38 Merge pull request #9544 from eleuzi01/replace-224k1
Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224
2024-09-06 15:15:35 +00:00
63cb13e494 Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-09-05 12:43:14 +01:00
9fc5be09cb Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-09-04 18:12:59 +01:00
1d98d9d861 Merge pull request #9526 from mpg/refactor-tls123-verif-dev
Refactor tls123 verif dev
2024-09-03 15:29:10 +00:00
5398e58fcd Fix guards around function now used by 1.3 as well
Actually moved the function rather than trying to edit guards around it,
because the relevant guards are not nearby, the function was part of
larger blocks, so it seemed risky.

Also, that seems logically correct: the function is no longer part of
the "TLS 1.2 handshake functions common to server and client" section,
it's part of the "helper functions common to 1.2 and 1.3 server and
client" block. Ideally in the future perhaps the file structure should
reflect that (`ssl_generic.c` vs `ssl_tls12_generic.c`?) but that's out
of scope here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
9e3e991d04 Fix typos in comments
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
a040548747 Improve some comments
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
19dd9f59bc Merge 1.2 and 1.3 certificate verification
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
908f57dfba Minor refactoring of generic SSL certificate verif
Rename as there was a name collision with a static function in another
file: ssl_parse_certificate_verify in ssl_tls12_server.c is the function
that parses the CertificateVerify message, which seems appropriate. Here
it meant "the 'verify' step after parsing the Certificate message".
Use a name that focuses on what it does: verify, not parse.

Also, take ciphersuite_info as an argument: when TLS 1.3 calls this
function, it can pass NULL as the ciphersuite has no influence there.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
843a00dec6 Add support for context f_vrfy callback in 1.3
This was only supported in 1.2 for no good reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
fd800c2416 Improve a variable's name
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
5bdadbb1eb Restrict the scope of a few variables
In particular, make sure pointer variables are initialized right after
being declared.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
58ab9ba0bd Allow optional authentication of the server in 1.3
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.

In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
5f9428ac8a Rm translation code for unused flag
We don't check the non-standard nsCertType extension, so this flag can't
be set, so checking if it's set is useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
e5a916fd3c Simplify certificate curve check for 1.2
The comments were about the time we were using mbedtls_pk_ec(), which
can return NULL, which we don't want to propagate to other functions.

Now we're using mbedtls_pk_get_ec_group_id() with is a safer interface
(and works even when EC is provided by drivers).

The check for GROUP_NONE was an heritage from the previous NULL check.
However it's actually useless: if NONE were returned (which can't happen
or parsing of the certificate would have failed and we wouldn't be
here), then mbedtls_ssl_check_curve() would work and just say that the
curve wasn't valid, which is OK.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
7a4aa4d133 Make mbedtls_ssl_check_cert_usage() work for 1.3
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
94f70228e9 Clean up mbedtls_ssl_check_cert_usage()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
c15ef93aa5 Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-08-28 18:20:25 +02:00
da41b60cef Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-13 09:58:00 +01:00
6b4cd48d24 Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-09 09:49:03 +01:00
e1171bd26f Merge pull request #9361 from eleuzi01/replace-key-aria
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
2024-08-08 15:41:01 +00:00
9e54a4f5ba Merge pull request #9369 from eleuzi01/replace-ecc-keys
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
2024-08-08 12:10:43 +00:00
51c85a0296 Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-07 11:33:14 +01:00
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-05 15:41:58 +01:00
c256172b30 Replace MBEDTLS_SSL_HAVE_CCM with PSA_WANT_ALG_CCM
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-05 15:40:00 +01:00
be6a47140b Merge pull request #9365 from eleuzi01/replace-gcm
Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
2024-08-05 09:43:23 +00:00
9c9a3df3bf Merge pull request #9366 from eleuzi01/replace-chachapoly
Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
2024-08-02 14:26:27 +00:00
83a0d9deec Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-02 09:52:20 +01:00
5c70c30655 Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-31 16:31:00 +01:00
74342c7c2b Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-31 16:19:15 +01:00
6121a344dd Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-30 18:42:19 +01:00
417d05f7c5 Replace MBEDTLS_ECP_HAVE_SECP256R1 with PSA_WANT_ECC_SECP_R1_256
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-29 11:31:20 +01:00
e7fdfdb913 Merge pull request #9123 from eleuzi01/replace-mbedtls-md-can-md5
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
2024-07-18 16:17:25 +00:00
b449476595 Merge pull request #9354 from eleuzi01/replace-ecp-have-secp512r1
Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521
2024-07-18 15:55:41 +00:00
df772da34e Merge pull request #9358 from eleuzi01/replace-curve
Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
2024-07-18 13:54:26 +00:00
b66a991f04 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-18 14:31:59 +03:00
9a75dddb5c Merge pull request #9350 from eleuzi01/replace-ecp-have-secp224r1
Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224
2024-07-17 13:48:40 +00:00
b8d10876d1 Replace MBEDTLS_ECP_HAVE_BP*R1 with PSA_WANT counterparts
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-16 21:48:55 +03:00
24e24f2b5a Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-16 21:43:30 +03:00
eaa0cf0de6 Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-16 17:00:31 +03:00
cb854d5d19 Merge pull request #9356 from eleuzi01/replace-ecp-have-secp-k1
Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts
2024-07-16 13:57:46 +00:00
9e85c9f0f4 Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-15 12:11:55 +03:00
a363286c9f Replace MBEDTLS_ECP_HAVE_SECP192R1 with PSA_WANT_ECC_SECP_R1_192
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-15 11:24:49 +03:00
0b5d48ebbf Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-11 13:20:35 +03:00
0916cd702f Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-11 11:13:35 +03:00
4efd1645e8 Merge pull request #8983 from Troy-Butler/handle-null-args
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-07-04 14:50:55 +00:00
2cf41a273e Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
2024-07-04 08:56:52 +00:00
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-03 10:20:41 +01:00
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-02 11:08:04 +01:00
f41272099b Merge pull request #9242 from sezrab/fix-function-parameter
Fix incorrect array length in function prototype
2024-06-13 07:55:50 +00:00