mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-09 10:01:18 +03:00

Author	SHA1	Message	Date
Ronald Cron	8c95999b38	Merge pull request #9544 from eleuzi01/replace-224k1 Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224	2024-09-06 15:15:35 +00:00
Elena Uziunaite	63cb13e494	Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-09-05 12:43:14 +01:00
Elena Uziunaite	9fc5be09cb	Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-09-04 18:12:59 +01:00
David Horstmann	1d98d9d861	Merge pull request #9526 from mpg/refactor-tls123-verif-dev Refactor tls123 verif dev	2024-09-03 15:29:10 +00:00
Manuel Pégourié-Gonnard	5398e58fcd	Fix guards around function now used by 1.3 as well Actually moved the function rather than trying to edit guards around it, because the relevant guards are not nearby, the function was part of larger blocks, so it seemed risky. Also, that seems logically correct: the function is no longer part of the "TLS 1.2 handshake functions common to server and client" section, it's part of the "helper functions common to 1.2 and 1.3 server and client" block. Ideally in the future perhaps the file structure should reflect that (`ssl_generic.c` vs `ssl_tls12_generic.c`?) but that's out of scope here. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	9e3e991d04	Fix typos in comments Co-authored-by: David Horstmann <david.horstmann@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	a040548747	Improve some comments Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	19dd9f59bc	Merge 1.2 and 1.3 certificate verification Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	908f57dfba	Minor refactoring of generic SSL certificate verif Rename as there was a name collision with a static function in another file: ssl_parse_certificate_verify in ssl_tls12_server.c is the function that parses the CertificateVerify message, which seems appropriate. Here it meant "the 'verify' step after parsing the Certificate message". Use a name that focuses on what it does: verify, not parse. Also, take ciphersuite_info as an argument: when TLS 1.3 calls this function, it can pass NULL as the ciphersuite has no influence there. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	843a00dec6	Add support for context f_vrfy callback in 1.3 This was only supported in 1.2 for no good reason. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	fd800c2416	Improve a variable's name Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	5bdadbb1eb	Restrict the scope of a few variables In particular, make sure pointer variables are initialized right after being declared. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	58ab9ba0bd	Allow optional authentication of the server in 1.3 This is for compatibility, for people transitioning from 1.2 to 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server authentication" and reports linked from there. In the future we're likely to make server authentication mandatory in both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	5f9428ac8a	Rm translation code for unused flag We don't check the non-standard nsCertType extension, so this flag can't be set, so checking if it's set is useless. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	e5a916fd3c	Simplify certificate curve check for 1.2 The comments were about the time we were using mbedtls_pk_ec(), which can return NULL, which we don't want to propagate to other functions. Now we're using mbedtls_pk_get_ec_group_id() with is a safer interface (and works even when EC is provided by drivers). The check for GROUP_NONE was an heritage from the previous NULL check. However it's actually useless: if NONE were returned (which can't happen or parsing of the certificate would have failed and we wouldn't be here), then mbedtls_ssl_check_curve() would work and just say that the curve wasn't valid, which is OK. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	7a4aa4d133	Make mbedtls_ssl_check_cert_usage() work for 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	94f70228e9	Clean up mbedtls_ssl_check_cert_usage() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Gabor Mezei	c15ef93aa5	Replace `MBEDTLS_MD_CAN_SHA512` with `PSA_WANT_ALG_SHA_512` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-08-28 18:20:25 +02:00
Elena Uziunaite	da41b60cef	Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-13 09:58:00 +01:00
Elena Uziunaite	6b4cd48d24	Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-09 09:49:03 +01:00
Gilles Peskine	e1171bd26f	Merge pull request #9361 from eleuzi01/replace-key-aria Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA	2024-08-08 15:41:01 +00:00
Gilles Peskine	9e54a4f5ba	Merge pull request #9369 from eleuzi01/replace-ecc-keys Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY	2024-08-08 12:10:43 +00:00
Elena Uziunaite	51c85a0296	Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-07 11:33:14 +01:00
Elena Uziunaite	8dde3b3dec	Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-05 15:41:58 +01:00
Elena Uziunaite	c256172b30	Replace MBEDTLS_SSL_HAVE_CCM with PSA_WANT_ALG_CCM Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-05 15:40:00 +01:00
Gilles Peskine	be6a47140b	Merge pull request #9365 from eleuzi01/replace-gcm Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM	2024-08-05 09:43:23 +00:00
Gilles Peskine	9c9a3df3bf	Merge pull request #9366 from eleuzi01/replace-chachapoly Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305	2024-08-02 14:26:27 +00:00
Elena Uziunaite	83a0d9deec	Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-02 09:52:20 +01:00
Elena Uziunaite	5c70c30655	Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-31 16:31:00 +01:00
Elena Uziunaite	74342c7c2b	Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-31 16:19:15 +01:00
Elena Uziunaite	6121a344dd	Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-30 18:42:19 +01:00
Elena Uziunaite	417d05f7c5	Replace MBEDTLS_ECP_HAVE_SECP256R1 with PSA_WANT_ECC_SECP_R1_256 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-29 11:31:20 +01:00
Bence Szépkúti	e7fdfdb913	Merge pull request #9123 from eleuzi01/replace-mbedtls-md-can-md5 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5	2024-07-18 16:17:25 +00:00
Paul Elliott	b449476595	Merge pull request #9354 from eleuzi01/replace-ecp-have-secp512r1 Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521	2024-07-18 15:55:41 +00:00
Paul Elliott	df772da34e	Merge pull request #9358 from eleuzi01/replace-curve Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts	2024-07-18 13:54:26 +00:00
Elena Uziunaite	b66a991f04	Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-18 14:31:59 +03:00
Gilles Peskine	9a75dddb5c	Merge pull request #9350 from eleuzi01/replace-ecp-have-secp224r1 Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224	2024-07-17 13:48:40 +00:00
Elena Uziunaite	b8d10876d1	Replace MBEDTLS_ECP_HAVE_BP*R1 with PSA_WANT counterparts Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-16 21:48:55 +03:00
Elena Uziunaite	24e24f2b5a	Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-16 21:43:30 +03:00
Elena Uziunaite	eaa0cf0de6	Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-16 17:00:31 +03:00
Gilles Peskine	cb854d5d19	Merge pull request #9356 from eleuzi01/replace-ecp-have-secp-k1 Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts	2024-07-16 13:57:46 +00:00
Elena Uziunaite	9e85c9f0f4	Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-15 12:11:55 +03:00
Elena Uziunaite	a363286c9f	Replace MBEDTLS_ECP_HAVE_SECP192R1 with PSA_WANT_ECC_SECP_R1_192 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-15 11:24:49 +03:00
Elena Uziunaite	0b5d48ebbf	Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-11 13:20:35 +03:00
Elena Uziunaite	0916cd702f	Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-11 11:13:35 +03:00
Gilles Peskine	4efd1645e8	Merge pull request #8983 from Troy-Butler/handle-null-args Fix NULL argument handling in mbedtls_xxx_free() functions	2024-07-04 14:50:55 +00:00
Ronald Cron	2cf41a273e	Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384	2024-07-04 08:56:52 +00:00
Elena Uziunaite	b476d4bf21	Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-03 10:20:41 +01:00
Elena Uziunaite	fcc9afaf9d	Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-02 11:08:04 +01:00
Tom Cosgrove	f41272099b	Merge pull request #9242 from sezrab/fix-function-parameter Fix incorrect array length in function prototype	2024-06-13 07:55:50 +00:00

1 2 3 4 5 ...

2059 Commits