mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-11 18:40:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,599 Commits 170 Branches 263 Tags
Commit Graph

13420 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
843a00dec6 Add support for context f_vrfy callback in 1.3 
This was only supported in 1.2 for no good reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
fd800c2416 Improve a variable's name 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
5bdadbb1eb Restrict the scope of a few variables 
In particular, make sure pointer variables are initialized right after
being declared.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Ronald Cron
bfbecf8b34 tls13: Add support for trusted certificate callback 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
6901504ddb Allow no authentication of the server in 1.3 
See notes about optional two commits ago for why we're doing this.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
58ab9ba0bd Allow optional authentication of the server in 1.3 
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.

In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
aefc5938b0 Add comments about 1.3 server sending no cert 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
5f9428ac8a Rm translation code for unused flag 
We don't check the non-standard nsCertType extension, so this flag can't
be set, so checking if it's set is useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
e5a916fd3c Simplify certificate curve check for 1.2 
The comments were about the time we were using mbedtls_pk_ec(), which
can return NULL, which we don't want to propagate to other functions.

Now we're using mbedtls_pk_get_ec_group_id() with is a safer interface
(and works even when EC is provided by drivers).

The check for GROUP_NONE was an heritage from the previous NULL check.
However it's actually useless: if NONE were returned (which can't happen
or parsing of the certificate would have failed and we wouldn't be
here), then mbedtls_ssl_check_curve() would work and just say that the
curve wasn't valid, which is OK.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
7a4aa4d133 Make mbedtls_ssl_check_cert_usage() work for 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
94f70228e9 Clean up mbedtls_ssl_check_cert_usage() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Gilles Peskine
99b57bd35a
Merge pull request #1272 from eleuzi01/forward-1263 
Fix 1.3 cli-auth optional reporting of (ext)KeyUsage issues
 2024-08-28 19:38:36 +02:00
Gilles Peskine
805ac15e2d
Merge pull request #9244 from waleed-elmelegy-arm/fix-tls13_parse_client_hello-issue 
Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello()
 2024-08-22 18:56:27 +00:00
Manuel Pégourié-Gonnard
4956e32538 Fix 1.3 failure to update flags for (ext)KeyUsage 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-16 17:23:47 +01:00
Sergey Markelov
4ed0fded12 Fix Mbed-TLS build when WIN32_LEAN_AND_MEAN macro is defined globally 
Signed-off-by: Sergey Markelov <sergey@solidstatenetworks.com>
 2024-08-14 15:15:14 -07:00
Elena Uziunaite
da41b60cef Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-13 09:58:00 +01:00
Gilles Peskine
b8457fff9f
Merge pull request #9353 from eleuzi01/replace-ecp-have-secp384r1 
Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384
 2024-08-12 14:37:10 +00:00
Gilles Peskine
0858fdca38
Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188 
Fix build of v3.6 (issues #9186 and #9188)
 2024-08-12 09:34:17 +00:00
Michael Schuster
1da4ed1df8 Move the -Wmissing-prototypes option from library/CMakeLists.txt to the top-level CMakeLists.txt for GCC & Clang 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:29:58 +01:00
Michael Schuster
7e39028628 Fix build of v3.6 with unset MBEDTLS_DHM_C but MBEDTLS_USE_PSA_CRYPTO set (fixes #9188) 
Avoid compiler warning about size comparison (like in commit 7910cdd):

Clang builds fail, warning about comparing uint8_t to a size that may be >255.

Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:27:44 +01:00
Michael Schuster
4394067071 Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset (fixes #9186) 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:27:44 +01:00
Elena Uziunaite
6b4cd48d24 Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-09 09:49:03 +01:00
Gilles Peskine
aacbc622a4
Merge pull request #9453 from gilles-peskine-arm/psa-keystore-dynamic-prep-4.0 
Prepare for dynamic key store
 2024-08-09 08:00:06 +00:00
Gilles Peskine
e1171bd26f
Merge pull request #9361 from eleuzi01/replace-key-aria 
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
 2024-08-08 15:41:01 +00:00
Gilles Peskine
9e54a4f5ba
Merge pull request #9369 from eleuzi01/replace-ecc-keys 
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
 2024-08-08 12:10:43 +00:00
Gilles Peskine
dc10825ab9 MBEDTLS_STATIC_ASSERT: make it work outside of a function 
At the top level, the macro would have had to be used without a following
semicolon (except with permissive compilers that accept spurious semicolons
outside of a function), which is confusing to humans and indenters. Fix
that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-07 12:39:05 +02:00
Elena Uziunaite
51c85a0296 Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-07 11:33:14 +01:00
Elena Uziunaite
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:41:58 +01:00
Elena Uziunaite
c256172b30 Replace MBEDTLS_SSL_HAVE_CCM with PSA_WANT_ALG_CCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:40:00 +01:00
Gilles Peskine
be6a47140b
Merge pull request #9365 from eleuzi01/replace-gcm 
Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
 2024-08-05 09:43:23 +00:00
Gilles Peskine
9c9a3df3bf
Merge pull request #9366 from eleuzi01/replace-chachapoly 
Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
 2024-08-02 14:26:27 +00:00
Elena Uziunaite
83a0d9deec Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-02 09:52:20 +01:00
Elena Uziunaite
5c70c30655 Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:31:00 +01:00
Elena Uziunaite
74342c7c2b Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:19:15 +01:00
Elena Uziunaite
6121a344dd Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-30 18:42:19 +01:00
Elena Uziunaite
417d05f7c5 Replace MBEDTLS_ECP_HAVE_SECP256R1 with PSA_WANT_ECC_SECP_R1_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-29 11:31:20 +01:00
Ronald Cron
901a675238 Adapt make build system 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-19 10:07:27 +02:00
Ronald Cron
088a1ab081 make: Fix object clean-up 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-19 09:58:35 +02:00
Bence Szépkúti
e7fdfdb913
Merge pull request #9123 from eleuzi01/replace-mbedtls-md-can-md5 
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
 2024-07-18 16:17:25 +00:00
Paul Elliott
b449476595
Merge pull request #9354 from eleuzi01/replace-ecp-have-secp512r1 
Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521
 2024-07-18 15:55:41 +00:00
Paul Elliott
df772da34e
Merge pull request #9358 from eleuzi01/replace-curve 
Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
 2024-07-18 13:54:26 +00:00
Elena Uziunaite
b66a991f04 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-18 14:31:59 +03:00
Gilles Peskine
9a75dddb5c
Merge pull request #9350 from eleuzi01/replace-ecp-have-secp224r1 
Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224
 2024-07-17 13:48:40 +00:00
Elena Uziunaite
b8d10876d1 Replace MBEDTLS_ECP_HAVE_BP*R1 with PSA_WANT counterparts 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-16 21:48:55 +03:00
Elena Uziunaite
24e24f2b5a Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-16 21:43:30 +03:00
Elena Uziunaite
eaa0cf0de6 Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-16 17:00:31 +03:00
Gilles Peskine
cb854d5d19
Merge pull request #9356 from eleuzi01/replace-ecp-have-secp-k1 
Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts
 2024-07-16 13:57:46 +00:00
Elena Uziunaite
9e85c9f0f4 Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-15 12:11:55 +03:00
Elena Uziunaite
a363286c9f Replace MBEDTLS_ECP_HAVE_SECP192R1 with PSA_WANT_ECC_SECP_R1_192 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-15 11:24:49 +03:00
Elena Uziunaite
0b5d48ebbf Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-11 13:20:35 +03:00