mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-23 21:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,967 Commits 172 Branches 263 Tags
Commit Graph

2060 Commits

Author SHA1 Message Date
Harry Ramsey
0f6bc41a22 Update includes for each library file 
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-10-09 11:18:50 +01:00
Ronald Cron
8c95999b38
Merge pull request #9544 from eleuzi01/replace-224k1 
Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224
 2024-09-06 15:15:35 +00:00
Elena Uziunaite
63cb13e494 Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-05 12:43:14 +01:00
Elena Uziunaite
9fc5be09cb Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-04 18:12:59 +01:00
David Horstmann
1d98d9d861
Merge pull request #9526 from mpg/refactor-tls123-verif-dev 
Refactor tls123 verif dev
 2024-09-03 15:29:10 +00:00
Manuel Pégourié-Gonnard
5398e58fcd Fix guards around function now used by 1.3 as well 
Actually moved the function rather than trying to edit guards around it,
because the relevant guards are not nearby, the function was part of
larger blocks, so it seemed risky.

Also, that seems logically correct: the function is no longer part of
the "TLS 1.2 handshake functions common to server and client" section,
it's part of the "helper functions common to 1.2 and 1.3 server and
client" block. Ideally in the future perhaps the file structure should
reflect that (`ssl_generic.c` vs `ssl_tls12_generic.c`?) but that's out
of scope here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
9e3e991d04 Fix typos in comments 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
a040548747 Improve some comments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
19dd9f59bc Merge 1.2 and 1.3 certificate verification 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
908f57dfba Minor refactoring of generic SSL certificate verif 
Rename as there was a name collision with a static function in another
file: ssl_parse_certificate_verify in ssl_tls12_server.c is the function
that parses the CertificateVerify message, which seems appropriate. Here
it meant "the 'verify' step after parsing the Certificate message".
Use a name that focuses on what it does: verify, not parse.

Also, take ciphersuite_info as an argument: when TLS 1.3 calls this
function, it can pass NULL as the ciphersuite has no influence there.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
843a00dec6 Add support for context f_vrfy callback in 1.3 
This was only supported in 1.2 for no good reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
fd800c2416 Improve a variable's name 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
5bdadbb1eb Restrict the scope of a few variables 
In particular, make sure pointer variables are initialized right after
being declared.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
58ab9ba0bd Allow optional authentication of the server in 1.3 
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.

In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
5f9428ac8a Rm translation code for unused flag 
We don't check the non-standard nsCertType extension, so this flag can't
be set, so checking if it's set is useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
e5a916fd3c Simplify certificate curve check for 1.2 
The comments were about the time we were using mbedtls_pk_ec(), which
can return NULL, which we don't want to propagate to other functions.

Now we're using mbedtls_pk_get_ec_group_id() with is a safer interface
(and works even when EC is provided by drivers).

The check for GROUP_NONE was an heritage from the previous NULL check.
However it's actually useless: if NONE were returned (which can't happen
or parsing of the certificate would have failed and we wouldn't be
here), then mbedtls_ssl_check_curve() would work and just say that the
curve wasn't valid, which is OK.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
7a4aa4d133 Make mbedtls_ssl_check_cert_usage() work for 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
94f70228e9 Clean up mbedtls_ssl_check_cert_usage() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Gabor Mezei
c15ef93aa5
Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-08-28 18:20:25 +02:00
Elena Uziunaite
da41b60cef Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-13 09:58:00 +01:00
Elena Uziunaite
6b4cd48d24 Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-09 09:49:03 +01:00
Gilles Peskine
e1171bd26f
Merge pull request #9361 from eleuzi01/replace-key-aria 
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
 2024-08-08 15:41:01 +00:00
Gilles Peskine
9e54a4f5ba
Merge pull request #9369 from eleuzi01/replace-ecc-keys 
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
 2024-08-08 12:10:43 +00:00
Elena Uziunaite
51c85a0296 Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-07 11:33:14 +01:00
Elena Uziunaite
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:41:58 +01:00
Elena Uziunaite
c256172b30 Replace MBEDTLS_SSL_HAVE_CCM with PSA_WANT_ALG_CCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:40:00 +01:00
Gilles Peskine
be6a47140b
Merge pull request #9365 from eleuzi01/replace-gcm 
Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
 2024-08-05 09:43:23 +00:00
Gilles Peskine
9c9a3df3bf
Merge pull request #9366 from eleuzi01/replace-chachapoly 
Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
 2024-08-02 14:26:27 +00:00
Elena Uziunaite
83a0d9deec Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-02 09:52:20 +01:00
Elena Uziunaite
5c70c30655 Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:31:00 +01:00
Elena Uziunaite
74342c7c2b Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:19:15 +01:00
Elena Uziunaite
6121a344dd Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-30 18:42:19 +01:00
Elena Uziunaite
417d05f7c5 Replace MBEDTLS_ECP_HAVE_SECP256R1 with PSA_WANT_ECC_SECP_R1_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-29 11:31:20 +01:00
Bence Szépkúti
e7fdfdb913
Merge pull request #9123 from eleuzi01/replace-mbedtls-md-can-md5 
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
 2024-07-18 16:17:25 +00:00
Paul Elliott
b449476595
Merge pull request #9354 from eleuzi01/replace-ecp-have-secp512r1 
Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521
 2024-07-18 15:55:41 +00:00
Paul Elliott
df772da34e
Merge pull request #9358 from eleuzi01/replace-curve 
Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
 2024-07-18 13:54:26 +00:00
Elena Uziunaite
b66a991f04 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-18 14:31:59 +03:00
Gilles Peskine
9a75dddb5c
Merge pull request #9350 from eleuzi01/replace-ecp-have-secp224r1 
Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224
 2024-07-17 13:48:40 +00:00
Elena Uziunaite
b8d10876d1 Replace MBEDTLS_ECP_HAVE_BP*R1 with PSA_WANT counterparts 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-16 21:48:55 +03:00
Elena Uziunaite
24e24f2b5a Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-16 21:43:30 +03:00
Elena Uziunaite
eaa0cf0de6 Replace MBEDTLS_ECP_HAVE_SECP224R1 with PSA_WANT_ECC_SECP_R1_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-16 17:00:31 +03:00
Gilles Peskine
cb854d5d19
Merge pull request #9356 from eleuzi01/replace-ecp-have-secp-k1 
Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts
 2024-07-16 13:57:46 +00:00
Elena Uziunaite
9e85c9f0f4 Replace MBEDTLS_ECP_HAVE_SECP*K1 with PSA_WANT counterparts 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-15 12:11:55 +03:00
Elena Uziunaite
a363286c9f Replace MBEDTLS_ECP_HAVE_SECP192R1 with PSA_WANT_ECC_SECP_R1_192 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-15 11:24:49 +03:00
Elena Uziunaite
0b5d48ebbf Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-11 13:20:35 +03:00
Elena Uziunaite
0916cd702f Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-11 11:13:35 +03:00
Gilles Peskine
4efd1645e8
Merge pull request #8983 from Troy-Butler/handle-null-args 
Fix NULL argument handling in mbedtls_xxx_free() functions
 2024-07-04 14:50:55 +00:00
Ronald Cron
2cf41a273e
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00