yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21413 commits 1 branch 0 tags 94 MiB
Commit graph

1718 commits

Author SHA1 Message Date
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk 
Add psk code to tls13 client side
 2022-07-22 11:35:05 +02:00
XiaokangQian
adab9a6440 Fix transcript issues and add cases against openssl 
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
Jerry Yu
1c105560b4 add offered psks parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
6dcd18d55b export hdr checksum function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
fca4d579a4 fix various issues 
- unnecessary comments
- format issue
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 10:37:48 +08:00
Jerry Yu
251a12e942 Add dummy session save 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:40:59 +08:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function. 
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-18 21:28:38 +02:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Neil Armstrong
971f30d917 Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 16:23:50 +02:00
Jerry Yu
52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Neil Armstrong
96eceb8022 Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:05 +02:00
Jerry Yu
2fe6c638e2 remove supported check from parse sig algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Jerry Yu
660cb4209c Remove pkcs1 from key cert and sig alg map 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Jerry Yu
71b18844ff fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:19:49 +08:00
Jerry Yu
cc5391048e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:30 +08:00
Jerry Yu
430db6b6ff Remove hack fix for server hybrid issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu
a1255e6b8c fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu
9bb3ee436b Revert rsa_pss_rsae_* support for tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu
53f5c15155 Add debug message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu
80dd5db808 Remove pkcs1 from certificate verify. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu
d4a71a57a8 Add tls12 algorithms in hybrid mode client hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu
6272c4d4aa Revert unnecessary space change 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu
ba5e379697 Revert order of default sig_algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu
3f71ca0941 Remove rsa_pss_rsae_* from tls12 sig_algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu
0c6be8f863 move big function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu
3896ac6e5b fix ordered sig algs fail for openssl 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:06 +08:00
Jerry Yu
f3b46b5082 Add debug message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:05 +08:00
Jerry Yu
f55886a217 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:46 +08:00
Jerry Yu
f0cda410a4 remove default sig_hashes 
And add pss_rsae_* sig_algs to fix
`Handshake TLS 1.3` test fails, which
is part of `test_suite_ssl`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:45 +08:00
Glenn Strauss
999ef70b27 Add accessors to config DN hints for cert request 
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-28 12:43:59 -04:00
Neil Armstrong
9f1176a793 Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests 
TLS 1.3: Enable and add tests
 2022-06-28 09:15:17 +02:00
Ronald Cron
ad8c17b9c6 tls: Add overread/overwrite check failure tracking 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
1938588e80 tls13: Align some debug messages with TLS 1.2 ones 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
XiaokangQian
0b776e282a Change some comments for alpn 
Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 09:04:59 +00:00
XiaokangQian
95d5f549f1 Fix coding styles 
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 05:42:15 +00:00
XiaokangQian
c740345c5b Adress review comments 
Change Code styles
Add test cases

Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-23 03:24:12 +00:00
XiaokangQian
acb3992251 Add ALPN extension to the server side 
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-22 06:34:58 +00:00
Manuel Pégourié-Gonnard
a3115dc0e6 Mark static int SSL functions CHECK_RETURN_CRITICAL 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard
66b0d61718 Add comments when can_do() is safe to use 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:29 +02:00
XiaokangQian
75fe8c7e54 Change place of ssl_tls13_check_ephemeral_key_exchange 
Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-15 09:42:45 +00:00
XiaokangQian
129aeb9b0e Update test cases and support sni ca override 
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-02 09:29:18 +00:00
XiaokangQian
f2a942073e Fix SNI test failure 
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian
9b2b7716b0 Change mbedtls_ssl_parse_server_name_ext base on comments 
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian
40a3523eb7 Add support of server name extension to server side 
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
Neil Armstrong
8395d7a37d Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:24:34 +02:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext 
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
 2022-05-17 17:01:55 +02:00
Gabor Mezei
696956da24
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-13 17:02:19 +02:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Gabor Mezei
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei
3631cf693a
Rename signiture algorithm macros to better suite with TLS 1.2 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function 
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei
15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3 
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei
078e803d2c
Unify parsing of the signature algorithms extension 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:08 +02:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks 
Unify non-opaque and opaque PSKs
 2022-05-09 10:15:16 +02:00
XiaokangQian
aad9b0a286 Update code base on comments 
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-09 01:11:21 +00:00
XiaokangQian
eaf3651e31 Rebase and solve conflicts 
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext

Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-05 14:01:49 +02:00
Neil Armstrong
80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
044a32c4c6 Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Przemek Stekiel
169bf0b8b0 Fix comments (#endif flags) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-29 07:53:29 +02:00
Gilles Peskine
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup 
Cipher cleanup: abstract TLS mode
 2022-04-28 12:33:38 +02:00
Przemek Stekiel
8a4b7fd7c3 Optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 10:21:03 +02:00
Przemek Stekiel
8abcee9290 Fix typos 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-28 09:16:28 +02:00
Neil Armstrong
2230e6c06d Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:36:14 +02:00
Gilles Peskine
301711e96e Simplify mbedtls_ssl_get_base_mode 
Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and
non-USE_PSA_CRYPTO definitions independent.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Gilles Peskine
e108d987ea Simplify mbedtls_ssl_get_mode 
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-27 10:28:55 +02:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:34 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
51a1f36be0 setup_psa_key_derivation(): change salt parameter to other_secret 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
c2033409e3 Add support for psa rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
ae4ed30435 Fix naming: random bytes are the seed (not salt) in derivation process 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Przemek Stekiel
1f02703e53 setup_psa_key_derivation(): add optional salt parameter 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context 
TLS ECDH 4: remove legacy context
 2022-04-22 14:27:06 +02:00
Neil Armstrong
f2c82f0a3b Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ccc074e44d Use correct condition to use encrypt_then_mac in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
d1be7674a4 Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
6b27c97a91 Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
a0eeb7f470 Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
7fea33ea4d Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
4bf4c8675f Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong
8a0f3e8cf0 Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
XiaokangQian
4d3a60475c Change default config version to development style 
Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:46:17 +00:00
XiaokangQian
060d867598 Update parse_key_share in server side and version config 
Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 09:24:56 +00:00
XiaokangQian
75d40ef8cb Refine code base on review 
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 11:05:24 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases 
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments 
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues 
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks 
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:39:43 -04:00