yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
22632 commits 89 branches 205 tags 114 MiB
Commit graph

384 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 07018f97d2 Make legacy_or_psa.h public. 
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:02:48 +02:00
Przemyslaw Stekiel 004c2181f0 ssl_misc.h: hash guards adaptations 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 11:00:57 +02:00
Przemek Stekiel 153b442cc3 mbedtls_ssl_tls13_sig_alg_is_supported: adapt guards 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Jerry Yu db8c5faed7 Add getting session ticket for client 
- Move ssl_get_psk_to_offer to `ssl_tls13_client.c`
- Rename to `ssl_tls13_get_psk_to_offer`
- Add session ticket parser

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Andrzej Kurek cccb044804 Style & formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-23 05:26:02 -04:00
Andrzej Kurek 25f271557b Update SHA and MD5 dependencies in the SSL module 
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Andrzej Kurek a242e83b21 Rename the sha384 checksum context to reflect its purpose 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:02:04 -04:00
Jerry Yu 95b743ca17 Rename get_pk_type_and_md_alg 
The function is for both tls12 and tls13 now.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Manuel Pégourié-Gonnard f6b8c3297a
Merge pull request #6065 from mpg/explore2 
Driver-only hashes: RSA 1.5 and PK + strategy doc
 2022-07-28 10:43:38 +02:00
Ronald Cron 340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks 
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
 2022-07-23 08:50:45 +02:00
Ronald Cron 4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk 
Add psk code to tls13 client side
 2022-07-22 11:35:05 +02:00
XiaokangQian 3ad67bf4e3 Rename functions and add test messages 
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian 8698195566 Address comments of various issues 
Improve comments
Change coding style
Rename functions

Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian adab9a6440 Fix transcript issues and add cases against openssl 
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian 008d2bf80b Address comments in psk client review 
Improve comments
Refine cipher suite related code in psk
Refine get_psk_offered()

Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian eb69aee6af Add psk code to tls13 client side 
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
Jerry Yu 96a2e368dc TLS 1.3: Add pre-shared-key multiple psk parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 18:00:13 +08:00
Jerry Yu 6dcd18d55b export hdr checksum function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Ronald Cron bc817bac76 TLS 1.3: Limit scope of tls13_kex_modes handshake field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-21 09:43:53 +02:00
Ronald Cron 853854958f TLS 1.3: Add selected key exchange mode field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:49:22 +02:00
Manuel Pégourié-Gonnard abac037a7b Migrate from old inline to new actual function. 
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-18 21:28:38 +02:00
Ronald Cron ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Ronald Cron 0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Jerry Yu 52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Jerry Yu cc5391048e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:30 +08:00
Jerry Yu ee28e7a21d add tests for select sig alg 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:17:06 +08:00
Jerry Yu a1255e6b8c fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu 80dd5db808 Remove pkcs1 from certificate verify. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu 5ef71f2723 remove rsa_pkcs1_* from tls13 support list 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu 96ee23eb88 fix tls12 openssl/gnutls server fail 
To test version negotiation with tls12 OpenSSL/GnuTLS server, If
`rsa_pss_rsae_*` were sent to server before `rsa_pkcs_*`, server
will return `rsa_pss_rsae_*` as key exchange sig alg. OpenSSL/GnuTLS
can work with this case. mbedTLS will fail due to `rsa_pss_rsae_*`
unsupported.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu 0c6be8f863 move big function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu d099cf0325 fix unused variable issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:47 +08:00
Jerry Yu 6babfee178 remove out of scope codes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:46 +08:00
Jerry Yu fb526693c1 Rename sig_alg cert_key check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:45 +08:00
Jerry Yu 7ab7f2b184 Remove pkcs1 from certificate_verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:44 +08:00
Jerry Yu 08524c55f9 remove pkcs1_* support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:44 +08:00
Jerry Yu 0ebce95785 create tls12/tls13 sig alg support check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:43 +08:00
Jerry Yu f249ef7821 refactor get sig algo from pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:40 +08:00
Glenn Strauss 999ef70b27 Add accessors to config DN hints for cert request 
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-28 12:43:59 -04:00
Ronald Cron cf600bc07c Comment fixes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron ad8c17b9c6 tls: Add overread/overwrite check failure tracking 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
XiaokangQian c740345c5b Adress review comments 
Change Code styles
Add test cases

Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-23 03:24:12 +00:00
XiaokangQian acb3992251 Add ALPN extension to the server side 
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-22 06:34:58 +00:00
Manuel Pégourié-Gonnard a82a8b9f4b Mark internal int SSL functions CHECK_RETURN_CRITICAL 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:55 +02:00
Gilles Peskine e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix 
Add a client hello cookie_len overflow test
 2022-06-20 19:35:54 +02:00
XiaokangQian 81802f43a2 Select certificate base on the received signature list 
Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-13 03:58:06 +00:00
Andrzej Kurek 078e9bcda6 Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-08 11:47:33 -04:00
Andrzej Kurek cfb01948c8 Add cookie parsing tests to test_suite_ssl 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:29:15 -04:00
XiaokangQian 9b2b7716b0 Change mbedtls_ssl_parse_server_name_ext base on comments 
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 40a3523eb7 Add support of server name extension to server side 
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 63e713e8ab Fix comments 
Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian c3017f620f Remove useless guards and refine checking 
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:10 +00:00
XiaokangQian 189ded2b07 Remove coordinate functions and change state machine in server side 
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:46:13 +00:00
Neil Armstrong 8395d7a37d Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:24:34 +02:00
Ronald Cron 9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext 
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
 2022-05-17 17:01:55 +02:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Gabor Mezei 53a3b14823
Update documntation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei 3631cf693a
Rename signiture algorithm macros to better suite with TLS 1.2 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:19 +02:00
Gabor Mezei 24c7c2be08
Unify MBEDTLS_TLS_SIG_NONE macro definition for TLS 1.2 and 1.3 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function 
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei 15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3 
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei 1a3be088bf
Reorder defines to use previous definitions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:18 +02:00
Gabor Mezei 078e803d2c
Unify parsing of the signature algorithms extension 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:08 +02:00
Paul Elliott d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request 
TLS1.3: Add  HelloRetryRequest Write
 2022-05-10 17:25:33 +01:00
Manuel Pégourié-Gonnard 9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks 
Unify non-opaque and opaque PSKs
 2022-05-09 10:15:16 +02:00
Jerry Yu 6a2cd9ebf5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:08 +08:00
Jerry Yu fbe3e64b76 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:03 +08:00
Jerry Yu 582dd069b7 Add HRR handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:01 +08:00
Jerry Yu 93a13f2c38 Share magic word of HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
XiaokangQian eaf3651e31 Rebase and solve conflicts 
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext

Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Neil Armstrong 80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong 044a32c4c6 Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong 501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Gilles Peskine 8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup 
Cipher cleanup: abstract TLS mode
 2022-04-28 12:33:38 +02:00
Ronald Cron eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Manuel Pégourié-Gonnard 55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context 
TLS ECDH 4: remove legacy context
 2022-04-22 14:27:06 +02:00
Neil Armstrong f2c82f0a3b Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong ccc074e44d Use correct condition to use encrypt_then_mac in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong 4bf4c8675f Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:59 +02:00
Neil Armstrong 8a0f3e8cf0 Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 14:25:26 +02:00
Jerry Yu 89e103c54c tls13: Share write ecdh_key_exchange function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Ronald Cron 38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
XiaokangQian 4e8cd7b903 Remove useless selected_group 
Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 13:30:18 +00:00
XiaokangQian 0a1b54ed73 Minor change the place of some functions 
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 03:01:38 +00:00
XiaokangQian 75d40ef8cb Refine code base on review 
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 11:05:24 +00:00
XiaokangQian 318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
XiaokangQian 0803755347 Update code base on review comments 
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes

Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:50:14 +00:00
XiaokangQian cfd925f3e8 Fix comments and remove hrr related code 
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian 9b5d04b078 Share parse_key_share() between client and server 
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian 7ac3ab3404 Add hello retry request count for server 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
Ronald Cron 217d699d85 Fix Doxygen marks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:28:51 +02:00
Glenn Strauss bbdc83b55b Use mbedtls_ssl_protocol_version in public structs 
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss cd78df6aa4 handshake->min_minor_ver to ->min_tls_version 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss 60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Glenn Strauss 2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:39:43 -04:00
Glenn Strauss 07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version 
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:23:54 -04:00