Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / bcde39ca4a98b76ab0f37adc0de53d0527b13194^1..bcde39ca4a98b76ab0f37adc0de53d0527b13194 / .
commitbcde39ca4a98b76ab0f37adc0de53d0527b13194[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Thu Jun 30 15:10:02 2022 +0200
committerGitHub <noreply@github.com>Thu Jun 30 15:10:02 2022 +0200
treee67dd6f03b594e18fdfd9e6991c6d72c7b0ef3fb
parent31fcfd5632256991a455018b61084bb5b22b40f1 [diff]
parentd7adb3c7d99ba4a4fe3f8d16f949692174016027 [diff]
Merge pull request #5612 from tom-cosgrove-arm/tls13-config-options

Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3

Fully validated by the internal CI. No need to wait for the open one.
diff --git a/ChangeLog.d/tls13_and_keep_certificates.txt b/ChangeLog.d/tls13_and_keep_certificates.txt
new file mode 100644
index 0000000..8c2421f
--- /dev/null
+++ b/ChangeLog.d/tls13_and_keep_certificates.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+     when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other
+     dependencies explicit in the documentation. Fixes #5610.

diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index 6c39bc5..85219c3 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md

@@ -136,10 +136,16 @@
 
 - Compatibility with existing SSL/TLS build options:
 
-  The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the
-  sense that when enabling the TLS 1.3 MVP in the library there is no need to
-  modify the configuration for TLS 1.2. The MBEDTLS_USE_PSA_CRYPTO configuration
-  option is an exception though, the TLS 1.3 MVP is not compatible with it.
+  The TLS 1.3 MVP is compatible with nearly all TLS 1.2 configuration options
+  in the sense that when enabling the TLS 1.3 MVP in the library there is rarely
+  any need to modify the configuration from that used for TLS 1.2.
+
+  The exceptions to this are:
+
+  - The TLS 1.3 MVP is not compatible with MBEDTLS_USE_PSA_CRYPTO, so this option
+    must be disabled.
+  - The TLS 1.3 MVP requires MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SSL_KEEP_PEER_CERTIFICATE,
+    so these options must be enabled.
 
   Mbed TLS SSL/TLS related features are not supported or not applicable to the
   TLS 1.3 MVP:
@@ -152,12 +158,11 @@
   | MBEDTLS_SSL_DEBUG_ALL                    | no      |
   | MBEDTLS_SSL_ENCRYPT_THEN_MAC             | n/a     |
   | MBEDTLS_SSL_EXTENDED_MASTER_SECRET       | n/a     |
-  | MBEDTLS_SSL_KEEP_PEER_CERTIFICATE        | no      |
+  | MBEDTLS_SSL_KEEP_PEER_CERTIFICATE        | no (1)  |
   | MBEDTLS_SSL_RENEGOTIATION                | n/a     |
   | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH          | no      |
   |                                          |         |
   | MBEDTLS_SSL_SESSION_TICKETS              | no      |
-  | MBEDTLS_SSL_EXPORT_KEYS                  | no (1)  |
   | MBEDTLS_SSL_SERVER_NAME_INDICATION       | no      |
   | MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH       | no      |
   |                                          |         |
@@ -176,9 +181,10 @@
   | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED    | n/a     |
   | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED     | n/a     |
   |                                          |         |
+  | MBEDTLS_PSA_CRYPTO_C                     | no (1)  |
   | MBEDTLS_USE_PSA_CRYPTO                   | no      |
 
-  (1) Some support has already been upstreamed but it is incomplete.
+  (1) These options must remain in their default state of enabled.
   (2) Key exchange configuration options for TLS 1.3 will likely to be
       organized around the notion of key exchange mode along the line
       of the MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index bdc32e1..30ba3bc 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -729,6 +729,13 @@
 #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
 #endif
 
+/*
+ * The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE.
+ */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#error "MBEDTLS_SSL_PROTO_TLS1_3 defined without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+#endif
+
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) &&                                    \
     !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                          \
       defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                      \

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index e3e168b..6f8b7d6 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -1444,6 +1444,8 @@
  *       still ensure that certificates do not change during renegotiation,
  *       for example by keeping a hash of the peer's certificate.
  *
+ * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
+ *
  * Comment this macro to disable storing the peer's certificate
  * after the handshake.
  */
@@ -1502,6 +1504,8 @@
  *       See docs/architecture/tls13-support.md for a description of the TLS
  *       1.3 support that this option enables.
  *
+ * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ *
  * Uncomment this macro to enable the support for TLS 1.3.
  *
  */