Commit graph

9288 commits

Author SHA1 Message Date
Hanno Becker 08556bf8fb Improve structure of ssl_parse_cid_ext()
Group configuring CID values together.
2019-06-03 14:43:16 +01:00
Hanno Becker 064b732d11 Use unused extension ID as tentative ID for CID extension 2019-06-03 14:43:16 +01:00
Hanno Becker 554b6ea30a Correct compile-time guard around unhexify() in ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker a34ff5b9a2 Correct compile-time guard around CID extension writing func on srv 2019-06-03 14:43:16 +01:00
Hanno Becker b7ee0cf3f9 Make integer truncation explicit in mbedtls_ssl_set_cid() 2019-06-03 14:43:16 +01:00
Hanno Becker fcffdccb85 Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker dec2552a92 Change formating of CID debug output in ssl_client2/ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker b1f89cd602 Implement mbedtls_ssl_get_peer_cid() 2019-06-03 14:43:16 +01:00
Hanno Becker 9ecb6c676c Grep for dbg msg witnessing copying of CIDs to SSL transform 2019-06-03 14:43:16 +01:00
Hanno Becker 4bf7465840 Copy CIDs into SSL transform if use of CID has been negotiated 2019-06-03 14:43:16 +01:00
Hanno Becker 1327fa7d14 Add fields holding in/out CIDs to SSL record transformation struct
These will be copied from the CID fields in mbedtls_ssl_handshake_params
(outgoing CID) and mbedtls_ssl_context (incoming CID) when the transformation
is set up at the end of the handshake.
2019-06-03 14:43:16 +01:00
Hanno Becker a6a4c7623c Grep for dbg msg witnessing parsing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker a8373a11c0 Implement parsing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker 4bc9e9d3f6 Grep for dbg msg witnessing writing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker 51de2d3f69 Implement writing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker 7dee2c6369 Grep for dbg msg witnessing parsing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker 89dcc881d4 Implement parsing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker 6b78c83829 Grep for dbg msg witnessing writing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker 49770ffd93 Implement writing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker 189a01309f Check static bounds of CID lengths in check_config.h 2019-06-03 14:43:16 +01:00
Hanno Becker 0652bc50c7 Add identifier for CID extension
Note: The current draft

   https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04

does not yet specify the extension value, so we
use a temporary value of 42.
2019-06-03 14:43:16 +01:00
Hanno Becker f157a97b75 Modify CID tests in ssl-opt.sh to grep for CID config debug msgs 2019-06-03 14:43:16 +01:00
Hanno Becker ca092246a7 Allow configuring own CID fields through mbedtls_ssl_get_peer_cid() 2019-06-03 14:43:16 +01:00
Hanno Becker 2f28c1031f Add fields to SSL structures describing state and config of CID ext
* mbedtls_ssl_context gets fields indicating whether the CID extension
  should be negotiated in the next handshake, and, if yes, which CID
  the user wishes the peer to use.

  This information does not belong to mbedtls_ssl_handshake_params
  because (a) it is configured prior to the handshake, and (b) it
  applies to all subsequent handshakes.

* mbedtls_ssl_handshake_params gets fields indicating the state of CID
  negotiation during the handshake. Specifically, it indicates if the
  use of the CID extension has been negotiated, and if so, which CID
  the peer wishes us to use for outgoing messages.
2019-06-03 14:43:16 +01:00
Hanno Becker 35c36a6760 Guard CID implementations by MBEDTLS_SSL_CID 2019-06-03 14:42:08 +01:00
Hanno Becker 5f925be378 Indicate ssl-opt.sh CID tests only test the stub CID code 2019-06-03 14:42:08 +01:00
Hanno Becker f1f9a82320 Add warnings about status of implementation of CID API 2019-06-03 14:42:08 +01:00
Hanno Becker 9bae30d00d Fix use of requires_config_enabled in ssl-opt.sh
requires_config_enabled doesn't support multiple config options.
Tests having multiple configuration dependencies must be prefixed
with multiple invocations of requires_config_enabled instead.
2019-06-03 14:42:08 +01:00
Hanno Becker d029a2b57f Fix typo in CID test in ssl-opt.sh 2019-06-03 14:42:08 +01:00
Hanno Becker 957dd921f1 Print peer CID from ssl_client2 2019-06-03 14:42:08 +01:00
Hanno Becker 735c716e2a Print peer CID from ssl_server2 2019-06-03 14:42:08 +01:00
Hanno Becker 982182f342 Improve wording of CID debug msg in ssl_server2 example application 2019-06-03 14:42:08 +01:00
Hanno Becker 4f664cbb5c Clarify that mbedtls_ssl_set_cid() applies to all subsequent HSs 2019-06-03 14:42:08 +01:00
Hanno Becker 318a87b336 Document that the use of CID is disabled by default.
(Even if MBEDTLS_SSL_CID is set in config.h)
2019-06-03 14:42:08 +01:00
Hanno Becker 9742809531 Reference CID Draft in Connection ID documentation in config.h 2019-06-03 14:42:08 +01:00
Hanno Becker 7cf463e3cc Add basic Connection ID tests to ssl-opt.sh 2019-06-03 14:42:08 +01:00
Hanno Becker a7d2542248 ssl_server2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker 90cb359cf0 ssl_client2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker 1f583eecd8 ssl_client2: Add helper to unhexify binary command line data 2019-06-03 14:42:08 +01:00
Hanno Becker f8542cf620 Add dummy implementations for CID API 2019-06-03 14:42:08 +01:00
Hanno Becker f8c10269d1 Update version_features.c 2019-06-03 14:42:08 +01:00
Hanno Becker ebafe8b7cc Update query_config.c 2019-06-03 14:42:08 +01:00
Hanno Becker bb47cd906f Add dep of MBEDTLS_SSL_CID on MBEDTLS_SSL_PROTO_DTLS to config check 2019-06-03 14:42:08 +01:00
Hanno Becker 019f4b58de Add API for the use of the DTLS Connection ID extension 2019-06-03 14:42:08 +01:00
Hanno Becker 2234e650f7 Add new configuration option controlling CID extension 2019-06-03 14:42:08 +01:00
Jaeden Amero 7be9b4e932 Merge remote-tracking branch 'origin/pr/2664' into development
* origin/pr/2664:
  test: Always use `make clean` by itself
2019-06-03 09:56:07 +01:00
Jaeden Amero 3b025ac52b test: Always use make clean by itself
When running make with parallelization, running both "clean" and "lib"
with a single make invocation can lead to each target building in
parallel. It's bad if lib is partially done building something, and then
clean deletes what was built. This can lead to errors later on in the
lib target.

    $ make -j9 clean lib
      CC    aes.c
      CC    aesni.c
      CC    arc4.c
      CC    aria.c
      CC    asn1parse.c
      CC    ./library/error.c
      CC    ./library/version.c
      CC    ./library/version_features.c
      AR    libmbedcrypto.a
    ar: aes.o: No such file or directory
    Makefile:120: recipe for target 'libmbedcrypto.a' failed
    make[2]: *** [libmbedcrypto.a] Error 1
    Makefile:152: recipe for target 'libmbedcrypto.a' failed
    make[1]: *** [libmbedcrypto.a] Error 2
    Makefile:19: recipe for target 'lib' failed
    make: *** [lib] Error 2
    make: *** Waiting for unfinished jobs....

To avoid this sort of trouble, always invoke clean by itself without
other targets throughout the library. Don't run clean in parallel with
other rules. The only place where clean was run in parallel with other
targets was in list-symbols.sh.
2019-05-31 12:47:07 +01:00
Jaeden Amero 2ab5cf658f Merge remote-tracking branch 'origin/pr/2403' into development
* origin/pr/2403: (24 commits)
  crypto: Update to Mbed Crypto 8907b019e7
  Create seedfile before running tests
  crypto: Update to Mbed Crypto 81f9539037
  ssl_cli.c : add explicit casting to unsigned char
  Generating visualc files - let Mbed TLS take precedence over crypto
  Add a link to the seedfile for out-of-tree cmake builds
  Adjust visual studio file generation to always use the crypto submodule
  all.sh: unparallelize mingw tests
  all.sh - disable parallelization for shared target tests
  config.pl: disable PSA_ITS_FILE and PSA_CRYPTO_STORAGE for baremetal
  all.sh: unset crypto storage define in a psa full config cmake asan test
  all.sh: unset FS_IO-dependent defines for tests that do not have it
  curves.pl - change test script to not depend on the implementation
  Export the submodule flag to sub-cmakes
  Disable MBEDTLS_ECP_RESTARTABLE in full config
  Export the submodule flag to sub-makes
  Force the usage of crypto submodule
  Fix crypto submodule usage in Makefile
  Documentation rewording
  Typo fixes in documentation
  ...
2019-05-23 09:08:55 +01:00
Jaeden Amero a542bb6de6 Merge remote-tracking branch 'origin/pr/2647' into development
* origin/pr/2647:
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
2019-05-23 09:08:41 +01:00
Jaeden Amero bb7a582865 Merge remote-tracking branch 'origin/pr/2655' into development
* origin/pr/2655:
  Add negative test for malformed SAN
  Set next sequence of subject_alt_names to NULL
2019-05-23 09:08:01 +01:00