Broadly, the file `ssl_tls.c` functionality from two categories:
1) An implementation of the TLS and DTLS messaging layer, that is,
the record layer as well as the DTLS retransmission state machine.
2) Handshake parsing and writing functions shared between client and
server (functions specific to either client or server are implemented
in ssl_cli.c and ssl_srv.c, respectively).
This commit is a first step towards separating those functionalities
by moving a number of messaging layer related functions from ssl_tls.c
to the newly created (and thus far empty) ssl_msg.c.
Because of implementation-specific dependencies between handshake logic
and messaging layer, a number of internal SSL functions are currently
used from both the handshake and the messaging layer. Those functions
will need to made public internal (i.e. declared in the mbedtls_ name-
space in ssl_internal.h), but this is left for the next commit in order
to ease review through `git diff --color-moved`. Also, the analysis of
whether their use can/should be restricted to either ssl_tls.c or ssl_msg.c
is left for future commits.
This commit is the first step in implementing the TLS handshake logic
and the low-level (D)TLS messaging functionality (record layer and
retransmission state machine) in separate source files. So far, they're
both implemented in ssl_tls.c.
To begin, this commit creates unmodified copies ssl_tls_old.c and ssl_msg.c
of ssl_tls.c, which in turn is deleted. Subsequent commits will then rename
ssl_tls_old.c back into ssl_tls.c and remove code so that each piece of
functionality is contained in precisely one of ssl_tls.c or ssl_msg.c.
This approach allows to maintain the git line history.
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes#3005.
This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink.
ssl_decompress_buf() was operating on data from the ssl context, but called at
a point where this data is actually in the rec structure. Call it later so
that the data is back to the ssl structure.
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
If there was a fatal error (bizarre behavior from the standard
library, or missing test data file), execute_tests did not close the
outcome file. Fix this.
The library style is to start with the includes corresponding to the
current module and then the rest in alphabetical order. Some modules
have several header files (eg. ssl_internal.h).
The recently added error.h includes did not respect this convention and
this commit restores it. In some cases this is not possible just by
moving the error.h declarations. This commit fixes the pre-existing
order in these instances too.
Now that the Error module has error codes as well and is processed by
the generate_errors script like any other module, we don't need to
include the header manually.
