Commit graph

9076 commits

Author SHA1 Message Date
Jarno Lamsa 8a91c0650a Add tests for re-init flow for context serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa b5ff6a4ced Add option for ssl-context re-initialization flow 2019-06-18 11:50:11 +03:00
Jarno Lamsa bff4a91827 Fix spacing 2019-06-18 11:50:11 +03:00
Jarno Lamsa f4f8ed7e82 Allow stub implementation of the context_save for now 2019-06-18 11:50:11 +03:00
Jarno Lamsa 5737ec97a6 Address review comments for code-style issues 2019-06-18 11:50:11 +03:00
Jarno Lamsa 38061f4a17 Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-06-18 11:50:11 +03:00
Jarno Lamsa cc281b8a54 ssl-opt.sh tests for serialization are currently using stub implementation 2019-06-18 11:50:11 +03:00
Jarno Lamsa dcfc2a7364 Add missing slashes to tests 2019-06-18 11:50:11 +03:00
Jarno Lamsa fa45e6005e Add serialization tests to ssl-opt.sh 2019-06-18 11:50:11 +03:00
Jarno Lamsa cf1b6724c9 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-06-18 11:50:11 +03:00
Jarno Lamsa f457293b57 Serialize/deserialize for ssl_server2 2019-06-18 11:50:11 +03:00
Jarno Lamsa 654e8de163 Rely on opt.exchanges for sending after serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa d736d08618 Serialization/deserialization in ssl_client2 2019-06-18 11:50:11 +03:00
Jarno Lamsa 0ea3cfe5bf Add option for serialization in ssl_client/server2 2019-06-18 11:50:11 +03:00
Manuel Pégourié-Gonnard 11d3282f5a Add a ChangeLog entry. 2019-06-18 10:34:15 +02:00
Manuel Pégourié-Gonnard c84511fb1f Add check for undocumented positive option 2019-06-18 10:32:25 +02:00
Manuel Pégourié-Gonnard 41efa2109e Improve documentation of PROTO_NO_TLS 2019-06-18 10:28:52 +02:00
Manuel Pégourié-Gonnard 7667afd4fc Clarify documentation of mbedtls_ssl_context_load() 2019-06-18 10:09:27 +02:00
Manuel Pégourié-Gonnard cc71c77b5d Fix typos, grammar and wording in documentation 2019-06-18 10:09:27 +02:00
Manuel Pégourié-Gonnard d87601e3ef Declare and document ssl_context_save()/load()
Also introduce stub definitions so that things compile and link.
2019-06-18 10:09:27 +02:00
Manuel Pégourié-Gonnard 91fa5bade3 Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION
This is enabled by default as we generally enable things by default unless
there's a reason not to (experimental, deprecated, security risk).

We need a compile-time option because, even though the functions themselves
can be easily garbage-collected by the linker, implementing them will require
saving 64 bytes of Client/ServerHello.random values after the handshake, that
would otherwise not be needed, and people who don't need this feature
shouldn't have to pay the price of increased RAM usage.
2019-06-18 10:09:27 +02:00
Hanno Becker 1abb159e90 Merge branch 'mbedtls-2.16' into baremetal 2019-06-18 09:00:37 +01:00
Simon Butcher c725e4b34e Merge remote-tracking branch 'origin/pr/590' into baremetal 2019-06-17 17:57:26 +01:00
Simon Butcher 01a8eb21d3 Merge remote-tracking branch 'origin/pr/585' into baremetal 2019-06-17 17:53:41 +01:00
Simon Butcher c107850c2c Merge remote-tracking branch 'origin/pr/580' into baremetal 2019-06-17 17:48:06 +01:00
Simon Butcher 62d03b2779 Merge remote-tracking branch 'origin/pr/577' into baremetal 2019-06-17 17:46:32 +01:00
Manuel Pégourié-Gonnard ba8b1eb5d9 Use negated option for controlling TLS support.
A positive option looks better, but comes with the following compatibility
issue: people using a custom config.h that is not based on the default
config.h and need TLS support would need to manually change their config in
order to still get TLS.

Work around that by making the public option negative. Internally the positive
option is used, though.

In the future (when preparing the next major version), we might want to switch
back to a positive option as this would be more consistent with other options
we have.
2019-06-17 15:26:34 +02:00
Jaeden Amero 418e7611f6 Merge remote-tracking branch 'origin/pr/2484' into mbedtls-2.16
* origin/pr/2484:
  Correct placement of ChangeLog entry
  Improve documentation of mbedtls_x509_get_ext()
  Adapt ChangeLog
  Always return a high-level error code from X.509 module
  Obey bounds of ASN.1 substructures
2019-06-14 15:28:42 +01:00
Jaeden Amero 8f27b4455c Merge remote-tracking branch 'origin/pr/2695' into mbedtls-2.16
* origin/pr/2695:
  UDP proxy: Don't attempt to dissect dgram into records when dropping
2019-06-14 08:55:47 +01:00
Jaeden Amero 342223e72c Merge remote-tracking branch 'origin/pr/2676' into mbedtls-2.16
* origin/pr/2676:
  Show removed symbols in abi check
2019-06-14 08:54:50 +01:00
Jaeden Amero cfb0454b1c Merge remote-tracking branch 'origin/pr/2673' into mbedtls-2.16
* origin/pr/2673:
  Remove all abi dumps, not just ones shared between versions
2019-06-14 08:54:04 +01:00
Jaeden Amero 7aed01c0dc Merge remote-tracking branch 'origin/pr/2481' into mbedtls-2.16
* origin/pr/2481:
  Document support for MD2 and MD4 in programs/x509/cert_write
  Correct name of X.509 parsing test for well-formed, ill-signed CRT
  Add test cases exercising successful verification of MD2/MD4/MD5 CRT
  Add test case exercising verification of valid MD2 CRT
  Add MD[245] test CRTs to tree
  Add instructions for MD[245] test CRTs to tests/data_files/Makefile
  Add suppport for MD2 to CSR and CRT writing example programs
  Convert further x509parse tests to use lower-case hex data
  Correct placement of ChangeLog entry
  Adapt ChangeLog
  Use SHA-256 instead of MD2 in X.509 CRT parsing tests
  Consistently use lower case hex data in X.509 parsing tests
2019-06-14 08:50:47 +01:00
Jaeden Amero 1adf212a1b Merge remote-tracking branch 'origin/pr/2497' into mbedtls-2.16
* origin/pr/2497:
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:48:54 +01:00
Hanno Becker bcf97ec18c UDP proxy: Don't attempt to dissect dgram into records when dropping
To prevent dropping the same message over and over again, the UDP proxy
test application programs/test/udp_proxy _logically_ maintains a mapping
from records to the number of times the record has already been dropped,
and stops dropping once a configurable threshold (currently 2) is passed.

However, the actual implementation deviates from this logical view
in two crucial respects:
- To keep the implementation simple and independent of
  implementations of suitable map interfaces, it only counts how
  many times a record of a given _size_ has been dropped, and
  stops dropping further records of that size once the configurable
  threshold is passed. Of course, this is not fail-proof, but a
  good enough approximation for the proxy, and it allows to use
  an inefficient but simple array for the required map.
- The implementation mixes datagram lengths and record lengths:
  When deciding whether it is allowed to drop a datagram, it
  uses the total datagram size as a lookup index into the map
  counting the number of times a package has been dropped. However,
  when updating this map, the UDP proxy traverses the datagram
  record by record, and updates the mapping at the level of record
  lengths.

Apart from this inconsistency, the current implementation suffers
from a lack of bounds checking for the parsed length of incoming
DTLS records that can lead to a buffer overflow when facing
malformed records.

This commit removes the inconsistency in datagram vs. record length
and resolves the buffer overflow issue by not attempting any dissection
of datagrams into records, and instead only counting how often _datagrams_
of a particular size have been dropped.

There is only one practical situation where this makes a difference:
If datagram packing is used by default but disabled on retransmission
(which OpenSSL has been seen to do), it can happen that we drop a
datagram in its initial transmission, then also drop some of its records
when they retransmitted one-by-one afterwards, yet still keeping the
drop-counter at 1 instead of 2. However, even in this situation, we'll
correctly count the number of droppings from that point on and eventually
stop dropping, because the peer will not fall back to using packing
and hence use stable record lengths.
2019-06-13 11:21:42 +01:00
Hanno Becker fc1a40b4df Remove MBEDTLS_SSL_SESSION_TICKETS from baremetal config 2019-06-13 08:59:10 +01:00
Jarno Lamsa 2e51098b34 Add changelog entry 2019-06-13 10:42:13 +03:00
Simon Butcher 5aca94eafe Merge remote-tracking branch 'origin/pr/588' into baremetal 2019-06-12 20:16:15 +01:00
Simon Butcher 214e211dfd Merge remote-tracking branch 'origin/pr/587' into baremetal 2019-06-12 20:15:50 +01:00
Simon Butcher f49a277f34 Merge remote-tracking branch 'origin/pr/576' into baremetal 2019-06-12 20:15:00 +01:00
Hanno Becker 49f83e6748 Change order of ChangeLog sections 2019-06-12 12:43:19 +01:00
Manuel Pégourié-Gonnard ec1c222947 Fix a few style issues 2019-06-12 10:18:26 +02:00
Jarno Lamsa 31d940ba5e Change test name 2019-06-12 10:21:33 +03:00
Jarno Lamsa 20095afc58 Changes according to review comments 2019-06-11 17:16:58 +03:00
Manuel Pégourié-Gonnard 8794a4290d Clarify a few more comments and documentation 2019-06-11 10:04:57 +02:00
Jarno Lamsa 41b359114d Add tests for enforced extended master secret flag 2019-06-10 15:51:11 +03:00
Jarno Lamsa 18b9a491e1 Disable the enforce flag by default 2019-06-10 15:23:29 +03:00
Jarno Lamsa 842be16800 Check for the enforcing and fail handshake if the peer doesn't support 2019-06-10 15:05:33 +03:00
Jarno Lamsa d9382f85e7 Add definitions for enforce flag values 2019-06-10 10:27:14 +03:00
Jarno Lamsa 95f752e679 Fix typo 2019-06-10 10:15:49 +03:00
Jarno Lamsa 7a5e2bec75 Create a new flag for enforcing the extended master secret
If the flag is enabled, drop the connection if peer doesn't support
extended master secret extension.
2019-06-10 10:13:03 +03:00