Commit graph

811 commits

Author SHA1 Message Date
Piotr Nowicki 6842c9bde8 Add printing the read base64 code
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki 14d3105f78 Add reading base64 code from file
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki 88ebbbf0fe Add function for parsing arguments
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Piotr Nowicki 9370f90d46 Initial work on the ssl dump program from base64 code
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-14 10:46:23 +02:00
Andrzej Kurek 90c6e84a9c
Split the maximum fragment length into two - an input and output MFL
Since the server might want to have a different maximum fragment length
for the outgoing messages than the negotiated one - introduce a new way of
computing it. This commit also adds additional ssl-opt.sh tests ensuring
that the maximum fragment lengths are set as expected. 
mbedtls_ssl_get_max_frag_len() is now a deprecated function,
being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour
of this function is the same as before.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:30:34 -04:00
Gilles Peskine 5e7d6fd240 Merge 'mbedtls/development' into merge-crypto-unremoved-20200304
Merge the latest state of the target branch (mbedtls/development) into the
pull request to merge mbed-crypto into mbedtls.

Conflicts:

* ChangeLog: add/add conflict. Resolve by using the usual section order.
2020-03-23 18:02:07 +01:00
Gilles Peskine eccd888717 Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.

This commit makes check-names.sh pass.

```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
2020-03-23 17:55:32 +01:00
Jaeden Amero c31f970a46
Merge pull request #3075 from AndrzejKurek/variable-buffer-size
Variable buffer size
2020-03-10 21:46:35 +04:00
Piotr Nowicki 0937ed29b9
Add an acceptance test for memory usage after handshake
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-04 09:28:35 -05:00
Manuel Pégourié-Gonnard f03c13c046
Merge pull request #3050 from mpg/skip-close-notify-dev
Fix possible close_notify/ClientHello confusion
2020-03-03 12:11:48 +01:00
Manuel Pégourié-Gonnard 56941fe6a2 Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 09:33:45 +01:00
Jaeden Amero 7cb47de12a query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2020-02-11 19:26:27 +01:00
Gilles Peskine 4e8b594002 Fix uninitialized variable in an edge case
If `context_buf = mbedtls_calloc( 1, buf_len )` failed,
`context_buf_len` was not initialized. Noticed by
`gcc -Os -Werror=maybe-uninitialized`.

This was only a problem in ssl_server2 (a test program), only with
MBEDTLS_SSL_CONTEXT_SERIALIZATION enabled.
2020-02-03 19:49:55 +01:00
Gilles Peskine 2ac4d86040 Fix file leak in test program
A similar bug was fixed earlier in ssl_server2, but we missed the fix
in ssl_client2.
2020-01-21 17:39:52 +01:00
Piotr Nowicki 7d01ef6562 Added buffer-based mbedtls allocator support to ssl_client2 2019-11-25 15:52:48 +01:00
Piotr Nowicki 9926eaf695 Do not allow configuring zero-length PSK
fix error when calloc is called with size 0
2019-11-25 15:49:53 +01:00
k-stachowiak bbc1c699fc Fix potential resource leak in sslserver2 example 2019-09-26 13:43:31 +02:00
Jaeden Amero 63d813d258 ssl: Disallow modification of hello.random by export
Make client_random and server_random const in
mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged
from modifying the client/server hello.

Update examples and tests use const for hello.random as well, to ensure
that the export callbacks are of the proper type.

Fixes #2759
2019-09-12 15:18:25 +01:00
Hanno Becker bc5308cb9a ssl_cli/srv2: Indicate nss_keylog and eap_tls are mut. exclusive 2019-09-09 11:38:51 +01:00
Hanno Becker 48f3a3d101 Add NSS keylog support to ssl_server2 and ssl_client2
This commit adds command line options

- nss_keylog=0/1
- nss_keylog_file=FILENAME

to the example programs ssl/ssl_client2 and ssl/ssl_server2 which
allow to print and export the session keys in the NSS keylog
for debugging purposes.
2019-09-09 10:30:16 +01:00
Jaeden Amero 8dd6bc7ac4 Merge remote-tracking branch 'origin/pr/2803' into development
* origin/pr/2803:
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
2019-09-03 16:41:51 +01:00
Christoph M. Wintersteiger 3669c80a90 Update generated files 2019-08-29 16:12:38 +01:00
Jarno Lamsa 472a2a2fcd Don't redefine calloc and free 2019-08-23 13:13:52 +03:00
Manuel Pégourié-Gonnard 9df5a82079 Actually reset the context on save as advertised
Also fix some wording in the documentation while at it.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 13c8e68477 Change requirements for setting timer callback
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 3309a67996 Fix memory leak in client/server2
context_buf was never free()d. Moreover, since we want to free it on error
paths as well, and even properly zeroize it in order to demonstrate good
memory hygiene, we need to make it and its length main()-scoped.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard a88399c091 Improve demo/testing code in client/server2
Previously it was missing reset in case 1, and in case 2 the code was never
executed as the option value was reset to 0.

Tighten checking of return values of save(NULL, 0) now that it works.

Also, improve the printed output as well as the comments.

I checked manually that everything now works and fail in the expected way:
save, reset-or-reinit and load all succeed, but the subsequent read or write
fails.
2019-08-23 13:11:31 +03:00
Jarno Lamsa ddf72a1cf6 Fix style issues 2019-08-23 13:07:05 +03:00
Jarno Lamsa 8e2532196d Set timer callbacks with serialization 2019-08-23 13:05:43 +03:00
Jarno Lamsa 1a7f7936f3 Fix spacing 2019-08-23 13:05:43 +03:00
Jarno Lamsa 15b3a7ae4d Fix compiler warnings 2019-08-23 13:05:42 +03:00
Jarno Lamsa 304d61cede Add option for ssl-context re-initialization flow 2019-08-23 13:05:34 +03:00
Jarno Lamsa 12021ee115 Fix spacing 2019-08-23 12:53:40 +03:00
Jarno Lamsa 1d1657f11c Allow stub implementation of the context_save for now 2019-08-23 12:53:40 +03:00
Jarno Lamsa 93c6ff2392 Address review comments for code-style issues 2019-08-23 12:53:40 +03:00
Jarno Lamsa 378d64daad Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-08-23 12:53:40 +03:00
Jarno Lamsa bbc7b41903 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-08-23 12:53:40 +03:00
Jarno Lamsa 5a3a16cb1b Serialize/deserialize for ssl_server2 2019-08-23 12:53:40 +03:00
Jarno Lamsa af30629686 Rely on opt.exchanges for sending after serialization 2019-08-23 12:53:40 +03:00
Jarno Lamsa 77e6665ffb Serialization/deserialization in ssl_client2 2019-08-23 12:53:40 +03:00
Jarno Lamsa 9831c8a14c Add option for serialization in ssl_client/server2 2019-08-23 12:53:40 +03:00
Manuel Pégourié-Gonnard afa8f71700 Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION
This is enabled by default as we generally enable things by default unless
there's a reason not to (experimental, deprecated, security risk).

We need a compile-time option because, even though the functions themselves
can be easily garbage-collected by the linker, implementing them will require
saving 64 bytes of Client/ServerHello.random values after the handshake, that
would otherwise not be needed, and people who don't need this feature
shouldn't have to pay the price of increased RAM usage.
2019-08-23 12:52:29 +03:00
Manuel Pégourié-Gonnard 686adb4d54 Normalize spelling to serialiZation
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)

sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard 4d591d6d3f Demonstrate safe usage (zeroize) in ssl_client2 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard 26f982f50e Improve save API by always updating olen
This allows callers to discover what an appropriate size is. Otherwise they'd
have to either try repeatedly, or allocate an overly large buffer (or some
combination of those).

Adapt documentation an example usage in ssl_client2.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard a7c3765760 Add tests for session copy without serialisation 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard b5e4e0a395 Add mbedtls_ssl_get_session_pointer()
Avoid useless copy with mbedtls_ssl_get_session() before serialising.

Used in ssl_client2 for testing and demonstrating usage, but unfortunately
that means mbedtls_ssl_get_session() is no longer tested, which will be fixed
in the next commit.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard 21548638b7 Save session in serialised form in ssl_client2.
This provides basic testing for the session (de)serialisation functions, as
well as an example of how to use them.

Tested locally with tests/ssl-opt.sh -f '^Session resume'.
2019-08-23 12:48:41 +03:00
Robert Larsen df8e511381 Added mbedtls_net_close and use it in ssl_fork_server to correctly
disassociate the client socket from the parent process and the server
socket from the child process.
2019-08-23 10:57:03 +02:00
Jaeden Amero 9a09f511b5 Merge remote-tracking branch 'origin/pr/2781' into development
* origin/pr/2781:
  Documentation fixes according to review
  Remove unused label in ssl_client2/ssl_server2
  Add missing word in documentation of mbedtls_ssl_check_record()
  cli/srv ex: Add dbg msg if record checking gives inconsistent result
  Fix minor issues in documentation of mbedtls_ssl_check_record()
  State that record checking is DTLS only and doesn't check content type
  Update version_features.c
  Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2
  Add IO wrappers to ssl_server2 as interm's between NET and SSL layer
  Add IO wrappers to ssl_client2 as interm's between NET and SSL layer
  Introduce configuration option and API for SSL record checking
2019-08-22 11:08:52 +01:00
Janos Follath be4efc2b38 Move the examples to PSA 1.0 2019-08-16 13:37:32 +01:00
Krzysztof Stachowiak 5e1b195d1f Unify the example programs' termination
This is done to account for platforms, for which we want custom behavior
upon the program termination, hence we call `mbedtls_exit()` instead of
returning from `main()`.
2019-08-16 06:37:42 +02:00
Hanno Becker 1f3fe87da3 Remove unused label in ssl_client2/ssl_server2 2019-08-06 11:27:34 +03:00
Hanno Becker 91f8327e40 cli/srv ex: Add dbg msg if record checking gives inconsistent result 2019-08-06 11:26:55 +03:00
Hanno Becker 4b6649e67c Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2 2019-08-06 10:53:28 +03:00
Hanno Becker dcc94e61da Add IO wrappers to ssl_server2 as interm's between NET and SSL layer 2019-08-06 10:29:31 +03:00
Hanno Becker 8b1af2f89c Add IO wrappers to ssl_client2 as interm's between NET and SSL layer 2019-08-06 10:26:33 +03:00
Hanno Becker cfe457921a Introduce configuration option and API for SSL record checking 2019-08-06 10:09:08 +03:00
Jaeden Amero fd0f65459c Merge remote-tracking branch 'origin/pr/2697' into development
* origin/pr/2697:
  Update crypto submodule
  Add all.sh component that exercises invalid_param checks
  Remove mbedtls_param_failed from programs
  Make it easier to define MBEDTLS_PARAM_FAILED as assert
  Make test suites compatible with #include <assert.h>
  Pass -m32 to the linker as well
  Don't systematically rebuild programs
2019-06-21 13:21:05 +01:00
Jaeden Amero 8d936e87fb Merge remote-tracking branch 'origin/pr/2681' into development
* origin/pr/2681:
  unconditional mbedtls_ssl_conf_rng
  Adding usage and removing dummy random
  comment alignment
  Commit to C90 style
  Adds missing ret definition
  More clarity for ifdef orders
  Only warns if MBEDTLS_HAVE_TIME
  Option used added in string
  Code review
  Style fixes
  SSL reproducible test mode
2019-06-21 13:20:02 +01:00
Philippe Antoine b94cf822f3 unconditional mbedtls_ssl_conf_rng 2019-06-19 15:19:38 +02:00
Philippe Antoine 738153a048 Adding usage and removing dummy random 2019-06-18 20:16:43 +02:00
Jaeden Amero e1b02df515 Merge remote-tracking branch 'origin/pr/2260' into development
* origin/pr/2260:
  Update crypto submodule
  Remove heading spaces in tests/data_files/Makefile
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:46:48 +01:00
Gilles Peskine 3abbcedc68 Remove mbedtls_param_failed from programs
All sample and test programs had a definition of mbedtls_param_failed.
This was necessary because we wanted to be able to build them in a
configuration with MBEDTLS_CHECK_PARAMS set but without a definition
of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of
MBEDTLS_PARAM_FAILED in config.h when testing with
MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed.
2019-06-13 16:51:59 +02:00
Gilles Peskine c7ad122f51 Make it easier to define MBEDTLS_PARAM_FAILED as assert
Introduce a new configuration option MBEDTLS_CHECK_PARAMS_ASSERT,
which is disabled by default. When this option is enabled,
MBEDTLS_PARAM_FAILED defaults to assert rather than to a call to
mbedtls_param_failed, and <assert.h> is included.

This fixes #2671 (no easy way to make MBEDTLS_PARAM_FAILED assert)
without breaking backward compatibility. With this change,
`config.pl full` runs tests with MBEDTLS_PARAM_FAILED set to assert,
so the tests will fail if a validation check fails, and programs don't
need to provide their own definition of mbedtls_param_failed().
2019-06-13 16:51:59 +02:00
Philippe Antoine 154feb21e8 comment alignment 2019-06-11 17:50:23 +02:00
Philippe Antoine d2235f2a41 Commit to C90 style 2019-06-11 16:29:28 +02:00
Philippe Antoine 12e85de964 Adds missing ret definition 2019-06-11 16:07:53 +02:00
Philippe Antoine f91b3722cf More clarity for ifdef orders 2019-06-11 16:02:43 +02:00
Philippe Antoine 0ff84fb6fe Only warns if MBEDTLS_HAVE_TIME 2019-06-11 12:15:17 +02:00
Philippe Antoine 7c9d72497d Option used added in string 2019-06-11 12:11:36 +02:00
Philippe Antoine 3ca5085f10 Code review
Typo rproduce -> reproducible
Call mbedtls_entropy_func
2019-06-07 22:31:59 +02:00
Philippe Antoine 986b6f20a9 Style fixes 2019-06-07 15:04:32 +02:00
Philippe Antoine aa4d15264a SSL reproducible test mode 2019-06-06 21:30:01 +02:00
Hanno Becker 422d1993d2 Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2 2019-06-03 17:46:56 +01:00
Hanno Becker 8174bdfb94 ssl_server2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_server2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.
2019-06-03 17:46:56 +01:00
Hanno Becker 623e7b4422 ssl_client2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_client2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.

A similar change is applied to the `crt_file` and `key_file` arguments.
2019-06-03 17:46:56 +01:00
Hanno Becker a0c5ceb2af Correct white spaces in ssl_server2 and ssl_client2 2019-06-03 17:46:56 +01:00
Hanno Becker 2900b14b11 Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled 2019-06-03 17:46:56 +01:00
Hanno Becker 09b8cae006 Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled 2019-06-03 17:46:56 +01:00
Hanno Becker 3978d10e9e Remove superfluous new line in ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker 3279822e24 Improve readability of ssl_client2/ssl_server2 usage instructions 2019-06-03 16:07:50 +01:00
Hanno Becker 1d433a3294 Remove superfluous newline in ssl_client2 2019-06-03 16:07:50 +01:00
Hanno Becker d5eed4258a Use negative-hex format for error codes in ssl_client2/ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker 6ae14c086d Exemplify ways of calling mbedtls_ssl_get_peer_cid() in ssl_client2 2019-06-03 16:07:50 +01:00
Hanno Becker a0e20d04b2 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-06-03 16:07:50 +01:00
Hanno Becker 8367ccc03b Allow to configure the stack's behaviour on unexpected CIDs
This commit modifies the CID configuration API mbedtls_ssl_conf_cid_len()
to allow the configuration of the stack's behaviour when receiving an
encrypted DTLS record with unexpected CID.
2019-06-03 16:07:50 +01:00
Hanno Becker 3a96828ead Add missing compile-time guard around CID API in ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker b1aa1b3616 Allow the configuration of padding when using CID extension 2019-06-03 16:07:50 +01:00
Hanno Becker b42ec0df02 Add support for change of CID to ssl_client2 / ssl_server2
And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.
2019-06-03 16:07:50 +01:00
Hanno Becker ad4a137965 Add CID configuration API
Context:
The CID draft does not require that the length of CIDs used for incoming
records must not change in the course of a connection. Since the record
header does not contain a length field for the CID, this means that if
CIDs of varying lengths are used, the CID length must be inferred from
other aspects of the record header (such as the epoch) and/or by means
outside of the protocol, e.g. by coding its length in the CID itself.

Inferring the CID length from the record's epoch is theoretically possible
in DTLS 1.2, but it requires the information about the epoch to be present
even if the epoch is no longer used: That's because one should silently drop
records from old epochs, but not the entire datagrams to which they belong
(there might be entire flights in a single datagram, including a change of
epoch); however, in order to do so, one needs to parse the record's content
length, the position of which is only known once the CID length for the epoch
is known. In conclusion, it puts a significant burden on the implementation
to infer the CID length from the record epoch, which moreover mangles record
processing with the high-level logic of the protocol (determining which epochs
are in use in which flights, when they are changed, etc. -- this would normally
determine when we drop epochs).

Moreover, with DTLS 1.3, CIDs are no longer uniquely associated to epochs,
but every epoch may use a set of CIDs of varying lengths -- in that case,
it's even theoretically impossible to do record header parsing based on
the epoch configuration only.

We must therefore seek a way for standalone record header parsing, which
means that we must either (a) fix the CID lengths for incoming records,
or (b) allow the application-code to configure a callback to implement
an application-specific CID parsing which would somehow infer the length
of the CID from the CID itself.

Supporting multiple lengths for incoming CIDs significantly increases
complexity while, on the other hand, the restriction to a fixed CID length
for incoming CIDs (which the application controls - in contrast to the
lengths of the CIDs used when writing messages to the peer) doesn't
appear to severely limit the usefulness of the CID extension.

Therefore, the initial implementation of the CID feature will require
a fixed length for incoming CIDs, which is what this commit enforces,
in the following way:

In order to avoid a change of API in case support for variable lengths
CIDs shall be added at some point, we keep mbedtls_ssl_set_cid(), which
includes a CID length parameter, but add a new API mbedtls_ssl_conf_cid_len()
which applies to an SSL configuration, and which fixes the CID length that
any call to mbetls_ssl_set_cid() which applies to an SSL context that is bound
to the given SSL configuration must use.

While this creates a slight redundancy of parameters, it allows to
potentially add an API like mbedtls_ssl_conf_cid_len_cb() later which
could allow users to register a callback which dynamically infers the
length of a CID at record header parsing time, without changing the
rest of the API.
2019-06-03 16:07:50 +01:00
Hanno Becker 554b6ea30a Correct compile-time guard around unhexify() in ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker dec2552a92 Change formating of CID debug output in ssl_client2/ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker 957dd921f1 Print peer CID from ssl_client2 2019-06-03 14:42:08 +01:00
Hanno Becker 735c716e2a Print peer CID from ssl_server2 2019-06-03 14:42:08 +01:00
Hanno Becker 982182f342 Improve wording of CID debug msg in ssl_server2 example application 2019-06-03 14:42:08 +01:00
Hanno Becker a7d2542248 ssl_server2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker 90cb359cf0 ssl_client2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker 1f583eecd8 ssl_client2: Add helper to unhexify binary command line data 2019-06-03 14:42:08 +01:00
Hanno Becker ebafe8b7cc Update query_config.c 2019-06-03 14:42:08 +01:00
Ron Eldor 51c4507b9c Remove unneeded whitespaces
Delete extra whitespace in Changelog and in paramter alignment.
2019-05-15 17:49:54 +03:00
Ron Eldor 801faf0fa1 Fix mingw CI failures
Change `%z` formatting of `size_t` to `%u` and casting to unsigned.
2019-05-15 17:45:24 +03:00
Ron Eldor f75e252909 Add test for export keys functionality
Add test in `ssl-opts.sh` that the export keys callback
is actually called.
2019-05-15 13:57:39 +03:00
Ron Eldor 51d3ab544f Add public API for tls_prf
Add a public API for key derivation, introducing an enum for `tls_prf`
type.
2019-05-15 13:53:02 +03:00
Ron Eldor b7fd64ce2b Add eap-tls key derivation in the examples.
Add support for eap-tls key derivation functionality,
in `ssl_client2` and `ssl_server2` reference applications.
2019-05-15 13:41:42 +03:00
Jaeden Amero 1439b09049 Merge remote-tracking branch 'origin/pr/2540' into development
* origin/pr/2540:
  Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
2019-04-24 11:20:31 +01:00
Jaeden Amero 3956a847e6 Merge remote-tracking branch 'origin/pr/2092' into development
* origin/pr/2092:
  Add more missing parentheses around macro parameters
  Add further missing brackets around macro parameters
  Adapt ChangeLog
  Improve macro hygiene
2019-04-24 11:17:21 +01:00
Jaeden Amero fe7106755e Merge remote-tracking branch 'origin/pr/2539' into development
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
2019-04-16 15:05:18 +01:00
Jaeden Amero ff34d43720 Merge remote-tracking branch 'origin/pr/2532' into development
* origin/pr/2532: (29 commits)
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix name to function call
  Address comments for x509 tests
  Address review comments regarding ssl_client2 and ssl tests
  Remove mbedtls_ from the static function name
  Change docs according to review comments
  Change the verify function naming
  Fix ssl_client2 and ssl_server2 if !PLATFORM_C
  Correct placement of usage macro in ssl_client2
  Update version_features.c
  Remove trailing whitespace in test_suite_x509parse.function
  Update query_config.c
  Add ssl-opt.sh tests for trusted CA callbacks
  Only run X.509 CRT verification tests with CA callback tests if !CRL
  Minor fixes to CA callback tests
  Declare CA callback type even if feature is disabled
  Implement X.509 CRT verification using CA callback
  Add prototype for CRT verification with static and dynamic CA list
  Make use of CA callback if present when verifying peer CRT chain
  ...
2019-04-16 14:42:11 +01:00
Janos Follath ae13beb1d9 Rename constant in client2.c 2019-04-05 16:50:39 +01:00
Janos Follath d7ecbd6914 Fix style issues and a typo 2019-04-05 16:44:42 +01:00
Jaeden Amero bc5de0f12f Merge remote-tracking branch 'origin/pr/2368' into development
Move ChangeLog entry to BugFix section.

* origin/pr/2368:
  Fix default port number information
2019-04-05 14:23:48 +01:00
Ron Eldor 80d0419189 Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
Add checks in `ssl_server2` that `MBEDTLS_X509_CRL_PARSE_C` is defined
to fix compilation issue. Fixes #560.
2019-04-04 15:05:18 +03:00
Hanno Becker bb425dbb1b Add cmd to use context-specific CRT callback in ssl_client2 2019-04-03 13:11:15 +01:00
Jarno Lamsa f7a7f9ee43 Address review comments regarding ssl_client2 and ssl tests 2019-04-01 15:11:54 +03:00
Hanno Becker d6d100beb7 Fix ssl_client2 and ssl_server2 if !PLATFORM_C
The CA callback changes introduce mbedtls_calloc() and
mbedtls_free() to ssl_client2 and ssl_server2, which
wasn't defined unless MBEDTLS_PLATFORM_C was set.
2019-03-30 06:27:43 +00:00
Hanno Becker 1bac87c5dc Correct placement of usage macro in ssl_client2 2019-03-29 12:02:26 +00:00
Hanno Becker fa738d148d Update query_config.c 2019-03-28 17:06:04 +00:00
Hanno Becker cbb590369c Minor fixes to CA callback tests 2019-03-28 16:13:44 +00:00
Jarno Lamsa 1b4a2bad7a Add possibility to use ca_callbacks in ssl programs 2019-03-28 16:13:43 +00:00
Jaeden Amero 0ea33776ce Merge remote-tracking branch 'restricted/pr/552' into development
Ensure this merge passes tests by auto-generating query_config.c, adding
MBEDTLS_ECDH_LEGACY_CONTEXT to it.

* restricted/pr/552:
  Fix mbedtls_ecdh_get_params with new ECDH context
  Test undefining MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh
  Define MBEDTLS_ECDH_LEGACY_CONTEXT in config.h
  Add changelog entry for mbedtls_ecdh_get_params robustness
  Fix ecdh_get_params with mismatching group
  Add test case for ecdh_get_params with mismatching group
  Add test case for ecdh_calc_secret
  Fix typo in documentation
2019-03-27 17:01:16 +00:00
Jaeden Amero 57f4d9e4fe Update crypto submodule to test with private headers
Update the crypto submodule to the top of the Mbed Crypto development
branch. This brings in a version of Mbed Crypto that enables building
Mbed Crypto tests that depend on private headers, like
'psa_crypto_invasive.h'.

This also requires updating our config.h to include new configuration
options added to Mbed Crypto. MBEDTLS_PSA_ITS_FILE_C replaces
MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C and MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C.
MBEDTLS_PSA_INJECT_ENTROPY replaces MBEDTLS_PSA_HAS_ITS_IO.
2019-03-19 15:45:09 +00:00
irwir f5ce5d52ac Fix default port number information 2019-03-03 12:45:34 +03:00
Simon Butcher 535ee4a35b Merge remote-tracking branch 'public/pr/2421' into development
* public/pr/2421: (68 commits)
  Fix unused variable warning in ssl_parse_certificate_coordinate()
  Add missing compile time guard in ssl_client2
  Update programs/ssl/query_config.c
  ssl_client2: Reset peer CRT info string on reconnect
  Add further debug statements on assertion failures
  Fix typo in documentation of ssl_parse_certificate_chain()
  Add debug output in case of assertion failure
  Fix typo in SSL ticket documentation
  Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
  ssl_client2: Zeroize peer CRT info buffer when reconnecting
  Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT
  ssl_client2: Extract peer CRT info from verification callback
  Improve documentation of mbedtls_ssl_get_peer_cert()
  Improve documentation of MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
  Fix indentation of Doxygen comment in ssl_internal.h
  Set peer CRT length only after successful allocation
  Remove question in comment about verify flags on cli vs. server
  Remove misleading and redundant guard around restartable ECC field
  Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
  Free peer CRT chain immediately after verifying it
  ...
2019-03-01 12:46:07 +00:00
Manuel Pégourié-Gonnard 56b9a939a0 Update query_config.c 2019-03-01 10:23:46 +01:00
Hanno Becker bdf75eb243 Add missing compile time guard in ssl_client2 2019-02-27 08:34:31 +00:00
Hanno Becker 775655eead Update programs/ssl/query_config.c 2019-02-26 14:38:40 +00:00
Hanno Becker 23699efe78 ssl_client2: Reset peer CRT info string on reconnect 2019-02-26 14:38:09 +00:00
Hanno Becker a1051b4e9a ssl_client2: Zeroize peer CRT info buffer when reconnecting 2019-02-26 14:38:09 +00:00
Hanno Becker a9766c2c23 ssl_client2: Extract peer CRT info from verification callback
So far, `ssl_client2` printed the CRT info for the peer's CRT
by requesting the latter through `mbedtls_ssl_get_peer_cert()`
at the end of the handshake, and printing it via
`mbedtls_x509_crt_info()`. When `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE`
is disabled, this does no longer work because the peer's CRT
isn't stored beyond the handshake.

This makes some tests in `ssl-opt.sh` fail which rely on the CRT
info output for the peer certificate.

This commit modifies `ssl_client2` to extract the peer CRT info
from the verification callback, which is always called at a time
when the peer's CRT is available. This way, the peer's CRT info
is still printed if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is disabled.
2019-02-26 14:38:09 +00:00
Jaeden Amero 415620c1f2 Merge remote-tracking branch 'origin/pr/2105' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-22 10:33:15 +00:00
Hanno Becker 1eeca41472 Improve macro hygiene
This commit improves hygiene and formatting of macro definitions
throughout the library. Specifically:
- It adds brackets around parameters to avoid unintended
  interpretation of arguments, e.g. due to operator precedence.
- It adds uses of the `do { ... } while( 0 )` idiom for macros that
  can be used as commands.
2019-02-19 17:59:00 +00:00
Andres Amaya Garcia 54efcb7ff0 Update query config with VSNPRINTF macro 2019-02-11 21:55:09 +00:00
Andres Amaya Garcia e7856bfc6d Suppress visual studio preprocessor warnings on query_config.c 2019-02-07 10:38:23 +00:00
Andres Amaya Garcia 8645f733cf Update query_config.c with new macros 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia ef672f0319 Exclude macros from query_config.c generation 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 27b3372c45 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 5bc6e92b70 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia cb9c015558 Improve cmake inclusion of query_config.c when building apps 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia c28da7ea43 Improve comments in query_config.fmt 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 5aca555391 Fix GCC 0-length printf format string error 2019-02-07 10:38:22 +00:00
Andres AG 458148681d Ensure query_config.c includes stdio only when needed 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia bb923642c3 Update programs/ssl/CMakeLists.txt with query_config.c dep 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 3b2f9d3ca8 query_config.c: remove duplicated inc of platform.h 2019-02-07 10:37:39 +00:00
Andres Amaya Garcia bc81884e3a Query config through ssl_server2 and ssl_client2 cmdline 2019-02-07 10:36:50 +00:00
Andrzej Kurek b274f2739e Documentation fixes 2019-02-05 05:06:35 -05:00
Andrzej Kurek c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Jaeden Amero 6f4a8ef1ee Merge remote-tracking branch 'origin/pr/2137' into development 2019-01-30 14:55:09 +00:00
Hanno Becker 32809e8c70 PSA: Adapt ssl_server2 to modified key allocation API 2019-01-25 14:31:00 +00:00
Hanno Becker 9bd8842c77 PSA: Adapt ssl_server2 to hew key policy initialization API 2019-01-25 14:27:01 +00:00