Commit graph

811 commits

Author SHA1 Message Date
Janos Follath be4efc2b38 Move the examples to PSA 1.0 2019-08-16 13:37:32 +01:00
Krzysztof Stachowiak 5e1b195d1f Unify the example programs' termination
This is done to account for platforms, for which we want custom behavior
upon the program termination, hence we call `mbedtls_exit()` instead of
returning from `main()`.
2019-08-16 06:37:42 +02:00
Hanno Becker 1f3fe87da3 Remove unused label in ssl_client2/ssl_server2 2019-08-06 11:27:34 +03:00
Hanno Becker 91f8327e40 cli/srv ex: Add dbg msg if record checking gives inconsistent result 2019-08-06 11:26:55 +03:00
Hanno Becker 4b6649e67c Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2 2019-08-06 10:53:28 +03:00
Hanno Becker dcc94e61da Add IO wrappers to ssl_server2 as interm's between NET and SSL layer 2019-08-06 10:29:31 +03:00
Hanno Becker 8b1af2f89c Add IO wrappers to ssl_client2 as interm's between NET and SSL layer 2019-08-06 10:26:33 +03:00
Hanno Becker cfe457921a Introduce configuration option and API for SSL record checking 2019-08-06 10:09:08 +03:00
Jaeden Amero fd0f65459c Merge remote-tracking branch 'origin/pr/2697' into development
* origin/pr/2697:
  Update crypto submodule
  Add all.sh component that exercises invalid_param checks
  Remove mbedtls_param_failed from programs
  Make it easier to define MBEDTLS_PARAM_FAILED as assert
  Make test suites compatible with #include <assert.h>
  Pass -m32 to the linker as well
  Don't systematically rebuild programs
2019-06-21 13:21:05 +01:00
Jaeden Amero 8d936e87fb Merge remote-tracking branch 'origin/pr/2681' into development
* origin/pr/2681:
  unconditional mbedtls_ssl_conf_rng
  Adding usage and removing dummy random
  comment alignment
  Commit to C90 style
  Adds missing ret definition
  More clarity for ifdef orders
  Only warns if MBEDTLS_HAVE_TIME
  Option used added in string
  Code review
  Style fixes
  SSL reproducible test mode
2019-06-21 13:20:02 +01:00
Philippe Antoine b94cf822f3 unconditional mbedtls_ssl_conf_rng 2019-06-19 15:19:38 +02:00
Philippe Antoine 738153a048 Adding usage and removing dummy random 2019-06-18 20:16:43 +02:00
Jaeden Amero e1b02df515 Merge remote-tracking branch 'origin/pr/2260' into development
* origin/pr/2260:
  Update crypto submodule
  Remove heading spaces in tests/data_files/Makefile
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:46:48 +01:00
Gilles Peskine 3abbcedc68 Remove mbedtls_param_failed from programs
All sample and test programs had a definition of mbedtls_param_failed.
This was necessary because we wanted to be able to build them in a
configuration with MBEDTLS_CHECK_PARAMS set but without a definition
of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of
MBEDTLS_PARAM_FAILED in config.h when testing with
MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed.
2019-06-13 16:51:59 +02:00
Gilles Peskine c7ad122f51 Make it easier to define MBEDTLS_PARAM_FAILED as assert
Introduce a new configuration option MBEDTLS_CHECK_PARAMS_ASSERT,
which is disabled by default. When this option is enabled,
MBEDTLS_PARAM_FAILED defaults to assert rather than to a call to
mbedtls_param_failed, and <assert.h> is included.

This fixes #2671 (no easy way to make MBEDTLS_PARAM_FAILED assert)
without breaking backward compatibility. With this change,
`config.pl full` runs tests with MBEDTLS_PARAM_FAILED set to assert,
so the tests will fail if a validation check fails, and programs don't
need to provide their own definition of mbedtls_param_failed().
2019-06-13 16:51:59 +02:00
Philippe Antoine 154feb21e8 comment alignment 2019-06-11 17:50:23 +02:00
Philippe Antoine d2235f2a41 Commit to C90 style 2019-06-11 16:29:28 +02:00
Philippe Antoine 12e85de964 Adds missing ret definition 2019-06-11 16:07:53 +02:00
Philippe Antoine f91b3722cf More clarity for ifdef orders 2019-06-11 16:02:43 +02:00
Philippe Antoine 0ff84fb6fe Only warns if MBEDTLS_HAVE_TIME 2019-06-11 12:15:17 +02:00
Philippe Antoine 7c9d72497d Option used added in string 2019-06-11 12:11:36 +02:00
Philippe Antoine 3ca5085f10 Code review
Typo rproduce -> reproducible
Call mbedtls_entropy_func
2019-06-07 22:31:59 +02:00
Philippe Antoine 986b6f20a9 Style fixes 2019-06-07 15:04:32 +02:00
Philippe Antoine aa4d15264a SSL reproducible test mode 2019-06-06 21:30:01 +02:00
Hanno Becker 422d1993d2 Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2 2019-06-03 17:46:56 +01:00
Hanno Becker 8174bdfb94 ssl_server2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_server2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.
2019-06-03 17:46:56 +01:00
Hanno Becker 623e7b4422 ssl_client2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_client2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.

A similar change is applied to the `crt_file` and `key_file` arguments.
2019-06-03 17:46:56 +01:00
Hanno Becker a0c5ceb2af Correct white spaces in ssl_server2 and ssl_client2 2019-06-03 17:46:56 +01:00
Hanno Becker 2900b14b11 Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled 2019-06-03 17:46:56 +01:00
Hanno Becker 09b8cae006 Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled 2019-06-03 17:46:56 +01:00
Hanno Becker 3978d10e9e Remove superfluous new line in ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker 3279822e24 Improve readability of ssl_client2/ssl_server2 usage instructions 2019-06-03 16:07:50 +01:00
Hanno Becker 1d433a3294 Remove superfluous newline in ssl_client2 2019-06-03 16:07:50 +01:00
Hanno Becker d5eed4258a Use negative-hex format for error codes in ssl_client2/ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker 6ae14c086d Exemplify ways of calling mbedtls_ssl_get_peer_cid() in ssl_client2 2019-06-03 16:07:50 +01:00
Hanno Becker a0e20d04b2 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-06-03 16:07:50 +01:00
Hanno Becker 8367ccc03b Allow to configure the stack's behaviour on unexpected CIDs
This commit modifies the CID configuration API mbedtls_ssl_conf_cid_len()
to allow the configuration of the stack's behaviour when receiving an
encrypted DTLS record with unexpected CID.
2019-06-03 16:07:50 +01:00
Hanno Becker 3a96828ead Add missing compile-time guard around CID API in ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker b1aa1b3616 Allow the configuration of padding when using CID extension 2019-06-03 16:07:50 +01:00
Hanno Becker b42ec0df02 Add support for change of CID to ssl_client2 / ssl_server2
And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.
2019-06-03 16:07:50 +01:00
Hanno Becker ad4a137965 Add CID configuration API
Context:
The CID draft does not require that the length of CIDs used for incoming
records must not change in the course of a connection. Since the record
header does not contain a length field for the CID, this means that if
CIDs of varying lengths are used, the CID length must be inferred from
other aspects of the record header (such as the epoch) and/or by means
outside of the protocol, e.g. by coding its length in the CID itself.

Inferring the CID length from the record's epoch is theoretically possible
in DTLS 1.2, but it requires the information about the epoch to be present
even if the epoch is no longer used: That's because one should silently drop
records from old epochs, but not the entire datagrams to which they belong
(there might be entire flights in a single datagram, including a change of
epoch); however, in order to do so, one needs to parse the record's content
length, the position of which is only known once the CID length for the epoch
is known. In conclusion, it puts a significant burden on the implementation
to infer the CID length from the record epoch, which moreover mangles record
processing with the high-level logic of the protocol (determining which epochs
are in use in which flights, when they are changed, etc. -- this would normally
determine when we drop epochs).

Moreover, with DTLS 1.3, CIDs are no longer uniquely associated to epochs,
but every epoch may use a set of CIDs of varying lengths -- in that case,
it's even theoretically impossible to do record header parsing based on
the epoch configuration only.

We must therefore seek a way for standalone record header parsing, which
means that we must either (a) fix the CID lengths for incoming records,
or (b) allow the application-code to configure a callback to implement
an application-specific CID parsing which would somehow infer the length
of the CID from the CID itself.

Supporting multiple lengths for incoming CIDs significantly increases
complexity while, on the other hand, the restriction to a fixed CID length
for incoming CIDs (which the application controls - in contrast to the
lengths of the CIDs used when writing messages to the peer) doesn't
appear to severely limit the usefulness of the CID extension.

Therefore, the initial implementation of the CID feature will require
a fixed length for incoming CIDs, which is what this commit enforces,
in the following way:

In order to avoid a change of API in case support for variable lengths
CIDs shall be added at some point, we keep mbedtls_ssl_set_cid(), which
includes a CID length parameter, but add a new API mbedtls_ssl_conf_cid_len()
which applies to an SSL configuration, and which fixes the CID length that
any call to mbetls_ssl_set_cid() which applies to an SSL context that is bound
to the given SSL configuration must use.

While this creates a slight redundancy of parameters, it allows to
potentially add an API like mbedtls_ssl_conf_cid_len_cb() later which
could allow users to register a callback which dynamically infers the
length of a CID at record header parsing time, without changing the
rest of the API.
2019-06-03 16:07:50 +01:00
Hanno Becker 554b6ea30a Correct compile-time guard around unhexify() in ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker dec2552a92 Change formating of CID debug output in ssl_client2/ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker 957dd921f1 Print peer CID from ssl_client2 2019-06-03 14:42:08 +01:00
Hanno Becker 735c716e2a Print peer CID from ssl_server2 2019-06-03 14:42:08 +01:00
Hanno Becker 982182f342 Improve wording of CID debug msg in ssl_server2 example application 2019-06-03 14:42:08 +01:00
Hanno Becker a7d2542248 ssl_server2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker 90cb359cf0 ssl_client2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker 1f583eecd8 ssl_client2: Add helper to unhexify binary command line data 2019-06-03 14:42:08 +01:00
Hanno Becker ebafe8b7cc Update query_config.c 2019-06-03 14:42:08 +01:00
Ron Eldor 51c4507b9c Remove unneeded whitespaces
Delete extra whitespace in Changelog and in paramter alignment.
2019-05-15 17:49:54 +03:00
Ron Eldor 801faf0fa1 Fix mingw CI failures
Change `%z` formatting of `size_t` to `%u` and casting to unsigned.
2019-05-15 17:45:24 +03:00
Ron Eldor f75e252909 Add test for export keys functionality
Add test in `ssl-opts.sh` that the export keys callback
is actually called.
2019-05-15 13:57:39 +03:00
Ron Eldor 51d3ab544f Add public API for tls_prf
Add a public API for key derivation, introducing an enum for `tls_prf`
type.
2019-05-15 13:53:02 +03:00
Ron Eldor b7fd64ce2b Add eap-tls key derivation in the examples.
Add support for eap-tls key derivation functionality,
in `ssl_client2` and `ssl_server2` reference applications.
2019-05-15 13:41:42 +03:00
Jaeden Amero 1439b09049 Merge remote-tracking branch 'origin/pr/2540' into development
* origin/pr/2540:
  Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
2019-04-24 11:20:31 +01:00
Jaeden Amero 3956a847e6 Merge remote-tracking branch 'origin/pr/2092' into development
* origin/pr/2092:
  Add more missing parentheses around macro parameters
  Add further missing brackets around macro parameters
  Adapt ChangeLog
  Improve macro hygiene
2019-04-24 11:17:21 +01:00
Jaeden Amero fe7106755e Merge remote-tracking branch 'origin/pr/2539' into development
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
2019-04-16 15:05:18 +01:00
Jaeden Amero ff34d43720 Merge remote-tracking branch 'origin/pr/2532' into development
* origin/pr/2532: (29 commits)
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix name to function call
  Address comments for x509 tests
  Address review comments regarding ssl_client2 and ssl tests
  Remove mbedtls_ from the static function name
  Change docs according to review comments
  Change the verify function naming
  Fix ssl_client2 and ssl_server2 if !PLATFORM_C
  Correct placement of usage macro in ssl_client2
  Update version_features.c
  Remove trailing whitespace in test_suite_x509parse.function
  Update query_config.c
  Add ssl-opt.sh tests for trusted CA callbacks
  Only run X.509 CRT verification tests with CA callback tests if !CRL
  Minor fixes to CA callback tests
  Declare CA callback type even if feature is disabled
  Implement X.509 CRT verification using CA callback
  Add prototype for CRT verification with static and dynamic CA list
  Make use of CA callback if present when verifying peer CRT chain
  ...
2019-04-16 14:42:11 +01:00
Janos Follath ae13beb1d9 Rename constant in client2.c 2019-04-05 16:50:39 +01:00
Janos Follath d7ecbd6914 Fix style issues and a typo 2019-04-05 16:44:42 +01:00
Jaeden Amero bc5de0f12f Merge remote-tracking branch 'origin/pr/2368' into development
Move ChangeLog entry to BugFix section.

* origin/pr/2368:
  Fix default port number information
2019-04-05 14:23:48 +01:00
Ron Eldor 80d0419189 Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
Add checks in `ssl_server2` that `MBEDTLS_X509_CRL_PARSE_C` is defined
to fix compilation issue. Fixes #560.
2019-04-04 15:05:18 +03:00
Hanno Becker bb425dbb1b Add cmd to use context-specific CRT callback in ssl_client2 2019-04-03 13:11:15 +01:00
Jarno Lamsa f7a7f9ee43 Address review comments regarding ssl_client2 and ssl tests 2019-04-01 15:11:54 +03:00
Hanno Becker d6d100beb7 Fix ssl_client2 and ssl_server2 if !PLATFORM_C
The CA callback changes introduce mbedtls_calloc() and
mbedtls_free() to ssl_client2 and ssl_server2, which
wasn't defined unless MBEDTLS_PLATFORM_C was set.
2019-03-30 06:27:43 +00:00
Hanno Becker 1bac87c5dc Correct placement of usage macro in ssl_client2 2019-03-29 12:02:26 +00:00
Hanno Becker fa738d148d Update query_config.c 2019-03-28 17:06:04 +00:00
Hanno Becker cbb590369c Minor fixes to CA callback tests 2019-03-28 16:13:44 +00:00
Jarno Lamsa 1b4a2bad7a Add possibility to use ca_callbacks in ssl programs 2019-03-28 16:13:43 +00:00
Jaeden Amero 0ea33776ce Merge remote-tracking branch 'restricted/pr/552' into development
Ensure this merge passes tests by auto-generating query_config.c, adding
MBEDTLS_ECDH_LEGACY_CONTEXT to it.

* restricted/pr/552:
  Fix mbedtls_ecdh_get_params with new ECDH context
  Test undefining MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh
  Define MBEDTLS_ECDH_LEGACY_CONTEXT in config.h
  Add changelog entry for mbedtls_ecdh_get_params robustness
  Fix ecdh_get_params with mismatching group
  Add test case for ecdh_get_params with mismatching group
  Add test case for ecdh_calc_secret
  Fix typo in documentation
2019-03-27 17:01:16 +00:00
Jaeden Amero 57f4d9e4fe Update crypto submodule to test with private headers
Update the crypto submodule to the top of the Mbed Crypto development
branch. This brings in a version of Mbed Crypto that enables building
Mbed Crypto tests that depend on private headers, like
'psa_crypto_invasive.h'.

This also requires updating our config.h to include new configuration
options added to Mbed Crypto. MBEDTLS_PSA_ITS_FILE_C replaces
MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C and MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C.
MBEDTLS_PSA_INJECT_ENTROPY replaces MBEDTLS_PSA_HAS_ITS_IO.
2019-03-19 15:45:09 +00:00
irwir f5ce5d52ac Fix default port number information 2019-03-03 12:45:34 +03:00
Simon Butcher 535ee4a35b Merge remote-tracking branch 'public/pr/2421' into development
* public/pr/2421: (68 commits)
  Fix unused variable warning in ssl_parse_certificate_coordinate()
  Add missing compile time guard in ssl_client2
  Update programs/ssl/query_config.c
  ssl_client2: Reset peer CRT info string on reconnect
  Add further debug statements on assertion failures
  Fix typo in documentation of ssl_parse_certificate_chain()
  Add debug output in case of assertion failure
  Fix typo in SSL ticket documentation
  Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
  ssl_client2: Zeroize peer CRT info buffer when reconnecting
  Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT
  ssl_client2: Extract peer CRT info from verification callback
  Improve documentation of mbedtls_ssl_get_peer_cert()
  Improve documentation of MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
  Fix indentation of Doxygen comment in ssl_internal.h
  Set peer CRT length only after successful allocation
  Remove question in comment about verify flags on cli vs. server
  Remove misleading and redundant guard around restartable ECC field
  Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
  Free peer CRT chain immediately after verifying it
  ...
2019-03-01 12:46:07 +00:00
Manuel Pégourié-Gonnard 56b9a939a0 Update query_config.c 2019-03-01 10:23:46 +01:00
Hanno Becker bdf75eb243 Add missing compile time guard in ssl_client2 2019-02-27 08:34:31 +00:00
Hanno Becker 775655eead Update programs/ssl/query_config.c 2019-02-26 14:38:40 +00:00
Hanno Becker 23699efe78 ssl_client2: Reset peer CRT info string on reconnect 2019-02-26 14:38:09 +00:00
Hanno Becker a1051b4e9a ssl_client2: Zeroize peer CRT info buffer when reconnecting 2019-02-26 14:38:09 +00:00
Hanno Becker a9766c2c23 ssl_client2: Extract peer CRT info from verification callback
So far, `ssl_client2` printed the CRT info for the peer's CRT
by requesting the latter through `mbedtls_ssl_get_peer_cert()`
at the end of the handshake, and printing it via
`mbedtls_x509_crt_info()`. When `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE`
is disabled, this does no longer work because the peer's CRT
isn't stored beyond the handshake.

This makes some tests in `ssl-opt.sh` fail which rely on the CRT
info output for the peer certificate.

This commit modifies `ssl_client2` to extract the peer CRT info
from the verification callback, which is always called at a time
when the peer's CRT is available. This way, the peer's CRT info
is still printed if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is disabled.
2019-02-26 14:38:09 +00:00
Jaeden Amero 415620c1f2 Merge remote-tracking branch 'origin/pr/2105' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-22 10:33:15 +00:00
Hanno Becker 1eeca41472 Improve macro hygiene
This commit improves hygiene and formatting of macro definitions
throughout the library. Specifically:
- It adds brackets around parameters to avoid unintended
  interpretation of arguments, e.g. due to operator precedence.
- It adds uses of the `do { ... } while( 0 )` idiom for macros that
  can be used as commands.
2019-02-19 17:59:00 +00:00
Andres Amaya Garcia 54efcb7ff0 Update query config with VSNPRINTF macro 2019-02-11 21:55:09 +00:00
Andres Amaya Garcia e7856bfc6d Suppress visual studio preprocessor warnings on query_config.c 2019-02-07 10:38:23 +00:00
Andres Amaya Garcia 8645f733cf Update query_config.c with new macros 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia ef672f0319 Exclude macros from query_config.c generation 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 27b3372c45 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 5bc6e92b70 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia cb9c015558 Improve cmake inclusion of query_config.c when building apps 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia c28da7ea43 Improve comments in query_config.fmt 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 5aca555391 Fix GCC 0-length printf format string error 2019-02-07 10:38:22 +00:00
Andres AG 458148681d Ensure query_config.c includes stdio only when needed 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia bb923642c3 Update programs/ssl/CMakeLists.txt with query_config.c dep 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 3b2f9d3ca8 query_config.c: remove duplicated inc of platform.h 2019-02-07 10:37:39 +00:00
Andres Amaya Garcia bc81884e3a Query config through ssl_server2 and ssl_client2 cmdline 2019-02-07 10:36:50 +00:00
Andrzej Kurek b274f2739e Documentation fixes 2019-02-05 05:06:35 -05:00
Andrzej Kurek c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Jaeden Amero 6f4a8ef1ee Merge remote-tracking branch 'origin/pr/2137' into development 2019-01-30 14:55:09 +00:00
Hanno Becker 32809e8c70 PSA: Adapt ssl_server2 to modified key allocation API 2019-01-25 14:31:00 +00:00
Hanno Becker 9bd8842c77 PSA: Adapt ssl_server2 to hew key policy initialization API 2019-01-25 14:27:01 +00:00
Hanno Becker 1387124c89 PSA: Adapt ssl_client2 to new key policy initialization API 2019-01-25 14:26:26 +00:00
Hanno Becker 37519ea5f8 PSA: Adapt ssl_client2 to modified key slot allocation API 2019-01-25 14:26:01 +00:00
Andrzej Kurek 2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
Manuel Pégourié-Gonnard 3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Simon Butcher 63cb97e562 Add handlers for parameter validation in the sample programs
The sample programs require an additional handler function of
mbedtls_param_failed() to handle any failed parameter validation checks enabled
by the MBEDTLS_CHECK_PARAMS config.h option.
2018-12-11 12:28:56 +01:00
Hanno Becker 485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Manuel Pégourié-Gonnard cfdf8f4d8f Implement key_opaque option to ssl_client2 2018-11-22 14:35:11 +00:00
Manuel Pégourié-Gonnard ef68be4553 Add option key_opaque to ssl_client2 (skeleton)
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
2018-11-22 14:35:11 +00:00
Hanno Becker c44e0a4bd1 Initialize PSA key slot as invalid in ssl_client2.c
Otherwise, if `mbedtls_psa_get_free_key_slot()` fails to find a fresh
key slot, the slot value will be undefined, and the call to
`psa_destroy_key()` at the end of `main()` is undefined behavior.
2018-11-21 21:12:58 +00:00
Hanno Becker 1d911cd59d Automatically allocate opaque PSK key slots in ssl_{client/server}2
Previously, command line arguments `psk_slot` and `psk_list_slot`
could be used to indicate the PSA key slots that the example
applications should use to store the PSK(s) provided.

This commit changes this approach to use the utility function
`mbedtls_psa_get_free_key_slot()` to obtain free key slots from
the PSA Crypto implementation automatically, so that users only
need to pass boolean flags `psk_opaque` and `psk_list_opaque`
on the command line to enable / disable PSA-based opaque PSKs.
2018-11-21 21:12:58 +00:00
Hanno Becker c43b6ea847 Destroy PSA-based temporary opaque PSKs at the end of ssl_server2 2018-11-21 21:12:58 +00:00
Hanno Becker 3f24ea976d Destroy PSA-based temporary opaque PSK key at the end of ssl_client2 2018-11-21 21:12:58 +00:00
Hanno Becker 5cd607bf2e Remove overly long line in ssl_client2.c 2018-11-21 21:12:58 +00:00
Hanno Becker b64ba5f2c0 Add support for opaque PSKs to ssl_server2 example application
This commit adds command line parameters `psk_slot` and `psk_list_slot`
to the example application `programs/ssl/ssl_server2`. These have the
following semantics:

- `psk_slot`: The same semantics as for the `ssl_client2` example
   application. That is, if a PSK is configured through the use
   of the command line parameters `psk` and `psk_identity`, then
   `psk_slot=X` can be used to import the PSK into PSA key slot X
   and registering it statically with the SSL configuration through
   the new API call mbedtls_ssl_conf_hs_opaque().
- `psk_list_slot`: In addition to the static PSK registered in the
   the SSL configuration, servers can register a callback for picking
   the PSK corresponding to the PSK identity that the client chose.
   The `ssl_server2` example application uses such a callback to select
   the PSK from a list of PSKs + Identities provided through the
   command line parameter `psk_list`, and to register the selected
   PSK via `mbedtls_ssl_set_hs_psk()`. In this case, the new parameter
   `psk_list_slot=X` has the effect of registering all PSKs provided in
   in `psk_list` as PSA keys in the key slots starting from slot `X`,
   and having the PSK selection callback register the chosen PSK
   through the new API function `mbedtls_ssl_set_hs_psk_opaque()`.
2018-11-21 21:12:58 +00:00
Hanno Becker e86964ca01 Add support for opaque PSKs in ssl_client2 example program
This commit adds support for the use of PSA-based opaque PSKs
in the TLS client example application programs/ssl/ssl_client2.

Specifically, a numerical command line option `psk_slot` with
the following constraints and semantics is added:
- It can only be used alongside the provisioning of a raw PSK
  through the preexisting `psk` command line option.
- It can only be used if both TLS 1.2 and a PSK-only ciphersuite
  are enforced through the appropriate use of the `min_version`
  and `force_ciphersuite` command line options.
- If the previous conditions are met, setting `psk_slot=d` will
  result in the PSA key slot with identifier `d` being populated
  with the raw PSK data specified through the `psk` parameter
  and passed to Mbed TLS via `mbedtls_ssl_conf_psk_opaque()`
  prior to the handshake.

Enforcing the TLS version and ciphersuite is necessary to determine
the exact KDF algorithm the PSK will be used for. This is required
as it is currently not possible to set up a key without specifying
exactly one algorithm the key may be used with.
2018-11-21 21:12:58 +00:00
Hanno Becker 5a9942e7d2 Initialize PSA Crypto implementation in ssl_server2 2018-11-21 21:08:43 +00:00
Hanno Becker b2b468ba45 Initialize PSA Crypto implementation in ssl_client2.c 2018-11-21 21:08:43 +00:00
Simon Butcher b4e5451326 Merge remote-tracking branch 'public/pr/2070' into development-proposed 2018-10-28 16:53:48 +00:00
Simon Butcher ddc9e26b3b Merge remote-tracking branch 'public/pr/1627' into development 2018-10-27 18:27:41 +01:00
Hanno Becker 5ddc063c88 Correct typo 2018-10-26 16:50:05 +01:00
Hanno Becker d0d01c584e Document psk_list parameter of ssl_server2 example program 2018-10-25 16:56:37 +01:00
Manuel Pégourié-Gonnard 25781f90da Fix missing check in example client
And a mis-indented check as well.
2018-10-15 15:28:16 +02:00
Manuel Pégourié-Gonnard 6346a75dfb Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  ssl-opt.sh: change expected output for large srv packet test with SSLv3
  Adapt ChangeLog
  Fix bug in SSL ticket implementation removing keys of age < 1s
  ssl-opt.sh: Add DTLS session resumption tests
  Add ChangeLog entry
  Fix typo
  Fix hmac_drbg failure in benchmark, with threading
  Remove trailing whitespace
  Remove trailing whitespace
  ssl_server2: add buffer overhead for a termination character
  Add missing large and small packet tests for ssl_server2
  Added buffer_size and response_size options for ssl-server2. Added appropriate tests.

Solving a conflict in tests/ssl-opt.sh: two set of tests were added at the
same place (just after large packets):
- restartable ECC tests (in this branch)
- server-side large packets (in development)

Resolution was to move the ECC tests after the newly added server large packet
ones.
2018-10-15 11:26:17 +02:00
Hanno Becker 095d9cf58e Fix ordering of free()ing of internal structures in ssl_server2
If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS'
custom buffer allocator is used for calloc() and free(), the
read buffer used by the server example application is allocated
from the buffer allocator, but freed after the buffer allocator
has been destroyed. If memory backtracing is enabled, this leaves
a memory leak in the backtracing structure allocated for the buffer,
as found by valgrind.

Fixes #2069.
2018-10-09 12:44:42 +01:00
Simon Butcher 0592ea772a Merge remote-tracking branch 'public/pr/1140' into development 2018-09-27 11:37:42 +01:00
Manuel Pégourié-Gonnard 125af948c3 Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted
* development-restricted: (578 commits)
  Update library version number to 2.13.1
  Don't define _POSIX_C_SOURCE in header file
  Don't declare and define gmtime()-mutex on Windows platforms
  Correct preprocessor guards determining use of gmtime()
  Correct documentation of mbedtls_platform_gmtime_r()
  Correct typo in documentation of mbedtls_platform_gmtime_r()
  Correct POSIX version check to determine presence of gmtime_r()
  Improve documentation of mbedtls_platform_gmtime_r()
  platform_utils.{c/h} -> platform_util.{c/h}
  Don't include platform_time.h if !MBEDTLS_HAVE_TIME
  Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Replace 'thread safe' by 'thread-safe' in the documentation
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  ChangeLog: Add missing renamings gmtime -> gmtime_r
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  Minor documentation improvements
  Style: Add missing period in documentation in threading.h
  Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
  Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT
  ...
2018-09-11 12:39:14 +02:00
Simon Butcher 14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher 1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Hanno Becker 1841b0a11c Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00
Hanno Becker f61ff4e1d6 ssl_server2: Remove redundant new line 2018-08-21 13:17:47 +01:00
Hanno Becker 6aeaa05a95 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-20 12:53:37 +01:00
Manuel Pégourié-Gonnard 6e7aaca146 Move MTU setting to SSL context, not config
This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)

There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
  during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
  based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 10:37:23 +02:00
Hanno Becker 4d61591c0c Add cmd line option to ssl_client2 for datagram packing
This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_client2
allowing to allow/forbid the use of datagram packing.
2018-08-17 15:45:40 +01:00
Hanno Becker e7675d0d3d Add cmd line option to ssl_server2 for datagram packing
This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_server2
allowing to allow/forbid the use of datagram packing.
2018-08-17 15:45:33 +01:00
Manuel Pégourié-Gonnard b747c6cf9b Add basic first tests for MTU setting
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Mohammad Azim Khan 9ebdcffef4 Fix Wformat-overflow warning in ssl_mail_client.c
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-14 11:02:23 +01:00
Simon Butcher 2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher 116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher cce68bec1d Add a macro to define the memory size in ssl_server2.c
When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
2018-07-23 14:26:09 +01:00
Simon Butcher ccbd46435f Increase the memory buffer size for ssl_server2.c
Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
2018-07-22 14:43:39 +01:00
Andres Amaya Garcia ce6fbac247 Fix ssl_client2 to send 0-length app data 2018-07-20 23:09:29 +01:00
Simon Butcher fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Nicholas Wilson 61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00
Andrzej Kurek 755890f529 Remove trailing whitespace 2018-06-27 03:57:15 -04:00
Nicholas Wilson 2682edf205 Fix build using -std=c99
In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
2018-06-25 12:00:26 +01:00
Andrzej Kurek da4029d665 ssl_server2: add buffer overhead for a termination character
Switch to mbedtls style of memory allocation
2018-06-20 07:07:55 -04:00
Andrzej Kurek 30e731decd Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-06-20 04:22:06 -04:00
Manuel Pégourié-Gonnard 79d9b50421 Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development: (180 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-20 09:46:17 +02:00
Simon Butcher 688a456f58 Merge remote-tracking branch 'public/pr/1734' into development 2018-06-17 17:35:34 +01:00
Simon Butcher 5f57f1e3cc Merge remote-tracking branch 'public/pr/1270' into development 2018-06-15 14:17:31 +01:00
Gilles Peskine d5d983e168 ssl_server2: handle mbedtls_x509_dn_gets failure
If mbedtls_x509_dn_gets fails, the server could end up calling printf
on an uninitialized buffer. Check if the function succeeds. Found by
Coverity.
2018-06-15 14:05:10 +02:00
Andres Amaya Garcia 7d42965ea8 Fix typo in platform macro defines for examples 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 67a42acfb8 Fix ret code in ssl_mail_client.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia 4be53b5519 Fix ret code in ssl_fork_server.c 2018-06-14 23:01:10 +01:00
Andres Amaya Garcia 5517202541 Fix ret code in ssl_client1.c 2018-06-14 23:01:10 +01:00
Gilles Peskine 4481744538 Fix memory leak in ssl_server2 with SNI + async callback
In ssl_server2, the private key objects are normally local variables
of the main function. However this does not hold for private keys in
the SNI configuration. When async callbacks are used, the test code
transfers the ownership of the private keys to the async callbacks.
Therefore the test code must free the SNI private keys through the
async callbacks (but it must not free the straight private keys this
way since they are not even heap-allocated).
2018-06-14 13:26:52 +02:00
Gilles Peskine e247989061 SNI + SSL async callback: make all keys async
When testing async callbacks with SNI, make all the keys async, not
just the first one. Otherwise the test is fragile with respect to
whether a key is used directly or through the async callbacks.
2018-06-14 13:26:52 +02:00
Gilles Peskine 2636fade52 ssl_async_resume: free the operation context on error 2018-06-14 13:26:52 +02:00
Gilles Peskine f5a9996088 ssl_server2: get op_name from context in ssl_async_resume as well 2018-06-14 13:26:52 +02:00
Gilles Peskine 3dae1cfa3a Async callback: use mbedtls_pk_check_pair to compare keys
In the current test code, the object that is used as a public key in
the certificate also contains a private key. However this is because
of the way the stest code is built and does not demonstrate the API in
a useful way. Use mbedtls_pk_check_pair, which is not what real-world
code would do (since the private key would typically be in an external
cryptoprocessor) but is a more representative placeholder.
2018-06-14 13:26:51 +02:00
Gilles Peskine a668c60186 Rename mbedtls_ssl_async_{get,set}_data for clarity
Rename to mbedtls_ssl_get_async_operation_data and
mbedtls_ssl_set_async_operation_data so that they're about
"async operation data" and not about some not-obvious "data".
2018-06-14 13:26:51 +02:00
Gilles Peskine 166ce748cf SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
The certificate passed to async callbacks may not be the one set by
mbedtls_ssl_conf_own_cert. For example, when using an SNI callback,
it's whatever the callback is using. Document this, and add a test
case (and code sample) with SNI.
2018-06-14 13:26:51 +02:00
Gilles Peskine d6fbfde994 ssl_async_set_key: detect if ctx->slots overflows 2018-06-14 13:26:51 +02:00
Gilles Peskine 4d9ec4dcf7 Fix uninitialized variable in ssl_server2 2018-06-14 13:26:51 +02:00
Gilles Peskine 6331d78675 Don't use the printf format %zd
We target C89 libc, so don't use %zd or %zu. Just use %u, and make
slot numbers `unsigned` for simplicity.
2018-06-14 13:26:51 +02:00
Gilles Peskine 3f3ada8839 Fix memory leak in ssl_server2 with SNI + async callback
In ssl_server2, the private key objects are normally local variables
of the main function. However this does not hold for private keys in
the SNI configuration. When async callbacks are used, the test code
transfers the ownership of the private keys to the async callbacks.
Therefore the test code must free the SNI private keys through the
async callbacks (but it must not free the straight private keys this
way since they are not even heap-allocated).
2018-06-13 18:09:28 +02:00
Gilles Peskine 157f6d8f74 SNI + SSL async callback: make all keys async
When testing async callbacks with SNI, make all the keys async, not
just the first one. Otherwise the test is fragile with respect to
whether a key is used directly or through the async callbacks.
2018-06-13 18:06:51 +02:00
Manuel Pégourié-Gonnard 558da9c3fe Make SSL error code more generic
It's undesirable to have users of the SSL layer check for an error code
specific to a lower-level layer, both out of general layering principles, and
also because if we later make another crypto module gain resume capabilities,
we would need to change the contract again (checking for a new module-specific
error code).
2018-06-13 12:02:12 +02:00
Manuel Pégourié-Gonnard da19f4c79f Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
Summary of merge conflicts:

include/mbedtls/ecdh.h -> documentation style
include/mbedtls/ecdsa.h -> documentation style
include/mbedtls/ecp.h -> alt style, new error codes, documentation style
include/mbedtls/error.h -> new error codes
library/error.c -> new error codes (generated anyway)
library/ecp.c:
    - code of an extracted function was changed
library/ssl_cli.c:
    - code addition on one side near code change on the other side
      (ciphersuite validation)
library/x509_crt.c -> various things
    - top fo file: helper structure added near old zeroize removed
    - documentation of find_parent_in()'s signature: improved on one side,
      added arguments on the other side
    - documentation of find_parent()'s signature: same as above
    - verify_chain(): variables initialised later to give compiler an
      opportunity to warn us if not initialised on a code path
    - find_parent(): funcion structure completely changed, for some reason git
      tried to insert a paragraph of the old structure...
    - merge_flags_with_cb(): data structure changed, one line was fixed with a
      cast to keep MSVC happy, this cast is already in the new version
    - in verify_restratable(): adjacent independent changes (function
      signature on one line, variable type on the next)
programs/ssl/ssl_client2.c:
    - testing for IN_PROGRESS return code near idle() (event-driven):
      don't wait for data in the the socket if ECP_IN_PROGRESS
tests/data_files/Makefile: adjacent independent additions
tests/suites/test_suite_ecdsa.data: adjacent independent additions
tests/suites/test_suite_x509parse.data: adjacent independent additions

* development: (1059 commits)
  Change symlink to hardlink to avoid permission issues
  Fix out-of-tree testing symlinks on Windows
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  ...
2018-06-13 09:52:54 +02:00
Gilles Peskine 3cde2fca53 ssl_async_resume: free the operation context on error 2018-06-12 14:17:39 +02:00
Darryl Green 11999bb72e Fix minor code style issues 2018-05-15 09:21:57 +01:00
Simon Butcher 6fd96addf4 Change the default IP addresses for DTLS samples
Changes the IP address to bind to for dtls_server.c to be "::" or optionally
"0.0.0.0" if the preprocessor symbol FORCE_IPV4 is defined.

Also changes the destinaton IP address for dtls_client.c to be "::1" or if
FORCE_IPV4 symbol is defined "127.0.0.1".

This change allows on compilation dtls_server.c and dtls_client.c to both be
compiled to use either IPv4 or IPv6 so out of the box they will work together
without problem, and to avoid dtls_server.c binding to IPv6 and dtls_client.c
binding to IPv4.
2018-05-12 18:23:32 +01:00
Gilles Peskine 276b9a650c ssl_server2: get op_name from context in ssl_async_resume as well 2018-04-30 16:39:35 +02:00
Gilles Peskine 26d01bcb5c Async callback: use mbedtls_pk_check_pair to compare keys
In the current test code, the object that is used as a public key in
the certificate also contains a private key. However this is because
of the way the stest code is built and does not demonstrate the API in
a useful way. Use mbedtls_pk_check_pair, which is not what real-world
code would do (since the private key would typically be in an external
cryptoprocessor) but is a more representative placeholder.
2018-04-30 12:07:56 +02:00
Gilles Peskine 1febfef561 Rename mbedtls_ssl_async_{get,set}_data for clarity
Rename to mbedtls_ssl_get_async_operation_data and
mbedtls_ssl_set_async_operation_data so that they're about
"async operation data" and not about some not-obvious "data".
2018-04-30 11:54:39 +02:00
Gilles Peskine 807d74a062 SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
The certificate passed to async callbacks may not be the one set by
mbedtls_ssl_conf_own_cert. For example, when using an SNI callback,
it's whatever the callback is using. Document this, and add a test
case (and code sample) with SNI.
2018-04-30 10:30:49 +02:00
Gilles Peskine 0b53e24c6b ssl_async_set_key: detect if ctx->slots overflows 2018-04-30 10:23:56 +02:00
Gilles Peskine 9de55fab56 Fix uninitialized variable in ssl_server2 2018-04-26 14:33:43 +02:00
Gilles Peskine 5bea9f61b9 Don't use the printf format %zd
We target C89 libc, so don't use %zd or %zu. Just use %u, and make
slot numbers `unsigned` for simplicity.
2018-04-26 13:29:17 +02:00
Gilles Peskine 8f97af7ea3 Don't pass the async config data to async callbacks
The config data is in the SSL config, so callbacks can retrieve it
from there, with the new function mbedtls_ssl_conf_get_async_config_data.
2018-04-26 11:46:10 +02:00
Gilles Peskine a36ac4fe68 New wrapper mbedtls_status_is_ssl_in_progress(ret)
Wrapper function to check whether a return status indicates that an
SSL operation is in progress.
2018-04-26 10:00:40 +02:00
Gilles Peskine c912572a7f ssl_server2: merge redundant async_private_error=resume/pk
Testing the case where the resume callback returns an error at the
beginning and the case where it returns an error at the end is
redundant. Keep the test after the output has been produced, to
validate that the product does not use even a valid output if the
return value is an error code.
2018-04-26 10:00:40 +02:00
Gilles Peskine d3268834f3 Document what the SSL async sign callback needs to do with RSA
Document how the SSL async sign callback must treat its md_alg and
hash parameters when doing an RSA signature: sign-the-hash if md_alg
is nonzero (TLS 1.2), and sign-the-digestinfo if md_alg is zero
(TLS <= 1.1).

In ssl_server2, don't use md_alg=MBEDTLS_MD_NONE to indicate that
ssl_async_resume must perform an encryption, because md_alg is also
MBEDTLS_MD_NONE in TLS <= 1.1. Add a test case to exercise this
case (signature with MBEDTLS_MD_NONE).
2018-04-26 10:00:40 +02:00
Gilles Peskine ceb541b7de ssl_server2: rename delay in ssl_async_operation_context_t
Rename to remaining_delay to convey that it is decremented over time.
2018-04-26 10:00:40 +02:00
Gilles Peskine ad28bf0e58 Documentation improvements 2018-04-26 10:00:40 +02:00
Gilles Peskine df13d5c7a6 Pass the SSL context to async callbacks
When a handshake step starts an asynchronous operation, the
application needs to know which SSL connection the operation is for,
so that when the operation completes, the application can wake that
connection up. Therefore the async start callbacks need to take the
SSL context as an argument. It isn't enough to let them set a cookie
in the SSL connection, the application needs to be able to find the
right SSL connection later.

Also pass the SSL context to the other callbacks for consistency. Add
a new field to the handshake that the application can use to store a
per-connection context. This new field replaces the former
context (operation_ctx) that was created by the start function and
passed to the resume function.

Add a boolean flag to the handshake structure to track whether an
asynchronous operation is in progress. This is more robust than
relying on the application to set a non-null application context.
2018-04-26 10:00:40 +02:00
Gilles Peskine b74a1c73b1 Rename MBEDTLS_SSL_ASYNC_PRIVATE_C to MBEDTLS_SSL_ASYNC_PRIVATE
This is an optional feature, not a module of its own, so don't call it
MBEDTLS_xxx_C and put it in the appropriate section of config.h.
2018-04-26 10:00:39 +02:00
Gilles Peskine f112725487 Style and grammar fixes 2018-04-26 10:00:39 +02:00
Gilles Peskine 12ab5d4cfb Don't shadow the variable p 2018-04-26 10:00:39 +02:00
Gilles Peskine b44692f126 Merge branch 'mbedtls_ssl_get_key_exchange_md_ssl_tls-return_hashlen' into tls_async_server-2.9
Conflict resolution:
* ChangeLog: put the new entry from my branch in the proper place.
* include/mbedtls/error.h: counted high-level module error codes again.
* include/mbedtls/ssl.h: picked different numeric codes for the
  concurrently added errors; made the new error a full sentence per
  current standards.
* library/error.c: ran scripts/generate_errors.pl.
* library/ssl_srv.c:
    * ssl_prepare_server_key_exchange "DHE key exchanges": the conflict
      was due to style corrections in development
      (4cb1f4d49c) which I merged with
      my refactoring.
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first case, variable declarations: merged line
      by line:
        * dig_signed_len: added in async
        * signature_len: removed in async
        * hashlen: type changed to size_t in development
        * hash: size changed to MBEDTLS_MD_MAX_SIZE in async
        * ret: added in async
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first cae comment: the conflict was due to style
      corrections in development (4cb1f4d49c)
      which I merged with my comment changes made as part of refactoring
      the function.
    * ssl_prepare_server_key_exchange "Compute the hash to be signed" if
      `md_alg != MBEDTLS_MD_NONE`: conflict between
      ebd652fe2d
      "ssl_write_server_key_exchange: calculate hashlen explicitly" and
      46f5a3e9b4 "Check return codes from
      MD in ssl code". I took the code from commit
      ca1d742904 made on top of development
      which makes mbedtls_ssl_get_key_exchange_md_ssl_tls return the
      hash length.
* programs/ssl/ssl_server2.c: multiple conflicts between the introduction
  of MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and new auxiliary functions and
  definitions for async support, and the introduction of idle().
    * definitions before main: concurrent additions, kept both.
    * main, just after `handshake:`: in the loop around
      mbedtls_ssl_handshake(), merge the addition of support for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and SSL_ASYNC_INJECT_ERROR_CANCEL
      with the addition of the idle() call.
    * main, if `opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM`: take the
      code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS.
    * main, loop around mbedtls_ssl_read() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
    * main, loop around mbedtls_ssl_write() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
2018-04-26 10:00:27 +02:00
Gilles Peskine fcca9d8cef SSL asynchronous decryption (server side): tests
Test SSL asynchronous private operation for the case of a
decryption operation on a server.
2018-04-24 09:36:37 +02:00
Gilles Peskine 60ee4cadce SSL asynchronous signature: basic test of recovery after error
Add test cases where the server goes through an async operation which
fails, then the server makes a successful connection.
2018-04-24 09:36:36 +02:00
Gilles Peskine 3665f1db9d SSL asynchronous signature: test cases
Add test cases for SSL asynchronous signature to ssl-opt.sh:

* Delay=0,1 to test the sequences of calls to f_async_resume
* Test fallback when the async callbacks don't support that key
* Test error injection at each stage
* Test renegotiation
2018-04-24 09:36:36 +02:00
Gilles Peskine 9eb5e9a16e SSL asynchronous private key operation callbacks: test server
New options in ssl_server2 to use the asynchronous private key
operation feature.

Features: resume delay to call resume more than once; error injection
at each stage; renegotiation support.
2018-04-24 09:32:29 +02:00
Hanno Becker 2bd57578af Merge branch 'development' into iotssl-1204 2018-03-28 14:52:35 +01:00
Hanno Becker ef52796537 Fix missing return statement ssl_server2 idling
Also, introduce MBEDTLS_EINTR locally in net_sockets.c
for the platform-dependent return code macro used by
the `select` call to indicate that the poll was interrupted
by a signal handler: On Unix, the corresponding macro is EINTR,
while on Windows, it's WSAEINTR.
2018-03-15 15:52:31 +00:00
Hanno Becker 9b2b66ebd2 Minor style corrections
Move function block brace outside conditional compilation
to not confuse some editors, and correct indentation.
2018-03-15 12:21:15 +00:00
Hanno Becker adfa64f0c4 Abort idle-loop in ssl_server2 if sockets gets invalid
Previously, the idling loop in ssl_server2 didn't check whether
the underlying call to mbedtls_net_poll signalled that the socket
became invalid. This had the consequence that during idling, the
server couldn't be terminated through a SIGTERM, as the corresponding
handler would only close the sockets and expect the remainder of
the program to shutdown gracefully as a consequence of this.
This was subsequently attempted to be fixed through a change
in ssl-opt.sh by terminating the server through a KILL signal,
which however lead to other problems when the latter was run
under valgrind.

This commit changes the idling loop in ssl_server2 and ssl_client2
to obey the return code of mbedtls_net_poll and gracefully shutdown
if an error occurs, e.g. because the socket was closed.

As a consequence, the server termination via a KILL signal in
ssl-opt.sh is no longer necessary, with the previous `kill; wait`
pattern being sufficient. The commit reverts the corresponding
change.
2018-03-15 11:43:41 +00:00
Hanno Becker b6f880b63b Revert whitespace change to ease merging 2018-03-13 12:48:50 +00:00
Hanno Becker ddc3ebbc3f Exemplify use of mbedtls_ssl_check_pending in ssl_server2.c 2018-03-13 11:48:32 +00:00