Commit graph

9810 commits

Author SHA1 Message Date
Jaeden Amero 4e0db5642a Merge branch 'mbedtls-2.18' into development
Bring Mbed TLS 2.18.0 and 2.18.1 release changes back into the
development branch. We had branched to release 2.18.0 and 2.18.1 in
order to allow those releases to go out without having to block work on
the `development` branch.

Manually resolve conflicts in the Changelog by moving all freshly addded
changes to a new, unreleased version entry.

Reject changes to include/mbedtls/platform.h made in the mbedtls-2.18
branch, as that file is now sourced from Mbed Crypto.

* mbedtls-2.18:
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
2019-08-27 11:18:28 +01:00
Jaeden Amero b2d61e3742 Merge remote-tracking branch 'origin/pr/2792' into development
Merged from the top PR in a multi-part PR series:
- https://github.com/ARMmbed/mbedtls/pull/2792 (merged from here)
- https://github.com/ARMmbed/mbedtls/pull/2791
- https://github.com/ARMmbed/mbedtls/pull/2789
- https://github.com/ARMmbed/mbedtls/pull/2788
- https://github.com/ARMmbed/mbedtls/pull/2785
- https://github.com/ARMmbed/mbedtls/pull/2766
- https://github.com/ARMmbed/mbedtls/pull/2764

* origin/pr/2792: (114 commits)
  Don't redefine calloc and free
  Add changelog entry to record checking
  Fix compiler warning
  Add debug messages
  Remove duplicate entries from ChangeLog
  Fix parameter name in doxygen
  Add missing guards for mac usage
  Improve reability and debugability of large if
  Fix a typo in a comment
  Fix MSVC warning
  Fix compile error in reduced configurations
  Avoid duplication of session format header
  Implement config-checking header to context s11n
  Provide serialisation API only if it's enabled
  Fix compiler warning: comparing signed to unsigned
  Actually reset the context on save as advertised
  Re-use buffer allocated by handshake_init()
  Enable serialisation tests in ssl-opt.sh
  Change requirements for setting timer callback
  Add setting of forced fields when deserializing
  ...
2019-08-27 08:34:58 +01:00
Jarno Lamsa 472a2a2fcd Don't redefine calloc and free 2019-08-23 13:13:52 +03:00
Jarno Lamsa 9e90df58c0 Add changelog entry to record checking
Add changelog entry to record checking. The record checking
feature is used with Connection ID and SSL context serialisation.
2019-08-23 13:11:31 +03:00
Jarno Lamsa b7b486cfd1 Fix compiler warning
Fix a compiler warning when MBEDTLS_SHA512_C isn't defined.
2019-08-23 13:11:31 +03:00
Jarno Lamsa 8c51b7cd94 Add debug messages
Add debug messages to easier identify which condition fails
with usage restrictions in mbedtls_ssl_context_save()
2019-08-23 13:11:31 +03:00
Jarno Lamsa bccf03591f Remove duplicate entries from ChangeLog 2019-08-23 13:11:31 +03:00
Jarno Lamsa b9ca1b0868 Fix parameter name in doxygen 2019-08-23 13:11:31 +03:00
Jarno Lamsa c84bd24224 Add missing guards for mac usage
There were couple of cases where guards were missing when
no ciphersuites are using mac.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard e458869b3f Improve reability and debugability of large if
Breaking into a series of statements makes things easier when stepping through
the code in a debugger.

Previous comments we stating the opposite or what the code tested for (what we
want vs what we're erroring out on) which was confusing.

Also expand a bit on the reasons for these restrictions.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 4ca930f8b9 Fix a typo in a comment 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard f041f4e19c Fix MSVC warning
We know the length of the ALPN string is always less than 255, so the cast to
uint8_t is safe.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 9a96fd7ac3 Fix compile error in reduced configurations
Found by running scripts/baremetal.h --rom --gcc --check after adding
MBEDTLS_SSL_CONTEXT_SERIALIZATION to baremetal.h
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 45ac1f0c92 Avoid duplication of session format header 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 4e9370ba91 Implement config-checking header to context s11n
Modelled after the config-checking header from session s11n.

The list of relevant config flags was established by manually checking the
fields serialized in the format, and which config.h flags they depend on.
This probably deserves double-checking by reviewers.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 5c0e377532 Provide serialisation API only if it's enabled 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 5ea13b854a Fix compiler warning: comparing signed to unsigned
Since the type of cid_len is unsigned but shorter than int, it gets
"promoted" to int (which is also the type of the result), unless we make the
other operand an unsigned int which then forces the expression to unsigned int
as well.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 9df5a82079 Actually reset the context on save as advertised
Also fix some wording in the documentation while at it.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 142ba736d9 Re-use buffer allocated by handshake_init()
This fixes a memory leak as well (found by running ssl-opt.sh in an Asan
build).
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 862b3196d6 Enable serialisation tests in ssl-opt.sh
They currently pass in a default build.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 13c8e68477 Change requirements for setting timer callback
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 0eb3eac023 Add setting of forced fields when deserializing 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard c86c5df081 Add saved fields from top-level structure 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 3309a67996 Fix memory leak in client/server2
context_buf was never free()d. Moreover, since we want to free it on error
paths as well, and even properly zeroize it in order to demonstrate good
memory hygiene, we need to make it and its length main()-scoped.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard c2a7b891a1 Add transform (de)serialization 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard b9dfc9fd30 Fix English in comments 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard a88399c091 Improve demo/testing code in client/server2
Previously it was missing reset in case 1, and in case 2 the code was never
executed as the option value was reset to 0.

Tighten checking of return values of save(NULL, 0) now that it works.

Also, improve the printed output as well as the comments.

I checked manually that everything now works and fail in the expected way:
save, reset-or-reinit and load all succeed, but the subsequent read or write
fails.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 4b7e6b925f Add session saving/loading
For now, the header (version+format bytes) is duplicated. This might be
optimized later.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 4c90e858b5 Add (stub) header writing and checking
The number of meaning of the flags will be determined later, when handling the
relevant struct members. For now three bytes are reserved as an example, but
this number may change later.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 0ff76407d2 Add usage checks in context_load() 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 00400c2bf6 Document internal serialisation format
This mainly follows the design document (saving all fields marked "saved" in
the main structure and the transform sub-structure) with two exceptions:

- things related to renegotiation are excluded here (there weren't quite in
  the design document as the possibility of allowing renegotiation was still
on the table, which is no longer is) - also, ssl.secure_renegotiation (which
is not guarded by MBEDTLS_SSL_RENEGOTIATION because it's used in initial
handshakes even with renegotiation disabled) is still excluded, as we don't
need it after the handshake.

- things related to Connection ID are added, as they weren't present at the
  time the design document was written.

The exact format of the header (value of the bitflag indicating compile-time
options, whether and how to merge it with the serialized session header) will
be determined later.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 1aaf66940e Implement usage checks in context_save()
Enforce restrictions indicated in the documentation.

This allows to make some simplifying assumptions (no need to worry about
saving IVs for CBC in TLS < 1.1, nor about saving handshake data) and
guarantees that all values marked as "forced" in the design document have the
intended values and can be skipped when serialising.

Some of the "forced" values are not checked because their value is a
consequence of other checks (for example, session_negotiated == NULL outside
handshakes). We do however check that session and transform are not NULL (even
if that's also a consequence of the initial handshake being over) as we're
going to dereference them and static analyzers may appreciate the info.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard 96fb0ee9cf Save Hello random bytes for later use 2019-08-23 13:11:31 +03:00
Jarno Lamsa ddf72a1cf6 Fix style issues 2019-08-23 13:07:05 +03:00
Jarno Lamsa 8e2532196d Set timer callbacks with serialization 2019-08-23 13:05:43 +03:00
Jarno Lamsa 1a7f7936f3 Fix spacing 2019-08-23 13:05:43 +03:00
Jarno Lamsa 15b3a7ae4d Fix compiler warnings 2019-08-23 13:05:42 +03:00
Jarno Lamsa c2376f049a Add tests for re-init flow for context serialization 2019-08-23 13:05:42 +03:00
Jarno Lamsa 304d61cede Add option for ssl-context re-initialization flow 2019-08-23 13:05:34 +03:00
Jarno Lamsa 12021ee115 Fix spacing 2019-08-23 12:53:40 +03:00
Jarno Lamsa 1d1657f11c Allow stub implementation of the context_save for now 2019-08-23 12:53:40 +03:00
Jarno Lamsa 93c6ff2392 Address review comments for code-style issues 2019-08-23 12:53:40 +03:00
Jarno Lamsa 378d64daad Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-08-23 12:53:40 +03:00
Jarno Lamsa a0b2cd6f82 ssl-opt.sh tests for serialization are currently using stub implementation 2019-08-23 12:53:40 +03:00
Jarno Lamsa cbee1b3bda Add missing slashes to tests 2019-08-23 12:53:40 +03:00
Jarno Lamsa 2937d81eb8 Add serialization tests to ssl-opt.sh 2019-08-23 12:53:40 +03:00
Jarno Lamsa bbc7b41903 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-08-23 12:53:40 +03:00
Jarno Lamsa 5a3a16cb1b Serialize/deserialize for ssl_server2 2019-08-23 12:53:40 +03:00
Jarno Lamsa af30629686 Rely on opt.exchanges for sending after serialization 2019-08-23 12:53:40 +03:00
Jarno Lamsa 77e6665ffb Serialization/deserialization in ssl_client2 2019-08-23 12:53:40 +03:00