Hanno Becker
c2b08d1251
Fix minor issues in documentation of mbedtls_ssl_check_record()
2019-07-30 16:33:40 +03:00
Hanno Becker
bec8885b7d
State that record checking is DTLS only and doesn't check content type
2019-07-30 16:33:40 +03:00
Hanno Becker
82ff6f1e17
Update version_features.c
2019-07-30 16:33:40 +03:00
Hanno Becker
de9e36e6b3
Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2
2019-07-30 16:33:40 +03:00
Hanno Becker
fe24b3b269
Add IO wrappers to ssl_server2 as interm's between NET and SSL layer
2019-07-30 16:33:40 +03:00
Hanno Becker
14219feb27
Add IO wrappers to ssl_client2 as interm's between NET and SSL layer
2019-07-30 15:44:43 +03:00
Hanno Becker
02f2609551
Introduce configuration option and API for SSL record checking
2019-07-30 15:38:40 +03:00
Manuel Pégourié-Gonnard
f010eba833
Merge pull request #632 from hanno-arm/baremetal_sh_debug-baremetal
...
[Baremetal] Add `--debug` option to `baremetal.sh`
2019-07-30 00:07:45 +02:00
Manuel Pégourié-Gonnard
cdb83e7c88
Merge pull request #616 from mpg/context-s11n
...
[baremetal] Implement context serialization
2019-07-30 00:07:23 +02:00
Manuel Pégourié-Gonnard
69a3e417d8
Improve reability and debugability of large if
...
Breaking into a series of statements makes things easier when stepping through
the code in a debugger.
Previous comments we stating the opposite or what the code tested for (what we
want vs what we're erroring out on) which was confusing.
Also expand a bit on the reasons for these restrictions.
2019-07-29 12:32:02 +02:00
Manuel Pégourié-Gonnard
18332c5c6c
Improve getter for renegotiation enabled
2019-07-29 12:17:52 +02:00
Manuel Pégourié-Gonnard
d04850507d
Merge pull request #634 from hanno-arm/single_ec_doc-baremetal
...
[Baremetal] Fix single-EC documentation
2019-07-29 11:59:12 +02:00
Manuel Pégourié-Gonnard
7c575d29dc
Merge pull request #605 from ARMmbed/x509_ondemand_remove_unneeded_fields
...
[Baremetal] Allow removal of unneeded fields in X.509 CRT structures
2019-07-29 11:58:58 +02:00
Manuel Pégourié-Gonnard
7d33b7e2b9
Merge pull request #610 from ARMmbed/delay_alerts-baremetal
...
[Baremetal] Delay sending alerts
2019-07-29 11:58:44 +02:00
Manuel Pégourié-Gonnard
b3bb31bd90
Introduce getter function for disable_renego
2019-07-26 16:37:45 +02:00
Manuel Pégourié-Gonnard
14e2a8ac06
Fix a typo in a comment
2019-07-26 16:31:53 +02:00
Hanno Becker
fcb721d733
Correct documentation on use of alert pending
2019-07-26 12:47:16 +01:00
Hanno Becker
dd69119b32
Update include/mbedtls/ssl_internal.h
...
Mention where an internal function is defined instead of just saying that it's internal.
Co-Authored-By: Gilles Peskine <gilles.peskine@arm.com>
2019-07-26 09:59:18 +01:00
Hanno Becker
2736d1983c
Fix and improve documentation of MBEDTLS_SSL_CONF_SINGLE_EC
2019-07-26 07:53:39 +01:00
Hanno Becker
42a6b04c4a
Don't forget about pending alerts after ssl_get_next_record()
...
ssl_get_next_record() may pend fatal alerts in response to receiving
invalid records. Previously, however, those were never actually sent
because there was no code-path checking for pending alerts.
This commit adds a call to ssl_send_pending_fatal_alert() after
the invocation of ssl_get_next_record() to fix this.
2019-07-26 07:25:20 +01:00
Hanno Becker
b82350b25f
Introduce helper function to send pending fatal alerts
2019-07-26 07:25:02 +01:00
Hanno Becker
0a4c78f7c2
Add --debug option to baremetal.sh
2019-07-25 15:49:17 +01:00
Darryl Green
64b4b6e35e
Change worktree_rev to HEAD for rev-parse
...
Due to how the checking script is run in docker, worktree_rev is
ambiguous when running rev-parse. We're running it in the checked
out worktree, so we can use HEAD instead, which is unambiguous.
2019-07-25 14:38:55 +01:00
Hanno Becker
50d53212ef
Document mbedtls_ssl_context::pending_fatal_alert_msg
2019-07-25 12:59:24 +01:00
Hanno Becker
c8f529995f
Rename pend_alert_msg -> pending_fatal_alert_msg
2019-07-25 12:59:24 +01:00
Hanno Becker
d829d0fbd0
Remove return value from mbedtls_ssl_pend_fatal_alert()
...
This function is often called when there's already an error code to handle,
and one of the reasons to introduce the pending of alerts was to _not_ have
another potential error code to take care of. Reflect this by making `void`
the return type of `mbedtls_ssl_pend_fatal_alert()`.
2019-07-25 12:59:24 +01:00
Hanno Becker
eeabfa460c
Note that mbedtls_ssl_pend_fatal_alert() must only be called once
2019-07-25 12:59:17 +01:00
Hanno Becker
2e8d133ebf
Reintroduce return code checking when sending NoRenego alert
2019-07-25 12:58:48 +01:00
Hanno Becker
3caf7189f9
Remove field to store level of pending alert
...
Pending alerts is so far only used for fatal alerts.
2019-07-25 12:58:44 +01:00
Hanno Becker
de62da9d3c
Use separate functions to pend fatal and non-fatal alerts
2019-07-24 13:45:35 +01:00
Hanno Becker
1f5a793124
Use attribute always_inline only for GCC and ARM compiler
2019-07-24 13:20:42 +01:00
Hanno Becker
1facd552fc
Replace xxx_send_alert by xxx_pend_alert to save code
2019-07-24 13:20:27 +01:00
Hanno Becker
f46e1ce812
Introduce SSL helper function to mark pending alerts
2019-07-24 13:20:27 +01:00
Manuel Pégourié-Gonnard
7af7375473
Fix MSVC warning
...
We know the length of the ALPN string is always less than 255, so the cast to
uint8_t is safe.
2019-07-24 00:58:27 +02:00
Manuel Pégourié-Gonnard
2cc9223a3b
Fix compile error in reduced configurations
...
Found by running scripts/baremetal.h --rom --gcc --check after adding
MBEDTLS_SSL_CONTEXT_SERIALIZATION to baremetal.h
2019-07-23 17:22:39 +02:00
Simon Butcher
3b014fc23a
Merge remote-tracking branch 'origin/pr/604' into baremetal
2019-07-23 16:16:24 +01:00
Simon Butcher
6fe6b437da
Merge remote-tracking branch 'origin/pr/589' into baremetal
2019-07-23 16:10:56 +01:00
Simon Butcher
c0b3633194
Merge remote-tracking branch 'origin/pr/627' into baremetal
2019-07-23 16:06:07 +01:00
Simon Butcher
25b5579a09
Merge remote-tracking branch 'origin/pr/626' into baremetal
2019-07-23 16:03:21 +01:00
Manuel Pégourié-Gonnard
7ce9446e4c
Avoid duplication of session format header
2019-07-23 17:02:11 +02:00
Manuel Pégourié-Gonnard
a7cd4830ee
Implement config-checking header to context s11n
...
Modelled after the config-checking header from session s11n.
The list of relevant config flags was established by manually checking the
fields serialized in the format, and which config.h flags they depend on.
This probably deserves double-checking by reviewers.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
4c1d06e429
Provide serialisation API only if it's enabled
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
73a4636ca4
Adapt to hardcoded single version
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
2f3fa62a0a
Fix compiler warning: comparing signed to unsigned
...
Since the type of cid_len is unsigned but shorter than int, it gets
"promoted" to int (which is also the type of the result), unless we make the
other operand an unsigned int which then forces the expression to unsigned int
as well.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
bc847caa33
Actually reset the context on save as advertised
...
Also fix some wording in the documentation while at it.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
ff22200fab
Re-use buffer allocated by handshake_init()
...
This fixes a memory leak as well (found by running ssl-opt.sh in an Asan
build).
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
0d83271a45
Enable serialisation tests in ssl-opt.sh
...
They currently pass in a default build.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
86dfa0cfc9
Change requirements for setting timer callback
...
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
138079d7d6
Add setting of forced fields when deserializing
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard
16d1485a3d
Add saved fields from top-level structure
2019-07-23 17:02:10 +02:00