Commit graph

409 commits

Author SHA1 Message Date
Peter Kolbus dc470ae8af Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Change-Id: I056312613379890e0d70e1d08c34171287c0aa17
2019-06-18 11:05:37 +01:00
Jarno Lamsa 8b2608b6c2 Fix style issues 2019-06-18 11:50:11 +03:00
Jarno Lamsa 29a15c2de5 Set timer callbacks with serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa 85c238018e Fix spacing 2019-06-18 11:50:11 +03:00
Jarno Lamsa 034ae84601 Fix compiler warnings 2019-06-18 11:50:11 +03:00
Jarno Lamsa b5ff6a4ced Add option for ssl-context re-initialization flow 2019-06-18 11:50:11 +03:00
Jarno Lamsa bff4a91827 Fix spacing 2019-06-18 11:50:11 +03:00
Jarno Lamsa f4f8ed7e82 Allow stub implementation of the context_save for now 2019-06-18 11:50:11 +03:00
Jarno Lamsa 5737ec97a6 Address review comments for code-style issues 2019-06-18 11:50:11 +03:00
Jarno Lamsa 38061f4a17 Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-06-18 11:50:11 +03:00
Jarno Lamsa cf1b6724c9 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-06-18 11:50:11 +03:00
Jarno Lamsa f457293b57 Serialize/deserialize for ssl_server2 2019-06-18 11:50:11 +03:00
Jarno Lamsa 0ea3cfe5bf Add option for serialization in ssl_client/server2 2019-06-18 11:50:11 +03:00
Hanno Becker 1abb159e90 Merge branch 'mbedtls-2.16' into baremetal 2019-06-18 09:00:37 +01:00
Gilles Peskine 0b87412ac5 Remove mbedtls_param_failed from programs
All sample and test programs had a definition of mbedtls_param_failed.
This was necessary because we wanted to be able to build them in a
configuration with MBEDTLS_CHECK_PARAMS set but without a definition
of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of
MBEDTLS_PARAM_FAILED in config.h when testing with
MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed.
2019-06-17 19:10:13 +02:00
Simon Butcher c725e4b34e Merge remote-tracking branch 'origin/pr/590' into baremetal 2019-06-17 17:57:26 +01:00
Jarno Lamsa 41b359114d Add tests for enforced extended master secret flag 2019-06-10 15:51:11 +03:00
Manuel Pégourié-Gonnard e744eab3b1 Adapt defaults and programs documentation 2019-06-06 13:02:14 +02:00
Hanno Becker 1ce1a51816 Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2 2019-05-30 10:21:59 +01:00
Hanno Becker 7ae36e4179 ssl_server2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_server2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.
2019-05-30 10:21:59 +01:00
Hanno Becker c258c440b5 Correct white spaces in ssl_server2 and ssl_client2 2019-05-30 10:21:59 +01:00
Hanno Becker 38566ccbd5 Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled 2019-05-30 10:21:59 +01:00
Simon Butcher 0d1d76f987 Merge remote-tracking branch 'origin/pr/561' into baremetal 2019-05-29 15:09:24 +01:00
Simon Butcher d5e1bfc6b4 Merge remote-tracking branch 'origin/pr/569' into baremetal 2019-05-24 15:07:10 +01:00
Hanno Becker f4e8ed116c Remove superfluous new line in ssl_server2 2019-05-23 17:01:43 +01:00
Hanno Becker c8f43d82b8 Improve readability of ssl_client2/ssl_server2 usage instructions 2019-05-23 17:01:06 +01:00
Hanno Becker 76581052f9 Use negative-hex format for error codes in ssl_client2/ssl_server2 2019-05-23 16:58:22 +01:00
Hanno Becker a5a2b08a05 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-05-20 15:35:36 +01:00
Hanno Becker e8eff9a517 Allow to configure the stack's behaviour on unexpected CIDs
This commit modifies the CID configuration API mbedtls_ssl_conf_cid_len()
to allow the configuration of the stack's behaviour when receiving an
encrypted DTLS record with unexpected CID.
2019-05-20 15:32:36 +01:00
Hanno Becker d23605d056 Add missing compile-time guard around CID API in ssl_server2 2019-05-20 15:32:36 +01:00
Hanno Becker 9687029d22 Add support for change of CID to ssl_client2 / ssl_server2
And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.
2019-05-20 15:32:36 +01:00
Hanno Becker eec2be9c9f Add CID configuration API
Context:
The CID draft does not require that the length of CIDs used for incoming
records must not change in the course of a connection. Since the record
header does not contain a length field for the CID, this means that if
CIDs of varying lengths are used, the CID length must be inferred from
other aspects of the record header (such as the epoch) and/or by means
outside of the protocol, e.g. by coding its length in the CID itself.

Inferring the CID length from the record's epoch is theoretically possible
in DTLS 1.2, but it requires the information about the epoch to be present
even if the epoch is no longer used: That's because one should silently drop
records from old epochs, but not the entire datagrams to which they belong
(there might be entire flights in a single datagram, including a change of
epoch); however, in order to do so, one needs to parse the record's content
length, the position of which is only known once the CID length for the epoch
is known. In conclusion, it puts a significant burden on the implementation
to infer the CID length from the record epoch, which moreover mangles record
processing with the high-level logic of the protocol (determining which epochs
are in use in which flights, when they are changed, etc. -- this would normally
determine when we drop epochs).

Moreover, with DTLS 1.3, CIDs are no longer uniquely associated to epochs,
but every epoch may use a set of CIDs of varying lengths -- in that case,
it's even theoretically impossible to do record header parsing based on
the epoch configuration only.

We must therefore seek a way for standalone record header parsing, which
means that we must either (a) fix the CID lengths for incoming records,
or (b) allow the application-code to configure a callback to implement
an application-specific CID parsing which would somehow infer the length
of the CID from the CID itself.

Supporting multiple lengths for incoming CIDs significantly increases
complexity while, on the other hand, the restriction to a fixed CID length
for incoming CIDs (which the application controls - in contrast to the
lengths of the CIDs used when writing messages to the peer) doesn't
appear to severely limit the usefulness of the CID extension.

Therefore, the initial implementation of the CID feature will require
a fixed length for incoming CIDs, which is what this commit enforces,
in the following way:

In order to avoid a change of API in case support for variable lengths
CIDs shall be added at some point, we keep mbedtls_ssl_set_cid(), which
includes a CID length parameter, but add a new API mbedtls_ssl_conf_cid_len()
which applies to an SSL configuration, and which fixes the CID length that
any call to mbetls_ssl_set_cid() which applies to an SSL context that is bound
to the given SSL configuration must use.

While this creates a slight redundancy of parameters, it allows to
potentially add an API like mbedtls_ssl_conf_cid_len_cb() later which
could allow users to register a callback which dynamically infers the
length of a CID at record header parsing time, without changing the
rest of the API.
2019-05-20 15:32:36 +01:00
Hanno Becker 2e0bedcc35 Correct compile-time guard around unhexify() in ssl_server2 2019-05-17 10:20:41 +01:00
Hanno Becker 0c8281aae5 Change formating of CID debug output in ssl_client2/ssl_server2 2019-05-17 10:20:41 +01:00
Hanno Becker fce6f836ba Merge branch 'mbedtls-2.16' into baremetal 2019-05-17 10:06:02 +01:00
Jaeden Amero 9cfc9ceaf9 Merge remote-tracking branch 'origin/pr/2542' into mbedtls-2.16
* origin/pr/2542:
  Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
2019-04-24 11:21:35 +01:00
Hanno Becker d6028a1894 Improve macro hygiene
This commit improves hygiene and formatting of macro definitions
throughout the library. Specifically:
- It adds brackets around parameters to avoid unintended
  interpretation of arguments, e.g. due to operator precedence.
- It adds uses of the `do { ... } while( 0 )` idiom for macros that
  can be used as commands.
2019-04-24 10:51:54 +02:00
Hanno Becker 8be8a95dea Print peer CID from ssl_server2 2019-04-23 11:51:40 +01:00
Hanno Becker 14751aa966 Improve wording of CID debug msg in ssl_server2 example application 2019-04-23 11:39:53 +01:00
Hanno Becker 1029acee1d ssl_server2: Add cmd line options to configure use of CID extension 2019-04-09 18:27:04 +01:00
Ron Eldor 24eec79255 Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
Add checks in `ssl_server2` that `MBEDTLS_X509_CRL_PARSE_C` is defined
to fix compilation issue. Fixes #560.
2019-04-04 15:17:34 +03:00
Andres Amaya Garcia bfa3e0914b Query config through ssl_server2 and ssl_client2 cmdline 2019-02-07 10:30:05 +00:00
Jaeden Amero f01f3088a4 Merge remote-tracking branch 'origin/pr/2137' into mbedtls-2.16 2019-01-30 14:54:28 +00:00
Manuel Pégourié-Gonnard 3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Simon Butcher 63cb97e562 Add handlers for parameter validation in the sample programs
The sample programs require an additional handler function of
mbedtls_param_failed() to handle any failed parameter validation checks enabled
by the MBEDTLS_CHECK_PARAMS config.h option.
2018-12-11 12:28:56 +01:00
Hanno Becker 5ddc063c88 Correct typo 2018-10-26 16:50:05 +01:00
Hanno Becker d0d01c584e Document psk_list parameter of ssl_server2 example program 2018-10-25 16:56:37 +01:00
Hanno Becker 095d9cf58e Fix ordering of free()ing of internal structures in ssl_server2
If `MBEDTLS_MEMORY_BUFFER_ALLOC_C` is configured and Mbed TLS'
custom buffer allocator is used for calloc() and free(), the
read buffer used by the server example application is allocated
from the buffer allocator, but freed after the buffer allocator
has been destroyed. If memory backtracing is enabled, this leaves
a memory leak in the backtracing structure allocated for the buffer,
as found by valgrind.

Fixes #2069.
2018-10-09 12:44:42 +01:00
Simon Butcher 0592ea772a Merge remote-tracking branch 'public/pr/1140' into development 2018-09-27 11:37:42 +01:00
Hanno Becker 1841b0a11c Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00
Hanno Becker f61ff4e1d6 ssl_server2: Remove redundant new line 2018-08-21 13:17:47 +01:00
Hanno Becker 6aeaa05a95 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-20 12:53:37 +01:00
Manuel Pégourié-Gonnard 6e7aaca146 Move MTU setting to SSL context, not config
This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)

There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
  during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
  based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 10:37:23 +02:00
Hanno Becker e7675d0d3d Add cmd line option to ssl_server2 for datagram packing
This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_server2
allowing to allow/forbid the use of datagram packing.
2018-08-17 15:45:33 +01:00
Manuel Pégourié-Gonnard b747c6cf9b Add basic first tests for MTU setting
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Simon Butcher cce68bec1d Add a macro to define the memory size in ssl_server2.c
When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
2018-07-23 14:26:09 +01:00
Simon Butcher ccbd46435f Increase the memory buffer size for ssl_server2.c
Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
2018-07-22 14:43:39 +01:00
Andrzej Kurek 755890f529 Remove trailing whitespace 2018-06-27 03:57:15 -04:00
Andrzej Kurek da4029d665 ssl_server2: add buffer overhead for a termination character
Switch to mbedtls style of memory allocation
2018-06-20 07:07:55 -04:00
Andrzej Kurek 30e731decd Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-06-20 04:22:06 -04:00
Gilles Peskine d5d983e168 ssl_server2: handle mbedtls_x509_dn_gets failure
If mbedtls_x509_dn_gets fails, the server could end up calling printf
on an uninitialized buffer. Check if the function succeeds. Found by
Coverity.
2018-06-15 14:05:10 +02:00
Gilles Peskine 4481744538 Fix memory leak in ssl_server2 with SNI + async callback
In ssl_server2, the private key objects are normally local variables
of the main function. However this does not hold for private keys in
the SNI configuration. When async callbacks are used, the test code
transfers the ownership of the private keys to the async callbacks.
Therefore the test code must free the SNI private keys through the
async callbacks (but it must not free the straight private keys this
way since they are not even heap-allocated).
2018-06-14 13:26:52 +02:00
Gilles Peskine e247989061 SNI + SSL async callback: make all keys async
When testing async callbacks with SNI, make all the keys async, not
just the first one. Otherwise the test is fragile with respect to
whether a key is used directly or through the async callbacks.
2018-06-14 13:26:52 +02:00
Gilles Peskine 2636fade52 ssl_async_resume: free the operation context on error 2018-06-14 13:26:52 +02:00
Gilles Peskine f5a9996088 ssl_server2: get op_name from context in ssl_async_resume as well 2018-06-14 13:26:52 +02:00
Gilles Peskine 3dae1cfa3a Async callback: use mbedtls_pk_check_pair to compare keys
In the current test code, the object that is used as a public key in
the certificate also contains a private key. However this is because
of the way the stest code is built and does not demonstrate the API in
a useful way. Use mbedtls_pk_check_pair, which is not what real-world
code would do (since the private key would typically be in an external
cryptoprocessor) but is a more representative placeholder.
2018-06-14 13:26:51 +02:00
Gilles Peskine a668c60186 Rename mbedtls_ssl_async_{get,set}_data for clarity
Rename to mbedtls_ssl_get_async_operation_data and
mbedtls_ssl_set_async_operation_data so that they're about
"async operation data" and not about some not-obvious "data".
2018-06-14 13:26:51 +02:00
Gilles Peskine 166ce748cf SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
The certificate passed to async callbacks may not be the one set by
mbedtls_ssl_conf_own_cert. For example, when using an SNI callback,
it's whatever the callback is using. Document this, and add a test
case (and code sample) with SNI.
2018-06-14 13:26:51 +02:00
Gilles Peskine d6fbfde994 ssl_async_set_key: detect if ctx->slots overflows 2018-06-14 13:26:51 +02:00
Gilles Peskine 4d9ec4dcf7 Fix uninitialized variable in ssl_server2 2018-06-14 13:26:51 +02:00
Gilles Peskine 6331d78675 Don't use the printf format %zd
We target C89 libc, so don't use %zd or %zu. Just use %u, and make
slot numbers `unsigned` for simplicity.
2018-06-14 13:26:51 +02:00
Gilles Peskine 8f97af7ea3 Don't pass the async config data to async callbacks
The config data is in the SSL config, so callbacks can retrieve it
from there, with the new function mbedtls_ssl_conf_get_async_config_data.
2018-04-26 11:46:10 +02:00
Gilles Peskine a36ac4fe68 New wrapper mbedtls_status_is_ssl_in_progress(ret)
Wrapper function to check whether a return status indicates that an
SSL operation is in progress.
2018-04-26 10:00:40 +02:00
Gilles Peskine c912572a7f ssl_server2: merge redundant async_private_error=resume/pk
Testing the case where the resume callback returns an error at the
beginning and the case where it returns an error at the end is
redundant. Keep the test after the output has been produced, to
validate that the product does not use even a valid output if the
return value is an error code.
2018-04-26 10:00:40 +02:00
Gilles Peskine d3268834f3 Document what the SSL async sign callback needs to do with RSA
Document how the SSL async sign callback must treat its md_alg and
hash parameters when doing an RSA signature: sign-the-hash if md_alg
is nonzero (TLS 1.2), and sign-the-digestinfo if md_alg is zero
(TLS <= 1.1).

In ssl_server2, don't use md_alg=MBEDTLS_MD_NONE to indicate that
ssl_async_resume must perform an encryption, because md_alg is also
MBEDTLS_MD_NONE in TLS <= 1.1. Add a test case to exercise this
case (signature with MBEDTLS_MD_NONE).
2018-04-26 10:00:40 +02:00
Gilles Peskine ceb541b7de ssl_server2: rename delay in ssl_async_operation_context_t
Rename to remaining_delay to convey that it is decremented over time.
2018-04-26 10:00:40 +02:00
Gilles Peskine ad28bf0e58 Documentation improvements 2018-04-26 10:00:40 +02:00
Gilles Peskine df13d5c7a6 Pass the SSL context to async callbacks
When a handshake step starts an asynchronous operation, the
application needs to know which SSL connection the operation is for,
so that when the operation completes, the application can wake that
connection up. Therefore the async start callbacks need to take the
SSL context as an argument. It isn't enough to let them set a cookie
in the SSL connection, the application needs to be able to find the
right SSL connection later.

Also pass the SSL context to the other callbacks for consistency. Add
a new field to the handshake that the application can use to store a
per-connection context. This new field replaces the former
context (operation_ctx) that was created by the start function and
passed to the resume function.

Add a boolean flag to the handshake structure to track whether an
asynchronous operation is in progress. This is more robust than
relying on the application to set a non-null application context.
2018-04-26 10:00:40 +02:00
Gilles Peskine b74a1c73b1 Rename MBEDTLS_SSL_ASYNC_PRIVATE_C to MBEDTLS_SSL_ASYNC_PRIVATE
This is an optional feature, not a module of its own, so don't call it
MBEDTLS_xxx_C and put it in the appropriate section of config.h.
2018-04-26 10:00:39 +02:00
Gilles Peskine f112725487 Style and grammar fixes 2018-04-26 10:00:39 +02:00
Gilles Peskine 12ab5d4cfb Don't shadow the variable p 2018-04-26 10:00:39 +02:00
Gilles Peskine b44692f126 Merge branch 'mbedtls_ssl_get_key_exchange_md_ssl_tls-return_hashlen' into tls_async_server-2.9
Conflict resolution:
* ChangeLog: put the new entry from my branch in the proper place.
* include/mbedtls/error.h: counted high-level module error codes again.
* include/mbedtls/ssl.h: picked different numeric codes for the
  concurrently added errors; made the new error a full sentence per
  current standards.
* library/error.c: ran scripts/generate_errors.pl.
* library/ssl_srv.c:
    * ssl_prepare_server_key_exchange "DHE key exchanges": the conflict
      was due to style corrections in development
      (4cb1f4d49c) which I merged with
      my refactoring.
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first case, variable declarations: merged line
      by line:
        * dig_signed_len: added in async
        * signature_len: removed in async
        * hashlen: type changed to size_t in development
        * hash: size changed to MBEDTLS_MD_MAX_SIZE in async
        * ret: added in async
    * ssl_prepare_server_key_exchange "For key exchanges involving the
      server signing", first cae comment: the conflict was due to style
      corrections in development (4cb1f4d49c)
      which I merged with my comment changes made as part of refactoring
      the function.
    * ssl_prepare_server_key_exchange "Compute the hash to be signed" if
      `md_alg != MBEDTLS_MD_NONE`: conflict between
      ebd652fe2d
      "ssl_write_server_key_exchange: calculate hashlen explicitly" and
      46f5a3e9b4 "Check return codes from
      MD in ssl code". I took the code from commit
      ca1d742904 made on top of development
      which makes mbedtls_ssl_get_key_exchange_md_ssl_tls return the
      hash length.
* programs/ssl/ssl_server2.c: multiple conflicts between the introduction
  of MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and new auxiliary functions and
  definitions for async support, and the introduction of idle().
    * definitions before main: concurrent additions, kept both.
    * main, just after `handshake:`: in the loop around
      mbedtls_ssl_handshake(), merge the addition of support for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and SSL_ASYNC_INJECT_ERROR_CANCEL
      with the addition of the idle() call.
    * main, if `opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM`: take the
      code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS.
    * main, loop around mbedtls_ssl_read() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
    * main, loop around mbedtls_ssl_write() in the datagram case:
      take the code from development and add a check for
      MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; revert to a do...while loop.
2018-04-26 10:00:27 +02:00
Gilles Peskine fcca9d8cef SSL asynchronous decryption (server side): tests
Test SSL asynchronous private operation for the case of a
decryption operation on a server.
2018-04-24 09:36:37 +02:00
Gilles Peskine 60ee4cadce SSL asynchronous signature: basic test of recovery after error
Add test cases where the server goes through an async operation which
fails, then the server makes a successful connection.
2018-04-24 09:36:36 +02:00
Gilles Peskine 3665f1db9d SSL asynchronous signature: test cases
Add test cases for SSL asynchronous signature to ssl-opt.sh:

* Delay=0,1 to test the sequences of calls to f_async_resume
* Test fallback when the async callbacks don't support that key
* Test error injection at each stage
* Test renegotiation
2018-04-24 09:36:36 +02:00
Gilles Peskine 9eb5e9a16e SSL asynchronous private key operation callbacks: test server
New options in ssl_server2 to use the asynchronous private key
operation feature.

Features: resume delay to call resume more than once; error injection
at each stage; renegotiation support.
2018-04-24 09:32:29 +02:00
Hanno Becker 2bd57578af Merge branch 'development' into iotssl-1204 2018-03-28 14:52:35 +01:00
Hanno Becker ef52796537 Fix missing return statement ssl_server2 idling
Also, introduce MBEDTLS_EINTR locally in net_sockets.c
for the platform-dependent return code macro used by
the `select` call to indicate that the poll was interrupted
by a signal handler: On Unix, the corresponding macro is EINTR,
while on Windows, it's WSAEINTR.
2018-03-15 15:52:31 +00:00
Hanno Becker 9b2b66ebd2 Minor style corrections
Move function block brace outside conditional compilation
to not confuse some editors, and correct indentation.
2018-03-15 12:21:15 +00:00
Hanno Becker adfa64f0c4 Abort idle-loop in ssl_server2 if sockets gets invalid
Previously, the idling loop in ssl_server2 didn't check whether
the underlying call to mbedtls_net_poll signalled that the socket
became invalid. This had the consequence that during idling, the
server couldn't be terminated through a SIGTERM, as the corresponding
handler would only close the sockets and expect the remainder of
the program to shutdown gracefully as a consequence of this.
This was subsequently attempted to be fixed through a change
in ssl-opt.sh by terminating the server through a KILL signal,
which however lead to other problems when the latter was run
under valgrind.

This commit changes the idling loop in ssl_server2 and ssl_client2
to obey the return code of mbedtls_net_poll and gracefully shutdown
if an error occurs, e.g. because the socket was closed.

As a consequence, the server termination via a KILL signal in
ssl-opt.sh is no longer necessary, with the previous `kill; wait`
pattern being sufficient. The commit reverts the corresponding
change.
2018-03-15 11:43:41 +00:00
Hanno Becker ddc3ebbc3f Exemplify use of mbedtls_ssl_check_pending in ssl_server2.c 2018-03-13 11:48:32 +00:00
Manuel Pégourié-Gonnard 4fa619fe56 Fix race condition in error printing in ssl_server2.c
The race goes this way:
1. ssl_recv() succeeds (ie no signal received yet)
2. processing the message leads to aborting handshake with ret != 0
3. reset ret if we were signaled
4. print error if ret is still non-zero
5. go back to net_accept() which can be interrupted by a signal
We print the error message only if the signal is received between steps 3 and
5, not when it arrives between steps 1 and 3.

This can cause failures in ssl-opt.sh where we check for the presence of "Last
error was..." in the server's output: if we perform step 2, the client will be
notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it
didn't get a chance to run and pass step 3 in the meantime, we're in trouble.

The purpose of step 3 was to avoid spurious "Last error" messages in the
output so that ssl-opt.sh can check for a successful run by the absence of
that message. However, it is enough to suppress that message when the last
error we get is the one we expect from being interrupted by a signal - doing
more could hide real errors.

Also, improve the messages printed when interrupted to make it easier to
distinguish the two cases - this could be used in a testing script wanted to
check that the server doesn't see the client as disconnecting unexpectedly.
2018-01-25 11:27:24 +01:00
Hanno Becker 197a91cd82 Clean up idle() function in ssl_client2 and ssl_server2 2017-10-31 13:07:38 +00:00
Hanno Becker df4180a235 Don't break debug messages 2017-10-27 15:04:14 +01:00
Hanno Becker 4cb1f4d49c Style corrections 2017-10-10 16:04:48 +01:00
Hanno Becker 16970d2912 Add support for event-driven IO in ssl_client2 and ssl_server2 2017-10-10 16:03:26 +01:00
Ron Eldor 71f68c4043 Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-06 11:59:13 +01:00
Ron Eldor 2a47be5012 Minor: Fix typos in program comments
Fix a couple of typos and writer's mistakes,
in some reference program applications
2017-07-27 21:44:33 +01:00
Hanno Becker 8651a43e95 Remove %zu format string from ssl_client2 and ssl_server2 2017-06-09 16:13:22 +01:00
Hanno Becker e6706e62d8 Add tests for missing CA chains and bad curves.
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:26:59 +01:00