Commit graph

9526 commits

Author SHA1 Message Date
Hanno Becker 83b8c3b8eb cli/srv ex: Add dbg msg if record checking gives inconsistent result 2019-07-30 16:33:40 +03:00
Hanno Becker c2b08d1251 Fix minor issues in documentation of mbedtls_ssl_check_record() 2019-07-30 16:33:40 +03:00
Hanno Becker bec8885b7d State that record checking is DTLS only and doesn't check content type 2019-07-30 16:33:40 +03:00
Hanno Becker 82ff6f1e17 Update version_features.c 2019-07-30 16:33:40 +03:00
Hanno Becker de9e36e6b3 Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2 2019-07-30 16:33:40 +03:00
Hanno Becker fe24b3b269 Add IO wrappers to ssl_server2 as interm's between NET and SSL layer 2019-07-30 16:33:40 +03:00
Hanno Becker 14219feb27 Add IO wrappers to ssl_client2 as interm's between NET and SSL layer 2019-07-30 15:44:43 +03:00
Hanno Becker 02f2609551 Introduce configuration option and API for SSL record checking 2019-07-30 15:38:40 +03:00
Manuel Pégourié-Gonnard f010eba833
Merge pull request #632 from hanno-arm/baremetal_sh_debug-baremetal
[Baremetal] Add `--debug` option to `baremetal.sh`
2019-07-30 00:07:45 +02:00
Manuel Pégourié-Gonnard cdb83e7c88
Merge pull request #616 from mpg/context-s11n
[baremetal] Implement context serialization
2019-07-30 00:07:23 +02:00
Manuel Pégourié-Gonnard 69a3e417d8 Improve reability and debugability of large if
Breaking into a series of statements makes things easier when stepping through
the code in a debugger.

Previous comments we stating the opposite or what the code tested for (what we
want vs what we're erroring out on) which was confusing.

Also expand a bit on the reasons for these restrictions.
2019-07-29 12:32:02 +02:00
Manuel Pégourié-Gonnard 18332c5c6c Improve getter for renegotiation enabled 2019-07-29 12:17:52 +02:00
Manuel Pégourié-Gonnard d04850507d
Merge pull request #634 from hanno-arm/single_ec_doc-baremetal
[Baremetal] Fix single-EC documentation
2019-07-29 11:59:12 +02:00
Manuel Pégourié-Gonnard 7c575d29dc
Merge pull request #605 from ARMmbed/x509_ondemand_remove_unneeded_fields
[Baremetal] Allow removal of unneeded fields in X.509 CRT structures
2019-07-29 11:58:58 +02:00
Manuel Pégourié-Gonnard 7d33b7e2b9
Merge pull request #610 from ARMmbed/delay_alerts-baremetal
[Baremetal] Delay sending alerts
2019-07-29 11:58:44 +02:00
Manuel Pégourié-Gonnard b3bb31bd90 Introduce getter function for disable_renego 2019-07-26 16:37:45 +02:00
Manuel Pégourié-Gonnard 14e2a8ac06 Fix a typo in a comment 2019-07-26 16:31:53 +02:00
Hanno Becker fcb721d733 Correct documentation on use of alert pending 2019-07-26 12:47:16 +01:00
Hanno Becker dd69119b32
Update include/mbedtls/ssl_internal.h
Mention where an internal function is defined instead of just saying that it's internal.

Co-Authored-By: Gilles Peskine <gilles.peskine@arm.com>
2019-07-26 09:59:18 +01:00
Hanno Becker 2736d1983c Fix and improve documentation of MBEDTLS_SSL_CONF_SINGLE_EC 2019-07-26 07:53:39 +01:00
Hanno Becker 42a6b04c4a Don't forget about pending alerts after ssl_get_next_record()
ssl_get_next_record() may pend fatal alerts in response to receiving
invalid records. Previously, however, those were never actually sent
because there was no code-path checking for pending alerts.

This commit adds a call to ssl_send_pending_fatal_alert() after
the invocation of ssl_get_next_record() to fix this.
2019-07-26 07:25:20 +01:00
Hanno Becker b82350b25f Introduce helper function to send pending fatal alerts 2019-07-26 07:25:02 +01:00
Hanno Becker 0a4c78f7c2 Add --debug option to baremetal.sh 2019-07-25 15:49:17 +01:00
Hanno Becker 50d53212ef Document mbedtls_ssl_context::pending_fatal_alert_msg 2019-07-25 12:59:24 +01:00
Hanno Becker c8f529995f Rename pend_alert_msg -> pending_fatal_alert_msg 2019-07-25 12:59:24 +01:00
Hanno Becker d829d0fbd0 Remove return value from mbedtls_ssl_pend_fatal_alert()
This function is often called when there's already an error code to handle,
and one of the reasons to introduce the pending of alerts was to _not_ have
another potential error code to take care of. Reflect this by making `void`
the return type of `mbedtls_ssl_pend_fatal_alert()`.
2019-07-25 12:59:24 +01:00
Hanno Becker eeabfa460c Note that mbedtls_ssl_pend_fatal_alert() must only be called once 2019-07-25 12:59:17 +01:00
Hanno Becker 2e8d133ebf Reintroduce return code checking when sending NoRenego alert 2019-07-25 12:58:48 +01:00
Hanno Becker 3caf7189f9 Remove field to store level of pending alert
Pending alerts is so far only used for fatal alerts.
2019-07-25 12:58:44 +01:00
Hanno Becker de62da9d3c Use separate functions to pend fatal and non-fatal alerts 2019-07-24 13:45:35 +01:00
Hanno Becker 1f5a793124 Use attribute always_inline only for GCC and ARM compiler 2019-07-24 13:20:42 +01:00
Hanno Becker 1facd552fc Replace xxx_send_alert by xxx_pend_alert to save code 2019-07-24 13:20:27 +01:00
Hanno Becker f46e1ce812 Introduce SSL helper function to mark pending alerts 2019-07-24 13:20:27 +01:00
Manuel Pégourié-Gonnard 7af7375473 Fix MSVC warning
We know the length of the ALPN string is always less than 255, so the cast to
uint8_t is safe.
2019-07-24 00:58:27 +02:00
Manuel Pégourié-Gonnard 2cc9223a3b Fix compile error in reduced configurations
Found by running scripts/baremetal.h --rom --gcc --check after adding
MBEDTLS_SSL_CONTEXT_SERIALIZATION to baremetal.h
2019-07-23 17:22:39 +02:00
Simon Butcher 3b014fc23a Merge remote-tracking branch 'origin/pr/604' into baremetal 2019-07-23 16:16:24 +01:00
Simon Butcher 6fe6b437da Merge remote-tracking branch 'origin/pr/589' into baremetal 2019-07-23 16:10:56 +01:00
Simon Butcher c0b3633194 Merge remote-tracking branch 'origin/pr/627' into baremetal 2019-07-23 16:06:07 +01:00
Simon Butcher 25b5579a09 Merge remote-tracking branch 'origin/pr/626' into baremetal 2019-07-23 16:03:21 +01:00
Manuel Pégourié-Gonnard 7ce9446e4c Avoid duplication of session format header 2019-07-23 17:02:11 +02:00
Manuel Pégourié-Gonnard a7cd4830ee Implement config-checking header to context s11n
Modelled after the config-checking header from session s11n.

The list of relevant config flags was established by manually checking the
fields serialized in the format, and which config.h flags they depend on.
This probably deserves double-checking by reviewers.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard 4c1d06e429 Provide serialisation API only if it's enabled 2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard 73a4636ca4 Adapt to hardcoded single version 2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard 2f3fa62a0a Fix compiler warning: comparing signed to unsigned
Since the type of cid_len is unsigned but shorter than int, it gets
"promoted" to int (which is also the type of the result), unless we make the
other operand an unsigned int which then forces the expression to unsigned int
as well.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard bc847caa33 Actually reset the context on save as advertised
Also fix some wording in the documentation while at it.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard ff22200fab Re-use buffer allocated by handshake_init()
This fixes a memory leak as well (found by running ssl-opt.sh in an Asan
build).
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard 0d83271a45 Enable serialisation tests in ssl-opt.sh
They currently pass in a default build.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard 86dfa0cfc9 Change requirements for setting timer callback
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard 138079d7d6 Add setting of forced fields when deserializing 2019-07-23 17:02:10 +02:00
Manuel Pégourié-Gonnard 16d1485a3d Add saved fields from top-level structure 2019-07-23 17:02:10 +02:00