lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-24 17:41:01 +03:00
Code Activity

Merge pull request #1331 from Mbed-TLS/mbedtls-2.28.10_mergeback

Browse Source 
Mbedtls 2.28.10 mergeback
This commit is contained in:
minosgalanakis
2025-03-24 16:48:56 +00:00
committed by GitHub
parent 73cbd3104c 2fc8413bfc
commit 6a58fa8122
29 changed files with 702 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
BRANCHES.md
View File

@@ -107,9 +107,10 @@ The following branches are currently maintained:
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6)
maintained until March 2027, see
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.1>.
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until the end of 2024, see
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.9>.
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.3>.
> Note: [**`mbedtls-2.28.10`**](https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.10)
is the last release of the 2.28 LTS and won't receive bug fixes or security fixes anymore.
Users are advised to upgrade to a maintained version.
Users are urged to always use the latest version of a maintained branch.

51
ChangeLog
View File

@@ -1,5 +1,56 @@
Mbed TLS ChangeLog (Sorted per branch, date)
= Mbed TLS 2.28.10 branch released 2025-03-24
Default behavior changes
* In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
mbedtls_ssl_handshake() now fails with
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
if certificate-based authentication of the server is attempted.
This is because authenticating a server without knowing what name
to expect is usually insecure. To restore the old behavior, either
call mbedtls_ssl_set_hostname() with NULL as the hostname, or
enable the new compile-time option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
has changed, see the documentation of the hostname field in the
mbedtls_ssl_context struct type for details.
Security
* Note that TLS clients should generally call mbedtls_ssl_set_hostname()
if they use certificate authentication (i.e. not pre-shared keys).
Otherwise, in many scenarios, the server could be impersonated.
The library will now prevent the handshake and return
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
if mbedtls_ssl_set_hostname() has not been called.
CVE-2025-27809
* Zeroize temporary heap buffers used in PSA operations.
* Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
or there was a cryptographic hardware failure when calculating the
Finished message, it could be calculated incorrectly. This would break
the security guarantees of the TLS handshake.
CVE-2025-27810
Bugfix
* Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
and 'mbedtls_net_connect' to prevent possible double close fd
problems. Fixes #9711.
* Fix compilation on MS-DOS DJGPP. Fixes #9813.
* Fix missing constraints on the AES-NI inline assembly which is used on
GCC-like compilers when building AES for generic x86_64 targets. This
may have resulted in incorrect code with some compilers, depending on
optimizations. Fixes #9819.
* Fix issue where psa_key_derivation_input_integer() is not detecting
bad state after an operation has been aborted.
* Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
with Visual Studio 2013 or MinGW.
Fixes #10017.
* Remove Everest Visual Studio 2010 compatibility headers, which could
shadow standard CRT headers inttypes.h and stdbool.h with incomplete
implementatios if placed on the include path, eg. when building Mbed TLS
with the .sln file shipped with the project.
= Mbed TLS 2.28.9 branch released 2024-08-30
Security

5
ChangeLog.d/fix-aesni-asm-clobbers.txt
View File

@@ -1,5 +0,0 @@
Bugfix
* Fix missing constraints on the AES-NI inline assembly which is used on
GCC-like compilers when building AES for generic x86_64 targets. This
may have resulted in incorrect code with some compilers, depending on
optimizations. Fixes #9819.

2
ChangeLog.d/fix-compilation-with-djgpp.txt
View File

@@ -1,2 +0,0 @@
Bugfix
* Fix compilation on MS-DOS DJGPP. Fixes #9813.

3
ChangeLog.d/fix-key-derive-bad-state-error.txt
View File

@@ -1,3 +0,0 @@
Bugfix
* Fix issue where psa_key_derivation_input_integer() is not detecting
bad state after an operation has been aborted.

9
ChangeLog.d/fix-msvc-version-guard-format-zu.txt
View File

@@ -1,9 +0,0 @@
Bugfix
* Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
with Visual Studio 2013 or MinGW.
Fixes #10017.
* Remove Everest Visual Studio 2010 compatibility headers, which could
shadow standard CRT headers inttypes.h and stdbool.h with incomplete
implementatios if placed on the include path, eg. when building Mbed TLS
with the .sln file shipped with the project.

4
ChangeLog.d/replace-close-with-mbedtls_net_close.txt
View File

@@ -1,4 +0,0 @@
Bugfix
* Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
and 'mbedtls_net_connect' to prevent possible double close fd
problems. Fixes #9711.

2
doxygen/input/doc_mainpage.h
View File

@@ -10,7 +10,7 @@
*/
/**
* @mainpage Mbed TLS v2.28.9 API Documentation
* @mainpage Mbed TLS v2.28.10 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in

2
doxygen/mbedtls.doxyfile
View File

@@ -1,4 +1,4 @@
PROJECT_NAME = "Mbed TLS v2.28.9"
PROJECT_NAME = "Mbed TLS v2.28.10"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES

40
include/mbedtls/config.h
View File

@@ -1713,6 +1713,46 @@
*/
//#define MBEDTLS_SSL_ASYNC_PRIVATE
/** \def MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
*
* In TLS clients, when a client authenticates a server through its
* certificate, the client normally checks three things:
* - the certificate chain must be valid;
* - the chain must start from a trusted CA;
* - the certificate must cover the server name that is expected by the client.
*
* Omitting any of these checks is generally insecure, and can allow a
* malicious server to impersonate a legitimate server.
*
* The third check may be safely skipped in some unusual scenarios,
* such as networks where eavesdropping is a risk but not active attacks,
* or a private PKI where the client equally trusts all servers that are
* accredited by the root CA.
*
* You should call mbedtls_ssl_set_hostname() with the expected server name
* before starting a TLS handshake on a client (unless the client is
* set up to only use PSK-based authentication, which does not rely on the
* host name). This configuration option controls what happens if a TLS client
* is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED
* (default), certificate authentication is enabled and the client does not
* call mbedtls_ssl_set_hostname():
*
* - If this option is unset (default), the connection attempt is aborted
* with the error #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
* - If this option is set, the TLS library does not check the server name
* that the certificate is valid for. This is the historical behavior
* of Mbed TLS, but may be insecure as explained above.
*
* Enable this option for strict backward compatibility if you have
* determined that it is secure in the scenario where you are using
* Mbed TLS.
*
* \deprecated This option exists only for backward compatibility and will
* be removed in the next major version of Mbed TLS.
*
*/
//#define MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
/**
* \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
*

2
include/mbedtls/error.h
View File

@@ -92,7 +92,7 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
* SSL 5 2 (Started from 0x5F00)
* SSL 5 3 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32

102
include/mbedtls/ssl.h
View File

@@ -183,6 +183,41 @@
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
/** Cache entry not found */
#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x5E00
/** Attempt to verify a certificate without an expected hostname.
* This is usually insecure.
*
* In TLS clients, when a client authenticates a server through its
* certificate, the client normally checks three things:
* - the certificate chain must be valid;
* - the chain must start from a trusted CA;
* - the certificate must cover the server name that is expected by the client.
*
* Omitting any of these checks is generally insecure, and can allow a
* malicious server to impersonate a legitimate server.
*
* The third check may be safely skipped in some unusual scenarios,
* such as networks where eavesdropping is a risk but not active attacks,
* or a private PKI where the client equally trusts all servers that are
* accredited by the root CA.
*
* You should call mbedtls_ssl_set_hostname() with the expected server name
* before starting a TLS handshake on a client (unless the client is
* set up to only use PSK-based authentication, which does not rely on the
* host name). If you have determined that server name verification is not
* required for security in your scenario, call mbedtls_ssl_set_hostname()
* with \p NULL as the server name.
*
* This error is raised if all of the following conditions are met:
*
* - A TLS client is configured with the authentication mode
* #MBEDTLS_SSL_VERIFY_REQUIRED (default).
* - Certificate authentication is enabled.
* - The client does not call mbedtls_ssl_set_hostname().
* - The configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is not enabled.
*/
#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80
/*
* Various constants
@@ -1403,8 +1438,36 @@ struct mbedtls_ssl_context {
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
char *hostname; /*!< expected peer CN for verification
(and SNI if available) */
/** Expected peer CN for verification.
*
* Also used on clients for SNI.
*
* The value of this field can be:
* - \p NULL in a newly initialized or reset context.
* - A heap-allocated copy of the last value passed to
* mbedtls_ssl_set_hostname(), if the last call had a non-null
* \p hostname argument.
* - A special value to indicate that mbedtls_ssl_set_hostname()
* was called with \p NULL (as opposed to never having been called).
*
* If you need to obtain the value passed to
* mbedtls_ssl_set_hostname() even if it may have been called with
* \p NULL, call mbedtls_ssl_get_hostname_pointer().
*
* If this field contains the value \p NULL and the configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is unset, on a TLS client, attempting to verify a server certificate
* results in the error
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
*
* If this field contains the special value described above, or if
* the value is \p NULL and the configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is set, then the peer name verification is skipped, which may be
* insecure, especially on a client. Furthermore, on a client, the
* server_name extension is not sent.
*/
char *hostname;
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
@@ -1535,6 +1598,14 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
* Calling mbedtls_ssl_setup again is not supported, even
* if no session is active.
*
* \warning After setting up a client context, if certificate-based
* authentication is enabled, you should call
* mbedtls_ssl_set_hostname() to specifiy the expected
* name of the server. Without this, in most scenarios,
* the TLS connection is insecure. See
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* for more information.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
@@ -3107,16 +3178,29 @@ void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Set or reset the hostname to check against the received
* server certificate. It sets the ServerName TLS extension,
* too, if that extension is enabled. (client-side only)
* peer certificate. On a client, this also sets the
* ServerName TLS extension, if that extension is enabled.
* On a TLS 1.3 client, this also sets the server name in
* the session resumption ticket, if that feature is enabled.
*
* \param ssl SSL context
* \param hostname the server hostname, may be NULL to clear hostname
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
* \param hostname The server hostname. This may be \c NULL to clear
* the hostname.
*
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN.
*
* \note If the hostname is \c NULL on a client, then the server
* is not authenticated: it only needs to have a valid
* certificate, not a certificate matching its name.
* Therefore you should always call this function on a client,
* unless the connection is set up to only allow
* pre-shared keys, or in scenarios where server
* impersonation is not a concern. See the documentation of
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* for more details.
*
* \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
* allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname.
*
* Hostname set to the one provided on success (cleared

13
include/mbedtls/ssl_internal.h
View File

@@ -467,7 +467,8 @@ struct mbedtls_ssl_handshake_params {
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
MBEDTLS_CHECK_RETURN_CRITICAL
int (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
mbedtls_ssl_tls_prf_cb *tls_prf;
#if defined(MBEDTLS_DHM_C)
@@ -1214,6 +1215,16 @@ static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
return 4;
}
/** Get the host name from the SSL context.
*
* \param[in] ssl SSL context
*
* \return The \p hostname pointer from the SSL context.
* \c NULL if mbedtls_ssl_set_hostname() has never been called on
* \p ssl or if it was last called with \p NULL.
*/
const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);

8
include/mbedtls/version.h
View File

@@ -26,16 +26,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28
#define MBEDTLS_VERSION_PATCH 9
#define MBEDTLS_VERSION_PATCH 10
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x021C0900
#define MBEDTLS_VERSION_STRING "2.28.9"
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.9"
#define MBEDTLS_VERSION_NUMBER 0x021C0A00
#define MBEDTLS_VERSION_STRING "2.28.10"
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.10"
#if defined(MBEDTLS_VERSION_C)

6
library/CMakeLists.txt
View File

@@ -206,15 +206,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.9 SOVERSION 7)
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.10 SOVERSION 7)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
add_library(${mbedx509_target} SHARED ${src_x509})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.9 SOVERSION 1)
set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.10 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.9 SOVERSION 14)
set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.10 SOVERSION 14)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)

2
library/error.c
View File

@@ -508,6 +508,8 @@ const char *mbedtls_high_level_strerr(int error_code)
return( "SSL - Invalid value in SSL config" );
case -(MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND):
return( "SSL - Cache entry not found" );
case -(MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME):
return( "SSL - Attempt to verify a certificate without an expected hostname. This is usually insecure. In TLS clients, when a client authenticates a server through its certificate, the client normally checks three things: - the certificate chain must be valid; - the chain must start from a trusted CA; - the certificate must cover the server name that is expected by the client. Omitting any of these checks is generally insecure, and can allow a malicious server to impersonate a legitimate server. The third check may be safely skipped in some unusual scenarios, such as networks where eavesdropping is a risk but not active attacks, or a private PKI where the client equally trusts all servers that are accredited by the root CA. You should call mbedtls_ssl_set_hostname() with the expected server name before starting a TLS handshake on a client (unless the client is set up to only use PSK-based authentication, which does not rely on the host name). If you have determined that server name verification is not required for security in your scenario, call mbedtls_ssl_set_hostname() with \\p NULL as the server name. This error is raised if all of the following conditions are met: - A TLS client is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED (default). - Certificate authentication is enabled. - The client does not call mbedtls_ssl_set_hostname(). - The configuration option #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is not enabled" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)

21
library/psa_crypto.c
View File

@@ -6177,16 +6177,22 @@ psa_status_t psa_crypto_local_input_alloc(const uint8_t *input, size_t input_len
return PSA_SUCCESS;
error:
mbedtls_free(local_input->buffer);
local_input->buffer = NULL;
if (local_input->buffer != NULL) {
mbedtls_platform_zeroize(local_input->buffer, local_input->length);
mbedtls_free(local_input->buffer);
local_input->buffer = NULL;
}
local_input->length = 0;
return status;
}
void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input)
{
mbedtls_free(local_input->buffer);
local_input->buffer = NULL;
if (local_input->buffer != NULL) {
mbedtls_platform_zeroize(local_input->buffer, local_input->length);
mbedtls_free(local_input->buffer);
local_input->buffer = NULL;
}
local_input->length = 0;
}
@@ -6229,8 +6235,11 @@ psa_status_t psa_crypto_local_output_free(psa_crypto_local_output_t *local_outpu
return status;
}
mbedtls_free(local_output->buffer);
local_output->buffer = NULL;
if (local_output->buffer != NULL) {
mbedtls_platform_zeroize(local_output->buffer, local_output->length);
mbedtls_free(local_output->buffer);
local_output->buffer = NULL;
}
local_output->length = 0;
return PSA_SUCCESS;

9
library/ssl_cli.c
View File

@@ -83,19 +83,20 @@ static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
size_t *olen)
{
unsigned char *p = buf;
const char *hostname = mbedtls_ssl_get_hostname_pointer(ssl);
size_t hostname_len;
*olen = 0;
if (ssl->hostname == NULL) {
if (hostname == NULL) {
return 0;
}
MBEDTLS_SSL_DEBUG_MSG(3,
("client hello, adding server name extension: %s",
ssl->hostname));
hostname));
hostname_len = strlen(ssl->hostname);
hostname_len = strlen(hostname);
MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9);
@@ -139,7 +140,7 @@ static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
p += 2;
memcpy(p, ssl->hostname, hostname_len);
memcpy(p, hostname, hostname_len);
*olen = hostname_len + 9;

242
library/ssl_tls.c
View File

@@ -38,6 +38,92 @@
#include "mbedtls/oid.h"
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/* A magic value for `ssl->hostname` indicating that
* mbedtls_ssl_set_hostname() has been called with `NULL`.
* If mbedtls_ssl_set_hostname() has never been called on `ssl`, then
* `ssl->hostname == NULL`. */
static const char *const ssl_hostname_skip_cn_verification = "";
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/** Whether mbedtls_ssl_set_hostname() has been called.
*
* \param[in] ssl SSL context
*
* \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl
* (including `mbedtls_ssl_set_hostname(ssl, NULL)`),
* otherwise \c 0.
*/
static int mbedtls_ssl_has_set_hostname_been_called(
const mbedtls_ssl_context *ssl)
{
return ssl->hostname != NULL;
}
#endif
const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl)
{
if (ssl->hostname == ssl_hostname_skip_cn_verification) {
return NULL;
}
return ssl->hostname;
}
static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl)
{
if (ssl->hostname != NULL &&
ssl->hostname != ssl_hostname_skip_cn_verification) {
mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
mbedtls_free(ssl->hostname);
}
ssl->hostname = NULL;
}
int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
{
/* Initialize to suppress unnecessary compiler warning */
size_t hostname_len = 0;
/* Check if new hostname is valid before
* making any change to current one */
if (hostname != NULL) {
hostname_len = strlen(hostname);
if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
}
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
mbedtls_ssl_free_hostname(ssl);
if (hostname == NULL) {
/* Passing NULL as hostname clears the old one, but leaves a
* special marker to indicate that mbedtls_ssl_set_hostname()
* has been called. */
/* ssl->hostname should be const, but isn't. We won't actually
* write to the buffer, so it's ok to cast away the const. */
ssl->hostname = (char *) ssl_hostname_skip_cn_verification;
} else {
ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
if (ssl->hostname == NULL) {
/* mbedtls_ssl_set_hostname() has been called, but unsuccessfully.
* Leave ssl->hostname in the same state as if the function had
* not been called, i.e. a null pointer. */
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
memcpy(ssl->hostname, hostname, hostname_len);
ssl->hostname[hostname_len] = '\0';
}
return 0;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -538,6 +624,23 @@ exit:
}
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int mbedtls_ssl_md_error_from_psa(psa_status_t status)
{
switch (status) {
case PSA_ERROR_NOT_SUPPORTED:
return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
case PSA_ERROR_BUFFER_TOO_SMALL:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
case PSA_ERROR_INSUFFICIENT_MEMORY:
return MBEDTLS_ERR_MD_ALLOC_FAILED;
default:
return MBEDTLS_ERR_MD_HW_ACCEL_FAILED;
}
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -806,25 +909,25 @@ static void ssl_update_checksum_md5sha1(mbedtls_ssl_context *, const unsigned ch
#if defined(MBEDTLS_SSL_PROTO_SSL3)
static void ssl_calc_verify_ssl(const mbedtls_ssl_context *, unsigned char *, size_t *);
static void ssl_calc_finished_ssl(mbedtls_ssl_context *, unsigned char *, int);
static int ssl_calc_finished_ssl(mbedtls_ssl_context *, unsigned char *, int);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
static void ssl_calc_verify_tls(const mbedtls_ssl_context *, unsigned char *, size_t *);
static void ssl_calc_finished_tls(mbedtls_ssl_context *, unsigned char *, int);
static int ssl_calc_finished_tls(mbedtls_ssl_context *, unsigned char *, int);
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
static void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *);
static void ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int);
static int ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int);
#endif
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
static void ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
static void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
static void ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2521,13 +2624,33 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
return SSL_CERTIFICATE_EXPECTED;
}
static int get_hostname_for_verification(mbedtls_ssl_context *ssl,
const char **hostname)
{
if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname"));
#if !defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME;
}
#endif
}
*hostname = mbedtls_ssl_get_hostname_pointer(ssl);
if (*hostname == NULL) {
MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification"));
}
return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
int authmode,
mbedtls_x509_crt *chain,
void *rs_ctx)
{
int ret = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
int have_ca_chain = 0;
@@ -2549,6 +2672,13 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
p_vrfy = ssl->conf->p_vrfy;
}
const char *hostname = "";
int ret = get_hostname_for_verification(ssl, &hostname);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret);
return ret;
}
/*
* Main check: verify certificate
*/
@@ -2563,7 +2693,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
ssl->conf->f_ca_cb,
ssl->conf->p_ca_cb,
ssl->conf->cert_profile,
ssl->hostname,
hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy);
} else
@@ -2591,7 +2721,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
chain,
ca_chain, ca_crl,
ssl->conf->cert_profile,
ssl->hostname,
hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy, rs_ctx);
}
@@ -3023,7 +3153,7 @@ static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_SSL3)
static void ssl_calc_finished_ssl(
static int ssl_calc_finished_ssl(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
const char *sender;
@@ -3105,11 +3235,13 @@ static void ssl_calc_finished_ssl(
mbedtls_platform_zeroize(sha1sum, sizeof(sha1sum));
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
return 0;
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
static void ssl_calc_finished_tls(
static int ssl_calc_finished_tls(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
@@ -3165,12 +3297,14 @@ static void ssl_calc_finished_tls(
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
return 0;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_calc_finished_tls_sha256(
static int ssl_calc_finished_tls_sha256(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
@@ -3201,13 +3335,13 @@ static void ssl_calc_finished_tls_sha256(
status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
if (status != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
return;
return mbedtls_ssl_md_error_from_psa(status);
}
status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size);
if (status != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
return;
return mbedtls_ssl_md_error_from_psa(status);
}
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32);
#else
@@ -3241,12 +3375,14 @@ static void ssl_calc_finished_tls_sha256(
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
return 0;
}
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
static void ssl_calc_finished_tls_sha384(
static int ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
@@ -3277,13 +3413,13 @@ static void ssl_calc_finished_tls_sha384(
status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
if (status != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
return;
return mbedtls_ssl_md_error_from_psa(status);
}
status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size);
if (status != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
return;
return mbedtls_ssl_md_error_from_psa(status);
}
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48);
#else
@@ -3328,6 +3464,8 @@ static void ssl_calc_finished_tls_sha384(
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
return 0;
}
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -3422,7 +3560,12 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate);
ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4,
ssl->conf->endpoint);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
return ret;
}
/*
* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
@@ -3551,7 +3694,11 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
#endif
hash_len = 12;
ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
goto exit;
}
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
@@ -4617,49 +4764,6 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
{
/* Initialize to suppress unnecessary compiler warning */
size_t hostname_len = 0;
/* Check if new hostname is valid before
* making any change to current one */
if (hostname != NULL) {
hostname_len = strlen(hostname);
if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
}
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
if (ssl->hostname != NULL) {
mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
mbedtls_free(ssl->hostname);
}
/* Passing NULL as hostname shall clear the old one */
if (hostname == NULL) {
ssl->hostname = NULL;
} else {
ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
if (ssl->hostname == NULL) {
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
memcpy(ssl->hostname, hostname, hostname_len);
ssl->hostname[hostname_len] = '\0';
}
return 0;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *,
@@ -6816,10 +6920,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl)
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if (ssl->hostname != NULL) {
mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
mbedtls_free(ssl->hostname);
}
mbedtls_ssl_free_hostname(ssl);
#endif
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
@@ -7559,17 +7660,8 @@ exit:
if (status != PSA_SUCCESS) {
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
switch (status) {
case PSA_ERROR_NOT_SUPPORTED:
return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
case PSA_ERROR_BUFFER_TOO_SMALL:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
case PSA_ERROR_INSUFFICIENT_MEMORY:
return MBEDTLS_ERR_MD_ALLOC_FAILED;
default:
return MBEDTLS_ERR_MD_HW_ACCEL_FAILED;
}
return mbedtls_ssl_md_error_from_psa(status);
}
return 0;
}

3
library/version_features.c
View File

@@ -486,6 +486,9 @@ static const char * const features[] = {
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
"MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME",
#endif /* MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
"MBEDTLS_SSL_CONTEXT_SERIALIZATION",
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */

2
pkgconfig/CMakeLists.txt
View File

@@ -9,7 +9,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
# Following the conventsion for DESCRIPTION and HOMEPAGE_URL, VERSION wasn't added until 3.0 and depends on policy CMP0048
set(PKGCONFIG_VERSION 2.28.9)
set(PKGCONFIG_VERSION 2.28.10)
configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY)
install(FILES

39
programs/ssl/ssl_client2.c
View File

@@ -64,6 +64,7 @@ int main(void)
#define DFL_ARC4 -1
#define DFL_SHA1 -1
#define DFL_AUTH_MODE -1
#define DFL_SET_HOSTNAME 1
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
#define DFL_RECSPLIT -1
@@ -380,6 +381,9 @@ int main(void)
#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
" set_hostname=%%s call mbedtls_ssl_set_hostname()?" \
" options: no, server_name, NULL\n" \
" default: server_name (but ignored if certs disabled)\n" \
USAGE_IO \
USAGE_KEY_OPAQUE \
USAGE_CA_CALLBACK \
@@ -473,6 +477,8 @@ struct options {
int arc4; /* flag for arc4 suites support */
int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */
int set_hostname; /* call mbedtls_ssl_set_hostname()? */
/* 0=no, 1=yes, -1=NULL */
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */
int recsplit; /* enable record splitting? */
@@ -796,6 +802,7 @@ int main(int argc, char *argv[])
opt.arc4 = DFL_ARC4;
opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE;
opt.set_hostname = DFL_SET_HOSTNAME;
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.recsplit = DFL_RECSPLIT;
@@ -1148,6 +1155,16 @@ usage:
} else {
goto usage;
}
} else if (strcmp(p, "set_hostname") == 0) {
if (strcmp(q, "no") == 0) {
opt.set_hostname = 0;
} else if (strcmp(q, "server_name") == 0) {
opt.set_hostname = 1;
} else if (strcmp(q, "NULL") == 0) {
opt.set_hostname = -1;
} else {
goto usage;
}
} else if (strcmp(p, "max_frag_len") == 0) {
if (strcmp(q, "512") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
@@ -1893,10 +1910,24 @@ usage:
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret);
goto exit;
switch (opt.set_hostname) {
case -1:
if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret);
goto exit;
}
break;
case 0:
/* Skip the call */
break;
default:
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret);
goto exit;
}
break;
}
#endif

12
programs/test/query_config.c
View File

@@ -1376,6 +1376,14 @@ int query_config(const char *config)
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
if( strcmp( "MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME );
return( 0 );
}
#endif /* MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( strcmp( "MBEDTLS_SSL_CONTEXT_SERIALIZATION", config ) == 0 )
{
@@ -3506,6 +3514,10 @@ void list_config(void)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_ASYNC_PRIVATE);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME);
#endif /* MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CONTEXT_SERIALIZATION);
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */

1
scripts/config.py
View File

@@ -326,6 +326,7 @@ def crypto_adapter(adapter):
DEPRECATED = frozenset([
'MBEDTLS_SSL_PROTO_SSL3',
'MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME',
'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
])

3
tests/scripts/all.sh
View File

@@ -1780,6 +1780,9 @@ component_test_full_no_deprecated () {
msg "test: make, full_no_deprecated config" # ~ 5s
make test
msg "test: ssl-opt.sh authentication, full_no_deprecated config" # ~ 10s
tests/ssl-opt.sh -f 'Default\|Authentication'
}
component_test_full_no_deprecated_deprecated_warning () {

4
tests/src/test_helpers/ssl_helpers.c
View File

@@ -721,6 +721,10 @@ int mbedtls_test_ssl_endpoint_init(
ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
TEST_ASSERT(ret == 0);
if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
}
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);

250
tests/ssl-opt.sh
View File

@@ -372,6 +372,11 @@ detect_required_features() {
requires_config_enabled MBEDTLS_SSL_FALLBACK_SCSV;;
esac
case " $1 " in
*\ ca_callback=1\ *)
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;;
esac
unset tmp
}
@@ -1646,7 +1651,6 @@ run_test "Default (compression enabled)" \
-S "error" \
-C "error"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \
"$P_SRV debug_level=3" \
"$P_CLI ca_callback=1 debug_level=3 " \
@@ -1655,7 +1659,6 @@ run_test "CA callback on client" \
-S "error" \
-C "error"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
@@ -4647,6 +4650,234 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \
-c "! mbedtls_ssl_handshake returned" \
-c "SSL - No CA Chain is set, but required to operate"
# The next few tests check what happens if the server has a valid certificate
# that does not match its name (impersonation).
run_test "Authentication: hostname match, client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhost debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname match, client required, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (wrong), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (empty), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name= debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (truncated), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhos debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (last char), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhoss debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (trailing), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhostt debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \
0 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client required" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, secure config" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=2" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, historical config" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, secure config, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, historical config, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-c "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client default, secure config, server picks cert" \
"$P_SRV force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client default, historical config, server picks cert" \
"$P_SRV force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client default, server picks PSK" \
"$P_SRV force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
# The purpose of the next two tests is to test the client's behaviour when receiving a server
# certificate with an unsupported elliptic curve. This should usually not happen because
# the client informs the server about the supported curves - it does, though, in the
@@ -4999,7 +5230,6 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig
# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
# When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -5011,7 +5241,6 @@ run_test "Authentication, CA callback: server badcert, client required" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@@ -5031,7 +5260,6 @@ run_test "Authentication, CA callback: server badcert, client optional" \
# different means to have the server ignoring the client's supported curve list.
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5043,7 +5271,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
@@ -5054,7 +5281,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p
-c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5065,7 +5291,6 @@ run_test "Authentication, CA callback: client SHA256, server required" \
-c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5076,7 +5301,6 @@ run_test "Authentication, CA callback: client SHA384, server required" \
-c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5099,7 +5323,6 @@ run_test "Authentication, CA callback: client badcert, server required" \
# detect that its write end of the connection is closed and abort
# before reading the alert message.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -5118,7 +5341,6 @@ run_test "Authentication, CA callback: client cert not trusted, server requir
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5139,7 +5361,6 @@ run_test "Authentication, CA callback: client badcert, server optional" \
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@@ -5150,7 +5371,6 @@ run_test "Authentication, CA callback: server max_int chain, client default"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -5161,7 +5381,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@@ -5173,7 +5392,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5184,7 +5402,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5195,7 +5412,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \

8
tests/suites/test_suite_config.mbedtls_boolean.data
View File

@@ -1264,6 +1264,14 @@ Config: !MBEDTLS_SSL_CBC_RECORD_SPLITTING
depends_on:!MBEDTLS_SSL_CBC_RECORD_SPLITTING:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C
pass:
Config: MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
depends_on:MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C
pass:
Config: !MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
depends_on:!MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C
pass:
Config: MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_CLI_C
pass:

4
tests/suites/test_suite_version.data
View File

@@ -1,8 +1,8 @@
Check compile time library version
check_compiletime_version:"2.28.9"
check_compiletime_version:"2.28.10"
Check runtime library version
check_runtime_version:"2.28.9"
check_runtime_version:"2.28.10"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0