Merge branch 'development' into iotssl-461-ecjpake-finalization

* development: (73 commits) Bump yotta dependencies version Fix typo in documentation Corrected misleading fn description in ssl_cache.h Corrected URL/reference to MPI library Fix yotta dependencies Fix minor spelling mistake in programs/pkey/gen_key.c Bump version to 2.1.2 Fix CVE number in ChangeLog Add 'inline' workaround where needed Fix references to non-standard SIZE_T_MAX Fix yotta version dependencies again Upgrade yotta dependency versions Fix compile error in net.c with musl libc Add missing warning in doc Remove inline workaround when not useful Fix macroization of inline in C++ Changed attribution for Guido Vranken Merge of IOTSSL-476 - Random malloc in pem_read() Fix for IOTSSL-473 Double free error Fix potential overflow in CertificateRequest ... Conflicts: include/mbedtls/ssl_internal.h library/ssl_cli.c
2025-07-30 22:43:08 +03:00 · 2015-10-20 15:00:29 +02:00
parent cf82893411 b4d9d360e0
commit fadacb9d0b
52 changed files with 789 additions and 127 deletions
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@ -44,6 +44,9 @@ extern "C" {
 * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
 *                 *olen is always updated to reflect the amount
 *                 of data that has (or would have) been written.
+ *                 If that length cannot be represented, then no data is
+ *                 written to the buffer and *olen is set to the maximum
+ *                 length representable as a size_t.
 *
 * \note           Call this function with dlen = 0 to obtain the
 *                 required buffer size in *olen
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -432,6 +432,11 @@
 #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif

+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
+    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
 #error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@ -46,7 +46,8 @@
 #define MBEDTLS_CIPHER_MODE_STREAM
 #endif

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif

--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1153,6 +1153,22 @@
 */
 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY

+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
 /**
 * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 *
@ -1259,6 +1275,8 @@
 * If set, the X509 parser will not break-off when parsing an X509 certificate
 * and encountering an unknown critical extension.
 *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
 * Uncomment to prevent an error.
 */
 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@ -111,7 +111,7 @@ mbedtls_ctr_drbg_context;

 /**
 * \brief               CTR_DRBG context initialization
- *                      Makes the context ready for mbetls_ctr_drbg_seed() or
+ *                      Makes the context ready for mbedtls_ctr_drbg_seed() or
 *                      mbedtls_ctr_drbg_free().
 *
 * \param ctx           CTR_DRBG context to be initialized
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@ -98,7 +98,7 @@ typedef struct

 /**
 * \brief               HMAC_DRBG context initialization
- *                      Makes the context ready for mbetls_hmac_drbg_seed(),
+ *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
 *                      mbedtls_hmac_drbg_seed_buf() or
 *                      mbedtls_hmac_drbg_free().
 *
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@ -27,10 +27,6 @@

 #include <stddef.h>

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
-#define inline __inline
-#endif
-
 #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
 #define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
 #define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -44,6 +44,11 @@
 #include "ecdsa.h"
 #endif

+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
 #define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80  /**< Memory allocation failed. */
 #define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
 #define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80  /**< Bad input parameters to function. */
@ -59,7 +64,6 @@
 #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
 #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900  /**< The signature is valid but its length is less than expected. */

-
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@ -37,7 +37,8 @@

 #include <pkcs11-helper-1.0/pkcs11h-certificate.h>

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif

@ -54,7 +55,7 @@ typedef struct {
 } mbedtls_pkcs11_context;

 /**
- * Initialize a mbetls_pkcs11_context.
+ * Initialize a mbedtls_pkcs11_context.
 * (Just making memory references valid.)
 */
 void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -125,6 +125,7 @@
 #define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900  /**< Connection requires a read call. */
 #define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880  /**< Connection requires a write call. */
 #define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  /**< The operation timed out. */
+#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780  /**< The client initiated a reconnect from the same port. */

 /*
 * Various constants
@ -138,6 +139,8 @@
 #define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */

+#define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
+
 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
 * NONE must be zero so that memset()ing structure to zero works */
 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
@ -851,7 +854,7 @@ int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );

 /**
 * \brief          Initialize an SSL context
- *                 Just makes the context ready for mbetls_ssl_setup() or
+ *                 Just makes the context ready for mbedtls_ssl_setup() or
 *                 mbedtls_ssl_free()
 *
 * \param ssl      SSL context
@ -1226,6 +1229,11 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
 *                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
 *                  on the first handshake attempt when this is enabled.
 *
+ * \note            This is also necessary to handle client reconnection from
+ *                  the same port as described in RFC 6347 section 4.2.8 (only
+ *                  the variant with cookies is supported currently). See
+ *                  comments on \c mbedtls_ssl_read() for details.
+ *
 * \param conf              SSL configuration
 * \param f_cookie_write    Cookie write callback
 * \param f_cookie_check    Cookie check callback
@ -1438,7 +1446,7 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
 * \param profile  Profile to use
 */
 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
-                                    mbedtls_x509_crt_profile *profile );
+                                    const mbedtls_x509_crt_profile *profile );

 /**
 * \brief          Set the data required to verify peer certificate
@ -2169,29 +2177,35 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
 *
 * \param ssl      SSL context
 *
- * \return         0 if successful, MBEDTLS_ERR_SSL_WANT_READ,
- *                 MBEDTLS_ERR_SSL_WANT_WRITE, or a specific SSL error code.
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
+ *                 a specific SSL error code.
 *
- * \note           If this function returns non-zero, then the ssl context
+ * \note           If this function returns something other than 0 or
+ *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
 *                 becomes unusable, and you should either free it or call
 *                 \c mbedtls_ssl_session_reset() on it before re-using it.
- *                 If DTLS is in use, then you may choose to handle
+ *
+ * \note           If DTLS is in use, then you may choose to handle
 *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
- *                 purposes, but you still need to reset/free the context.
+ *                 purposes, as it is an expected return value rather than an
+ *                 actual error, but you still need to reset/free the context.
 */
 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );

 /**
 * \brief          Perform a single step of the SSL handshake
 *
- *                 Note: the state of the context (ssl->state) will be at
+ * \note           The state of the context (ssl->state) will be at
 *                 the following state after execution of this function.
 *                 Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
 *
 * \param ssl      SSL context
 *
- * \return         0 if successful, MBEDTLS_ERR_SSL_WANT_READ,
- *                 MBEDTLS_ERR_SSL_WANT_WRITE, or a specific SSL error code.
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 a specific SSL error code.
 */
 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );

@ -2218,7 +2232,23 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
 *
 * \return         the number of bytes read, or
 *                 0 for EOF, or
- *                 a negative error code.
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
+ *                 another negative error code.
+ *
+ * \note           When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+ *                 (which can only happen server-side), it means that a client
+ *                 is initiating a new connection using the same source port.
+ *                 You can either treat that as a connection close and wait
+ *                 for the client to resend a ClientHello, or directly
+ *                 continue with \c mbedtls_ssl_handshake() with the same
+ *                 context (as it has beeen reset internally). Either way, you
+ *                 should make sure this is seen by the application as a new
+ *                 connection: application state, if any, should be reset, and
+ *                 most importantly the identity of the client must be checked
+ *                 again. WARNING: not validating the identity of the client
+ *                 again, or not transmitting the new identity to the
+ *                 application layer, would allow authentication bypass!
 */
 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );

--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@ -121,7 +121,7 @@ void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeou
 #endif /* MBEDTLS_HAVE_TIME */

 /**
- * \brief          Set the cache timeout
+ * \brief          Set the maximum number of cache entries
 *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
 *
 * \param cache    SSL cache context
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -45,7 +45,8 @@
 #include "ecjpake.h"
 #endif

-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif

--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@ -92,7 +92,7 @@ void mbedtls_set_alarm( int seconds );
 *                 (See \c mbedtls_timing_get_delay().)
 *
 * \param data     Pointer to timing data
- *                 Must point to a valid \c mbetls_timing_delay_context struct.
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
 * \param int_ms   First (intermediate) delay in milliseconds.
 * \param fin_ms   Second (final) delay in milliseconds.
 *                 Pass 0 to cancel the current delay.
@ -104,7 +104,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
 *                 (Memory helper: number of delays passed.)
 *
 * \param data     Pointer to timing data
- *                 Must point to a valid \c mbetls_timing_delay_context struct.
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
 *
 * \return         -1 if cancelled (fin_ms = 0)
 *                  0 if none of the delays are passed,
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@ -39,16 +39,16 @@
 */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  1
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_PATCH  2

 /**
 * The single version number has the following structure:
 *    MMNNPP00
 *    Major version | Minor version | Patch version
 */
-#define MBEDTLS_VERSION_NUMBER         0x02010000
-#define MBEDTLS_VERSION_STRING         "2.1.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.1.0"
+#define MBEDTLS_VERSION_NUMBER         0x02010200
+#define MBEDTLS_VERSION_STRING         "2.1.2"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.1.2"

 #if defined(MBEDTLS_VERSION_C)