Factor out a static function to perform error conversion and use it for
the calc_verify() functions along with the place where it is currently
used.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Allow calc_finished to return an error code and propagate that back to
the original function. If an error is returned by a PSA function,
propagate it upwards instead of continuing, so that we do not fail to
properly check the finished message.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
In 2.28, the `hostname` field of `mbedtls_ssl_context` is part of the public
API. We've slightly changed its meaning in order to fix a security issue.
Document the new function mbedtls_ssl_get_hostname_pointer() which
returns what used to be the value of this field.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In a TLS client, when using certificate authentication, the client should
check that the certificate is valid for the server name that the client
expects. Otherwise, in most scenarios, a malicious server can impersonate
another server.
Normally, the application code should call mbedtls_ssl_set_hostname().
However, it's easy to forget. So raise an error if mandatory certificate
authentication is in effect and mbedtls_ssl_set_hostname() has not been
called. Raise the new error code
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy
identification.
But don't raise the error if the backward compatibility option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is
enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use a special marker as ssl->hostname if mbedtls_ssl_set_hostname() has been
called with NULL. If mbedtls_ssl_set_hostname() has never been called, the
field is NULL, as before.
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called() (only implemented approximatively
for now), mbedtls_ssl_get_hostname_pointer(), mbedtls_ssl_free_hostname().
Only access ssl->hostname directly in these functions and in
mbedtls_ssl_set_hostname().
Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().
No behavior change except for a new log message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Summary:
Back port [PR 9241](https://github.com/Mbed-TLS/mbedtls/pull/9241) to
2.28 branch
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
Show which members of the session structure are dependent on
configuration options and which aren't.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Remove a piece of code that was meant to ensure non-usage of the ssl
context (by NULL-ing it) under conditions where it should not be used,
as this now makes less sense.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
DTLS handshakes using CID would crash due to a null pointer dereference.
Fix this. Fixes#3998.
Detected by running compat.sh in config-ccm-psk-dtls1_2.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).
Backport of 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab with a very
different implementation, as 2.28 still stores the list of allowed
groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs
(changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.
Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
