1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-26 00:37:41 +03:00
Commit Graph

515 Commits

Author SHA1 Message Date
Hanno Becker
327c93b182 Add parameter to ssl_read_record() controlling checksum update
Previously, mbedtls_ssl_read_record() always updated the handshake
checksum in case a handshake record was received. While desirable
most of the time, for the CertificateVerify message the checksum
update must only happen after the message has been fully processed,
because the validation requires the handshake digest up to but
excluding the CertificateVerify itself. As a remedy, the bulk
of mbedtls_ssl_read_record() was previously duplicated within
ssl_parse_certificate_verify(), hardening maintenance in case
mbedtls_ssl_read_record() is subject to changes.

This commit adds a boolean parameter to mbedtls_ssl_read_record()
indicating whether the checksum should be updated in case of a
handshake message or not. This allows using it also for
ssl_parse_certificate_verify(), manually updating the checksum
after the message has been processed.
2018-08-17 16:52:08 +01:00
Manuel Pégourié-Gonnard
3879fdfece Merge remote-tracking branch 'public/pr/1955' into iotssl-165-dtls-hs-fragmentation-new
* public/pr/1955:
  Adapt ChangeLog
  Fix overly strict bounds check in ssl_parse_certificate_request()
2018-08-17 10:49:47 +02:00
Hanno Becker
ad17fe9c37 Fix overly strict bounds check in ssl_parse_certificate_request() 2018-08-16 15:51:34 +01:00
Manuel Pégourié-Gonnard
87a346f64e Always save flight first, (re)send later
This will allow fragmentation to always happen in the same place, always from
a buffer distinct from ssl->out_msg, and with the same way of resuming after
returning WANT_WRITE
2018-08-16 10:01:10 +02:00
Manuel Pégourié-Gonnard
31c1586893 Start separating handshake from record writing 2018-08-16 10:00:27 +02:00
Jaeden Amero
cac0c1a250 Merge remote-tracking branch 'upstream-public/pr/1378' into development 2018-08-10 10:59:53 +01:00
Simon Butcher
df15356259 Merge remote-tracking branch 'public/pr/1663' into development 2018-07-19 19:48:10 +01:00
Ron Eldor
755bb6af5f Add ecc extensions only if ecc ciphersuite is used
Fix compliancy to RFC4492. ECC extensions should be included
only if ec ciphersuites are used. Interoperability issue with
bouncy castle. #1157
2018-06-21 16:35:26 +03:00
Manuel Pégourié-Gonnard
79d9b50421 Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development: (180 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-20 09:46:17 +02:00
Angus Gratton
d8213d00db Let MBEDTLS_SSL_MAX_CONTENT_LEN to be split into outward & inward sizes
For the situation where the mbedTLS device has limited RAM, but the
other end of the connection doesn't support the max_fragment_length
extension. To be spec-compliant, mbedTLS has to keep a 16384 byte
incoming buffer. However the outgoing buffer can be made smaller without
breaking spec compliance, and we save some RAM.

See comments in include/mbedtls/config.h for some more details.

(The lower limit of outgoing buffer size is the buffer size used during
handshake/cert negotiation. As the handshake is half-duplex it might
even be possible to store this data in the "incoming" buffer during the
handshake, which would save even more RAM - but it would also be a lot
hackier and error-prone. I didn't really explore this possibility, but
thought I'd mention it here in case someone sees this later on a mission
to jam mbedTLS into an even tinier RAM footprint.)
2018-06-18 20:51:51 +10:00
Simon Butcher
5f57f1e3cc Merge remote-tracking branch 'public/pr/1270' into development 2018-06-15 14:17:31 +01:00
Manuel Pégourié-Gonnard
558da9c3fe Make SSL error code more generic
It's undesirable to have users of the SSL layer check for an error code
specific to a lower-level layer, both out of general layering principles, and
also because if we later make another crypto module gain resume capabilities,
we would need to change the contract again (checking for a new module-specific
error code).
2018-06-13 12:02:12 +02:00
Manuel Pégourié-Gonnard
da19f4c79f Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
Summary of merge conflicts:

include/mbedtls/ecdh.h -> documentation style
include/mbedtls/ecdsa.h -> documentation style
include/mbedtls/ecp.h -> alt style, new error codes, documentation style
include/mbedtls/error.h -> new error codes
library/error.c -> new error codes (generated anyway)
library/ecp.c:
    - code of an extracted function was changed
library/ssl_cli.c:
    - code addition on one side near code change on the other side
      (ciphersuite validation)
library/x509_crt.c -> various things
    - top fo file: helper structure added near old zeroize removed
    - documentation of find_parent_in()'s signature: improved on one side,
      added arguments on the other side
    - documentation of find_parent()'s signature: same as above
    - verify_chain(): variables initialised later to give compiler an
      opportunity to warn us if not initialised on a code path
    - find_parent(): funcion structure completely changed, for some reason git
      tried to insert a paragraph of the old structure...
    - merge_flags_with_cb(): data structure changed, one line was fixed with a
      cast to keep MSVC happy, this cast is already in the new version
    - in verify_restratable(): adjacent independent changes (function
      signature on one line, variable type on the next)
programs/ssl/ssl_client2.c:
    - testing for IN_PROGRESS return code near idle() (event-driven):
      don't wait for data in the the socket if ECP_IN_PROGRESS
tests/data_files/Makefile: adjacent independent additions
tests/suites/test_suite_ecdsa.data: adjacent independent additions
tests/suites/test_suite_x509parse.data: adjacent independent additions

* development: (1059 commits)
  Change symlink to hardlink to avoid permission issues
  Fix out-of-tree testing symlinks on Windows
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  ...
2018-06-13 09:52:54 +02:00
Philippe Antoine
b5b254300e Fix undefined shifts
- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key

and in ssl_cli.c : unsigned char gets promoted to signed integer
2018-06-06 14:27:12 +02:00
Philippe Antoine
747fd53938 Fixes different off by ones 2018-06-05 16:13:10 +02:00
Darryl Green
11999bb72e Fix minor code style issues 2018-05-15 09:21:57 +01:00
Jaeden Amero
a331e0f0af Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed 2018-05-04 14:39:24 +01:00
Andrzej Kurek
03bac448db Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:06:07 -04:00
Gilles Peskine
ca1d742904 mbedtls_ssl_get_key_exchange_md_tls1_2: return hashlen
In mbedtls_ssl_get_key_exchange_md_tls1_2, add an output parameter for
the hash length. The code that calls this function can currently do
without it, but it will need the hash length in the future, when
adding support for a third-party callback to calculate the signature
of the hash.
2018-04-24 11:53:22 +02:00
Mohammad Azim Khan
1d3b508b82 Same ciphersuite validation in server and client hello 2018-04-20 18:54:18 +01:00
Gilles Peskine
f2b76cd45c Merge remote-tracking branch 'upstream-restricted/pr/461' into development-restricted-proposed 2018-04-19 17:41:39 +02:00
Andres Amaya Garcia
1f6301b3c8 Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
Andres Amaya Garcia
e32df087fb Remove individual copies of mbedtls_zeroize()
This commit removes all the static occurrencies of the function
mbedtls_zeroize() in each of the individual .c modules. Instead the
function has been moved to utils.h that is included in each of the
modules.
2018-04-17 09:19:05 -05:00
Krzysztof Stachowiak
94d49978eb Improve comments style 2018-04-05 14:48:55 +02:00
Krzysztof Stachowiak
cd09fc812d Remove a redundant test 2018-04-05 14:48:18 +02:00
Krzysztof Stachowiak
73b183c3bb Add buffer size check before cert_type_len read 2018-04-05 10:20:09 +02:00
Gilles Peskine
f15a8beacf Merge remote-tracking branch 'upstream-public/pr/1256' into development-proposed 2018-03-22 21:51:53 +01:00
Krzysztof Stachowiak
bc231cc9b0 Add a missing buffer size check 2018-03-20 14:09:53 +01:00
Krzysztof Stachowiak
bc145f7978 Correct buffer size check
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-03-20 11:19:50 +01:00
Jaeden Amero
d1fedc55d7 Merge remote-tracking branch 'upstream-public/pr/1440' into development-proposed 2018-03-15 08:23:35 +00:00
Jaeden Amero
95ad522ecc Merge remote-tracking branch 'upstream-public/pr/1439' into development-proposed 2018-03-15 08:23:10 +00:00
Krzysztof Stachowiak
5224a7544c Prevent arithmetic overflow on bounds check 2018-03-13 11:31:38 +01:00
Krzysztof Stachowiak
740b218386 Add bounds check before length read 2018-03-13 11:31:14 +01:00
Krzysztof Stachowiak
027f84c69f Prevent arithmetic overflow on bounds check 2018-03-13 11:29:24 +01:00
Krzysztof Stachowiak
a1098f81c2 Add bounds check before signature length read 2018-03-13 11:28:49 +01:00
Gilles Peskine
d5f7d24e84 Merge branch 'pr_1064' into development-proposed 2018-03-13 00:08:05 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Johannes H
4e5d23fad7 corrected a typo in a comment 2018-01-06 09:46:57 +01:00
Gilles Peskine
0884f4811b Merge remote-tracking branch 'upstream-public/pr/1141' into development 2017-11-29 20:50:59 +01:00
Gilles Peskine
9c3573a962 Merge remote-tracking branch 'upstream-public/pr/988' into development 2017-11-28 17:08:03 +01:00
Hanno Becker
40f8b51221 Add comments on the use of the renego SCSV and the renego ext 2017-10-17 11:03:50 +01:00
Andres Amaya Garcia
6bce9cb5ac Always print gmt_unix_time in TLS client
Change ssl_parse_server_hello() so that the parsed first four random
bytes from the ServerHello message are printed by the TLS client as
a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The
debug message will only be printed if debug_level is 3 or higher.

Unconditionally enabling the debug print enabled testing of this value.
2017-10-06 11:59:13 +01:00
Hanno Becker
1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-10-06 11:58:50 +01:00
Andres Amaya Garcia
074c58f08b Always print gmt_unix_time in TLS client
Change ssl_parse_server_hello() so that the parsed first four random
bytes from the ServerHello message are printed by the TLS client as
a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The
debug message will only be printed if debug_level is 3 or higher.

Unconditionally enabling the debug print enabled testing of this value.
2017-10-06 11:55:32 +01:00
Hanno Becker
2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:35:21 +01:00
Ron Eldor
4a2fb4c6be Addres review comments
Resolves comments raised in the review
2017-09-18 13:43:05 +03:00
Ron Eldor
147d142948 Add log and fix stle issues
Address Andres comments of PR
2017-09-18 13:05:53 +03:00
Ron Eldor
714785dcc2 Write correct number of ciphersuites in log
Change location of log, to fit the correct number of used ciphersuites
2017-09-18 13:05:48 +03:00
Manuel Pégourié-Gonnard
0b23f167ba SSL: rework restart state handling
As done by previous commits for ECC and ECDSA:
- use explicit state assignments rather than increment
- always place the state update right before the operation label

This will make it easier to add restart support for other operations later if
desired.

SSL-specific changes:
- remove useless states: when the last restartable operation on a message is
  complete, ssl->state is incremented already, so we don't need any additional
state update: ecrs_state is only meant to complement ssl->state
- rename remaining states consistently as <message>_<operation>
- move some labels closer to the actual operation when possible (no assignment
  to variables used after the label between its previous and current position)
2017-08-24 12:08:33 +02:00
Manuel Pégourié-Gonnard
15d7df2ba8 Introduce mbedtls_pk_restart_ctx and use it
The fact that you needed to pass a pointer to mbedtls_ecdsa_restart_ctx (or
that you needed to know the key type of the PK context) was a breach of
abstraction.

Change the API (and callers) now, and the implementation will be changed in
the next commit.
2017-08-17 15:16:11 +02:00