Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr

This commit is contained in:
Ronald Cron 2022-07-08 18:56:49 +02:00
commit ce7d76e2ee
47 changed files with 1283 additions and 94 deletions

View file

@ -0,0 +1,11 @@
Security
* Add the platform function mbedtls_setbuf() to allow buffering to be
disabled on stdio files, to stop secrets loaded from said files being
potentially left in memory after file operations. Reported by
Glenn Strauss.
Requirement changes
* The library will no longer compile out of the box on a platform without
setbuf(). If your platform does not have setbuf(), you can configure an
alternative function by enabling MBEDTLS_PLATFORM_SETBUF_ALT or
MBEDTLS_PLATFORM_SETBUF_MACRO.

View file

@ -0,0 +1,4 @@
Bugfix
* Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
by 2, and mbedtls_mpi_write_string() in base 2).

View file

@ -0,0 +1,6 @@
Security
* Fix a potential heap buffer overread in TLS 1.2 server-side when
MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
is selected. This may result in an application crash or potentially an
information leak.

View file

@ -0,0 +1,9 @@
Security
* Fix a buffer overread in DTLS ClientHello parsing in servers with
MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
after the end of the SSL input buffer. The buffer overread only happens
when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
and possibly up to 571 bytes with a custom cookie check function.
Reported by the Cybeats PSI Team.

View file

@ -0,0 +1,4 @@
Bugfix
* Fix record sizes larger than 16384 being sometimes accepted despite being
non-compliant. This could not lead to a buffer overflow. In particular,
application data size was already checked correctly.

View file

@ -0,0 +1,8 @@
Security
* Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
client or server could cause an MbedTLS server or client to overread up
to 64 kBytes of data and potentially overread the input buffer by that
amount minus the size of the input buffer. As overread data undergoes
various checks, the likelihood of reaching the boundary of the input
buffer is rather small but increases as its size
MBEDTLS_SSL_IN_CONTENT_LEN decreases.

View file

@ -0,0 +1,7 @@
Security
* Fix check of certificate key usage in TLS 1.3. The usage of the public key
provided by a client or server certificate for authentication was not
checked properly when validating the certificate. This could cause a
client or server to be able to authenticate itself through a certificate
to an Mbed TLS TLS 1.3 server or client while it does not own a proper
certificate to do so.

View file

@ -385,6 +385,20 @@
#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously" #error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
#endif #endif
#if defined(MBEDTLS_PLATFORM_SETBUF_ALT) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_SETBUF_ALT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_SETBUF_MACRO defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) &&\
( defined(MBEDTLS_PLATFORM_STD_SETBUF) ||\
defined(MBEDTLS_PLATFORM_SETBUF_ALT) )
#error "MBEDTLS_PLATFORM_SETBUF_MACRO and MBEDTLS_PLATFORM_STD_SETBUF/MBEDTLS_PLATFORM_SETBUF_ALT cannot be defined simultaneously"
#endif
#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\ #if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
( !defined(MBEDTLS_PLATFORM_C) ||\ ( !defined(MBEDTLS_PLATFORM_C) ||\
!defined(MBEDTLS_HAVE_TIME) ) !defined(MBEDTLS_HAVE_TIME) )

View file

@ -225,6 +225,7 @@
* Uncomment a macro to enable alternate implementation of specific base * Uncomment a macro to enable alternate implementation of specific base
* platform function * platform function
*/ */
//#define MBEDTLS_PLATFORM_SETBUF_ALT
//#define MBEDTLS_PLATFORM_EXIT_ALT //#define MBEDTLS_PLATFORM_EXIT_ALT
//#define MBEDTLS_PLATFORM_TIME_ALT //#define MBEDTLS_PLATFORM_TIME_ALT
//#define MBEDTLS_PLATFORM_FPRINTF_ALT //#define MBEDTLS_PLATFORM_FPRINTF_ALT
@ -3328,6 +3329,7 @@
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ //#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
@ -3345,6 +3347,7 @@
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */

View file

@ -216,32 +216,6 @@ typedef struct
typedef void mbedtls_pk_restart_ctx; typedef void mbedtls_pk_restart_ctx;
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
*
* \warning You must make sure the PK context actually holds an RSA context
* before using this function!
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
/**
* Quick access to an EC context inside a PK context.
*
* \warning You must make sure the PK context actually holds an EC context
* before using this function!
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/** /**
* \brief Types for RSA-alt abstraction * \brief Types for RSA-alt abstraction
@ -735,6 +709,55 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
*/ */
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
*
* \warning This function can only be used when the type of the context, as
* returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
* Ensuring that is the caller's responsibility.
* Alternatively, you can check whether this function returns NULL.
*
* \return The internal RSA context held by the PK context, or NULL.
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
switch( mbedtls_pk_get_type( &pk ) )
{
case MBEDTLS_PK_RSA:
return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
default:
return( NULL );
}
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
/**
* Quick access to an EC context inside a PK context.
*
* \warning This function can only be used when the type of the context, as
* returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
* #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
* Ensuring that is the caller's responsibility.
* Alternatively, you can check whether this function returns NULL.
*
* \return The internal EC context held by the PK context, or NULL.
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
switch( mbedtls_pk_get_type( &pk ) )
{
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
default:
return( NULL );
}
}
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_PARSE_C) #if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */ /** \ingroup pk_module */
/** /**

View file

@ -91,6 +91,9 @@ extern "C" {
#if !defined(MBEDTLS_PLATFORM_STD_FREE) #if !defined(MBEDTLS_PLATFORM_STD_FREE)
#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */ #define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */
#endif #endif
#if !defined(MBEDTLS_PLATFORM_STD_SETBUF)
#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< The default \c setbuf function to use. */
#endif
#if !defined(MBEDTLS_PLATFORM_STD_EXIT) #if !defined(MBEDTLS_PLATFORM_STD_EXIT)
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */ #define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */
#endif #endif
@ -276,6 +279,56 @@ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */ #endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ #endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
/*
* The function pointers for setbuf
*/
#if defined(MBEDTLS_PLATFORM_SETBUF_ALT)
#include <stdio.h>
/**
* \brief Function pointer to call for `setbuf()` functionality
* (changing the internal buffering on stdio calls).
*
* \note The library calls this function to disable
* buffering when reading or writing sensitive data,
* to avoid having extra copies of sensitive data
* remaining in stdio buffers after the file is
* closed. If this is not a concern, for example if
* your platform's stdio doesn't have any buffering,
* you can set mbedtls_setbuf to a function that
* does nothing.
*
* The library always calls this function with
* `buf` equal to `NULL`.
*/
extern void (*mbedtls_setbuf)( FILE *stream, char *buf );
/**
* \brief Dynamically configure the function that is called
* when the mbedtls_setbuf() function is called by the
* library.
*
* \param setbuf_func The \c setbuf function implementation
*
* \return \c 0
*/
int mbedtls_platform_set_setbuf( void (*setbuf_func)(
FILE *stream, char *buf ) );
#elif defined(MBEDTLS_PLATFORM_SETBUF_MACRO)
/**
* \brief Macro defining the function for the library to
* call for `setbuf` functionality (changing the
* internal buffering on stdio calls).
*
* \note See extra comments on the mbedtls_setbuf() function
* pointer above.
*
* \return \c 0 on success, negative on error.
*/
#define mbedtls_setbuf MBEDTLS_PLATFORM_SETBUF_MACRO
#else
#define mbedtls_setbuf setbuf
#endif /* MBEDTLS_PLATFORM_SETBUF_ALT / MBEDTLS_PLATFORM_SETBUF_MACRO */
/* /*
* The function pointers for exit * The function pointers for exit
*/ */

View file

@ -1785,7 +1785,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_
/* /*
* handle trivial cases * handle trivial cases
*/ */
if( b == 1 ) if( b == 1 || A->n == 0 )
{ {
*r = 0; *r = 0;
return( 0 ); return( 0 );

View file

@ -607,6 +607,9 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
if( ( f = fopen( path, "wb" ) ) == NULL ) if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, if( ( ret = mbedtls_ctr_drbg_random( ctx, buf,
MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 ) MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
goto exit; goto exit;
@ -640,6 +643,9 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
n = fread( buf, 1, sizeof( buf ), f ); n = fread( buf, 1, sizeof( buf ), f );
if( fread( &c, 1, 1, f ) != 0 ) if( fread( &c, 1, 1, f ) != 0 )
{ {

View file

@ -620,6 +620,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
/* The data loaded here is public, so don't bother disabling buffering. */
fseek( f, 0, SEEK_END ); fseek( f, 0, SEEK_END );
if( ( size = ftell( f ) ) == -1 ) if( ( size = ftell( f ) ) == -1 )

View file

@ -457,6 +457,9 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
goto exit; goto exit;
} }
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE ) if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
{ {
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
@ -484,6 +487,9 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
fseek( f, 0, SEEK_END ); fseek( f, 0, SEEK_END );
n = (size_t) ftell( f ); n = (size_t) ftell( f );
fseek( f, 0, SEEK_SET ); fseek( f, 0, SEEK_SET );

View file

@ -35,7 +35,7 @@
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
#endif #endif
#if defined(MBEDTLS_ENTROPY_NV_SEED) #if defined(MBEDTLS_ENTROPY_NV_SEED) || !defined(HAVE_SYSCTL_ARND)
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#endif #endif
@ -195,6 +195,9 @@ int mbedtls_platform_entropy_poll( void *data,
if( file == NULL ) if( file == NULL )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( file, NULL );
read_len = fread( output, 1, len, file ); read_len = fread( output, 1, len, file );
if( read_len != len ) if( read_len != len )
{ {

View file

@ -436,6 +436,9 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha
if( ( f = fopen( path, "wb" ) ) == NULL ) if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 ) if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
goto exit; goto exit;
@ -465,6 +468,9 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
n = fread( buf, 1, sizeof( buf ), f ); n = fread( buf, 1, sizeof( buf ), f );
if( fread( &c, 1, 1, f ) != 0 ) if( fread( &c, 1, 1, f ) != 0 )
{ {

View file

@ -605,6 +605,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_MD_FILE_IO_ERROR ); return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
mbedtls_md_init( &ctx ); mbedtls_md_init( &ctx );
if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )

View file

@ -82,6 +82,9 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
if( ( f = fopen( path, "rb" ) ) == NULL ) if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( f, NULL );
fseek( f, 0, SEEK_END ); fseek( f, 0, SEEK_END );
if( ( size = ftell( f ) ) == -1 ) if( ( size = ftell( f ) ) == -1 )
{ {

View file

@ -226,6 +226,28 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ...
} }
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ #endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_SETBUF_ALT)
#if !defined(MBEDTLS_PLATFORM_STD_SETBUF)
/*
* Make dummy function to prevent NULL pointer dereferences
*/
static void platform_setbuf_uninit( FILE *stream, char *buf )
{
((void) stream);
((void) buf);
}
#define MBEDTLS_PLATFORM_STD_SETBUF platform_setbuf_uninit
#endif /* !MBEDTLS_PLATFORM_STD_SETBUF */
void (*mbedtls_setbuf)( FILE *stream, char *buf ) = MBEDTLS_PLATFORM_STD_SETBUF;
int mbedtls_platform_set_setbuf( void (*setbuf_func)( FILE *stream, char *buf ) )
{
mbedtls_setbuf = setbuf_func;
return( 0 );
}
#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
#if defined(MBEDTLS_PLATFORM_EXIT_ALT) #if defined(MBEDTLS_PLATFORM_EXIT_ALT)
#if !defined(MBEDTLS_PLATFORM_STD_EXIT) #if !defined(MBEDTLS_PLATFORM_STD_EXIT)
/* /*
@ -288,6 +310,9 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
return( -1 ); return( -1 );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( file, NULL );
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
{ {
fclose( file ); fclose( file );
@ -307,6 +332,9 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL ) if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
return -1; return -1;
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( file, NULL );
if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len ) if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
{ {
fclose( file ); fclose( file );

View file

@ -102,6 +102,9 @@ static psa_status_t psa_its_read_file( psa_storage_uid_t uid,
if( *p_stream == NULL ) if( *p_stream == NULL )
return( PSA_ERROR_DOES_NOT_EXIST ); return( PSA_ERROR_DOES_NOT_EXIST );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( *p_stream, NULL );
n = fread( &header, 1, sizeof( header ), *p_stream ); n = fread( &header, 1, sizeof( header ), *p_stream );
if( n != sizeof( header ) ) if( n != sizeof( header ) )
return( PSA_ERROR_DATA_CORRUPT ); return( PSA_ERROR_DATA_CORRUPT );
@ -201,9 +204,13 @@ psa_status_t psa_its_set( psa_storage_uid_t uid,
psa_its_fill_filename( uid, filename ); psa_its_fill_filename( uid, filename );
stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" ); stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
if( stream == NULL ) if( stream == NULL )
goto exit; goto exit;
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( stream, NULL );
status = PSA_ERROR_INSUFFICIENT_STORAGE; status = PSA_ERROR_INSUFFICIENT_STORAGE;
n = fwrite( &header, 1, sizeof( header ), stream ); n = fwrite( &header, 1, sizeof( header ), stream );
if( n != sizeof( header ) ) if( n != sizeof( header ) )

View file

@ -50,6 +50,7 @@ void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
#endif #endif
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_cache_find_entry( mbedtls_ssl_cache_context *cache, static int ssl_cache_find_entry( mbedtls_ssl_cache_context *cache,
unsigned char const *session_id, unsigned char const *session_id,
size_t session_id_len, size_t session_id_len,
@ -124,6 +125,7 @@ exit:
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_cache_pick_writing_slot( mbedtls_ssl_cache_context *cache, static int ssl_cache_pick_writing_slot( mbedtls_ssl_cache_context *cache,
unsigned char const *session_id, unsigned char const *session_id,
size_t session_id_len, size_t session_id_len,

View file

@ -1778,6 +1778,7 @@ const int *mbedtls_ssl_list_ciphersuites( void )
static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0; static int supported_init = 0;
MBEDTLS_CHECK_RETURN_CRITICAL
static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
{ {
(void)cs_info; (void)cs_info;

View file

@ -46,6 +46,7 @@
#include "ssl_debug_helpers.h" #include "ssl_debug_helpers.h"
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -129,6 +130,7 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
* } ProtocolNameList; * } ProtocolNameList;
* *
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -226,6 +228,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
* *
* DHE groups are not supported yet. * DHE groups are not supported yet.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -308,6 +311,7 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_client_hello_cipher_suites( static int ssl_write_client_hello_cipher_suites(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
@ -424,6 +428,7 @@ static int ssl_write_client_hello_cipher_suites(
* }; * };
* } ClientHello; * } ClientHello;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -654,6 +659,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_generate_random( mbedtls_ssl_context *ssl ) static int ssl_generate_random( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -691,6 +697,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl ) static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;

View file

@ -28,6 +28,7 @@
#include <stddef.h> #include <stddef.h>
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl ); int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_CLIENT_H */ #endif /* MBEDTLS_SSL_CLIENT_H */

View file

@ -160,6 +160,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
/* /*
* Generate the HMAC part of a cookie * Generate the HMAC part of a cookie
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx, static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
const unsigned char time[4], const unsigned char time[4],
unsigned char **p, unsigned char *end, unsigned char **p, unsigned char *end,

View file

@ -381,11 +381,38 @@ static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ct
* \return Zero if the needed space is available in the buffer, non-zero * \return Zero if the needed space is available in the buffer, non-zero
* otherwise. * otherwise.
*/ */
#if ! defined(MBEDTLS_TEST_HOOKS)
static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
const uint8_t *end, size_t need ) const uint8_t *end, size_t need )
{ {
return( ( cur > end ) || ( need > (size_t)( end - cur ) ) ); return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
} }
#else
typedef struct
{
const uint8_t *cur;
const uint8_t *end;
size_t need;
} mbedtls_ssl_chk_buf_ptr_args;
void mbedtls_ssl_set_chk_buf_ptr_fail_args(
const uint8_t *cur, const uint8_t *end, size_t need );
void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args );
static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
const uint8_t *end, size_t need )
{
if( ( cur > end ) || ( need > (size_t)( end - cur ) ) )
{
mbedtls_ssl_set_chk_buf_ptr_fail_args( cur, end, need );
return( 1 );
}
return( 0 );
}
#endif /* MBEDTLS_TEST_HOOKS */
/** /**
* \brief This macro checks if the remaining size in a buffer is * \brief This macro checks if the remaining size in a buffer is
@ -1102,6 +1129,7 @@ struct mbedtls_ssl_flight_item
* (<> 0) or not ( 0 ). * (<> 0) or not ( 0 ).
* \param[out] out_len Length of the data written into the buffer \p buf * \param[out] out_len Length of the data written into the buffer \p buf
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -1153,7 +1181,9 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform ); mbedtls_ssl_transform *transform );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
@ -1162,15 +1192,19 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
ssl->state = ( int ) state; ssl->state = ( int ) state;
} }
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
@ -1250,16 +1284,20 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
* following the above definition. * following the above definition.
* *
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
unsigned update_hs_digest ); unsigned update_hs_digest );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
/* /*
* Write handshake message header * Write handshake message header
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
unsigned char **buf, size_t *buf_len ); unsigned char **buf, size_t *buf_len );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
int update_checksum, int update_checksum,
int force_flush ); int force_flush );
@ -1271,19 +1309,28 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
/* /*
* Write handshake message tail * Write handshake message tail
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
size_t buf_len, size_t msg_len ); size_t buf_len, size_t msg_len );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ); int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
@ -1299,10 +1346,12 @@ void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if !defined(MBEDTLS_USE_PSA_CRYPTO) #if !defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
mbedtls_key_exchange_type_t key_ex ); mbedtls_key_exchange_type_t key_ex );
#endif /* !MBEDTLS_USE_PSA_CRYPTO */ #endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ); int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
#endif #endif
@ -1370,11 +1419,14 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
unsigned char mbedtls_ssl_hash_from_md_alg( int md ); unsigned char mbedtls_ssl_hash_from_md_alg( int md );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
#endif #endif
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id ); int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
#endif #endif
@ -1429,6 +1481,7 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
* *
* Return 0 if everything is OK, -1 if not. * Return 0 if everything is OK, -1 if not.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite, const mbedtls_ssl_ciphersuite_t *ciphersuite,
int cert_endpoint, int cert_endpoint,
@ -1477,21 +1530,26 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
#endif #endif
/* Visible for testing purposes only */ /* Visible for testing purposes only */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl ); int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
#endif #endif
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
const mbedtls_ssl_session *src ); const mbedtls_ssl_session *src );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen, unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len, unsigned char *data, size_t data_len,
@ -1503,11 +1561,13 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
#endif #endif
void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ); void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform, mbedtls_ssl_transform *transform,
mbedtls_record *rec, mbedtls_record *rec,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ); void *p_rng );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
mbedtls_ssl_transform *transform, mbedtls_ssl_transform *transform,
mbedtls_record *rec ); mbedtls_record *rec );
@ -1525,10 +1585,12 @@ static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ); int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ); void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ); int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
@ -1536,6 +1598,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform ); mbedtls_ssl_transform *transform );
void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ); void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl, void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
int partial ); int partial );
@ -1543,6 +1606,7 @@ void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
/* /*
* Send pending alert * Send pending alert
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl );
/* /*
@ -1563,6 +1627,7 @@ void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ); int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
@ -1627,7 +1692,9 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
MBEDTLS_SERVER_HELLO_RANDOM_LEN ]; MBEDTLS_SERVER_HELLO_RANDOM_LEN ];
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ); void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
@ -1640,6 +1707,7 @@ void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
* \param[in] end End address of the buffer where to write the extensions * \param[in] end End address of the buffer where to write the extensions
* \param[out] out_len Length of the data written into the buffer \p buf * \param[out] out_len Length of the data written into the buffer \p buf
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -1650,6 +1718,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
* *
* \param ssl SSL context * \param ssl SSL context
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
/** /**
@ -1657,6 +1726,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
* *
* \param ssl SSL context * \param ssl SSL context
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
@ -1749,6 +1819,7 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
/* /*
* Fetch TLS 1.3 handshake message header * Fetch TLS 1.3 handshake message header
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type, unsigned hs_type,
unsigned char **buf, unsigned char **buf,
@ -1757,17 +1828,20 @@ int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
/* /*
* Handler of TLS 1.3 server certificate message * Handler of TLS 1.3 server certificate message
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* /*
* Handler of TLS 1.3 write Certificate message * Handler of TLS 1.3 write Certificate message
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl );
/* /*
* Handler of TLS 1.3 write Certificate Verify message * Handler of TLS 1.3 write Certificate Verify message
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@ -1775,16 +1849,20 @@ int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
/* /*
* Generic handler of Certificate Verify * Generic handler of Certificate Verify
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
/* /*
* Write of dummy-CCS's for middlebox compatibility * Write of dummy-CCS's for middlebox compatibility
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl ); int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
uint16_t named_group, uint16_t named_group,
@ -1800,12 +1878,14 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
/* /*
* Parse TLS Signature Algorithm extension * Parse TLS Signature Algorithm extension
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ); const unsigned char *end );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/* Get handshake transcript */ /* Get handshake transcript */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md, const mbedtls_md_type_t md,
unsigned char *dst, unsigned char *dst,
@ -2172,6 +2252,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
mbedtls_pk_context *key ); mbedtls_pk_context *key );
@ -2265,6 +2346,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t buf_len ); size_t buf_len );
@ -2297,31 +2379,44 @@ static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
* *
* \return 0 if valid, negative value otherwise. * \return 0 if valid, negative value otherwise.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_validate_ciphersuite( int mbedtls_ssl_validate_ciphersuite(
const mbedtls_ssl_context *ssl, const mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *suite_info, const mbedtls_ssl_ciphersuite_t *suite_info,
mbedtls_ssl_protocol_version min_tls_version, mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version ); mbedtls_ssl_protocol_version max_tls_version );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
const unsigned char *end, size_t *out_len ); const unsigned char *end, size_t *out_len );
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ); const unsigned char *end );
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ); const unsigned char *end );
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
size_t *out_len ); size_t *out_len );
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_TEST_HOOKS)
int mbedtls_ssl_check_dtls_clihlo_cookie(
mbedtls_ssl_context *ssl,
const unsigned char *cli_id, size_t cli_id_len,
const unsigned char *in, size_t in_len,
unsigned char *obuf, size_t buf_len, size_t *olen );
#endif
#endif /* ssl_misc.h */ #endif /* ssl_misc.h */

View file

@ -86,6 +86,7 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
unsigned char *buf, unsigned char *buf,
size_t len, size_t len,
@ -157,11 +158,16 @@ exit:
static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
uint8_t slot ); uint8_t slot );
static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_buffer_message( mbedtls_ssl_context *ssl ); static int ssl_buffer_message( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
mbedtls_record const *rec ); mbedtls_record const *rec );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
@ -179,6 +185,7 @@ static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
return( out_buf_len ); return( out_buf_len );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
{ {
size_t const bytes_written = ssl->out_left; size_t const bytes_written = ssl->out_left;
@ -195,6 +202,7 @@ static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
return( (int) ( mtu - bytes_written ) ); return( (int) ( mtu - bytes_written ) );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl ) static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -246,6 +254,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
* Double the retransmit timeout value, within the allowed range, * Double the retransmit timeout value, within the allowed range,
* returning -1 if the maximum value has already been reached. * returning -1 if the maximum value has already been reached.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
{ {
uint32_t new_timeout; uint32_t new_timeout;
@ -329,6 +338,7 @@ static size_t ssl_compute_padding_length( size_t len,
* - A negative error code if `max_len` didn't offer enough space * - A negative error code if `max_len` didn't offer enough space
* for the expansion. * for the expansion.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_build_inner_plaintext( unsigned char *content, static int ssl_build_inner_plaintext( unsigned char *content,
size_t *content_size, size_t *content_size,
size_t remaining, size_t remaining,
@ -356,6 +366,7 @@ static int ssl_build_inner_plaintext( unsigned char *content,
/* This function parses a (D)TLSInnerPlaintext structure. /* This function parses a (D)TLSInnerPlaintext structure.
* See ssl_build_inner_plaintext() for details. */ * See ssl_build_inner_plaintext() for details. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_inner_plaintext( unsigned char const *content, static int ssl_parse_inner_plaintext( unsigned char const *content,
size_t *content_size, size_t *content_size,
uint8_t *rec_type ) uint8_t *rec_type )
@ -469,6 +480,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
#if defined(MBEDTLS_GCM_C) || \ #if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C) defined(MBEDTLS_CHACHAPOLY_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_transform_aead_dynamic_iv_is_explicit( static int ssl_transform_aead_dynamic_iv_is_explicit(
mbedtls_ssl_transform const *transform ) mbedtls_ssl_transform const *transform )
{ {
@ -2066,6 +2078,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
/* /*
* Append current handshake message to current outgoing flight * Append current handshake message to current outgoing flight
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_flight_append( mbedtls_ssl_context *ssl ) static int ssl_flight_append( mbedtls_ssl_context *ssl )
{ {
mbedtls_ssl_flight_item *msg; mbedtls_ssl_flight_item *msg;
@ -2132,6 +2145,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
/* /*
* Swap transform_out and out_ctr with the alternative ones * Swap transform_out and out_ctr with the alternative ones
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
{ {
mbedtls_ssl_transform *tmp_transform; mbedtls_ssl_transform *tmp_transform;
@ -2767,6 +2781,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
{ {
if( ssl->in_msglen < ssl->in_hslen || if( ssl->in_msglen < ssl->in_hslen ||
@ -2792,6 +2807,7 @@ static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
ssl->in_msg[8] ); ssl->in_msg[8] );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
{ {
uint32_t msg_len, frag_off, frag_len; uint32_t msg_len, frag_off, frag_len;
@ -2858,6 +2874,7 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
/* /*
* Check that bitmask is full * Check that bitmask is full
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_bitmask_check( unsigned char *mask, size_t len ) static int ssl_bitmask_check( unsigned char *mask, size_t len )
{ {
size_t i; size_t i;
@ -3057,6 +3074,7 @@ static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
( (uint64_t) buf[5] ) ); ( (uint64_t) buf[5] ) );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr ) static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -3139,8 +3157,8 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
/* /*
* Without any SSL context, check if a datagram looks like a ClientHello with * Check if a datagram looks like a ClientHello with a valid cookie,
* a valid cookie, and if it doesn't, generate a HelloVerifyRequest message. * and if it doesn't, generate a HelloVerifyRequest message.
* Both input and output include full DTLS headers. * Both input and output include full DTLS headers.
* *
* - if cookie is valid, return 0 * - if cookie is valid, return 0
@ -3149,15 +3167,15 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
* - otherwise return a specific error code * - otherwise return a specific error code
*/ */
static int ssl_check_dtls_clihlo_cookie( MBEDTLS_CHECK_RETURN_CRITICAL
mbedtls_ssl_cookie_write_t *f_cookie_write, MBEDTLS_STATIC_TESTABLE
mbedtls_ssl_cookie_check_t *f_cookie_check, int mbedtls_ssl_check_dtls_clihlo_cookie(
void *p_cookie, mbedtls_ssl_context *ssl,
const unsigned char *cli_id, size_t cli_id_len, const unsigned char *cli_id, size_t cli_id_len,
const unsigned char *in, size_t in_len, const unsigned char *in, size_t in_len,
unsigned char *obuf, size_t buf_len, size_t *olen ) unsigned char *obuf, size_t buf_len, size_t *olen )
{ {
size_t sid_len, cookie_len; size_t sid_len, cookie_len, epoch, fragment_offset;
unsigned char *p; unsigned char *p;
/* /*
@ -3186,26 +3204,55 @@ static int ssl_check_dtls_clihlo_cookie(
* *
* Minimum length is 61 bytes. * Minimum length is 61 bytes.
*/ */
if( in_len < 61 || MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u",
in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || (unsigned) in_len ) );
in[3] != 0 || in[4] != 0 || MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len );
in[19] != 0 || in[20] != 0 || in[21] != 0 ) if( in_len < 61 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
epoch = MBEDTLS_GET_UINT16_BE( in, 3 );
fragment_offset = MBEDTLS_GET_UINT24_BE( in, 19 );
if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || epoch != 0 ||
fragment_offset != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) );
MBEDTLS_SSL_DEBUG_MSG( 4, ( " type=%u epoch=%u fragment_offset=%u",
in[0], (unsigned) epoch,
(unsigned) fragment_offset ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
} }
sid_len = in[59]; sid_len = in[59];
if( sid_len > in_len - 61 ) if( 59 + 1 + sid_len + 1 > in_len )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u",
(unsigned) sid_len,
(unsigned) in_len - 61 ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network",
in + 60, sid_len );
cookie_len = in[60 + sid_len]; cookie_len = in[60 + sid_len];
if( cookie_len > in_len - 60 ) if( 59 + 1 + sid_len + 1 + cookie_len > in_len )
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
cli_id, cli_id_len ) == 0 )
{ {
/* Valid cookie */ MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u",
(unsigned) cookie_len,
(unsigned) ( in_len - sid_len - 61 ) ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network",
in + sid_len + 61, cookie_len );
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
in + sid_len + 61, cookie_len,
cli_id, cli_id_len ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) );
return( 0 ); return( 0 );
} }
@ -3240,8 +3287,9 @@ static int ssl_check_dtls_clihlo_cookie(
/* Generate and write actual cookie */ /* Generate and write actual cookie */
p = obuf + 28; p = obuf + 28;
if( f_cookie_write( p_cookie, if( ssl->conf->f_cookie_write( ssl->conf->p_cookie,
&p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) &p, obuf + buf_len,
cli_id, cli_id_len ) != 0 )
{ {
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
@ -3280,6 +3328,7 @@ static int ssl_check_dtls_clihlo_cookie(
* includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected * includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected
* errors, and is the right thing to do in both cases). * errors, and is the right thing to do in both cases).
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -3295,15 +3344,13 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
ret = ssl_check_dtls_clihlo_cookie( ret = mbedtls_ssl_check_dtls_clihlo_cookie(
ssl->conf->f_cookie_write, ssl,
ssl->conf->f_cookie_check,
ssl->conf->p_cookie,
ssl->cli_id, ssl->cli_id_len, ssl->cli_id, ssl->cli_id_len,
ssl->in_buf, ssl->in_left, ssl->in_buf, ssl->in_left,
ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len ); ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret );
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{ {
@ -3337,6 +3384,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_record_type( uint8_t record_type ) static int ssl_check_record_type( uint8_t record_type )
{ {
if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE && if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
@ -3369,6 +3417,7 @@ static int ssl_check_record_type( uint8_t record_type )
* Point 2 is needed when the peer is resending, and we have already received * Point 2 is needed when the peer is resending, and we have already received
* the first record from a datagram but are still waiting for the others. * the first record from a datagram but are still waiting for the others.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
unsigned char *buf, unsigned char *buf,
size_t len, size_t len,
@ -3481,7 +3530,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
/* /*
* Parse and validate record version * Parse and validate record version
*/ */
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ]; rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ]; rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset, tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset,
@ -3489,10 +3537,12 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
if( tls_version > ssl->conf->max_tls_version ) if( tls_version > ssl->conf->max_tls_version )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch: got %u, expected max %u",
(unsigned) tls_version,
(unsigned) ssl->conf->max_tls_version) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
} }
/* /*
* Parse/Copy record sequence number. * Parse/Copy record sequence number.
*/ */
@ -3594,6 +3644,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
{ {
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
@ -3623,6 +3674,7 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
/* /*
* If applicable, decrypt record content * If applicable, decrypt record content
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
mbedtls_record *rec ) mbedtls_record *rec )
{ {
@ -3757,7 +3809,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
/* Check actual (decrypted) record content length against /* Check actual (decrypted) record content length against
* configured maximum. */ * configured maximum. */
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
@ -3775,8 +3827,11 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
*/ */
/* Helper functions for mbedtls_ssl_read_record(). */ /* Helper functions for mbedtls_ssl_read_record(). */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_consume_current_message( mbedtls_ssl_context *ssl ); static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_next_record( mbedtls_ssl_context *ssl ); static int ssl_get_next_record( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
@ -3864,6 +3919,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ) static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
{ {
if( ssl->in_left > ssl->next_record_offset ) if( ssl->in_left > ssl->next_record_offset )
@ -3872,6 +3928,7 @@ static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
{ {
mbedtls_ssl_handshake_params * const hs = ssl->handshake; mbedtls_ssl_handshake_params * const hs = ssl->handshake;
@ -3969,6 +4026,7 @@ exit:
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
size_t desired ) size_t desired )
{ {
@ -4011,6 +4069,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
return( -1 ); return( -1 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_buffer_message( mbedtls_ssl_context *ssl ) static int ssl_buffer_message( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
@ -4215,6 +4274,7 @@ exit:
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
{ {
/* /*
@ -4302,6 +4362,7 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ) static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
{ {
if( ssl->in_msglen > 0 ) if( ssl->in_msglen > 0 )
@ -4328,6 +4389,7 @@ static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
} }
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
{ {
mbedtls_ssl_handshake_params * const hs = ssl->handshake; mbedtls_ssl_handshake_params * const hs = ssl->handshake;
@ -4385,6 +4447,7 @@ exit:
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
mbedtls_record const *rec ) mbedtls_record const *rec )
{ {
@ -4443,6 +4506,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_next_record( mbedtls_ssl_context *ssl ) static int ssl_get_next_record( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -5193,6 +5257,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
/* /*
* Check record counters and renegotiate if they're above the limit. * Check record counters and renegotiate if they're above the limit.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
{ {
size_t ep_len = mbedtls_ssl_ep_len( ssl ); size_t ep_len = mbedtls_ssl_ep_len( ssl );
@ -5232,6 +5297,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
* and having a helper function allows to distinguish between TLS <= 1.2 and * and having a helper function allows to distinguish between TLS <= 1.2 and
* TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read(). * TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read().
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -5549,6 +5615,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
* Therefore, it is possible that the input message length is 0 and the * Therefore, it is possible that the input message length is 0 and the
* corresponding return code is 0 on success. * corresponding return code is 0 on success.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_real( mbedtls_ssl_context *ssl, static int ssl_write_real( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len ) const unsigned char *buf, size_t len )
{ {

View file

@ -66,6 +66,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
/* /*
* Generate/update a key * Generate/update a key
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
unsigned char index ) unsigned char index )
{ {
@ -113,6 +114,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
/* /*
* Rotate/generate keys if necessary * Rotate/generate keys if necessary
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
{ {
#if !defined(MBEDTLS_HAVE_TIME) #if !defined(MBEDTLS_HAVE_TIME)

View file

@ -58,6 +58,30 @@
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#endif #endif
#if defined(MBEDTLS_TEST_HOOKS)
static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
void mbedtls_ssl_set_chk_buf_ptr_fail_args(
const uint8_t *cur, const uint8_t *end, size_t need )
{
chk_buf_ptr_fail_args.cur = cur;
chk_buf_ptr_fail_args.end = end;
chk_buf_ptr_fail_args.need = need;
}
void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void )
{
memset( &chk_buf_ptr_fail_args, 0, sizeof( chk_buf_ptr_fail_args ) );
}
int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args )
{
return( ( chk_buf_ptr_fail_args.cur != args->cur ) ||
( chk_buf_ptr_fail_args.end != args->end ) ||
( chk_buf_ptr_fail_args.need != args->need ) );
}
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -275,6 +299,7 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
} }
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old ) static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old )
{ {
unsigned char* resized_buffer = mbedtls_calloc( 1, len_new ); unsigned char* resized_buffer = mbedtls_calloc( 1, len_new );
@ -380,6 +405,7 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
const unsigned char *, size_t, const unsigned char *, size_t,
unsigned char *, size_t); unsigned char *, size_t);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite, int ciphersuite,
const unsigned char master[48], const unsigned char master[48],
@ -393,6 +419,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
const mbedtls_ssl_context *ssl ); const mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha256( const unsigned char *secret, size_t slen, static int tls_prf_sha256( const unsigned char *secret, size_t slen,
const char *label, const char *label,
const unsigned char *random, size_t rlen, const unsigned char *random, size_t rlen,
@ -403,6 +430,7 @@ static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *,
#endif /* MBEDTLS_SHA256_C */ #endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_SHA384_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384( const unsigned char *secret, size_t slen, static int tls_prf_sha384( const unsigned char *secret, size_t slen,
const char *label, const char *label,
const unsigned char *random, size_t rlen, const unsigned char *random, size_t rlen,
@ -415,6 +443,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *
static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
unsigned char *buf, unsigned char *buf,
size_t buf_len ); size_t buf_len );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_session_load_tls12( mbedtls_ssl_session *session, static int ssl_session_load_tls12( mbedtls_ssl_session *session,
const unsigned char *buf, const unsigned char *buf,
size_t len ); size_t len );
@ -672,6 +701,7 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
memset( session, 0, sizeof(mbedtls_ssl_session) ); memset( session, 0, sizeof(mbedtls_ssl_session) );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_handshake_init( mbedtls_ssl_context *ssl ) static int ssl_handshake_init( mbedtls_ssl_context *ssl )
{ {
/* Clear old handshake information if present */ /* Clear old handshake information if present */
@ -862,6 +892,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/* Dummy cookie callbacks for defaults */ /* Dummy cookie callbacks for defaults */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_cookie_write_dummy( void *ctx, static int ssl_cookie_write_dummy( void *ctx,
unsigned char **p, unsigned char *end, unsigned char **p, unsigned char *end,
const unsigned char *cli_id, size_t cli_id_len ) const unsigned char *cli_id, size_t cli_id_len )
@ -875,6 +906,7 @@ static int ssl_cookie_write_dummy( void *ctx,
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_cookie_check_dummy( void *ctx, static int ssl_cookie_check_dummy( void *ctx,
const unsigned char *cookie, size_t cookie_len, const unsigned char *cookie, size_t cookie_len,
const unsigned char *cli_id, size_t cli_id_len ) const unsigned char *cli_id, size_t cli_id_len )
@ -897,6 +929,7 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl ) static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
{ {
const mbedtls_ssl_config *conf = ssl->conf; const mbedtls_ssl_config *conf = ssl->conf;
@ -948,6 +981,7 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_CONFIG ); return( MBEDTLS_ERR_SSL_BAD_CONFIG );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_conf_check(const mbedtls_ssl_context *ssl) static int ssl_conf_check(const mbedtls_ssl_context *ssl)
{ {
int ret; int ret;
@ -1092,6 +1126,8 @@ void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
memset( ssl->in_buf, 0, in_buf_len ); memset( ssl->in_buf, 0, in_buf_len );
} }
ssl->send_alert = 0;
/* Reset outgoing message writing */ /* Reset outgoing message writing */
ssl->out_msgtype = 0; ssl->out_msgtype = 0;
ssl->out_msglen = 0; ssl->out_msglen = 0;
@ -1371,6 +1407,7 @@ static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
} }
/* Append a new keycert entry to a (possibly empty) list */ /* Append a new keycert entry to a (possibly empty) list */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
mbedtls_pk_context *key ) mbedtls_pk_context *key )
@ -1524,6 +1561,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_conf_psk_is_configured( mbedtls_ssl_config const *conf ) static int ssl_conf_psk_is_configured( mbedtls_ssl_config const *conf )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1569,6 +1607,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
* It checks that the provided identity is well-formed and attempts * It checks that the provided identity is well-formed and attempts
* to make a copy of it in the SSL config. * to make a copy of it in the SSL config.
* On failure, the PSK identity in the config remains unset. */ * On failure, the PSK identity in the config remains unset. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf, static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf,
unsigned char const *psk_identity, unsigned char const *psk_identity,
size_t psk_identity_len ) size_t psk_identity_len )
@ -2763,6 +2802,7 @@ static unsigned char ssl_serialized_session_header[] = {
* *
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_session_save( const mbedtls_ssl_session *session, static int ssl_session_save( const mbedtls_ssl_session *session,
unsigned char omit_header, unsigned char omit_header,
unsigned char *buf, unsigned char *buf,
@ -2837,6 +2877,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
* This internal version is wrapped by a public function that cleans up in * This internal version is wrapped by a public function that cleans up in
* case of error, and has an extra option omit_header. * case of error, and has an extra option omit_header.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_session_load( mbedtls_ssl_session *session, static int ssl_session_load( mbedtls_ssl_session *session,
unsigned char omit_header, unsigned char omit_header,
const unsigned char *buf, const unsigned char *buf,
@ -2903,6 +2944,7 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
/* /*
* Perform a single step of the SSL handshake * Perform a single step of the SSL handshake
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl ) static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -3061,6 +3103,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
/* /*
* Write HelloRequest to request renegotiation on server * Write HelloRequest to request renegotiation on server
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -3659,6 +3702,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
* This internal version is wrapped by a public function that cleans up in * This internal version is wrapped by a public function that cleans up in
* case of error. * case of error.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_context_load( mbedtls_ssl_context *ssl, static int ssl_context_load( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -4224,6 +4268,7 @@ static uint16_t ssl_preset_suiteb_groups[] = {
#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
* to make sure there are no duplicated signature algorithm entries. */ * to make sure there are no duplicated signature algorithm entries. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_no_sig_alg_duplication( uint16_t * sig_algs ) static int ssl_check_no_sig_alg_duplication( uint16_t * sig_algs )
{ {
size_t i, j; size_t i, j;
@ -4769,6 +4814,7 @@ exit:
#else /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_SHA384_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl, static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
unsigned char *dst, unsigned char *dst,
size_t dst_len, size_t dst_len,
@ -4799,6 +4845,7 @@ exit:
#endif /* MBEDTLS_SHA384_C */ #endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl, static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
unsigned char *dst, unsigned char *dst,
size_t dst_len, size_t dst_len,
@ -5034,6 +5081,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic( mbedtls_md_type_t md_type, static int tls_prf_generic( mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen, const unsigned char *secret, size_t slen,
const char *label, const char *label,
@ -5110,6 +5158,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
#else /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic( mbedtls_md_type_t md_type, static int tls_prf_generic( mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen, const unsigned char *secret, size_t slen,
const char *label, const char *label,
@ -5202,6 +5251,7 @@ exit:
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha256( const unsigned char *secret, size_t slen, static int tls_prf_sha256( const unsigned char *secret, size_t slen,
const char *label, const char *label,
const unsigned char *random, size_t rlen, const unsigned char *random, size_t rlen,
@ -5213,6 +5263,7 @@ static int tls_prf_sha256( const unsigned char *secret, size_t slen,
#endif /* MBEDTLS_SHA256_C */ #endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_SHA384_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384( const unsigned char *secret, size_t slen, static int tls_prf_sha384( const unsigned char *secret, size_t slen,
const char *label, const char *label,
const unsigned char *random, size_t rlen, const unsigned char *random, size_t rlen,
@ -5232,6 +5283,7 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
* Outputs: * Outputs:
* - the tls_prf, calc_verify and calc_finished members of handshake structure * - the tls_prf, calc_verify and calc_finished members of handshake structure
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
mbedtls_md_type_t hash ) mbedtls_md_type_t hash )
{ {
@ -5276,6 +5328,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
* EMS: passed to calc_verify (debug + session_negotiate) * EMS: passed to calc_verify (debug + session_negotiate)
* PSA-PSA: conf * PSA-PSA: conf
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
unsigned char *master, unsigned char *master,
const mbedtls_ssl_context *ssl ) const mbedtls_ssl_context *ssl )
@ -5744,6 +5797,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -5915,6 +5969,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
unsigned char *crt_buf, unsigned char *crt_buf,
size_t crt_buf_len ) size_t crt_buf_len )
@ -5930,6 +5985,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) ); return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) );
} }
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
unsigned char *crt_buf, unsigned char *crt_buf,
size_t crt_buf_len ) size_t crt_buf_len )
@ -5964,6 +6020,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
* Once the certificate message is read, parse it into a cert chain and * Once the certificate message is read, parse it into a cert chain and
* perform basic checks, but leave actual verification to the caller * perform basic checks, but leave actual verification to the caller
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
mbedtls_x509_crt *chain ) mbedtls_x509_crt *chain )
{ {
@ -6119,6 +6176,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
{ {
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
@ -6144,6 +6202,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
*/ */
#define SSL_CERTIFICATE_EXPECTED 0 #define SSL_CERTIFICATE_EXPECTED 0
#define SSL_CERTIFICATE_SKIP 1 #define SSL_CERTIFICATE_SKIP 1
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
int authmode ) int authmode )
{ {
@ -6173,6 +6232,7 @@ static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
return( SSL_CERTIFICATE_EXPECTED ); return( SSL_CERTIFICATE_EXPECTED );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
int authmode, int authmode,
mbedtls_x509_crt *chain, mbedtls_x509_crt *chain,
@ -6270,7 +6330,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
{ {
const mbedtls_pk_context *pk = &chain->pk; const mbedtls_pk_context *pk = &chain->pk;
/* If certificate uses an EC key, make sure the curve is OK */ /* If certificate uses an EC key, make sure the curve is OK.
* This is a public key, so it can't be opaque, so can_do() is a good
* enough check to ensure pk_ec() is safe to use here. */
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
{ {
@ -6361,6 +6423,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
} }
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
unsigned char *start, size_t len ) unsigned char *start, size_t len )
{ {
@ -6392,6 +6455,7 @@ static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
unsigned char *start, size_t len ) unsigned char *start, size_t len )
{ {
@ -7060,6 +7124,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
* [in] optionally used for: * [in] optionally used for:
* - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite, int ciphersuite,
const unsigned char master[48], const unsigned char master[48],
@ -7889,6 +7954,7 @@ static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session,
return( used ); return( used );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_session_load_tls12( mbedtls_ssl_session *session, static int ssl_session_load_tls12( mbedtls_ssl_session *session,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -8254,6 +8320,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
* ServerName server_name_list<1..2^16-1> * ServerName server_name_list<1..2^16-1>
* } ServerNameList; * } ServerNameList;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -8309,6 +8376,7 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )

View file

@ -75,6 +75,7 @@ int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -116,6 +117,7 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -147,6 +149,7 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -220,6 +223,7 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -266,6 +270,7 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -298,6 +303,7 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -328,6 +334,7 @@ static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -358,6 +365,7 @@ static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -400,6 +408,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -629,6 +638,7 @@ int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -673,6 +683,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -699,6 +710,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -755,6 +767,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -780,6 +793,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -805,6 +819,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -831,6 +846,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -879,6 +895,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -913,6 +930,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len ) const unsigned char *buf, size_t len )
{ {
@ -983,6 +1001,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -1103,6 +1122,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
* Parse HelloVerifyRequest. Only called after verifying the HS type. * Parse HelloVerifyRequest. Only called after verifying the HS type.
*/ */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
{ {
const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
@ -1184,6 +1204,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
{ {
int ret, i; int ret, i;
@ -1716,6 +1737,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end ) unsigned char *end )
@ -1761,6 +1783,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end ) unsigned char *end )
@ -1825,6 +1848,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
#else #else
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
{ {
const mbedtls_ecp_curve_info *curve_info; const mbedtls_ecp_curve_info *curve_info;
@ -1853,6 +1877,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end ) unsigned char *end )
@ -1893,6 +1918,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end ) unsigned char *end )
@ -1939,6 +1965,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
/* /*
* Generate a pre-master secret and encrypt it with the server's RSA key * Generate a pre-master secret and encrypt it with the server's RSA key
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
size_t offset, size_t *olen, size_t offset, size_t *olen,
size_t pms_offset ) size_t pms_offset )
@ -2021,6 +2048,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end, unsigned char *end,
@ -2079,6 +2107,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2097,6 +2126,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
peer_pk = &ssl->session_negotiate->peer_cert->pk; peer_pk = &ssl->session_negotiate->peer_cert->pk;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* This is a public key, so it can't be opaque, so can_do() is a good
* enough check to ensure pk_ec() is safe to use below. */
if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) ) if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
@ -2166,6 +2197,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2513,6 +2545,7 @@ exit:
} }
#if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) #if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{ {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@ -2531,6 +2564,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2734,6 +2768,7 @@ exit:
} }
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2773,6 +2808,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -3295,6 +3331,7 @@ ecdh_calc_secret:
} }
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{ {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@ -3320,6 +3357,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@ -3459,6 +3497,7 @@ sign:
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

View file

@ -78,6 +78,7 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
{ {
if( conf->f_psk != NULL ) if( conf->f_psk != NULL )
@ -99,6 +100,7 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -176,6 +178,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
* *
* DHE groups are not supported yet. * DHE groups are not supported yet.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl, static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -242,6 +245,7 @@ static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -287,6 +291,7 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -316,6 +321,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -335,6 +341,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -407,6 +414,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -431,6 +439,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -455,6 +464,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
size_t len ) size_t len )
@ -529,6 +539,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
@ -657,6 +668,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
*/ */
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_key_curve( mbedtls_pk_context *pk, static int ssl_check_key_curve( mbedtls_pk_context *pk,
const mbedtls_ecp_curve_info **curves ) const mbedtls_ecp_curve_info **curves )
{ {
@ -678,6 +690,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
* Try picking a certificate for this ciphersuite, * Try picking a certificate for this ciphersuite,
* return 0 on success and -1 on failure. * return 0 on success and -1 on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_pick_cert( mbedtls_ssl_context *ssl, static int ssl_pick_cert( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t * ciphersuite_info ) const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
{ {
@ -784,6 +797,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
* Check if a given ciphersuite is suitable for use with our config/keys/etc * Check if a given ciphersuite is suitable for use with our config/keys/etc
* Sets ciphersuite_info only if the suite matches. * Sets ciphersuite_info only if the suite matches.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
const mbedtls_ssl_ciphersuite_t **ciphersuite_info ) const mbedtls_ssl_ciphersuite_t **ciphersuite_info )
{ {
@ -881,6 +895,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
/* This function doesn't alert on errors that happen early during /* This function doesn't alert on errors that happen early during
ClientHello parsing because they might indicate that the client is ClientHello parsing because they might indicate that the client is
not talking SSL/TLS at all and would not understand our alert. */ not talking SSL/TLS at all and would not understand our alert. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
{ {
int ret, got_common_suite; int ret, got_common_suite;
@ -1049,16 +1064,29 @@ read_record_header:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
/* We don't support fragmentation of ClientHello (yet?) */
if( buf[1] != 0 ||
msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); size_t handshake_len = MBEDTLS_GET_UINT24_BE( buf, 1 );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %u",
( unsigned ) handshake_len ) );
/* The record layer has a record size limit of 2^14 - 1 and
* fragmentation is not supported, so buf[1] should be zero. */
if( buf[1] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != 0",
(unsigned) buf[1] ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
/* We don't support fragmentation of ClientHello (yet?) */
if( msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + handshake_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != %u + %u",
(unsigned) msg_len,
(unsigned) mbedtls_ssl_hs_hdr_len( ssl ),
(unsigned) handshake_len ) );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1093,16 +1121,24 @@ read_record_header:
ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->out_msg_seq = cli_msg_seq;
ssl->handshake->in_msg_seq = cli_msg_seq + 1; ssl->handshake->in_msg_seq = cli_msg_seq + 1;
} }
/*
* For now we don't support fragmentation, so make sure
* fragment_offset == 0 and fragment_length == length
*/
if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) ); /*
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); * For now we don't support fragmentation, so make sure
* fragment_offset == 0 and fragment_length == length
*/
size_t fragment_offset, fragment_length, length;
fragment_offset = MBEDTLS_GET_UINT24_BE( ssl->in_msg, 6 );
fragment_length = MBEDTLS_GET_UINT24_BE( ssl->in_msg, 9 );
length = MBEDTLS_GET_UINT24_BE( ssl->in_msg, 1 );
MBEDTLS_SSL_DEBUG_MSG(
4, ( "fragment_offset=%u fragment_length=%u length=%u",
(unsigned) fragment_offset, (unsigned) fragment_length,
(unsigned) length ) );
if( fragment_offset != 0 || length != fragment_length )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
} }
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
@ -2045,6 +2081,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2163,6 +2200,7 @@ exit:
mbedtls_ssl_session_free( &session_tmp ); mbedtls_ssl_session_free( &session_tmp );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
{ {
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
@ -2379,6 +2417,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
} }
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{ {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@ -2397,6 +2436,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@ -2568,6 +2608,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2662,6 +2703,7 @@ cleanup:
} }
#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ #elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -2694,6 +2736,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE) defined(MBEDTLS_SSL_ASYNC_PRIVATE)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len ) size_t *signature_len )
{ {
@ -2721,6 +2764,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
/* Prepare the ServerKeyExchange message, up to and including /* Prepare the ServerKeyExchange message, up to and including
* calculating the signature if any, but excluding formatting the * calculating the signature if any, but excluding formatting the
* signature and sending the message. */ * signature and sending the message. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len ) size_t *signature_len )
{ {
@ -3148,6 +3192,7 @@ curve_matching_done:
* that do not include a ServerKeyExchange message, do nothing. Either * that do not include a ServerKeyExchange message, do nothing. Either
* way, if successful, move on to the next step in the SSL state * way, if successful, move on to the next step in the SSL state
* machine. */ * machine. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -3169,7 +3214,12 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) ) if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) )
{ {
ssl_get_ecdh_params_from_cert( ssl ); ret = ssl_get_ecdh_params_from_cert( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
return( ret );
}
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
@ -3245,6 +3295,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -3284,6 +3335,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p, static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p,
const unsigned char *end ) const unsigned char *end )
{ {
@ -3327,6 +3379,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
unsigned char *peer_pms, unsigned char *peer_pms,
size_t *peer_pmslen, size_t *peer_pmslen,
@ -3344,6 +3397,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
const unsigned char *p, const unsigned char *p,
const unsigned char *end, const unsigned char *end,
@ -3429,6 +3483,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
const unsigned char *p, const unsigned char *p,
const unsigned char *end, const unsigned char *end,
@ -3517,6 +3572,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p, static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p,
const unsigned char *end ) const unsigned char *end )
{ {
@ -3577,6 +3633,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -4014,6 +4071,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
} }
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{ {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@ -4032,6 +4090,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@ -4195,6 +4254,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

View file

@ -42,6 +42,7 @@
* ProtocolVersion versions<2..254>; * ProtocolVersion versions<2..254>;
* } SupportedVersions; * } SupportedVersions;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -91,6 +92,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -120,6 +122,7 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len ) const unsigned char *buf, size_t len )
{ {
@ -168,6 +171,7 @@ static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
{ {
uint16_t group_id = ssl->handshake->offered_group_id; uint16_t group_id = ssl->handshake->offered_group_id;
@ -206,6 +210,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
/* /*
* Functions for writing key_share extension. * Functions for writing key_share extension.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *group_id ) uint16_t *group_id )
{ {
@ -255,6 +260,7 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
* KeyShareEntry client_shares<0..2^16-1>; * KeyShareEntry client_shares<0..2^16-1>;
* } KeyShareClientHello; * } KeyShareClientHello;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -368,6 +374,7 @@ cleanup:
* NamedGroup selected_group; * NamedGroup selected_group;
* } KeyShareHelloRetryRequest; * } KeyShareHelloRetryRequest;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -442,6 +449,7 @@ static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
* opaque key_exchange<1..2^16-1>; * opaque key_exchange<1..2^16-1>;
* } KeyShareEntry; * } KeyShareEntry;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -516,6 +524,7 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
* a "cookie" extension in the new ClientHello. Clients MUST NOT use * a "cookie" extension in the new ClientHello. Clients MUST NOT use
* cookies in their initial ClientHello in subsequent connections. * cookies in their initial ClientHello in subsequent connections.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -549,6 +558,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -642,6 +652,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
* \return 1 if the ServerHello contains a supported_versions extension * \return 1 if the ServerHello contains a supported_versions extension
* \return A negative value if an error occurred while parsing the ServerHello. * \return A negative value if an error occurred while parsing the ServerHello.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_is_supported_versions_ext_present( static int ssl_tls13_is_supported_versions_ext_present(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
@ -717,6 +728,7 @@ static int ssl_tls13_is_supported_versions_ext_present(
* the server is TLS 1.3 capable but negotiating TLS 1.2 or below. * the server is TLS 1.3 capable but negotiating TLS 1.2 or below.
* - 0 otherwise * - 0 otherwise
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl, static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -749,6 +761,7 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
*/ */
#define SSL_SERVER_HELLO 0 #define SSL_SERVER_HELLO 0
#define SSL_SERVER_HELLO_HRR 1 #define SSL_SERVER_HELLO_HRR 1
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl, static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -788,6 +801,7 @@ static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
* - SSL_SERVER_HELLO_TLS1_2 * - SSL_SERVER_HELLO_TLS1_2
*/ */
#define SSL_SERVER_HELLO_TLS1_2 2 #define SSL_SERVER_HELLO_TLS1_2 2
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl, static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -878,6 +892,7 @@ cleanup:
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ssl, static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ssl,
const unsigned char **buf, const unsigned char **buf,
const unsigned char *end ) const unsigned char *end )
@ -925,6 +940,7 @@ static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ss
* Extension extensions<6..2^16-1>; * Extension extensions<6..2^16-1>;
* } ServerHello; * } ServerHello;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -1183,6 +1199,7 @@ cleanup:
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1258,6 +1275,7 @@ cleanup:
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl ) static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1281,6 +1299,7 @@ static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
* Wait and parse ServerHello handshake message. * Wait and parse ServerHello handshake message.
* Handler for MBEDTLS_SSL_SERVER_HELLO * Handler for MBEDTLS_SSL_SERVER_HELLO
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1355,6 +1374,7 @@ cleanup:
* Extension extensions<0..2^16-1>; * Extension extensions<0..2^16-1>;
* } EncryptedExtensions; * } EncryptedExtensions;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -1436,6 +1456,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -1486,6 +1507,7 @@ cleanup:
* - SSL_CERTIFICATE_REQUEST_SKIP * - SSL_CERTIFICATE_REQUEST_SKIP
* indicating if a Certificate Request is expected or not. * indicating if a Certificate Request is expected or not.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl ) static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1523,6 +1545,7 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
* Extension extensions<2..2^16-1>; * Extension extensions<2..2^16-1>;
* } CertificateRequest; * } CertificateRequest;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -1639,6 +1662,7 @@ decode_error:
/* /*
* Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1684,6 +1708,7 @@ cleanup:
/* /*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -1699,6 +1724,7 @@ static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -1715,6 +1741,7 @@ static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_SERVER_FINISHED * Handler for MBEDTLS_SSL_SERVER_FINISHED
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -1746,6 +1773,7 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
{ {
int non_empty_certificate_msg = 0; int non_empty_certificate_msg = 0;
@ -1788,6 +1816,7 @@ static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
{ {
int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl ); int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
@ -1802,6 +1831,7 @@ static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED * Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -1825,6 +1855,7 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_FLUSH_BUFFERS * Handler for MBEDTLS_SSL_FLUSH_BUFFERS
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl ) static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
@ -1835,6 +1866,7 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{ {

View file

@ -31,6 +31,7 @@
#include <string.h> #include <string.h>
#include "ssl_misc.h" #include "ssl_misc.h"
#include "ssl_tls13_invasive.h"
#include "ssl_tls13_keys.h" #include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h" #include "ssl_debug_helpers.h"
@ -156,6 +157,7 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h
*verify_buffer_len = idx; *verify_buffer_len = idx;
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -385,9 +387,11 @@ cleanup:
*/ */
/* Parse certificate chain send by the server. */ /* Parse certificate chain send by the server. */
static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL
const unsigned char *buf, MBEDTLS_STATIC_TESTABLE
const unsigned char *end ) int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t certificate_request_context_len = 0; size_t certificate_request_context_len = 0;
@ -438,6 +442,7 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert ); mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_list_len );
certificate_list_end = p + certificate_list_len; certificate_list_end = p + certificate_list_len;
while( p < certificate_list_end ) while( p < certificate_list_end )
{ {
@ -517,9 +522,11 @@ exit:
return( ret ); return( ret );
} }
#else #else
static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL
const unsigned char *buf, MBEDTLS_STATIC_TESTABLE
const unsigned char *end ) int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
{ {
((void) ssl); ((void) ssl);
((void) buf); ((void) buf);
@ -532,12 +539,15 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* Validate certificate chain sent by the server. */ /* Validate certificate chain sent by the server. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl ) static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
int authmode = MBEDTLS_SSL_VERIFY_REQUIRED; int authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
mbedtls_x509_crt *ca_chain; mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl; mbedtls_x509_crl *ca_crl;
const char *ext_oid;
size_t ext_len;
uint32_t verify_result = 0; uint32_t verify_result = 0;
/* If SNI was used, overwrite authentication mode /* If SNI was used, overwrite authentication mode
@ -626,12 +636,25 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
/* /*
* Secondary checks: always done, but change 'ret' only if it was 0 * Secondary checks: always done, but change 'ret' only if it was 0
*/ */
if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert, if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ssl->handshake->ciphersuite_info,
!ssl->conf->endpoint,
&verify_result ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( usage extensions )" ) ); ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
}
else
{
ext_oid = MBEDTLS_OID_CLIENT_AUTH;
ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
}
if( ( mbedtls_x509_crt_check_key_usage(
ssl->session_negotiate->peer_cert,
MBEDTLS_X509_KU_DIGITAL_SIGNATURE ) != 0 ) ||
( mbedtls_x509_crt_check_extended_key_usage(
ssl->session_negotiate->peer_cert,
ext_oid, ext_len ) != 0 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
if( ret == 0 ) if( ret == 0 )
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
} }
@ -641,7 +664,8 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
* with details encoded in the verification flags. All other kinds * with details encoded in the verification flags. All other kinds
* of error codes, including those from the user provided f_vrfy * of error codes, including those from the user provided f_vrfy
* functions, are treated as fatal and lead to a failure of * functions, are treated as fatal and lead to a failure of
* ssl_tls13_parse_certificate even if verification was optional. */ * mbedtls_ssl_tls13_parse_certificate even if verification was optional.
*/
if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) ) ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) )
@ -696,6 +720,7 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl ) static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
{ {
((void) ssl); ((void) ssl);
@ -718,8 +743,8 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
&buf, &buf_len ) ); &buf, &buf_len ) );
/* Parse the certificate chain sent by the peer. */ /* Parse the certificate chain sent by the peer. */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate( ssl, buf, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_parse_certificate( ssl, buf,
buf + buf_len ) ); buf + buf_len ) );
/* Validate the certificate chain and set the verification results. */ /* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
@ -757,6 +782,7 @@ cleanup:
* CertificateEntry certificate_list<0..2^24-1>; * CertificateEntry certificate_list<0..2^24-1>;
* } Certificate; * } Certificate;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -850,7 +876,6 @@ cleanup:
/* /*
* STATE HANDLING: Output Certificate Verify * STATE HANDLING: Output Certificate Verify
*/ */
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
mbedtls_pk_context *key ) mbedtls_pk_context *key )
{ {
@ -902,6 +927,7 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_select_sig_alg_for_certificate_verify( static int ssl_tls13_select_sig_alg_for_certificate_verify(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key, mbedtls_pk_context *own_key,
@ -931,6 +957,7 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify(
return( -1 ); return( -1 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -1080,6 +1107,7 @@ cleanup:
* Implementation * Implementation
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl ) static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -1099,6 +1127,7 @@ static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -1177,6 +1206,7 @@ cleanup:
* Implement * Implement
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl ) static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
@ -1197,6 +1227,7 @@ static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -1276,6 +1307,7 @@ void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
* *
*/ */
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_change_cipher_spec_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_change_cipher_spec_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,

View file

@ -25,7 +25,9 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#if defined(MBEDTLS_TEST_HOOKS) #if defined(MBEDTLS_TEST_HOOKS)
int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end );
#endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_TEST_HOOKS */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

View file

@ -644,6 +644,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_calc_finished_core( psa_algorithm_t hash_alg, static int ssl_tls13_calc_finished_core( psa_algorithm_t hash_alg,
unsigned char const *base_key, unsigned char const *base_key,
unsigned char const *transcript, unsigned char const *transcript,
@ -1071,6 +1072,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int mbedtls_ssl_tls13_get_cipher_key_info( static int mbedtls_ssl_tls13_get_cipher_key_info(
const mbedtls_ssl_ciphersuite_t *ciphersuite_info, const mbedtls_ssl_ciphersuite_t *ciphersuite_info,
size_t *key_len, size_t *iv_len ) size_t *key_len, size_t *iv_len )

View file

@ -121,6 +121,7 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels;
* \return A negative error code on failure. * \return A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_hkdf_expand_label( int mbedtls_ssl_tls13_hkdf_expand_label(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
const unsigned char *secret, size_t secret_len, const unsigned char *secret, size_t secret_len,
@ -159,6 +160,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_make_traffic_keys( int mbedtls_ssl_tls13_make_traffic_keys(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
const unsigned char *client_secret, const unsigned char *client_secret,
@ -205,6 +207,7 @@ int mbedtls_ssl_tls13_make_traffic_keys(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_derive_secret( int mbedtls_ssl_tls13_derive_secret(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
const unsigned char *secret, size_t secret_len, const unsigned char *secret, size_t secret_len,
@ -255,6 +258,7 @@ int mbedtls_ssl_tls13_derive_secret(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_derive_early_secrets( int mbedtls_ssl_tls13_derive_early_secrets(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
unsigned char const *early_secret, unsigned char const *early_secret,
@ -300,6 +304,7 @@ int mbedtls_ssl_tls13_derive_early_secrets(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_derive_handshake_secrets( int mbedtls_ssl_tls13_derive_handshake_secrets(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
unsigned char const *handshake_secret, unsigned char const *handshake_secret,
@ -350,6 +355,7 @@ int mbedtls_ssl_tls13_derive_handshake_secrets(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_derive_application_secrets( int mbedtls_ssl_tls13_derive_application_secrets(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
unsigned char const *master_secret, unsigned char const *master_secret,
@ -380,6 +386,7 @@ int mbedtls_ssl_tls13_derive_application_secrets(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_derive_resumption_master_secret( int mbedtls_ssl_tls13_derive_resumption_master_secret(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
unsigned char const *application_secret, unsigned char const *application_secret,
@ -453,6 +460,7 @@ int mbedtls_ssl_tls13_derive_resumption_master_secret(
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_evolve_secret( int mbedtls_ssl_tls13_evolve_secret(
psa_algorithm_t hash_alg, psa_algorithm_t hash_alg,
const unsigned char *secret_old, const unsigned char *secret_old,
@ -482,6 +490,7 @@ int mbedtls_ssl_tls13_evolve_secret(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
const psa_algorithm_t hash_alg, const psa_algorithm_t hash_alg,
unsigned char const *psk, size_t psk_len, unsigned char const *psk, size_t psk_len,
@ -516,6 +525,7 @@ int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
* mbedtls_ssl_transform_encrypt(). * mbedtls_ssl_transform_encrypt().
* \return A negative error code on failure. * \return A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
int endpoint, int endpoint,
int ciphersuite, int ciphersuite,
@ -542,6 +552,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
/** /**
@ -560,6 +571,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
/** /**
@ -574,6 +586,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
mbedtls_ssl_key_set *traffic_keys ); mbedtls_ssl_key_set *traffic_keys );
@ -593,6 +606,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl );
/** /**
@ -607,6 +621,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_application_keys( int mbedtls_ssl_tls13_generate_application_keys(
mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys ); mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );
@ -620,6 +635,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_resumption_master_secret( int mbedtls_ssl_tls13_generate_resumption_master_secret(
mbedtls_ssl_context *ssl ); mbedtls_ssl_context *ssl );
@ -645,6 +661,7 @@ int mbedtls_ssl_tls13_generate_resumption_master_secret(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
unsigned char *dst, unsigned char *dst,
size_t dst_len, size_t dst_len,
@ -660,6 +677,7 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl );
/** /**
@ -671,6 +689,7 @@ int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl );
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

View file

@ -50,6 +50,7 @@
* ProtocolVersion versions<2..254>; * ProtocolVersion versions<2..254>;
* } SupportedVersions; * } SupportedVersions;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -106,6 +107,7 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
* NamedGroup named_group_list<2..2^16-1>; * NamedGroup named_group_list<2..2^16-1>;
* } NamedGroupList; * } NamedGroupList;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_supported_groups_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -168,6 +170,7 @@ static int ssl_tls13_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
* be needed. * be needed.
* - A negative value for fatal errors. * - A negative value for fatal errors.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -313,6 +316,7 @@ static void ssl_tls13_debug_print_client_hello_exts( mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_DEBUG_C */ #endif /* MBEDTLS_DEBUG_C */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl, static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
int exts_mask ) int exts_mask )
{ {
@ -320,6 +324,7 @@ static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
return( masked == exts_mask ); return( masked == exts_mask );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
mbedtls_ssl_context *ssl ) mbedtls_ssl_context *ssl )
{ {
@ -329,6 +334,7 @@ static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
MBEDTLS_SSL_EXT_SIG_ALG ) ); MBEDTLS_SSL_EXT_SIG_ALG ) );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
{ {
if( !mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) ) if( !mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
@ -348,6 +354,7 @@ static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
* Pick best ( private key, certificate chain ) pair based on the signature * Pick best ( private key, certificate chain ) pair based on the signature
* algorithms supported by the client. * algorithms supported by the client.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
{ {
mbedtls_ssl_key_cert *key_cert, *key_cert_list; mbedtls_ssl_key_cert *key_cert, *key_cert_list;
@ -463,6 +470,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
#define SSL_CLIENT_HELLO_OK 0 #define SSL_CLIENT_HELLO_OK 0
#define SSL_CLIENT_HELLO_HRR_REQUIRED 1 #define SSL_CLIENT_HELLO_HRR_REQUIRED 1
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
@ -804,6 +812,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
/* Update the handshake state machine */ /* Update the handshake state machine */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl ) static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -850,6 +859,7 @@ static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
* Main entry point from the state machine; orchestrates the otherfunctions. * Main entry point from the state machine; orchestrates the otherfunctions.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_client_hello( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_client_hello( mbedtls_ssl_context *ssl )
{ {
@ -888,6 +898,7 @@ cleanup:
/* /*
* Handler for MBEDTLS_SSL_SERVER_HELLO * Handler for MBEDTLS_SSL_SERVER_HELLO
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_prepare_server_hello( mbedtls_ssl_context *ssl ) static int ssl_tls13_prepare_server_hello( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -923,6 +934,7 @@ static int ssl_tls13_prepare_server_hello( mbedtls_ssl_context *ssl )
* ProtocolVersion selected_version; * ProtocolVersion selected_version;
* } SupportedVersions; * } SupportedVersions;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_hello_supported_versions_ext( static int ssl_tls13_write_server_hello_supported_versions_ext(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
@ -960,6 +972,7 @@ static int ssl_tls13_write_server_hello_supported_versions_ext(
/* Generate and export a single key share. For hybrid KEMs, this can /* Generate and export a single key share. For hybrid KEMs, this can
* be called multiple times with the different components of the hybrid. */ * be called multiple times with the different components of the hybrid. */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_generate_and_write_key_share( mbedtls_ssl_context *ssl, static int ssl_tls13_generate_and_write_key_share( mbedtls_ssl_context *ssl,
uint16_t named_group, uint16_t named_group,
unsigned char *buf, unsigned char *buf,
@ -1013,6 +1026,7 @@ static int ssl_tls13_generate_and_write_key_share( mbedtls_ssl_context *ssl,
* KeyShareEntry server_share; * KeyShareEntry server_share;
* } KeyShareServerHello; * } KeyShareServerHello;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -1056,6 +1070,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -1131,6 +1146,7 @@ static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
* Extension extensions<6..2^16-1>; * Extension extensions<6..2^16-1>;
* } ServerHello; * } ServerHello;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -1257,6 +1273,7 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl ) static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1272,6 +1289,7 @@ static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1319,6 +1337,7 @@ cleanup:
/* /*
* Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_prepare_hello_retry_request( mbedtls_ssl_context *ssl ) static int ssl_tls13_prepare_hello_retry_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1345,6 +1364,7 @@ static int ssl_tls13_prepare_hello_retry_request( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1398,6 +1418,7 @@ cleanup:
* } EncryptedExtensions; * } EncryptedExtensions;
* *
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
@ -1436,6 +1457,7 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1487,6 +1509,7 @@ cleanup:
* indicating if the writing of the CertificateRequest * indicating if the writing of the CertificateRequest
* should be skipped or not. * should be skipped or not.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl ) static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{ {
int authmode; int authmode;
@ -1513,6 +1536,7 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
* } CertificateRequest; * } CertificateRequest;
* *
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
@ -1559,6 +1583,7 @@ static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1606,6 +1631,7 @@ cleanup:
/* /*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1631,6 +1657,7 @@ static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
{ {
int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl ); int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
@ -1644,6 +1671,7 @@ static int ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_SERVER_FINISHED * Handler for MBEDTLS_SSL_SERVER_FINISHED
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_finished( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_server_finished( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1679,6 +1707,7 @@ static int ssl_tls13_write_server_finished( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED * Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_client_finished( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_client_finished( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1701,6 +1730,7 @@ static int ssl_tls13_process_client_finished( mbedtls_ssl_context *ssl )
/* /*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );

View file

@ -166,6 +166,10 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( fin, NULL );
mbedtls_setbuf( fout, NULL );
/* /*
* Read the Cipher and MD from the command line * Read the Cipher and MD from the command line
*/ */

View file

@ -56,6 +56,7 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "mbedtls/platform.h" // for mbedtls_setbuf
#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
#include <psa/crypto.h> #include <psa/crypto.h>
@ -177,6 +178,8 @@ static psa_status_t save_key( psa_key_id_t key,
key_data, sizeof( key_data ), key_data, sizeof( key_data ),
&key_size ) ); &key_size ) );
SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL ); SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( key_file, NULL );
SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size ); SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size );
SYS_CHECK( fclose( key_file ) == 0 ); SYS_CHECK( fclose( key_file ) == 0 );
key_file = NULL; key_file = NULL;
@ -231,6 +234,8 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
unsigned char extra_byte; unsigned char extra_byte;
SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL ); SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( key_file, NULL );
SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ), SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
key_file ) ) != 0 ); key_file ) ) != 0 );
if( fread( &extra_byte, 1, 1, key_file ) != 0 ) if( fread( &extra_byte, 1, 1, key_file ) != 0 )
@ -372,6 +377,8 @@ static psa_status_t wrap_data( const char *input_file_name,
/* Find the size of the data to wrap. */ /* Find the size of the data to wrap. */
SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL ); SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( input_file, NULL );
SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 ); SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 );
SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 ); SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 );
#if LONG_MAX > SIZE_MAX #if LONG_MAX > SIZE_MAX
@ -418,6 +425,8 @@ static psa_status_t wrap_data( const char *input_file_name,
/* Write the output. */ /* Write the output. */
SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL ); SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( output_file, NULL );
SYS_CHECK( fwrite( &header, 1, sizeof( header ), SYS_CHECK( fwrite( &header, 1, sizeof( header ),
output_file ) == sizeof( header ) ); output_file ) == sizeof( header ) );
SYS_CHECK( fwrite( buffer, 1, ciphertext_size, SYS_CHECK( fwrite( buffer, 1, ciphertext_size,
@ -453,6 +462,8 @@ static psa_status_t unwrap_data( const char *input_file_name,
/* Load and validate the header. */ /* Load and validate the header. */
SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL ); SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( input_file, NULL );
SYS_CHECK( fread( &header, 1, sizeof( header ), SYS_CHECK( fread( &header, 1, sizeof( header ),
input_file ) == sizeof( header ) ); input_file ) == sizeof( header ) );
if( memcmp( &header.magic, WRAPPED_DATA_MAGIC, if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
@ -509,6 +520,8 @@ static psa_status_t unwrap_data( const char *input_file_name,
/* Write the output. */ /* Write the output. */
SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL ); SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( output_file, NULL );
SYS_CHECK( fwrite( buffer, 1, plaintext_size, SYS_CHECK( fwrite( buffer, 1, plaintext_size,
output_file ) == plaintext_size ); output_file ) == plaintext_size );
SYS_CHECK( fclose( output_file ) == 0 ); SYS_CHECK( fclose( output_file ) == 0 );

View file

@ -101,6 +101,10 @@ void nss_keylog_export( void *p_expkey,
goto exit; goto exit;
} }
/* Ensure no stdio buffering of secrets, as such buffers cannot be
* wiped. */
mbedtls_setbuf( f, NULL );
if( fwrite( nss_keylog_line, 1, len, f ) != len ) if( fwrite( nss_keylog_line, 1, len, f ) != len )
{ {
fclose( f ); fclose( f );
@ -305,6 +309,9 @@ uint16_t ssl_sig_algs_for_test[] = {
#if defined(MBEDTLS_SHA224_C) #if defined(MBEDTLS_SHA224_C)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
#endif #endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
/* Allow SHA-1 as we use it extensively in tests. */ /* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )

View file

@ -34,6 +34,7 @@
#define mbedtls_printf printf #define mbedtls_printf printf
#define mbedtls_fprintf fprintf #define mbedtls_fprintf fprintf
#define mbedtls_snprintf snprintf #define mbedtls_snprintf snprintf
#define mbedtls_setbuf setbuf
#define mbedtls_exit exit #define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE

View file

@ -2253,6 +2253,7 @@ component_test_no_platform () {
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.py unset MBEDTLS_PLATFORM_SETBUF_ALT
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_FS_IO scripts/config.py unset MBEDTLS_FS_IO
@ -2904,6 +2905,18 @@ component_test_tls13_only () {
if_build_succeeded tests/ssl-opt.sh if_build_succeeded tests/ssl-opt.sh
} }
component_test_tls13_only_with_hooks () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 and MBEDTLS_TEST_HOOKS, without MBEDTLS_SSL_PROTO_TLS1_2"
scripts/config.py set MBEDTLS_TEST_HOOKS
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without MBEDTLS_SSL_PROTO_TLS1_2"
if_build_succeeded make test
msg "ssl-opt.sh (TLS 1.3)"
if_build_succeeded tests/ssl-opt.sh
}
component_test_tls13 () { component_test_tls13 () {
msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding"
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3

View file

@ -6211,7 +6211,6 @@ run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
0 \ 0 \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
"$P_SRV key_file=data_files/server2.key \ "$P_SRV key_file=data_files/server2.key \
@ -6346,6 +6345,78 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
-c "Ciphersuite is TLS-" \ -c "Ciphersuite is TLS-" \
-c "! Usage does not match the keyUsage extension" -c "! Usage does not match the keyUsage extension"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
-cert data_files/server2.ku-ka.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.ku-ke.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.ku-ka.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
# Tests for keyUsage in leaf certificates, part 3: # Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert # server-side checking of client cert
@ -6355,6 +6426,7 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
"$O_CLI -key data_files/server2.key \ "$O_CLI -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \ -cert data_files/server2.ku-ds.crt" \
0 \ 0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \ -S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
@ -6382,6 +6454,7 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
"$O_CLI -key data_files/server5.key \ "$O_CLI -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \ -cert data_files/server5.ku-ds.crt" \
0 \ 0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \ -S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
@ -6394,6 +6467,52 @@ run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@ -6466,6 +6585,54 @@ run_test "extKeyUsage cli: codeSign -> fail" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-" -C "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli 1.3: codeSign -> fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
# Tests for extendedKeyUsage, part 3: server-side checking of client cert # Tests for extendedKeyUsage, part 3: server-side checking of client cert
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@ -6513,6 +6680,50 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed" -s "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_openssl_tls1_3
requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
# Tests for DHM parameters loading # Tests for DHM parameters loading
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2

View file

@ -67,12 +67,18 @@ mpi_read_write_string:16:"":16:"":4:0:0
Test mpi_read_write_string #9 (Empty MPI hex -> dec) Test mpi_read_write_string #9 (Empty MPI hex -> dec)
mpi_read_write_string:16:"":10:"0":4:0:0 mpi_read_write_string:16:"":10:"0":4:0:0
Test mpi_read_write_string #9 (Empty MPI hex -> base 2)
mpi_read_write_string:16:"":2:"0":4:0:0
Test mpi_read_write_string #8 (Empty MPI dec -> hex) Test mpi_read_write_string #8 (Empty MPI dec -> hex)
mpi_read_write_string:10:"":16:"":4:0:0 mpi_read_write_string:10:"":16:"":4:0:0
Test mpi_read_write_string #9 (Empty MPI dec -> dec) Test mpi_read_write_string #9 (Empty MPI dec -> dec)
mpi_read_write_string:10:"":10:"0":4:0:0 mpi_read_write_string:10:"":10:"0":4:0:0
Test mpi_read_write_string #9 (Empty MPI dec -> base 2)
mpi_read_write_string:16:"":2:"0":4:0:0
Test mpi_write_string #10 (Negative hex with odd number of digits) Test mpi_write_string #10 (Negative hex with odd number of digits)
mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
@ -1216,9 +1222,15 @@ mbedtls_mpi_mod_int:10:"1000":2:0:0
Test mbedtls_mpi_mod_int: 0 (null) % 1 Test mbedtls_mpi_mod_int: 0 (null) % 1
mbedtls_mpi_mod_int:16:"":1:0:0 mbedtls_mpi_mod_int:16:"":1:0:0
Test mbedtls_mpi_mod_int: 0 (null) % 2
mbedtls_mpi_mod_int:16:"":2:0:0
Test mbedtls_mpi_mod_int: 0 (null) % -1 Test mbedtls_mpi_mod_int: 0 (null) % -1
mbedtls_mpi_mod_int:16:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE mbedtls_mpi_mod_int:16:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Test mbedtls_mpi_mod_int: 0 (null) % -2
mbedtls_mpi_mod_int:16:"":-2:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_exp_mod #1 Base test mbedtls_mpi_exp_mod #1
mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"24":0 mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"24":0

View file

@ -3429,3 +3429,24 @@ raw_key_agreement_fail:1
Force a bad session id length Force a bad session id length
force_bad_session_id_len force_bad_session_id_len
Cookie parsing: nominal run
cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d00200000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_SSL_INTERNAL_ERROR
Cookie parsing: cookie_len overflow
cookie_parsing:"16fefd000000000000000000ea010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727db97b7373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737db963":MBEDTLS_ERR_SSL_DECODE_ERROR
Cookie parsing: non-zero fragment offset
cookie_parsing:"16fefd00000000000000000032010000de000072000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d01730143":MBEDTLS_ERR_SSL_DECODE_ERROR
Cookie parsing: sid_len overflow
cookie_parsing:"16fefd00000000000000000032010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF730143":MBEDTLS_ERR_SSL_DECODE_ERROR
Cookie parsing: record too short
cookie_parsing:"16fefd0000000000000000002f010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF":MBEDTLS_ERR_SSL_DECODE_ERROR
Cookie parsing: one byte overread
cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d0001":MBEDTLS_ERR_SSL_DECODE_ERROR
TLS 1.3 srv Certificate msg - wrong vector lengths
tls13_server_certificate_msg_invalid_vector_len

View file

@ -139,6 +139,23 @@ void free_handshake_options( handshake_test_options *opts )
(void) opts; (void) opts;
#endif #endif
} }
#if defined(MBEDTLS_TEST_HOOKS)
static void set_chk_buf_ptr_args(
mbedtls_ssl_chk_buf_ptr_args *args,
unsigned char *cur, unsigned char *end, size_t need )
{
args->cur = cur;
args->end = end;
args->need = need;
}
static void reset_chk_buf_ptr_args( mbedtls_ssl_chk_buf_ptr_args *args )
{
memset( args, 0, sizeof( *args ) );
}
#endif /* MBEDTLS_TEST_HOOKS */
/* /*
* Buffer structure for custom I/O callbacks. * Buffer structure for custom I/O callbacks.
*/ */
@ -2383,6 +2400,119 @@ exit:
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_TEST_HOOKS)
/*
* Tweak vector lengths in a TLS 1.3 Certificate message
*
* \param[in] buf Buffer containing the Certificate message to tweak
* \param[in]]out] end End of the buffer to parse
* \param tweak Tweak identifier (from 1 to the number of tweaks).
* \param[out] expected_result Error code expected from the parsing function
* \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that
* is expected to fail. All zeroes if no
* MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected.
*/
int tweak_tls13_certificate_msg_vector_len(
unsigned char *buf, unsigned char **end, int tweak,
int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args )
{
/*
* The definition of the tweaks assume that the certificate list contains only
* one certificate.
*/
/*
* struct {
* opaque cert_data<1..2^24-1>;
* Extension extensions<0..2^16-1>;
* } CertificateEntry;
*
* struct {
* opaque certificate_request_context<0..2^8-1>;
* CertificateEntry certificate_list<0..2^24-1>;
* } Certificate;
*/
unsigned char *p_certificate_request_context_len = buf;
size_t certificate_request_context_len = buf[0];
unsigned char *p_certificate_list_len = buf + 1 + certificate_request_context_len;
unsigned char *certificate_list = p_certificate_list_len + 3;
size_t certificate_list_len = MBEDTLS_GET_UINT24_BE( p_certificate_list_len, 0 );
unsigned char *p_cert_data_len = certificate_list;
unsigned char *cert_data = p_cert_data_len + 3;
size_t cert_data_len = MBEDTLS_GET_UINT24_BE( p_cert_data_len, 0 );
unsigned char *p_extensions_len = cert_data + cert_data_len;
unsigned char *extensions = p_extensions_len + 2;
size_t extensions_len = MBEDTLS_GET_UINT16_BE( p_extensions_len, 0 );
*expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR;
switch( tweak )
{
case 1:
/* Failure when checking if the certificate request context length and
* certificate list length can be read
*/
*end = buf + 3;
set_chk_buf_ptr_args( args, buf, *end, 4 );
break;
case 2:
/* Invalid certificate request context length.
*/
*p_certificate_request_context_len =
certificate_request_context_len + 1;
reset_chk_buf_ptr_args( args );
break;
case 3:
/* Failure when checking if certificate_list data can be read. */
MBEDTLS_PUT_UINT24_BE( certificate_list_len + 1,
p_certificate_list_len, 0 );
set_chk_buf_ptr_args( args, certificate_list, *end,
certificate_list_len + 1 );
break;
case 4:
/* Failure when checking if the cert_data length can be read. */
MBEDTLS_PUT_UINT24_BE( 2, p_certificate_list_len, 0 );
set_chk_buf_ptr_args( args, p_cert_data_len, certificate_list + 2, 3 );
break;
case 5:
/* Failure when checking if cert_data data can be read. */
MBEDTLS_PUT_UINT24_BE( certificate_list_len - 3 + 1,
p_cert_data_len, 0 );
set_chk_buf_ptr_args( args, cert_data,
certificate_list + certificate_list_len,
certificate_list_len - 3 + 1 );
break;
case 6:
/* Failure when checking if the extensions length can be read. */
MBEDTLS_PUT_UINT24_BE( certificate_list_len - extensions_len - 1,
p_certificate_list_len, 0 );
set_chk_buf_ptr_args( args, p_extensions_len,
certificate_list + certificate_list_len - extensions_len - 1, 2 );
break;
case 7:
/* Failure when checking if extensions data can be read. */
MBEDTLS_PUT_UINT16_BE( extensions_len + 1, p_extensions_len, 0 );
set_chk_buf_ptr_args( args, extensions,
certificate_list + certificate_list_len, extensions_len + 1 );
break;
default:
return( -1 );
}
return( 0 );
}
#endif /* MBEDTLS_TEST_HOOKS */
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
@ -5574,6 +5704,34 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */
void cookie_parsing( data_t *cookie, int exp_ret )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
size_t len;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
TEST_EQUAL( mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ),
0 );
TEST_EQUAL( mbedtls_ssl_setup( &ssl, &conf ), 0 );
TEST_EQUAL( mbedtls_ssl_check_dtls_clihlo_cookie( &ssl, ssl.cli_id,
ssl.cli_id_len,
cookie->x, cookie->len,
ssl.out_buf,
MBEDTLS_SSL_OUT_CONTENT_LEN,
&len ),
exp_ret );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */ /* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */
void timing_final_delay_accessor( ) void timing_final_delay_accessor( )
{ {
@ -5735,3 +5893,87 @@ exit:
USE_PSA_DONE( ); USE_PSA_DONE( );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void tls13_server_certificate_msg_invalid_vector_len( )
{
int ret = -1;
mbedtls_endpoint client_ep, server_ep;
unsigned char *buf, *end;
size_t buf_len;
int step = 0;
int expected_result;
mbedtls_ssl_chk_buf_ptr_args expected_chk_buf_ptr_args;
/*
* Test set-up
*/
USE_PSA_INIT( );
ret = mbedtls_endpoint_init( &client_ep, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_PK_ECDSA, NULL, NULL, NULL, NULL );
TEST_EQUAL( ret, 0 );
ret = mbedtls_endpoint_init( &server_ep, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_PK_ECDSA, NULL, NULL, NULL, NULL );
TEST_EQUAL( ret, 0 );
ret = mbedtls_mock_socket_connect( &(client_ep.socket),
&(server_ep.socket), 1024 );
TEST_EQUAL( ret, 0 );
while( 1 )
{
mbedtls_test_set_step( ++step );
ret = mbedtls_move_handshake_to_state( &(server_ep.ssl),
&(client_ep.ssl),
MBEDTLS_SSL_CERTIFICATE_VERIFY );
TEST_EQUAL( ret, 0 );
ret = mbedtls_ssl_flush_output( &(server_ep.ssl) );
TEST_EQUAL( ret, 0 );
ret = mbedtls_move_handshake_to_state( &(client_ep.ssl),
&(server_ep.ssl),
MBEDTLS_SSL_SERVER_CERTIFICATE );
TEST_EQUAL( ret, 0 );
ret = mbedtls_ssl_tls13_fetch_handshake_msg( &(client_ep.ssl),
MBEDTLS_SSL_HS_CERTIFICATE,
&buf, &buf_len );
TEST_EQUAL( ret, 0 );
end = buf + buf_len;
/*
* Tweak server Certificate message and parse it.
*/
ret = tweak_tls13_certificate_msg_vector_len(
buf, &end, step, &expected_result, &expected_chk_buf_ptr_args );
if( ret != 0 )
break;
ret = mbedtls_ssl_tls13_parse_certificate( &(client_ep.ssl), buf, end );
TEST_EQUAL( ret, expected_result );
TEST_ASSERT( mbedtls_ssl_cmp_chk_buf_ptr_fail_args(
&expected_chk_buf_ptr_args ) == 0 );
mbedtls_ssl_reset_chk_buf_ptr_fail_args( );
ret = mbedtls_ssl_session_reset( &(client_ep.ssl) );
TEST_EQUAL( ret, 0 );
ret = mbedtls_ssl_session_reset( &(server_ep.ssl) );
TEST_EQUAL( ret, 0 );
}
exit:
mbedtls_ssl_reset_chk_buf_ptr_fail_args( );
mbedtls_endpoint_free( &client_ep, NULL );
mbedtls_endpoint_free( &server_ep, NULL );
USE_PSA_DONE( );
}
/* END_CASE */