Commit graph

1988 commits

Author SHA1 Message Date
Gilles Peskine
5b8618b44c fixup: Make the fields of mbedtls_ecp_curve_info public
Remove more places where MBEDTLS_PRIVATE() was used on grp_id, which is now
public.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-28 12:34:53 +02:00
Gilles Peskine
88d681ca35 Make size_t -> int downcasts explicit
mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC
complains.

Where possible, just stick to size_t.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 16:57:23 +02:00
Gilles Peskine
ca939959e4 Allow read-only access to lists of certificates, CRL, CRL entries
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 23:18:07 +02:00
Gilles Peskine
842edf474c Make many fields of X.509 structures public
The structures mbedtls_x509_time, mbedtls_x509_crl_entry, mbedtls_x509_crl,
mbedtls_x509_crt, mbedtls_x509_san_other_name,
mbedtls_x509_subject_alternative_name, mbedtls_x509_csr are designed to
expose the result of parsing X.509 data. Document many of their fields as
being publicly readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Gilles Peskine
b11d61e095 mbedtls_net_context: make fd public on Unix/POSIX platforms
On platforms with BSD-like sockets, it is useful for applications to have
access to the underlying file descriptor so that they can use functions like
select() and poll().

Do not promise that the field will exist on other platforms such as
Windows (where the type and name of the field are technically wrong because
Windows socket handles are actually not file descriptors).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Gilles Peskine
80932fa944 Don't access cipher_info private fields in sample programs
Use the new accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:52:41 +02:00
Gilles Peskine
a73b577744 Make the fields of mbedtls_ecp_curve_info public
The whole point of this structure is to provide information, both for the
library's own sake and to applications.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:52:41 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Jerry Yu
31c01d303e Rename available values for tls13_kex_modes
Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:53 +08:00
Jerry Yu
447a3bee17 fix wrong typo and format issues
Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-18 09:55:36 +08:00
Jerry Yu
7276f13c93 fix comments for sig_algs parser
Change-Id: I68bd691c4b67fb18ff9d55ead34f5517b1b981de
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 18:25:57 +08:00
Hanno Becker
a9e4e6fd6f ssl_server2: Add usage string for TLS 1.3 key exchange modes
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:52 +01:00
Hanno Becker
cfa4d4b3f5 ssl_client2: Adjust usage string to recognized cmd line parameter
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
2c0f697fbc Support TLS 1.3 key exchange config in ssl_client2/ssl_server2
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
11ceadd382 Add cmdline param for TLS 1.3 sig alg config to ssl_{client,server}2
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:46 +01:00
Jerry Yu
2a572cf376 Move socket setup behind ssl structure setup.
If socket setup fail, ssl structure setup won't be called.
And the order of them do not affect final result, but it
will break ssl setup negative tests.

Change the order can fix that.

issue: #4844

Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-09 18:57:24 +08:00
Jerry Yu
b1dc59a125 Add tls1.3 parameters to ssl_{client,server2}
To support tls1.3 relative tests, add `tls1_3`
parameter for `{min,max}_version` and `force_version`

issues: #4844

Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-09 18:57:24 +08:00
Gilles Peskine
8b427c851e Use python3 when building on non-Windows for Windows
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.

The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.

Fix #4774

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:26:08 +02:00
Gilles Peskine
ac694b9eac
Merge pull request #4754 from mpg/fix-overly-aggressive-udp-proxy
Fix bug with UDP proxy not forwarding enough
2021-07-09 11:57:43 +02:00
Manuel Pégourié-Gonnard
e5306f6c1d Use distinct variables for distinct purposes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-07 10:48:26 +02:00
Manuel Pégourié-Gonnard
71ce4ef981 Fix bug with UDP proxy not forwarding enough
We previously introduced a safety check ensuring that if a datagram had
already been dropped twice, it would no longer be dropped or delayed
after that.

This missed an edge case: if a datagram is dropped once, it can be
delayed any number of times. Since "delay" is not defined in terms of
time (x seconds) but in terms of ordering with respect to other messages
(will be forwarded after the next message is forwarded), depending on
the RNG results this could result in an endless loop where all messages
are delayed until the next, which is itself delayed, etc. and no message
is ever forwarded.

The probability of this happening n times in a row is (1/d)^n, where d
is the value passed as delay=d, so for delay=5 and n=5 it's around 0.03%
which seems small but we still happened on such an occurrence in real
life:

    tests/ssl-opt.sh --seed 1625061502 -f 'DTLS proxy: 3d, min handshake, resumption$'

results (according to debug statements added for the investigation) in
the ClientHello of the second handshake being dropped once then delayed
5 times, after which the client stops re-trying and the test fails for
no interesting reason.

Make sure this doesn't happen again by putting a cap on the number of
times we fail to forward a given datagram immediately.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-06 12:39:43 +02:00
Manuel Pégourié-Gonnard
69c10a41c7 Fix memory leak on failure path in test code
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-06 12:05:23 +02:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Bence Szépkúti
c662b36af2 Replace all inclusions of config.h
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.

This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:07 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config
Add CMake package config file
2021-06-25 20:32:13 +01:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
6e3187b212 RSA: Use hashlen as the hash input size as documented
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.

Adapt the existing tests accordingly. Adapt the sample programs accordingly.

This commit does not add any negative testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:53 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
Hanno Becker
296fefeb98 Fix return type of example key export callbacks
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-21 09:33:02 +01:00
Hanno Becker
7e6c178b6d Make key export callback and context connection-specific
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
c4c38caca5 Adjust example programs to new key export API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
2d6e6f8fec Remove '_ext' suffix from SSL key exporter API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0
Implement 3.0-API for SSL session resumption
2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory
Make blinding mandatory
2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
Move part of timing module out of the library
2021-06-18 16:35:58 +01:00
Manuel Pégourié-Gonnard
6ff9ef56a5 Fix cmake build of fuzz_privkey
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:01 +02:00
Manuel Pégourié-Gonnard
6f19ce317b Fix async support in ssl_server2
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
1503a9adab Use a proper DRBG in programs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:40:15 +02:00
Manuel Pégourié-Gonnard
7f93da1265 Use the dedicated dummy_random in fuzzing programs
Also make sure to initialize the DRBG before using it in fuzz_server
(dummy_random uses ctr_drbg internally).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
36a8963b3b Fix cmake build of programs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
84dea01f36 Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).

This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().

Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
39be1410fd Add RNG parameter to check_pair functions
- mbedtls_ecp_check_pub_priv() because it calls ecp_mul()
- mbedtls_pk_check_pair() because it calls the former

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Thomas Daubney
40d49b1e54 Removes truncated HMAC code from ssl_context_info program
Commit removes conditional compilation block
which depends on MBEDTLS_SSL_TRUNCATED_HMAC
config option.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Thomas Daubney
909d3bfa43 Removes MBEDTLS_SSL_TRUNCATED_HMAC code from fuzz programs
Commit removes conditional compilation code blocks
dependent on MBEDTLS_SSL_TRUNCATED_HMAC config
option.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Thomas Daubney
22989d027a Removes MBEDTLS_SSL_TRUNCATED_HMAC code from ssl programs
Commit removes code dependent on
MBEDTLS_SSL_TRUNCATED_HMAC from SSL
client and sever example programs.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00