This commit is deliberately arranged to minimize code changes.
Subsequent commits will clean up the resulting code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In preparation for unifying the common RNG-related code of ssl_client2
and ssl_server2, make it possible to copy-paste that code out of these
programs' main() functions:
* Replaces reads of the non-unifiable structure opt by reads of a
separate variable.
* Replace references to the local variable rng by a pointer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Group the random generation context (entropy and DRBG) into a struct.
This is in preparation for unifying the common RNG-related code of
ssl_client2 and ssl_server2, then generalizing that code to support
methods other than entropy+CTR_DRBG.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move from ssl_*2.c to ssl_test_lib.c:
* Functions that have exactly identical definitions in the two
programs, and that don't reference the global variable opt which
has a different type in the client and in the server. Also declare
these functions in ssl_test_lib.h.
Move from ssl_*2.c to ssl_test_common_source.c:
* Functions that have exactly identical definitions in the two
programs, but access fields of the global variable opt which
has a different structure type in the client and in the server.
* The array ssl_sig_hashes_for_test, because its type is incomplete.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Adjust whitespace and comments in code of ssl_client2.c and
ssl_server2.c that was almost identical to make these chunks exactly
identical.
Make the common functions non-static.
This is in preparation for moving the common code to ssl_test_lib.c.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move from ssl_*2.c to ssl_test_lib.h:
* Include directives for headers included by both programs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move from ssl_*2.c to ssl_test_lib.h:
* The inclusion of the config header file (identical).
* The fallback definitions of platform functions (almost identical:
server2 also had snprintf and the order and whitespace was slightly
different).
* The compilation guards checking that required options are
enabled (tweaked to make them common, with MBEDTLS_SSL_{CLI,SRV}_C
separated out).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c, but cannot be compiled separately and instead needs
to be #include'd in each program that uses it.
This is for code that references macros or types that are defined
differently in the two programs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_ssl_conf_dtls_srtp_protection_profiles stores the pointer to the
profiles in the configuration.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
PSA and SSL programs are PSA clients thus should use
psa_key_id_t as the type for key identifiers, not
mbedtls_svc_key_id_t.
As a consequence, PSA, ssl_server2 and ssl_client2
programs cannot compile and must not be compiled if
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined.
Thus, add MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
compilation guard to those programs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.
The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use the export keys functionality, to call the public API
`mbedtls_ssl_tls_prf()`, and remove the function
`mbedtls_ssl_get_dtls_srtp_key_material()`.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
Fix compilation errors when `MBEDTLS_DTLS_SRTP` not set
1. Add file missed in previous commmit.
2. In sample applications, set `DFL_FORCE_SRTP_PROFILE` to 0.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
Add dtls-srtp to `ssl_client2` and `ssl_server2` examples,
for reference and for allowing in tests.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
The extra code running after the removed return instruction should not generate any output. Only the read config value must be printed.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.
Also remove the now-redundant lines declaring that the files are part of
MbedTLS.
This commit was generated using the following script:
# ========================
#!/bin/sh
# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '
# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I
# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The example application programs/ssl/ssl_client2 allows the
configuration of a client CRT through the parameters
- crt_file, key_file
However, password protected key files are not supported.
This commit adds a new command line option
- key_pwd
which allow to specify a password for the key file specified
in the key_file parameter.
Don't use string literals that are longer than 4095 bytes, which is
the minimum that C99 compilers are required to support. Compilers are
extremely likely to support longer literals, but `gcc -std=c99 -pedantic`
complains.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since the server might want to have a different maximum fragment length
for the outgoing messages than the negotiated one - introduce a new way of
computing it. This commit also adds additional ssl-opt.sh tests ensuring
that the maximum fragment lengths are set as expected.
mbedtls_ssl_get_max_frag_len() is now a deprecated function,
being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour
of this function is the same as before.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.
This commit makes check-names.sh pass.
```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.
The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake
The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake
If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.
However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.
In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.
This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).
Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).
An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Make client_random and server_random const in
mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged
from modifying the client/server hello.
Update examples and tests use const for hello.random as well, to ensure
that the export callbacks are of the proper type.
Fixes#2759
This commit adds command line options
- nss_keylog=0/1
- nss_keylog_file=FILENAME
to the example programs ssl/ssl_client2 and ssl/ssl_server2 which
allow to print and export the session keys in the NSS keylog
for debugging purposes.
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
context_buf was never free()d. Moreover, since we want to free it on error
paths as well, and even properly zeroize it in order to demonstrate good
memory hygiene, we need to make it and its length main()-scoped.
Previously it was missing reset in case 1, and in case 2 the code was never
executed as the option value was reset to 0.
Tighten checking of return values of save(NULL, 0) now that it works.
Also, improve the printed output as well as the comments.
I checked manually that everything now works and fail in the expected way:
save, reset-or-reinit and load all succeed, but the subsequent read or write
fails.
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)
sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
This allows callers to discover what an appropriate size is. Otherwise they'd
have to either try repeatedly, or allocate an overly large buffer (or some
combination of those).
Adapt documentation an example usage in ssl_client2.
Avoid useless copy with mbedtls_ssl_get_session() before serialising.
Used in ssl_client2 for testing and demonstrating usage, but unfortunately
that means mbedtls_ssl_get_session() is no longer tested, which will be fixed
in the next commit.
This provides basic testing for the session (de)serialisation functions, as
well as an example of how to use them.
Tested locally with tests/ssl-opt.sh -f '^Session resume'.
* origin/pr/2781:
Documentation fixes according to review
Remove unused label in ssl_client2/ssl_server2
Add missing word in documentation of mbedtls_ssl_check_record()
cli/srv ex: Add dbg msg if record checking gives inconsistent result
Fix minor issues in documentation of mbedtls_ssl_check_record()
State that record checking is DTLS only and doesn't check content type
Update version_features.c
Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2
Add IO wrappers to ssl_server2 as interm's between NET and SSL layer
Add IO wrappers to ssl_client2 as interm's between NET and SSL layer
Introduce configuration option and API for SSL record checking
This is done to account for platforms, for which we want custom behavior
upon the program termination, hence we call `mbedtls_exit()` instead of
returning from `main()`.
* origin/pr/2697:
Update crypto submodule
Add all.sh component that exercises invalid_param checks
Remove mbedtls_param_failed from programs
Make it easier to define MBEDTLS_PARAM_FAILED as assert
Make test suites compatible with #include <assert.h>
Pass -m32 to the linker as well
Don't systematically rebuild programs
* origin/pr/2681:
unconditional mbedtls_ssl_conf_rng
Adding usage and removing dummy random
comment alignment
Commit to C90 style
Adds missing ret definition
More clarity for ifdef orders
Only warns if MBEDTLS_HAVE_TIME
Option used added in string
Code review
Style fixes
SSL reproducible test mode
* origin/pr/2260:
Update crypto submodule
Remove heading spaces in tests/data_files/Makefile
Re-generate library/certs.c from script
Add new line at the end of test-ca2.key.enc
Use strict syntax to annotate origin of test data in certs.c
Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
Document origin of hardcoded certificates in library/certs.c
Adapt ChangeLog
Rename server1.der to server1.crt.der
Add DER encoded files to git tree
Add build instructions to generate DER versions of CRTs and keys
Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
Correct white spaces in ssl_server2 and ssl_client2
Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
All sample and test programs had a definition of mbedtls_param_failed.
This was necessary because we wanted to be able to build them in a
configuration with MBEDTLS_CHECK_PARAMS set but without a definition
of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of
MBEDTLS_PARAM_FAILED in config.h when testing with
MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed.