Commit graph

20486 commits

Author SHA1 Message Date
Werner Lewis
f5b86f3b16 Add clarification for 2.x section
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 09:20:01 +01:00
Ronald Cron
cf600bc07c Comment fixes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e0d7367a9e Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
2b1a43c101 tls13: Add missing overread check in Certificate msg parsing.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380 tls13: Add checks of overread check failures
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
ad8c17b9c6 tls: Add overread/overwrite check failure tracking
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Ronald Cron
a8d79b9eb6 ssl-opt.sh: Remove one pattern check
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:05:35 +02:00
Ronald Cron
07040bb179
Merge pull request #5951 from xkqian/tls13_add_alpn
Add ALPN extension to the server side
2022-06-27 08:33:03 +02:00
Ronald Cron
9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks
TLS 1.3: Fix certificate key usage checks
2022-06-27 08:32:17 +02:00
Gilles Peskine
0ff241a1ea Remove largely useless bit of test log to silence GCC 12
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-25 14:29:23 +02:00
Paul Elliott
668b31f210 Fix the wrong variable being used for TLS record size checks
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-06-24 20:09:37 +01:00
Werner Lewis
f8a478795c Add guidance for generating deprecated list
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-24 11:10:48 +01:00
Ronald Cron
21a1b2d374 Enable "Sending app data" SSL unit tests for TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
c78511b59a ssl-opt.sh: Enable some authentication tests for TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
1938588e80 tls13: Align some debug messages with TLS 1.2 ones
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
a4417c13a1 ssl-opt.sh: Add Small/Large packets TLS 1.3 tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
ba80d4d60b ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
2cffd284bc ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
XiaokangQian
0b776e282a Change some comments for alpn
Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard
fc425ee9a4
Merge pull request #5838 from mprse/HKDF_2
HKDF 2: Use HKDF-Expand/Extract from PSA in TLS 1.3
2022-06-24 09:28:17 +02:00
XiaokangQian
95d5f549f1 Fix coding styles
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 05:42:15 +00:00
Werner Lewis
016cec17e8 Add deprecated macros to migration guide
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 16:55:52 +01:00
Werner Lewis
745fcde406 Add reference to 2.x docs to migration guide
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 16:51:45 +01:00
Werner Lewis
3e5585b45d Replace TEST_ASSERT macro uses
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395 Reduce buffer sizes to expected size
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:11:50 +01:00
Andrzej Kurek
5708b45154 Add a changelog entry for the session resumption + CID bug
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-23 08:00:14 -04:00
Manuel Pégourié-Gonnard
4f799fc333
Merge pull request #941 from mpg/buf-overread-use-psa-static-ecdh-dev
Fix potential heap buffer overread with `USE_PSA_CRYPTO`
2022-06-23 11:57:33 +02:00
Manuel Pégourié-Gonnard
4cfaae5b6b Save code size by calling get_type only once
This is an external function, so in the absence of link-time
optimisation (LTO) the compiler can't know anything about it and has to
call it the number of times it's called in the source code.

This only matters for pk_ec, but change pk_rsa as well for the sake of
uniformity.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-23 09:43:39 +02:00
Przemek Stekiel
1b0ebdf363 Zeroize hkdf_label buffer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:22:49 +02:00
Przemek Stekiel
38ab400dc4 Adapt code to be consistent with the existing code
- init status to error
- use simple assignment to status
- fix code style (spaces)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:05:40 +02:00
XiaokangQian
c740345c5b Adress review comments
Change Code styles
Add test cases

Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-23 03:24:12 +00:00
Ronald Cron
f9c13fe69f ssl-opt.sh: Add positive check in successful "keyUsage client-auth" tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:21 +02:00
Ronald Cron
ba65fbbe30 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Gabor Mezei
96ec831385
Do not encrypt CCS records
According to the TLS 1.3 standard the CCS records must be unencrypted.

When a record is not encrypted the counter, used in the dynamic IV
creation, is not incremented.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
Gabor Mezei
7e2dbafe2d
Add test for dummy CCS records
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
Gabor Mezei
7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
XiaokangQian
acb3992251 Add ALPN extension to the server side
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-22 06:34:58 +00:00
Przemek Stekiel
b33bd19197 Enable HKDF EXTRACT/EXPAND algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 09:58:51 +02:00
Przemek Stekiel
d5ae365b97 Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Przemek Stekiel
88e7101d03 Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Przemek Stekiel
0c9e74bd55 Remove mbedtls_psa_hkdf_expand() and mbedtls_psa_hkdf_extract() tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Manuel Pégourié-Gonnard
a82a8b9f4b Mark internal int SSL functions CHECK_RETURN_CRITICAL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:55 +02:00
Manuel Pégourié-Gonnard
a3115dc0e6 Mark static int SSL functions CHECK_RETURN_CRITICAL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard
66b0d61718 Add comments when can_do() is safe to use
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
19a567ba43 Fix impact evaluation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
22e84de971 Improve contract of mbedtls_pk_ec/rsa()
Trusting the caller to perform the appropriate check is both risky, and
a bit user-unfriendly. Returning NULL on error seems both safer
(dereferencing a NULL pointer is more likely to result in a clean crash,
while mis-casting a pointer might have deeper, less predictable
consequences) and friendlier (the caller can just check the return
value for NULL, which is a common idiom).

Only add that as an additional way of using the function, for the sake
of backwards compatibility. Calls where we know the type of the context
for sure (for example because we just set it up) were legal and safe, so
they should remain legal without checking the result for NULL, which
would be redundant.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
1c91b0c434 Clarify warning about mbedtls_pk_ec/rsa()
The previous wording "ensure it holds an XXX" context did not mean
anything without looking at the source.

Looking at the source, the criterion is:
- for mbedtls_pk_rsa(), that the info structure uses rsa_alloc_wrap;
- for mbedtls_pk_ec(), that it uses eckey_alloc_wrap or
ecdsa_alloc_wrap, since mbedtls_ecdsa_context is a typedef for
mbedtls_ecp_keypair. (Note that our test code uses mbedtls_pk_ec() on
contexts of type MBEDTLS_PK_ECDSA.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
b64fb62ead Fix unchecked return value from internal function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00