Commit Graph

1621 Commits

Author SHA1 Message Date
Darryl Green
b33cc7688e
Add I/O buffer length fields to mbedtls_ssl_context
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Darryl Green <darryl.green@arm.com>
2020-03-03 10:44:49 -05:00
Manuel Pégourié-Gonnard
f03c13c046
Merge pull request #3050 from mpg/skip-close-notify-dev
Fix possible close_notify/ClientHello confusion
2020-03-03 12:11:48 +01:00
Gilles Peskine
ae463e6505 Move EXTRA_GENERATED mentions to a separate line
This makes reconciliation with other branches that don't have
it (mbedtls, backports) easier.
2020-02-26 14:44:40 +01:00
Manuel Pégourié-Gonnard
56941fe6a2 Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 09:33:45 +01:00
Gilles Peskine
d7fb66fd13 If a key is not of a supported type, something went wrong 2020-02-25 19:54:27 +01:00
Gilles Peskine
e60b365a5e EC keys can have the type MBEDTLS_PK_ECKEY_DH too 2020-02-25 19:54:07 +01:00
Gilles Peskine
f02b984f86 Sanity check on elliptic curve keys: check that the group is known 2020-02-25 19:52:44 +01:00
Gilles Peskine
8d36696e1f Fix fuzz_pubkey failure on valid RSA keys
On a valid RSA public key, mbedtls_rsa_export should succeed if you
ask for the public fields, but fail if you ask for private fields. The
code was expecting to succeed when asking for private fields, so
failed on every valid RSA public key.
2020-02-25 19:51:07 +01:00
Gilles Peskine
6fc21f630c Add a calloc self-test
Add a very basic test of calloc to the selftest program. The selftest
program acts in its capacity as a platform compatibility checker rather
than in its capacity as a test of the library.

The main objective is to report whether calloc returns NULL for a size
of 0. Also observe whether a free/alloc sequence returns the address
that was just freed and whether a size overflow is properly detected.
2020-02-11 19:26:27 +01:00
Gilles Peskine
db0cb2578c Fix CTR_DRBG benchmark
You can't reuse a CTR_DRBG context without free()ing it and
re-init()ing. This generally happened to work, but was never
guaranteed. It could have failed with alternative implementations of
the AES module because mbedtls_ctr_drbg_seed() calls
mbedtls_aes_init() on a context which is already initialized if
mbedtls_ctr_drbg_seed() hasn't been called before, plausibly causing a
memory leak. Calling free() and seed() with no intervening init fails
when MBEDTLS_THREADING_C is enabled and all-bits-zero is not a valid
mutex representation. So add the missing free() and init().
2020-02-11 19:26:27 +01:00
Gilles Peskine
e732f04443 cmake: link programs that only use x509 with libmbedx509
When building with CMake, for sample programs that only use
functionality in libmbedcrypto and libmbedx509, link with
libmbedx509, not with libmbedtls.

cert_app makes a TLS connection, so do link it with libmbedtls.
2020-02-11 19:26:27 +01:00
Gilles Peskine
e123395317 cmake: link programs that only use crypto with libmbedcrypto
When building with CMake, for sample programs that only use
functionality in libmbedcrypto (i.e. crypto and platform), link with
libmbedcrypto, not with libmbedtls.

This doesn't change the result, because the linker skips libraries in
which no symbol is used, but it changes the build dependencies, and it
has the advantage of bringing programs/*/CMakeLists.txt closer to the
corresponding files under crypto/.

The programs concerned are crypto sample and test programs, and
programs that only use (potential) platform functions such as
mbedtls_printf. dh_client and dh_server keep linking with mbedtls
because they use functions from the net_sockets module.
2020-02-11 19:26:27 +01:00
Jaeden Amero
7cb47de12a query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2020-02-11 19:26:27 +01:00
Jaeden Amero
93a0f90dca pkey/rsa_genkey: Remove commented out code
There is some commented out X.509 certificate writing code present in
rsa_genkey. It looks like it has been commented out since the beginning
of time. Let's remove it, since commented out code is not in good style.
2020-02-11 19:26:27 +01:00
Jaeden Amero
ed736992d5 pkey: Remove dependency on X.509 2020-02-11 19:26:27 +01:00
Gilles Peskine
8de196a590 programs/Makefile: List all programs one by one
This makes it easier to add or remove programs as well as see which
programs were added or removed in diffs.

Side port of 30fae8ee7d in mbed-crypto.
2020-02-11 19:26:27 +01:00
Gilles Peskine
4e8b594002 Fix uninitialized variable in an edge case
If `context_buf = mbedtls_calloc( 1, buf_len )` failed,
`context_buf_len` was not initialized. Noticed by
`gcc -Os -Werror=maybe-uninitialized`.

This was only a problem in ssl_server2 (a test program), only with
MBEDTLS_SSL_CONTEXT_SERIALIZATION enabled.
2020-02-03 19:49:55 +01:00
Gilles Peskine
2579675935 Merge remote-tracking branch 'upstream-public/development' into development
Files deleted by us: keep them deleted.

```
git rm $(git status -s | sed -n 's/^DU //p')
```

Individual files with conflicts:

* `README.md`: keep the crypto version.
* `doxygen/input/doc_mainpage.h`: keep the crypto version (with an obsolete Mbed Crypto version number).
* `include/mbedtls/error.h`:
    * `ERROR`: similar additions made through parallel commits, with only whitespace differences. Align with the tls version.
* `library/CMakeLists.txt`: keep the crypto version.
* `library/Makefile`: keep the crypto version.
* `scripts/generate_errors.pl`: keep the crypto version (the relevant changes were made through parallel commits).
* `tests/scripts/check-test-cases.py`:
    * `Results`: keep the crypto version, which has both the new argument to the constructor (added in crypto only) and the class docstring (added through parallel commits).
* `tests/suites/helpers.function`:
    * `ARRAY_LENGTH`, `ASSERT_ALLOC`: additions in the same location. Keep both, in indifferent order.
* `tests/suites/target_test.function`:
    * `receive_uint32`: keep the crypto version which has an additional bug fix. The tls changes made in tls are irrelevant after this bug fix.
* `visualc/VS2010/mbedTLS.vcxproj`: run `scripts/generate_visualc_files.pl`.

Review of non-conflicting changes:

* `all.sh`: 1 change.
    * zlib test components: don't add them.
* `include/CMakeLists.txt`: 1 change.
    * `target_include_directories`: doesn't work as is (different target name). Don't take the change.
* All other non-conflicting changes: take them.
2020-02-03 18:52:36 +01:00
Gilles Peskine
36ce88be1e
Merge pull request #2999 from catenacyber/fuzzrsa
Checks mbedtls_rsa_export return in fuzz targets
2020-01-31 16:38:43 +01:00
Gilles Peskine
f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Ercan Ozturk
d437309ae2 Fix debug message by using the correct function name called 2020-01-28 21:51:04 -08:00
Philippe Antoine
8b1ed1cf0e Adds explicit include to stdlib.h for abort 2020-01-22 16:22:36 +01:00
Philippe Antoine
7d4bd6f15f Checks mbedtls_rsa_export_crt return in fuzz targets 2020-01-22 14:14:18 +01:00
Philippe Antoine
66070bc19d Checks mbedtls_rsa_export return in fuzz targets 2020-01-22 13:54:56 +01:00
Gilles Peskine
2ac4d86040 Fix file leak in test program
A similar bug was fixed earlier in ssl_server2, but we missed the fix
in ssl_client2.
2020-01-21 17:39:52 +01:00
Janos Follath
dbd3304e8f Merge branch 'development' into development-restricted 2020-01-15 16:06:15 +00:00
Manuel Pégourié-Gonnard
ad6cb11461 Declare new config.h option MBEDTLS_SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Piotr Nowicki
7d01ef6562 Added buffer-based mbedtls allocator support to ssl_client2 2019-11-25 15:52:48 +01:00
Piotr Nowicki
9926eaf695 Do not allow configuring zero-length PSK
fix error when calloc is called with size 0
2019-11-25 15:49:53 +01:00
Jaeden Amero
b37886935e Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Remove unused test data file
  Remove component designed to test MAX_SIGNATURE_SIZE
  Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs
  Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in X.509
  Update crypto submodule
  x509write_csr: Reduce stack usage of mbedtls_x509write_csr_pem()
  Fix mbedtls_ssl_check_record usage with ext buf
  Shorter version of mbedtls_ssl_send_fatal_handshake_failure
  Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used)
  Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
  Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number)
  Fix potential resource leak in sslserver2 example
  X.509: Add numerous negative parsing tests for CertificatePolicy ext
  X.509: Adapt negative parsing test for no data in CrtPolicy ext
  X.509: Move negative tests for CertificatePolicy parsing
  X.509: Remove CRT policy parsing test 'bool len missing'
2019-11-22 10:27:25 +00:00
Jaeden Amero
67ab98dcc0 Merge remote-tracking branch 'restricted/pr/661' into development-restricted
* restricted/pr/661:
  Fix buffer size in an AES example
2019-11-22 10:26:08 +00:00
Jaeden Amero
ed7b8b73ad
Merge pull request #2868 from k-stachowiak/fix-resource-leak-in-ssl-example
Fix potential resource leak in sslserver2 example
2019-11-22 09:57:32 +00:00
Gilles Peskine
9afbfdc833 Merge remote-tracking branch 'myfork-public/development' into merge-crypto-development-20191115
First deal with deleted files.

* Files deleted by us: keep them deleted.
* Files deleted by them, whether modified by us or not: keep our version.

```
git rm $(git status -s | sed -n 's/^DU //p')
git reset -- $(git status -s | sed -n 's/^D  //p')
git checkout -- $(git status -s | sed -n 's/^ D //p')
git add -- $(git status -s | sed -n 's/^UD //p')
```

Individual files with conflicts:

* `3rdparty/everest/library/Hacl_Curve25519_joined.c`: spurious conflict because git mistakenly identified this file as a rename. Keep our version.
* `README.md`: conflict due to their change in a paragraph that doesn't exist in our version. Keep our version of this paragraph.
* `docs/architecture/Makefile`: near-identical additions. Adapt the definition of `all_markdown` and include the clean target.
* `doxygen/input/docs_mainpage.h`: conflict in the version number. Keep our version number.
* `include/mbedtls/config.h`: two delete/modify conflicts. Keep the removed chunks out.
* `library/CMakeLists.txt`: discard all their changes as they are not relevant.
* `library/Makefile`:
    * Discard the added chunk about the crypto submodule starting with `INCLUDING_FROM_MBEDTLS:=1`.
    * delete/modify: keep the removed chunk out.
    * library build: This is almost delete/modify. Their changes are mostly not applicable. Do keep the `libmbedcrypto.$(DLEXT): | libmbedcrypto.a` order dependency.
    * `.c.o`: `-o` was added on both sides but in a different place. Change to their place.
* `library/error.c`: to be regenerated.
* `library/version_features.c`: to be regenerated.
* `programs/Makefile`: Most of the changes are not relevant. The one relevant change is in the `clean` target for Windows; adapt it by removing `/S` from our version.
* `programs/test/query_config.c`: to be regenerated.
* `scripts/config.py`: added in parallel on both sides. Keep our version.
* `scripts/footprint.sh`: parallel changes. Keep our version.
* `scripts/generate_visualc_files.pl`: one delete/modify conflict. Keep the removed chunks out.
* `tests/Makefile`: discard all of their changes.
* `tests/scripts/all.sh`:
    * `pre_initialize_variables` add `append_outcome`: add it.
    * `pre_initialize_variables` add `ASAN_CFLAGS`: already there, keep our version.
    * `pre_parse_command_line` add `--no-append-outcome`: add it.
    * `pre_parse_command_line` add `--outcome-file`: add it.
    * `pre_print_configuration`: add `MBEDTLS_TEST_OUTCOME_FILE`.
    * Several changes in SSL-specific components: keep our version without them.
    * Several changes where `config.pl` was changed to `config.py` and there was an adjacent difference: keep our version.
    * Changes regarding the inclusion of `MBEDTLS_MEMORY_xxx`: ignore them here, they will be normalized in a subsequent commit.
    * `component_test_full_cmake_gcc_asan`: add it without the TLS tests.
    * `component_test_no_use_psa_crypto_full_cmake_asan`: keep the fixed `msg`, discard other changes.
    * `component_test_memory_buffer_allocator_backtrace`, `component_test_memory_buffer_allocator`: add them without the TLS tests.
    * `component_test_m32_everest`: added in parallel on both sides. Keep our version.
* `tests/scripts/check-names.sh`, `tests/scripts/list-enum-consts.pl`, `tests/scripts/list-identifiers.sh`, ``tests/scripts/list-macros.sh`: discard all of their changes.
* `tests/scripts/test-ref-configs.pl`: the change in the conflict is not relevant, so keep our version there.
* `visualc/VS2010/*.vcxproj`: to be regenerated.

Regenerate files:

```
scripts/generate_visualc_files.pl
git add visualc/VS2010/*.vcxproj
scripts/generate_errors.pl
git add library/error.c
scripts/generate_features.pl
git add library/version_features.c
scripts/generate_query_config.pl
git add programs/test/query_config.c
```

Rejected changes in non-conflicting files:

* `CMakeLists.txt`: discard their addition which has already been side-ported.
* `doxygen/mbedtls.doxyfile`: keep the version number change. Discard the changes related to `../crypto` paths.

Keep the following changes after examination:

* `.travis.yml`: all of their changes are relevant.
* `include/mbedtls/error.h`: do keep their changes. Even though Crypto doesn't use TLS errors, it must not encroach on TLS's allocated numbers.
* `tests/scripts/check-test-cases.py`: keep the code dealing with `ssl-opt.sh`. It works correctly when the file is not present.
2019-11-15 11:47:14 +01:00
Gilles Peskine
96a7cd1759 Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs
Use the constant that is now provided by the crypto submodule instead
of rolling our own definition which is not correct in all cases.
2019-11-13 15:32:11 +01:00
Gilles Peskine
da252bed3c Define a constant for the maximum signature size from pk_sign()
Based on the buffer size used in the pk_sign sample program, this is
MBEDTLS_MPI_MAX_SIZE.
2019-11-05 16:27:27 +01:00
Gilles Peskine
f0ebbfb3fc Fix CTR_DRBG benchmark
You can't reuse a CTR_DRBG context without free()ing it and
re-init()ing. This generally happened to work, but was never
guaranteed. It could have failed with alternative implementations of
the AES module because mbedtls_ctr_drbg_seed() calls
mbedtls_aes_init() on a context which is already initialized if
mbedtls_ctr_drbg_seed() hasn't been called before, plausibly causing a
memory leak. Calling free() and seed() with no intervening init fails
when MBEDTLS_THREADING_C is enabled and all-bits-zero is not a valid
mutex representation. So add the missing free() and init().
2019-10-28 21:03:52 +01:00
Andrzej Kurek
df2cd9e14f Makefiles: move the dependencies block to be after DLEXT definition
Having it before them resulted in incomplete dependency names, always ending
with a period.
2019-10-07 09:24:22 -04:00
Gilles Peskine
1540e5bd04 Move MBEDTLS_CTR_DRBG_USE_128_BIT_KEY to the correct section
It's an on/off feature, so it should be listed in version_features.
2019-10-04 11:16:24 +02:00
k-stachowiak
bbc1c699fc Fix potential resource leak in sslserver2 example 2019-09-26 13:43:31 +02:00
k-stachowiak
20935ebd34 Fix buffer size in an AES example 2019-09-26 11:22:02 +02:00
Jaeden Amero
c21a9f04f9 Merge remote-tracking branch 'origin/pr/2765' into development
* origin/pr/2765: (28 commits)
  Add set+get tests
  Consolidate tests for set with/without values
  config.py testing: also test the get command
  Compatibility redirect: add copyright notice
  Compatibility redirect: if python3 is not available, try python
  Fix config.py output when a symbol has acquired or lost a value
  Remove redundant test case
  cmake: update interpreter requirement for the test suite generator
  cmake: fix Python requirement
  Test script for config.py
  Documentation improvements
  Fix "#define ... not found" error when using the default file name
  Fix "--force set" without a value sneaking a None in
  Fix --force requiring an argument
  Fix Config.unset() making the name known
  Also search config.h near the script
  Report an error if switching to Python fails
  Fix 'config.py set' without --force
  Fix encoding errors
  Print help when invoked with no arguments
  ...
2019-09-23 17:27:44 +01:00
Gilles Peskine
583afe47cc Add a calloc self-test
Add a very basic test of calloc to the selftest program. The selftest
program acts in its capacity as a platform compatibility checker rather
than in its capacity as a test of the library.

The main objective is to report whether calloc returns NULL for a size
of 0. Also observe whether a free/alloc sequence returns the address
that was just freed and whether a size overflow is properly detected.
2019-09-20 20:22:15 +02:00
Gilles Peskine
5d46f6a89b Invoke config.py instead of config.pl
git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g'

Also:
* Change one comment in include/mbedtls/check_config.h.
* Change PERL to PYTHON in CMakeLists.txt.
2019-09-13 11:04:23 +02:00
Jaeden Amero
63d813d258 ssl: Disallow modification of hello.random by export
Make client_random and server_random const in
mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged
from modifying the client/server hello.

Update examples and tests use const for hello.random as well, to ensure
that the export callbacks are of the proper type.

Fixes #2759
2019-09-12 15:18:25 +01:00
Hanno Becker
bc5308cb9a ssl_cli/srv2: Indicate nss_keylog and eap_tls are mut. exclusive 2019-09-09 11:38:51 +01:00
Hanno Becker
48f3a3d101 Add NSS keylog support to ssl_server2 and ssl_client2
This commit adds command line options

- nss_keylog=0/1
- nss_keylog_file=FILENAME

to the example programs ssl/ssl_client2 and ssl/ssl_server2 which
allow to print and export the session keys in the NSS keylog
for debugging purposes.
2019-09-09 10:30:16 +01:00
Jaeden Amero
f66e7ea7f3
Merge pull request #178 from mpg/sha512-smaller
New config.h option to make SHA-512 smaller
2019-09-04 10:19:28 +01:00
Jaeden Amero
481659a9c0 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix uninitialized variable in x509_crt
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 19:42:19 +01:00
Jaeden Amero
8dd6bc7ac4 Merge remote-tracking branch 'origin/pr/2803' into development
* origin/pr/2803:
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
2019-09-03 16:41:51 +01:00
Jaeden Amero
4cf0e7e4d2 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 16:24:18 +01:00
Darryl Green
9b9a790be6 Handle deleting non-existant files on Windows
If we try to delete a non-existant file using del on Windows, as
can happen when running make clean, del will throw an error. Make
the Makefiles more robust by only deleting files if they exist.
2019-08-30 15:45:46 +01:00
Janos Follath
4f055f4ca2 Use 3rdparty headers from the submodule 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
9e8076ffdc Fix macros in benchmark.c
#2124 may suffer from the same problem.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
3669c80a90 Update generated files 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
12f359f7da Fix trailing whitespace 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
cc91fe2667 ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
5d536cd814 ECDH: Fix use of ECDH API in full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
1a2d9f7f41 ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
ed5f3f063f ECDH: Fix Everest x25519 make_public 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e1dfc9884a Fix file permissions 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
8cd4fba777 ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do 2019-08-29 16:12:38 +01:00
Gilles Peskine
c6c7c49fd6 Add mbedtls_ecdh_can_do
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-29 16:12:38 +01:00
Gilles Peskine
b14c4a533d Fix build with gcc -Wshadow 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
21411d2b79 ECDH: Make benchmarks check MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
655ddababa 3rdparty: Add additional build facilities for 3rd-party code 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b33e811f2d ECDH: Fix file permission problem 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
6a1a9e468d ECDSA: Add mbedtls_ecdsa_can_do 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
3dca1a405a ECDH: Fix error checks in benchmark.c 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e50b9704d0 ECDH: Fix whitespace and doxygen comment 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b4e63a14d9 ECDH: Improve ECDH full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0b93102415 ECDH: Rename full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0bc9c693ce ECDH: Add new (non-legacy) ECDH benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
977d89ab29 ECDH: Include Everest Curve25519 in build scripts 2019-08-29 16:12:38 +01:00
Jaeden Amero
f0716542c4
Merge pull request #140 from yanesca/everest_integration
Everest integration
2019-08-29 16:02:49 +01:00
Jaeden Amero
f1cdceae0d Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (114 commits)
  Don't redefine calloc and free
  Add changelog entry to record checking
  Fix compiler warning
  Add debug messages
  Remove duplicate entries from ChangeLog
  Fix parameter name in doxygen
  Add missing guards for mac usage
  Improve reability and debugability of large if
  Fix a typo in a comment
  Fix MSVC warning
  Fix compile error in reduced configurations
  Avoid duplication of session format header
  Implement config-checking header to context s11n
  Provide serialisation API only if it's enabled
  Fix compiler warning: comparing signed to unsigned
  Actually reset the context on save as advertised
  Re-use buffer allocated by handshake_init()
  Enable serialisation tests in ssl-opt.sh
  Change requirements for setting timer callback
  Add setting of forced fields when deserializing
  ...
2019-08-27 10:09:10 +01:00
Jarno Lamsa
472a2a2fcd Don't redefine calloc and free 2019-08-23 13:13:52 +03:00
Manuel Pégourié-Gonnard
9df5a82079 Actually reset the context on save as advertised
Also fix some wording in the documentation while at it.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
13c8e68477 Change requirements for setting timer callback
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
3309a67996 Fix memory leak in client/server2
context_buf was never free()d. Moreover, since we want to free it on error
paths as well, and even properly zeroize it in order to demonstrate good
memory hygiene, we need to make it and its length main()-scoped.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
a88399c091 Improve demo/testing code in client/server2
Previously it was missing reset in case 1, and in case 2 the code was never
executed as the option value was reset to 0.

Tighten checking of return values of save(NULL, 0) now that it works.

Also, improve the printed output as well as the comments.

I checked manually that everything now works and fail in the expected way:
save, reset-or-reinit and load all succeed, but the subsequent read or write
fails.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
ddf72a1cf6 Fix style issues 2019-08-23 13:07:05 +03:00
Jarno Lamsa
8e2532196d Set timer callbacks with serialization 2019-08-23 13:05:43 +03:00
Jarno Lamsa
1a7f7936f3 Fix spacing 2019-08-23 13:05:43 +03:00
Jarno Lamsa
15b3a7ae4d Fix compiler warnings 2019-08-23 13:05:42 +03:00
Jarno Lamsa
304d61cede Add option for ssl-context re-initialization flow 2019-08-23 13:05:34 +03:00
Jarno Lamsa
12021ee115 Fix spacing 2019-08-23 12:53:40 +03:00
Jarno Lamsa
1d1657f11c Allow stub implementation of the context_save for now 2019-08-23 12:53:40 +03:00
Jarno Lamsa
93c6ff2392 Address review comments for code-style issues 2019-08-23 12:53:40 +03:00
Jarno Lamsa
378d64daad Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-08-23 12:53:40 +03:00
Jarno Lamsa
bbc7b41903 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-08-23 12:53:40 +03:00
Jarno Lamsa
5a3a16cb1b Serialize/deserialize for ssl_server2 2019-08-23 12:53:40 +03:00
Jarno Lamsa
af30629686 Rely on opt.exchanges for sending after serialization 2019-08-23 12:53:40 +03:00
Jarno Lamsa
77e6665ffb Serialization/deserialization in ssl_client2 2019-08-23 12:53:40 +03:00
Jarno Lamsa
9831c8a14c Add option for serialization in ssl_client/server2 2019-08-23 12:53:40 +03:00
Manuel Pégourié-Gonnard
afa8f71700 Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION
This is enabled by default as we generally enable things by default unless
there's a reason not to (experimental, deprecated, security risk).

We need a compile-time option because, even though the functions themselves
can be easily garbage-collected by the linker, implementing them will require
saving 64 bytes of Client/ServerHello.random values after the handshake, that
would otherwise not be needed, and people who don't need this feature
shouldn't have to pay the price of increased RAM usage.
2019-08-23 12:52:29 +03:00
Manuel Pégourié-Gonnard
686adb4d54 Normalize spelling to serialiZation
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)

sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
4d591d6d3f Demonstrate safe usage (zeroize) in ssl_client2 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
26f982f50e Improve save API by always updating olen
This allows callers to discover what an appropriate size is. Otherwise they'd
have to either try repeatedly, or allocate an overly large buffer (or some
combination of those).

Adapt documentation an example usage in ssl_client2.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
a7c3765760 Add tests for session copy without serialisation 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
b5e4e0a395 Add mbedtls_ssl_get_session_pointer()
Avoid useless copy with mbedtls_ssl_get_session() before serialising.

Used in ssl_client2 for testing and demonstrating usage, but unfortunately
that means mbedtls_ssl_get_session() is no longer tested, which will be fixed
in the next commit.
2019-08-23 12:48:41 +03:00