Commit Graph

9454 Commits

Author SHA1 Message Date
Simon Butcher
25b5579a09 Merge remote-tracking branch 'origin/pr/626' into baremetal 2019-07-23 16:03:21 +01:00
Hanno Becker
95d1b93c69 Don't reset timer during mbedtls_ssl_setup()
At that point, the timer might not yet be configured.

The timer is reset at the following occasions:

- when it is initially configured through
    mbedtls_ssl_set_timer_cb() or
    mbedtls_ssl_set_timer_cb_cx()
- when a session is reset in mbedtls_ssl_session_reset()
- when a handshake finishes via mbedtls_ssl_handshake_wrap()
2019-07-22 11:15:28 +01:00
Hanno Becker
ffb45b9ea5 Add test for hardcoded timer callbacks to all.sh 2019-07-22 11:15:28 +01:00
Hanno Becker
af5d8abf26 Don't call memset on NULL pointer in NIST KW test suite
Note: There's no need to call `memset()` after `calloc()`
because `calloc()` includes zeroization.
2019-07-22 11:15:12 +01:00
Hanno Becker
ce8bdf82a1 ECP restart: Don't calculate address of sub ctx if ctx is NULL
All modules using restartable ECC operations support passing `NULL`
as the restart context as a means to not use the feature.

The restart contexts for ECDSA and ECP are nested, and when calling
restartable ECP operations from restartable ECDSA operations, the
address of the ECP restart context to use is calculated by adding
the to the address of the ECDSA restart context the offset the of
the ECP restart context.

If the ECP restart context happens to not reside at offset `0`, this
leads to a non-`NULL` pointer being passed to restartable ECP
operations from restartable ECDSA-operations; those ECP operations
will hence assume that the pointer points to a valid ECP restart
address and likely run into a segmentation fault when trying to
dereference the non-NULL but close-to-NULL address.

The problem doesn't arise currently because luckily the ECP restart
context has offset 0 within the ECDSA restart context, but we should
not rely on it.

This commit fixes the passage from restartable ECDSA to restartable ECP
operations by propagating NULL as the restart context pointer.

Apart from being fragile, the previous version could also lead to
NULL pointer dereference failures in ASanDbg builds which dereferenced
the ECDSA restart context even though it's not needed to calculate the
address of the offset'ed ECP restart context.
2019-07-19 14:56:09 +01:00
Simon Butcher
ae3f8511fd Merge remote-tracking branch 'origin/pr/615' into baremetal 2019-07-15 19:24:44 +01:00
Simon Butcher
feb1cee36e Merge remote-tracking branch 'origin/pr/602' into baremetal 2019-07-15 19:24:11 +01:00
Simon Butcher
5f7436f757 Merge remote-tracking branch 'origin/pr/593' into baremetal 2019-07-15 19:23:54 +01:00
Hanno Becker
7ae3026d5d [Fixup] Minor changes addressing review feedback 2019-07-12 15:25:03 +01:00
Hanno Becker
7decea9ea9 Simplify supported EC extension writing code
The previous code writes the content (the EC curve list) of the extension
before writing the extension length field at the beginning, which is common
in the library in places where we don't know the length upfront. Here,
however, we do traverse the EC curve list upfront to infer its length
and do the bounds check, so we can reorder the code to write the extension
linearly and hence improve readability.
2019-07-12 15:25:03 +01:00
Hanno Becker
c1096e7514 Allow hardcoding single supported elliptic curve
This commit introduces the option MBEDTLS_SSL_CONF_SINGLE_EC
which can be used to register a single supported elliptic curve
at compile time. It replaces the runtime configuration API
mbedtls_ssl_conf_curves() which allows to register a _list_
of supported elliptic curves.

In contrast to other options used to hardcode configuration options,
MBEDTLS_SSL_CONF_SINGLE_EC isn't a numeric option, but instead it's
only relevant if it's defined or not. To actually set the single
elliptic curve that should be supported, numeric options

MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID

must both be defined and provide the TLS ID and the Mbed TLS internal
ID and the chosen curve, respectively.
2019-07-12 15:25:03 +01:00
Hanno Becker
ee24f8cecb Remove unnecessary check for presence of supported EC list
For both client/server the EC curve list is assumed not to be NULL:

- On the client-side, it's assumed when writing the
  supported elliptic curve extension:

    c54ee936d7/library/ssl_cli.c (L316)

- On the server, it is assumed when searching for a
  suitable curve for the ECDHE exchange:

    c54ee936d7/library/ssl_srv.c (L3200)

It is therefore not necessary to check this in mbedtls_ssl_check_curve().
2019-07-12 15:25:03 +01:00
Hanno Becker
a4a9c696c1 Introduce helper macro for traversal of supported EC TLS IDs 2019-07-12 15:25:03 +01:00
Hanno Becker
80855881ec Remove unnecessary guards in client-side EC curve extension writing
ssl_write_supported_elliptic_curves_ext() is guarded by

```
    #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
       defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
```

each of which implies (by check_config.h) that MBEDTLS_ECP_C
is enabled.
2019-07-12 15:25:03 +01:00
Hanno Becker
84fb902ea5 Work on client-provided supported EC TLS ID list in-place 2019-07-12 15:25:01 +01:00
Hanno Becker
004619fa25 Store TLS curve ID instead of information structure
This will reduce the number of grp ID <-> tls ID <-> curve info structs
conversions once a single EC can be hardcoded through its TLS ID.
2019-07-12 15:19:43 +01:00
Hanno Becker
90f7b75354 Fix unused variable warning in SSL test suite 2019-07-12 15:15:08 +01:00
Hanno Becker
ac8c984784 SSL tests: Skip tests using version not matching hardcoded version 2019-07-12 15:15:08 +01:00
Hanno Becker
930fbf60d6 Add TEST_ASSUME macro to allow skipping tests at runtime
This commit adds a macro TEST_ASSUME to the test infrastructure
which allows to skip tests based on unmet conditions determined
at runtime.
2019-07-12 15:15:08 +01:00
Hanno Becker
d82a03084f ssl-opt.sh: Detect mismatching cmd line and hardcoded version config 2019-07-12 15:15:08 +01:00
Hanno Becker
72e5ffc9d6 Remove ver cfg in ssl_client2/ssl_server2 if ver hardcoded 2019-07-12 15:15:08 +01:00
Hanno Becker
33b9b25a48 Remove SSL version configuration API if versions are hardcoded 2019-07-12 15:15:08 +01:00
Hanno Becker
cb8774b6e8 Enforce that all SSL version bounds must be hardcoded simultaneously 2019-07-12 15:15:08 +01:00
Hanno Becker
94c40d17f7 [Fixup] Fix typos in documentation of min/max version macros 2019-07-12 15:15:08 +01:00
Hanno Becker
0a92b8156d Remove mbedtls_ssl_transform::minor_ver if the version is hardcoded 2019-07-12 15:15:08 +01:00
Hanno Becker
0f902b71a8 Add new compile-time options to programs/ssl/query_config.c 2019-07-12 15:15:07 +01:00
Hanno Becker
f1c2a33189 Note in SSL doc'n that version bounds can be set at compile-time 2019-07-12 15:15:07 +01:00
Hanno Becker
18729aeaac Guard RSA-only max_major/minor_ver fields from SSL handshake params
The fields
- mbedtls_ssl_handshake_params::max_major_ver,
- mbedtls_ssl_handshake_params::max_minor_ver
are used only for server-side RSA-based key exchanges
can be removed otherwise.
2019-07-12 15:15:07 +01:00
Hanno Becker
7b628e5b88 Make mbedtls_ssl_read/write_version static inline
Reasons:
- If the transport type is fixed at compile-time,
  mbedtls_ssl_read_version() and mbedtls_ssl_write_version()
  are called with a compile-time determined `transport`
  parameter, so the transport-type branch in their body
  can be eliminated at compile-time.
- mbedtls_ssl_read_version() is called with addresses of
  local variables, which so far need to be put on the stack
  to be addressable. Inlining the call allows to read directly
  into the registers holding these local variables.

This saves 60 bytes w.r.t. the measurement performed by

> ./scripts/baremetal.sh --rom --gcc
2019-07-12 15:15:07 +01:00
Hanno Becker
381eaa5976 Remove min/maj version from SSL context if only one version enabled
If the minor/major version is enforced at compile-time, the `major_ver`
and `minor_ver` fields in `mbedtls_ssl_context` are redundant and can
be removed.
2019-07-12 15:15:07 +01:00
Hanno Becker
2881d80138 Introduce getter function for max/min SSL version
This is a first step towards hardcoding ssl->{major|minor}_ver
in configurations which accept only a single version.
2019-07-12 15:15:06 +01:00
Hanno Becker
3fa1ee567c Set SSL minor version only after validation 2019-07-12 15:14:53 +01:00
Hanno Becker
e965bd397e Allow hardcoding of min/max minor/major SSL version at compile-time
This commit introduces the numeric compile-time constants

- MBEDTLS_SSL_CONF_MIN_MINOR_VER
- MBEDTLS_SSL_CONF_MAX_MINOR_VER
- MBEDTLS_SSL_CONF_MIN_MAJOR_VER
- MBEDTLS_SSL_CONF_MAX_MAJOR_VER

which, when defined, overwrite the runtime configurable fields
mbedtls_ssl_config::min_major_ver etc. in the SSL configuration.

As for the preceding case of the ExtendedMasterSecret configuration,
it also introduces and puts to use getter functions for these variables
which evaluate to either a field access or the macro value, maintaining
readability of the code.

The runtime configuration API mbedtls_ssl_conf_{min|max}_version()
is kept for now but has no effect if MBEDTLS_SSL_CONF_XXX are set.
This is likely to be changed in a later commit but deliberately omitted
for now, in order to be able to study code-size benefits earlier in the
process.
2019-07-12 15:14:51 +01:00
Simon Butcher
fabfb8578a Merge remote-tracking branch 'origin/pr/603' into baremetal 2019-07-10 15:40:32 +01:00
Simon Butcher
92bb0e954b Merge remote-tracking branch 'origin/pr/606' into baremetal 2019-07-10 15:40:09 +01:00
Simon Butcher
133294eb4a Merge remote-tracking branch 'origin/mbedtls-2.16' into baremetal 2019-07-10 11:38:01 +01:00
Jaeden Amero
27174b7ccd Merge remote-tracking branch 'origin/pr/2731' into mbedtls-2.16
* origin/pr/2731:
  Allow TODO in code
  Use the docstring in the command line help
2019-07-09 13:57:29 +01:00
Jaeden Amero
a25fd2cf75 Merge remote-tracking branch 'origin/pr/2739' into mbedtls-2.16
* origin/pr/2739:
  Split _abi_compliance_command into smaller functions
  Record the commits that were compared
  Document how to build the typical argument for -s
  Allow running /somewhere/else/path/to/abi_check.py
2019-07-09 13:56:31 +01:00
Hanno Becker
14a4a44e60 Remove mbedtls_ssl_conf_dbg() if !MBEDTLS_DEBUG_C 2019-07-08 11:32:50 +01:00
Hanno Becker
272063abfd Don't store debug func ptr cb + ctx in SSL config if !DEBUG_C
Note: This is an structure-API breaking change that we might
      not be able to upstream.
2019-07-08 11:32:10 +01:00
Hanno Becker
9e720e07e1 Add note that def'n of MBEDTLS_SUITE_XXX is just for check-names.sh 2019-07-08 11:24:36 +01:00
Hanno Becker
779d79dcd7 Restore static inline qualif'n of some helpers in ssl_ciphersuites.h 2019-07-08 11:23:25 +01:00
Hanno Becker
efe1327fef Add test to all.sh exercising hardcoded ciphersuite 2019-07-08 11:23:25 +01:00
Hanno Becker
91900362f5 Modify default test in ssl-opt.sh to not expect particular primitive 2019-07-08 11:23:25 +01:00
Hanno Becker
e4b355a1ed Remove redundant hardcoded ciphersuite identifier 2019-07-08 11:23:25 +01:00
Hanno Becker
870bcd3a6e Highlight precondition of ciphersuite getter functions 2019-07-08 11:23:25 +01:00
Hanno Becker
a1552ac37c Use "unknown" instead of NULL as name of unknown ciphersuite 2019-07-08 11:23:25 +01:00
Hanno Becker
9b3ec12863 Add missing spaces at the end of comments 2019-07-08 11:23:24 +01:00
Hanno Becker
f4d6b49352 Allow use of continue in single-ciphersuite 'loops' 2019-07-08 11:23:24 +01:00
Hanno Becker
c5db66af2f Update query_config.c 2019-07-08 11:23:24 +01:00