Commit Graph

10332 Commits

Author SHA1 Message Date
Andrzej Kurek
a9c2a3b244 Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-09 05:22:39 -04:00
Hanno Becker
307dfcd439 Disable memory buffer allocator in full config
This commit modifies `config.pl` to not set MBEDTLS_MEMORY_BUFFER_ALLOC
with the `full` option.
2019-09-09 05:17:37 -04:00
Hanno Becker
e29e7eb36c Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h 2019-09-09 05:17:13 -04:00
Hanno Becker
392a8d0e64 x509.c: Minor readability improvement 2019-09-09 09:55:31 +01:00
Hanno Becker
14b0a68083 x509_crt.c: Indicate guarding condition in #else branch 2019-09-09 09:55:31 +01:00
Hanno Becker
cd239f8839 X.509: Don't remove verify callback by default 2019-09-09 09:55:31 +01:00
Hanno Becker
cd839c9aa7 Fix Doxygen warnings regarding removed verify cb+ctx parameters 2019-09-09 09:55:31 +01:00
Hanno Becker
03d7746927 ECC restart: Use optional verification mode in bad signature test
This way, the verification failure string will still be printed
even if verification callbacks are disabled, allowing to increase
test coverage.
2019-09-09 09:55:31 +01:00
Hanno Becker
8d6d320603 Re-implement verify chain if vrfy cbs are disabled
This commit re-implements the previously introduced internal
verification chain API in the case where verification callbacks
are disabled. In this situation, it is not necessary to maintain
the list of individual certificates and flags comprising the
verification chain - instead, it suffices to just keep track
of the length and the total (=merged) flags.
2019-09-09 09:55:31 +01:00
Hanno Becker
adc282a5e8 Add zero-cost abstraction layer for CRT verification chain
When verifying an X.509 certificate, the current verification logic
maintains an instance of the internal mbedtls_x509_crt_verify_chain
structure representing the state of the verification process. This
instance references the list of certificates that comprise the chain
built so far together with their verification flags. This information
must be stored during verification because it's being passed to the
verification callback at the end of verification - if the user has
specified those.

If the user hasn't specified a verification callback, it is not
necessary to maintain the list of CRTs, and it is also not necessary
to maintain verification flags for each CRT individually, as they're
merged at the end of the verification process.

To allow a readable simplification of the code in case no verification
callbacks are used, this commit introduces a zero-cost abstraction layer
for the functionality that's required from the verification chain structure:
- init/reset
- add a new CRT to the chain
- get pointer to current CRT flags
- add flags to EE certificate
- get current chain length
- trigger callbacks and get final (merged) flags
This gives flexibility for re-implementing the verification chain
structure, e.g. in the case where no verification callbacks are
provided, and there's hence no need to store CRTs and flags
individually. This will be done in a later commit.
2019-09-09 09:55:31 +01:00
Hanno Becker
9ec3fe0d43 Introduce configuration option to remove CRT verification callbacks 2019-09-09 09:55:31 +01:00
Hanno Becker
56d1b2389c Fixup: Don't assume that alt SHA256 impln's have trivial init/free 2019-09-09 09:45:57 +01:00
Hanno Becker
18c8936a73 Fixup: Correct Doxygen file name primitive in md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker
f6cc3cd2a5 Fixup: Typo in check_config.h entry for single hash encoding 2019-09-09 09:45:57 +01:00
Hanno Becker
f207562cdc Fixup: Typo in all.sh component description for single-MD hardcoding 2019-09-09 09:45:57 +01:00
Hanno Becker
55fdae04f7 Fixup: Improve comment on helper macros in md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker
3252c4d913 Fixup MD: Avoid always-false pointer comparison
When MBEDTLS_MD_SINGLE_HASH is set, both the underlying digest context
and the HMAC data are embedded into the mbedtls_md_context; otherwise,
they're dynamically allocated and referenced from mbedtls_md_context.

When the HMAC data is embedded in mbedtls_md_context, it's unnecessary
to check whether mbedtls_md_context::hmac_ctx is NULL, because that's
never the case in defined behaviour, but the check has kept for
uniformity so far. However, contrary to the expectation that compilers
would silently remove this check as always false, ARMC6 complains about
it, breaking some tests in all.sh.

This commit fixes this by guarding checks for

   mbedtls_md_context::hmac_ctx == NULL

by !MBEDTLS_MD_SINGLE_HASH.
2019-09-09 09:45:57 +01:00
Hanno Becker
94f48e0052 MD: Use no-op for context SHA-256 init() and free()
When MBEDTLS_MD_SINGLE_HASH is set, the underlying digest's
context is embedded into mbedtls_md_context_t, which is
zeroized before the underlying digest's init() function
is called. For those digests where initialization is
zeroization, the init() call can therefore be omitted.

Similarly, when free()-ing an mbedtls_md_context_t, the
entire context is zeroized in the end, hence if the
underlying digest's free() function is zeroization,
it can be omitted.
2019-09-09 09:45:57 +01:00
Hanno Becker
64b0623cbb MD: Implement config dep'n inlining of mbedtls_md_setup() 2019-09-09 09:45:57 +01:00
Hanno Becker
52e36bc1a1 MD: Embed digest context structure into MD wrapper context 2019-09-09 09:45:57 +01:00
Hanno Becker
4a99765f94 MD: Introduce macro for initialization function 2019-09-09 09:45:57 +01:00
Hanno Becker
6deddf761a MD: Introduce macro for underlying context type 2019-09-09 09:45:57 +01:00
Hanno Becker
c290847719 Fixup md.h: Fix use of inline keyword in MSVC 2019-09-09 09:45:57 +01:00
Hanno Becker
7a78fe409b Fixup: Avoid unused function warning for MD wrappers 2019-09-09 09:45:57 +01:00
Hanno Becker
d73aabd1c2 Fixup: Declare digest info structures as static
They're defined and used within library/md.c only and hence
need not be of external linkage.
2019-09-09 09:45:57 +01:00
Hanno Becker
53ade9fa62 MD: Implement config dep'n inlining of mbedtls_md_process() 2019-09-09 09:45:57 +01:00
Hanno Becker
993691d9ba MD: Implement config dep'n inlining of mbedtls_md_finish() 2019-09-09 09:45:57 +01:00
Hanno Becker
fdef5ac13b MD: Implement config dep'n inlining of mbedtls_md_update() 2019-09-09 09:45:57 +01:00
Hanno Becker
527f7c9307 MD: Demonstrate config-dep'n API inlining for mbedtls_md_starts() 2019-09-09 09:45:57 +01:00
Hanno Becker
7a7b7227cb Add dummy def of MBEDTLS_MD_INFO_SHA256 to make check-names.sh happy 2019-09-09 09:45:57 +01:00
Hanno Becker
c4e4210aab Introduce md_internal.h
Recall that in the default configuration, Mbed TLS provides access
digest implementations through two layers of indirection:

1) Call of MD API (e.g. mbedtls_md_update())
2) Call of function pointer from MD info structure
3) Actual digest implementation (e.g. mbedtls_sha256_update()).

Ideally, if only a single digest is enabled - say SHA-256 - then calling
mbedtls_md_update() should _directly_ jump to mbedtls_sha256_update(),
with both layers of indirection removed. So far, however, setting
MBEDTLS_MD_SINGLE_HASH will only remove the second - function pointer -
layer of indirection, while keeping the non-inlined stub implementations
of e.g. mbedtls_md_update() around.

This commit is a step towards allowing to define implementations of
the MD API as `static inline` in case we know that they are so small
that they should be defined in md.h and not in md.c.

In a nutshell, the approach is as follows: For an MD API function
mbedtls_md_xxx() that should be inlin-able, introduce its implementation
as a `static inline` wrapper `mbedtls_md_xxx_internal()` in md.h,
and then define mbedtls_md_xxx() either in md.h or in md.c, by just
calling mbedtls_md_xxx_internal().

Moving the implementations of those MD API functions that should be
inlinable to md.h requires the presence of both the MD info struct
and all specific digest wrapper functions in md.h, and this is what
this commit ensures, by moving them from md.c into a new internal
header file md_internal.h. Implementing the aforementioned wrappers for
those MD API that should be inlinable is left for subsequent commits.
2019-09-09 09:45:57 +01:00
Hanno Becker
3f7d270c18 md.c: Avoid overly long lines 2019-09-09 09:45:57 +01:00
Hanno Becker
3a98eab2c4 Don't return function pointers from MD info getters
ARMC5 appears to use the heuristic that as soon as a function's address
is taken, the function can no longer be removed from the resulting object
file (which is not necessarily true if all uses of the functions address
can be inlined).

Circumvent this lack of optimization by not returning function pointers.
2019-09-09 09:45:57 +01:00
Hanno Becker
08cf43a9ec Fix typo MBEDTLS_SSL_CONF_SINGLE_HASH -> MBEDTLS_MD_SINGLE_HASH 2019-09-09 09:45:57 +01:00
Hanno Becker
8fbacf941f check_config.h: Check MBEDTLS_MD_SINGLE_HASH is used with single MD
This commit modifies check_config.h to check that precisely one
hash is enabled if MBEDTLS_MD_SINGLE_HASH is set.

This is not only a reasonable expectation, it is also necessary,
because test suites assume that if a digest is enabled, it is also
accessible through the MD abstraction layer.
2019-09-09 09:45:57 +01:00
Hanno Becker
c763e9dc70 Add test for MD hardcoding to all.sh 2019-09-09 09:45:57 +01:00
Hanno Becker
bdaf0ea5d9 Make MD info getters always inline 2019-09-09 09:45:57 +01:00
Hanno Becker
d9bf935725 Disable invalid argument MD test case
With the removal of the MD handle from the MD context, it's a precondition
for any MD API outside of mbedtls_md_init() and mbedtls_md_setup() that
the MD context has been successfully setup by precisely those functions
beforehand, and hence must be bound to the single enabled valid MD handle.
2019-09-09 09:45:57 +01:00
Hanno Becker
c94fc6c0c2 Add MBEDTLS_ALWAYS_INLINE macro to platform_util.h 2019-09-09 09:45:57 +01:00
Hanno Becker
d806d9da89 Use SHA-256 as single hardcoded hash in baremetal configuration 2019-09-09 09:45:57 +01:00
Hanno Becker
ccb2b62f0a Remove handle from MD context in single hash config 2019-09-09 09:45:57 +01:00
Hanno Becker
1292c35c03 Add config.h option to hardcode choice of single MD algorithm
This commit introduces the configuration option

  MBEDTLS_MD_SINGLE_HASH

which can be used to hardcode support for a single digest algorithm
at compile-time, at the benefit of reduced code-size.

To use, it needs to be defined to evaluate to a macro of the form
MBEDTLS_MD_INFO_{DIGEST}, and macros MBEDTLS_MD_INFO_{DIGEST}_FIELD
must be defined, giving rise to the various aspects (name, type,
size, ...) of the chosen digest algorithm. MBEDTLS_MD_INFO_SHA256
provides an example, but other algorithms can be added if needed.

At the moment, the effect of using MBEDTLS_MD_SINGLE_HASH is that
the implementation of the MD API (e.g. mbedtls_md_update()) need no
longer to through the abstraction of the mbedtls_md_info structures
by calling their corresponding function pointers fields (akin to
virtual functions in C++), but the directly call the corresponding
core digest function (such as mbedtls_sha256_update()).

Therefore, MBEDTLS_MD_SINGLE_HASH so far removes the second layer
of indirection in the chain

  User calls MD API -> MD API calls underlying digest impl'n
                    -> Core digest impl'n does the actual work,

but the first indirection remains, as the MD API remains untouched
and cannot yet be inlined. Studying to what extend inlining the
shortened MD API implementations would lead to further code-savings
is left for a later commit.
2019-09-09 09:45:57 +01:00
Hanno Becker
d03949e2a4 Remove md_wrap.c and md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker
d3827c74d5 Introduce getter for MD handle from MD context 2019-09-09 09:45:57 +01:00
Hanno Becker
62a44d43b0 Allow defining MD information structs through macros
In builds enabling only a single MD digest, we want to be able to
implement the MD info getter functions by returning compile-time
constants matching the fields of the MD info structures used so far.

To avoid information duplication hardening maintainability, this
commit introduces the possibility of providing the various aspects
of a particular digest implementation by defining macros
MBEDTLS_MD_INFO_DIGEST_FIELD (e.g. MBEDTLS_MD_INFO_SHA256_SIZE)
and to generate the corresponding mbedtls_md_info instance from
this set of macros, via the new macro MBEDTLS_MD_INFO().

This way, we'll be able to switch between MD info based builds
and single-digest builds without information duplication.
2019-09-09 09:45:57 +01:00
Hanno Becker
0e7fc3166d Inline md_wrap.c in md.c
md_wrap.c doesn't expose any public functionality and doesn't
need to be present as a separate compilation unit.
2019-09-09 09:45:57 +01:00
Hanno Becker
530387eaa3 Introduce getter functions for MD info fields
This commit continues the introduction of the MD digest implementation
abstraction layer given by `mbedtls_md_handle_t` by adding getter
functions returning the various properties of an implementation
(e.g. name, digest type, digest size). For the existing implementation,
these are just structure field accesses; however, in configurations
hardcoding the choice of a fixed digest algorithm, we'll be able to
implement them as inline functions returning compile-time constants.
2019-09-09 09:45:57 +01:00
Hanno Becker
a5cedbcd3f Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard
505be8be4d Remove unnecessary depends in a test case 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
d6ac3308cd Adjust depends-hashes.pl to test NO_SHA224 as well 2019-09-09 10:21:30 +02:00