Add test cases for SSL asynchronous signature to ssl-opt.sh:
* Delay=0,1 to test the sequences of calls to f_async_resume
* Test fallback when the async callbacks don't support that key
* Test error injection at each stage
* Test renegotiation
Implement SSL asynchronous private operation for the case of a
signature operation in a server.
This is a first implementation. It is functional, but the code is not
clean, with heavy reliance on goto.
The pk layer can infer the hash length from the hash type. Calculate
it explicitly here anyway because it's needed for debugging purposes,
and it's needed for the upcoming feature allowing the signature
operation to be offloaded to an external cryptographic processor, as
the offloading code will need to know what length hash to copy.
New options in ssl_server2 to use the asynchronous private key
operation feature.
Features: resume delay to call resume more than once; error injection
at each stage; renegotiation support.
New compile-time option MBEDTLS_SSL_ASYNC_PRIVATE_C, enabling
callbacks to replace private key operations. These callbacks allow the
SSL stack to make an asynchronous call to an external cryptographic
module instead of calling the cryptography layer inside the library.
The call is asynchronous in that it may return the new status code
MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, in which case the SSL stack returns
and can be later called where it left off.
This commit introduces the configuration option. Later commits will
implement the feature proper.
This function is declared in ssl_internal.h, so this is not a public
API change.
This is in preparation for mbedtls_ssl_handshake_free needing to call
methods from the config structure.
In SSL, don't use mbedtls_pk_ec or mbedtls_pk_rsa on a private
signature or decryption key (as opposed to a public key or a key used
for DH/ECDH). Extract the data (it's the same data) from the public
key object instead. This way the code works even if the private key is
opaque or if there is no private key object at all.
Specifically, with an EC key, when checking whether the curve in a
server key matches the handshake parameters, rely only on the offered
certificate and not on the metadata of the private key.
Edit the CMAC_ALT ChangeLog entry to mention CCM_ALT which was added
in a sister PR and is being merged together.
Use full name rather than Github id as attribution.
Move the entry under "Features" for better consistency with historical
practice.
Conflict resolution: additions in the same places as
upstream-public/pr/865, both adding into lexicographically sorted
lists, resolved by taking the additions in lexicographic order.
* public/pr/1207:
all.sh: add some documentation
all.sh: new option --no-armcc
all.sh: add --yotta to go with --no-yotta
all.sh: --keep-going mode
all.sh: cleaned up usage output
all.sh: indent
* public/pr/1136:
Timing self test: shorten redundant tests
Timing self test: increased duration
Timing self test: increased tolerance
Timing unit tests: more protection against infinite loops
Unit test for mbedtls_timing_hardclock
New timing unit tests
selftest: allow excluding a subset of the tests
selftest: allow running a subset of the tests
selftest: refactor to separate the list of tests from the logic
Timing self test: print some diagnosis information
mbedtls_timing_get_timer: don't use uninitialized memory
timing interface documentation: minor clarifications
Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
Add --keep-going mode to all.sh. In this mode, if a test fails, keep
running the subsequent tests. If a build fails, skip any tests of this
build and move on to the next tests. Errors in infrastructure, such as
git or cmake runs, remain fatal. Print an error summary at the end of
the run, and return a nonzero code if there was any failure.
In known terminal types, use color to highlight errors.
On a fatal signal, interrupt the run and report the errors so far.
1. Surround the generate keys with
`#if ! defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)`
to resolve build issue when `MBEDTLS_SELF_TEST` is defined for
alternative CMAC as well
2. Update ChangeLog
Increase the duration of the self test, otherwise it tends to fail on
a busy machine even with the recently upped tolerance. But run the
loop only once, it's enough for a simple smoke test.
mbedtls_timing_self_test fails annoyingly often when running on a busy
machine such as can be expected of a continous integration system.
Increase the tolerances in the delay test, to reduce the chance of
failures that are only due to missing a deadline on a busy machine.
If timing_timer_simple fails because it detects that timers are likely
to never expire (e.g. going backward or not incrementing), skip all
tests that rely on timers.
Do test mbedtls_timing_hardclock. We can't reliably test much about
it, but at least test that it doesn't crash, isn't constant, and
doesn't look completely random.
New set of unit tests for the timing module, instead of just running
the selftest function.
The selftest function sometimes fails on a heavily loaded
machine (such as a typical continuous integration system). Because of
the all-in-one nature of the test and because the exact load pattern
can be hard to reproduce, it is difficult to diagnose failures of CI
runs with selftest. The new tests are more separated and I strove to
point out potential failure modes in comments.
* mbedtls_timing_hardclock: not tested. This function gives so few
guarantees that there isn't much to test, and it is hard to test
reliably because clock cycles don't easily relate to time in any
remotely portable way. This function isn't used in the library
anyway, it's only there for benchmark programs.
* mbedtls_timing_get_timer: tested by setting a timer and verifying
that it reaches its target, and by verifying that a timer started
later than another always has a smaller elapsed time.
* mbedtls_set_alarm: tested by setting an alarm, busy-waiting for it
and measuring the elapsed time with a timer.
* mbedtls_timing_set_delay, mbedtls_timing_get_delay: tested by
setting a delay object and watching it go through its two delay
values, using a timer to check that the delays are passed at the
expected time.
The tests pass under light to moderate load, but some of them can be
defeated with sufficiently heavy load. This is unavoidable since the
test process to be effectively suspended for any length of time,
making us think that a timer has gone on for too long.
Print some not-very-nice-looking but helpful diagnosis information if
the timing selftest fails. Since the failures tend to be due to heavy
system load that's hard to reproduce, this information is necessary to
understand what's going on.
mbedtls_timing_get_timer with reset=1 is called both to initialize a
timer object and to reset an already-initialized object. In an
initial call, the content of the data structure is indeterminate, so
the code should not read from it. This could crash if signed overflows
trap, for example.
As a consequence, on reset, we can't return the previously elapsed
time as was previously done on Windows. Return 0 as was done on Unix.
The POSIX/Unix implementation of mbedtls_set_alarm did not set the
mbedtls_timing_alarmed flag when called with 0, which was inconsistent
with what the documentation implied and with the Windows behavior.
* restricted/pr/397:
Don't split error code description across multiple lines
Register new error code in error.h
Move deprecation to separate section in ChangeLog
Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
Adapt RSA test suite
Adapt ChangeLog
Deprecate usage of RSA primitives with wrong key type