Commit Graph

13166 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
56941fe6a2 Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 09:33:45 +01:00
Manuel Pégourié-Gonnard
0d20740437
Merge pull request #2263 from andresag01/iotssl-2544-deprecate-record-accel-2
Deprecate feature MBEDTLS_SSL_HW_RECORD_ACCEL
2020-02-26 09:18:48 +01:00
Gilles Peskine
d7fb66fd13 If a key is not of a supported type, something went wrong 2020-02-25 19:54:27 +01:00
Gilles Peskine
e60b365a5e EC keys can have the type MBEDTLS_PK_ECKEY_DH too 2020-02-25 19:54:07 +01:00
Gilles Peskine
f02b984f86 Sanity check on elliptic curve keys: check that the group is known 2020-02-25 19:52:44 +01:00
Gilles Peskine
8d36696e1f Fix fuzz_pubkey failure on valid RSA keys
On a valid RSA public key, mbedtls_rsa_export should succeed if you
ask for the public fields, but fail if you ask for private fields. The
code was expecting to succeed when asking for private fields, so
failed on every valid RSA public key.
2020-02-25 19:51:07 +01:00
Jaeden Amero
6fb7bd0228
Merge pull request #3046 from piotr-now/dtls-renegotiation
DTLS renegotiation
2020-02-25 18:58:04 +04:00
Jaeden Amero
2287a47d11
Merge pull request #3043 from piotr-now/dtls-application-data
DTLS application data
2020-02-25 18:35:14 +04:00
Piotr Nowicki
95e9eb8d91 Add test for renegotiation in DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:15:00 +01:00
Piotr Nowicki
6a7f01c237 Add test with sending application data via DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:10:15 +01:00
Manuel Pégourié-Gonnard
a4522e8467 Uniformize wording for removal of deprecated things
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:54 +01:00
Andres Amaya Garcia
10edb3e8da Add comment to matching #endif
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:52 +01:00
Andres Amaya Garcia
da15409aea Remove the word likely from deprecated documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:51 +01:00
Andres Amaya Garcia
4156ac18d7 Wrap deprecations for HW_RECORD_ACCEL with DEPRECATED_REMOVED
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:48 +01:00
Andres Amaya Garcia
3f6cc5f786 Deprecate global func ptrs for MBEDTLS_SSL_HW_RECORD_ACCEL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:46 +01:00
Andres Amaya Garcia
84b4e796a3 Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL config
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-25 12:47:27 +01:00
Jaeden Amero
20b3a68e70
Merge pull request #3042 from AndrzejKurek/dtls-handshake-serialization
Dtls handshake serialization test
2020-02-24 14:56:00 +04:00
Janos Follath
6fc816ae7c
Merge pull request #3038 from gilles-peskine-arm/align-crypto-programs
Side-port from crypto: programs/
2020-02-24 10:36:39 +00:00
Andrzej Kurek
da2b67806b
Add a dtls handshake test with context serialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-24 04:56:53 -05:00
Jaeden Amero
a08e699afc
Merge pull request #3036 from AndrzejKurek/dtls-handshake-tests
DTLS handshake tests
2020-02-21 15:18:52 +04:00
Gilles Peskine
13fac98aca Generalize everest support to generic 3rdparty support
Other third-party components can now be added by just adding lines to
the definitions of @thirdparty_header_dirs and
@thirdparty_source_dirs.

No semantic change. The output does not change at all.
2020-02-19 20:13:29 +01:00
Gilles Peskine
9ab9621511 Move 3rdparty mentions to a separate line
This makes it easier to merge changes related to adding or removing
3rdparty items.

No semantic change.
2020-02-19 20:13:29 +01:00
Janos Follath
aaabe86ac1
Merge pull request #3055 from yanesca/update_submodule_and_version_2.21.0
Update submodule and version 2.21.0
2020-02-19 17:13:48 +00:00
Dan Handley
e0fcd887b8 Minor formatting fixes to CONTRIBUTING.md
Fix inconsistent list formatting in CONTRIBUTING.md.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-02-19 16:05:10 +00:00
Dan Handley
af997e0088 Drop requirement for a CLA
The Mbed Crypto project no longer requires a CLA. Contributions from now on
must be made under both Apache-2.0 and GPL-2.0-or-later licenses, to enable
LTS (Long Term Support) branches of the software to continue to be provided
under either Apache-2.0 OR GPL-2.0-or-later. Contributors must accept the
terms of the Developer Certificate of Origin (DCO) by adding a Signed-off-by:
line to each commit message.

The software on the development branch continues to be provided under
Apache-2.0.

Update README.md and CONTRIBUTING.md to explain the new licensing model.
Add a copy of the DCO to the project.

Expand the full Apache-2.0 license text in the LICENSE file and remove the
redundant apache-2.0.txt.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-02-19 16:04:44 +00:00
Dan Handley
20579b7938 Add project description to README.md
Add simple project description to README.md.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-02-19 15:53:50 +00:00
Dan Handley
16a988527f Minor formatting fixes to CONTRIBUTING.md
Fix inconsistent list formatting in CONTRIBUTING.md.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-02-19 15:50:52 +00:00
Dan Handley
c76a54554c Drop requirement for a CLA
The Mbed TLS project no longer requires a CLA. Contributions from now on
must be made under both Apache-2.0 AND GPL-2.0-or-later licenses, to enable
LTS (Long Term Support) branches of the software to continue to be provided
under either Apache-2.0 OR GPL-2.0-or-later. Contributors must accept the
terms of the Developer Certificate of Origin (DCO) by adding a Signed-off-by:
line to each commit message.

The software on the development branch continues to be provided under
Apache-2.0.

Update README.md, CONTRIBUTING.md and pull_request_template.md to explain
the new licensing model. Add a copy of the DCO to the project.

Expand the full Apache-2.0 license text in the LICENSE file and remove the
redundant apache-2.0.txt.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-02-19 15:50:40 +00:00
Janos Follath
138c2eac55 Add release info to ChangeLog 2020-02-19 14:35:16 +00:00
Janos Follath
84d2fd4ee2 Bump version to Mbed TLS 2.21.0 2020-02-19 14:35:16 +00:00
Janos Follath
d1692ee07a Update ChangeLog for crypto changes from a591985c62
Add ChangeLog entries for changes brought by the submodule update in
the previous commit.
2020-02-19 14:30:44 +00:00
Janos Follath
a591985c62 Update submodule
* #365 Change PSA compatibility API to inline functions
* #367 Fix pk_parse_key()'s use of rsa_complete()
* #370 Bump version to Mbed TLS 2.21.0
2020-02-19 14:29:38 +00:00
Janos Follath
cf4a40ba0a
Merge pull request #370 from yanesca/update-version-2.21.0
Bump version to Mbed TLS 2.21.0
2020-02-19 14:21:11 +00:00
Janos Follath
bc7c2424c9 Bump version to Mbed TLS 2.21.0 2020-02-19 11:51:13 +00:00
Gilles Peskine
f841eab48f
Merge pull request #367 from mpg/fix-rsa-complete
Fix pk_parse_key()'s use of rsa_complete()
2020-02-19 10:23:03 +01:00
Manuel Pégourié-Gonnard
f8b9329125
Merge pull request #365 from soby-mathew/sm/static_fns_compat
Change the compatibility API to inline functions
2020-02-18 12:59:50 +01:00
Manuel Pégourié-Gonnard
bbb5a0a94a Fix pkparse bug wrt MBEDTLS_RSA_ALT
Some code paths want to access members of the mbedtls_rsa_context structure.
We can only do that when using our own implementation, as otherwise we don't
know anything about that structure.
2020-02-18 10:31:29 +01:00
Manuel Pégourié-Gonnard
9bbe328752 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 10:31:29 +01:00
Gilles Peskine
8d073c7330
Merge pull request #3037 from gilles-peskine-arm/update-submodule-20200206
Update crypto submodule 2020-02-06
2020-02-18 10:29:18 +01:00
Manuel Pégourié-Gonnard
b65370f97d Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 10:18:43 +01:00
Manuel Pégourié-Gonnard
c42267920c Check public part when parsing private RSA key 2020-02-18 10:18:43 +01:00
Manuel Pégourié-Gonnard
a04a2c3ef1 Don't pass zero to rsa_complete() as a param
When parsing a PKCS#1 RSAPrivateKey structure, all parameters are always
present. After importing them, we need to call rsa_complete() for the sake of
alternative implementations. That function interprets zero as a signal for
"this parameter was not provided". As that's never the case, we mustn't pass
any zero value to that function, so we need to explicitly check for it.
2020-02-18 10:18:43 +01:00
Gilles Peskine
25a5c09fbb Update ChangeLog for crypto changes from 799ae77f90
Add ChangeLog entries for changes brought by the submodule update in
the previous commit.
2020-02-17 11:49:33 +01:00
Gilles Peskine
799ae77f90 Update crypto submodule
* #352: Parse RSA parameters DP, DQ and QP from PKCS1 private keys
* #263: Introduce ASN.1 SEQUENCE traversal API
* #345: Fix possible error code mangling in psa_mac_verify_finish
* #357: Update Mbed Crypto with latest Mbed TLS changes as of 2020-02-03
* #350: test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes
* #346: Improve robustness and testing of mbedtls_mpi_copy
2020-02-17 11:46:12 +01:00
Gilles Peskine
f142d4ccab Update ChangeLog for crypto changes since Mbed Crypto 3.0.1
Add ChangeLog entries for changes brought by the submodule update in
81d3100250.
2020-02-17 11:46:12 +01:00
Andrzej Kurek
941962eb91 Add DTLS handshake tests for the mocked ssl test suite
Starting with TLS 1.1
2020-02-12 09:18:19 -05:00
Andrzej Kurek
15daf50b05 Parametrize the endpoint init and free to prepare for DTLS tests 2020-02-12 09:17:52 -05:00
Manuel Pégourié-Gonnard
a0c164a2d4
Merge pull request #3010 from hanno-arm/tls_msg_split
Introduce separate source file for SSL messaging layer
2020-02-12 09:59:12 +01:00
Manuel Pégourié-Gonnard
657daba81c
Merge pull request #2873 from gilles-peskine-arm/bk-warning-fixes-x509
Fix some possibly-undefined variable warnings
2020-02-12 09:16:23 +01:00
Gilles Peskine
765d240ca6 Test component with malloc(0) returning NULL: run some ssl tests 2020-02-11 19:26:28 +01:00