This commit introduces source files
- `ssl_12_gen.c`
- `ssl_12_srv.c`
- `ssl_12_cli.c`
which will subsequently be populated with implementations
for handshake reading and writing functions for all TLS
versions <= 1.2. `ssl_12_gen.c` shall contain functions
shared between client and server, while `ssl_12_cli.c`
and `ssl_12_srv.c` shall contain client/server-specific
functions only.
In order to retain git history, those files are so far
identical copies of `ssl_tls.c`, `ssl_srv.c` and `ssl_cli.c`,
and those latter files have been moved to temporary files
`ssl_xxx_old.c`. Subsequent commits will rename them back
to their original name and do the actual code split.
This commit makes some SSL functions public-internal -- moving them to
to the mbedtls_ namespace but declaring them within ssl_internal.h --
which a currently shared between the SSL logic layer implementation in
ssl_tls.c and the SSL messaging layer implementation in ssl_msg.c
Broadly, the file `ssl_tls.c` functionality from two categories:
1) An implementation of the TLS and DTLS messaging layer, that is,
the record layer as well as the DTLS retransmission state machine.
2) Handshake parsing and writing functions shared between client and
server (functions specific to either client or server are implemented
in ssl_cli.c and ssl_srv.c, respectively).
This commit is a first step towards separating those functionalities
by moving a number of messaging layer related functions from ssl_tls.c
to the newly created ssl_msg.c.
Because of implementation-specific dependencies between handshake logic
and messaging layer, a number of internal SSL functions are currently
used from both the handshake and the messaging layer. Those functions
will need to made public internal (i.e. declared in the mbedtls_ name-
space in ssl_internal.h), but this is left for the next commit in order
to ease review through `git diff --color-moved`. Also, the analysis of
whether their use can/should be restricted to either ssl_tls.c or ssl_msg.c
is left for future commits.
This commit is the first step in implementing the TLS handshake logic
and the low-level (D)TLS messaging functionality (record layer and
retransmission state machine) in separate source files. So far, they're
both implemented in ssl_tls.c.
To begin, this commit creates unmodified copies ssl_tls_old.c and ssl_msg.c
of ssl_tls.c, which in turn is deleted. Subsequent commits will then rename
ssl_tls_old.c back into ssl_tls.c and remove code so that each piece of
functionality is contained in precisely one of ssl_tls.c or ssl_msg.c.
This approach allows to maintain the git line history.
Adapt to the change of encoding of elliptic curve key types in PSA
crypto. Before, an EC key type encoded the TLS curve identifier. Now
the EC key type only includes an ad hoc curve family identifier, and
determining the exact curve requires both the key type and size. This
commit moves from the old encoding and old definitions from
crypto/include/mbedtls/psa_util.h to the new encoding and definitions
from the immediately preceding crypto submodule update.
Previously in d8752858fc:
* #333: Streamline PSA key type encodings: prepare
* #323: Initialise return values to an error
Previously in dbcb44202c:
* #291: Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
* #334: Fix some pylint warnings
Previously in ceceedb532:
* #348: Bump version to Mbed TLS 2.20.0 and crypto SO version to 4
* #354: Fix incrementing pointer instead of value
In this commit:
* #349: Fix minor defects found by Coverity
* #179: Add option to build SHA-512 without SHA-384
* #327: Implement psa_hash_compute and psa_hash_compare
* #330: Streamline PSA key type and curve encodings
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes#3005.
This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink.
ssl_decompress_buf() was operating on data from the ssl context, but called at
a point where this data is actually in the rec structure. Call it later so
that the data is back to the ssl structure.
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
If there was a fatal error (bizarre behavior from the standard
library, or missing test data file), execute_tests did not close the
outcome file. Fix this.