Follow the same pattern that was used in the past to remove dependency
on MBEDTLS_RSA_C and use PSA_WANT instead.
Relying on MBEDTLS_RSA_C is fine only when builtin drivers are compiled
since all PSA_WANT are converted to legacy build symbols. However when
builtin drivers are not built (ex: in case of TF-M), then part of the code
in TLS/X509 won't be compiled because MBEDTLS_RSA_C is not set. OTOH
it's not possible to declare that symbol in a configuration file because
it's a legacy one and it will be rejected by buildtime checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Replace MBEDTLS_ECP_C with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY which is
already used in all other profiles in this file.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When we are doing PSK, we'd like to set verify_result to
MBEDTLS_X509_BADCERT_SKIP_VERIFY. Previously this was done in
mbedtls_ssl_set_hs_psk() but this is inadequate since this function may
be called for early data (where certificate verification happens later
in the handshake.
Instead, set this value after writing / processing the encrypted
extensions on the server / client respectively, so that we know whether
we are doing certificate verification or not for sure. This change is
effective only for TLS 1.3 as TLS 1.2 sets verify_result for PSK in
ssl_parse_certificate_coordinate().
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The check was wrongly removed by the commit
"ssl_tls12_server.c: Move ClientHello message_seq adjustment".
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move back the digest update just after
the call to mbedtls_ssl_read_record().
It fits well here as we explain in the
comment associated to the call to
mbedtls_ssl_read_record() that we
update it manually.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Define `_POSIX_C_SOURCE` and `_XOPEN_SOURCE` in a single place that
applies everywhere, to make things simple.
This may break some platforms that require special handling for POSIX
functions and types. Subsequent commits will add platform-specific hacks
as needed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were using slightly different guards to decide whether to include
`<unistd.h>` in different places. Unify those.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On MingW, temporarily force the use of the standard versions of `snprintf()`
and `vsnprintf()` (since we set `__USE_MINGW_ANSI_STDIO` in
`mbedtls_platform_requirements.h`). Do not honor `platform.h` configuration,
because with the current TF-PSA-Crypto, `MBEDTLS_PLATFORM_VSNPRINTF_ALT and
`MBEDTLS_PLATFORM_SNPRINTF_ALT` are always enabled on MinGW, so what matters
is the setting of `__USE_MINGW_ANSI_STDIO` when `platform.c` is built, and
until https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694, the legacy printf
functions are used there.
Revert this commit once the `tf-psa-crypto` module is updated with the merge
of https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Always activate `__USE_MINGW_ANSI_STDIO` unless overridden on the command
line. This is necessary with older versions of MingW and/or Windows,
where snprintf does not always zero-terminate the buffer, and does
not support formats such as `"%zu"` for size_t and `"%lld"` for long long.
Simplify debug.h accordingly. The macros `MBEDTLS_PRINTF_SIZET`,
`MBEDTLS_PRINTF_SIZET_HAX` and `MBEDTLS_PRINTF_LONGLONG` are no longer
needed, but they are still used in our code base and must stay in debug.h
for backward compatibility.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On some platforms, the system headers expose different interfaces depending
on what macros are defined, for example to provide different standards
compliance level. Create a common place where we can declare such macros,
so that our code can behave in the same way when it's in different files.
Individual .c files can still override these requirements by defining
macros before including the common header, if it's really necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We already have `x509_internal.h` which is common to all parts of the X.509
library, and `ssl_misc.h` which is common to all parts of the TLS library.
Also create `mbedtls_common.h` which is for the Mbed TLS project as a whole.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In ssl_tls12_server.c:ssl_parse_client_hello(), remove
the code that directly reads the received data to read
the record expected to contain the ClientHello message.
The function already supported handling a ClientHello
read via mbedtls_ssl_read_record() in the following
cases:
- when the ClientHello was read as a post-handshake
message (renegotiation).
- when the ClientHello was read by
ssl_tls13_process_client_hello() during TLS 1.3 or
TLS 1.2 version negotiation.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Don't ship two slightly different wheels.
This reduces our platform adherence by using only `clock_gettime()` in the
library and not `gettimeofday()` as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.
This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on
an mbedtls_md_type_t when it should be called on a psa_algorithm_t.
Fortunately, these two types have almost the same values, since we have
previously aligned them to make conversion more efficient. As a result,
PSA_HASH_LENGTH() produces exactly the same value when called on an
mbedtls_md_type_t as with the equivalent psa_algorithm_t.
Thanks to this happy coincidence, fix a largely cosmetic issue (rather
than a major functional bug).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When we are using PSK or when authmode == MBEDTLS_SSL_VERIFY_NONE, we
intentionally do not verify the certificate. In these cases, do not keep
verify_result at -1u but set it to MBEDTLS_X509_BADCERT_SKIP_VERIFY to
indicate that no certificate verification took place.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not
correct. The correct version is already available few lines below in the
same header file.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Initialize the verify_result field in mbedtls_ssl_session_free().
Previously we were just zeroising the entire session object, which would
yield a default 'success' value if the same object were reused.
Test that this initialisation is actually happening by setting
verify_result manually to zero and calling mbedtls_ssl_session_free() on
the session before checking its value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we explicitly document the value 0xFFFFFFFF or -1u as representing
'result not available', we can use it as a sensible default value
without creating an API change. Use this value instead of introducing a
new verification result value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
At initialization, set the verify_result field of the ssl session to
MBEDTLS_X509_VERIFY_NOT_STARTED, rather than 0 as it is by default
currently. This prevents mbedtls_ssl_get_verify_result() from indicating
that certificate verification has passed if it is called prior to the
handshake happening.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate
the library size.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- let the macro be an initializer for the array of known TLS IDs, not
a variable declarator;
- last item's group name is NULL, not an empty string
- change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to
MBEDTLS_SSL_IANA_TLS_GROUPS_INFO
- define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to
hold each element of the table and that can be used the go over the
list from user code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
