On MingW, temporarily force the use of the standard versions of `snprintf()`
and `vsnprintf()` (since we set `__USE_MINGW_ANSI_STDIO` in
`mbedtls_platform_requirements.h`). Do not honor `platform.h` configuration,
because with the current TF-PSA-Crypto, `MBEDTLS_PLATFORM_VSNPRINTF_ALT and
`MBEDTLS_PLATFORM_SNPRINTF_ALT` are always enabled on MinGW, so what matters
is the setting of `__USE_MINGW_ANSI_STDIO` when `platform.c` is built, and
until https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694, the legacy printf
functions are used there.
Revert this commit once the `tf-psa-crypto` module is updated with the merge
of https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Always activate `__USE_MINGW_ANSI_STDIO` unless overridden on the command
line. This is necessary with older versions of MingW and/or Windows,
where snprintf does not always zero-terminate the buffer, and does
not support formats such as `"%zu"` for size_t and `"%lld"` for long long.
Simplify debug.h accordingly. The macros `MBEDTLS_PRINTF_SIZET`,
`MBEDTLS_PRINTF_SIZET_HAX` and `MBEDTLS_PRINTF_LONGLONG` are no longer
needed, but they are still used in our code base and must stay in debug.h
for backward compatibility.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On some platforms, the system headers expose different interfaces depending
on what macros are defined, for example to provide different standards
compliance level. Create a common place where we can declare such macros,
so that our code can behave in the same way when it's in different files.
Individual .c files can still override these requirements by defining
macros before including the common header, if it's really necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We already have `x509_internal.h` which is common to all parts of the X.509
library, and `ssl_misc.h` which is common to all parts of the TLS library.
Also create `mbedtls_common.h` which is for the Mbed TLS project as a whole.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In mbedtls_x509_string_to_names() we were not checking for allocation
failures. An allocation failure would lead to a memcpy() to a null
pointer address.
Fix this by checking the result of the call to mbedtls_calloc() and
returning MBEDTLS_ERR_X509_ALLOC_FAILED in the error case.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
In ssl_tls12_server.c:ssl_parse_client_hello(), remove
the code that directly reads the received data to read
the record expected to contain the ClientHello message.
The function already supported handling a ClientHello
read via mbedtls_ssl_read_record() in the following
cases:
- when the ClientHello was read as a post-handshake
message (renegotiation).
- when the ClientHello was read by
ssl_tls13_process_client_hello() during TLS 1.3 or
TLS 1.2 version negotiation.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Don't ship two slightly different wheels.
This reduces our platform adherence by using only `clock_gettime()` in the
library and not `gettimeofday()` as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Nowadays, the timing module just builds on a function that provides a timer
with millisecond resolution. In terms of platform requirements, this is
almost exactly equivalent to `mbedtls_ms_time()`
provides (`mbedtls_ms_time()` is arguably a little stronger because it is
supposed to last longer than a single timer object, but an application could
start a timer when it starts, so there's no real difference.) So it's a bit
silly that `timing.c` essentially reimplements this. Rely on
`mbedtls_ms_time()` instead.
This is an API break because in Mbed TLS 4.0, it was possible to enable
`MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only
provided an implementation for Windows and Unix-like platforms, and on those
platforms, it is very likely that the default implementation of
`MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform
that has the traditional Unix function `gettimeofday()`, but not the 1990s
novelty `clock_gettime()`.) So make this an official requirement, as a
belated change that really should have gone into 4.0 if we'd taken the time
to dig into it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on
an mbedtls_md_type_t when it should be called on a psa_algorithm_t.
Fortunately, these two types have almost the same values, since we have
previously aligned them to make conversion more efficient. As a result,
PSA_HASH_LENGTH() produces exactly the same value when called on an
mbedtls_md_type_t as with the equivalent psa_algorithm_t.
Thanks to this happy coincidence, fix a largely cosmetic issue (rather
than a major functional bug).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When we are using PSK or when authmode == MBEDTLS_SSL_VERIFY_NONE, we
intentionally do not verify the certificate. In these cases, do not keep
verify_result at -1u but set it to MBEDTLS_X509_BADCERT_SKIP_VERIFY to
indicate that no certificate verification took place.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not
correct. The correct version is already available few lines below in the
same header file.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The flawed condition made us accept invalid IPv6 addresses and in some
cases lead to a buffer underread.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Initialize the verify_result field in mbedtls_ssl_session_free().
Previously we were just zeroising the entire session object, which would
yield a default 'success' value if the same object were reused.
Test that this initialisation is actually happening by setting
verify_result manually to zero and calling mbedtls_ssl_session_free() on
the session before checking its value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we explicitly document the value 0xFFFFFFFF or -1u as representing
'result not available', we can use it as a sensible default value
without creating an API change. Use this value instead of introducing a
new verification result value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
At initialization, set the verify_result field of the ssl session to
MBEDTLS_X509_VERIFY_NOT_STARTED, rather than 0 as it is by default
currently. This prevents mbedtls_ssl_get_verify_result() from indicating
that certificate verification has passed if it is called prior to the
handshake happening.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate
the library size.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- let the macro be an initializer for the array of known TLS IDs, not
a variable declarator;
- last item's group name is NULL, not an empty string
- change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to
MBEDTLS_SSL_IANA_TLS_GROUPS_INFO
- define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to
hold each element of the table and that can be used the go over the
list from user code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- adjust function name to mbedtls_ssl_get_fatal_alert
- fix missing property name changes for mbedtls_ssl_context
Signed-off-by: Nico Geyso <ng@gsmk.de>
Being a macro allow the table to be instatiated only when/if necessary
by the consuming code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
