commit 4ac4008fa0 ("Access
ssl->hostname through abstractions in certificate verification").
Due to this an unused function warning can occur if neither SNI nor
handshake is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When we are doing PSK, we'd like to set verify_result to
0 to indicate success. Previously this was done in
mbedtls_ssl_set_hs_psk() but this is inadequate since this function may
be called for early data (where certificate verification happens later
in the handshake).
Instead, set this value after writing / processing the encrypted
extensions on the server / client respectively, so that we know whether
we are doing certificate verification or not for sure. This change is
effective only for TLS 1.3 as TLS 1.2 sets verify_result for PSK in
ssl_parse_certificate_coordinate().
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The check was wrongly removed by the commit
"ssl_tls12_server.c: Move ClientHello message_seq adjustment".
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move back the digest update just after
the call to mbedtls_ssl_read_record().
It fits well here as we explain in the
comment associated to the call to
mbedtls_ssl_read_record() that we
update it manually.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When `MBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE` is defined, do not enable
`MBEDTLS_PLATFORM_IS_UNIXLIKE`. This lets us test baremetal builds as such
even if we happen to be building for Linux or other Unix-like platform.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were using slightly different guards to decide whether to include
`<unistd.h>` in different places. Unify those.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The signature of a dummy hash for which no pre-image is know is probably
not sensitive, but zeroize it anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In ssl_tls12_server.c:ssl_parse_client_hello(), remove
the code that directly reads the received data to read
the record expected to contain the ClientHello message.
The function already supported handling a ClientHello
read via mbedtls_ssl_read_record() in the following
cases:
- when the ClientHello was read as a post-handshake
message (renegotiation).
- when the ClientHello was read by
ssl_tls13_process_client_hello() during TLS 1.3 or
TLS 1.2 version negotiation.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The original macro was accounting for the size of public FFDH keys,
which are not a concern for PK. Use sizes for key types supported by PK,
this brings the size of the buffer from 1kB to 528 bytes in the default
config.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In all.sh component test_psa_crypto_config_accel_rsa_crypto, where RSA
is provided only by a drivers, we were using a stack buffer. However
that was not correct, as "opaque" (PSA-held) RSA keys are still
possible. This was pointed by failing test cases in test_suite_pk, such
as "PSA import into PSA: opaque RSA, EXPORT (ok)".
As usual with 3.6, we need more complicated pre-processor conditions.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The type was validated near the end of the function when importing, but
if makes more sense to validate upfront before we possibly allocate a
buffer, export the key to it etc.
This also guarantees a sensible error value without requiring a special
case when exporting on the stack.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This makes test_suite_pk pass again, but beyond that I think it's the
right thing to do.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This fixes 2 out of the 3 tests cases that were failing in
test_suite_pk. The last failure will be adressed in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
But still retain the ability to function without a heap when only ECC is
enabled.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
When we are using PSK or authmode is MBEDTLS_SSL_VERIFY_NONE, set
verify_result to 0 rather than MBEDTLS_X509_BADCERT_SKIP_VERIFY.
This is specific to the 3.6 LTS, to preserve the previous behaviour of
the library in these cases, which was determined by the default value
of verify_result being 0.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When we are using PSK or when authmode == MBEDTLS_SSL_VERIFY_NONE, we
intentionally do not verify the certificate. In these cases, do not keep
verify_result at -1u but set it to MBEDTLS_X509_BADCERT_SKIP_VERIFY to
indicate that no certificate verification took place.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Initialize the verify_result field in mbedtls_ssl_session_free().
Previously we were just zeroising the entire session object, which would
yield a default 'success' value if the same object were reused.
Test that this initialisation is actually happening by setting
verify_result manually to zero and calling mbedtls_ssl_session_free() on
the session before checking its value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we explicitly document the value 0xFFFFFFFF or -1u as representing
'result not available', we can use it as a sensible default value
without creating an API change. Use this value instead of introducing a
new verification result value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
At initialization, set the verify_result field of the ssl session to
MBEDTLS_X509_VERIFY_NOT_STARTED, rather than 0 as it is by default
currently. This prevents mbedtls_ssl_get_verify_result() from indicating
that certificate verification has passed if it is called prior to the
handshake happening.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
