ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #10818 from ARMmbed/release-candidate 

Release candidate for mbed-os-5.13.0-rc3
tools-release-5.13.0 mbed-os-5.13.0-rc3
Anna Bridge 2019-06-19 09:51:26 +01:00 committed by GitHub
parent cd8e315ba5 bf676c1264
commit 92a58dff99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 1283 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
TESTS/mbed_hal/critical_section/main.cpp
View File

@ -28,12 +28,9 @@ using utest::v1::Case;
bool test_are_interrupts_enabled(void)
{
// NRF5x targets don't disable interrupts when in critical section, instead they mask application interrupts this is due to BLE stack
// (BLE to be operational requires some interrupts to be always enabled)
#if defined(TARGET_NRF52)
// check if APP interrupts are masked for NRF52 boards
return (((NVIC->ISER[0] & __NRF_NVIC_APP_IRQS_0) != 0) || ((NVIC->ISER[1] & __NRF_NVIC_APP_IRQS_1) != 0));
#elif defined(TARGET_NRF51)
// NRF51 targets don't disable interrupts when in critical section, instead they mask application interrupts.
// This is due to SoftDevice BLE stack (BLE to be operational requires some interrupts to be always enabled)
#if defined(TARGET_NRF51)
// check if APP interrupts are masked for other NRF51 boards
return ((NVIC->ISER[0] & __NRF_NVIC_APP_IRQS_0) != 0);
#else

4
features/FEATURE_BLE/targets/TARGET_CORDIO/TESTS/cordio_hci/transport/main.cpp
View File

@ -33,6 +33,10 @@ using ble::vendor::cordio::CordioHCITransportDriver;
extern ble::vendor::cordio::CordioHCIDriver& ble_cordio_get_hci_driver();
#if CORDIO_ZERO_COPY_HCI
#error [NOT_SUPPORTED] Test not relevant for zero copy hci.
#endif
namespace ble {
namespace vendor {
namespace cordio {

6
features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NORDIC_CORDIO/TARGET_NRF5x/stack/sources/pal_crypto.c
View File

@ -23,7 +23,7 @@
#include "pal_types.h"
#include "pal_bb_ble.h"
#if defined(NRF52840_XXAA) && MBED_CONF_CORDIO_LL_NRF52840_CRYPTOCELL310_ACCELERATION
#if defined(NRF52840_XXAA) && defined(FEATURE_CRYPTOCELL310) && MBED_CONF_CORDIO_LL_NRF52840_CRYPTOCELL310_ACCELERATION
#include "crys_rsa_kg.h"
#include "crys_dh.h"
#include "ssi_pal_types.h"
@ -34,7 +34,7 @@
/* Nordic specific definitions. */
#include "nrf_ecb.h"
#include "nrf.h"
#if defined(NRF52840_XXAA) && MBED_CONF_CORDIO_LL_NRF52840_CRYPTOCELL310_ACCELERATION
#if defined(NRF52840_XXAA) && defined(FEATURE_CRYPTOCELL310) && MBED_CONF_CORDIO_LL_NRF52840_CRYPTOCELL310_ACCELERATION
#include "nrf52840.h"
#endif
#include <string.h>
@ -690,7 +690,7 @@ bool_t PalCryptoAesCcmDecrypt(PalCryptoEnc_t *pEnc, uint8_t *pBuf)
return TRUE;
}
#if defined(NRF52840_XXAA) && MBED_CONF_CORDIO_LL_NRF52840_CRYPTOCELL310_ACCELERATION
#if defined(NRF52840_XXAA) && defined(FEATURE_CRYPTOCELL310) && MBED_CONF_CORDIO_LL_NRF52840_CRYPTOCELL310_ACCELERATION
/*************************************************************************************************/
/*!
* \brief Execute the CCM-Mode encryption algorithm.

2
features/frameworks/nanostack-libservice/mbed-client-libservice/ns_list.h
View File

@ -148,7 +148,7 @@ union \
{ \
ns_list_t slist; \
NS_FUNNY_COMPARE_OK \
NS_STATIC_ASSERT(link_offset <= UINT_FAST8_MAX, "link offset too large") \
NS_STATIC_ASSERT(link_offset <= (ns_list_offset_t) -1, "link offset too large") \
NS_FUNNY_COMPARE_RESTORE \
char (*offset)[link_offset + 1]; \
entry_type *type; \

2
features/mbedtls/VERSION.txt
View File

@ -1 +1 @@
mbedtls-2.18.0-rc2
mbedtls-2.18.0-rc3

2
features/mbedtls/importer/Makefile
View File

@ -27,7 +27,7 @@
#
# Set the mbed TLS release to import (this can/should be edited before import)
MBED_TLS_RELEASE ?= mbedtls-2.18.0-rc2
MBED_TLS_RELEASE ?= mbedtls-2.18.0-rc3
MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls-restricted.git
# Translate between mbed TLS namespace and mbed namespace

22
features/mbedtls/inc/mbedtls/check_config.h
View File

@ -541,11 +541,6 @@
#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
!defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
#endif
#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
!defined(MBEDTLS_FS_IO)
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
@ -641,6 +636,23 @@
#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
MBEDTLS_SSL_CID_IN_LEN_MAX > 255
#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"

95
features/mbedtls/inc/mbedtls/config.h
View File

@ -1342,6 +1342,34 @@
*/
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
* \def MBEDTLS_SSL_DTLS_CONNECTION_ID
*
* Enable support for the DTLS Connection ID extension
* (version draft-ietf-tls-dtls-connection-id-05,
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
* which allows to identify DTLS connections across changes
* in the underlying transport.
*
* Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
* `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
* See the corresponding documentation for more information.
*
* \warning The Connection ID extension is still in draft state.
* We make no stability promises for the availability
* or the shape of the API controlled by this option.
*
* The maximum lengths of outgoing and incoming CIDs can be configured
* through the options
* - MBEDTLS_SSL_CID_OUT_LEN_MAX
* - MBEDTLS_SSL_CID_IN_LEN_MAX.
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
* Uncomment to enable the Connection ID extension.
*/
//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE
*
@ -1742,18 +1770,27 @@
/**
* \def MBEDTLS_USE_PSA_CRYPTO
*
* Make the X.509 and TLS library use PSA for cryptographic operations, see
* #MBEDTLS_PSA_CRYPTO_C.
* Make the X.509 and TLS library use PSA for cryptographic operations, and
* enable new APIs for using keys handled by PSA Crypto.
*
* Note: this option is still in progress, the full X.509 and TLS modules are
* not covered yet, but parts that are not ported to PSA yet will still work
* as usual, so enabling this option should not break backwards compatibility.
* \note Development of this option is currently in progress, and parts
* of the X.509 and TLS modules are not ported to PSA yet. However, these parts
* will still continue to work as usual, so enabling this option should not
* break backwards compatibility.
*
* \warning Support for PSA is still an experimental feature.
* Any public API that depends on this option may change
* at any time until this warning is removed.
* \warning The PSA Crypto API is in beta stage. While you're welcome to
* experiment using it, incompatible API changes are still possible, and some
* parts may not have reached the same quality as the rest of Mbed TLS yet.
*
* \warning This option enables new Mbed TLS APIs that are dependent on the
* PSA Crypto API, so can't come with the same stability guarantees as the
* rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
* now, access to these APIs is opt-in (via enabling the present option), in
* order to clearly differentiate them from the stable Mbed TLS APIs.
*
* Requires: MBEDTLS_PSA_CRYPTO_C.
*
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/
//#define MBEDTLS_USE_PSA_CRYPTO
@ -2789,19 +2826,16 @@
*
* Enable the Platform Security Architecture cryptography API.
*
* \note This option only has an effect when the build option
* USE_CRYPTO_SUBMODULE is also in use.
*
* \warning This feature is experimental and available on an opt-in basis only.
* PSA APIs are subject to change at any time. The implementation comes with
* less assurance and support than the rest of Mbed TLS.
* \warning The PSA Crypto API is still beta status. While you're welcome to
* experiment using it, incompatible API changes are still possible, and some
* parts may not have reached the same quality as the rest of Mbed TLS yet.
*
* Module: crypto/library/psa_crypto.c
*
* Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
*
*/
//#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_C
/**
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
@ -3323,6 +3357,37 @@
*/
//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
*
* The maximum length of CIDs used for incoming DTLS messages.
*
*/
//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
*
* The maximum length of CIDs used for outgoing DTLS messages.
*
*/
//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
*
* This option controls the use of record plaintext padding
* when using the Connection ID extension in DTLS 1.2.
*
* The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option.
*
* Note: A value of \c 1 means that no padding will be used
* for outgoing records.
*
* Note: On systems lacking division instructions,
* a power of two should be preferred.
*
*/
//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*
* Maximum length (in bytes) of outgoing plaintext fragments.

4
features/mbedtls/inc/mbedtls/error.h
View File

@ -100,8 +100,8 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
* CIPHER 6 8
* SSL 6 23 (Started from top)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)

234
features/mbedtls/inc/mbedtls/ssl.h
View File

@ -126,6 +126,7 @@
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */
#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */
/*
@ -160,6 +161,9 @@
#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
#define MBEDTLS_SSL_CID_DISABLED 0
#define MBEDTLS_SSL_CID_ENABLED 1
#define MBEDTLS_SSL_ETM_DISABLED 0
#define MBEDTLS_SSL_ETM_ENABLED 1
@ -256,6 +260,21 @@
#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
#endif
/*
* Maximum length of CIDs for incoming and outgoing messages.
*/
#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
#endif
#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
#endif
#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
#endif
/* \} name SECTION: Module settings */
/*
@ -303,6 +322,7 @@
#define MBEDTLS_SSL_MSG_ALERT 21
#define MBEDTLS_SSL_MSG_HANDSHAKE 22
#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
#define MBEDTLS_SSL_MSG_CID 25
#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
@ -372,6 +392,11 @@
#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
/* The value of the CID extension is still TBD as of
* draft-ietf-tls-dtls-connection-id-05
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
@ -940,6 +965,10 @@ struct mbedtls_ssl_config
void *p_export_keys; /*!< context for key export callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
@ -1086,6 +1115,11 @@ struct mbedtls_ssl_config
unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
Certificate Request messages? */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
@ -1159,6 +1193,10 @@ struct mbedtls_ssl_context
TLS: maintained by us
DTLS: read from peer */
unsigned char *in_hdr; /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *in_cid; /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *in_len; /*!< two-bytes message length field */
unsigned char *in_iv; /*!< ivlen-byte IV */
unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
@ -1195,6 +1233,10 @@ struct mbedtls_ssl_context
unsigned char *out_buf; /*!< output buffer */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char *out_cid; /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *out_len; /*!< two-bytes message length field */
unsigned char *out_iv; /*!< ivlen-byte IV */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
@ -1252,6 +1294,21 @@ struct mbedtls_ssl_context
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* CID configuration to use in subsequent handshakes. */
/*! The next incoming CID, chosen by the user and applying to
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
uint8_t own_cid_len; /*!< The length of \c own_cid. */
uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
@ -1476,6 +1533,142 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/**
* \brief Configure the use of the Connection ID (CID)
* extension in the next handshake.
*
* Reference: draft-ietf-tls-dtls-connection-id-05
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
*
* The DTLS CID extension allows the reliable association of
* DTLS records to DTLS connections across changes in the
* underlying transport (changed IP and Port metadata) by
* adding explicit connection identifiers (CIDs) to the
* headers of encrypted DTLS records. The desired CIDs are
* configured by the application layer and are exchanged in
* new `ClientHello` / `ServerHello` extensions during the
* handshake, where each side indicates the CID it wants the
* peer to use when writing encrypted messages. The CIDs are
* put to use once records get encrypted: the stack discards
* any incoming records that don't include the configured CID
* in their header, and adds the peer's requested CID to the
* headers of outgoing messages.
*
* This API enables or disables the use of the CID extension
* in the next handshake and sets the value of the CID to
* be used for incoming messages.
*
* \param ssl The SSL context to configure. This must be initialized.
* \param enable This value determines whether the CID extension should
* be used or not. Possible values are:
* - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
* - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
* of the CID.
* \param own_cid The address of the readable buffer holding the CID we want
* the peer to use when sending encrypted messages to us.
* This may be \c NULL if \p own_cid_len is \c 0.
* This parameter is unused if \p enabled is set to
* MBEDTLS_SSL_CID_DISABLED.
* \param own_cid_len The length of \p own_cid.
* This parameter is unused if \p enabled is set to
* MBEDTLS_SSL_CID_DISABLED.
*
* \note The value of \p own_cid_len must match the value of the
* \c len parameter passed to mbedtls_ssl_conf_cid()
* when configuring the ::mbedtls_ssl_config that \p ssl
* is bound to.
*
* \note This CID configuration applies to subsequent handshakes
* performed on the SSL context \p ssl, but does not trigger
* one. You still have to call `mbedtls_ssl_handshake()`
* (for the initial handshake) or `mbedtls_ssl_renegotiate()`
* (for a renegotiation handshake) explicitly after a
* successful call to this function to run the handshake.
*
* \note This call cannot guarantee that the use of the CID
* will be successfully negotiated in the next handshake,
* because the peer might not support it. Specifically:
* - On the Client, enabling the use of the CID through
* this call implies that the `ClientHello` in the next
* handshake will include the CID extension, thereby
* offering the use of the CID to the server. Only if
* the `ServerHello` contains the CID extension, too,
* the CID extension will actually be put to use.
* - On the Server, enabling the use of the CID through
* this call implies that that the server will look for
* the CID extension in a `ClientHello` from the client,
* and, if present, reply with a CID extension in its
* `ServerHello`.
*
* \note To check whether the use of the CID was negotiated
* after the subsequent handshake has completed, please
* use the API mbedtls_ssl_get_peer_cid().
*
* \warning If the use of the CID extension is enabled in this call
* and the subsequent handshake negotiates its use, Mbed TLS
* will silently drop every packet whose CID does not match
* the CID configured in \p own_cid. It is the responsibility
* of the user to adapt the underlying transport to take care
* of CID-based demultiplexing before handing datagrams to
* Mbed TLS.
*
* \return \c 0 on success. In this case, the CID configuration
* applies to the next handshake.
* \return A negative error code on failure.
*/
int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
int enable,
unsigned char const *own_cid,
size_t own_cid_len );
/**
* \brief Get information about the use of the CID extension
* in the current connection.
*
* \param ssl The SSL context to query.
* \param enabled The address at which to store whether the CID extension
* is currently in use or not. If the CID is in use,
* `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
* otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
* \param peer_cid The address of the buffer in which to store the CID
* chosen by the peer (if the CID extension is used).
* This may be \c NULL in case the value of peer CID
* isn't needed. If it is not \c NULL, \p peer_cid_len
* must not be \c NULL.
* \param peer_cid_len The address at which to store the size of the CID
* chosen by the peer (if the CID extension is used).
* This is also the number of Bytes in \p peer_cid that
* have been written.
* This may be \c NULL in case the length of the peer CID
* isn't needed. If it is \c NULL, \p peer_cid must be
* \c NULL, too.
*
* \note This applies to the state of the CID negotiated in
* the last complete handshake. If a handshake is in
* progress, this function will attempt to complete
* the handshake first.
*
* \note If CID extensions have been exchanged but both client
* and server chose to use an empty CID, this function
* sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
* (the rationale for this is that the resulting
* communication is the same as if the CID extensions
* hadn't been used).
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
int *enabled,
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
size_t *peer_cid_len );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/**
* \brief Set the Maximum Tranport Unit (MTU).
* Special value: 0 means unset (no limit).
@ -2123,6 +2316,45 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
/**
* \brief Specify the length of Connection IDs for incoming
* encrypted DTLS records, as well as the behaviour
* on unexpected CIDs.
*
* By default, the CID length is set to \c 0,
* and unexpected CIDs are silently ignored.
*
* \param conf The SSL configuration to modify.
* \param len The length in Bytes of the CID fields in encrypted
* DTLS records using the CID mechanism. This must
* not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
* \param ignore_other_cids This determines the stack's behaviour when
* receiving a record with an unexpected CID.
* Possible values are:
* - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
* In this case, the record is silently ignored.
* - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
* In this case, the stack fails with the specific
* error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
*
* \note The CID specification allows implementations to either
* use a common length for all incoming connection IDs or
* allow variable-length incoming IDs. Mbed TLS currently
* requires a common length for all connections sharing the
* same SSL configuration; this allows simpler parsing of
* record headers.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
* is too large.
*/
int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
int ignore_other_cids );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/**
* \brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol.
@ -2992,7 +3224,7 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_
* (Default: 2^48 - 1)
*
* Renegotiation is automatically triggered when a record
* counter (outgoing or ingoing) crosses the defined
* counter (outgoing or incoming) crosses the defined
* threshold. The default value is meant to prevent the
* connection from being closed when the counter is about to
* reached its maximal value (it is not allowed to wrap).

79
features/mbedtls/inc/mbedtls/ssl_internal.h
View File

@ -175,10 +175,17 @@
#define MBEDTLS_SSL_PADDING_ADD 0
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_PADDING_GRANULARITY
#else
#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
#endif
#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
MBEDTLS_MAX_IV_LENGTH + \
MBEDTLS_SSL_MAC_ADD + \
MBEDTLS_SSL_PADDING_ADD \
MBEDTLS_SSL_PADDING_ADD + \
MBEDTLS_SSL_MAX_CID_EXPANSION \
)
#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
@ -231,11 +238,23 @@
implicit sequence number. */
#define MBEDTLS_SSL_HEADER_LEN 13
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_IN_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
#else
#define MBEDTLS_SSL_IN_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
+ ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
#else
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
#endif
#ifdef MBEDTLS_ZLIB_SUPPORT
/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
@ -372,6 +391,18 @@ struct mbedtls_ssl_handshake_params
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
for resending messages */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* The state of CID configuration in this handshake. */
uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
* has been negotiated. Possible values are
* #MBEDTLS_SSL_CID_ENABLED and
* #MBEDTLS_SSL_CID_DISABLED. */
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
uint8_t peer_cid_len; /*!< The length of
* \c peer_cid. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
struct
{
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
@ -597,6 +628,13 @@ struct mbedtls_ssl_transform
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
int minor_ver;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len;
uint8_t out_cid_len;
unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Session specific compression layer
*/
@ -626,17 +664,27 @@ struct mbedtls_ssl_transform
* make space for the fixed IV.
*
*/
#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
#else
#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
#endif
typedef struct
{
uint8_t ctr[8]; /*!< Record sequence number */
uint8_t type; /*!< Record type */
uint8_t ver[2]; /*!< SSL/TLS version */
uint8_t ctr[8]; /* Record sequence number */
uint8_t type; /* Record type */
uint8_t ver[2]; /* SSL/TLS version */
unsigned char *buf; /*!< Memory buffer enclosing the record content */
size_t buf_len; /*!< Buffer length */
size_t data_offset; /*!< Offset of record content */
size_t data_len; /*!< Length of record content */
unsigned char *buf; /* Memory buffer enclosing the record content */
size_t buf_len; /* Buffer length */
size_t data_offset; /* Offset of record content */
size_t data_len; /* Length of record content */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t cid_len; /* Length of the CID (0 if not present) */
unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
} mbedtls_record;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -880,15 +928,14 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] );
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 13 );
#else
((void) ssl);
#endif
return( 5 );
return( (size_t) ( ssl->in_iv - ssl->in_hdr ) );
}
static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
{
return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
}
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )

2
features/mbedtls/mbed-crypto/VERSION.txt
View File

@ -1 +1 @@
mbedcrypto-1.1.0d0
mbedcrypto-1.1.0d2

2
features/mbedtls/mbed-crypto/importer/Makefile
View File

@ -29,7 +29,7 @@
# Set the Mbed Crypto release to import (this can/should be edited before
# import)
CRYPTO_RELEASE ?= mbedcrypto-1.1.0d0
CRYPTO_RELEASE ?= mbedcrypto-1.1.0d2
CRYPTO_REPO_URL ?= git@github.com:ARMmbed/mbed-crypto.git
# Translate between Mbed Crypto namespace and Mbed OS namespace

2
features/mbedtls/mbed-crypto/inc/psa/crypto_platform.h
View File

@ -38,7 +38,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

2
features/mbedtls/mbed-crypto/inc/psa/crypto_sizes.h
View File

@ -45,7 +45,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

2
features/mbedtls/mbed-crypto/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/COMPONENT_NSPE/crypto_struct.h
View File

@ -38,7 +38,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

9
features/mbedtls/mbed-crypto/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/psa_crypto.c
View File

@ -4639,6 +4639,15 @@ psa_status_t psa_crypto_init( void )
/* Initialize the random generator. */
global_data.entropy_init( &global_data.entropy );
#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
/* The PSA entropy injection feature depends on using NV seed as an entropy
* source. Add NV seed as an entropy source for PSA entropy injection. */
mbedtls_entropy_add_source( &global_data.entropy,
mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
global_data.rng_state = RNG_INITIALIZED;
status = mbedtls_to_psa_error(

2
features/mbedtls/mbed-crypto/platform/TARGET_PSA/COMPONENT_SPE/crypto_struct_spe.h
View File

@ -38,7 +38,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "../mbedtls/config.h"
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

16
features/mbedtls/mbed-crypto/src/dhm.c
View File

@ -649,12 +649,28 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PEM_PARSE_C)
static const char mbedtls_test_dhm_params[] =
"-----BEGIN DH PARAMETERS-----\r\n"
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
"-----END DH PARAMETERS-----\r\n";
#else /* MBEDTLS_PEM_PARSE_C */
static const char mbedtls_test_dhm_params[] = {
0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
#endif /* MBEDTLS_PEM_PARSE_C */
static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );

6
features/mbedtls/platform/inc/platform_mbed.h
View File

@ -34,11 +34,7 @@
#endif
/* Automatically enable the Mbed Crypto entropy injection API if
* MBEDTLS_ENTROPY_NV_SEED is enabled. WARNING: the current implementation of
* the Mbed Crypto entropy injection API is incompatible with other entropy
* sources. When MBEDTLS_ENTROPY_NV_SEED is used on PSA target, the NV Seed is
* the sole source of entropy and all other entropy sources are ignored. */
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
* MBEDTLS_ENTROPY_NV_SEED is enabled. */
#define MBEDTLS_PSA_INJECT_ENTROPY
#endif // (defined(TARGET_PSA) && defined(MBEDTLS_ENTROPY_NV_SEED))

56
features/mbedtls/src/Makefile
View File

@ -64,36 +64,11 @@ endif
endif
ifdef USE_CRYPTO_SUBMODULE
# Look in crypto for libmbedcrypto.
LOCAL_LDFLAGS += -L../crypto/library
LOCAL_CFLAGS += -I../crypto/include
CRYPTO := ../crypto/library/
else
OBJS_CRYPTO= aes.o aesni.o arc4.o \
aria.o asn1parse.o asn1write.o \
base64.o bignum.o blowfish.o \
camellia.o ccm.o chacha20.o \
chachapoly.o cipher.o cipher_wrap.o \
cmac.o ctr_drbg.o des.o \
dhm.o ecdh.o ecdsa.o \
ecjpake.o ecp.o \
ecp_curves.o entropy.o entropy_poll.o \
error.o gcm.o havege.o \
hkdf.o \
hmac_drbg.o md.o md2.o \
md4.o md5.o md_wrap.o \
memory_buffer_alloc.o nist_kw.o \
oid.o padlock.o pem.o \
pk.o pk_wrap.o pkcs12.o \
pkcs5.o pkparse.o pkwrite.o \
platform.o platform_util.o poly1305.o \
ripemd160.o rsa_internal.o rsa.o \
sha1.o sha256.o sha512.o \
threading.o timing.o version.o \
version_features.o xtea.o
CRYPTO :=
endif
OBJS_X509= certs.o pkcs11.o x509.o \
x509_create.o x509_crl.o x509_crt.o \
@ -173,37 +148,8 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
# crypto
ifdef USE_CRYPTO_SUBMODULE
libmbedcrypto.%:
$(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C ../crypto/library $@
else
libmbedcrypto.a: $(OBJS_CRYPTO)
echo " AR $@"
$(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
ifdef APPLE_BUILD
ifneq ($(APPLE_BUILD),0)
echo " RL $@"
$(RL) $(RLFLAGS) $@
endif
endif
libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
echo " LN $@ -> $<"
ln -sf $< $@
libmbedcrypto.dylib: $(OBJS_CRYPTO)
echo " LD $@"
$(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
libmbedcrypto.dll: $(OBJS_CRYPTO)
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
endif
.c.o:
echo " CC $<"

2
features/mbedtls/src/error.c
View File

@ -523,6 +523,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "SSL - The asynchronous operation is not completed yet" );
if( use_ret == -(MBEDTLS_ERR_SSL_EARLY_MESSAGE) )
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" );
if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_CID) )
mbedtls_snprintf( buf, buflen, "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) )
mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" );
#endif /* MBEDTLS_SSL_TLS_C */

129
features/mbedtls/src/ssl_cli.c
View File

@ -475,6 +475,54 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen )
{
unsigned char *p = buf;
size_t ext_len;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
/*
* Quoting draft-ietf-tls-dtls-connection-id-05
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
*
* struct {
* opaque cid<0..2^8-1>;
* } ConnectionId;
*/
*olen = 0;
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
{
return;
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) );
/* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
* which is at most 255, so the increment cannot overflow. */
if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
/* Add extension ID + size */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
ext_len = (size_t) ssl->own_cid_len + 1;
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
*p++ = (uint8_t) ssl->own_cid_len;
memcpy( p, ssl->own_cid, ssl->own_cid_len );
*olen = ssl->own_cid_len + 5;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@ -1085,6 +1133,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@ -1242,6 +1295,62 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
size_t peer_cid_len;
if( /* CID extension only makes sense in DTLS */
ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
/* The server must only send the CID extension if we have offered it. */
ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
if( len == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
peer_cid_len = *buf++;
len--;
if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
if( len != peer_cid_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
return( 0 );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@ -1549,8 +1658,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
buf = ssl->in_msg;
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
/* No alert on a read error. */
@ -1558,6 +1665,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
return( ret );
}
buf = ssl->in_msg;
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@ -1893,6 +2002,20 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
case MBEDTLS_TLS_EXT_CID:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
if( ( ret = ssl_parse_cid_ext( ssl,
ext + 4,
ext_size ) ) != 0 )
{
return( ret );
}
break;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
@ -3171,7 +3294,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
}
/* Copy ECPoint structure to outgoing message buffer. */
ssl->out_msg[header_len] = own_pubkey_ecpoint_len;
ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len;
memcpy( ssl->out_msg + header_len + 1,
own_pubkey_ecpoint, own_pubkey_ecpoint_len );
content_len = own_pubkey_ecpoint_len + 1;

141
features/mbedtls/src/ssl_srv.c
View File

@ -475,6 +475,78 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
size_t peer_cid_len;
/* CID extension only makes sense in DTLS */
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
/*
* Quoting draft-ietf-tls-dtls-connection-id-05
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
*
* struct {
* opaque cid<0..2^8-1>;
* } ConnectionId;
*/
if( len < 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
peer_cid_len = *buf++;
len--;
if( len != peer_cid_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
/* Ignore CID if the user has disabled its use. */
if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
{
/* Leave ssl->handshake->cid_in_use in its default
* value of MBEDTLS_SSL_CID_DISABLED. */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) );
return( 0 );
}
if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len );
return( 0 );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@ -1280,7 +1352,7 @@ read_record_header:
return( ssl_parse_client_hello_v2( ssl ) );
#endif
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
/*
* SSLv3/TLS Client Hello
@ -1369,7 +1441,7 @@ read_record_header:
}
if( ( ret = mbedtls_ssl_fetch_input( ssl,
mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@ -1378,7 +1450,7 @@ read_record_header:
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
else
#endif
ssl->in_left = 0;
@ -1823,6 +1895,16 @@ read_record_header:
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
case MBEDTLS_TLS_EXT_CID:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
@ -2100,6 +2182,54 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen )
{
unsigned char *p = buf;
size_t ext_len;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
/* Skip writing the extension if we don't want to use it or if
* the client hasn't offered it. */
if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED )
return;
/* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
* which is at most 255, so the increment cannot overflow. */
if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) );
/*
* Quoting draft-ietf-tls-dtls-connection-id-05
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
*
* struct {
* opaque cid<0..2^8-1>;
* } ConnectionId;
*/
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
ext_len = (size_t) ssl->own_cid_len + 1;
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
*p++ = (uint8_t) ssl->own_cid_len;
memcpy( p, ssl->own_cid, ssl->own_cid_len );
*olen = ssl->own_cid_len + 5;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@ -2621,6 +2751,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;

625
features/mbedtls/src/ssl_tls.c
View File

@ -110,14 +110,106 @@ static int ssl_check_timer( mbedtls_ssl_context *ssl )
static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform );
static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform );
static void ssl_update_in_pointers( mbedtls_ssl_context *ssl );
#define SSL_DONT_FORCE_FLUSH 0
#define SSL_FORCE_FLUSH 1
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Top-level Connection ID API */
int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf,
size_t len,
int ignore_other_cid )
{
if( len > MBEDTLS_SSL_CID_IN_LEN_MAX )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL &&
ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
conf->ignore_unexpected_cid = ignore_other_cid;
conf->cid_len = len;
return( 0 );
}
int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
int enable,
unsigned char const *own_cid,
size_t own_cid_len )
{
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->negotiate_cid = enable;
if( enable == MBEDTLS_SSL_CID_DISABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) );
return( 0 );
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len );
if( own_cid_len != ssl->conf->cid_len )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config",
(unsigned) own_cid_len,
(unsigned) ssl->conf->cid_len ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
memcpy( ssl->own_cid, own_cid, own_cid_len );
/* Truncation is not an issue here because
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
ssl->own_cid_len = (uint8_t) own_cid_len;
return( 0 );
}
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
int *enabled,
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
size_t *peer_cid_len )
{
*enabled = MBEDTLS_SSL_CID_DISABLED;
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
* were used, but client and server requested the empty CID.
* This is indistinguishable from not using the CID extension
* in the first place. */
if( ssl->transform_in->in_cid_len == 0 &&
ssl->transform_in->out_cid_len == 0 )
{
return( 0 );
}
if( peer_cid_len != NULL )
{
*peer_cid_len = ssl->transform_in->out_cid_len;
if( peer_cid != NULL )
{
memcpy( peer_cid, ssl->transform_in->out_cid,
ssl->transform_in->out_cid_len );
}
}
*enabled = MBEDTLS_SSL_CID_ENABLED;
return( 0 );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/* Forward declarations for functions related to message buffering. */
static void ssl_buffering_free( mbedtls_ssl_context *ssl );
static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
@ -729,7 +821,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
{
@ -749,7 +841,7 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
@ -861,7 +953,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
transform->encrypt_then_mac = session->encrypt_then_mac;
#endif
transform->minor_ver = ssl->minor_ver;
@ -883,6 +976,26 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Copy own and peer's CID if the use of the CID
* extension has been negotiated. */
if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
transform->in_cid_len = ssl->own_cid_len;
memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
transform->in_cid_len );
transform->out_cid_len = ssl->handshake->peer_cid_len;
memcpy( transform->out_cid, ssl->handshake->peer_cid,
ssl->handshake->peer_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
transform->out_cid_len );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
*/
@ -1878,14 +1991,125 @@ static void ssl_read_memory( unsigned char *p, size_t len )
* Encryption/decryption functions
*/
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* This functions transforms a DTLS plaintext fragment and a record content
* type into an instance of the DTLSInnerPlaintext structure:
*
* struct {
* opaque content[DTLSPlaintext.length];
* ContentType real_type;
* uint8 zeros[length_of_padding];
* } DTLSInnerPlaintext;
*
* Input:
* - `content`: The beginning of the buffer holding the
* plaintext to be wrapped.
* - `*content_size`: The length of the plaintext in Bytes.
* - `max_len`: The number of Bytes available starting from
* `content`. This must be `>= *content_size`.
* - `rec_type`: The desired record content type.
*
* Output:
* - `content`: The beginning of the resulting DTLSInnerPlaintext structure.
* - `*content_size`: The length of the resulting DTLSInnerPlaintext structure.
*
* Returns:
* - `0` on success.
* - A negative error code if `max_len` didn't offer enough space
* for the expansion.
*/
static int ssl_cid_build_inner_plaintext( unsigned char *content,
size_t *content_size,
size_t remaining,
uint8_t rec_type )
{
size_t len = *content_size;
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
/* Write real content type */
if( remaining == 0 )
return( -1 );
content[ len ] = rec_type;
len++;
remaining--;
if( remaining < pad )
return( -1 );
memset( content + len, 0, pad );
len += pad;
remaining -= pad;
*content_size = len;
return( 0 );
}
/* This function parses a DTLSInnerPlaintext structure.
* See ssl_cid_build_inner_plaintext() for details. */
static int ssl_cid_parse_inner_plaintext( unsigned char const *content,
size_t *content_size,
uint8_t *rec_type )
{
size_t remaining = *content_size;
/* Determine length of padding by skipping zeroes from the back. */
do
{
if( remaining == 0 )
return( -1 );
remaining--;
} while( content[ remaining ] == 0 );
*content_size = remaining;
*rec_type = content[ remaining ];
return( 0 );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/* `add_data` must have size 13 Bytes if the CID extension is disabled,
* and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t *add_data_len,
mbedtls_record *rec )
{
/* Quoting RFC 5246 (TLS 1.2):
*
* additional_data = seq_num + TLSCompressed.type +
* TLSCompressed.version + TLSCompressed.length;
*
* For the CID extension, this is extended as follows
* (quoting draft-ietf-tls-dtls-connection-id-05,
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05):
*
* additional_data = seq_num + DTLSPlaintext.type +
* DTLSPlaintext.version +
* cid +
* cid_length +
* length_of_DTLSInnerPlaintext;
*/
memcpy( add_data, rec->ctr, sizeof( rec->ctr ) );
add_data[8] = rec->type;
memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) );
add_data[11] = ( rec->data_len >> 8 ) & 0xFF;
add_data[12] = rec->data_len & 0xFF;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( rec->cid_len != 0 )
{
memcpy( add_data + 11, rec->cid, rec->cid_len );
add_data[11 + rec->cid_len + 0] = rec->cid_len;
add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF;
add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF;
*add_data_len = 13 + 1 + rec->cid_len;
}
else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
{
add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
*add_data_len = 13;
}
}
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
@ -1897,7 +2121,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
mbedtls_cipher_mode_t mode;
int auth_done = 0;
unsigned char * data;
unsigned char add_data[13];
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t add_data_len;
size_t post_avail;
/* The SSL context is only used for debugging purposes! */
@ -1923,17 +2148,21 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
if( rec == NULL ||
rec->buf == NULL ||
rec->buf_len < rec->data_offset ||
rec->buf_len - rec->data_offset < rec->data_len )
if( rec == NULL
|| rec->buf == NULL
|| rec->buf_len < rec->data_offset
|| rec->buf_len - rec->data_offset < rec->data_len
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|| rec->cid_len != 0
#endif
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
data = rec->buf + rec->data_offset;
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
data, rec->data_len );
@ -1947,6 +2176,37 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
* Add CID information
*/
rec->cid_len = transform->out_cid_len;
memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
if( rec->cid_len != 0 )
{
/*
* Wrap plaintext into DTLSInnerPlaintext structure.
* See ssl_cid_build_inner_plaintext() for more information.
*
* Note that this changes `rec->data_len`, and hence
* `post_avail` needs to be recalculated afterwards.
*/
if( ssl_cid_build_inner_plaintext( data,
&rec->data_len,
post_avail,
rec->type ) != 0 )
{
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
rec->type = MBEDTLS_SSL_MSG_CID;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
/*
* Add MAC before if needed
*/
@ -1980,10 +2240,10 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
{
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
ssl_extract_add_data_from_record( add_data, rec );
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
sizeof( add_data ) );
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_enc,
data, rec->data_len );
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
@ -2086,14 +2346,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ssl_extract_add_data_from_record( add_data, rec );
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
iv, transform->ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
data - explicit_iv_len, explicit_iv_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, 13 );
add_data, add_data_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including 0 bytes of padding",
rec->data_len ) );
@ -2104,7 +2364,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
iv, transform->ivlen,
add_data, 13, /* add data */
add_data, add_data_len, /* add data */
data, rec->data_len, /* source */
data, &rec->data_len, /* destination */
data + rec->data_len, transform->taglen ) ) != 0 )
@ -2240,14 +2500,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl_extract_add_data_from_record( add_data, rec );
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
sizeof( add_data ) );
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
sizeof( add_data ) );
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_enc,
data, rec->data_len );
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
@ -2292,7 +2552,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
size_t padlen = 0, correct = 1;
#endif
unsigned char* data;
unsigned char add_data[13];
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
size_t add_data_len;
#if !defined(MBEDTLS_DEBUG_C)
((void) ssl);
@ -2316,6 +2577,17 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
data = rec->buf + rec->data_offset;
mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/*
* Match record's CID with incoming CID.
*/
if( rec->cid_len != transform->in_cid_len ||
memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
{
return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
if( mode == MBEDTLS_MODE_STREAM )
{
@ -2390,9 +2662,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
rec->data_offset += explicit_iv_len;
rec->data_len -= explicit_iv_len + transform->taglen;
ssl_extract_add_data_from_record( add_data, rec );
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, 13 );
add_data, add_data_len );
memcpy( transform->iv_dec + transform->fixed_ivlen,
data - explicit_iv_len, explicit_iv_len );
@ -2407,7 +2679,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
*/
if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec,
iv, transform->ivlen,
add_data, 13,
add_data, add_data_len,
data, rec->data_len,
data, &olen,
data + rec->data_len,
@ -2491,10 +2763,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
/* Safe due to the check data_len >= minlen + maclen + 1 above. */
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, rec );
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, 13 );
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, 13 );
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_dec,
data, rec->data_len );
mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
@ -2698,7 +2972,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
*/
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, rec );
ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
@ -2768,15 +3042,17 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
case MBEDTLS_MD_SHA1:
case MBEDTLS_MD_SHA256:
/* 8 bytes of message size, 64-byte compression blocks */
extra_run = ( 13 + rec->data_len + padlen + 8 ) / 64 -
( 13 + rec->data_len + 8 ) / 64;
extra_run =
( add_data_len + rec->data_len + padlen + 8 ) / 64 -
( add_data_len + rec->data_len + 8 ) / 64;
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA384:
/* 16 bytes of message size, 128-byte compression blocks */
extra_run = ( 13 + rec->data_len + padlen + 16 ) / 128 -
( 13 + rec->data_len + 16 ) / 128;
extra_run =
( add_data_len + rec->data_len + padlen + 16 ) / 128 -
( add_data_len + rec->data_len + 16 ) / 128;
break;
#endif
default:
@ -2786,7 +3062,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
extra_run &= correct * 0xFF;
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, 13 );
mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
add_data_len );
mbedtls_md_hmac_update( &transform->md_ctx_dec, data,
rec->data_len );
/* Make sure we access everything even when padlen > 0. This
@ -2847,6 +3124,16 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( rec->cid_len != 0 )
{
ret = ssl_cid_parse_inner_plaintext( data, &rec->data_len,
&rec->type );
if( ret != 0 )
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
return( 0 );
@ -3245,7 +3532,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
while( ssl->out_left > 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
buf = ssl->out_hdr - ssl->out_left;
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
@ -3851,7 +4138,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
unsigned i;
size_t protected_record_size;
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
/* Skip writing the record content type to after the encryption,
* as it may change when using the CID extension. */
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, ssl->out_hdr + 1 );
@ -3874,6 +4163,11 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
ssl->conf->transport, rec.ver );
rec.type = ssl->out_msgtype;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* The CID is set by mbedtls_ssl_encrypt_buf(). */
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
@ -3887,12 +4181,17 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* Update the record content type and CID. */
ssl->out_msgtype = rec.type;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
memcpy( ssl->out_cid, rec.cid, rec.cid_len );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_msglen = len = rec.data_len;
ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 );
ssl->out_len[1] = (unsigned char)( rec.data_len );
}
protected_record_size = len + mbedtls_ssl_hdr_len( ssl );
protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* In case of DTLS, double-check that we don't exceed
@ -3911,6 +4210,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Now write the potentially updated record content type. */
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
"version = [%d:%d], msglen = %d",
ssl->out_hdr[0], ssl->out_hdr[1],
@ -4515,6 +4817,19 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
}
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
static int ssl_check_record_type( uint8_t record_type )
{
if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
record_type != MBEDTLS_SSL_MSG_ALERT &&
record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
return( 0 );
}
/*
* ContentType type;
* ProtocolVersion version;
@ -4537,23 +4852,40 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
{
int major_ver, minor_ver;
int ret;
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
/* Parse and validate record content type and version */
ssl->in_msgtype = ssl->in_hdr[0];
ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
"version = [%d:%d], msglen = %d",
ssl->in_msgtype,
major_ver, minor_ver, ssl->in_msglen ) );
/* Check record type */
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_CID &&
ssl->conf->cid_len != 0 )
{
/* Shift pointers to account for record header including CID
* struct {
* ContentType special_type = tls12_cid;
* ProtocolVersion version;
* uint16 epoch;
* uint48 sequence_number;
* opaque cid[cid_length]; // Additional field compared to
* // default DTLS record format
* uint16 length;
* opaque enc_content[DTLSCiphertext.length];
* } DTLSCiphertext;
*/
/* So far, we only support static CID lengths
* fixed in the configuration. */
ssl->in_len = ssl->in_cid + ssl->conf->cid_len;
ssl->in_iv = ssl->in_msg = ssl->in_len + 2;
}
else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
if( ssl_check_record_type( ssl->in_msgtype ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
@ -4581,7 +4913,24 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
/* Check length against the size of our buffer */
/* Now that the total length of the record header is known, ensure
* that the current datagram is large enough to hold it.
* This would fail, for example, if we received a datagram of
* size 13 + n Bytes where n is less than the size of incoming CIDs. */
ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
/* Parse and validate record length
* This must happen after the CID parsing because
* its position in the record header depends on
* the presence of a CID. */
ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
if( ssl->in_msglen > MBEDTLS_SSL_IN_BUFFER_LEN
- (size_t)( ssl->in_msg - ssl->in_buf ) )
{
@ -4589,6 +4938,11 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
"version = [%d:%d], msglen = %d",
ssl->in_msgtype,
major_ver, minor_ver, ssl->in_msglen ) );
/*
* DTLS-related tests.
* Check epoch before checking length constraint because
@ -4654,20 +5008,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
#endif
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
#endif
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@ -4724,7 +5064,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
int ret, done = 0;
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_read != NULL )
@ -4751,6 +5091,10 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
- ( ssl->in_iv - ssl->in_buf );
rec.data_len = ssl->in_msglen;
rec.data_offset = 0;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
rec.cid_len = (uint8_t)( ssl->in_len - ssl->in_cid );
memcpy( rec.cid, ssl->in_cid, rec.cid_len );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
memcpy( &rec.ctr[0], ssl->in_ctr, 8 );
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
@ -4760,15 +5104,35 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
&rec ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
ssl->conf->ignore_unexpected_cid
== MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) );
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
return( ret );
}
if( ssl->in_iv + rec.data_offset != ssl->in_msg )
if( ssl->in_msgtype != rec.type )
{
/* Should never happen */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d",
ssl->in_msgtype, rec.type ) );
}
/* The record content type may change during decryption,
* so re-read it. */
ssl->in_msgtype = rec.type;
/* Also update the input buffer, because unfortunately
* the server-side ssl_parse_client_hello() reparses the
* record header when receiving a ClientHello initiating
* a renegotiation. */
ssl->in_hdr[0] = rec.type;
ssl->in_msg = rec.buf + rec.data_offset;
ssl->in_msglen = rec.data_len;
ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
ssl->in_len[1] = (unsigned char)( rec.data_len );
@ -4776,6 +5140,21 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
ssl->in_msg, ssl->in_msglen );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* We have already checked the record content type
* in ssl_parse_record_header(), failing or silently
* dropping the record in the case of an unknown type.
*
* Since with the use of CIDs, the record content type
* might change during decryption, re-check the record
* content type, but treat a failure as fatal this time. */
if( ssl_check_record_type( ssl->in_msgtype ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
@ -4803,7 +5182,9 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
"messages, possible DoS attack" ) );
/* Q: Is that the right error code? */
/* Treat the records as if they were not properly authenticated,
* thereby failing the connection if we see more than allowed
* by the configured bad MAC threshold. */
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
}
@ -5535,7 +5916,16 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
return( ret );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
/* Reset in pointers to default state for TLS/DTLS records,
* assuming no CID and no offset between record content and
* record plaintext. */
ssl_update_in_pointers( ssl );
/* Ensure that we have enough space available for the default form
* of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS,
* with no space for CIDs counted in). */
ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@ -5561,7 +5951,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
{
/* Skip unexpected record (but not whole datagram) */
ssl->next_record_offset = ssl->in_msglen
+ mbedtls_ssl_hdr_len( ssl );
+ mbedtls_ssl_in_hdr_len( ssl );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
"(header)" ) );
@ -5587,7 +5977,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
* Read and optionally decrypt the message contents
*/
if( ( ret = mbedtls_ssl_fetch_input( ssl,
mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@ -5597,7 +5987,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
@ -5613,8 +6003,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Silently discard invalid records */
if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD ||
ret == MBEDTLS_ERR_SSL_INVALID_MAC )
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
{
/* Except when waiting for Finished as a bad mac here
* probably means something went wrong in the handshake
@ -5780,13 +6169,29 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
#endif
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
return( MBEDTLS_ERR_SSL_NON_FATAL );
}
if( ssl->handshake != NULL &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
{
ssl_handshake_wrapup_free_hs_transform( ssl );
}
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
return( 0 );
}
@ -6757,7 +7162,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->in_ctr, 0, 8 );
ssl_update_in_pointers( ssl, ssl->transform_negotiate );
ssl_update_in_pointers( ssl );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_activate != NULL )
@ -7682,14 +8087,24 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->out_ctr = ssl->out_hdr + 3;
ssl->out_len = ssl->out_hdr + 11;
ssl->out_iv = ssl->out_hdr + 13;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->out_cid = ssl->out_ctr + 8;
ssl->out_len = ssl->out_cid;
if( transform != NULL )
ssl->out_len += transform->out_cid_len;
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_len = ssl->out_ctr + 8;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_iv = ssl->out_len + 2;
}
else
#endif
{
ssl->out_ctr = ssl->out_hdr - 8;
ssl->out_len = ssl->out_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->out_cid = ssl->out_len;
#endif
ssl->out_iv = ssl->out_hdr + 5;
}
@ -7711,31 +8126,46 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
* and the caller has to make sure there's space for this.
*/
static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform )
static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
{
/* This function sets the pointers to match the case
* of unprotected TLS/DTLS records, with both ssl->in_iv
* and ssl->in_msg pointing to the beginning of the record
* content.
*
* When decrypting a protected record, ssl->in_msg
* will be shifted to point to the beginning of the
* record plaintext.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* This sets the header pointers to match records
* without CID. When we receive a record containing
* a CID, the fields are shifted accordingly in
* ssl_parse_record_header(). */
ssl->in_ctr = ssl->in_hdr + 3;
ssl->in_len = ssl->in_hdr + 11;
ssl->in_iv = ssl->in_hdr + 13;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_cid = ssl->in_ctr + 8;
ssl->in_len = ssl->in_cid; /* Default: no CID */
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_len = ssl->in_ctr + 8;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_len + 2;
}
else
#endif
{
ssl->in_ctr = ssl->in_hdr - 8;
ssl->in_len = ssl->in_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_cid = ssl->in_len;
#endif
ssl->in_iv = ssl->in_hdr + 5;
}
/* Offset in_msg from in_iv to allow space for explicit IV, if used. */
if( transform != NULL &&
ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
ssl->in_msg = ssl->in_iv + transform->ivlen - transform->fixed_ivlen;
}
else
/* This will be adjusted at record decryption time. */
ssl->in_msg = ssl->in_iv;
}
@ -7769,7 +8199,7 @@ static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
/* Derive other internal pointers. */
ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
ssl_update_in_pointers ( ssl, NULL /* no transform enabled */ );
ssl_update_in_pointers ( ssl );
}
int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
@ -8914,8 +9344,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
if( transform == NULL )
return( (int) mbedtls_ssl_hdr_len( ssl ) );
return( (int) out_hdr_len );
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
@ -8958,7 +9390,12 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( transform->out_cid_len != 0 )
transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
return( (int)( out_hdr_len + transform_expansion ) );
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)

3
features/mbedtls/src/version_features.c
View File

@ -447,6 +447,9 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
"MBEDTLS_SSL_DTLS_CONNECTION_ID",
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */

2
features/netsocket/NetworkInterface.cpp
View File

@ -14,12 +14,12 @@
* limitations under the License.
*/
#include "ns_list.h"
#include "netsocket/NetworkInterface.h"
#include "netsocket/NetworkStack.h"
#include "platform/Callback.h"
#include "platform/mbed_error.h"
#include <string.h>
#include "ns_list.h"
// Default network-interface state
void NetworkInterface::set_as_default()

4
platform/SingletonPtr.h
View File

@ -131,8 +131,8 @@ struct SingletonPtr {
// This is zero initialized when in global scope
mutable void *_ptr;
#if __cplusplus >= 201103L
// Align data appropriately
#if __cplusplus >= 201103L && !defined __CC_ARM
// Align data appropriately (ARM Compiler 5 does not support alignas in C++11 mode)
alignas(T) mutable char _data[sizeof(T)];
#else
// Force data to be 8 byte aligned

4
targets/TARGET_NORDIC/TARGET_NRF5x/TARGET_NRF52/TARGET_MCU_NRF52832/config/sdk_config.h
View File

@ -4152,11 +4152,11 @@
// <e> NRFX_UARTE_ENABLED - nrfx_uarte - UARTE peripheral driver
//==========================================================
#ifndef NRFX_UARTE_ENABLED
#define NRFX_UARTE_ENABLED 0
#define NRFX_UARTE_ENABLED 1
#endif
// <o> NRFX_UARTE0_ENABLED - Enable UARTE0 instance
#ifndef NRFX_UARTE0_ENABLED
#define NRFX_UARTE0_ENABLED 0
#define NRFX_UARTE0_ENABLED 1
#endif
// <o> NRFX_UARTE1_ENABLED - Enable UARTE1 instance

8
targets/TARGET_NORDIC/TARGET_NRF5x/TARGET_NRF52/TARGET_MCU_NRF52840/config/sdk_config.h
View File

@ -4152,16 +4152,16 @@
// <e> NRFX_UARTE_ENABLED - nrfx_uarte - UARTE peripheral driver
//==========================================================
#ifndef NRFX_UARTE_ENABLED
#define NRFX_UARTE_ENABLED 0
#define NRFX_UARTE_ENABLED 1
#endif
// <o> NRFX_UARTE0_ENABLED - Enable UARTE0 instance
#ifndef NRFX_UARTE0_ENABLED
#define NRFX_UARTE0_ENABLED 0
#define NRFX_UARTE0_ENABLED 1
#endif
// <o> NRFX_UARTE1_ENABLED - Enable UARTE1 instance
#ifndef NRFX_UARTE1_ENABLED
#define NRFX_UARTE1_ENABLED 0
#define NRFX_UARTE1_ENABLED 1
#endif
// <o> NRFX_UARTE_DEFAULT_CONFIG_HWFC - Hardware Flow Control
@ -5615,7 +5615,7 @@
// <e> UART1_ENABLED - Enable UART1 instance
//==========================================================
#ifndef UART1_ENABLED
#define UART1_ENABLED 0
#define UART1_ENABLED 1
#endif
// </e>

15
targets/TARGET_NORDIC/TARGET_NRF5x/TARGET_NRF52/serial_api.c
View File

@ -41,6 +41,7 @@
#include "hal/serial_api.h"
#include "nrf_uarte.h"
#include "nrfx_uarte.h"
#include "nrfx_uart.h"
#include "nrf_atfifo.h"
#include "app_util_platform.h"
@ -166,12 +167,12 @@ typedef enum {
/**
* UARTE state. One for each instance.
*/
static nordic_uart_state_t nordic_nrf5_uart_state[NRFX_UART_ENABLED_COUNT] = { 0 };
static nordic_uart_state_t nordic_nrf5_uart_state[NRFX_UARTE_ENABLED_COUNT] = { 0 };
/**
* Array with UARTE register pointers for easy access.
*/
static NRF_UARTE_Type *nordic_nrf5_uart_register[NRFX_UART_ENABLED_COUNT] = {
static NRF_UARTE_Type *nordic_nrf5_uart_register[NRFX_UARTE_ENABLED_COUNT] = {
NRF_UARTE0,
#if UART1_ENABLED
NRF_UARTE1,
@ -193,6 +194,10 @@ NRF_ATFIFO_DEF(nordic_nrf5_uart_fifo_1, uint8_t, UART1_FIFO_BUFFER_SIZE);
*/
static uint8_t nordic_nrf5_uart_swi_mask_tx_0 = 0;
static uint8_t nordic_nrf5_uart_swi_mask_rx_0 = 0;
#if UART1_ENABLED
static uint8_t nordic_nrf5_uart_swi_mask_tx_1 = 0;
static uint8_t nordic_nrf5_uart_swi_mask_rx_1 = 0;
#endif
/**
* Global variables expected by mbed_retarget.cpp for STDOUT.
@ -881,7 +886,7 @@ void serial_init(serial_t *obj, PinName tx, PinName rx)
nordic_nrf5_uart_state[1].owner = NULL;
/* Allocate a PPI channel for flow control */
ret = nrf_drv_ppi_channel_alloc(&nordic_nrf5_uart_state[1].ppi_rts);
ret = nrfx_ppi_channel_alloc(&nordic_nrf5_uart_state[1].ppi_rts);
MBED_ASSERT(ret == NRF_SUCCESS);
/* Clear RTS */
@ -891,8 +896,8 @@ void serial_init(serial_t *obj, PinName tx, PinName rx)
nrf_uarte_int_disable(nordic_nrf5_uart_register[1], 0xFFFFFFFF);
NVIC_SetVector(UARTE1_IRQn, (uint32_t) nordic_nrf5_uart1_handler);
NRFX_IRQ_PRIORITY_SET(nrfx_get_irq_number(UARTE1_IRQn), APP_IRQ_PRIORITY_HIGHEST);
NRFX_IRQ_ENABLE(nrfx_get_irq_number(UARTE1_IRQn));
NRFX_IRQ_PRIORITY_SET(UARTE1_IRQn, APP_IRQ_PRIORITY_HIGHEST);
NRFX_IRQ_ENABLE(UARTE1_IRQn);
#endif
}

28
targets/targets.json
View File

@ -1485,7 +1485,7 @@
"PSA"
],
"is_disk_virtual": true,
"macros": ["CPU_MK64FN1M0VMD12", "FSL_RTOS_MBED", "MBEDTLS_PSA_CRYPTO_C"],
"macros": ["CPU_MK64FN1M0VMD12", "FSL_RTOS_MBED"],
"inherits": ["Target"],
"detect_code": ["0240"],
"device_has": [
@ -1773,7 +1773,7 @@
"PSA"
],
"is_disk_virtual": true,
"macros": ["CPU_MK66FN2M0VMD18", "FSL_RTOS_MBED", "MBEDTLS_PSA_CRYPTO_C"],
"macros": ["CPU_MK66FN2M0VMD18", "FSL_RTOS_MBED"],
"inherits": ["Target"],
"detect_code": ["0311"],
"device_has": [
@ -2812,8 +2812,7 @@
"components_add": ["FLASHIAP"],
"macros_add": [
"USB_STM_HAL",
"USBHOST_OTHER",
"MBEDTLS_PSA_CRYPTO_C"
"USBHOST_OTHER"
],
"device_has_add": [
"ANALOGOUT",
@ -4558,9 +4557,6 @@
"device_has_remove": [],
"extra_labels_add": ["PSA"],
"components_add": ["SD", "FLASHIAP"],
"macros_add": [
"MBEDTLS_PSA_CRYPTO_C"
],
"config": {
"stdio_uart_tx_help": {
"help": "Value: D8(default) or D1"
@ -7088,6 +7084,7 @@
"MBED_TICKLESS",
"MBED_MPU_CUSTOM"
],
"features": ["BLE"],
"device_has": [
"ANALOGIN",
"FLASH",
@ -7115,9 +7112,10 @@
"NRF5x",
"NRF52",
"SDK_15_0",
"NORDIC_SOFTDEVICE",
"SOFTDEVICE_COMMON",
"SOFTDEVICE_S132_FULL"
"CORDIO",
"CORDIO_LL",
"SOFTDEVICE_NONE",
"NORDIC_CORDIO"
],
"config": {
"lf_clock_src": {
@ -7213,7 +7211,7 @@
"WSF_MAX_HANDLERS=10",
"MBED_MPU_CUSTOM"
],
"features": ["CRYPTOCELL310"],
"features": ["CRYPTOCELL310", "BLE"],
"device_has": [
"ANALOGIN",
"FLASH",
@ -7242,9 +7240,10 @@
"NRF5x",
"NRF52",
"SDK_15_0",
"NORDIC_SOFTDEVICE",
"SOFTDEVICE_COMMON",
"SOFTDEVICE_S140_FULL"
"CORDIO",
"CORDIO_LL",
"SOFTDEVICE_NONE",
"NORDIC_CORDIO"
],
"config": {
"lf_clock_src": {
@ -8647,6 +8646,7 @@
"device_name": "GD32F450ZI",
"detect_code": ["1702"],
"macros_add": ["GD32F450"],
"bootloader_supported": true,
"release_versions": ["5"],
"overrides": {
"network-default-interface-type": "ETHERNET"

10
tools/test/examples/examples.json
View File

@ -117,8 +117,8 @@
"targets" : [],
"toolchains" : [],
"exporters": [],
"compile" : false,
"export": false,
"compile" : true,
"export": true,
"auto-update" : true
},
{
@ -130,9 +130,9 @@
"targets" : ["K66F", "NUCLEO_F429ZI"],
"toolchains" : [],
"exporters": [],
"compile" : false,
"export": false,
"auto-update" : false
"compile" : true,
"export": true,
"auto-update" : true
},
{
"name": "mbed-os-example-cellular",