1. 19 Nov, 2019 1 commit
  2. 10 Jun, 2019 1 commit
  3. 19 Mar, 2019 1 commit
  4. 01 Mar, 2019 1 commit
  5. 11 Feb, 2019 1 commit
    • Andres Amaya Garcia's avatar
      Fix ASN1 bitstring writing · d60e3780
      Andres Amaya Garcia authored
      Refactor the function mbedtls_asn1_write_bitstring() that removes
      trailing 0s at the end of DER encoded bitstrings. The function is
      implemented according to Hanno Becker's suggestions.
      
      This commit also changes the functions x509write_crt_set_ns_cert_type
      and crt_set_key_usage to call the new function as the use named
      bitstrings instead of the regular bitstrings.
      d60e3780
  6. 15 Jan, 2019 12 commits
    • Ron Eldor's avatar
      Add variable validation · 05d09a02
      Ron Eldor authored
      1. Check allocation success.
      2. Check parameter correctness in the use_srtp extension
      in server and client.
      05d09a02
    • Ron Eldor's avatar
      Change byte copy to memcpy · 5bf3eac2
      Ron Eldor authored
      Change setting the mki value byte after byte with `memcpy()`.
      5bf3eac2
    • Ron Eldor's avatar
      Improve readability · 7a0cedaf
      Ron Eldor authored
      Improve readability of the code:
      1. move common code to `ssl_internal.h` as `static inline`.
      2. Add comments.
      3. Use local variables for extension size.
      4. Change function signature, by adding buffer size and output length.
      5. Take server srtp profile out of the loop.
      7a0cedaf
    • Ron Eldor's avatar
      Style fixes · d3300d8d
      Ron Eldor authored
      1. Fix indentations.
      2. Remove redundant whitespaces.
      3. Keep short lines.
      4. Grammar fixes.
      5. Rephrase function description.
      d3300d8d
    • Ron Eldor's avatar
      Change tmp buffer size to be as closest to orig · 6bd0fa1c
      Ron Eldor authored
      When `MBEDTLS_SHA512_C` is defined, the prf function uses Sha384.
      In this case, the tmp buffer should be at least 131 bytes becuase:
      `md_len` is 48, `strlen("EXTRACTOR-dtls_srtp")` is 19 and `rlen`
      is 64. This sums to 131, and original size of 128 is not enough.
      6bd0fa1c
    • Ron Eldor's avatar
      Style fixes · de830972
      Ron Eldor authored
      1. Adjust to 80 colums where possible.
      2. Add \ remove spaces where needed.
      3. Fix alignments.
      de830972
    • Ron Eldor's avatar
      Add tests and code to support · 2b791f90
      Ron Eldor authored
      1. Add DTLS-SRTP tests in `ssl-opts.sh`
      2. Add logs for the tests to filter.
      3. Add function to get the profile informations.
      2b791f90
    • Ron Eldor's avatar
      Set authmode to optional, if not set · 391f5044
      Ron Eldor authored
      Set authmode to `MBEDTLS_SSL_VERIFY_REQUIRED` when using dtls-srtp,
      in case authmode was not set. This is to support self signed certificates
      received by the server, which is the case with webRTC. Certificate fingerprints
      are verified outside the dtls stack, as defined in RFC 5763.
      391f5044
    • Ron Eldor's avatar
      Fix mki issues · d8c7410c
      Ron Eldor authored
      1. Set correct mki from the `use_srtp` extension.
      2. Use mki value received from the client as the mki used by server.
      3. Use `mbedtls_ssl_dtls_srtp_set_mki_value()` as a client API only.
      d8c7410c
    • Ron Eldor's avatar
      Fix failure in ssl-opts.sh · cb37fd60
      Ron Eldor authored
      Return a debg message that was removed in previous commit,
      Whic is searched in the ssl-opts.sh test.
      cb37fd60
    • Ron Eldor's avatar
      Fix compilation error · 455e6481
      Ron Eldor authored
      Fix compilatin error that happened after rebasing.
      Change `mbedtls_zeroize()` to `mbedtls_platfrom_zeroize()`.
      455e6481
    • Ron Eldor's avatar
      Enforce SRTP mandatory HS messages · 4f5c1bdd
      Ron Eldor authored
      Enforce CertificateRequest, client and server Certificates, and
      CertificateVerify messages, which are mandatory in DTLS-SRTP,
      as defined in RFC 5764 section 4.1
      4f5c1bdd
  7. 14 Jan, 2019 8 commits
  8. 10 Jan, 2019 2 commits
  9. 09 Jan, 2019 1 commit
    • Gilles Peskine's avatar
      Use CMAKE_BUILD_TYPE to do Asan builds · 5fa32a7a
      Gilles Peskine authored
      Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting
      `-fsanitize=address`. This lets cmake determine the necessary compiler
      and linker flags.
      
      With UNSAFE_BUILD on, force -Wno-error. This is necessary to build
      with MBEDTLS_TEST_NULL_ENTROPY.
      5fa32a7a
  10. 03 Jan, 2019 1 commit
    • Hanno Becker's avatar
      Don't call memcpy with NULL pointer in mbedtls_mpi_read_binary() · 0e810b96
      Hanno Becker authored
      mbedtls_mpi_read_binary() calls memcpy() with the source pointer being
      the source pointer passed to mbedtls_mpi_read_binary(), the latter may
      be NULL if the buffer length is 0 (and this happens e.g. in the ECJPAKE
      test suite). The behavior of memcpy(), in contrast, is undefined when
      called with NULL source buffer, even if the length of the copy operation
      is 0.
      
      This commit fixes this by explicitly checking that the source pointer is
      not NULL before calling memcpy(), and skipping the call otherwise.
      0e810b96
  11. 02 Jan, 2019 6 commits
    • Hanno Becker's avatar
      9f6d16ad
    • Hanno Becker's avatar
      Fix typo after rebase · 6dab6200
      Hanno Becker authored
      6dab6200
    • Hanno Becker's avatar
    • Hanno Becker's avatar
      Optimize mpi_bigendian_to_host() for speed and size · f8720077
      Hanno Becker authored
      Use GCC / Clang builtins for byte swapping.
      f8720077
    • Hanno Becker's avatar
    • Hanno Becker's avatar
      Remove temporary stack-buffer from mbedtls_mpi_fill_random() · da1655a4
      Hanno Becker authored
      Context: The function `mbedtls_mpi_fill_random()` uses a temporary stack
      buffer to hold the random data before reading it into the target MPI.
      
      Problem: This is inefficient both computationally and memory-wise.
      Memory-wise, it may lead to a stack overflow on constrained devices with
      limited stack.
      
      Fix: This commit introduces the following changes to get rid of the
      temporary stack buffer entirely:
      
      1. It modifies the call to the PRNG to output the random data directly
         into the target MPI's data buffer.
      
      This alone, however, constitutes a change of observable behaviour:
      The previous implementation guaranteed to interpret the bytes emitted by
      the PRNG in a big-endian fashion, while rerouting the PRNG output into the
      target MPI's limb array leads to an interpretation that depends on the
      endianness of the host machine.
      As a remedy, the following change is applied, too:
      
      2. Reorder the bytes emitted from the PRNG within the target MPI's
         data buffer to ensure big-endian semantics.
      
      Luckily, the byte reordering was already implemented as part of
      `mbedtls_mpi_read_binary()`, so:
      
      3. Extract bigendian-to-host byte reordering from
         `mbedtls_mpi_read_binary()` to a separate internal function
         `mpi_bigendian_to_host()` to be used by `mbedtls_mpi_read_binary()`
         and `mbedtls_mpi_fill_random()`.
      da1655a4
  12. 21 Dec, 2018 1 commit
  13. 20 Dec, 2018 4 commits
    • Manuel Pégourié-Gonnard's avatar
      Remove faulty cipher_finish calls from nist_kw · 01d4b76b
      Manuel Pégourié-Gonnard authored
      The calls to cipher_finish didn't actually do anything:
      - the cipher mode is always ECB
      - in that case cipher_finish() only sets *olen to zero, and returns either 0
        or an error depending on whether there was pending data
      - olen is a local variable in the caller, so setting it to zero right before
        returning is not essential
      - the return value of cipher_finis() was not checked by the caller so that's
        not useful either
      - the cipher layer does not have ALT implementations so the behaviour
        described above is unconditional on ALT implementations (in particular,
      cipher_finish() can't be useful to hardware as (with ECB) it doesn't call any
      functions from lower-level modules that could release resources for example)
      
      Since the calls are causing issues with parameter validation, and were no
      serving any functional purpose, it's simpler to just remove them.
      01d4b76b
    • Hanno Becker's avatar
      Move SHA256_VALIDATE[_RET] outside of MBEDTLS_SHA256_ALT guard · 2f6de426
      Hanno Becker authored
      Somehow, mbedtls_sha256_ret() is defined even if MBEDTLS_SHA256_ALT
      is set, and it is using SHA256_VALIDATE_RET. The documentation should
      be enhanced to indicate that MBEDTLS_SHA256_ALT does _not_ replace
      the entire module, but only the core SHA-256 functions.
      2f6de426
    • Hanno Becker's avatar
      Move SHA512_VALIDATE[_RET] outside of MBEDTLS_SHA512_ALT guard · c756049d
      Hanno Becker authored
      Somehow, mbedtls_sha512_ret() is defined even if MBEDTLS_SHA512_ALT
      is set, and it is using SHA512_VALIDATE_RET. The documentation should
      be enhanced to indicate that MBEDTLS_SHA512_ALT does _not_ replace
      the entire module, but only the core SHA-512 functions.
      c756049d
    • Hanno Becker's avatar
      Move SHA1_VALIDATE[_RET] outside of MBEDTLS_SHA1_ALT guard · b3c70230
      Hanno Becker authored
      Somehow, mbedtls_sha1_ret() is defined even if MBEDTLS_SHA1_ALT
      is set, and it is using SHA1_VALIDATE_RET. The documentation should
      be enhanced to indicate that MBEDTLS_SHA1_ALT does _not_ replace
      the entire module, but only the core SHA-1 functions.
      b3c70230