From 361b10d1c4e25816c4f9a16708586b3bae9c1673 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Aug 2019 10:42:49 +0100 Subject: [PATCH 1/4] Fix SSL context deserialization The SSL context maintains a set of 'out pointers' indicating the address at which to write the header fields of the next outgoing record. Some of these addresses have a static offset from the beginning of the record header, while other offsets can vary depending on the active record encryption mechanism: For example, if an explicit IV is in use, there's an offset between the end of the record header and the beginning of the encrypted data to allow the explicit IV to be placed in between; also, if the DTLS Connection ID (CID) feature is in use, the CID is part of the record header, shifting all subsequent information (length, IV, data) to the back. When setting up an SSL context, the out pointers are initialized according to the identity transform + no CID, and it is important to keep them up to date whenever the record encryption mechanism changes, which is done by the helper function ssl_update_out_pointers(). During context deserialization, updating the out pointers according to the deserialized record transform went missing, leaving the out pointers the initial state. When attemping to encrypt a record in this state, this lead to failure if either a CID or an explicit IV was in use. This wasn't caught in the tests by the bad luck that they didn't use CID, _and_ used the default ciphersuite based on ChaChaPoly, which doesn't have an explicit IV. Changing either of this would have made the existing tests fail. This commit fixes the bug by adding a call to ssl_update_out_pointers() to ssl_context_load() implementing context deserialization. Extending test coverage is left for a separate commit. --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e06c06d34..f4bca87d2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -11950,6 +11950,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; + /* Adjust pointers for header fields of outgoing records to + * the given transform, accounting for explicit IV and CID. */ + ssl_update_out_pointers( ssl, ssl->transform ); + #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->in_epoch = 1; #endif From 1b18fd3afe950eadfe824524dea548b0c3c07c4b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Aug 2019 11:18:59 +0100 Subject: [PATCH 2/4] ssl-opt.sh: Duplicate context serialization tests for CID This commit introduces a variant of each existing test for context serialization in ssl-opt.sh that also uses the DTLS Connection ID feature. --- tests/ssl-opt.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 67d3b9f85..0d7dba260 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1290,6 +1290,15 @@ run_test "Context serialization, client serializes" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +run_test "Context serialization, client serializes, with CID" \ + "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ + 0 \ + -c "Deserializing connection..." \ + -S "Deserializing connection..." + requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, server serializes" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1298,6 +1307,15 @@ run_test "Context serialization, server serializes" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +run_test "Context serialization, server serializes, with CID" \ + "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ + 0 \ + -C "Deserializing connection..." \ + -s "Deserializing connection..." + requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, both serialize" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ @@ -1306,6 +1324,15 @@ run_test "Context serialization, both serialize" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +run_test "Context serialization, both serialize, with CID" \ + "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ + 0 \ + -c "Deserializing connection..." \ + -s "Deserializing connection..." + requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, client serializes" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ @@ -1314,6 +1341,15 @@ run_test "Context serialization, re-init, client serializes" \ -c "Deserializing connection..." \ -S "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +run_test "Context serialization, re-init, client serializes, with CID" \ + "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ + 0 \ + -c "Deserializing connection..." \ + -S "Deserializing connection..." + requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, server serializes" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1322,6 +1358,15 @@ run_test "Context serialization, re-init, server serializes" \ -C "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +run_test "Context serialization, re-init, server serializes, with CID" \ + "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ + 0 \ + -C "Deserializing connection..." \ + -s "Deserializing connection..." + requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION run_test "Context serialization, re-init, both serialize" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ @@ -1330,6 +1375,15 @@ run_test "Context serialization, re-init, both serialize" \ -c "Deserializing connection..." \ -s "Deserializing connection..." +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +run_test "Context serialization, re-init, both serialize, with CID" \ + "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ + 0 \ + -c "Deserializing connection..." \ + -s "Deserializing connection..." + # Tests for DTLS Connection ID extension # So far, the CID API isn't implemented, so we can't From e0b90ece55bc51a9b097049ae14ea433f1bed037 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Aug 2019 11:32:12 +0100 Subject: [PATCH 3/4] ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM This commit splits each test in ssl-opt.sh related to context serialization in three tests, exercising the use of CCM, GCM and ChaChaPoly separately. The reason is that the choice of primitive affects the presence and size of an explicit IV, and we should test that space for those IVs is correctly restored during context deserialization; in fact, this was not the case previously, as fixed in the last commit, and was not caught by the tests because only ChaChaPoly was tested. --- tests/ssl-opt.sh | 120 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 108 insertions(+), 12 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0d7dba260..55a4fe1ef 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1283,9 +1283,25 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # Tests for Context serialization requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes" \ +run_test "Context serialization, client serializes, CCM" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Deserializing connection..." \ + -S "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, client serializes, ChaChaPoly" \ + "$P_SRV dtls=1 serialize=0 exchanges=2" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + 0 \ + -c "Deserializing connection..." \ + -S "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, client serializes, GCM" \ + "$P_SRV dtls=1 serialize=0 exchanges=2" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 0 \ -c "Deserializing connection..." \ -S "Deserializing connection..." @@ -1300,9 +1316,25 @@ run_test "Context serialization, client serializes, with CID" \ -S "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes" \ +run_test "Context serialization, server serializes, CCM" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -C "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, server serializes, ChaChaPoly" \ + "$P_SRV dtls=1 serialize=1 exchanges=2" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + 0 \ + -C "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, server serializes, GCM" \ + "$P_SRV dtls=1 serialize=1 exchanges=2" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 0 \ -C "Deserializing connection..." \ -s "Deserializing connection..." @@ -1317,9 +1349,25 @@ run_test "Context serialization, server serializes, with CID" \ -s "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize" \ +run_test "Context serialization, both serialize, CCM" \ "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, both serialize, ChaChaPoly" \ + "$P_SRV dtls=1 serialize=1 exchanges=2" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + 0 \ + -c "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, both serialize, GCM" \ + "$P_SRV dtls=1 serialize=1 exchanges=2" \ + "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 0 \ -c "Deserializing connection..." \ -s "Deserializing connection..." @@ -1334,9 +1382,25 @@ run_test "Context serialization, both serialize, with CID" \ -s "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, client serializes" \ +run_test "Context serialization, re-init, client serializes, CCM" \ "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Deserializing connection..." \ + -S "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ + "$P_SRV dtls=1 serialize=0 exchanges=2" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + 0 \ + -c "Deserializing connection..." \ + -S "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, re-init, client serializes, GCM" \ + "$P_SRV dtls=1 serialize=0 exchanges=2" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 0 \ -c "Deserializing connection..." \ -S "Deserializing connection..." @@ -1351,9 +1415,25 @@ run_test "Context serialization, re-init, client serializes, with CID" \ -S "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, server serializes" \ +run_test "Context serialization, re-init, server serializes, CCM" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -C "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ + "$P_SRV dtls=1 serialize=2 exchanges=2" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + 0 \ + -C "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, re-init, server serializes, GCM" \ + "$P_SRV dtls=1 serialize=2 exchanges=2" \ + "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 0 \ -C "Deserializing connection..." \ -s "Deserializing connection..." @@ -1368,9 +1448,25 @@ run_test "Context serialization, re-init, server serializes, with CID" \ -s "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, both serialize" \ +run_test "Context serialization, re-init, both serialize, CCM" \ "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ + "$P_SRV dtls=1 serialize=2 exchanges=2" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ + 0 \ + -c "Deserializing connection..." \ + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, re-init, both serialize, GCM" \ + "$P_SRV dtls=1 serialize=2 exchanges=2" \ + "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 0 \ -c "Deserializing connection..." \ -s "Deserializing connection..." From fe997c646b69dcf91c471bb3554b97b6ca5ab307 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 30 Aug 2019 13:02:16 +0100 Subject: [PATCH 4/4] Update library version to 2.19.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 4 ++-- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 77d9d81cd..3d6ae072d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.19.0 branch released xxxx-xx-xx Features * Add new API functions mbedtls_ssl_session_save() and diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 487faf8d2..1661a6f18 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.18.0 source code documentation + * @mainpage mbed TLS v2.19.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index f582f9b38..7604c1197 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.18.0" +PROJECT_NAME = "mbed TLS v2.19.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index ea01f1d0e..f78e40a55 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 18 +#define MBEDTLS_VERSION_MINOR 19 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02120000 -#define MBEDTLS_VERSION_STRING "2.18.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.18.0" +#define MBEDTLS_VERSION_NUMBER 0x02130000 +#define MBEDTLS_VERSION_STRING "2.19.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index c82784ee1..6f4a95587 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -172,14 +172,14 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.18.0 SOVERSION 1) + set_target_properties(mbedx509 PROPERTIES VERSION 2.19.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) target_include_directories(mbedx509 PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${MBEDTLS_DIR}/crypto/include/) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.18.0 SOVERSION 13) + set_target_properties(mbedtls PROPERTIES VERSION 2.19.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) target_include_directories(mbedtls PUBLIC ${MBEDTLS_DIR}/include/ diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index f83b8d3ff..8e85ad194 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.18.0" +check_compiletime_version:"2.19.0" Check runtime library version -check_runtime_version:"2.18.0" +check_runtime_version:"2.19.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0