[s11n 4/7] Add version + config check to SSL tickets #2788
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jarlamsa
added
enhancement
mbed TLS team
needs-review
This was referenced Aug 14, 2019
hanno-becker
previously approved these changes
Aug 14, 2019
jarlamsa
force-pushed
the
session-serial-version-check-dev
branch
from
7ba1f4f to
74075ba
Compare
|
Rebased on top of #2785 |
hanno-becker
previously approved these changes
Aug 15, 2019
jarlamsa
force-pushed
the
session-serial-version-check-dev
branch
from
74075ba to
c85c336
Compare
|
rebased |
|
@hanno-arm please re-review |
jarlamsa
force-pushed
the
session-serial-version-check-dev
branch
from
c85c336 to
f40a5e0
Compare
hanno-becker
previously approved these changes
Aug 21, 2019
jarvte
previously approved these changes
Aug 23, 2019
This is currently a dummy, just introducing the new name.
The size of the ticket used in this test dropped from 192 to 143 bytes, so move all sizes used in this test down 50 bytes. Also, we now need to adapt the server response size as the default size would otherwise collide with the new mtu value.
Previously the test didn't work because of embedded pointer values that are not predictable. Now it works as we no longer serialize such values.
The format of serialized SSL sessions depends on the version and the configuration of Mbed TLS; attempts to restore sessions established in different versions and/or configurations lead to undefined behaviour. This commit adds an 3-byte version header to the serialized session generated and cleanly fails ticket parsing in case a session from a non-matching version of Mbed TLS is presented.
This commit adds space for two bytes in the header of serizlied SSL sessions which can be used to determine the structure of the remaining serialized session in the respective version of Mbed TLS. Specifically, if parts of the session depend on whether specific compile-time options are set or not, the setting of these options can be encoded in the added space. This commit doesn't yet make use of the fields.
This commit makes use of the added space in the session header to encode the state of those parts of the compile-time configuration which influence the structure of the serialized session in the present version of Mbed TLS. Specifically, these are - the options which influence the presence/omission of fields from mbedtls_ssl_session (which is currently shallow-copied into the serialized session) - the setting of MBEDTLS_X509_CRT_PARSE_C, which determines whether the serialized session contains a CRT-length + CRT-value pair after the shallow-copied mbedtls_ssl_session instance. - the setting of MBEDTLS_SSL_SESSION_TICKETS, which determines whether the serialized session contains a session ticket.
This commit improves the test exercising the behaviour of session deserialization when facing an unexpected version or config, by testing ver/cfg corruption at any bit in the ver/cfg header of the serialized data; previously, it had only tested the first bit of each byte.
This commit introduces a new SSL error code `MBEDTLS_ERR_SSL_VERSION_MISMATCH` which can be used to indicate operation failure due to a mismatch of version or configuration. It is put to use in the implementation of `mbedtls_ssl_session_load()` to signal the attempt to de-serialize a session which has been serialized in a build of Mbed TLS using a different version or configuration.
jarlamsa
force-pushed
the
session-serial-version-check-dev
branch
from
f40a5e0 to
be34e8e
Compare
|
Rebased without conflicts |
|
@hanno-arm @jarvte please re-review |
jarvte
approved these changes
Aug 23, 2019
hanno-becker
approved these changes
Aug 23, 2019
|
All of the serialisation PRs now have 2 approving reviews and passing CI. Thus considering all of them ready for merge. |
jarlamsa
added
approved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This is a side-port to development of PR https://github.com/ARMmbed/mbedtls-restricted/pull/567 that has already been merged to baremetal.
Dependencies: based on #2764, #2766 and #2785 - see "Background" below.
This PR contains a proposal for how to add version + config identifiers to serialized SSL sessions (and, later, also to serialized SSL contexts) in order to detect the use serialized sessions in versions and/or configurations different from those in which they were issued.
Background
This is the fourth in a series of seven PRs implementing serialization of a full SSL context (not just the session), under some restrictions.
The PRs in the series are:
The full series is already merged in baremetal. It needs upstreaming for the benefit of the Could team, who will be the main user, and relies on upstream releases.
Side-porting details
Side-porting was done with
git cherry-pick; all commits were picked with no conflicts.The table shows how each side-ported commit was handled:
Review notes
Reviewers are strongly encouraged to review commit by commit, as the final diff is unlikely to make sense. Please note that the first commits (up to "Re-enable test that now works with new format") are part of #2764, #2766 and #2785 and don't need to be re-reviewed here (except checking that they're indeed part of #2764 #2766 #2785).