Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 3.6] Defragment incoming TLS handshake messages (context extension pointer) #9949

Closed
wants to merge 24 commits into from
Closed

[Backport 3.6] Defragment incoming TLS handshake messages (context extension pointer) #9949

wants to merge 24 commits into from

Conversation

mpg
Copy link
Contributor

@mpg mpg commented Feb 3, 2025
edited
Loading

Description

This is the 3.6 backport of #9872 and #9928, with a few extra commits to try and preserve ABI compatibility in 3.6.

Status: work in progress pushed for CI feedback and early design review. Outdated see #9981

PR checklist

Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.

  • changelog provided | not required because:
  • development PR provided # | not required because:
  • TF-PSA-Crypto PR provided # | not required because:
  • framework PR provided Mbed-TLS/mbedtls-framework# | not required
  • 3.6 PR provided # | not required because:
  • 2.28 PR provided # | not required because:
  • tests provided | not required because:

Notes for the submitter

Please refer to the contributing guidelines, especially the
checklist for PR contributors.

Help make review efficient:

  • Multiple simple commits
    • please structure your PR into a series of small commits, each of which does one thing
  • Avoid force-push
    • please do not force-push to update your PR - just add new commit(s)
  • See our Guidelines for Contributors for more details about the review process.

rojer and others added 23 commits February 3, 2025 09:58
@rojer @mpg
Defragment incoming TLS handshake messages
707eeff 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
@rojer @minosgalanakis @mpg
Update ChangeLog.d/tls-hs-defrag-in.txt
8679220 
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
@rojer @mpg
Review comments
7fff111 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
@rojer @mpg
Remove mbedtls_ssl_reset_in_out_pointers
2fd90c9 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
@rojer @mpg
Allow fragments less HS msg header size (4 bytes)
738d394 
Except the first

Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
@rojer @mpg
Add a safety check for in_hsfraglen
3ec7cef 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
@waleed-elmelegy-arm @mpg
Add TLS Hanshake defragmentation tests
d09f14f 
Tests uses openssl s_server with a mix of max_send_frag
and split_send_frag options.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Improve TLS handshake defragmentation tests
01abaec 
* Add tests for the server side.
* Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3.
* Use latest version of openSSL to make sure -max_send_frag &
  -split_send_frag flags are supported.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Fix typo in TLS Handshake defrafmentation tests
5bc6e26 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Remove unnecessary string check in handshake defragmentation tests
fc8957a 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Require openssl to support TLS 1.3 in handshake defragmentation tests
0c7d3fa 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Add client authentication to handshake defragmentation tests
5aff4d0 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Remove unneeded mtu option from handshake fragmentation tests
f752cdf 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Enforce client authentication in handshake fragmentation tests
3f8d6fa 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Add a comment to elaborate using split_send_frag in handshake defragm…
dd9b4c5 
…entation tests

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Remove obselete checks due to the introduction of handhsake defragmen…
2a984b9 
…tation

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Remove unused variable in ssl_server.c
0541040 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Add guard to handshake defragmentation tests for client certificate
acfacde 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Test Handshake defragmentation only for TLS 1.3 only for small values
3a7f67f 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@waleed-elmelegy-arm @mpg
Add missing client certificate check in handshake defragmentation tests
270f9d5 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
@mpg
Add extension structure to ssl_context
dee86dd 
Not used so far, just the scaffolding.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg
Move in_iv to the extension structure
31ea34b 
Manually remove it in ssl.h, then:

sed -i 's/ssl->in_iv/ssl->in_ext->in_iv/g' library/ssl_*.[ch]

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg
Move in_hshdr, in_hsfraglen to the extension struct
8d0111b 
Manually remove from ssl.h, then:

 sed -i 's/ssl->in_hs\(hdr\|fraglen\)/ssl->in_ext->in_hs\1/g' library/ssl_*.[ch]

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg mpg self-assigned this Feb 3, 2025
@mpg mpg added needs-design-approval needs-ci Needs to pass CI tests labels Feb 3, 2025
@gilles-peskine-arm gilles-peskine-arm changed the base branch from development to mbedtls-3.6 February 3, 2025 12:22
gilles-peskine-arm
gilles-peskine-arm reviewed Feb 3, 2025
View reviewed changes
include/mbedtls/ssl.h Outdated
@@ -1795,7 +1805,7 @@ struct mbedtls_ssl_context {
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
mbedtls_ssl_context_in_ext *MBEDTLS_PRIVATE(in_ext); /*!< extension structure */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this is still technically an ABI change, although there's a good chance it works on all platforms where Mbed TLS has been ported. Pointers to different types can have different representations, and even different sizes. I know of C implementations that have different representations for word pointers and char pointers, although they have the same size — the hardware can only address 64-bit words, but C uses 8-bit char and encodes char pointers with the 3 top bits encoding an octet inside the word. I don't know if there are any C99 implementations like this, let alone C99 implementations where char pointers would have a different size (encoding the intra-word offset in a separate word).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I wasn't sure, thanks. I think as long as they're the same size we're fine, even if the representations are different: this is a private field, and it's not used in any public inline function, so applications should not be accessing it, hence not be affected by a change in representation.

If the size changed, that would be a problem indeed: if it became larger then it would be game over as that would likely make the whole structure larger, existing applications would not allocate enough size, likely resulting in stack corruption. If it became smaller, then I guess it depends if all fields that follow are private and not used by any public inline function - there's also a chance padding would just fix it for us.

I considered keeping the type to unsigned char *, and casting for each access (likely through a trivial accessor function) - I'm not 100% sure but I seem to remember that all pointers can safely be cast to void * or char * and back?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, regardless of representation, casting to void* or char* and back results in a pointer that's equal to the original pointer.

@minosgalanakis minosgalanakis self-requested a review February 3, 2025 17:44
@mpg
Copy link
Contributor Author

mpg commented Feb 4, 2025

I'll point out that this passed CI on the first try even though it was prepared quickly, which I think supports my point that this approach has the advantage of being very simple to reason about.

@mpg
Improve ABI compat trick
0521d64 
In principle, pointers to char and pointers to word-aligned structs
might have different sizes. However, it's guaranteed that any pointer
can be converted to a char pointer and back, so it's OK to store the
pointer to struct as a pointer to char.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
@mpg mpg marked this pull request as ready for review February 12, 2025 10:44
@mpg mpg added needs-review Every commit must be reviewed by at least two team members, and removed needs-ci Needs to pass CI tests labels Feb 12, 2025
gilles-peskine-arm
gilles-peskine-arm reviewed Feb 12, 2025
View reviewed changes
include/mbedtls/ssl.h
@@ -1795,7 +1805,7 @@ struct mbedtls_ssl_context {
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
unsigned char *MBEDTLS_PRIVATE(in_ext); /*!< extension structure (ABI compat) */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the record, I am approving the design using an extension structure to keep the same general structure of the patch but preserve the ABI.

(This is not an approval on GitHub because I haven't done a full code review.)

@akien-mga akien-mga mentioned this pull request Feb 12, 2025
Closed
This was referenced Feb 12, 2025
Closed
Merged
@mpg mpg mentioned this pull request Feb 13, 2025
Merged
6 tasks
@gilles-peskine-arm gilles-peskine-arm changed the title [Backport 3.6] Defragment incoming TLS handshake messages [Backport 3.6] Defragment incoming TLS handshake messages (context extension pointer) Feb 13, 2025
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Feb 13, 2025
Merged
6 tasks
@mpg
Copy link
Contributor Author

mpg commented Feb 17, 2025

Closing as superseded by #9981

@minosgalanakis minosgalanakis removed their request for review February 18, 2025 11:41
@gilles-peskine-arm
Copy link
Contributor

Actually close as superseded by #9981

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gilles-peskine-arm gilles-peskine-arm gilles-peskine-arm left review comments

Assignees

@mpg mpg

Labels
needs-review Every commit must be reviewed by at least two team members,
Projects
Roadmap pull requests (new board)
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mpg @gilles-peskine-arm @rojer @waleed-elmelegy-arm