Open huitema opened 4 months ago
I think this PR is ready. It allows using MbedTLS as a self-sufficient back end, including for functions like certificate verification. I would like review of the code that derives the server's public key from the list of certificates. In all the tests, the size of the list is 1, so the assumption that the first certificate is good works. But if the list contains more certificates, we probably have some extra work to do.
@kazuho in the test assets, do we have example of certificate chains containing more than 1 certificate?
@kazuho Are there any reasons against this pull request? An alternative to Openssl would be really helpful for embedded systems.
The patch works for me (tested in production). Some issues:
a) Memory leak, this is never free'd:
static int mbedtls_verify_certificate(ptls_verify_certificate_t *_self, ptls_t *tls, const char *server_name,
mbedtls_x509_crt* chain_head = (mbedtls_x509_crt*)malloc(sizeof(mbedtls_x509_crt));
int ptls_mbedtls_init_verify_certificate(ptls_context_t* ptls_ctx, char const* buffer, size_t len)
mbedtls_x509_crt* chain_head = (mbedtls_x509_crt*)malloc(sizeof(mbedtls_x509_crt));
b) Unused variable: https://github.com/huitema/picotls/blob/complete-mbedtls-backend/lib/mbedtls_sign.c#L406
c) Maybe a typo (mbedssl
-> mbedtls
):
ptls_mbedssl_init_verify_certificate_complete()
-> ptls_mbedtls_init_verify_certificate_complete()
Patch to fix the memory-leak:
*** a/mbedtls_sign.c 2024-09-10 16:56:25.685199324 +0200
--- b/mbedtls_sign.c 2024-09-10 16:56:05.489162611 +0200
*************** static int mbedtls_verify_certificate(pt
*** 1250,1255 ****
--- 1250,1256 ----
if (chain_head != NULL) {
mbedtls_x509_crt_free(chain_head);
+ free(chain_head);
}
return ret;
}
*************** void ptls_mbedtls_dispose_verify_certifi
*** 1390,1395 ****
--- 1391,1397 ----
if (verifier != NULL) {
if (verifier->trust_ca != NULL) {
mbedtls_x509_crt_free(verifier->trust_ca);
+ free(verifier->trust_ca);
verifier->trust_ca = NULL;
}
if (verifier->trust_crl != NULL) {
Update:
Client works (nice, because minicrypto
fails to verify)
Server fails:
a) Sending stateless-retry-token results in stack-buffer-overflow, this line:
https://github.com/h2o/picotls/blob/bad0e5077fc4d6673092a4fffec0a5620f6140ad/lib/mbedtls.c#L346
b) After increasing buffer, curl --http3-only
reports "bad signature"
@huitema How is this going?