From e1e27300a2c9fe452207bbab2a11a102cec76f25 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 18:06:05 +0100 Subject: [PATCH 01/15] Remove `MBEDTLS_KEY_EXCHANGE_RSA_ENABLED` config option Signed-off-by: Gabor Mezei --- docs/architecture/tls13-support.md | 1 - docs/proposed/config-split.md | 1 - include/mbedtls/check_config.h | 9 +- include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 25 --- include/mbedtls/ssl.h | 3 - include/mbedtls/ssl_ciphersuites.h | 6 +- library/ssl_ciphersuites.c | 168 -------------- library/ssl_tls12_client.c | 98 +-------- library/ssl_tls12_server.c | 206 ------------------ tests/include/test/ssl_helpers.h | 3 +- .../components-configuration-crypto.sh | 2 - tests/scripts/depends.py | 1 - tests/ssl-opt.sh | 8 +- 14 files changed, 8 insertions(+), 524 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index aa09e302d2..f49e9194ba 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -116,7 +116,6 @@ Support description | | | | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) | | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..6f3b5bd246 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -396,7 +396,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES #define MBEDTLS_SSL_ALPN //#define MBEDTLS_SSL_ASYNC_PRIVATE diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c2b5200bc3..4328f7198c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -87,12 +87,6 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ ( !defined(PSA_WANT_ALG_JPAKE) || \ !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ @@ -155,8 +149,7 @@ #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 7070283fd7..2221e5b2e7 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -61,7 +61,6 @@ #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET #undef MBEDTLS_SSL_RENEGOTIATION -#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index dd9ccacdee..2dc475b9f7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -360,31 +360,6 @@ */ #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 681584b3d7..2ea09bbfa3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -650,9 +650,6 @@ /* Dummy type used only for its size */ union mbedtls_ssl_premaster_secret { unsigned char dummy; /* Make the union non-empty even with SSL disabled */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5d5b4b94b8..7db620ec4b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -201,8 +201,7 @@ typedef enum { } mbedtls_key_exchange_type_t; /* Key exchanges using a certificate */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) @@ -260,8 +259,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index e4cc226327..6e4370b795 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -490,116 +490,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_SHA_1) @@ -947,29 +837,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_ALG_MD5) - { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", @@ -1019,41 +886,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(PSA_WANT_KEY_TYPE_ARIA) -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 36f79cb202..c06844db76 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1732,83 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -/* - * Generate a pre-master secret and encrypt it with the server's RSA key - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, - size_t offset, size_t *olen, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len_bytes = 2; - unsigned char *p = ssl->handshake->premaster + pms_offset; - mbedtls_pk_context *peer_pk; - - if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Generate (part of) the pre-master as - * struct { - * ProtocolVersion client_version; - * opaque random[46]; - * } PreMasterSecret; - */ - mbedtls_ssl_write_version(p, ssl->conf->transport, - MBEDTLS_SSL_VERSION_TLS1_2); - - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); - return ret; - } - - ssl->handshake->pmslen = 48; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * Now write it out, encrypted - */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - if ((ret = mbedtls_pk_encrypt(peer_pk, - p, ssl->handshake->pmslen, - ssl->out_msg + offset + len_bytes, olen, - MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret); - return ret; - } - - if (len_bytes == 2) { - MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset); - *olen += 2; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -1902,16 +1825,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; - return 0; - } - ((void) p); - ((void) end); -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || @@ -2742,15 +2655,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - header_len = 4; - if ((ret = ssl_write_encrypted_pms(ssl, header_len, - &content_len, 0)) != 0) { - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { header_len = 4; @@ -2768,7 +2672,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ { ((void) ciphersuite_info); MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a302af48ed..5a143fc3ba 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3181,194 +3181,6 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = ssl->conf->f_async_resume(ssl, - peer_pms, peer_pmslen, peer_pmssize); - if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data(ssl, NULL); - } - MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret); - return ret; -} -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl); - if (own_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate")); - return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - mbedtls_pk_context *public_key = &own_cert->pk; - mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); - size_t len = mbedtls_pk_get_len(public_key); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /* If we have already started decoding the message and there is an ongoing - * decryption operation, resume signing. */ - if (ssl->handshake->async_in_progress != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation")); - return ssl_resume_decrypt_pms(ssl, - peer_pms, peer_pmslen, peer_pmssize); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - /* - * Prepare to decrypt the premaster using own private RSA key - */ - if (p + 2 > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - if (*p++ != MBEDTLS_BYTE_1(len) || - *p++ != MBEDTLS_BYTE_0(len)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (p + len != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Decrypt the premaster secret - */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_decrypt_start != NULL) { - ret = ssl->conf->f_async_decrypt_start(ssl, - mbedtls_ssl_own_cert(ssl), - p, len); - switch (ret) { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_decrypt_start was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return ssl_resume_decrypt_pms(ssl, - peer_pms, - peer_pmslen, - peer_pmssize); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - default: - MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - ret = mbedtls_pk_decrypt(private_key, p, len, - peer_pms, peer_pmslen, peer_pmssize, - ssl->conf->f_rng, ssl->conf->p_rng); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *pms = ssl->handshake->premaster + pms_offset; - unsigned char ver[2]; - unsigned char fake_pms[48], peer_pms[48]; - size_t peer_pmslen; - mbedtls_ct_condition_t diff; - - /* In case of a failure in decryption, the decryption may write less than - * 2 bytes of output, but we always read the first two bytes. It doesn't - * matter in the end because diff will be nonzero in that case due to - * ret being nonzero, and we only care whether diff is 0. - * But do initialize peer_pms and peer_pmslen for robustness anyway. This - * also makes memory analyzers happy (don't access uninitialized memory, - * even if it's an unsigned char). */ - peer_pms[0] = peer_pms[1] = ~0; - peer_pmslen = 0; - - ret = ssl_decrypt_encrypted_pms(ssl, p, end, - peer_pms, - &peer_pmslen, - sizeof(peer_pms)); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - return ret; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - mbedtls_ssl_write_version(ver, ssl->conf->transport, - ssl->session_negotiate->tls_version); - - /* Avoid data-dependent branches while checking for invalid - * padding, to protect against timing-based Bleichenbacher-type - * attacks. */ - diff = mbedtls_ct_bool(ret); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48)); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0])); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1])); - - /* - * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding - * must not cause the connection to end immediately; instead, send a - * bad_record_mac later in the handshake. - * To protect against timing-based variants of the attack, we must - * not have any branch that depends on whether the decryption was - * successful. In particular, always generate the fake premaster secret, - * regardless of whether it will ultimately influence the output or not. - */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms)); - if (ret != 0) { - /* It's ok to abort on an RNG failure, since this does not reveal - * anything about the RSA decryption. */ - return ret; - } - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (diff != MBEDTLS_CT_FALSE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - } -#endif - - if (sizeof(ssl->handshake->premaster) < pms_offset || - sizeof(ssl->handshake->premaster) - pms_offset < 48) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - ssl->handshake->pmslen = 48; - - /* Set pms to either the true or the fake PMS, without - * data-dependent branches. */ - mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen); - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, @@ -3435,16 +3247,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA && - (ssl->handshake->async_in_progress != 0)) { - /* We've already read a record and there is an asynchronous - * operation in progress to decrypt it. So skip reading the - * record. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record")); - } else -#endif if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); return ret; @@ -3635,14 +3437,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret); - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { if ((ret = mbedtls_psa_ecjpake_read_round( diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ef4927f72e..3ba314f832 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -66,8 +66,7 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8ba4161870..3d58895550 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1165,7 +1165,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -1525,7 +1524,6 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index a08ede54a5..816d2debae 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -315,7 +315,6 @@ REVERSE_DEPENDENCIES = { 'PSA_WANT_ALG_RSA_OAEP', 'PSA_WANT_ALG_RSA_PSS'], 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], 'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6a5e7603c8..7692017784 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -311,8 +311,7 @@ requires_any_configs_disabled() { SKIP_NEXT="YES" } -TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ +TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" @@ -320,9 +319,8 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" +TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" requires_certificate_authentication () { if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From 5814e3e5660a0b9115afef81f65de50894b88420 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 18:12:50 +0100 Subject: [PATCH 02/15] Remove `MBEDTLS_KEY_EXCHANGE_RSA` key exchange type Signed-off-by: Gabor Mezei --- include/mbedtls/ssl_ciphersuites.h | 1 - library/ssl_ciphersuites.c | 5 ----- library/ssl_ciphersuites_internal.h | 3 --- library/ssl_tls.c | 4 ---- 4 files changed, 13 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 7db620ec4b..31610b0a9a 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -190,7 +190,6 @@ extern "C" { */ typedef enum { MBEDTLS_KEY_EXCHANGE_NONE = 0, - MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 6e4370b795..958668ebf7 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1220,7 +1220,6 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return MBEDTLS_PK_RSA; @@ -1239,8 +1238,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_ALG_RSA_PKCS1V15_CRYPT; case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); @@ -1260,8 +1257,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_KEY_USAGE_DECRYPT; case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_KEY_USAGE_SIGN_HASH; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index b60acdc5f8..a7981dbdf6 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -44,7 +44,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_PSK: return 1; @@ -71,7 +70,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: @@ -86,7 +84,6 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3572f3f631..5cfb83968a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8708,10 +8708,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { /* TLS 1.2 server part of the key exchange */ switch (ciphersuite->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - break; - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; From 3c7db0e5a8eef21f20bb3a3b20aa7875f3d7b9d2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 12:44:24 +0100 Subject: [PATCH 03/15] Remove `MBEDTLS_TLS_RSA_*` ciphersuite macros Signed-off-by: Gabor Mezei --- include/mbedtls/ssl_ciphersuites.h | 31 ------------------------------ library/ssl_ciphersuites.c | 23 ---------------------- 2 files changed, 54 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 31610b0a9a..b03123107c 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -24,28 +24,11 @@ extern "C" { /* * Supported ciphersuites (Official IANA names) */ -#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ - #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F - -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 - -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D -#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ - #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ @@ -54,10 +37,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ - #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 @@ -100,8 +79,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ @@ -110,8 +87,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ @@ -136,8 +111,6 @@ extern "C" { #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ @@ -155,10 +128,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 958668ebf7..b979cad94f 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -110,22 +110,14 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, /* All AES-256 suites */ - MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, /* All CAMELLIA-256 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, @@ -134,28 +126,18 @@ static const int ciphersuite_preference[] = /* All ARIA-256 suites */ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, /* All AES-128 suites */ - MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, /* All CAMELLIA-128 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, @@ -164,10 +146,8 @@ static const int ciphersuite_preference[] = /* All ARIA-128 suites */ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, @@ -198,9 +178,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_WITH_NULL_SHA256, - MBEDTLS_TLS_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_WITH_NULL_MD5, MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, MBEDTLS_TLS_PSK_WITH_NULL_SHA384, From 3ee9a8cf49537d3dcb857c3361fd635868d7579e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 12:53:40 +0100 Subject: [PATCH 04/15] Remove `TLS-RSA` related test cases Signed-off-by: Gabor Mezei --- tests/compat.sh | 23 ----------------------- tests/context-info.sh | 10 ---------- 2 files changed, 33 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index de8c1bb18a..975d8dc3d9 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -327,17 +327,6 @@ add_common_ciphersuites() TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_RSA_WITH_AES_256_CBC_SHA \ - TLS_RSA_WITH_AES_256_CBC_SHA256 \ - TLS_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \ - TLS_RSA_WITH_NULL_MD5 \ - TLS_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_NULL_SHA256 \ " ;; @@ -388,8 +377,6 @@ add_openssl_ciphersuites() TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_RSA_WITH_ARIA_256_GCM_SHA384 \ " ;; @@ -437,14 +424,6 @@ add_gnutls_ciphersuites() TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_RSA_WITH_AES_128_CCM \ - TLS_RSA_WITH_AES_128_CCM_8 \ - TLS_RSA_WITH_AES_256_CCM \ - TLS_RSA_WITH_AES_256_CCM_8 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ " ;; @@ -506,8 +485,6 @@ add_mbedtls_ciphersuites() M_CIPHERS="$M_CIPHERS \ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_RSA_WITH_ARIA_256_CBC_SHA384 \ " ;; diff --git a/tests/context-info.sh b/tests/context-info.sh index 6c08b865ba..066bd3d589 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -241,16 +241,6 @@ run_test "Default configuration, client" \ -u "basic constraints.* CA=false$" \ -n "bytes left to analyze from context" -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ - "srv_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ - "cli_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - run_test "No packing, server" \ "srv_no_packing.txt" \ -n "ERROR" \ From e99e591179bb585fb2ad6861e26c7e0e0fe37aca Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 13:41:24 +0100 Subject: [PATCH 05/15] Remove key exchange based on encryption/decryption Signed-off-by: Gabor Mezei --- include/mbedtls/ssl.h | 79 +------------------------------------ library/ssl_misc.h | 1 - library/ssl_tls.c | 2 - library/ssl_tls12_server.c | 1 - programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_server2.c | 27 ++----------- programs/ssl/ssl_test_lib.c | 5 --- programs/ssl/ssl_test_lib.h | 1 - 8 files changed, 7 insertions(+), 113 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2ea09bbfa3..6c37fc3703 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -999,71 +999,6 @@ typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len); - -/** - * \brief Callback type: start external decryption operation. - * - * This callback is called during an SSL handshake to start - * an RSA decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p input if the value - * is needed for later processing, because the \p input buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \warning RSA decryption as used in TLS is subject to a potential - * timing side channel attack first discovered by Bleichenbacher - * in 1998. This attack can be remotely exploitable - * in practice. To avoid this attack, you must ensure that - * if the callback performs an RSA decryption, the time it - * takes to execute and return the result does not depend - * on whether the RSA decryption succeeded or reported - * invalid padding. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param input Buffer containing the input ciphertext. This buffer - * is no longer valid when the function returns. - * \param input_len Size of the \p input buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1071,8 +1006,7 @@ typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, * * This callback is called during an SSL handshake to resume * an external operation started by the - * ::mbedtls_ssl_async_sign_t or - * ::mbedtls_ssl_async_decrypt_t callback. + * ::mbedtls_ssl_async_sign_t callback. * * This function typically checks the status of a pending * request or causes the request queue to make progress, and @@ -1538,7 +1472,6 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ - mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ @@ -2854,17 +2787,10 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( * external processor does not support any signature * operation; in this case the private key object * associated with the certificate will be used. - * \param f_async_decrypt Callback to start a decryption operation. See - * the description of ::mbedtls_ssl_async_decrypt_t - * for more information. This may be \c NULL if the - * external processor does not support any decryption - * operation; in this case the private key object - * associated with the certificate will be used. * \param f_async_resume Callback to resume an asynchronous operation. See * the description of ::mbedtls_ssl_async_resume_t * for more information. This may not be \c NULL unless - * \p f_async_sign and \p f_async_decrypt are both - * \c NULL. + * \p f_async_sign is \c NULL. * \param f_async_cancel Callback to cancel an asynchronous operation. See * the description of ::mbedtls_ssl_async_cancel_t * for more information. This may be \c NULL if @@ -2876,7 +2802,6 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( */ void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *config_data); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 164a23037a..d12cee3ceb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -985,7 +985,6 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /** Asynchronous operation context. This field is meant for use by the * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, - * mbedtls_ssl_config::f_async_decrypt_start, * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). * The library does not use it internally. */ void *user_async_ctx; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5cfb83968a..46fb92464d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2737,13 +2737,11 @@ void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *async_config_data) { conf->f_async_sign_start = f_async_sign; - conf->f_async_decrypt_start = f_async_decrypt; conf->f_async_resume = f_async_resume; conf->f_async_cancel = f_async_cancel; conf->p_async_config_data = async_config_data; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5a143fc3ba..542d1f0957 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -693,7 +693,6 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, int key_type_matches = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - ssl->conf->f_async_decrypt_start != NULL || mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); #else diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5c2a63ff7..6ed073eef5 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -348,10 +348,10 @@ int main(void) #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ #define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ + " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a81cc88c0c..8a0e18aefd 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -210,7 +210,7 @@ int main(void) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #define USAGE_SSL_ASYNC \ - " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \ + " async_operations=%%c... s=sign (default: -=off)\n" \ " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \ " default: -1 (not asynchronous)\n" \ @@ -478,13 +478,13 @@ int main(void) " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1227,16 +1227,6 @@ static int ssl_async_sign(mbedtls_ssl_context *ssl, hash, hash_len); } -static int ssl_async_decrypt(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len) -{ - return ssl_async_start(ssl, cert, - ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE, - input, input_len); -} - static int ssl_async_resume(mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, @@ -1257,12 +1247,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { - case ASYNC_OP_DECRYPT: - ret = mbedtls_pk_decrypt(key_slot->pk, - ctx->input, ctx->input_len, - output, output_len, output_size, - config_data->f_rng, config_data->p_rng); - break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, @@ -3118,13 +3102,9 @@ usage: #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (opt.async_operations[0] != '-') { mbedtls_ssl_async_sign_t *sign = NULL; - mbedtls_ssl_async_decrypt_t *decrypt = NULL; const char *r; for (r = opt.async_operations; *r; r++) { switch (*r) { - case 'd': - decrypt = ssl_async_decrypt; - break; case 's': sign = ssl_async_sign; break; @@ -3137,7 +3117,6 @@ usage: ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb(&conf, sign, - decrypt, ssl_async_resume, ssl_async_cancel, &ssl_async_keys); diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 2c68489ba6..acc01a2182 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -197,7 +197,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg1, "rsa-decrypt") != 0 && strcmp(*alg1, "ecdsa-sign") != 0 && strcmp(*alg1, "ecdh") != 0) { return 1; @@ -208,7 +207,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg2, "rsa-decrypt") != 0 && strcmp(*alg2, "ecdsa-sign") != 0 && strcmp(*alg2, "ecdh") != 0 && strcmp(*alg2, "none") != 0) { @@ -245,9 +243,6 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) { *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-decrypt") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; - *usage |= PSA_KEY_USAGE_DECRYPT; } else if (strcmp(algs[i], "ecdsa-sign") == 0) { *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); *usage |= PSA_KEY_USAGE_SIGN_HASH; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index bc5cce51a0..c001a2afa1 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -202,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len); * Coma-separated pair of values among the following: * - "rsa-sign-pkcs1" * - "rsa-sign-pss" - * - "rsa-decrypt" * - "ecdsa-sign" * - "ecdh" * - "none" (only acceptable for the second value). From 3ead04a12dd70107c2e3e57e238c648045f52934 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 14:30:35 +0100 Subject: [PATCH 06/15] Remove/migrate tests for key exchange based on decryption Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 57 ++++++++---------------------------------------- 1 file changed, 9 insertions(+), 48 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7692017784..222895f22b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2305,20 +2305,6 @@ run_test "Opaque key for server authentication: ECDH-" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C @@ -2335,20 +2321,6 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke -c "error" \ -c "Public key type mismatch" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE @@ -2437,8 +2409,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: no suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 1 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -2450,8 +2422,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -2477,8 +2449,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=rsa-sign-pkcs1,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -7723,12 +7695,12 @@ run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \ 0 \ -c "Ciphersuite is TLS-ECDHE-RSA-WITH-" -run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \ +run_test "keyUsage srv 1.2: RSA, keyEncipherment -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-RSA-WITH-" + 1 \ + -C "Ciphersuite is " run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ @@ -8860,17 +8832,6 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Test for ClientHello without extensions -# Without extensions, ECC is impossible (no curve negotiation). -requires_config_enabled MBEDTLS_RSA_C -requires_gnutls -run_test "ClientHello without extensions: RSA" \ - "$P_SRV force_version=tls12 debug_level=3" \ - "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 0 \ - -s "Ciphersuite is .*-RSA-WITH-.*" \ - -S "Ciphersuite is .*-EC.*" \ - -s "dumping 'client hello extensions' (0 bytes)" - requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED requires_gnutls run_test "ClientHello without extensions: PSK" \ From 58535da8d09ea178d44f6992a8b0771c076784a4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 3 Mar 2025 15:43:50 +0100 Subject: [PATCH 07/15] Only check for certificates if it is supported Signed-off-by: Gabor Mezei --- library/ssl_tls12_server.c | 6 +++++- programs/ssl/ssl_test_common_source.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 542d1f0957..fb88cf2956 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -654,6 +654,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, * Try picking a certificate for this ciphersuite, * return 0 on success and -1 on failure. */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_pick_cert(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info) @@ -744,6 +745,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, return -1; } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* @@ -806,6 +809,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + #if defined(MBEDTLS_X509_CRT_PARSE_C) /* * Final check: if ciphersuite requires us to have a @@ -821,7 +826,6 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, } #endif -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 6c7eed5e58..354e97ef90 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -315,6 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_X509_CRT_PARSE_C) /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function * for more info. @@ -352,7 +353,6 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static void mbedtls_print_supported_sig_algs(void) { mbedtls_printf("supported signature algorithms:\n"); From 47c6277480739494f6edb0d6f5f3b9eee7c11ff8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 7 Mar 2025 13:42:04 +0100 Subject: [PATCH 08/15] Update dependencies Let the TLS context serialiazation tests to run with other than RSA ciphersuites. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b491d4ceb..00283082f5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { /* Choose an AEAD ciphersuite */ From aeea5e65af31b09f5e8df0262cff970eab9fb461 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 13:05:28 +0100 Subject: [PATCH 09/15] Add changelog entry Signed-off-by: Gabor Mezei --- ChangeLog.d/remove_RSA_key_exchange.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt new file mode 100644 index 0000000000..a0513a104c --- /dev/null +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA key exchange in TLS 1.2. \ No newline at end of file From 817a1553b9d0e07a8e9fef37a582a8b1471b8fb6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 16:58:17 +0100 Subject: [PATCH 10/15] Add missing newline Signed-off-by: Gabor Mezei --- ChangeLog.d/remove_RSA_key_exchange.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt index a0513a104c..f9baaf1701 100644 --- a/ChangeLog.d/remove_RSA_key_exchange.txt +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -1,2 +1,2 @@ Removals - * Remove support for the RSA key exchange in TLS 1.2. \ No newline at end of file + * Remove support for the RSA key exchange in TLS 1.2. From 9ee58e43e151814cf024910fef2eb7033d5d374e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 22:31:35 +0100 Subject: [PATCH 11/15] Update test dependencies Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 00283082f5..7f4c65cfbe 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2825,7 +2825,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { /* Choose an AEAD ciphersuite */ @@ -2890,7 +2890,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { From 10018fc82e6955ab53310e85dbe8177f2c4e722e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 12 Mar 2025 12:05:35 +0100 Subject: [PATCH 12/15] Do not remeove macro from design doc Signed-off-by: Gabor Mezei --- docs/proposed/config-split.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 6f3b5bd246..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -396,6 +396,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES #define MBEDTLS_SSL_ALPN //#define MBEDTLS_SSL_ASYNC_PRIVATE From 1ac784c5a5a633a43a13fd7a15e098127bf0defa Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 09:15:47 +0100 Subject: [PATCH 13/15] Fix test case migration Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 222895f22b..0634c26a67 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2449,7 +2449,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=rsa-sign-pkcs1,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ From 5ba9b57cbd699b0e2e9fd7875635b949e6a5900f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 09:17:05 +0100 Subject: [PATCH 14/15] Convert test function to a static function The `resize_buffers` function is no more used as a test function to convert it to a static function. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 78 +++++++++++++++------------- 1 file changed, 42 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7f4c65cfbe..3f84458797 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -63,6 +63,45 @@ exit: } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(PSA_WANT_ECC_SECP_R1_384) && \ + defined(PSA_WANT_ALG_SHA_256) +/* + * Test function to perform a handshake using the mfl extension and with + * setting the resize buffer option. + */ +static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, + int serialize, int dtls, char *cipher) +{ + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + + options.mfl = mfl; + options.cipher = cipher; + options.renegotiate = renegotiation; + options.legacy_renegotiation = legacy_renegotiation; + options.serialize = serialize; + options.dtls = dtls; + if (dtls) { + options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; + } + options.resize_buffers = 1; + + const mbedtls_ssl_ciphersuite_t *ciphersuite = + mbedtls_ssl_ciphersuite_from_string(cipher); + if (ciphersuite != NULL) { + options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); + } + + mbedtls_test_ssl_perform_handshake(&options); + + mbedtls_test_free_handshake_options(&options); +} + +#endif + #if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305) #define TEST_GCM_OR_CHACHAPOLY_ENABLED #endif @@ -2825,39 +2864,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, - int serialize, int dtls, char *cipher) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.mfl = mfl; - options.cipher = cipher; - options.renegotiate = renegotiation; - options.legacy_renegotiation = legacy_renegotiation; - options.serialize = serialize; - options.dtls = dtls; - if (dtls) { - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - options.resize_buffers = 1; - - const mbedtls_ssl_ciphersuite_t *ciphersuite = - mbedtls_ssl_ciphersuite_from_string(cipher); - if (ciphersuite != NULL) { - options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); - } - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { @@ -2885,8 +2891,8 @@ void resize_buffers_serialize_mfl(int mfl) TEST_ASSERT(ciphersuite != NULL); - test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, - (char *) ciphersuite->name); + resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, + (char *) ciphersuite->name); } /* END_CASE */ @@ -2894,7 +2900,7 @@ void resize_buffers_serialize_mfl(int mfl) void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { - test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); + resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } From 2c7f38823deefd51981dbe17faed98c86714f7f7 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 17:56:11 +0100 Subject: [PATCH 15/15] Update framework Signed-off-by: Gabor Mezei --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index cab0c5fe19..72b5acd590 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd +Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d