ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-09 08:31:33 +08:00
Code Issues Releases Wiki Activity

Merge pull request #5637 from ronald-cron-arm/version-negotiation-1

Browse Source 
TLS 1.2/1.3 version negotiation - 1
This commit is contained in:
Ronald Cron 2022-03-31 11:47:16 +02:00 committed by GitHub
commit a980adf4ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 629 additions and 681 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/architecture/tls13-support.md
View File

@ -388,10 +388,10 @@ General coding rules:
Example: Example:
``` ```
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type, unsigned hs_type,
unsigned char **buf, unsigned char **buf,
size_t *buf_len ); size_t *buf_len );
``` ```
- When a function's parameters span several lines, group related parameters - When a function's parameters span several lines, group related parameters
@ -400,12 +400,12 @@ General coding rules:
For example, prefer: For example, prefer:
``` ```
mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, mbedtls_ssl_start_handshake_msg( ssl, hs_type,
buf, buf_len ); buf, buf_len );
``` ```
over over
``` ```
mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, buf, mbedtls_ssl_start_handshake_msg( ssl, hs_type, buf,
buf_len ); buf_len );
``` ```
even if it fits. even if it fits.

60
include/mbedtls/mbedtls_config.h
View File

@ -2181,9 +2181,10 @@
* Enable the debug functions. * Enable the debug functions.
* *
* Module: library/debug.c * Module: library/debug.c
* Caller: library/ssl_cli.c * Caller: library/ssl_msg.c
* library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* library/ssl_tls12_*.c
* library/ssl_tls13_*.c
* *
* This module provides debugging functions. * This module provides debugging functions.
*/ */
@ -2211,8 +2212,9 @@
* Enable the Diffie-Hellman-Merkle module. * Enable the Diffie-Hellman-Merkle module.
* *
* Module: library/dhm.c * Module: library/dhm.c
* Caller: library/ssl_cli.c * Caller: library/ssl_tls.c
* library/ssl_srv.c * library/ssl*_client.c
* library/ssl*_server.c
* *
* This module is used by the following key exchanges: * This module is used by the following key exchanges:
* DHE-RSA, DHE-PSK * DHE-RSA, DHE-PSK
@ -2232,8 +2234,10 @@
* Enable the elliptic curve Diffie-Hellman library. * Enable the elliptic curve Diffie-Hellman library.
* *
* Module: library/ecdh.c * Module: library/ecdh.c
* Caller: library/ssl_cli.c * Caller: library/psa_crypto.c
* library/ssl_srv.c * library/ssl_tls.c
* library/ssl*_client.c
* library/ssl*_server.c
* *
* This module is used by the following key exchanges: * This module is used by the following key exchanges:
* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
@ -2519,9 +2523,11 @@
* Enable the generic public (asymetric) key layer. * Enable the generic public (asymetric) key layer.
* *
* Module: library/pk.c * Module: library/pk.c
* Caller: library/ssl_tls.c * Caller: library/psa_crypto_rsa.c
* library/ssl_cli.c * library/ssl_tls.c
* library/ssl_srv.c * library/ssl*_client.c
* library/ssl*_server.c
* library/x509.c
* *
* Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
* *
@ -2689,10 +2695,11 @@
* *
* Module: library/rsa.c * Module: library/rsa.c
* library/rsa_alt_helpers.c * library/rsa_alt_helpers.c
* Caller: library/ssl_cli.c * Caller: library/pk.c
* library/ssl_srv.c * library/psa_crypto.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509.c * library/ssl*_client.c
* library/ssl*_server.c
* *
* This module is used by the following key exchanges: * This module is used by the following key exchanges:
* RSA, DHE-RSA, ECDHE-RSA, RSA-PSK * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
@ -2708,10 +2715,7 @@
* *
* Module: library/sha1.c * Module: library/sha1.c
* Caller: library/md.c * Caller: library/md.c
* library/ssl_cli.c * library/psa_crypto_hash.c
* library/ssl_srv.c
* library/ssl_tls.c
* library/x509write_crt.c
* *
* This module is required for TLS 1.2 depending on the handshake parameters, * This module is required for TLS 1.2 depending on the handshake parameters,
* and for SHA1-signed certificates. * and for SHA1-signed certificates.
@ -2750,9 +2754,9 @@
* Module: library/sha256.c * Module: library/sha256.c
* Caller: library/entropy.c * Caller: library/entropy.c
* library/md.c * library/md.c
* library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* library/ssl*_client.c
* library/ssl*_server.c
* *
* This module adds support for SHA-256. * This module adds support for SHA-256.
* This module is required for the SSL/TLS 1.2 PRF function. * This module is required for the SSL/TLS 1.2 PRF function.
@ -2818,8 +2822,10 @@
* *
* Module: library/sha512.c * Module: library/sha512.c
* Caller: library/md.c * Caller: library/md.c
* library/ssl_cli.c * library/psa_crypto_hash.c
* library/ssl_srv.c * library/ssl_tls.c
* library/ssl*_client.c
* library/ssl*_server.c
* *
* Comment to disable SHA-384 * Comment to disable SHA-384
*/ */
@ -2933,7 +2939,7 @@
* *
* Enable the SSL/TLS client code. * Enable the SSL/TLS client code.
* *
* Module: library/ssl_cli.c * Module: library/ssl*_client.c
* Caller: * Caller:
* *
* Requires: MBEDTLS_SSL_TLS_C * Requires: MBEDTLS_SSL_TLS_C
@ -2947,7 +2953,7 @@
* *
* Enable the SSL/TLS server code. * Enable the SSL/TLS server code.
* *
* Module: library/ssl_srv.c * Module: library/ssl*_server.c
* Caller: * Caller:
* *
* Requires: MBEDTLS_SSL_TLS_C * Requires: MBEDTLS_SSL_TLS_C
@ -2962,8 +2968,8 @@
* Enable the generic SSL/TLS code. * Enable the generic SSL/TLS code.
* *
* Module: library/ssl_tls.c * Module: library/ssl_tls.c
* Caller: library/ssl_cli.c * Caller: library/ssl*_client.c
* library/ssl_srv.c * library/ssl*_server.c
* *
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
* and at least one of the MBEDTLS_SSL_PROTO_XXX defines * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
@ -3048,9 +3054,9 @@
* Enable X.509 certificate parsing. * Enable X.509 certificate parsing.
* *
* Module: library/x509_crt.c * Module: library/x509_crt.c
* Caller: library/ssl_cli.c * Caller: library/ssl_tls.c
* library/ssl_srv.c * library/ssl*_client.c
* library/ssl_tls.c * library/ssl*_server.c
* *
* Requires: MBEDTLS_X509_USE_C * Requires: MBEDTLS_X509_USE_C
* *

5
include/mbedtls/ssl.h
View File

@ -41,9 +41,8 @@
#endif #endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due /* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
* to guards also being in ssl_srv.c and ssl_cli.c. There is a gap * to guards in TLS code. There is a gap in functionality that access to
* in functionality that access to ecdh_ctx structure is needed for * ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not seem correct.
* MBEDTLS_ECDSA_C which does not seem correct.
*/ */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdh.h" #include "mbedtls/ecdh.h"

4
library/CMakeLists.txt
View File

@ -99,12 +99,12 @@ set(src_tls
net_sockets.c net_sockets.c
ssl_cache.c ssl_cache.c
ssl_ciphersuites.c ssl_ciphersuites.c
ssl_cli.c
ssl_cookie.c ssl_cookie.c
ssl_msg.c ssl_msg.c
ssl_srv.c
ssl_ticket.c ssl_ticket.c
ssl_tls.c ssl_tls.c
ssl_tls12_client.c
ssl_tls12_server.c
ssl_tls13_keys.c ssl_tls13_keys.c
ssl_tls13_server.c ssl_tls13_server.c
ssl_tls13_client.c ssl_tls13_client.c

4
library/Makefile
View File

@ -168,12 +168,12 @@ OBJS_TLS= \
net_sockets.o \ net_sockets.o \
ssl_cache.o \ ssl_cache.o \
ssl_ciphersuites.o \ ssl_ciphersuites.o \
ssl_cli.o \
ssl_cookie.o \ ssl_cookie.o \
ssl_msg.o \ ssl_msg.o \
ssl_srv.o \
ssl_ticket.o \ ssl_ticket.o \
ssl_tls.o \ ssl_tls.o \
ssl_tls12_client.o \
ssl_tls12_server.o \
ssl_tls13_keys.o \ ssl_tls13_keys.o \
ssl_tls13_client.o \ ssl_tls13_client.o \
ssl_tls13_server.o \ ssl_tls13_server.o \

73
library/ssl_misc.h
View File

@ -539,8 +539,6 @@ struct mbedtls_ssl_handshake_params
{ {
/* Frequently-used boolean or byte fields (placed early to take /* Frequently-used boolean or byte fields (placed early to take
* advantage of smaller code size for indirect access on Arm Thumb) */ * advantage of smaller code size for indirect access on Arm Thumb) */
uint8_t max_major_ver; /*!< max. major version client*/
uint8_t max_minor_ver; /*!< max. minor version client*/
uint8_t resume; /*!< session resume indicator*/ uint8_t resume; /*!< session resume indicator*/
uint8_t cli_exts; /*!< client extension presence*/ uint8_t cli_exts; /*!< client extension presence*/
@ -623,9 +621,9 @@ struct mbedtls_ssl_handshake_params
#endif #endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due /* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
* to guards also being in ssl_srv.c and ssl_cli.c. There is a gap * to guards in client and server code. There is a gap in functionality that
* in functionality that access to ecdh_ctx structure is needed for * access to ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not
* MBEDTLS_ECDSA_C which does not seem correct. * seem correct.
*/ */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
@ -1154,6 +1152,11 @@ int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
mbedtls_ssl_states state )
{
ssl->state = ( int ) state;
}
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
@ -1247,6 +1250,12 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
unsigned update_hs_digest ); unsigned update_hs_digest );
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
/*
* Write handshake message header
*/
int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
unsigned char **buf, size_t *buf_len );
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
int update_checksum, int update_checksum,
int force_flush ); int force_flush );
@ -1255,6 +1264,12 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */, 1 /* force flush */ ) ); return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */, 1 /* force flush */ ) );
} }
/*
* Write handshake message tail
*/
int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
size_t buf_len, size_t msg_len );
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ); int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush );
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
@ -1270,8 +1285,17 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
/*
* Update checksum of handshake messages.
*/
void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
mbedtls_key_exchange_type_t key_ex );
/** /**
* Get the first defined PSK by order of precedence: * Get the first defined PSK by order of precedence:
@ -1336,7 +1360,10 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
unsigned char mbedtls_ssl_hash_from_md_alg( int md ); unsigned char mbedtls_ssl_hash_from_md_alg( int md );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
#endif
int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id ); int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
@ -1726,13 +1753,6 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) ); MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
} }
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
mbedtls_ssl_states state )
{
ssl->state = ( int ) state;
}
/* /*
* Fetch TLS 1.3 handshake message header * Fetch TLS 1.3 handshake message header
*/ */
@ -1741,14 +1761,6 @@ int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned char **buf, unsigned char **buf,
size_t *buf_len ); size_t *buf_len );
/*
* Write TLS 1.3 handshake message header
*/
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
size_t *buf_len );
/* /*
* Handler of TLS 1.3 server certificate message * Handler of TLS 1.3 server certificate message
*/ */
@ -1777,25 +1789,6 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
*/ */
int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl );
/*
* Write TLS 1.3 handshake message tail
*/
int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
size_t buf_len,
size_t msg_len );
void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
size_t total_hs_len );
/*
* Update checksum of handshake messages.
*/
void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len );
int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl ); int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

34
library/ssl_msg.c
View File

@ -2445,6 +2445,24 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
/* /*
* Handshake layer functions * Handshake layer functions
*/ */
int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
unsigned char **buf, size_t *buf_len )
{
/*
* Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
* ...
* HandshakeType msg_type;
* uint24 length;
* ...
*/
*buf = ssl->out_msg + 4;
*buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = hs_type;
return( 0 );
}
/* /*
* Write (DTLS: or queue) current handshake (including CCS) message. * Write (DTLS: or queue) current handshake (including CCS) message.
@ -2609,6 +2627,22 @@ int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
size_t buf_len, size_t msg_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t msg_with_header_len;
((void) buf_len);
/* Add reserved 4 bytes for handshake header */
msg_with_header_len = msg_len + 4;
ssl->out_msglen = msg_with_header_len;
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0, 0 ) );
cleanup:
return( ret );
}
/* /*
* Record layer functions * Record layer functions
*/ */

126
library/ssl_tls.c
View File

@ -475,6 +475,30 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
} }
} }
static void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
size_t total_hs_len )
{
unsigned char hs_hdr[4];
/* Build HS header for checksum update. */
hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
}
void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len )
{
mbedtls_ssl_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
ssl->handshake->update_checksum( ssl, msg, msg_len );
}
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
{ {
((void) ssl); ((void) ssl);
@ -853,12 +877,21 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl ) static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
{ {
const mbedtls_ssl_config *conf = ssl->conf;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls13_enabled( conf ) &&
( conf->endpoint == MBEDTLS_SSL_IS_SERVER ) )
{ {
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
if( mbedtls_ssl_conf_is_tls13_only( conf ) )
{
if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
} }
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
@ -867,7 +900,7 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) ) if( mbedtls_ssl_conf_is_tls12_only( conf ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
return( 0 ); return( 0 );
@ -875,7 +908,7 @@ static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) ) if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( conf ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
@ -3111,8 +3144,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
mbedtls_ssl_buffering_free( ssl ); mbedtls_ssl_buffering_free( ssl );
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_ECDH_C) && \ #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_USE_PSA_CRYPTO) ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
psa_destroy_key( handshake->ecdh_psa_privkey ); psa_destroy_key( handshake->ecdh_psa_privkey );
#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
@ -3939,6 +3972,14 @@ static uint16_t ssl_preset_default_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
@ -4509,37 +4550,6 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
return( -1 );
switch( md )
{
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_SSL_HASH_SHA384:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_SSL_HASH_SHA256:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
break;
#endif
default:
return( -1 );
}
return 0;
#else /* !MBEDTLS_SSL_PROTO_TLS1_2 */
(void) ssl;
(void) md;
return( -1 );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md, const mbedtls_md_type_t md,
@ -5218,20 +5228,16 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
* Set appropriate PRF function and other SSL / TLS1.2 functions * Set appropriate PRF function and other SSL / TLS1.2 functions
* *
* Inputs: * Inputs:
* - SSL/TLS minor version
* - hash associated with the ciphersuite (only used by TLS 1.2) * - hash associated with the ciphersuite (only used by TLS 1.2)
* *
* Outputs: * Outputs:
* - the tls_prf, calc_verify and calc_finished members of handshake structure * - the tls_prf, calc_verify and calc_finished members of handshake structure
*/ */
static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
int minor_ver,
mbedtls_md_type_t hash ) mbedtls_md_type_t hash )
{ {
#if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_SHA384_C)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && if( hash == MBEDTLS_MD_SHA384 )
hash == MBEDTLS_MD_SHA384 )
{ {
handshake->tls_prf = tls_prf_sha384; handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384;
@ -5240,20 +5246,19 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
else else
#endif #endif
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{ {
(void) hash;
handshake->tls_prf = tls_prf_sha256; handshake->tls_prf = tls_prf_sha256;
handshake->calc_verify = ssl_calc_verify_tls_sha256; handshake->calc_verify = ssl_calc_verify_tls_sha256;
handshake->calc_finished = ssl_calc_finished_tls_sha256; handshake->calc_finished = ssl_calc_finished_tls_sha256;
} }
else #else
#endif
{ {
(void) hash;
(void) minor_ver;
(void) handshake; (void) handshake;
(void) hash;
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#endif
return( 0 ); return( 0 );
} }
@ -5292,7 +5297,7 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
* [in] ssl: optionally used for debugging, EMS and PSA-PSK * [in] ssl: optionally used for debugging, EMS and PSA-PSK
* debug: conf->f_dbg, conf->p_dbg * debug: conf->f_dbg, conf->p_dbg
* EMS: passed to calc_verify (debug + session_negotiate) * EMS: passed to calc_verify (debug + session_negotiate)
* PSA-PSA: minor_ver, conf * PSA-PSA: conf
*/ */
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
unsigned char *master, unsigned char *master,
@ -5353,7 +5358,6 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_use_opaque_psk( ssl ) == 1 ) ssl_use_opaque_psk( ssl ) == 1 )
{ {
/* Perform PSK-to-MS expansion in a single step. */ /* Perform PSK-to-MS expansion in a single step. */
@ -5431,7 +5435,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
/* Set PRF, calc_verify and calc_finished function pointers */ /* Set PRF, calc_verify and calc_finished function pointers */
ret = ssl_set_handshake_prfs( ssl->handshake, ret = ssl_set_handshake_prfs( ssl->handshake,
ssl->minor_ver,
ciphersuite_info->mac ); ciphersuite_info->mac );
if( ret != 0 ) if( ret != 0 )
{ {
@ -5489,6 +5492,27 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
{
switch( md )
{
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_SSL_HASH_SHA384:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_SSL_HASH_SHA256:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
break;
#endif
default:
return( -1 );
}
return( 0 );
}
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
unsigned char *hash, unsigned char *hash,

417
library/ssl_cli.c → library/ssl_tls12_client.c
View File

@ -681,6 +681,118 @@ static int ssl_validate_ciphersuite(
return( 0 ); return( 0 );
} }
static int ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
int uses_ec,
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
size_t ext_len = 0;
(void) ssl;
(void) end;
(void) uses_ec;
(void) ret;
(void) ext_len;
*out_len = 0;
/* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
* even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ( ret = ssl_write_renegotiation_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
return( ret );
}
p += ext_len;
#endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( uses_ec )
{
if( ( ret = ssl_write_supported_point_formats_ext( ssl, p, end,
&ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
return( ret );
}
p += ext_len;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
return( ret );
}
p += ext_len;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( ( ret = ssl_write_cid_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
return( ret );
}
p += ext_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = ssl_write_max_fragment_length_ext( ssl, p, end,
&ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
return( ret );
}
p += ext_len;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
return( ret );
}
p += ext_len;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( ( ret = ssl_write_extended_ms_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
return( ret );
}
p += ext_len;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( ( ret = ssl_write_use_srtp_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
return( ret );
}
p += ext_len;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if( ( ret = ssl_write_session_ticket_ext( ssl, p, end, &ext_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
return( ret );
}
p += ext_len;
#endif
*out_len = p - buf;
return( 0 );
}
static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -692,10 +804,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
const int *ciphersuites; const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int uses_ec = 0; int uses_ec = 0;
#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
@ -946,13 +1055,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ext_len += olen; ext_len += olen;
#endif #endif
/* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added #if defined(MBEDTLS_SSL_ALPN)
* even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 )
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
return( ret ); return( ret );
} }
ext_len += olen; ext_len += olen;
@ -979,101 +1085,18 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
ext_len += olen; ext_len += olen;
if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
return( ret );
}
ext_len += olen;
} }
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ret = ssl_tls12_write_client_hello_exts( ssl, p + 2 + ext_len, end, uses_ec,
if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
end, &olen ) ) != 0 ) if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
return( ret ); return( ret );
}
ext_len += olen; ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) MBEDTLS_SSL_DEBUG_MSG( 3,
if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
{ ext_len ) );
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
return( ret );
}
ext_len += olen;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
return( ret );
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
return( ret );
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
return( ret );
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
return( ret );
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
return( ret );
}
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len,
end, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
return( ret );
}
ext_len += olen;
#endif
/* olen unused if all extensions are disabled */
((void) olen);
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
ext_len ) );
if( ext_len > 0 ) if( ext_len > 0 )
{ {
@ -2461,8 +2484,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
* opaque random[46]; * opaque random[46];
* } PreMasterSecret; * } PreMasterSecret;
*/ */
mbedtls_ssl_write_version( ssl->conf->max_major_ver, mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
ssl->conf->max_minor_ver, MBEDTLS_SSL_MINOR_VERSION_3,
ssl->conf->transport, p ); ssl->conf->transport, p );
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
@ -2531,12 +2554,6 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
*md_alg = MBEDTLS_MD_NONE; *md_alg = MBEDTLS_MD_NONE;
*pk_alg = MBEDTLS_PK_NONE; *pk_alg = MBEDTLS_PK_NONE;
/* Only in TLS 1.2 */
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
{
return( 0 );
}
if( (*p) + 2 > end ) if( (*p) + 2 > end )
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@ -2903,36 +2920,28 @@ start_processing:
/* /*
* Handle the digitally-signed structure * Handle the digitally-signed structure
*/ */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) if( ssl_parse_signature_algorithm( ssl, &p, end,
&md_alg, &pk_alg ) != 0 )
{ {
if( ssl_parse_signature_algorithm( ssl, &p, end, MBEDTLS_SSL_DEBUG_MSG( 1,
&md_alg, &pk_alg ) != 0 ) ( "bad server key exchange message" ) );
{ mbedtls_ssl_send_alert_message(
MBEDTLS_SSL_DEBUG_MSG( 1, ssl,
( "bad server key exchange message" ) ); MBEDTLS_SSL_ALERT_LEVEL_FATAL,
mbedtls_ssl_send_alert_message( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
ssl, return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
if( pk_alg !=
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
} }
else
if( pk_alg !=
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1,
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
} }
/* /*
@ -3074,6 +3083,10 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
size_t cert_type_len = 0, dn_len = 0; size_t cert_type_len = 0, dn_len = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info; ssl->handshake->ciphersuite_info;
size_t sig_alg_len;
#if defined(MBEDTLS_DEBUG_C)
unsigned char *sig_alg;
#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@ -3170,52 +3183,43 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
} }
/* supported_signature_algorithms */ /* supported_signature_algorithms */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
/*
* The furthest access in buf is in the loop few lines below:
* sig_alg[i + 1],
* where:
* sig_alg = buf + ...hdr_len + 3 + n,
* max(i) = sig_alg_len - 1.
* Therefore the furthest access is:
* buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
* which reduces to:
* buf[...hdr_len + 3 + n + sig_alg_len],
* which is one less than we need the buf to be.
*/
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
{ {
size_t sig_alg_len = MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) mbedtls_ssl_send_alert_message(
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); ssl,
#if defined(MBEDTLS_DEBUG_C) MBEDTLS_SSL_ALERT_LEVEL_FATAL,
unsigned char* sig_alg; MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
size_t i; return( MBEDTLS_ERR_SSL_DECODE_ERROR );
#endif
/*
* The furthest access in buf is in the loop few lines below:
* sig_alg[i + 1],
* where:
* sig_alg = buf + ...hdr_len + 3 + n,
* max(i) = sig_alg_len - 1.
* Therefore the furthest access is:
* buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
* which reduces to:
* buf[...hdr_len + 3 + n + sig_alg_len],
* which is one less than we need the buf to be.
*/
if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl )
+ 3 + n + sig_alg_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
#if defined(MBEDTLS_DEBUG_C)
sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
for( i = 0; i < sig_alg_len; i += 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "Supported Signature Algorithm found: %d,%d",
sig_alg[i], sig_alg[i + 1] ) );
}
#endif
n += 2 + sig_alg_len;
} }
#if defined(MBEDTLS_DEBUG_C)
sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
for( size_t i = 0; i < sig_alg_len; i += 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "Supported Signature Algorithm found: %d,%d",
sig_alg[i], sig_alg[i + 1] ) );
}
#endif
n += 2 + sig_alg_len;
/* certificate_authorities */ /* certificate_authorities */
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
@ -3612,7 +3616,6 @@ ecdh_calc_secret:
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_MSG( 1,
@ -3783,45 +3786,37 @@ sign:
ssl->handshake->calc_verify( ssl, hash, &hashlen ); ssl->handshake->calc_verify( ssl, hash, &hashlen );
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) /*
* digitally-signed struct {
* opaque handshake_messages[handshake_messages_length];
* };
*
* Taking shortcut here. We assume that the server always allows the
* PRF Hash function and has sent it in the allowed signature
* algorithms list received in the Certificate Request message.
*
* Until we encounter a server that does not, we will take this
* shortcut.
*
* Reason: Otherwise we should have running hashes for SHA512 and
* SHA224 in order to satisfy 'weird' needs from the server
* side.
*/
if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{ {
/* md_alg = MBEDTLS_MD_SHA384;
* digitally-signed struct { ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
* opaque handshake_messages[handshake_messages_length];
* };
*
* Taking shortcut here. We assume that the server always allows the
* PRF Hash function and has sent it in the allowed signature
* algorithms list received in the Certificate Request message.
*
* Until we encounter a server that does not, we will take this
* shortcut.
*
* Reason: Otherwise we should have running hashes for SHA512 and
* SHA224 in order to satisfy 'weird' needs from the server
* side.
*/
if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
md_alg = MBEDTLS_MD_SHA384;
ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
}
else
{
md_alg = MBEDTLS_MD_SHA256;
ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
}
ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
/* Info from md_alg will be used instead */
hashlen = 0;
offset = 2;
} }
else else
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); md_alg = MBEDTLS_MD_SHA256;
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
} }
ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
/* Info from md_alg will be used instead */
hashlen = 0;
offset = 2;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ssl->handshake->ecrs_enabled ) if( ssl->handshake->ecrs_enabled )

264
library/ssl_srv.c → library/ssl_tls12_server.c
View File

@ -1011,23 +1011,6 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
} }
#endif #endif
/*
* Try to select a SHA-1 certificate for pre-1.2 clients, but still
* present them a SHA-higher cert rather than failing if it's the only
* one we got that satisfies the other conditions.
*/
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
cur->cert->sig_md != MBEDTLS_MD_SHA1 )
{
if( fallback == NULL )
fallback = cur;
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
"sha-2 with pre-TLS 1.2 client" ) );
continue;
}
}
/* If we get there, we got a winner */ /* If we get there, we got a winner */
break; break;
} }
@ -1120,16 +1103,13 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* If the ciphersuite requires signing, check whether /* If the ciphersuite requires signing, check whether
* a suitable hash algorithm is present. */ * a suitable hash algorithm is present. */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
if( sig_type != MBEDTLS_PK_NONE &&
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
{ {
sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
if( sig_type != MBEDTLS_PK_NONE && "for signature algorithm %u", (unsigned) sig_type ) );
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) return( 0 );
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
"for signature algorithm %u", (unsigned) sig_type ) );
return( 0 );
}
} }
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@ -1435,29 +1415,15 @@ read_record_header:
ssl->conf->transport, buf ); ssl->conf->transport, buf );
ssl->session_negotiate->minor_ver = ssl->minor_ver; ssl->session_negotiate->minor_ver = ssl->minor_ver;
ssl->handshake->max_major_ver = ssl->major_ver; if( ( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) ||
ssl->handshake->max_minor_ver = ssl->minor_ver; ( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) )
if( ssl->major_ver < ssl->conf->min_major_ver ||
ssl->minor_ver < ssl->conf->min_minor_ver )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) );
" [%d:%d] < [%d:%d]",
ssl->major_ver, ssl->minor_ver,
ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION ); return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
} }
if( ssl->major_ver > ssl->conf->max_major_ver )
{
ssl->major_ver = ssl->conf->max_major_ver;
ssl->minor_ver = ssl->conf->max_minor_ver;
}
else if( ssl->minor_ver > ssl->conf->max_minor_ver )
ssl->minor_ver = ssl->conf->max_minor_ver;
/* /*
* Save client random (inc. Unix time) * Save client random (inc. Unix time)
*/ */
@ -1962,21 +1928,18 @@ have_ciphersuite:
/* Debugging-only output for testsuite */ /* Debugging-only output for testsuite */
#if defined(MBEDTLS_DEBUG_C) && \ #if defined(MBEDTLS_DEBUG_C) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
if( sig_alg != MBEDTLS_PK_NONE )
{ {
mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info ); mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
if( sig_alg != MBEDTLS_PK_NONE ) sig_alg );
{ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
sig_alg ); }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", else
mbedtls_ssl_hash_from_md_alg( md_alg ) ) ); {
} MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
else "%u - should not happen", (unsigned) sig_alg ) );
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
"%u - should not happen", (unsigned) sig_alg ) );
}
} }
#endif #endif
@ -2811,33 +2774,27 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
* enum { (255) } HashAlgorithm; * enum { (255) } HashAlgorithm;
* enum { (255) } SignatureAlgorithm; * enum { (255) } SignatureAlgorithm;
*/ */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{ {
/* unsigned char hash = MBEDTLS_BYTE_1( *sig_alg );
* Supported signature algorithms
*/
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
{ continue;
unsigned char hash = MBEDTLS_BYTE_1( *sig_alg ); if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
continue;
if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
continue;
if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
continue;
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
sa_len += 2;
}
MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
sa_len += 2; sa_len += 2;
p += sa_len;
} }
MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
sa_len += 2;
p += sa_len;
/* /*
* DistinguishedName certificate_authorities<0..2^16-1>; * DistinguishedName certificate_authorities<0..2^16-1>;
* opaque DistinguishedName<1..2^16-1>; * opaque DistinguishedName<1..2^16-1>;
@ -3260,26 +3217,18 @@ curve_matching_done:
*/ */
mbedtls_md_type_t md_alg; mbedtls_md_type_t md_alg;
mbedtls_pk_type_t sig_alg = mbedtls_pk_type_t sig_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{ /* For TLS 1.2, obey signature-hash-algorithm extension
/* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */
* (RFC 5246, Sec. 7.4.1.4.1). */ if( sig_alg == MBEDTLS_PK_NONE ||
if( sig_alg == MBEDTLS_PK_NONE || ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_alg ) ) == MBEDTLS_MD_NONE )
sig_alg ) ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
/* (... because we choose a cipher suite
* only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
else
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
/* (... because we choose a cipher suite
* only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
@ -3308,29 +3257,24 @@ curve_matching_done:
/* /*
* 2.3: Compute and add the signature * 2.3: Compute and add the signature
*/ */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) /*
{ * We need to specify signature and hash algorithm explicitly through
/* * a prefix to the signature.
* For TLS 1.2, we need to specify signature and hash algorithm *
* explicitly through a prefix to the signature. * struct {
* * HashAlgorithm hash;
* struct { * SignatureAlgorithm signature;
* HashAlgorithm hash; * } SignatureAndHashAlgorithm;
* SignatureAlgorithm signature; *
* } SignatureAndHashAlgorithm; * struct {
* * SignatureAndHashAlgorithm algorithm;
* struct { * opaque signature<0..2^16-1>;
* SignatureAndHashAlgorithm algorithm; * } DigitallySigned;
* opaque signature<0..2^16-1>; *
* } DigitallySigned; */
*
*/
ssl->out_msg[ssl->out_msglen++] = ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg( md_alg );
mbedtls_ssl_hash_from_md_alg( md_alg ); ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg( sig_alg );
ssl->out_msg[ssl->out_msglen++] =
mbedtls_ssl_sig_from_pk_alg( sig_alg );
}
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL ) if( ssl->conf->f_async_sign_start != NULL )
@ -3702,8 +3646,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
mbedtls_ssl_write_version( ssl->handshake->max_major_ver, mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
ssl->handshake->max_minor_ver, MBEDTLS_SSL_MINOR_VERSION_3,
ssl->conf->transport, ver ); ssl->conf->transport, ver );
/* Avoid data-dependent branches while checking for invalid /* Avoid data-dependent branches while checking for invalid
@ -4278,64 +4222,56 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
* opaque signature<0..2^16-1>; * opaque signature<0..2^16-1>;
* } DigitallySigned; * } DigitallySigned;
*/ */
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) if( i + 2 > ssl->in_hslen )
{ {
if( i + 2 > ssl->in_hslen ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
{ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); }
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
/* /*
* Hash * Hash
*/ */
md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] ); md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) ) if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
" for verify message" ) ); " for verify message" ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
} }
#if !defined(MBEDTLS_MD_SHA1) #if !defined(MBEDTLS_MD_SHA1)
if( MBEDTLS_MD_SHA1 == md_alg ) if( MBEDTLS_MD_SHA1 == md_alg )
hash_start += 16; hash_start += 16;
#endif #endif
/* Info from md_alg will be used instead */ /* Info from md_alg will be used instead */
hashlen = 0; hashlen = 0;
i++; i++;
/* /*
* Signature * Signature
*/ */
if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) ) if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
== MBEDTLS_PK_NONE ) == MBEDTLS_PK_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
" for verify message" ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
/*
* Check the certificate's key type matches the signature alg
*/
if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
i++;
}
else
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); " for verify message" ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
} }
/*
* Check the certificate's key type matches the signature alg
*/
if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
i++;
if( i + 2 > ssl->in_hslen ) if( i + 2 > ssl->in_hslen )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );

171
library/ssl_tls13_client.c
View File

@ -113,7 +113,10 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
/* /*
* ssl_tls13_write_alpn_ext( ) structure: * ssl_tls13_write_alpn_ext()
*
* Structure of the application_layer_protocol_negotiation extension in
* ClientHello:
* *
* opaque ProtocolName<1..2^8-1>; * opaque ProtocolName<1..2^8-1>;
* *
@ -123,28 +126,27 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
* *
*/ */
static int ssl_tls13_write_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_alpn_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
size_t *olen ) size_t *out_len )
{ {
unsigned char *p = buf; unsigned char *p = buf;
size_t alpnlen = 0;
const char **cur;
*olen = 0; *out_len = 0;
if( ssl->conf->alpn_list == NULL ) if( ssl->conf->alpn_list == NULL )
return( 0 ); return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
alpnlen += strlen( *cur ) + 1;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
/* Check we have enough space for the extension type (2 bytes), the
* extension length (2 bytes) and the protocol_name_list length (2 bytes).
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
p += 2; /* Skip writing extension and list length for now */
p += 6;
/* /*
* opaque ProtocolName<1..2^8-1>; * opaque ProtocolName<1..2^8-1>;
@ -153,28 +155,27 @@ static int ssl_tls13_write_alpn_ext( mbedtls_ssl_context *ssl,
* ProtocolName protocol_name_list<2..2^16-1> * ProtocolName protocol_name_list<2..2^16-1>
* } ProtocolNameList; * } ProtocolNameList;
*/ */
for( const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
/* Skip writing extension and list length for now */
p += 4;
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
{ {
/* /*
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
* protocol names is less than 255. * protocol names is less than 255.
*/ */
*p = (unsigned char)strlen( *cur ); size_t protocol_name_len = strlen( *cur );
memcpy( p + 1, *cur, *p );
p += 1 + *p; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + protocol_name_len );
*p++ = (unsigned char)protocol_name_len;
memcpy( p, *cur, protocol_name_len );
p += protocol_name_len;
} }
*olen = p - buf; *out_len = p - buf;
/* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 ); MBEDTLS_PUT_UINT16_BE( *out_len - 6, buf, 4 );
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */
MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 ); MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 );
return( 0 ); return( 0 );
} }
@ -230,13 +231,26 @@ static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
{ {
uint16_t group_id = ssl->handshake->offered_group_id; uint16_t group_id = ssl->handshake->offered_group_id;
if( group_id == 0 ) if( group_id == 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) ) if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
{ {
mbedtls_ecdh_free( &ssl->handshake->ecdh_ctx ); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Destroy generated private key. */
status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
return( ret );
}
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( 0 ); return( 0 );
} }
else else
@ -791,6 +805,49 @@ static int ssl_tls13_write_client_hello_cipher_suites(
return( 0 ); return( 0 );
} }
static int ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
size_t ext_len;
*out_len = 0;
/* Write supported_versions extension
*
* Supported Versions Extension is mandatory with TLS 1.3.
*/
ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &ext_len );
if( ret != 0 )
return( ret );
p += ext_len;
/* Echo the cookie if the server provided one in its preceding
* HelloRetryRequest message.
*/
ret = ssl_tls13_write_cookie_ext( ssl, p, end, &ext_len );
if( ret != 0 )
return( ret );
p += ext_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{
ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len );
if( ret != 0 )
return( ret );
p += ext_len;
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
*out_len = p - buf;
return( 0 );
}
/* /*
* Structure of ClientHello message: * Structure of ClientHello message:
* *
@ -885,62 +942,49 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
/* Write extensions */ /* Write extensions */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Keeping track of the included extensions */ /* Keeping track of the included extensions */
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
#endif
/* First write extensions, then the total length */ /* First write extensions, then the total length */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
p_extensions_len = p; p_extensions_len = p;
p += 2; p += 2;
/* Write supported_versions extension #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
* ret = ssl_tls13_write_client_hello_exts( ssl, p, end, &output_len );
* Supported Versions Extension is mandatory with TLS 1.3.
*/
ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &output_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
p += output_len; p += output_len;
#endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
ssl_tls13_write_alpn_ext( ssl, p, end, &output_len ); ret = ssl_tls13_write_alpn_ext( ssl, p, end, &output_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
p += output_len; p += output_len;
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
/* Echo the cookie if the server provided one in its preceding #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
* HelloRetryRequest message.
*/
ret = ssl_tls13_write_cookie_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Add the extensions related to (EC)DHE ephemeral key establishment only if
* enabled as per the configuration.
*/
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{ {
ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len ); ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
p += output_len; p += output_len;
}
ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len ); if( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
if( ret != 0 ) {
return( ret );
p += output_len;
ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len ); ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
p += output_len; p += output_len;
} }
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/* Write server name extension */ /* Write server name extension */
@ -1016,7 +1060,7 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
&buf, &buf_len ) ); &buf, &buf_len ) );
@ -1024,14 +1068,12 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
buf + buf_len, buf + buf_len,
&msg_len ) ); &msg_len ) );
mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
MBEDTLS_SSL_HS_CLIENT_HELLO, buf, msg_len );
msg_len );
ssl->handshake->update_checksum( ssl, buf, msg_len );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
buf_len, buf_len,
msg_len ) ); msg_len ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
@ -1663,9 +1705,8 @@ static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
if( is_hrr ) if( is_hrr )
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_reset_transcript_for_hrr( ssl ) ); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_reset_transcript_for_hrr( ssl ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len );
buf, buf_len );
if( is_hrr ) if( is_hrr )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_hrr( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_hrr( ssl ) );
@ -1718,8 +1759,8 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( MBEDTLS_SSL_PROC_CHK(
ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) ); ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len ); buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
@ -2015,8 +2056,8 @@ static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_request( ssl, MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_request( ssl,
buf, buf + buf_len ) ); buf, buf + buf_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, buf_len ); buf, buf_len );
} }
else if( ret == SSL_CERTIFICATE_REQUEST_SKIP ) else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
{ {

116
library/ssl_tls13_generic.c
View File

@ -72,68 +72,6 @@ cleanup:
return( ret ); return( ret );
} }
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
size_t *buf_len )
{
/*
* Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
* ...
* HandshakeType msg_type;
* uint24 length;
* ...
*/
*buf = ssl->out_msg + 4;
*buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = hs_type;
return( 0 );
}
int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
size_t buf_len,
size_t msg_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t msg_with_header_len;
((void) buf_len);
/* Add reserved 4 bytes for handshake header */
msg_with_header_len = msg_len + 4;
ssl->out_msglen = msg_with_header_len;
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0, 0 ) );
cleanup:
return( ret );
}
void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len )
{
mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
ssl->handshake->update_checksum( ssl, msg, msg_len );
}
void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
size_t total_hs_len )
{
unsigned char hs_hdr[4];
/* Build HS header for checksum update. */
hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* mbedtls_ssl_tls13_parse_sig_alg_ext() /* mbedtls_ssl_tls13_parse_sig_alg_ext()
* *
@ -479,8 +417,8 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf, MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
buf + buf_len, verify_buffer, verify_buffer_len ) ); buf + buf_len, verify_buffer, verify_buffer_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len ); buf, buf_len );
cleanup: cleanup:
@ -796,8 +734,8 @@ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
/* Validate the certificate chain and set the verification results. */ /* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE, mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
buf, buf_len ); buf, buf_len );
cleanup: cleanup:
@ -904,7 +842,7 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) ); MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl, MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl,
@ -912,12 +850,10 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl )
buf + buf_len, buf + buf_len,
&msg_len ) ); &msg_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len );
buf,
msg_len );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) ); ssl, buf_len, msg_len ) );
cleanup: cleanup:
@ -1161,16 +1097,16 @@ int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) ); MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body( MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body(
ssl, buf, buf + buf_len, &msg_len ) ); ssl, buf, buf + buf_len, &msg_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len ); buf, msg_len );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) ); ssl, buf_len, msg_len ) );
cleanup: cleanup:
@ -1340,8 +1276,8 @@ int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_HS_FINISHED, MBEDTLS_SSL_HS_FINISHED,
&buf, &buf_len ) ); &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buf_len ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buf_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len ); buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) );
cleanup: cleanup:
@ -1418,19 +1354,18 @@ int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) ); MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body( MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
ssl, buf, buf + buf_len, &msg_len ) ); ssl, buf, buf + buf_len, &msg_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED, mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
buf, msg_len ); buf, msg_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
buf_len, msg_len ) ); ssl, buf_len, msg_len ) );
cleanup: cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) );
@ -1519,7 +1454,6 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
size_t hash_len; size_t hash_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
uint16_t cipher_suite = ssl->session_negotiate->ciphersuite; uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );
@ -1574,18 +1508,6 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
ssl->handshake->update_checksum( ssl, hash_transcript, hash_len ); ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */ #endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */
/* Destroy generated private key. */
status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
return( ret );
}
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( ret ); return( ret );
} }

4
tests/scripts/all.sh
View File

@ -2172,14 +2172,14 @@ component_build_no_std_function () {
} }
component_build_no_ssl_srv () { component_build_no_ssl_srv () {
msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s msg "build: full config except SSL server, make, gcc" # ~ 30s
scripts/config.py full scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_SRV_C scripts/config.py unset MBEDTLS_SSL_SRV_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
} }
component_build_no_ssl_cli () { component_build_no_ssl_cli () {
msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s msg "build: full config except SSL client, make, gcc" # ~ 30s
scripts/config.py full scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_CLI_C scripts/config.py unset MBEDTLS_SSL_CLI_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'

15
tests/ssl-opt.sh
View File

@ -9630,26 +9630,23 @@ run_test "TLS 1.3: Test gnutls tls1_3 feature" \
-c "Version: TLS1.3" -c "Version: TLS1.3"
# TLS1.3 test cases # TLS1.3 test cases
# TODO: remove or rewrite this test case if #4832 is resolved.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
skip_handshake_stage_check skip_handshake_stage_check
run_test "TLS 1.3: Not supported version check: tls12 and tls13" \ run_test "TLS 1.3: Not supported version check: tls12 and tls13" \
"$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \ "$P_SRV debug_level=1" \
"$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \ "$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \
1 \ 1 \
-s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available" \ -c "SSL - The requested feature is not available" \
-s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" -c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
run_test "TLS 1.3: handshake dispatch test: tls13 only" \ skip_handshake_stage_check
"$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \ run_test "TLS 1.3: No server support" \
"$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \ "$P_SRV debug_level=2 force_version=tls13" \
"$P_CLI debug_level=2 force_version=tls13" \
1 \ 1 \
-s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \ -s "TLS 1.3 server is not supported yet."
-c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST"
requires_openssl_tls1_3 requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3

1
tests/suites/test_suite_ssl.data
View File

@ -101,6 +101,7 @@ Test mbedtls_endpoint sanity for the client
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_CLIENT mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_CLIENT
Test mbedtls_endpoint sanity for the server Test mbedtls_endpoint sanity for the server
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER
Test moving clients handshake to state: HELLO_REQUEST Test moving clients handshake to state: HELLO_REQUEST