ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-09 16:41:19 +08:00
Code Issues Releases Wiki Activity

Fix transcript issues and add cases against openssl

Browse Source 
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-07-18 07:41:26 +00:00 committed by Ronald Cron
parent 008d2bf80b
commit adab9a6440
5 changed files with 50 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/ssl_client.c
View File

@ -899,6 +899,9 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
{ {
mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
msg_len );
ssl->handshake->update_checksum( ssl, buf, msg_len - binders_len );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if( binders_len > 0 ) if( binders_len > 0 )
@ -907,10 +910,10 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
mbedtls_ssl_tls13_write_pre_shared_key_ext_binders( mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
ssl, buf + msg_len - binders_len, buf + msg_len ) ); ssl, buf + msg_len - binders_len, buf + msg_len ) );
} }
ssl->handshake->update_checksum( ssl, buf + msg_len - binders_len,
binders_len );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
buf, msg_len );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
buf_len, buf_len,
msg_len ) ); msg_len ) );

3
library/ssl_misc.h
View File

@ -1336,6 +1336,9 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type,
size_t total_hs_len );
/* /*
* Update checksum of handshake messages. * Update checksum of handshake messages.
*/ */

6
library/ssl_tls.c
View File

@ -532,9 +532,9 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
} }
} }
static void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
unsigned hs_type, unsigned hs_type,
size_t total_hs_len ) size_t total_hs_len )
{ {
unsigned char hs_hdr[4]; unsigned char hs_hdr[4];

8
library/ssl_tls13_client.c
View File

@ -810,6 +810,8 @@ int mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *psk_identity;
size_t psk_identity_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
psa_algorithm_t psa_hash_alg; psa_algorithm_t psa_hash_alg;
int hash_len = 0; int hash_len = 0;
@ -819,6 +821,12 @@ int mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len; size_t transcript_len;
if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
&psk_identity, &psk_identity_len ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
ssl->session_negotiate->ciphersuite ); ssl->session_negotiate->ciphersuite );
if( ciphersuite_info == NULL ) if( ciphersuite_info == NULL )

31
tests/ssl-opt.sh
View File

@ -11998,6 +11998,37 @@ run_test "TLS 1.3, default suite, PSK" \
-c "client hello, adding PSK binder list" \ -c "client hello, adding PSK binder list" \
-c "<= write client hello" -c "<= write client hello"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3, default suite, PSK - openssl" \
"$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
1 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-c "<= write client hello"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3, default suite, PSK - gnutls" \
"$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+CIPHER-ALL:%NO_TICKETS --pskhint=0a0b0c" \
"$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
1 \
-c "=> write client hello" \
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
-c "client hello, adding psk_key_exchange_modes extension" \
-c "client hello, adding PSK binder list" \
-c "<= write client hello"
for i in opt-testcases/*.sh for i in opt-testcases/*.sh
do do
TEST_SUITE_NAME=${i##*/} TEST_SUITE_NAME=${i##*/}