diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index bc78ffd50f..c584370e3d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -458,7 +458,7 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); - void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *); + void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *); void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); mbedtls_ssl_tls_prf_cb *tls_prf; diff --git a/library/ssl_cli.c b/library/ssl_cli.c index f403aa0362..57e5d8ab97 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3625,7 +3625,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) unsigned char hash[48]; unsigned char *hash_start = hash; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - unsigned int hashlen; + size_t hashlen; void *rs_ctx = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); @@ -3674,7 +3674,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) sign: #endif - ssl->handshake->calc_verify( ssl, hash ); + ssl->handshake->calc_verify( ssl, hash, &hashlen ); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) @@ -3692,7 +3692,6 @@ sign: * sha_hash * SHA(handshake_messages); */ - hashlen = 36; md_alg = MBEDTLS_MD_NONE; /* diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a19179a252..b1da073ece 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4361,7 +4361,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) } /* Calculate hash and verify signature */ - ssl->handshake->calc_verify( ssl, hash ); + { + size_t dummy_hlen; + ssl->handshake->calc_verify( ssl, hash, &dummy_hlen ); + } if( ( ret = mbedtls_pk_verify( peer_pk, md_alg, hash_start, hashlen, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 41a98e93a8..877fee833c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -855,25 +855,25 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned c #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) -static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char * ); +static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * ); static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char * ); +static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char *, size_t * ); static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char * ); +static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * ); static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); #endif #if defined(MBEDTLS_SHA512_C) static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char * ); +static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -1583,19 +1583,15 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, * Parameters: * [in/out] handshake * [in] resume, premaster, extended_ms, calc_verify, tls_prf - * (PSA-PSK) ciphersuite_info + * (PSA-PSK) ciphersuite_info, psk_opaque * [out] premaster (cleared) - * [in] minor_ver (to compute hash_len) - * [in] hash_alg (to compute hash_len) * [out] master * [in] ssl: optionally used for debugging, EMS and PSA-PSK * debug: conf->f_dbg, conf->p_dbg * EMS: passed to calc_verify (debug + (SSL3) session_negotiate) - * PSA-PSA: conf + * PSA-PSA: minor_ver, conf */ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, - int minor_ver, - mbedtls_md_type_t hash_alg, unsigned char *master, const mbedtls_ssl_context *ssl ) { @@ -1630,12 +1626,6 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, !(defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) (void) ssl; -#endif -#if !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) - (void) minor_ver; -#if defined(MBEDTLS_SHA512_C) - (void) hash_alg; -#endif #endif if( handshake->resume != 0 ) @@ -1651,22 +1641,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, lbl = "extended master secret"; salt = session_hash; - handshake->calc_verify( ssl, session_hash ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { -#if defined(MBEDTLS_SHA512_C) - if( hash_alg == MBEDTLS_MD_SHA384 ) - { - salt_len = 48; - } - else -#endif /* MBEDTLS_SHA512_C */ - salt_len = 32; - } - else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - salt_len = 36; + handshake->calc_verify( ssl, session_hash, &salt_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, salt_len ); } @@ -1675,7 +1650,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && - minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && ssl_use_opaque_psk( ssl ) == 1 ) { /* Perform PSK-to-MS expansion in a single step. */ @@ -1684,6 +1659,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, psa_key_handle_t psk; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; + mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); @@ -1760,8 +1736,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } ret = ssl_compute_master( ssl->handshake, - ssl->minor_ver, - ciphersuite_info->mac, ssl->session_negotiate->master, ssl ); if( ret != 0 ) @@ -1774,7 +1748,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_SSL3) -void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, unsigned char hash[36] ) +void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, + unsigned char hash[36], + size_t *hlen ) { mbedtls_md5_context md5; mbedtls_sha1_context sha1; @@ -1812,7 +1788,9 @@ void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, unsigned char hash[36] mbedtls_sha1_update_ret( &sha1, hash + 16, 20 ); mbedtls_sha1_finish_ret( &sha1, hash + 16 ); - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); + *hlen = 36; + + MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); mbedtls_md5_free( &md5 ); @@ -1823,7 +1801,9 @@ void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, unsigned char hash[36] #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, unsigned char hash[36] ) +void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, + unsigned char hash[36], + size_t *hlen ) { mbedtls_md5_context md5; mbedtls_sha1_context sha1; @@ -1839,7 +1819,9 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, unsigned char hash[36] mbedtls_md5_finish_ret( &md5, hash ); mbedtls_sha1_finish_ret( &sha1, hash + 16 ); - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); + *hlen = 36; + + MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); mbedtls_md5_free( &md5 ); @@ -1851,7 +1833,9 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, unsigned char hash[36] #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char hash[32] ) +void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, + unsigned char hash[32], + size_t *hlen ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; @@ -1872,7 +1856,9 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char h MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); return; } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 32 ); + + *hlen = 32; + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); #else mbedtls_sha256_context sha256; @@ -1884,7 +1870,9 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char h mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); mbedtls_sha256_finish_ret( &sha256, hash ); - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); + *hlen = 32; + + MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); mbedtls_sha256_free( &sha256 ); @@ -1894,7 +1882,9 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char h #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) -void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, unsigned char hash[48] ) +void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, + unsigned char hash[48], + size_t *hlen ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; @@ -1915,7 +1905,9 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, unsigned char h MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); return; } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 48 ); + + *hlen = 48; + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); #else mbedtls_sha512_context sha512; @@ -1927,7 +1919,9 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, unsigned char h mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); mbedtls_sha512_finish_ret( &sha512, hash ); - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); + *hlen = 48; + + MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); mbedtls_sha512_free( &sha512 );