From f057ecfedfea1e0a43e16a9134c7941c12534fd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 13:19:17 +0100 Subject: [PATCH] Use MD not low-level sha256/512 in TLS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Same reasoning as in previous commit. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 4 +- library/ssl_tls.c | 137 +++++++++++++++++++++++++++++++-------------- 2 files changed, 97 insertions(+), 44 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7385c6ee3..7abbffb5b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -905,14 +905,14 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha256_psa; #else - mbedtls_sha256_context fin_sha256; + mbedtls_md_context_t fin_sha256; #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha384_psa; #else - mbedtls_sha512_context fin_sha384; + mbedtls_md_context_t fin_sha384; #endif #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 778b00638..7798d78cb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -839,7 +839,13 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0); + ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, + mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), + 0); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); if (ret != 0) { return ret; } @@ -856,7 +862,12 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); + ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, + mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_starts(&ssl->handshake->fin_sha384); if (ret != 0) { return ret; } @@ -887,7 +898,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); if (ret != 0) { return ret; } @@ -900,7 +911,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); if (ret != 0) { return ret; } @@ -917,7 +928,7 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len)); #else - return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); #endif } #endif @@ -930,7 +941,7 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len)); #else - return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); #endif } #endif @@ -943,14 +954,14 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); #else - mbedtls_sha256_init(&handshake->fin_sha256); + mbedtls_md_init(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); #else - mbedtls_sha512_init(&handshake->fin_sha384); + mbedtls_md_init(&handshake->fin_sha384); #endif #endif @@ -4081,14 +4092,14 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha256_psa); #else - mbedtls_sha256_free(&handshake->fin_sha256); + mbedtls_md_free(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha384_psa); #else - mbedtls_sha512_free(&handshake->fin_sha384); + mbedtls_md_free(&handshake->fin_sha384); #endif #endif @@ -5771,17 +5782,24 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; if (dst_len < 48) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_sha512_init(&sha512); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + mbedtls_md_init(&sha512); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } - if ((ret = mbedtls_sha512_finish(&sha512, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha512_finish", ret); + if ((ret = mbedtls_md_finish(&sha512, dst)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5789,7 +5807,7 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, exit: - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -5802,17 +5820,24 @@ static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; if (dst_len < 32) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_sha256_init(&sha256); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + mbedtls_md_init(&sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } - if ((ret = mbedtls_sha256_finish(&sha256, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha256_finish", ret); + if ((ret = mbedtls_md_finish(&sha256, dst)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5820,7 +5845,7 @@ static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, exit: - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -6603,15 +6628,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; - mbedtls_sha256_init(&sha256); + mbedtls_md_init(&sha256); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256")); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } - ret = mbedtls_sha256_finish(&sha256, hash); + ret = mbedtls_md_finish(&sha256, hash); if (ret != 0) { goto exit; } @@ -6622,7 +6654,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -6658,15 +6690,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; - mbedtls_sha512_init(&sha512); + mbedtls_md_init(&sha512); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } - ret = mbedtls_sha512_finish(&sha512, hash); + ret = mbedtls_md_finish(&sha512, hash); if (ret != 0) { goto exit; } @@ -6677,7 +6716,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7634,7 +7673,7 @@ static int ssl_calc_finished_tls_sha256( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7663,11 +7702,18 @@ static int ssl_calc_finished_tls_sha256( MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32); #else - mbedtls_sha256_init(&sha256); + mbedtls_md_init(&sha256); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256")); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } /* * TLSv1.2: @@ -7675,7 +7721,7 @@ static int ssl_calc_finished_tls_sha256( * Hash( handshake ) )[0.11] */ - ret = mbedtls_sha256_finish(&sha256, padbuf); + ret = mbedtls_md_finish(&sha256, padbuf); if (ret != 0) { goto exit; } @@ -7697,7 +7743,7 @@ exit: psa_hash_abort(&sha256_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7717,7 +7763,7 @@ static int ssl_calc_finished_tls_sha384( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7745,11 +7791,18 @@ static int ssl_calc_finished_tls_sha384( } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else - mbedtls_sha512_init(&sha512); + mbedtls_md_init(&sha512); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384")); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } /* * TLSv1.2: @@ -7757,7 +7810,7 @@ static int ssl_calc_finished_tls_sha384( * Hash( handshake ) )[0.11] */ - ret = mbedtls_sha512_finish(&sha512, padbuf); + ret = mbedtls_md_finish(&sha512, padbuf); if (ret != 0) { goto exit; } @@ -7779,7 +7832,7 @@ exit: psa_hash_abort(&sha384_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ }