From 18cd43909b3173e5d7d7a01f519ea4ac31bad747 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 17 Dec 2021 17:44:24 +0800 Subject: [PATCH 01/32] Align signature_algorithms extension name Signed-off-by: Jerry Yu --- library/ssl_cli.c | 12 +++++------- library/ssl_srv.c | 8 ++++---- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 888523f183..a78254cd19 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -204,10 +204,8 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, + const unsigned char *end, size_t *olen ) { unsigned char *p = buf; size_t sig_alg_len = 0; @@ -1131,10 +1129,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) + if( ( ret = ssl_write_sig_alg_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_sig_algs_ext", ret ); return( ret ); } ext_len += olen; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a8b1e7de6c..a137e439c5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -239,9 +239,9 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, * This needs to be done at a later stage. * */ -static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) +static int ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) { size_t sig_alg_list_size; @@ -1674,7 +1674,7 @@ read_record_header: case MBEDTLS_TLS_EXT_SIG_ALG: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); - ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); + ret = ssl_parse_sig_alg_ext( ssl, ext + 4, ext_size ); if( ret != 0 ) return( ret ); From afdfed16d0ab11e0d22d471da9493c47f165ba12 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Dec 2021 10:49:02 +0800 Subject: [PATCH 02/32] add get sig_algs helper function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4f84a2b046..78c2d217e4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1812,5 +1812,28 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED || MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +/* + * Return supported sig_algs. + */ +static inline const void *mbedtls_ssl_conf_get_sig_algs( + const mbedtls_ssl_config *conf ) +{ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( mbedtls_ssl_conf_is_tls12_only( conf )) + return( conf->sig_hashes ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( mbedtls_ssl_conf_is_tls13_only( conf )) + return( conf->tls13_sig_algs ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + + ((void) conf); + return NULL; +} #endif /* ssl_misc.h */ From 08e2ceae18b61b626b7ffa222e5e46820a569b26 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Dec 2021 10:53:23 +0800 Subject: [PATCH 03/32] Remove directly access for tls13_sig_algs Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c789ed41c7..9ffd0788cd 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -179,7 +179,7 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, * Write supported_signature_algorithms */ supported_sig_alg = p; - for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs; + for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); @@ -284,13 +284,12 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h } static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl, - uint16_t sig_alg ) + uint16_t received_sig_alg ) { - const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs; - - for( ; *tls13_sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; tls13_sig_alg++ ) + for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { - if( *tls13_sig_alg == sig_alg ) + if( *sig_alg == received_sig_alg ) return( 1 ); } return( 0 ); From 0e5bcb6bf52b4265f2735e702eb38e31f2f59f98 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Dec 2021 11:12:47 +0800 Subject: [PATCH 04/32] Replace directly access for sig_hashes Signed-off-by: Jerry Yu --- library/ssl_cli.c | 9 +++++---- library/ssl_srv.c | 3 ++- library/ssl_tls.c | 6 +++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a78254cd19..2c8aa37a32 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -209,7 +209,7 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, { unsigned char *p = buf; size_t sig_alg_len = 0; - const int *md; + const int *md = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) unsigned char *sig_alg_list = buf + 6; @@ -223,10 +223,10 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); - if( ssl->conf->sig_hashes == NULL ) + if( md == NULL ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) + for( ; *md != MBEDTLS_MD_NONE; md++ ) { #if defined(MBEDTLS_ECDSA_C) sig_alg_len += 2; @@ -253,7 +253,8 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, */ sig_alg_len = 0; - for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) + for( md = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + *md != MBEDTLS_MD_NONE; md++ ) { #if defined(MBEDTLS_ECDSA_C) sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a137e439c5..9eaeab407f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2798,7 +2798,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) /* * Supported signature algorithms */ - for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) + for( cur = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + *cur != MBEDTLS_MD_NONE; cur++ ) { unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 40d21b5f81..d6b3baa43a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6858,12 +6858,12 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ) { - const int *cur; + const int *cur = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - if( ssl->conf->sig_hashes == NULL ) + if( cur == NULL ) return( -1 ); - for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) + for( ; *cur != MBEDTLS_MD_NONE; cur++ ) if( *cur == (int) md ) return( 0 ); From 2d0bd329829ba9f88f82ea7a0f710a93a2b33d8c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 12 Jan 2022 12:58:00 +0800 Subject: [PATCH 05/32] fix various issues Signed-off-by: Jerry Yu --- library/ssl_cli.c | 2 +- library/ssl_misc.h | 4 ++-- library/ssl_tls13_generic.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 2c8aa37a32..a6f9e7dd1b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1133,7 +1133,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ( ret = ssl_write_sig_alg_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_sig_algs_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_sig_alg_ext", ret ); return( ret ); } ext_len += olen; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 78c2d217e4..e77d98a4cf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1821,12 +1821,12 @@ static inline const void *mbedtls_ssl_conf_get_sig_algs( #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_conf_is_tls12_only( conf )) + if( mbedtls_ssl_conf_is_tls12_enabled( conf )) return( conf->sig_hashes ); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( mbedtls_ssl_conf_is_tls13_only( conf )) + if( mbedtls_ssl_conf_is_tls13_enabled( conf )) return( conf->tls13_sig_algs ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 9ffd0788cd..b7084067f5 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -284,12 +284,12 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h } static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl, - uint16_t received_sig_alg ) + uint16_t proposed_sig_alg ) { for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { - if( *sig_alg == received_sig_alg ) + if( *sig_alg == proposed_sig_alg ) return( 1 ); } return( 0 ); From 1abd1bc22fc45400984fd6f4a4afe5f06e89b02d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Dec 2021 21:27:48 +0800 Subject: [PATCH 06/32] Change write_sig_alg_ext of tls12 Signed-off-by: Jerry Yu --- library/ssl_cli.c | 107 +++++++++++++++++++--------------------------- library/ssl_srv.c | 31 ++++++++------ library/ssl_tls.c | 12 ++++-- 3 files changed, 69 insertions(+), 81 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a6f9e7dd1b..023fac6af8 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -204,67 +204,15 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, - const unsigned char *end, size_t *olen ) + const unsigned char *end, size_t *out_len ) { unsigned char *p = buf; - size_t sig_alg_len = 0; - const int *md = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */ + size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) - unsigned char *sig_alg_list = buf + 6; -#endif - - *olen = 0; - - if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return( 0 ); - - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding signature_algorithms extension" ) ); - - if( md == NULL ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - - for( ; *md != MBEDTLS_MD_NONE; md++ ) - { -#if defined(MBEDTLS_ECDSA_C) - sig_alg_len += 2; -#endif -#if defined(MBEDTLS_RSA_C) - sig_alg_len += 2; -#endif - if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "length in bytes of sig-hash-alg extension too big" ) ); - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - } - } - - /* Empty signature algorithms list, this is a configuration error. */ - if( sig_alg_len == 0 ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - - MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); - - /* - * Prepare signature_algorithms extension (TLS 1.2) - */ - sig_alg_len = 0; - - for( md = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - *md != MBEDTLS_MD_NONE; md++ ) - { -#if defined(MBEDTLS_ECDSA_C) - sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); - sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA; -#endif -#if defined(MBEDTLS_RSA_C) - sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); - sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA; -#endif - } + *out_len = 0; /* * enum { @@ -283,16 +231,47 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, * SignatureAndHashAlgorithm * supported_signature_algorithms<2..2^16-2>; */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 ); - p += 2; - MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 ); - p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); - MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 ); - p += 2; + /* Check if we have space for header and length field: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - supported_signature_algorithms_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; - *olen = 6 + sig_alg_len; + /* + * Write supported_signature_algorithms + */ + supported_sig_alg = p; + for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); + p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); + } + + /* Length of supported_signature_algorithms */ + supported_sig_alg_len = p - supported_sig_alg; + if( supported_sig_alg_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 ); + /* Write length of supported_signature_algorithms */ + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 ); + + /* Output the total length of signature algorithms extension. */ + *out_len = p - buf; return( 0 ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9eaeab407f..eb3550eb5b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2793,27 +2793,32 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) */ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - const int *cur; - /* * Supported signature algorithms */ - for( cur = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - *cur != MBEDTLS_MD_NONE; cur++ ) + for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { - unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur ); + /* High byte is hash */ + unsigned char hash = ( *sig_alg >> 8 ) & 0xff; + unsigned char sig = ( *sig_alg ) & 0xff; if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) continue; +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_ECDSA_C) + if( sig != MBEDTLS_SSL_SIG_RSA && sig != MBEDTLS_SSL_SIG_ECDSA ) + continue; +#elif defined(MBEDTLS_RSA_C) + if( sig != MBEDTLS_SSL_SIG_RSA ) + continue; +#elif defined(MBEDTLS_ECDSA_C) + if( sig != MBEDTLS_SSL_SIG_ECDSA ) + continue; +#endif + + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len ); + sa_len += 2; -#if defined(MBEDTLS_RSA_C) - p[2 + sa_len++] = hash; - p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA; -#endif -#if defined(MBEDTLS_ECDSA_C) - p[2 + sa_len++] = hash; - p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA; -#endif } MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d6b3baa43a..8cdeb8d8b5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6858,14 +6858,18 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ) { - const int *cur = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - if( cur == NULL ) + const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + if( sig_alg == NULL ) return( -1 ); - for( ; *cur != MBEDTLS_MD_NONE; cur++ ) - if( *cur == (int) md ) + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + { + mbedtls_md_type_t hash = mbedtls_ssl_md_alg_from_hash( + ( *sig_alg >> 8 ) & 0xff ); + if( hash == md ) return( 0 ); + } return( -1 ); } From f017ee4203032ed778744be29a550c95a85b6154 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 12 Jan 2022 15:49:48 +0800 Subject: [PATCH 07/32] merge write sig_alg of tls12 and tls13 Signed-off-by: Jerry Yu # Conflicts: # library/ssl_misc.h --- include/mbedtls/ssl.h | 12 ++- library/ssl_cli.c | 85 +---------------- library/ssl_misc.h | 16 ++-- library/ssl_tls.c | 176 +++++++++++++++++++++++++++++++++--- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 74 --------------- 6 files changed, 183 insertions(+), 182 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6aa4d21a36..4b46cf89b4 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1359,11 +1359,11 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - const uint16_t *MBEDTLS_PRIVATE(tls13_sig_algs); /*!< allowed signature algorithms for TLS 1.3 */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ +#endif + const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -3267,6 +3267,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, const uint16_t *groups ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief Set the allowed hashes for signatures during the handshake. * @@ -3296,8 +3297,9 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, * \param hashes Ordered list of allowed signature hashes, * terminated by \c MBEDTLS_MD_NONE. */ -void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, +void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, const int *hashes ); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /** diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 023fac6af8..826879c12e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -199,85 +199,6 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -/* - * Only if we handle at least one key exchange that needs signatures. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, - const unsigned char *end, size_t *out_len ) -{ - unsigned char *p = buf; - unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */ - size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ - - *out_len = 0; - - /* - * enum { - * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), - * sha512(6), (255) - * } HashAlgorithm; - * - * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } - * SignatureAlgorithm; - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * SignatureAndHashAlgorithm - * supported_signature_algorithms<2..2^16-2>; - */ - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); - - /* Check if we have space for header and length field: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - supported_signature_algorithms_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); - p += 6; - - /* - * Write supported_signature_algorithms - */ - supported_sig_alg = p; - for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) - { - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); - p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); - } - - /* Length of supported_signature_algorithms */ - supported_sig_alg_len = p - supported_sig_alg; - if( supported_sig_alg_len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* Write extension_type */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); - /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 ); - /* Write length of supported_signature_algorithms */ - MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 ); - - /* Output the total length of signature algorithms extension. */ - *out_len = p - buf; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1109,10 +1030,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ( ret = ssl_write_sig_alg_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) + if( ( ret = mbedtls_ssl_write_sig_alg_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_sig_alg_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_sig_alg_ext", ret ); return( ret ); } ext_len += olen; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e77d98a4cf..44f69cbe97 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -554,6 +554,7 @@ struct mbedtls_ssl_handshake_params #if !defined(MBEDTLS_DEPRECATED_REMOVED) unsigned char group_list_heap_allocated; + unsigned char sig_algs_heap_allocated; #endif #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -592,6 +593,7 @@ struct mbedtls_ssl_handshake_params #if !defined(MBEDTLS_DEPRECATED_REMOVED) const uint16_t *group_list; + const uint16_t *sig_algs; #endif #if defined(MBEDTLS_DHM_C) @@ -1719,19 +1721,17 @@ void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl, unsigned char const *msg, size_t msg_len ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* - * Write TLS 1.3 Signature Algorithm extension + * Write Signature Algorithm extension */ -int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len); +int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, + const unsigned char *end, size_t *out_len); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - /* Get handshake transcript */ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, const mbedtls_md_type_t md, @@ -1827,7 +1827,7 @@ static inline const void *mbedtls_ssl_conf_get_sig_algs( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if( mbedtls_ssl_conf_is_tls13_enabled( conf )) - return( conf->tls13_sig_algs ); + return( conf->sig_algs ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8cdeb8d8b5..336e47941c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3150,6 +3150,62 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + /* Heap allocate and translate curve_list from internal to IANA group ids */ + if ( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) && + ssl->conf->sig_hashes != NULL ) + { + const int *md; + const int *sig_hashes = ssl->conf->sig_hashes; + size_t sig_algs_len = 0; + uint16_t *p; + + for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) + { + if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE ) + continue; + #if defined(MBEDTLS_ECDSA_C) + sig_algs_len++; + #endif + #if defined(MBEDTLS_RSA_C) + sig_algs_len++; + #endif + } + + if( sig_algs_len == 0 ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + ssl->handshake->sig_algs = mbedtls_calloc( sig_algs_len + 1, + sizeof( uint16_t ) ); + if( ssl->handshake->sig_algs == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + p = (uint16_t *)ssl->handshake->sig_algs; + for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) + { + unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md ); + if( hash == MBEDTLS_SSL_HASH_NONE ) + continue; + #if defined(MBEDTLS_ECDSA_C) + *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA); + p++; + #endif + #if defined(MBEDTLS_RSA_C) + *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA); + p++; + #endif + } + *p = MBEDTLS_TLS1_3_SIG_NONE; + ssl->handshake->sig_algs_heap_allocated = 1; + } + else + { + ssl->handshake->sig_algs = ssl->conf->sig_algs; + ssl->handshake->sig_algs_heap_allocated = 0; + } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ return( 0 ); } @@ -3991,6 +4047,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Set allowed/preferred hashes for handshake signatures */ @@ -3998,16 +4055,19 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, const int *hashes ) { conf->sig_hashes = hashes; + conf->sig_algs = NULL; } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* Configure allowed signature algorithms for use in TLS 1.3 */ +/* Configure allowed signature algorithms for handshake */ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, const uint16_t* sig_algs ) { - conf->tls13_sig_algs = sig_algs; +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + conf->sig_hashes = NULL; +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ + conf->sig_algs = sig_algs; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECP_C) @@ -5498,6 +5558,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + if ( ssl->handshake->sig_algs_heap_allocated ) + mbedtls_free( (void*) handshake->sig_algs ); + handshake->sig_algs = NULL; +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) { @@ -6335,6 +6404,7 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c. Here, the order matters. Currently we favor stronger hashes, * for no fundamental reason. @@ -6352,7 +6422,8 @@ static int ssl_preset_default_hashes[] = { #endif MBEDTLS_MD_NONE }; -#endif +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: @@ -6395,11 +6466,17 @@ static int ssl_preset_suiteb_ciphersuites[] = { }; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) static int ssl_preset_suiteb_hashes[] = { - MBEDTLS_MD_SHA256, +#if defined(MBEDTLS_SHA384_C) MBEDTLS_MD_SHA384, +#endif +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_MD_SHA256, +#endif MBEDTLS_MD_NONE }; +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) static uint16_t ssl_preset_default_sig_algs[] = { @@ -6563,10 +6640,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) conf->sig_hashes = ssl_preset_suiteb_hashes; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - conf->tls13_sig_algs = ssl_preset_suiteb_sig_algs; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ + conf->sig_algs = ssl_preset_suiteb_sig_algs; #endif #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -6601,10 +6678,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) conf->sig_hashes = ssl_preset_default_hashes; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - conf->tls13_sig_algs = ssl_preset_default_sig_algs; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ + conf->sig_algs = ssl_preset_default_sig_algs; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -7332,4 +7409,79 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* + * mbedtls_ssl_tls13_write_sig_alg_ext( ) + * + * enum { + * .... + * ecdsa_secp256r1_sha256( 0x0403 ), + * ecdsa_secp384r1_sha384( 0x0503 ), + * ecdsa_secp521r1_sha512( 0x0603 ), + * .... + * } SignatureScheme; + * + * struct { + * SignatureScheme supported_signature_algorithms<2..2^16-2>; + * } SignatureSchemeList; + * + * Only if we handle at least one key exchange that needs signatures. + */ +int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, + const unsigned char *end, size_t *out_len ) +{ + unsigned char *p = buf; + unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */ + size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ + + *out_len = 0; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); + + /* Check if we have space for header and length field: + * - extension_type (2 bytes) + * - extension_data_length (2 bytes) + * - supported_signature_algorithms_length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + p += 6; + + /* + * Write supported_signature_algorithms + */ + supported_sig_alg = p; + for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); + p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); + } + + /* Length of supported_signature_algorithms */ + supported_sig_alg_len = p - supported_sig_alg; + if( supported_sig_alg_len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + /* Write extension_type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); + /* Write extension_data_length */ + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 ); + /* Write length of supported_signature_algorithms */ + MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 ); + + /* Output the total length of signature algorithms extension. */ + *out_len = p - buf; + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9f9ab7213c..d046495cb7 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -630,7 +630,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, return( ret ); p += output_len; - ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len ); + ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); p += output_len; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index b7084067f5..1d31ce9218 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -136,80 +136,6 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -/* - * mbedtls_ssl_tls13_write_sig_alg_ext( ) - * - * enum { - * .... - * ecdsa_secp256r1_sha256( 0x0403 ), - * ecdsa_secp384r1_sha384( 0x0503 ), - * ecdsa_secp521r1_sha512( 0x0603 ), - * .... - * } SignatureScheme; - * - * struct { - * SignatureScheme supported_signature_algorithms<2..2^16-2>; - * } SignatureSchemeList; - * - * Only if we handle at least one key exchange that needs signatures. - */ -int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len ) -{ - unsigned char *p = buf; - unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */ - size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); - - /* Check if we have space for header and length field: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - supported_signature_algorithms_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); - p += 6; - - /* - * Write supported_signature_algorithms - */ - supported_sig_alg = p; - for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) - { - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); - p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); - } - - /* Length of supported_signature_algorithms */ - supported_sig_alg_len = p - supported_sig_alg; - if( supported_sig_alg_len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* Write extension_type */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); - /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 ); - /* Write length of supported_signature_algorithms */ - MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 ); - - /* Output the total length of signature algorithms extension. */ - *out_len = p - buf; - - ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG; - return( 0 ); -} - /* * STATE HANDLING: Read CertificateVerify */ From 6106fdc085d31935ee28919666db1bbbf5429e69 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 12 Jan 2022 16:36:14 +0800 Subject: [PATCH 08/32] fix build fail without TLS13 Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 -- library/ssl_misc.h | 21 +++++++-------------- library/ssl_srv.c | 7 +++++-- library/ssl_tls.c | 26 ++++++++++++++++---------- library/ssl_tls13_generic.c | 7 +++++-- 5 files changed, 33 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b46cf89b4..489bfdcebd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3301,7 +3301,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, const int *hashes ); #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) /** * \brief Configure allowed signature algorithms for use in TLS 1.3 * @@ -3313,7 +3312,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, */ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, const uint16_t* sig_algs ); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 44f69cbe97..10aa8ef292 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1815,24 +1815,17 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, /* * Return supported sig_algs. */ -static inline const void *mbedtls_ssl_conf_get_sig_algs( - const mbedtls_ssl_config *conf ) +static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_conf_is_tls12_enabled( conf )) - return( conf->sig_hashes ); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( mbedtls_ssl_conf_is_tls13_enabled( conf )) - return( conf->sig_algs ); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + if( ssl->handshake != NULL && ssl->handshake->sig_algs != NULL ) + return( ssl->handshake->sig_algs ); +#endif + return( ssl->conf->sig_algs ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - ((void) conf); + ((void) ssl); return NULL; } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index eb3550eb5b..97199e1f52 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2796,8 +2796,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) /* * Supported signature algorithms */ - for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); + if( sig_alg == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { /* High byte is hash */ unsigned char hash = ( *sig_alg >> 8 ) & 0xff; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 336e47941c..9a8fe45ec7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3187,14 +3187,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md ); if( hash == MBEDTLS_SSL_HASH_NONE ) continue; - #if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA); p++; - #endif - #if defined(MBEDTLS_RSA_C) +#endif +#if defined(MBEDTLS_RSA_C) *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA); p++; - #endif +#endif } *p = MBEDTLS_TLS1_3_SIG_NONE; ssl->handshake->sig_algs_heap_allocated = 1; @@ -4055,7 +4055,6 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, const int *hashes ) { conf->sig_hashes = hashes; - conf->sig_algs = NULL; } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -6478,8 +6477,9 @@ static int ssl_preset_suiteb_hashes[] = { }; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) static uint16_t ssl_preset_default_sig_algs[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* ECDSA algorithms */ #if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) @@ -6498,11 +6498,14 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ MBEDTLS_TLS1_3_SIG_NONE }; static uint16_t ssl_preset_suiteb_sig_algs[] = { + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* ECDSA algorithms */ #if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) @@ -6518,10 +6521,10 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ MBEDTLS_TLS1_3_SIG_NONE }; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif static uint16_t ssl_preset_suiteb_groups[] = { @@ -6936,7 +6939,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ) { - const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); + const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); if( sig_alg == NULL ) return( -1 ); @@ -7450,8 +7453,11 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, * Write supported_signature_algorithms */ supported_sig_alg = p; - for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); + if( sig_alg == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1d31ce9218..226f8e33f7 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -212,8 +212,11 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl, uint16_t proposed_sig_alg ) { - for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); - *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); + if( sig_alg == NULL ) + return( 0 ); + + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { if( *sig_alg == proposed_sig_alg ) return( 1 ); From 11f0a9c2c4f9e89bfc39fd81c12ddd24d2958d3e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 12 Jan 2022 18:43:08 +0800 Subject: [PATCH 09/32] fix deprecated-declarations error replace sig_hashes with sig_alg Signed-off-by: Jerry Yu --- library/ssl_tls.c | 29 +++++++++++++++++++++++++++ programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- programs/ssl/ssl_test_common_source.c | 24 +++++++++++++++------- 4 files changed, 48 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9a8fe45ec7..b109ffaa0c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6403,6 +6403,16 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ + (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#elif defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), +#elif defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#else +#define MBEDTLS_SSL_SIG_ALG( hash ) +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c. Here, the order matters. Currently we favor stronger hashes, @@ -6478,6 +6488,17 @@ static int ssl_preset_suiteb_hashes[] = { #endif /* !MBEDTLS_DEPRECATED_REMOVED */ static uint16_t ssl_preset_default_sig_algs[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA512_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) +#endif +#if defined(MBEDTLS_SHA384_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) +#endif +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* ECDSA algorithms */ @@ -6504,6 +6525,14 @@ static uint16_t ssl_preset_default_sig_algs[] = { }; static uint16_t ssl_preset_suiteb_sig_algs[] = { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA384_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) +#endif +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* ECDSA algorithms */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 762e21b410..1de8ce3d9c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1729,7 +1729,7 @@ int main( int argc, char *argv[] ) { crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ); mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test ); - mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test ); + mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test ); } if( opt.context_crt_cb == 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f627274a49..388ffe047a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2586,7 +2586,7 @@ int main( int argc, char *argv[] ) { crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ); mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test ); - mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test ); + mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test ); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 62cd35de8f..0e66895dbd 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -262,24 +262,34 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) } #if defined(MBEDTLS_X509_CRT_PARSE_C) -int ssl_sig_hashes_for_test[] = { +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ + (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#elif defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), +#elif defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#else +#define MBEDTLS_SSL_SIG_ALG( hash ) +#endif +uint16_t ssl_sig_algs_for_test[] = { #if defined(MBEDTLS_SHA512_C) - MBEDTLS_MD_SHA512, + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) #endif #if defined(MBEDTLS_SHA384_C) - MBEDTLS_MD_SHA384, + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) #endif #if defined(MBEDTLS_SHA256_C) - MBEDTLS_MD_SHA256, + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) #endif #if defined(MBEDTLS_SHA224_C) - MBEDTLS_MD_SHA224, + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 ) #endif #if defined(MBEDTLS_SHA1_C) /* Allow SHA-1 as we use it extensively in tests. */ - MBEDTLS_MD_SHA1, + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 ) #endif - MBEDTLS_MD_NONE + MBEDTLS_TLS1_3_SIG_NONE }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ From e12f1ddcfaa498b059f2eddc068589454292bff2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 13 Jan 2022 14:38:22 +0800 Subject: [PATCH 10/32] fix check names fail Signed-off-by: Jerry Yu --- library/ssl_misc.h | 13 +++++++++++++ library/ssl_tls.c | 10 ---------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 10aa8ef292..b0335fe74e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1829,4 +1829,17 @@ static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *s return NULL; } +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ + (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#elif defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), +#elif defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#else +#define MBEDTLS_SSL_SIG_ALG( hash ) +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* ssl_misc.h */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b109ffaa0c..91e84b57ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6403,16 +6403,6 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ - (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), -#elif defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), -#elif defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), -#else -#define MBEDTLS_SSL_SIG_ALG( hash ) -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c. Here, the order matters. Currently we favor stronger hashes, From 713013fa80e0ca75043e33de057035fb47fe5380 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 17 Jan 2022 18:16:35 +0800 Subject: [PATCH 11/32] fix various issues Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 +- library/ssl_misc.h | 17 ++++++++++++---- library/ssl_srv.c | 6 +++--- library/ssl_tls.c | 45 ++++++++++++++++++++----------------------- 4 files changed, 38 insertions(+), 32 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 489bfdcebd..4187dce117 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3298,7 +3298,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, * terminated by \c MBEDTLS_MD_NONE. */ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, - const int *hashes ); + const int *hashes ); #endif /* MBEDTLS_DEPRECATED_REMOVED */ /** diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b0335fe74e..7ef3ec1255 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1728,7 +1728,7 @@ void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl, * Write Signature Algorithm extension */ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, - const unsigned char *end, size_t *out_len); + const unsigned char *end, size_t *out_len ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ @@ -1813,9 +1813,18 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ /* - * Return supported sig_algs. + * Return supported signature algorithms. + * + * In future, invocations can be changed to ssl->conf->sig_algs when + * mbedtls_ssl_conf_sig_hashes() is deleted. + * + * ssl->handshake->sig_algs is either a translation of sig_hases to IANA TLS group + * identifiers when mbedtls_ssl_conf_sig_hashes() has been used, or a pointer to + * ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has been more recently + * invoked. */ -static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl ) +static inline const void *mbedtls_ssl_get_sig_algs( + const mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -1826,7 +1835,7 @@ static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *s #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ ((void) ssl); - return NULL; + return( NULL ); } #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 97199e1f52..5ebbcada6f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2803,10 +2803,10 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { /* High byte is hash */ - unsigned char hash = ( *sig_alg >> 8 ) & 0xff; - unsigned char sig = ( *sig_alg ) & 0xff; + unsigned char hash = MBEDTLS_BYTE_1( *sig_alg ); + unsigned char sig = MBEDTLS_BYTE_0( *sig_alg ); - if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) + if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) continue; #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_ECDSA_C) if( sig != MBEDTLS_SSL_SIG_RSA && sig != MBEDTLS_SSL_SIG_ECDSA ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 91e84b57ec..a6d6deefcb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3152,8 +3152,9 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - /* Heap allocate and translate curve_list from internal to IANA group ids */ - if ( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) && + /* Heap allocate and translate sig_hashes from internal hash identifiers to + signature algorithms IANA identifiers. */ + if ( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) && ssl->conf->sig_hashes != NULL ) { const int *md; @@ -6467,30 +6468,18 @@ static int ssl_preset_suiteb_ciphersuites[] = { #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) static int ssl_preset_suiteb_hashes[] = { -#if defined(MBEDTLS_SHA384_C) - MBEDTLS_MD_SHA384, -#endif #if defined(MBEDTLS_SHA256_C) MBEDTLS_MD_SHA256, +#endif +#if defined(MBEDTLS_SHA384_C) + MBEDTLS_MD_SHA384, #endif MBEDTLS_MD_NONE }; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ static uint16_t ssl_preset_default_sig_algs[] = { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA512_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) -#endif -#if defined(MBEDTLS_SHA384_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) -#endif -#if defined(MBEDTLS_SHA256_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* ECDSA algorithms */ #if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) @@ -6510,12 +6499,10 @@ static uint16_t ssl_preset_default_sig_algs[] = { #endif MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - MBEDTLS_TLS1_3_SIG_NONE -}; - -static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA512_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) +#endif #if defined(MBEDTLS_SHA384_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) #endif @@ -6523,7 +6510,10 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + MBEDTLS_TLS1_3_SIG_NONE +}; +static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* ECDSA algorithms */ #if defined(MBEDTLS_ECDSA_C) @@ -6541,7 +6531,14 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #endif MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA384_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) +#endif +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_TLS1_3_SIG_NONE }; #endif @@ -6965,7 +6962,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { mbedtls_md_type_t hash = mbedtls_ssl_md_alg_from_hash( - ( *sig_alg >> 8 ) & 0xff ); + MBEDTLS_BYTE_1( *sig_alg ) ); if( hash == md ) return( 0 ); } From a69269a7117f799fcbe9ccde756b582e543d7e67 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 17 Jan 2022 21:06:01 +0800 Subject: [PATCH 12/32] change sig_algs_len unit to byte Signed-off-by: Jerry Yu --- library/ssl_tls.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a6d6deefcb..bb2b47e057 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3152,6 +3152,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* Heap allocate and translate sig_hashes from internal hash identifiers to signature algorithms IANA identifiers. */ if ( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) && @@ -3159,7 +3160,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) { const int *md; const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = 0; + size_t sig_algs_len = sizeof( uint16_t ); uint16_t *p; for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) @@ -3167,18 +3168,17 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE ) continue; #if defined(MBEDTLS_ECDSA_C) - sig_algs_len++; + sig_algs_len += sizeof( uint16_t ); #endif #if defined(MBEDTLS_RSA_C) - sig_algs_len++; + sig_algs_len += sizeof( uint16_t ); #endif } - if( sig_algs_len == 0 ) + if( sig_algs_len == sizeof( uint16_t ) ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - ssl->handshake->sig_algs = mbedtls_calloc( sig_algs_len + 1, - sizeof( uint16_t ) ); + ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len ); if( ssl->handshake->sig_algs == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); @@ -3201,6 +3201,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) ssl->handshake->sig_algs_heap_allocated = 1; } else +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { ssl->handshake->sig_algs = ssl->conf->sig_algs; ssl->handshake->sig_algs_heap_allocated = 0; From 4131ec1260cc97e923832c38b396d016badd5c81 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 19 Jan 2022 10:36:30 +0800 Subject: [PATCH 13/32] Add signature algorithm length check Signed-off-by: Jerry Yu --- library/ssl_misc.h | 7 +++++-- library/ssl_tls.c | 9 ++++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7ef3ec1255..85270c4a96 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -256,8 +256,11 @@ : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ ) -/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */ -#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534 +/* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ +#define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534 + +/* Minimue size in bytes of list in signature algorithms ext., RFC 5246/8446 */ +#define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2 /* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ #define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bb2b47e057..e398f48985 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3160,7 +3160,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) { const int *md; const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = sizeof( uint16_t ); + size_t sig_algs_len = 0; uint16_t *p; for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) @@ -3175,10 +3175,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) #endif } - if( sig_algs_len == sizeof( uint16_t ) ) + if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN || + sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN ) + { return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } - ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len ); + ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len + 2 ); if( ssl->handshake->sig_algs == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); From 7ddc38cedbb6b5030d953e551d8c86901d532015 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 19 Jan 2022 11:08:05 +0800 Subject: [PATCH 14/32] fix various issues Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 4 ++-- library/ssl_misc.h | 9 ++++---- library/ssl_tls.c | 52 +++++++++++++++++++++++++++++++------------ 3 files changed, 45 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4187dce117..f9bbf0c8bc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3267,7 +3267,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, const uint16_t *groups ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) /** * \brief Set the allowed hashes for signatures during the handshake. * @@ -3299,7 +3299,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, */ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, const int *hashes ); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** * \brief Configure allowed signature algorithms for use in TLS 1.3 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 85270c4a96..99a17d7621 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1821,10 +1821,11 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, * In future, invocations can be changed to ssl->conf->sig_algs when * mbedtls_ssl_conf_sig_hashes() is deleted. * - * ssl->handshake->sig_algs is either a translation of sig_hases to IANA TLS group - * identifiers when mbedtls_ssl_conf_sig_hashes() has been used, or a pointer to - * ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has been more recently - * invoked. + * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS + * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been + * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has + * been more recently invoked. + * */ static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e398f48985..14ac06c111 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4052,7 +4052,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Set allowed/preferred hashes for handshake signatures */ @@ -4061,7 +4061,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, { conf->sig_hashes = hashes; } -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /* Configure allowed signature algorithms for handshake */ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, @@ -7434,21 +7434,45 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* - * mbedtls_ssl_tls13_write_sig_alg_ext( ) + * Function for writing a signature algorithm extension. * - * enum { - * .... - * ecdsa_secp256r1_sha256( 0x0403 ), - * ecdsa_secp384r1_sha384( 0x0503 ), - * ecdsa_secp521r1_sha512( 0x0603 ), - * .... - * } SignatureScheme; + * The `exitension_data` field of signature algorithm contains `SignatureSchemeList` + * value (TLS 1.3 RFC8446): + * enum { + * .... + * ecdsa_secp256r1_sha256( 0x0403 ), + * ecdsa_secp384r1_sha384( 0x0503 ), + * ecdsa_secp521r1_sha512( 0x0603 ), + * .... + * } SignatureScheme; * - * struct { - * SignatureScheme supported_signature_algorithms<2..2^16-2>; - * } SignatureSchemeList; + * struct { + * SignatureScheme supported_signature_algorithms<2..2^16-2>; + * } SignatureSchemeList; + * + * The `exitension_data` field of signature algorithm contains + * `SignatureAndHashAlgorithm` value (TLS 1.2 RFC5246): + * enum { + * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), + * sha512(6), (255) + * } HashAlgorithm; + * + * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } + * SignatureAlgorithm; + * + * struct { + * HashAlgorithm hash; + * SignatureAlgorithm signature; + * } SignatureAndHashAlgorithm; + * + * SignatureAndHashAlgorithm + * supported_signature_algorithms<2..2^16-2>; + * + * The TLS 1.3 signature algorithm extension was defined to be a compatible + * generalization of the TLS 1.2 signature algorithm extension. + * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by + * `SignatureScheme` field of TLS 1.3 * - * Only if we handle at least one key exchange that needs signatures. */ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, size_t *out_len ) From 1bab301c0dd6becb49a3328d009659152d6b5053 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 19 Jan 2022 17:43:22 +0800 Subject: [PATCH 15/32] Add signature algorithm supported check Signed-off-by: Jerry Yu --- library/ssl_misc.h | 124 +++++++++++++++++++++++++++++++++++++++++++++ library/ssl_srv.c | 13 +---- library/ssl_tls.c | 2 + 3 files changed, 127 insertions(+), 12 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 99a17d7621..a9e60d70e6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -56,6 +56,8 @@ #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#include "common.h" + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline @@ -1842,6 +1844,127 @@ static inline const void *mbedtls_ssl_get_sig_algs( return( NULL ); } +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +static inline int mbedtls_ssl_sig_alg_is_supported( + const mbedtls_ssl_context *ssl, + const uint16_t sig_alg ) +{ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) + { + /* High byte is hash */ + unsigned char hash = MBEDTLS_BYTE_1( sig_alg ); + unsigned char sig = MBEDTLS_BYTE_0( sig_alg ); + + switch( hash ) + { + #if defined(MBEDTLS_MD5_C) + case MBEDTLS_SSL_HASH_MD5: + break; + #endif + #if defined(MBEDTLS_SHA1_C) + case MBEDTLS_SSL_HASH_SHA1: + break; + #endif + #if defined(MBEDTLS_SHA224_C) + case MBEDTLS_SSL_HASH_SHA224: + break; + #endif + #if defined(MBEDTLS_SHA256_C) + case MBEDTLS_SSL_HASH_SHA256: + break; + #endif + #if defined(MBEDTLS_SHA384_C) + case MBEDTLS_SSL_HASH_SHA384: + break; + #endif + #if defined(MBEDTLS_SHA512_C) + case MBEDTLS_SSL_HASH_SHA512: + break; + #endif + + default: + return( 0 ); + } + + switch( sig ) + { + #if defined(MBEDTLS_RSA_C) + case MBEDTLS_SSL_SIG_RSA: + break; + #endif + + #if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + break; + #endif + + default: + return( 0 ); + } + + return( 1 ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) + { + switch( sig_alg ) + { + #if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: + break; + #endif /* MBEDTLS_SHA256_C && + MBEDTLS_ECP_DP_SECP256R1_ENABLED && + MBEDTLS_ECDSA_C */ + + #if defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: + break; + #endif /* MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP384R1_ENABLED && + MBEDTLS_ECDSA_C */ + + #if defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: + break; + #endif /* MBEDTLS_SHA512_C && + MBEDTLS_ECP_DP_SECP521R1_ENABLED && + MBEDTLS_ECDSA_C */ + + #if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + break; + #endif /* MBEDTLS_SHA256_C && + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + + #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + break; + #endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/ + + default: + return( 0 ); + } + + return( 1 ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + ((void) ssl); + ((void) sig_alg); + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) @@ -1855,4 +1978,5 @@ static inline const void *mbedtls_ssl_get_sig_algs( #define MBEDTLS_SSL_SIG_ALG( hash ) #endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* ssl_misc.h */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5ebbcada6f..0de11772a2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2802,26 +2802,15 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { - /* High byte is hash */ unsigned char hash = MBEDTLS_BYTE_1( *sig_alg ); - unsigned char sig = MBEDTLS_BYTE_0( *sig_alg ); if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) continue; -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_ECDSA_C) - if( sig != MBEDTLS_SSL_SIG_RSA && sig != MBEDTLS_SSL_SIG_ECDSA ) + if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; -#elif defined(MBEDTLS_RSA_C) - if( sig != MBEDTLS_SSL_SIG_RSA ) - continue; -#elif defined(MBEDTLS_ECDSA_C) - if( sig != MBEDTLS_SSL_SIG_ECDSA ) - continue; -#endif MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len ); sa_len += 2; - } MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 14ac06c111..97c60c85bf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7503,6 +7503,8 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { + if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) + continue; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); p += 2; From 24811fb2e0b1e8c124da7680d0e4b90ce273f02a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 19 Jan 2022 18:02:15 +0800 Subject: [PATCH 16/32] replace check_sig_hash with is_offered Signed-off-by: Jerry Yu --- library/ssl_cli.c | 5 ++--- library/ssl_misc.h | 17 +++++++++++++++++ library/ssl_srv.c | 3 ++- library/ssl_tls13_generic.c | 17 +---------------- 4 files changed, 22 insertions(+), 20 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 826879c12e..e411b70490 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2595,7 +2595,6 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg ) { - ((void) ssl); *md_alg = MBEDTLS_MD_NONE; *pk_alg = MBEDTLS_PK_NONE; @@ -2631,9 +2630,9 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, } /* - * Check if the hash is acceptable + * Check if the signature algorithm is acceptable */ - if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) + if( !mbedtls_ssl_sig_alg_is_offered( ssl, MBEDTLS_GET_UINT16_BE( *p, 0 ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a9e60d70e6..c7e24d1274 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1845,6 +1845,23 @@ static inline const void *mbedtls_ssl_get_sig_algs( } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl, + uint16_t proposed_sig_alg ) +{ + const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); + if( sig_alg == NULL ) + return( 0 ); + + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + { + if( *sig_alg == proposed_sig_alg ) + return( 1 ); + } + return( 0 ); +} + + static inline int mbedtls_ssl_sig_alg_is_supported( const mbedtls_ssl_context *ssl, const uint16_t sig_alg ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0de11772a2..f2f57b14d3 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -296,7 +296,8 @@ static int ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, continue; } - if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 ) + if( mbedtls_ssl_sig_alg_is_offered( + ssl, MBEDTLS_GET_UINT16_BE( p, 0 ) ) ) { mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 226f8e33f7..a87af94dcc 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -209,21 +209,6 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h *verify_buffer_len = idx; } -static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl, - uint16_t proposed_sig_alg ) -{ - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); - if( sig_alg == NULL ) - return( 0 ); - - for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) - { - if( *sig_alg == proposed_sig_alg ) - return( 1 ); - } - return( 0 ); -} - static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end, @@ -268,7 +253,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, * * Check if algorithm is an offered signature algorithm. */ - if( ! ssl_tls13_sig_alg_is_offered( ssl, algorithm ) ) + if( ! mbedtls_ssl_sig_alg_is_offered( ssl, algorithm ) ) { /* algorithm not in offered signature algorithms list */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not " From eb821c6916c1cb32e14d30a39317808c1187bd1e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 19 Jan 2022 18:35:56 +0800 Subject: [PATCH 17/32] remove check_sig_hash Signed-off-by: Jerry Yu --- library/ssl_misc.h | 5 ----- library/ssl_srv.c | 11 +++++++---- library/ssl_tls.c | 25 ------------------------- 3 files changed, 7 insertions(+), 34 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c7e24d1274..2b1fa2272b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1283,11 +1283,6 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, - mbedtls_md_type_t md ); -#endif - #if defined(MBEDTLS_SSL_DTLS_SRTP) static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value ( const uint16_t srtp_profile_value ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f2f57b14d3..5cd9d71612 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1803,10 +1803,13 @@ read_record_header: */ if( sig_hash_alg_ext_present == 0 ) { - mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1; - - if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 ) - md_default = MBEDTLS_MD_NONE; + uint16_t sig_algs[] = { MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) }; + mbedtls_md_type_t md_default = MBEDTLS_MD_NONE; + for( i = 0; i < sizeof(sig_algs)/sizeof(sig_algs[0]) ; i++ ) + { + if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_algs[ i ] ) ) + md_default = MBEDTLS_MD_SHA1; + } mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default ); } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 97c60c85bf..143ce822ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6950,31 +6950,6 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i } #endif /* MBEDTLS_ECP_C */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* - * Check if a hash proposed by the peer is in our list. - * Return 0 if we're willing to use it, -1 otherwise. - */ -int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, - mbedtls_md_type_t md ) -{ - - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); - if( sig_alg == NULL ) - return( -1 ); - - for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) - { - mbedtls_md_type_t hash = mbedtls_ssl_md_alg_from_hash( - MBEDTLS_BYTE_1( *sig_alg ) ); - if( hash == md ) - return( 0 ); - } - - return( -1 ); -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, From 8afd6e430871d764c55b2b326044a32c066cf08b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 20 Jan 2022 15:54:26 +0800 Subject: [PATCH 18/32] fix typo issues in comments Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- library/ssl_tls.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2b1fa2272b..2be88d60b0 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -261,7 +261,7 @@ /* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ #define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534 -/* Minimue size in bytes of list in signature algorithms ext., RFC 5246/8446 */ +/* Minimum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ #define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2 /* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 143ce822ec..6d03276423 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7411,7 +7411,7 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, /* * Function for writing a signature algorithm extension. * - * The `exitension_data` field of signature algorithm contains `SignatureSchemeList` + * The `extension_data` field of signature algorithm contains a `SignatureSchemeList` * value (TLS 1.3 RFC8446): * enum { * .... @@ -7425,8 +7425,8 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, * SignatureScheme supported_signature_algorithms<2..2^16-2>; * } SignatureSchemeList; * - * The `exitension_data` field of signature algorithm contains - * `SignatureAndHashAlgorithm` value (TLS 1.2 RFC5246): + * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm` + * value (TLS 1.2 RFC5246): * enum { * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), * sha512(6), (255) From a68dca24eebcda1aa6b28acb3a61e0b91b18c959 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 20 Jan 2022 16:28:27 +0800 Subject: [PATCH 19/32] move overflow inside loop Signed-off-by: Jerry Yu --- library/ssl_tls.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6d03276423..3b62584937 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3161,27 +3161,34 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) const int *md; const int *sig_hashes = ssl->conf->sig_hashes; size_t sig_algs_len = 0; + size_t sig_algs_len_per_hash = 0; uint16_t *p; +#if defined(MBEDTLS_ECDSA_C) + sig_algs_len_per_hash += sizeof( uint16_t ); +#endif +#if defined(MBEDTLS_RSA_C) + sig_algs_len_per_hash += sizeof( uint16_t ); +#endif + for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE ) continue; - #if defined(MBEDTLS_ECDSA_C) - sig_algs_len += sizeof( uint16_t ); - #endif - #if defined(MBEDTLS_RSA_C) - sig_algs_len += sizeof( uint16_t ); - #endif + if( sig_algs_len > + ( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN - sig_algs_len_per_hash ) ) + { + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } + + sig_algs_len += sig_algs_len_per_hash; } - if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN || - sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN ) - { + if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - } - ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len + 2 ); + ssl->handshake->sig_algs = mbedtls_calloc( 1, + sig_algs_len + sizeof( uint16_t ) ); if( ssl->handshake->sig_algs == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); From 600ded7ea5c966b9f43de886c4b17b7b4df71d66 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 20 Jan 2022 16:56:50 +0800 Subject: [PATCH 20/32] Reserve end tag space at sig_algs_len init. Signed-off-by: Jerry Yu --- library/ssl_tls.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3b62584937..4261195214 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3160,7 +3160,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) { const int *md; const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = 0; + size_t sig_algs_len = sizeof( uint16_t ); size_t sig_algs_len_per_hash = 0; uint16_t *p; @@ -3176,7 +3176,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE ) continue; if( sig_algs_len > - ( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN - sig_algs_len_per_hash ) ) + ( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN + sizeof( uint16_t ) + - sig_algs_len_per_hash ) ) { return( MBEDTLS_ERR_SSL_BAD_CONFIG ); } @@ -3184,11 +3185,10 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) sig_algs_len += sig_algs_len_per_hash; } - if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN ) + if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN + sizeof( uint16_t )) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - ssl->handshake->sig_algs = mbedtls_calloc( 1, - sig_algs_len + sizeof( uint16_t ) ); + ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len ); if( ssl->handshake->sig_algs == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); From 1a8b481ce64e2bba6a9cce1cfdc5cf4e40be5db5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 20 Jan 2022 17:56:50 +0800 Subject: [PATCH 21/32] Remove duplicated signature algorithm in default settings Signed-off-by: Jerry Yu --- library/ssl_tls.c | 80 +++++++++++++++++++++++++++++------------------ 1 file changed, 49 insertions(+), 31 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4261195214..879c6395bc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6489,28 +6489,17 @@ static int ssl_preset_suiteb_hashes[] = { }; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ +/* NOTICE: Make sure there are no duplicated entries when add new signature + * algorithms into ssl_preset_default_sig_algs + */ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* ECDSA algorithms */ -#if defined(MBEDTLS_ECDSA_C) -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, -#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#endif /* MBEDTLS_ECDSA_C */ - /* RSA algorithms */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + #if defined(MBEDTLS_SHA512_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) #endif @@ -6520,39 +6509,29 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SHA256_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + MBEDTLS_TLS1_3_SIG_NONE }; +/* NOTICE: Make sure there are no duplicated entries when add new signature + * algorithms into ssl_preset_suiteb_sig_algs + */ static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* ECDSA algorithms */ -#if defined(MBEDTLS_ECDSA_C) -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#endif /* MBEDTLS_ECDSA_C */ - - /* RSA algorithms */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + #if defined(MBEDTLS_SHA384_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) #endif #if defined(MBEDTLS_SHA256_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_TLS1_3_SIG_NONE }; -#endif +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ static uint16_t ssl_preset_suiteb_groups[] = { #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) @@ -6564,6 +6543,31 @@ static uint16_t ssl_preset_suiteb_groups[] = { MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; +#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* Function for checking `ssl_preset_*_sig_algs` to make sure there are no duplicated + * signature algorithm entries */ +static int ssl_array_has_duplicated_entries( uint16_t * array ) +{ + size_t i, j; + int ret = 0; + for( i = 1; array[i] != MBEDTLS_TLS1_3_SIG_NONE ; i++ ) + { + for( j = 0 ; j < i; j++ ) + { + if( array[i] == array[j] ) + { + mbedtls_printf( " entry(%04x,%" MBEDTLS_PRINTF_SIZET + ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", + array[i], j, i ); + ret = -1; + } + } + } + return( ret ); +} + +#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * Load default in mbedtls_ssl_config */ @@ -6574,6 +6578,20 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif +#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( ssl_array_has_duplicated_entries( ssl_preset_suiteb_sig_algs ) ) + { + mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } + + if( ssl_array_has_duplicated_entries( ssl_preset_default_sig_algs ) ) + { + mbedtls_printf( "ssl_preset_default_sig_algs has duplicated entries\n" ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } +#endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* Use the functions here so that they are covered in tests, * but otherwise access member directly for efficiency */ mbedtls_ssl_conf_endpoint( conf, endpoint ); From 941e07ff029634c9ceef1dec3e3d67708bf4bbf7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 21 Jan 2022 13:10:15 +0800 Subject: [PATCH 22/32] fix test_no_platform fail Signed-off-by: Jerry Yu --- library/ssl_tls.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 879c6395bc..c04470c962 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6556,9 +6556,11 @@ static int ssl_array_has_duplicated_entries( uint16_t * array ) { if( array[i] == array[j] ) { + #if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( " entry(%04x,%" MBEDTLS_PRINTF_SIZET ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", array[i], j, i ); + #endif ret = -1; } } @@ -6581,13 +6583,17 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ssl_array_has_duplicated_entries( ssl_preset_suiteb_sig_algs ) ) { + #if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" ); + #endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } if( ssl_array_has_duplicated_entries( ssl_preset_default_sig_algs ) ) { + #if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_preset_default_sig_algs has duplicated entries\n" ); + #endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } #endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ From 971988528dfcf3efe3c06be9cfd367456ca1f6bb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 21 Jan 2022 16:16:01 +0800 Subject: [PATCH 23/32] fix coding style issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 85 ++++++++++++++++++++++++---------------------- library/ssl_srv.c | 5 +-- 2 files changed, 48 insertions(+), 42 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2be88d60b0..788fafdd92 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1871,30 +1871,35 @@ static inline int mbedtls_ssl_sig_alg_is_supported( switch( hash ) { - #if defined(MBEDTLS_MD5_C) +#if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: break; - #endif - #if defined(MBEDTLS_SHA1_C) +#endif + +#if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: break; - #endif - #if defined(MBEDTLS_SHA224_C) +#endif + +#if defined(MBEDTLS_SHA224_C) case MBEDTLS_SSL_HASH_SHA224: break; - #endif - #if defined(MBEDTLS_SHA256_C) +#endif + +#if defined(MBEDTLS_SHA256_C) case MBEDTLS_SSL_HASH_SHA256: break; - #endif - #if defined(MBEDTLS_SHA384_C) +#endif + +#if defined(MBEDTLS_SHA384_C) case MBEDTLS_SSL_HASH_SHA384: break; - #endif - #if defined(MBEDTLS_SHA512_C) +#endif + +#if defined(MBEDTLS_SHA512_C) case MBEDTLS_SSL_HASH_SHA512: break; - #endif +#endif default: return( 0 ); @@ -1902,15 +1907,15 @@ static inline int mbedtls_ssl_sig_alg_is_supported( switch( sig ) { - #if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_RSA_C) case MBEDTLS_SSL_SIG_RSA: break; - #endif +#endif - #if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) case MBEDTLS_SSL_SIG_ECDSA: break; - #endif +#endif default: return( 0 ); @@ -1925,44 +1930,44 @@ static inline int mbedtls_ssl_sig_alg_is_supported( { switch( sig_alg ) { - #if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: break; - #endif /* MBEDTLS_SHA256_C && - MBEDTLS_ECP_DP_SECP256R1_ENABLED && - MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_SHA256_C && + MBEDTLS_ECP_DP_SECP256R1_ENABLED && + MBEDTLS_ECDSA_C */ - #if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: break; - #endif /* MBEDTLS_SHA384_C && - MBEDTLS_ECP_DP_SECP384R1_ENABLED && - MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP384R1_ENABLED && + MBEDTLS_ECDSA_C */ - #if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: break; - #endif /* MBEDTLS_SHA512_C && - MBEDTLS_ECP_DP_SECP521R1_ENABLED && - MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_SHA512_C && + MBEDTLS_ECP_DP_SECP521R1_ENABLED && + MBEDTLS_ECDSA_C */ - #if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: break; - #endif /* MBEDTLS_SHA256_C && - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_SHA256_C && + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: break; - #endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/ +#endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/ default: return( 0 ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5cd9d71612..f189e1d606 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1805,13 +1805,14 @@ read_record_header: { uint16_t sig_algs[] = { MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) }; mbedtls_md_type_t md_default = MBEDTLS_MD_NONE; - for( i = 0; i < sizeof(sig_algs)/sizeof(sig_algs[0]) ; i++ ) + for( i = 0; i < sizeof( sig_algs ) / sizeof( sig_algs[0] ) ; i++ ) { if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_algs[ i ] ) ) md_default = MBEDTLS_MD_SHA1; } - mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default ); + mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, + md_default ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && From b476a44fc6cd9cd5fef2aab83ad58f1378745fe1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 21 Jan 2022 18:14:45 +0800 Subject: [PATCH 24/32] Add static assert check Signed-off-by: Jerry Yu --- library/ssl_tls.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c04470c962..c621e415f8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -25,6 +25,8 @@ #if defined(MBEDTLS_SSL_TLS_C) +#include + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -3160,35 +3162,35 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) { const int *md; const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = sizeof( uint16_t ); - size_t sig_algs_len_per_hash = 0; + size_t sig_algs_len = 0; uint16_t *p; -#if defined(MBEDTLS_ECDSA_C) - sig_algs_len_per_hash += sizeof( uint16_t ); -#endif -#if defined(MBEDTLS_RSA_C) - sig_algs_len_per_hash += sizeof( uint16_t ); +#if defined(static_assert) + static_assert( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN + <= ( SIZE_MAX - ( 2 * sizeof(uint16_t) ) ), + "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big" ); #endif for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE ) continue; - if( sig_algs_len > - ( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN + sizeof( uint16_t ) - - sig_algs_len_per_hash ) ) - { - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - } +#if defined(MBEDTLS_ECDSA_C) + sig_algs_len += sizeof( uint16_t ); +#endif - sig_algs_len += sig_algs_len_per_hash; +#if defined(MBEDTLS_RSA_C) + sig_algs_len += sizeof( uint16_t ); +#endif + if( sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); } - if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN + sizeof( uint16_t )) + if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len ); + ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len + + sizeof( uint16_t )); if( ssl->handshake->sig_algs == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); From 909df7b17b726772bc93d877e8cfa89d3c87807b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 22 Jan 2022 11:56:27 +0800 Subject: [PATCH 25/32] Refactor *_sig_algs tables Signed-off-by: Jerry Yu --- library/ssl_tls.c | 145 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 119 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c621e415f8..8ff81053e1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6491,17 +6491,57 @@ static int ssl_preset_suiteb_hashes[] = { }; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -/* NOTICE: Make sure there are no duplicated entries when add new signature - * algorithms into ssl_preset_default_sig_algs +/* NOTICE: + * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, below rulers + * SHOULD be followed. + * - No duplicated entries. + * - Followup simillar order. + * - ssl_tls12_* contains tls12_only mode data. + * - ssl_preset_* contains non-tls12_only mode data, if possible, tls12_only data + * should be at the beggining of table. */ static uint16_t ssl_preset_default_sig_algs[] = { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* RSA algorithms */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && + MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ + + MBEDTLS_TLS1_3_SIG_NONE +}; + +/* NOTICE: see above */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_SHA512_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) #endif @@ -6511,20 +6551,42 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SHA256_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) #endif + MBEDTLS_TLS1_3_SIG_NONE +}; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +/* NOTICE: see above */ +static uint16_t ssl_preset_suiteb_sig_algs[] = { + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && + MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ MBEDTLS_TLS1_3_SIG_NONE }; -/* NOTICE: Make sure there are no duplicated entries when add new signature - * algorithms into ssl_preset_suiteb_sig_algs - */ -static uint16_t ssl_preset_suiteb_sig_algs[] = { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - +/* NOTICE: see above */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SHA384_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) #endif @@ -6533,6 +6595,8 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #endif MBEDTLS_TLS1_3_SIG_NONE }; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ static uint16_t ssl_preset_suiteb_groups[] = { @@ -6546,12 +6610,13 @@ static uint16_t ssl_preset_suiteb_groups[] = { }; #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* Function for checking `ssl_preset_*_sig_algs` to make sure there are no duplicated - * signature algorithm entries */ +/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` + * to make sure there are no duplicated signature algorithm entries */ static int ssl_array_has_duplicated_entries( uint16_t * array ) { size_t i, j; int ret = 0; + for( i = 1; array[i] != MBEDTLS_TLS1_3_SIG_NONE ; i++ ) { for( j = 0 ; j < i; j++ ) @@ -6585,19 +6650,37 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ssl_array_has_duplicated_entries( ssl_preset_suiteb_sig_algs ) ) { - #if defined(MBEDTLS_PLATFORM_C) +#if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" ); - #endif +#endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } if( ssl_array_has_duplicated_entries( ssl_preset_default_sig_algs ) ) { - #if defined(MBEDTLS_PLATFORM_C) +#if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_preset_default_sig_algs has duplicated entries\n" ); - #endif +#endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( ssl_array_has_duplicated_entries( ssl_tls12_preset_suiteb_sig_algs ) ) + { +#if defined(MBEDTLS_PLATFORM_C) + mbedtls_printf( "ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n" ); +#endif + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } + + if( ssl_array_has_duplicated_entries( ssl_tls12_preset_default_sig_algs ) ) + { +#if defined(MBEDTLS_PLATFORM_C) + mbedtls_printf( "ssl_tls12_preset_default_sig_algs has duplicated entries\n" ); +#endif + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_DEBUG_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Use the functions here so that they are covered in tests, @@ -6699,7 +6782,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if !defined(MBEDTLS_DEPRECATED_REMOVED) conf->sig_hashes = ssl_preset_suiteb_hashes; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ - conf->sig_algs = ssl_preset_suiteb_sig_algs; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( mbedtls_ssl_conf_is_tls12_only( conf ) ) + conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; + else +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + conf->sig_algs = ssl_preset_suiteb_sig_algs; #endif #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -6737,7 +6825,12 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if !defined(MBEDTLS_DEPRECATED_REMOVED) conf->sig_hashes = ssl_preset_default_hashes; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ - conf->sig_algs = ssl_preset_default_sig_algs; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( mbedtls_ssl_conf_is_tls12_only( conf ) ) + conf->sig_algs = ssl_tls12_preset_default_sig_algs; + else +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + conf->sig_algs = ssl_preset_default_sig_algs; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) From 370e146acb0c8aad7980cc5f93d3b5d30c89666b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 25 Jan 2022 10:36:53 +0800 Subject: [PATCH 26/32] fix comments issues Signed-off-by: Jerry Yu --- library/ssl_tls.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8ff81053e1..32b1bbf834 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6492,13 +6492,12 @@ static int ssl_preset_suiteb_hashes[] = { #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* NOTICE: - * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, below rulers - * SHOULD be followed. - * - No duplicated entries. - * - Followup simillar order. - * - ssl_tls12_* contains tls12_only mode data. - * - ssl_preset_* contains non-tls12_only mode data, if possible, tls12_only data - * should be at the beggining of table. + * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the folloing + * rules SHOULD be upheld. + * - No duplicate entries. + * - But if there is a good reason, do not change the order of the algorithms. + * - ssl_tls12_present* is for TLS 1.2 use only. + * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. */ static uint16_t ssl_preset_default_sig_algs[] = { @@ -6611,7 +6610,7 @@ static uint16_t ssl_preset_suiteb_groups[] = { #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` - * to make sure there are no duplicated signature algorithm entries */ + * to make sure there are no duplicated signature algorithm entries. */ static int ssl_array_has_duplicated_entries( uint16_t * array ) { size_t i, j; From 6ade743a43e8373019833f84fed66cb506b365fb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 25 Jan 2022 10:39:33 +0800 Subject: [PATCH 27/32] Add mbedtls_printf alias for !PLATFORM_C Signed-off-by: Jerry Yu --- library/ssl_tls.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 32b1bbf834..89b653d1fb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -31,9 +31,11 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_calloc calloc #define mbedtls_free free -#endif +#define mbedtls_printf printf +#endif /* !MBEDTLS_PLATFORM_C */ #include "mbedtls/ssl.h" #include "ssl_misc.h" @@ -6622,11 +6624,9 @@ static int ssl_array_has_duplicated_entries( uint16_t * array ) { if( array[i] == array[j] ) { - #if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( " entry(%04x,%" MBEDTLS_PRINTF_SIZET ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", array[i], j, i ); - #endif ret = -1; } } @@ -6649,34 +6649,26 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ssl_array_has_duplicated_entries( ssl_preset_suiteb_sig_algs ) ) { -#if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" ); -#endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } if( ssl_array_has_duplicated_entries( ssl_preset_default_sig_algs ) ) { -#if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_preset_default_sig_algs has duplicated entries\n" ); -#endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl_array_has_duplicated_entries( ssl_tls12_preset_suiteb_sig_algs ) ) { -#if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n" ); -#endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } if( ssl_array_has_duplicated_entries( ssl_tls12_preset_default_sig_algs ) ) { -#if defined(MBEDTLS_PLATFORM_C) mbedtls_printf( "ssl_tls12_preset_default_sig_algs has duplicated entries\n" ); -#endif return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From f377d644f5dd9bf4b35ab1194fb295b027db234d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 25 Jan 2022 10:43:59 +0800 Subject: [PATCH 28/32] Refactor duplicate check Signed-off-by: Jerry Yu --- library/ssl_tls.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 89b653d1fb..e6782bf9a0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6613,22 +6613,21 @@ static uint16_t ssl_preset_suiteb_groups[] = { #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` * to make sure there are no duplicated signature algorithm entries. */ -static int ssl_array_has_duplicated_entries( uint16_t * array ) +static int ssl_check_no_sig_alg_duplication( uint16_t * sig_algs ) { size_t i, j; int ret = 0; - for( i = 1; array[i] != MBEDTLS_TLS1_3_SIG_NONE ; i++ ) + for( i = 0; sig_algs[i] != MBEDTLS_TLS1_3_SIG_NONE; i++ ) { - for( j = 0 ; j < i; j++ ) + for( j = 0; j < i; j++ ) { - if( array[i] == array[j] ) - { - mbedtls_printf( " entry(%04x,%" MBEDTLS_PRINTF_SIZET - ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", - array[i], j, i ); - ret = -1; - } + if( sig_algs[i] != sig_algs[j] ) + continue; + mbedtls_printf( " entry(%04x,%" MBEDTLS_PRINTF_SIZET + ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", + sig_algs[i], j, i ); + ret = -1; } } return( ret ); @@ -6647,26 +6646,26 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ssl_array_has_duplicated_entries( ssl_preset_suiteb_sig_algs ) ) + if( ssl_check_no_sig_alg_duplication( ssl_preset_suiteb_sig_algs ) ) { mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" ); return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } - if( ssl_array_has_duplicated_entries( ssl_preset_default_sig_algs ) ) + if( ssl_check_no_sig_alg_duplication( ssl_preset_default_sig_algs ) ) { mbedtls_printf( "ssl_preset_default_sig_algs has duplicated entries\n" ); return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl_array_has_duplicated_entries( ssl_tls12_preset_suiteb_sig_algs ) ) + if( ssl_check_no_sig_alg_duplication( ssl_tls12_preset_suiteb_sig_algs ) ) { mbedtls_printf( "ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n" ); return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } - if( ssl_array_has_duplicated_entries( ssl_tls12_preset_default_sig_algs ) ) + if( ssl_check_no_sig_alg_duplication( ssl_tls12_preset_default_sig_algs ) ) { mbedtls_printf( "ssl_tls12_preset_default_sig_algs has duplicated entries\n" ); return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); From 18c833e2ebeb9d82e66ddcbf9c9573b6d3a9ce81 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 25 Jan 2022 10:55:47 +0800 Subject: [PATCH 29/32] fix tls1_2 only sig_algs order issue Signed-off-by: Jerry Yu --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e6782bf9a0..26fdf22384 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6588,11 +6588,11 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { -#if defined(MBEDTLS_SHA384_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) -#endif #if defined(MBEDTLS_SHA256_C) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) +#endif +#if defined(MBEDTLS_SHA384_C) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) #endif MBEDTLS_TLS1_3_SIG_NONE }; From 53037894ab67fabd484387115500425a1a79207f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 25 Jan 2022 11:02:06 +0800 Subject: [PATCH 30/32] change the defaut sig_algs order Signed-off-by: Jerry Yu --- library/ssl_tls.c | 37 +++++++++++++------------------------ 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 26fdf22384..6afccbdbb3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6509,34 +6509,26 @@ static uint16_t ssl_preset_default_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ - #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ - #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ - #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + MBEDTLS_TLS1_3_SIG_NONE }; @@ -6558,15 +6550,6 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { /* NOTICE: see above */ static uint16_t ssl_preset_suiteb_sig_algs[] = { -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && - MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) @@ -6574,14 +6557,20 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + MBEDTLS_TLS1_3_SIG_NONE }; From 0b994b8061fd13ee47748efff89eef88932ed9cd Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 25 Jan 2022 17:22:12 +0800 Subject: [PATCH 31/32] fix typo error Signed-off-by: Jerry Yu --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6afccbdbb3..b6c1ff32d3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6494,7 +6494,7 @@ static int ssl_preset_suiteb_hashes[] = { #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* NOTICE: - * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the folloing + * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following * rules SHOULD be upheld. * - No duplicate entries. * - But if there is a good reason, do not change the order of the algorithms. From ed5e9f431dedbb65c40c4ae6a8ceb5de8219cac7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 26 Jan 2022 11:21:34 +0800 Subject: [PATCH 32/32] Change ecdsa sig_algs order for tls1.3 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b6c1ff32d3..5e8b60b9bc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6503,11 +6503,11 @@ static int ssl_preset_suiteb_hashes[] = { */ static uint16_t ssl_preset_default_sig_algs[] = { -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && - MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && + MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) @@ -6515,11 +6515,11 @@ static uint16_t ssl_preset_default_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C && - MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, @@ -6550,7 +6550,6 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { /* NOTICE: see above */ static uint16_t ssl_preset_suiteb_sig_algs[] = { - #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,