From f249ef7821e9513014d34c3556339bd7744e53b9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Jun 2022 17:23:33 +0800 Subject: [PATCH 01/41] refactor get sig algo from pk Signed-off-by: Jerry Yu --- library/ssl_misc.h | 102 +++++++++++++++++++++++++++-- library/ssl_tls13_generic.c | 127 +++++------------------------------- library/ssl_tls13_server.c | 11 ++-- 3 files changed, 118 insertions(+), 122 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 119826f727..783b823bd9 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2058,6 +2058,8 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( } return( 0 ); } + + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ static inline int mbedtls_ssl_sig_alg_is_supported( @@ -2141,6 +2143,102 @@ static inline int mbedtls_ssl_sig_alg_is_supported( ((void) sig_alg); return( 0 ); } + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + +static inline int mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + mbedtls_ssl_context *ssl, + uint16_t sig_alg, + mbedtls_pk_context *key) +{ + mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); + size_t key_size = mbedtls_pk_get_bitlen( key ); + + if( !mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) + return( 0 ); + + switch( pk_type ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + switch( key_size ) + { +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case 256: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case 384: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); +#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case 521: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + default: + break; + } + break; +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_SSL_SIG_RSA: + switch( sig_alg ) + { +#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + return( key_size <= 2048 ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + return( key_size <= 3072 ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + return( key_size <= 4096 ); +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V21 */ + +#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + return( key_size <= 2048 ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + return( key_size <= 3072 ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + return( key_size <= 4096 ); +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V15 */ + + default: + break; + } + break; +#endif /* MBEDTLS_RSA_C */ + + default: + break; + } + + return( 0 ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -2276,10 +2374,6 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, const unsigned char *end ); #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -int mbedtls_ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, - mbedtls_pk_context *own_key, - uint16_t *algorithm ); - #if defined(MBEDTLS_SSL_ALPN) int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 893de43946..3ab6cc2076 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -854,120 +854,25 @@ cleanup: /* * STATE HANDLING: Output Certificate Verify */ -int mbedtls_ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, - mbedtls_pk_context *own_key, - uint16_t *algorithm ) + +static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, + mbedtls_pk_context *own_key, + uint16_t *algorithm ) { - mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key ); - /* Determine the size of the key */ - size_t own_key_size = mbedtls_pk_get_bitlen( own_key ); + uint16_t *sig_alg = ssl->handshake->received_sig_algs; + *algorithm = MBEDTLS_TLS1_3_SIG_NONE; - ((void) own_key_size); - - switch( sig ) + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_SSL_SIG_ECDSA: - switch( own_key_size ) - { - case 256: - *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - return( 0 ); - case 384: - *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - return( 0 ); - case 521: - *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - return( 0 ); - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - break; - } - break; -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: -#if defined(MBEDTLS_PKCS1_V21) -#if defined(MBEDTLS_SHA256_C) - if( own_key_size <= 2048 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA384_C) - if( own_key_size <= 3072 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_SHA512_C) - if( own_key_size <= 4096 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_PKCS1_V15) -#if defined(MBEDTLS_SHA256_C) - if( own_key_size <= 2048 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA384_C) - if( own_key_size <= 3072 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_SHA512_C) - if( own_key_size <= 4096 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V15 */ - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - } - break; -#endif /* MBEDTLS_RSA_C */ - default: - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "unknown signature type : %u", sig ) ); - break; + if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg) && + mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + ssl, *sig_alg, own_key ) ) + { + *algorithm = *sig_alg; + return( 0 ); + } } + return( -1 ); } @@ -1024,7 +929,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - ret = mbedtls_ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); + ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index ffbbbcfa5e..0ebad933f2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -352,7 +352,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) { mbedtls_ssl_key_cert *key_cert, *key_cert_list; const uint16_t *sig_alg = ssl->handshake->received_sig_algs; - uint16_t key_sig_alg; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ssl->handshake->sni_key_cert != NULL ) @@ -372,7 +371,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) for( key_cert = key_cert_list; key_cert != NULL; key_cert = key_cert->next ) { - int ret; MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate", key_cert->cert ); @@ -391,11 +389,9 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) continue; } - ret = mbedtls_ssl_tls13_get_sig_alg_from_pk( - ssl, &key_cert->cert->pk, &key_sig_alg ); - if( ret != 0 ) - continue; - if( *sig_alg == key_sig_alg ) + MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg)); + if( mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + ssl, *sig_alg, &key_cert->cert->pk ) ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_CRT( @@ -406,6 +402,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } } + MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found")); return( -1 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C && From 9f4cc5ff65f03fa8ef60b4bfecc4ebeb0afb0e3c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Jun 2022 11:40:44 +0800 Subject: [PATCH 02/41] Add pss_rsae sig algs into test conf Signed-off-by: Jerry Yu --- programs/ssl/ssl_test_common_source.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 0e66895dbd..6da5dea5ef 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -263,12 +263,24 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ + ( 0x800 | hash ), \ + (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), + +#else #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#endif #elif defined(MBEDTLS_ECDSA_C) #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), #elif defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_SIG_ALG( hash ) ( 0x800 | hash ), \ + (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#else #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#endif #else #define MBEDTLS_SSL_SIG_ALG( hash ) #endif From 0ebce9578538b6f142acad37e9ee0306e48eca4e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Jun 2022 13:54:47 +0800 Subject: [PATCH 03/41] create tls12/tls13 sig alg support check Signed-off-by: Jerry Yu --- library/ssl_misc.h | 135 +++++++++++++++++++++++++-------------------- 1 file changed, 74 insertions(+), 61 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 783b823bd9..87bd3f0fd5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2059,9 +2059,81 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( return( 0 ); } +static inline int mbedtls_ssl_tls13_sig_alg_is_supported( + const uint16_t sig_alg ) +{ + mbedtls_pk_type_t pk_type; + mbedtls_md_type_t md_alg; + return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + sig_alg, &pk_type, &md_alg ) ); +} #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +static inline int mbedtls_ssl_tls12_sig_alg_is_supported( + const uint16_t sig_alg ) +{ + /* High byte is hash */ + unsigned char hash = MBEDTLS_BYTE_1( sig_alg ); + unsigned char sig = MBEDTLS_BYTE_0( sig_alg ); + + switch( hash ) + { +#if defined(MBEDTLS_MD5_C) + case MBEDTLS_SSL_HASH_MD5: + break; +#endif + +#if defined(MBEDTLS_SHA1_C) + case MBEDTLS_SSL_HASH_SHA1: + break; +#endif + +#if defined(MBEDTLS_SHA224_C) + case MBEDTLS_SSL_HASH_SHA224: + break; +#endif + +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_SSL_HASH_SHA256: + break; +#endif + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_SSL_HASH_SHA384: + break; +#endif + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_SSL_HASH_SHA512: + break; +#endif + + default: + return( 0 ); + } + + switch( sig ) + { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_SSL_SIG_RSA: + break; +#endif + +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + break; +#endif + + default: + return( 0 ); + } + + return( 1 ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + static inline int mbedtls_ssl_sig_alg_is_supported( const mbedtls_ssl_context *ssl, const uint16_t sig_alg ) @@ -2070,73 +2142,14 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ) { - /* High byte is hash */ - unsigned char hash = MBEDTLS_BYTE_1( sig_alg ); - unsigned char sig = MBEDTLS_BYTE_0( sig_alg ); - - switch( hash ) - { -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_SSL_HASH_MD5: - break; -#endif - -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_SSL_HASH_SHA1: - break; -#endif - -#if defined(MBEDTLS_SHA224_C) - case MBEDTLS_SSL_HASH_SHA224: - break; -#endif - -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_SSL_HASH_SHA256: - break; -#endif - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_SSL_HASH_SHA384: - break; -#endif - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_SSL_HASH_SHA512: - break; -#endif - - default: - return( 0 ); - } - - switch( sig ) - { -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: - break; -#endif - -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_SSL_SIG_ECDSA: - break; -#endif - - default: - return( 0 ); - } - - return( 1 ); + return( mbedtls_ssl_tls12_sig_alg_is_supported( sig_alg ) ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { - mbedtls_pk_type_t pk_type; - mbedtls_md_type_t md_alg; - return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( - sig_alg, &pk_type, &md_alg ) ); + return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ ((void) ssl); From 08524c55f97c40b24f9ec81acd6d62789b270a54 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Jun 2022 16:58:57 +0800 Subject: [PATCH 04/41] remove pkcs1_* support Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 87bd3f0fd5..bea84c3a4b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2028,7 +2028,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) +#if 0 && defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: From 7ab7f2b1845e91112a1e44c3e65967704450cf38 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Jun 2022 19:07:10 +0800 Subject: [PATCH 05/41] Remove pkcs1 from certificate_verify Signed-off-by: Jerry Yu --- library/ssl_misc.h | 10 +++++++--- library/ssl_tls13_generic.c | 6 ++++++ tests/ssl-opt.sh | 4 ++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index bea84c3a4b..3b01db19fc 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2028,7 +2028,9 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -#if 0 && defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_PKCS1_V15) && \ + defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: @@ -2051,7 +2053,9 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( break; #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && + MBEDTLS_PKCS1_V15 && + MBEDTLS_RSA_C */ default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -2149,7 +2153,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) { - return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) ); + return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ ((void) ssl); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3ab6cc2076..3d5baa2a14 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -864,6 +864,12 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, *algorithm = MBEDTLS_TLS1_3_SIG_NONE; for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { + if( *sig_alg == MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 || + *sig_alg == MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 || + *sig_alg == MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) + { + continue; + } if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg) && mbedtls_ssl_tls13_sig_alg_is_available_for_pk( ssl, *sig_alg, own_key ) ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index afabb64529..a7d6fbfcea 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1600,7 +1600,7 @@ requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6" requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED run_test "Default" \ "$P_SRV debug_level=3" \ - "$P_CLI" \ + "$P_CLI debug_level=4" \ 0 \ -s "Protocol is TLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ @@ -11483,7 +11483,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3: Server side check - mbedtls with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ + "$P_SRV debug_level=4 allow_sha1=0 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ "$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key \ force_version=tls13" \ From f0cda410a4bca0f45f66bdbf0714cd0eb2ea4718 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 17 Jun 2022 14:29:46 +0800 Subject: [PATCH 06/41] remove default sig_hashes And add pss_rsae_* sig_algs to fix `Handshake TLS 1.3` test fails, which is part of `test_suite_ssl` Signed-off-by: Jerry Yu --- library/ssl_tls.c | 62 +++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 35 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5fa02d26f6..eb5297df94 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4019,28 +4019,6 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) memset( conf, 0, sizeof( mbedtls_ssl_config ) ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* The selection should be the same as mbedtls_x509_crt_profile_default in - * x509_crt.c. Here, the order matters. Currently we favor stronger hashes, - * for no fundamental reason. - * See the documentation of mbedtls_ssl_conf_curves() for what we promise - * about this list. */ -static int ssl_preset_default_hashes[] = { -#if defined(MBEDTLS_SHA512_C) - MBEDTLS_MD_SHA512, -#endif -#if defined(MBEDTLS_SHA384_C) - MBEDTLS_MD_SHA384, -#endif -#if defined(MBEDTLS_SHA256_C) - MBEDTLS_MD_SHA256, -#endif - MBEDTLS_MD_NONE -}; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: * curves with a lower resource usage come first. @@ -4082,17 +4060,6 @@ static int ssl_preset_suiteb_ciphersuites[] = { }; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -static int ssl_preset_suiteb_hashes[] = { -#if defined(MBEDTLS_SHA256_C) - MBEDTLS_MD_SHA256, -#endif -#if defined(MBEDTLS_SHA384_C) - MBEDTLS_MD_SHA384, -#endif - MBEDTLS_MD_NONE -}; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* NOTICE: * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following @@ -4122,6 +4089,14 @@ static uint16_t ssl_preset_default_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA512_C) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA512_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA384_C) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA384_C */ + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ @@ -4148,14 +4123,25 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), #endif +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && + MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ), #endif #endif /* MBEDTLS_SHA512_C */ + #if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ), #endif +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && + MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), #endif @@ -4164,6 +4150,11 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ), #endif +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && + MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ), #endif @@ -4422,7 +4413,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = ssl_preset_suiteb_hashes; + conf->sig_hashes = NULL; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( mbedtls_ssl_conf_is_tls12_only( conf ) ) @@ -4451,7 +4442,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = ssl_preset_default_hashes; + conf->sig_hashes = NULL; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( mbedtls_ssl_conf_is_tls12_only( conf ) ) @@ -8186,6 +8177,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); } From a6076aa8b8e757bbbb68ece90020a74f97faf2d1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 17 Jun 2022 18:52:43 +0800 Subject: [PATCH 07/41] Revert temp test Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a7d6fbfcea..8de3728335 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11483,7 +11483,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3: Server side check - mbedtls with sni" \ - "$P_SRV debug_level=4 allow_sha1=0 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ + "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ "$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key \ force_version=tls13" \ From fb526693c1f5bd5a73bacae448ca3f9034d92a9a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 19 Jun 2022 11:22:49 +0800 Subject: [PATCH 08/41] Rename sig_alg cert_key check Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 3b01db19fc..b93817a985 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2163,7 +2163,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_tls13_sig_alg_is_available_for_pk( +static inline int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( mbedtls_ssl_context *ssl, uint16_t sig_alg, mbedtls_pk_context *key) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3d5baa2a14..738b278ab1 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -871,7 +871,7 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, continue; } if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg) && - mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + mbedtls_ssl_tls13_check_sig_alg_cert_key_match( ssl, *sig_alg, own_key ) ) { *algorithm = *sig_alg; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 0ebad933f2..e75a778d5a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -390,7 +390,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg)); - if( mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( ssl, *sig_alg, &key_cert->cert->pk ) ) { ssl->handshake->key_cert = key_cert; From 6babfee178c4e5d28ee8c7de80621d5fab8f0043 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 19 Jun 2022 11:31:53 +0800 Subject: [PATCH 09/41] remove out of scope codes Signed-off-by: Jerry Yu --- library/ssl_misc.h | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b93817a985..0610ac0cea 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2171,9 +2171,6 @@ static inline int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); size_t key_size = mbedtls_pk_get_bitlen( key ); - if( !mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) - return( 0 ); - switch( pk_type ) { #if defined(MBEDTLS_ECDSA_C) @@ -2224,23 +2221,6 @@ static inline int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_PKCS1_V15) -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - return( key_size <= 2048 ); -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - return( key_size <= 3072 ); -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - return( key_size <= 4096 ); -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V15 */ - default: break; } From f55886a21777a9974fb01390c1cb3e6dba746cbe Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 19 Jun 2022 11:48:56 +0800 Subject: [PATCH 10/41] fix various issues Signed-off-by: Jerry Yu --- library/ssl_tls.c | 7 ------- library/ssl_tls13_generic.c | 8 +++++--- library/ssl_tls13_server.c | 4 ++-- tests/ssl-opt.sh | 2 +- 4 files changed, 8 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index eb5297df94..ec276fde44 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4412,9 +4412,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = NULL; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( mbedtls_ssl_conf_is_tls12_only( conf ) ) conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; @@ -4441,9 +4438,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = NULL; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( mbedtls_ssl_conf_is_tls12_only( conf ) ) conf->sig_algs = ssl_tls12_preset_default_sig_algs; @@ -8177,7 +8171,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 738b278ab1..a488faf405 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -855,7 +855,8 @@ cleanup: * STATE HANDLING: Output Certificate Verify */ -static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, +static int ssl_tls13_select_sig_alg_for_certificate_verify( + mbedtls_ssl_context *ssl, mbedtls_pk_context *own_key, uint16_t *algorithm ) { @@ -935,8 +936,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); - if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) + ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key, + &algorithm ); + if( ret != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm not in received or offered list." ) ); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e75a778d5a..a9ef6b4883 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -389,7 +389,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) continue; } - MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg)); if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( ssl, *sig_alg, &key_cert->cert->pk ) ) { @@ -402,7 +401,8 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } } - MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found")); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: " + "No signature algorithm found" ) ); return( -1 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C && diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8de3728335..afabb64529 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1600,7 +1600,7 @@ requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6" requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED run_test "Default" \ "$P_SRV debug_level=3" \ - "$P_CLI debug_level=4" \ + "$P_CLI" \ 0 \ -s "Protocol is TLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ From d099cf03254584f2d5d0eff6bc9f3ac2b08c898d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 19 Jun 2022 13:47:00 +0800 Subject: [PATCH 11/41] fix unused variable issue Signed-off-by: Jerry Yu --- library/ssl_misc.h | 1 - library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0610ac0cea..b144a42754 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2164,7 +2164,6 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) static inline int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - mbedtls_ssl_context *ssl, uint16_t sig_alg, mbedtls_pk_context *key) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a488faf405..f0b84decd4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -873,7 +873,7 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( } if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg) && mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - ssl, *sig_alg, own_key ) ) + *sig_alg, own_key ) ) { *algorithm = *sig_alg; return( 0 ); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index a9ef6b4883..2e7f1d88d3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -390,7 +390,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - ssl, *sig_alg, &key_cert->cert->pk ) ) + *sig_alg, &key_cert->cert->pk ) ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_CRT( From f3b46b50825c3512cb4eaa775afc7e878e8bcd86 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 19 Jun 2022 16:52:27 +0800 Subject: [PATCH 12/41] Add debug message Signed-off-by: Jerry Yu --- library/ssl_tls.c | 12 +++++++++--- library/ssl_tls13_generic.c | 3 +++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ec276fde44..6dd6015735 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4923,13 +4923,17 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x", - sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x %s", + sig_alg, + mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) || ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) continue; + MBEDTLS_SSL_DEBUG_MSG( 4, ( "valid signature algorithm: %s", + mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); + if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) { ssl->handshake->received_sig_algs[common_idx] = sig_alg; @@ -8171,7 +8175,9 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x] %s", + *sig_alg, + mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) ); } /* Length of supported_signature_algorithms */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f0b84decd4..718e8a9fdb 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -951,6 +951,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } + MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify with %s", + mbedtls_ssl_sig_alg_to_str( algorithm )) ); + if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( algorithm, &pk_type, &md_alg ) != 0 ) { From 3896ac6e5b27d9086d462408ddb0672339064122 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 19 Jun 2022 17:16:38 +0800 Subject: [PATCH 13/41] fix ordered sig algs fail for openssl Signed-off-by: Jerry Yu --- library/ssl_tls.c | 62 ++++++++++++++++++--------- programs/ssl/ssl_test_common_source.c | 15 ++++--- 2 files changed, 51 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6dd6015735..ab3db96ab2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4088,6 +4088,24 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +/* + * To fix version negotiation fail with RSA server key. + * - With TLS1.3 server, `rsa_pss_rsae_*` must be sent. + * - With TLS1.2 server, `rsa_pkcs1_*` must be sent before `rsa_pss_rsae_*` + * - This point is only tested with OpenSSL now. + */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA512_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, @@ -4101,18 +4119,6 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ - MBEDTLS_TLS_SIG_NONE }; @@ -4123,41 +4129,54 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), #endif +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ), +#endif +/* Server side hybrid mode is not supported yet. When both tls13 and tls12 + * enabled, this list will be used as signature algorithm list for server side. + * With RSA server key, `rsa_pkcs1_*` must be excluded from tls13. As a result, + * tls13 server will fail when the key is RSA key. + * + * With hybrid mode enabled, it can be removed. + * + * And there is a known issue for version negotiation. See above. + */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ defined(MBEDTLS_SSL_PROTO_TLS1_3) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ), -#endif #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ), #endif + +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), +#endif +/* Notice: See above */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ defined(MBEDTLS_SSL_PROTO_TLS1_3) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), -#endif #endif /* MBEDTLS_SHA384_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ), #endif + +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ), +#endif +/* Notice: See above */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ defined(MBEDTLS_SSL_PROTO_TLS1_3) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ), -#endif #endif /* MBEDTLS_SHA256_C */ MBEDTLS_TLS_SIG_NONE }; @@ -8169,6 +8188,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, return( MBEDTLS_ERR_SSL_BAD_CONFIG ); for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + { if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 6da5dea5ef..1efbbdb5c2 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -264,10 +264,14 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/* To fix version negotiation fail with RSA server key. + * - With TLS1.3 server, `rsa_pss_rsae_*` must be sent. + * - With TLS1.2 server, `rsa_pkcs1_*` must be sent before `rsa_pss_rsae_*` + * - This point is only tested with OpenSSL now. + */ #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ - ( 0x800 | hash ), \ - (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), - + (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), \ + ( 0x800 | hash ), #else #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), @@ -276,8 +280,9 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), #elif defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define MBEDTLS_SSL_SIG_ALG( hash ) ( 0x800 | hash ), \ - (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +/* See above */ +#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), \ + ( 0x800 | hash ), #else #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), #endif From 0c6be8f86312c0225a61e588f86364d6f61304aa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 20 Jun 2022 20:42:00 +0800 Subject: [PATCH 14/41] move big function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 70 ++----------------------------------- library/ssl_tls.c | 1 - library/ssl_tls13_generic.c | 70 +++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 69 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b144a42754..715d0367cd 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2163,75 +2163,9 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( +int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, - mbedtls_pk_context *key) -{ - mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); - size_t key_size = mbedtls_pk_get_bitlen( key ); - - switch( pk_type ) - { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_SSL_SIG_ECDSA: - switch( key_size ) - { -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - case 256: - return( - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); -#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - case 384: - return( - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); -#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - case 521: - return( - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); -#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - default: - break; - } - break; -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: - switch( sig_alg ) - { -#if defined(MBEDTLS_PKCS1_V21) -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - return( key_size <= 2048 ); -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - return( key_size <= 3072 ); -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - return( key_size <= 4096 ); -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V21 */ - - default: - break; - } - break; -#endif /* MBEDTLS_RSA_C */ - - default: - break; - } - - return( 0 ); -} + mbedtls_pk_context *key); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ab3db96ab2..55d6da5d38 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8188,7 +8188,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, return( MBEDTLS_ERR_SSL_BAD_CONFIG ); for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) - { if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 718e8a9fdb..901e3c0fbc 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -855,6 +855,76 @@ cleanup: * STATE HANDLING: Output Certificate Verify */ +int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( + uint16_t sig_alg, + mbedtls_pk_context *key) +{ + mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); + size_t key_size = mbedtls_pk_get_bitlen( key ); + + switch( pk_type ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + switch( key_size ) + { +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case 256: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case 384: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); +#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case 521: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + default: + break; + } + break; +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_SSL_SIG_RSA: + switch( sig_alg ) + { +#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + return( key_size <= 2048 ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + return( key_size <= 3072 ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + return( key_size <= 4096 ); +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V21 */ + + default: + break; + } + break; +#endif /* MBEDTLS_RSA_C */ + + default: + break; + } + + return( 0 ); +} + static int ssl_tls13_select_sig_alg_for_certificate_verify( mbedtls_ssl_context *ssl, mbedtls_pk_context *own_key, From 3f71ca0941abe7cbc07a1839e42b880538a6d9e8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Jun 2022 14:42:03 +0800 Subject: [PATCH 15/41] Remove rsa_pss_rsae_* from tls12 sig_algs Signed-off-by: Jerry Yu --- library/ssl_tls.c | 58 ++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 31 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 55d6da5d38..0a067f2fc3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -961,10 +961,23 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) return( 0 ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ + defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* Remove below lines if server side hybrid mode implemented. + * To fix wrong default signature algorithm setting when both + * TLS1.2 and TLS1.3 enabled. + */ +static void ssl_fix_server_side_negotiation_fail( mbedtls_ssl_context *ssl ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && + MBEDTLS_SSL_PROTO_TLS1_3 && + MBEDTLS_SSL_SRV_C && + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * Setup an SSL context */ - int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf ) { @@ -2984,8 +2997,20 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) + { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + /* Remove below lines if server side hybrid mode implemented. */ + if( ssl->state == MBEDTLS_SSL_HELLO_REQUEST ) + { + ssl_fix_server_side_negotiation_fail( ssl ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && + MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ ret = mbedtls_ssl_tls13_handshake_server_step( ssl ); + } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -4132,51 +4157,22 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ), #endif -/* Server side hybrid mode is not supported yet. When both tls13 and tls12 - * enabled, this list will be used as signature algorithm list for server side. - * With RSA server key, `rsa_pkcs1_*` must be excluded from tls13. As a result, - * tls13 server will fail when the key is RSA key. - * - * With hybrid mode enabled, it can be removed. - * - * And there is a known issue for version negotiation. See above. - */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && - MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SHA512_C */ - #if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ), #endif - #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), #endif -/* Notice: See above */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && - MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SHA384_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ), #endif - #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ), #endif -/* Notice: See above */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && - MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SHA256_C */ MBEDTLS_TLS_SIG_NONE }; @@ -4941,7 +4937,6 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 ); sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x %s", sig_alg, mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); @@ -8191,6 +8186,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, { if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); p += 2; From ba5e37969722ccc698082b4272f8427da7f7b627 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Jun 2022 15:26:05 +0800 Subject: [PATCH 16/41] Revert order of default sig_algs Signed-off-by: Jerry Yu --- library/ssl_tls.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0a067f2fc3..5f6526b64c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4113,24 +4113,6 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -/* - * To fix version negotiation fail with RSA server key. - * - With TLS1.3 server, `rsa_pss_rsae_*` must be sent. - * - With TLS1.2 server, `rsa_pkcs1_*` must be sent before `rsa_pss_rsae_*` - * - This point is only tested with OpenSSL now. - */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ - #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA512_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, @@ -4144,6 +4126,18 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + MBEDTLS_TLS_SIG_NONE }; From 96ee23eb881cdc68c9f2746bda341a044e42d5e2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Jun 2022 16:34:57 +0800 Subject: [PATCH 17/41] fix tls12 openssl/gnutls server fail To test version negotiation with tls12 OpenSSL/GnuTLS server, If `rsa_pss_rsae_*` were sent to server before `rsa_pkcs_*`, server will return `rsa_pss_rsae_*` as key exchange sig alg. OpenSSL/GnuTLS can work with this case. mbedTLS will fail due to `rsa_pss_rsae_*` unsupported. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 126 ++++++++++++++++++------------------- library/ssl_tls12_client.c | 120 +++++++++++++---------------------- 2 files changed, 104 insertions(+), 142 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 715d0367cd..ff390756ef 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1969,107 +1969,103 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl return( 0 ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg ) { - *pk_type = MBEDTLS_PK_NONE; - *md_alg = MBEDTLS_MD_NONE; + *pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff ); + *md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff ); + + if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE ) + return( 0 ); switch( sig_alg ) { -#if defined(MBEDTLS_ECDSA_C) - -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_ECDSA; - break; -#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_ECDSA; - break; -#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_ECDSA; - break; -#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - -#endif /* MBEDTLS_ECDSA_C */ - #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA256_C */ - #if defined(MBEDTLS_SHA384_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: *md_alg = MBEDTLS_MD_SHA384; *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA384_C */ - #if defined(MBEDTLS_SHA512_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: *md_alg = MBEDTLS_MD_SHA512; *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA512_C */ - #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_PKCS1_V15) && \ - defined(MBEDTLS_RSA_C) - -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_RSA; - break; -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_RSA; - break; -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_RSA; - break; -#endif /* MBEDTLS_SHA512_C */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_PKCS1_V15 && - MBEDTLS_RSA_C */ - default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } return( 0 ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) static inline int mbedtls_ssl_tls13_sig_alg_is_supported( const uint16_t sig_alg ) { - mbedtls_pk_type_t pk_type; - mbedtls_md_type_t md_alg; - return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( - sig_alg, &pk_type, &md_alg ) ); + switch( sig_alg ) + { +#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: + break; +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: + break; +#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: + break; +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + break; +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + break; +#endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + break; +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) + +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + break; +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + break; +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + break; +#endif /* MBEDTLS_SHA512_C */ + +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ + + + default: + return( 0 ); + } + return( 1 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index f516efab1f..25c1797cf0 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2010,65 +2010,6 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end, - mbedtls_md_type_t *md_alg, - mbedtls_pk_type_t *pk_alg ) -{ - *md_alg = MBEDTLS_MD_NONE; - *pk_alg = MBEDTLS_PK_NONE; - - if( (*p) + 2 > end ) - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - - /* - * Get hash algorithm - */ - if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) - == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - /* - * Get signature algorithm - */ - if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) - == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - /* - * Check if the signature algorithm is acceptable - */ - if( !mbedtls_ssl_sig_alg_is_offered( ssl, MBEDTLS_GET_UINT16_BE( *p, 0 ) ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", - (*p)[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", - (*p)[0] ) ); - *p += 2; - - return( 0 ); -} -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) @@ -2362,14 +2303,31 @@ start_processing: unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; void *rs_ctx = NULL; + uint16_t sig_alg; mbedtls_pk_context * peer_pk; +#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + peer_pk = &ssl->handshake->peer_pubkey; +#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + if( ssl->session_negotiate->peer_cert == NULL ) + { + /* Should never happen */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + peer_pk = &ssl->session_negotiate->peer_cert->pk; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* * Handle the digitally-signed structure */ - if( ssl_parse_signature_algorithm( ssl, &p, end, - &md_alg, &pk_alg ) != 0 ) + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); + if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + sig_alg, &pk_alg, &md_alg ) != 0 && + ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) && + ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2379,9 +2337,9 @@ start_processing: MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } + p += 2; - if( pk_alg != - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) + if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2439,18 +2397,6 @@ start_processing: MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* * Verify signature */ @@ -2469,8 +2415,28 @@ start_processing: rs_ctx = &ssl->handshake->ecrs_ctx.pk; #endif - if( ( ret = mbedtls_pk_verify_restartable( peer_pk, - md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) + { + const mbedtls_md_info_t* md_info; + mbedtls_pk_rsassa_pss_options rsassa_pss_options; + rsassa_pss_options.mgf1_hash_id = md_alg; + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); + ret = mbedtls_pk_verify_ext( pk_alg, &rsassa_pss_options, + peer_pk, + md_alg, hash, hashlen, + p, sig_len ); + } + else +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + ret = mbedtls_pk_verify_restartable( peer_pk, + md_alg, hash, hashlen, p, sig_len, rs_ctx ); + + if( ret != 0 ) { #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) From 6272c4d4aa720ab7eaff733c922b62ec286fb0a7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Jun 2022 13:46:55 +0800 Subject: [PATCH 18/41] Revert unnecessary space change Signed-off-by: Jerry Yu --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f6526b64c..8a729757da 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -978,6 +978,7 @@ static void ssl_fix_server_side_negotiation_fail( mbedtls_ssl_context *ssl ); /* * Setup an SSL context */ + int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf ) { @@ -8180,7 +8181,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, { if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); p += 2; From f0856788797b3f7eceb55b739807648fa813501d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Jun 2022 13:59:31 +0800 Subject: [PATCH 19/41] remove unnecessary check Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 901e3c0fbc..202f363f99 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -935,12 +935,6 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( *algorithm = MBEDTLS_TLS1_3_SIG_NONE; for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { - if( *sig_alg == MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 || - *sig_alg == MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 || - *sig_alg == MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) - { - continue; - } if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg) && mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) From 5ef71f27233f994df93dc5668dedf733fc3bbc62 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Jun 2022 14:03:16 +0800 Subject: [PATCH 20/41] remove rsa_pkcs1_* from tls13 support list Signed-off-by: Jerry Yu --- library/ssl_misc.h | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ff390756ef..f5f46cbf80 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2042,26 +2042,6 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( break; #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) - -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - break; -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - break; -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - break; -#endif /* MBEDTLS_SHA512_C */ - -#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ - - default: return( 0 ); } From d4a71a57a88db6c588b6ccc3df540e78416dd9d8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Jun 2022 14:42:59 +0800 Subject: [PATCH 21/41] Add tls12 algorithms in hybrid mode client hello Signed-off-by: Jerry Yu --- library/ssl_tls.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8a729757da..6a4087a10f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8179,14 +8179,22 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { - if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) - continue; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); - p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x] %s", + if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) || +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) + ( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + mbedtls_ssl_tls12_sig_alg_is_supported( *sig_alg ) ) || +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ + 0 ) + { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); + p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "sent signature scheme [%x] %s", *sig_alg, mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) ); + } } /* Length of supported_signature_algorithms */ From 80dd5db808522f57effcace348ad1b90b445e25b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Jun 2022 19:30:32 +0800 Subject: [PATCH 22/41] Remove pkcs1 from certificate verify. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 29 ++++++++++++++++++++++++++++- library/ssl_tls.c | 20 ++++++-------------- library/ssl_tls13_generic.c | 2 +- 3 files changed, 35 insertions(+), 16 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f5f46cbf80..6786632a89 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2008,7 +2008,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_tls13_sig_alg_is_supported( +static inline int mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( const uint16_t sig_alg ) { switch( sig_alg ) @@ -2046,6 +2046,33 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( return( 0 ); } return( 1 ); + +} + +static inline int mbedtls_ssl_tls13_sig_alg_is_supported( + const uint16_t sig_alg ) +{ + switch( sig_alg ) + { +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + break; +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + break; +#endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + break; +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ + default: + return( mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( + sig_alg ) ); + } + return( 1 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6a4087a10f..a6e4e38236 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8179,22 +8179,14 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { - if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) || -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - ( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - mbedtls_ssl_tls12_sig_alg_is_supported( *sig_alg ) ) || -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ - 0 ) - { - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); - p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "sent signature scheme [%x] %s", + if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) + continue; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); + p += 2; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "sent signature scheme [%x] %s", *sig_alg, mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) ); - } } /* Length of supported_signature_algorithms */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 202f363f99..7ac785e9f1 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -935,7 +935,7 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( *algorithm = MBEDTLS_TLS1_3_SIG_NONE; for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { - if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg) && + if( mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( *sig_alg) && mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) { From 53f5c151550b27ee690b34914096bdeb990ad574 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Jun 2022 20:24:38 +0800 Subject: [PATCH 23/41] Add debug message Signed-off-by: Jerry Yu --- library/ssl_tls.c | 3 +++ library/ssl_tls13_generic.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a6e4e38236..140b749a28 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8179,6 +8179,9 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "got signature scheme [%x] %s", + *sig_alg, + mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) ); if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7ac785e9f1..d470b707a2 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -935,7 +935,7 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( *algorithm = MBEDTLS_TLS1_3_SIG_NONE; for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { - if( mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( *sig_alg) && + if( mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( *sig_alg ) && mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) { From 9bb3ee436baca2f298fdb66e642ffe6377ad9066 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Jun 2022 10:16:33 +0800 Subject: [PATCH 24/41] Revert rsa_pss_rsae_* support for tls12 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 32 ++++--- library/ssl_tls12_client.c | 120 +++++++++++++++++--------- programs/ssl/ssl_test_common_source.c | 12 ++- 3 files changed, 105 insertions(+), 59 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 140b749a28..f8e7cc28df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4094,6 +4094,14 @@ static int ssl_preset_suiteb_ciphersuites[] = { * - But if there is a good reason, do not change the order of the algorithms. * - ssl_tls12_present* is for TLS 1.2 use only. * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. + * + * `rsa_pss_rsae_*` MUST BE PUT ARTER `rsa_pkcs1_*` before below compitable fixed + * The compitable issue is When + * - GnuTLS/OpenSSL is configured as tls12 server with rsa key + * - `mebedTLS` is configured as hybrid mode. + * - The order is `rsa_pss_rsae_*`, `rsa_pkcs1_*`. + * GnuTLS/OpenSSL will return `rsa_pss_rsae_*` which are not supported by + * TLS 1.2 in mbedTLS. */ static uint16_t ssl_preset_default_sig_algs[] = { @@ -4115,18 +4123,6 @@ static uint16_t ssl_preset_default_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA512_C) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA512_C */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ - #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ @@ -4139,6 +4135,18 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA512_C) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA512_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA384_C) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ + MBEDTLS_TLS_SIG_NONE }; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 25c1797cf0..f516efab1f 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2010,6 +2010,65 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end, + mbedtls_md_type_t *md_alg, + mbedtls_pk_type_t *pk_alg ) +{ + *md_alg = MBEDTLS_MD_NONE; + *pk_alg = MBEDTLS_PK_NONE; + + if( (*p) + 2 > end ) + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + + /* + * Get hash algorithm + */ + if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) + == MBEDTLS_MD_NONE ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + /* + * Get signature algorithm + */ + if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) + == MBEDTLS_PK_NONE ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + /* + * Check if the signature algorithm is acceptable + */ + if( !mbedtls_ssl_sig_alg_is_offered( ssl, MBEDTLS_GET_UINT16_BE( *p, 0 ) ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", + (*p)[1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", + (*p)[0] ) ); + *p += 2; + + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) @@ -2303,31 +2362,14 @@ start_processing: unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; void *rs_ctx = NULL; - uint16_t sig_alg; mbedtls_pk_context * peer_pk; -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* * Handle the digitally-signed structure */ - MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); - sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); - if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( - sig_alg, &pk_alg, &md_alg ) != 0 && - ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) && - ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) + if( ssl_parse_signature_algorithm( ssl, &p, end, + &md_alg, &pk_alg ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2337,9 +2379,9 @@ start_processing: MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } - p += 2; - if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) + if( pk_alg != + mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2397,6 +2439,18 @@ start_processing: MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); +#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + peer_pk = &ssl->handshake->peer_pubkey; +#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + if( ssl->session_negotiate->peer_cert == NULL ) + { + /* Should never happen */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + peer_pk = &ssl->session_negotiate->peer_cert->pk; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* * Verify signature */ @@ -2415,28 +2469,8 @@ start_processing: rs_ctx = &ssl->handshake->ecrs_ctx.pk; #endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) - { - const mbedtls_md_info_t* md_info; - mbedtls_pk_rsassa_pss_options rsassa_pss_options; - rsassa_pss_options.mgf1_hash_id = md_alg; - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); - ret = mbedtls_pk_verify_ext( pk_alg, &rsassa_pss_options, - peer_pk, - md_alg, hash, hashlen, - p, sig_len ); - } - else -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - ret = mbedtls_pk_verify_restartable( peer_pk, - md_alg, hash, hashlen, p, sig_len, rs_ctx ); - - if( ret != 0 ) + if( ( ret = mbedtls_pk_verify_restartable( peer_pk, + md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) { #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 1efbbdb5c2..b720fd3b08 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -264,10 +264,14 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* To fix version negotiation fail with RSA server key. - * - With TLS1.3 server, `rsa_pss_rsae_*` must be sent. - * - With TLS1.2 server, `rsa_pkcs1_*` must be sent before `rsa_pss_rsae_*` - * - This point is only tested with OpenSSL now. +/* + * `rsa_pss_rsae_*` MUST BE PUT ARTER `rsa_pkcs1_*` before below compitable fixed + * The compitable issue is When + * - GnuTLS/OpenSSL is configured as tls12 server with rsa key + * - `mebedTLS` is configured as hybrid mode. + * - The order is `rsa_pss_rsae_*`, `rsa_pkcs1_*`. + * GnuTLS/OpenSSL will return `rsa_pss_rsae_*` which are not supported by + * TLS 1.2 in mbedTLS. */ #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), \ From a1255e6b8c8063319b9420239c0fce8fc3eb843a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Jun 2022 10:10:47 +0800 Subject: [PATCH 25/41] fix various issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 6 ++---- library/ssl_tls.c | 13 ++++++------- library/ssl_tls13_generic.c | 9 +++++---- programs/ssl/ssl_test_common_source.c | 13 ++++++------- 4 files changed, 19 insertions(+), 22 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6786632a89..a79869f40d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1980,7 +1980,6 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( switch( sig_alg ) { -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; @@ -1999,7 +1998,6 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -2008,7 +2006,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( +static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( const uint16_t sig_alg ) { switch( sig_alg ) @@ -2069,7 +2067,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ default: - return( mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( + return( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( sig_alg ) ); } return( 1 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f8e7cc28df..2bec6b18b6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4095,13 +4095,12 @@ static int ssl_preset_suiteb_ciphersuites[] = { * - ssl_tls12_present* is for TLS 1.2 use only. * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. * - * `rsa_pss_rsae_*` MUST BE PUT ARTER `rsa_pkcs1_*` before below compitable fixed - * The compitable issue is When - * - GnuTLS/OpenSSL is configured as tls12 server with rsa key - * - `mebedTLS` is configured as hybrid mode. - * - The order is `rsa_pss_rsae_*`, `rsa_pkcs1_*`. - * GnuTLS/OpenSSL will return `rsa_pss_rsae_*` which are not supported by - * TLS 1.2 in mbedTLS. + * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate + * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if + * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then + * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm + * for its signature in the key exchange message and as Mbed TLS 1.2 does not + * support them, the handshake fails. */ static uint16_t ssl_preset_default_sig_algs[] = { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d470b707a2..418fc130b2 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -898,17 +898,17 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( #if defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - return( key_size <= 2048 ); + return( key_size <= 3072 ); #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA384_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - return( key_size <= 3072 ); + return( key_size <= 7680 ); #endif /* MBEDTLS_SHA384_C */ #if defined(MBEDTLS_SHA512_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - return( key_size <= 4096 ); + return( 1 ); #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_PKCS1_V21 */ @@ -935,7 +935,8 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( *algorithm = MBEDTLS_TLS1_3_SIG_NONE; for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { - if( mbedtls_ssl_tls13_sig_alg_is_supported_for_certificate( *sig_alg ) && + if( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( + *sig_alg ) && mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) { diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index b720fd3b08..a155cebd84 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -265,13 +265,12 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* - * `rsa_pss_rsae_*` MUST BE PUT ARTER `rsa_pkcs1_*` before below compitable fixed - * The compitable issue is When - * - GnuTLS/OpenSSL is configured as tls12 server with rsa key - * - `mebedTLS` is configured as hybrid mode. - * - The order is `rsa_pss_rsae_*`, `rsa_pkcs1_*`. - * GnuTLS/OpenSSL will return `rsa_pss_rsae_*` which are not supported by - * TLS 1.2 in mbedTLS. + * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate + * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if + * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then + * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm + * for its signature in the key exchange message and as Mbed TLS 1.2 does not + * support them, the handshake fails. */ #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), \ From 430db6b6ff0799f0138f3523f69ff2e5bf3549ab Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Jun 2022 13:05:28 +0800 Subject: [PATCH 26/41] Remove hack fix for server hybrid issue Signed-off-by: Jerry Yu --- library/ssl_tls.c | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2bec6b18b6..dba70e20dc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -961,20 +961,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) return( 0 ); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* Remove below lines if server side hybrid mode implemented. - * To fix wrong default signature algorithm setting when both - * TLS1.2 and TLS1.3 enabled. - */ -static void ssl_fix_server_side_negotiation_fail( mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SRV_C && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - /* * Setup an SSL context */ @@ -2998,20 +2984,8 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) - { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - /* Remove below lines if server side hybrid mode implemented. */ - if( ssl->state == MBEDTLS_SSL_HELLO_REQUEST ) - { - ssl_fix_server_side_negotiation_fail( ssl ); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ ret = mbedtls_ssl_tls13_handshake_server_step( ssl ); - } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) From 64f410c24638e6d5ba3d870020a77e6f4816da87 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Jun 2022 13:09:27 +0800 Subject: [PATCH 27/41] Add tls13 sig alg parameters Signed-off-by: Jerry Yu --- programs/ssl/ssl_client2.c | 70 +++++++++++++++++++++++++++++++------- programs/ssl/ssl_server2.c | 70 +++++++++++++++++++++++++++++++------- 2 files changed, 116 insertions(+), 24 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 97b786a763..6e6cd471a8 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1534,7 +1534,19 @@ int main( int argc, char *argv[] ) if( *p == ',' ) *p++ = '\0'; - if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) + if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + } + else if( strcmp( q, "rsa_pkcs1_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; + } + else if( strcmp( q, "rsa_pkcs1_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; + } + else if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; } @@ -1558,21 +1570,55 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; } - else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + else if( strcmp( q, "ed25519" ) == 0 ) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; + } + else if( strcmp( q, "ed448" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; + } + else if( strcmp( q, "rsa_pss_pss_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; + } + else if( strcmp( q, "rsa_pss_pss_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; + } + else if( strcmp( q, "rsa_pss_pss_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; + } + else if( strcmp( q, "rsa_pkcs1_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; + } + else if( strcmp( q, "ecdsa_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; } else { - mbedtls_printf( "unknown signature algorithm %s\n", q ); - mbedtls_printf( "supported signature algorithms: " ); - mbedtls_printf( "ecdsa_secp256r1_sha256 " ); - mbedtls_printf( "ecdsa_secp384r1_sha384 " ); - mbedtls_printf( "ecdsa_secp521r1_sha512 " ); - mbedtls_printf( "rsa_pss_rsae_sha256 " ); - mbedtls_printf( "rsa_pss_rsae_sha384 " ); - mbedtls_printf( "rsa_pss_rsae_sha512 " ); - mbedtls_printf( "rsa_pkcs1_sha256 " ); + ret = -1; + mbedtls_printf( "unknown signature algorithm \"%s\"\n", q ); + mbedtls_printf( "supported signature algorithms:\n" ); + mbedtls_printf("\trsa_pkcs1_sha256 "); + mbedtls_printf("rsa_pkcs1_sha384 "); + mbedtls_printf("rsa_pkcs1_sha512\n"); + mbedtls_printf("\tecdsa_secp256r1_sha256 "); + mbedtls_printf("ecdsa_secp384r1_sha384 "); + mbedtls_printf("ecdsa_secp521r1_sha512\n"); + mbedtls_printf("\trsa_pss_rsae_sha256 "); + mbedtls_printf("rsa_pss_rsae_sha384 "); + mbedtls_printf("rsa_pss_rsae_sha512\n"); + mbedtls_printf("\trsa_pss_pss_sha256 "); + mbedtls_printf("rsa_pss_pss_sha384 "); + mbedtls_printf("rsa_pss_pss_sha512\n"); + mbedtls_printf("\ted25519 "); + mbedtls_printf("ed448 "); + mbedtls_printf("rsa_pkcs1_sha1 "); + mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf( "\n" ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4251817522..769f8c6a68 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2370,7 +2370,19 @@ int main( int argc, char *argv[] ) if( *p == ',' ) *p++ = '\0'; - if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) + if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + } + else if( strcmp( q, "rsa_pkcs1_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; + } + else if( strcmp( q, "rsa_pkcs1_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; + } + else if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; } @@ -2394,21 +2406,55 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; } - else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + else if( strcmp( q, "ed25519" ) == 0 ) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; + } + else if( strcmp( q, "ed448" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; + } + else if( strcmp( q, "rsa_pss_pss_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; + } + else if( strcmp( q, "rsa_pss_pss_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; + } + else if( strcmp( q, "rsa_pss_pss_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; + } + else if( strcmp( q, "rsa_pkcs1_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; + } + else if( strcmp( q, "ecdsa_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; } else { - mbedtls_printf( "unknown signature algorithm %s\n", q ); - mbedtls_printf( "supported signature algorithms: " ); - mbedtls_printf( "ecdsa_secp256r1_sha256 " ); - mbedtls_printf( "ecdsa_secp384r1_sha384 " ); - mbedtls_printf( "ecdsa_secp521r1_sha512 " ); - mbedtls_printf( "rsa_pss_rsae_sha256 " ); - mbedtls_printf( "rsa_pss_rsae_sha384 " ); - mbedtls_printf( "rsa_pss_rsae_sha512 " ); - mbedtls_printf( "rsa_pkcs1_sha256 " ); + ret = -1; + mbedtls_printf( "unknown signature algorithm \"%s\"\n", q ); + mbedtls_printf( "supported signature algorithms:\n" ); + mbedtls_printf("\trsa_pkcs1_sha256 "); + mbedtls_printf("rsa_pkcs1_sha384 "); + mbedtls_printf("rsa_pkcs1_sha512\n"); + mbedtls_printf("\tecdsa_secp256r1_sha256 "); + mbedtls_printf("ecdsa_secp384r1_sha384 "); + mbedtls_printf("ecdsa_secp521r1_sha512\n"); + mbedtls_printf("\trsa_pss_rsae_sha256 "); + mbedtls_printf("rsa_pss_rsae_sha384 "); + mbedtls_printf("rsa_pss_rsae_sha512\n"); + mbedtls_printf("\trsa_pss_pss_sha256 "); + mbedtls_printf("rsa_pss_pss_sha384 "); + mbedtls_printf("rsa_pss_pss_sha512\n"); + mbedtls_printf("\ted25519 "); + mbedtls_printf("ed448 "); + mbedtls_printf("rsa_pkcs1_sha1 "); + mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf( "\n" ); goto exit; } From aebaaaf5271a0d3d82d2ef9aba1dd24108c26841 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Jun 2022 13:14:36 +0800 Subject: [PATCH 28/41] add debug messages Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 5 +++++ library/ssl_tls13_server.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 418fc130b2..62f22fd931 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -940,6 +940,11 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) { + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "select_sig_alg_for_certificate_verify:" + "selected signature algorithm %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); *algorithm = *sig_alg; return( 0 ); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2e7f1d88d3..b7b25576e7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -389,10 +389,20 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) continue; } + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "ssl_tls13_pick_key_cert:" + "check signature algorithm %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk ) ) { ssl->handshake->key_cert = key_cert; + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "ssl_tls13_pick_key_cert:" + "selected signature algorithm %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate (chain)", ssl->handshake->key_cert->cert ); From a0bb906c9f7c1919fa9239f6e3a831538677b5a0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Jun 2022 17:04:12 +0800 Subject: [PATCH 29/41] fix handshake_version test fail. when both tls13 and tls12 are enabled, the test will fail. Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index f643335cc0..9932b27a96 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -246,7 +246,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 Handshake, tls1_3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 From ee28e7a21d013c7f4d18ad14713257af9491b518 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Jun 2022 19:35:40 +0800 Subject: [PATCH 30/41] add tests for select sig alg Signed-off-by: Jerry Yu --- library/ssl_misc.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a79869f40d..05a926bd2b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1922,8 +1922,12 @@ static inline const void *mbedtls_ssl_get_sig_algs( #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - if( ssl->handshake != NULL && ssl->handshake->sig_algs != NULL ) + if( ssl->handshake->sig_algs_heap_allocated == 1 && + ssl->handshake != NULL && + ssl->handshake->sig_algs != NULL ) + { return( ssl->handshake->sig_algs ); + } #endif return( ssl->conf->sig_algs ); From 202919c23d11e65ee23d019afaddbe68596bc6a5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Jun 2022 16:21:00 +0800 Subject: [PATCH 31/41] refine supported sig alg print Signed-off-by: Jerry Yu --- programs/ssl/ssl_client2.c | 19 +------------------ programs/ssl/ssl_server2.c | 19 +------------------ programs/ssl/ssl_test_common_source.c | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+), 36 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6e6cd471a8..d6724dfb11 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1602,24 +1602,7 @@ int main( int argc, char *argv[] ) { ret = -1; mbedtls_printf( "unknown signature algorithm \"%s\"\n", q ); - mbedtls_printf( "supported signature algorithms:\n" ); - mbedtls_printf("\trsa_pkcs1_sha256 "); - mbedtls_printf("rsa_pkcs1_sha384 "); - mbedtls_printf("rsa_pkcs1_sha512\n"); - mbedtls_printf("\tecdsa_secp256r1_sha256 "); - mbedtls_printf("ecdsa_secp384r1_sha384 "); - mbedtls_printf("ecdsa_secp521r1_sha512\n"); - mbedtls_printf("\trsa_pss_rsae_sha256 "); - mbedtls_printf("rsa_pss_rsae_sha384 "); - mbedtls_printf("rsa_pss_rsae_sha512\n"); - mbedtls_printf("\trsa_pss_pss_sha256 "); - mbedtls_printf("rsa_pss_pss_sha384 "); - mbedtls_printf("rsa_pss_pss_sha512\n"); - mbedtls_printf("\ted25519 "); - mbedtls_printf("ed448 "); - mbedtls_printf("rsa_pkcs1_sha1 "); - mbedtls_printf("ecdsa_sha1\n"); - mbedtls_printf( "\n" ); + mbedtls_print_supported_sig_algs(); goto exit; } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 769f8c6a68..f74ae65aba 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2438,24 +2438,7 @@ int main( int argc, char *argv[] ) { ret = -1; mbedtls_printf( "unknown signature algorithm \"%s\"\n", q ); - mbedtls_printf( "supported signature algorithms:\n" ); - mbedtls_printf("\trsa_pkcs1_sha256 "); - mbedtls_printf("rsa_pkcs1_sha384 "); - mbedtls_printf("rsa_pkcs1_sha512\n"); - mbedtls_printf("\tecdsa_secp256r1_sha256 "); - mbedtls_printf("ecdsa_secp384r1_sha384 "); - mbedtls_printf("ecdsa_secp521r1_sha512\n"); - mbedtls_printf("\trsa_pss_rsae_sha256 "); - mbedtls_printf("rsa_pss_rsae_sha384 "); - mbedtls_printf("rsa_pss_rsae_sha512\n"); - mbedtls_printf("\trsa_pss_pss_sha256 "); - mbedtls_printf("rsa_pss_pss_sha384 "); - mbedtls_printf("rsa_pss_pss_sha512\n"); - mbedtls_printf("\ted25519 "); - mbedtls_printf("ed448 "); - mbedtls_printf("rsa_pkcs1_sha1 "); - mbedtls_printf("ecdsa_sha1\n"); - mbedtls_printf( "\n" ); + mbedtls_print_supported_sig_algs(); goto exit; } } diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index a155cebd84..72c0b3ae34 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -350,3 +350,25 @@ int x509_crt_verify_info( char *buf, size_t size, const char *prefix, #endif /* MBEDTLS_X509_REMOVE_INFO */ } #endif /* MBEDTLS_X509_CRT_PARSE_C */ + +void mbedtls_print_supported_sig_algs( void ) +{ + mbedtls_printf( "supported signature algorithms:\n" ); + mbedtls_printf("\trsa_pkcs1_sha256 "); + mbedtls_printf("rsa_pkcs1_sha384 "); + mbedtls_printf("rsa_pkcs1_sha512\n"); + mbedtls_printf("\tecdsa_secp256r1_sha256 "); + mbedtls_printf("ecdsa_secp384r1_sha384 "); + mbedtls_printf("ecdsa_secp521r1_sha512\n"); + mbedtls_printf("\trsa_pss_rsae_sha256 "); + mbedtls_printf("rsa_pss_rsae_sha384 "); + mbedtls_printf("rsa_pss_rsae_sha512\n"); + mbedtls_printf("\trsa_pss_pss_sha256 "); + mbedtls_printf("rsa_pss_pss_sha384 "); + mbedtls_printf("rsa_pss_pss_sha512\n"); + mbedtls_printf("\ted25519 "); + mbedtls_printf("ed448 "); + mbedtls_printf("rsa_pkcs1_sha1 "); + mbedtls_printf("ecdsa_sha1\n"); + mbedtls_printf( "\n" ); +} \ No newline at end of file From cc5391048e3fdde18ca79a0d72fddd6efcd415e9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Jun 2022 16:27:35 +0800 Subject: [PATCH 32/41] fix various issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 12 ++++++------ library/ssl_tls.c | 6 +++--- library/ssl_tls13_generic.c | 14 ++++++++------ library/ssl_tls13_server.c | 23 ++++++++++++----------- programs/ssl/ssl_test_common_source.c | 6 +++--- 5 files changed, 32 insertions(+), 29 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 05a926bd2b..f788baf580 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1922,8 +1922,8 @@ static inline const void *mbedtls_ssl_get_sig_algs( #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - if( ssl->handshake->sig_algs_heap_allocated == 1 && - ssl->handshake != NULL && + if( ssl->handshake != NULL && + ssl->handshake->sig_algs_heap_allocated == 1 && ssl->handshake->sig_algs != NULL ) { return( ssl->handshake->sig_algs ); @@ -1984,6 +1984,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( switch( sig_alg ) { +#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; @@ -2002,7 +2003,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA512_C */ - +#endif /* MBEDTLS_RSA_C */ default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -2168,9 +2169,8 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - uint16_t sig_alg, - mbedtls_pk_context *key); +int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, + mbedtls_pk_context *key ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dba70e20dc..304e61f42d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -856,7 +856,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) ssl->handshake->sig_algs = ssl->conf->sig_algs; ssl->handshake->sig_algs_heap_allocated = 0; } -#endif /* MBEDTLS_DEPRECATED_REMOVED */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ return( 0 ); } @@ -4072,8 +4072,8 @@ static int ssl_preset_suiteb_ciphersuites[] = { * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - * for its signature in the key exchange message and as Mbed TLS 1.2 does not + * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm + * for its signature in the key exchange message. As Mbed TLS 1.2 does not * support them, the handshake fails. */ static uint16_t ssl_preset_default_sig_algs[] = { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 62f22fd931..c7c652e596 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -940,16 +940,18 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "select_sig_alg_for_certificate_verify:" - "selected signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str( *sig_alg ), - *sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "select_sig_alg_for_certificate_verify:" + "selected signature algorithm %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); *algorithm = *sig_alg; return( 0 ); } } - + MBEDTLS_SSL_DEBUG_MSG( 2, + ( "select_sig_alg_for_certificate_verify:" + "no suitable signature algorithm found" ) ); return( -1 ); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b7b25576e7..2d751d6564 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -389,20 +389,21 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) continue; } - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "ssl_tls13_pick_key_cert:" - "check signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str( *sig_alg ), - *sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "ssl_tls13_pick_key_cert:" + "check signature algorithm %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk ) ) { ssl->handshake->key_cert = key_cert; - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "ssl_tls13_pick_key_cert:" - "selected signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str( *sig_alg ), - *sig_alg ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "ssl_tls13_pick_key_cert:" + "selected signature algorithm" + " %s [%04x]", + mbedtls_ssl_sig_alg_to_str( *sig_alg ), + *sig_alg ) ); MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate (chain)", ssl->handshake->key_cert->cert ); @@ -412,7 +413,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: " - "No signature algorithm found" ) ); + "no suitable signature algorithm found" ) ); return( -1 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C && diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 72c0b3ae34..ad9dcdd5bf 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -268,8 +268,8 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - * for its signature in the key exchange message and as Mbed TLS 1.2 does not + * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm + * for its signature in the key exchange message. As Mbed TLS 1.2 does not * support them, the handshake fails. */ #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ @@ -371,4 +371,4 @@ void mbedtls_print_supported_sig_algs( void ) mbedtls_printf("rsa_pkcs1_sha1 "); mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf( "\n" ); -} \ No newline at end of file +} From c2e0493e6ead458a3dd8af0f4fec2d3f6548e503 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Jun 2022 22:13:03 +0800 Subject: [PATCH 33/41] Add rsa_pkcs1 for cert sig match Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c7c652e596..39bd9f258f 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -855,9 +855,8 @@ cleanup: * STATE HANDLING: Output Certificate Verify */ -int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - uint16_t sig_alg, - mbedtls_pk_context *key) +int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, + mbedtls_pk_context *key ) { mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); size_t key_size = mbedtls_pk_get_bitlen( key ); @@ -912,6 +911,23 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + return( key_size <= 3072 ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + return( key_size <= 7680 ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + return( 1 ); +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V15 */ + default: break; } From 9d3e2fa37249925749e4c7e79b2b3776be73cbf0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Jun 2022 22:14:01 +0800 Subject: [PATCH 34/41] Add negative tests Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2d751d6564..144c70d472 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -412,8 +412,8 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert: " - "no suitable signature algorithm found" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert:" + "no suitable certificate found" ) ); return( -1 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C && From 71b18844ff26d992f84d409bd044935768ba30ef Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Jun 2022 23:01:49 +0800 Subject: [PATCH 35/41] fix various issues Signed-off-by: Jerry Yu --- library/ssl_tls.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 304e61f42d..3fa303b297 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -853,7 +853,6 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ { - ssl->handshake->sig_algs = ssl->conf->sig_algs; ssl->handshake->sig_algs_heap_allocated = 0; } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ From 660cb4209c15a0d0e82567b8b73a92d769a00f14 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 28 Jun 2022 16:17:58 +0800 Subject: [PATCH 36/41] Remove pkcs1 from key cert and sig alg map Signed-off-by: Jerry Yu --- library/ssl_tls.c | 3 +-- library/ssl_tls13_generic.c | 38 ++----------------------------------- 2 files changed, 3 insertions(+), 38 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3fa303b297..c5717c0f1b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4916,8 +4916,7 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, sig_alg, mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); - if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) || - ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) + if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) continue; MBEDTLS_SSL_DEBUG_MSG( 4, ( "valid signature algorithm: %s", diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 39bd9f258f..fa68730e4f 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -863,76 +863,41 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, switch( pk_type ) { -#if defined(MBEDTLS_ECDSA_C) case MBEDTLS_SSL_SIG_ECDSA: switch( key_size ) { -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case 256: return( sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); -#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case 384: return( sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); -#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case 521: return( sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); -#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ default: break; } break; -#endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_RSA_C) case MBEDTLS_SSL_SIG_RSA: switch( sig_alg ) { -#if defined(MBEDTLS_PKCS1_V21) -#if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: return( key_size <= 3072 ); -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA384_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: return( key_size <= 7680 ); -#endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_SHA512_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: return( 1 ); -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V21 */ - -#if defined(MBEDTLS_PKCS1_V15) -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - return( key_size <= 3072 ); -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - return( key_size <= 7680 ); -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - return( 1 ); -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V15 */ default: break; } break; -#endif /* MBEDTLS_RSA_C */ default: break; @@ -951,7 +916,8 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( *algorithm = MBEDTLS_TLS1_3_SIG_NONE; for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { - if( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( + if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) && + mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) && mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) From 959e5e030b9211f98a01f90d806d16796ff59e84 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Jun 2022 09:49:02 +0800 Subject: [PATCH 37/41] fix format issue Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index fa68730e4f..d131043461 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -917,10 +917,8 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify( for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) && - mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( - *sig_alg ) && - mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - *sig_alg, own_key ) ) + mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) && + mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "select_sig_alg_for_certificate_verify:" From 2fe6c638e2a4f3590dddab1b3ef28d99db1a9f7f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Jun 2022 10:02:38 +0800 Subject: [PATCH 38/41] remove supported check from parse sig algs Signed-off-by: Jerry Yu --- library/ssl_tls.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c5717c0f1b..c2f1f8562a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4915,9 +4915,17 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x %s", sig_alg, mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); - - if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + ( ! ( mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) && + mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) ) ) + { continue; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_SSL_DEBUG_MSG( 4, ( "valid signature algorithm: %s", mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); From aae28f178bba674d762e72c7b8c55dbfe0d74737 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Jun 2022 16:21:32 +0800 Subject: [PATCH 39/41] add tests Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 243 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 243 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index afabb64529..89565b4cb3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11882,6 +11882,249 @@ run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ -c "SSL 3.3 ChangeCipherSpec packet received" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check signature algorithm order, m->O" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key + -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache + -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ + "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ + min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -c "HTTP/1.0 200 [Oo][Kk]" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check signature algorithm order, m->G" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key + -d 4 + --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ + "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ + min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -c "HTTP/1.0 200 [Oo][Kk]" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check signature algorithm order, m->m" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required + crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key + crt_file=data_files/server5.crt key_file=data_files/server5.key + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ + "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 \ + min_version=tls12 max_version=tls13 " \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ + -c "HTTP/1.0 200 [Oo][Kk]" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check signature algorithm order, O->m" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required + crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key + crt_file=data_files/server5.crt key_file=data_files/server5.key + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ + "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \ + -cert data_files/server2-sha256.crt -key data_files/server2.key \ + -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ + 0 \ + -c "TLSv1.3" \ + -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check signature algorithm order, G->m" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required + crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key + crt_file=data_files/server5.crt key_file=data_files/server5.key + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ + "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \ + --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \ + --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \ + 0 \ + -c "Negotiated version: 3.4" \ + -c "HTTP/1.0 200 [Oo][Kk]" \ + -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required + crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key + crt_file=data_files/server5.crt key_file=data_files/server5.key + sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ + "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \ + --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \ + --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ + 1 \ + -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required + crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key + crt_file=data_files/server5.crt key_file=data_files/server5.key + sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \ + "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \ + -cert data_files/server2-sha256.crt -key data_files/server2.key \ + -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ + 1 \ + -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required + crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key + crt_file=data_files/server5.crt key_file=data_files/server5.key + sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ + "$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512 \ + min_version=tls12 max_version=tls13 " \ + 1 \ + -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ + -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3: Check server no suitable certificate, G->m" \ + "$P_SRV debug_level=4 force_version=tls13 + crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ + "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \ + --priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \ + 1 \ + -s "ssl_tls13_pick_key_cert:no suitable certificate found" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +run_test "TLS 1.3: Check server no suitable certificate, O->m" \ + "$P_SRV debug_level=4 force_version=tls13 + crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ + "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \ + -sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \ + 1 \ + -s "ssl_tls13_pick_key_cert:no suitable certificate found" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check server no suitable certificate, m->m" \ + "$P_SRV debug_level=4 force_version=tls13 + crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ + "$P_CLI allow_sha1=0 debug_level=4 \ + sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256 \ + min_version=tls12 max_version=tls13 " \ + 1 \ + -s "ssl_tls13_pick_key_cert:no suitable certificate found" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check client no signature algorithm, m->O" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key + -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache + -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ + "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ + min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + 1 \ + -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check client no signature algorithm, m->G" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key + -d 4 + --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ + "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ + min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + 1 \ + -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Check client no signature algorithm, m->m" \ + "$P_SRV debug_level=4 force_version=tls13 auth_mode=required + crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key + crt_file=data_files/server5.crt key_file=data_files/server5.key + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ + "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 \ + min_version=tls12 max_version=tls13 " \ + 1 \ + -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 52b7d923fe341f15033ec92206f60d0b055a9768 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Jul 2022 18:03:31 +0800 Subject: [PATCH 40/41] fix various issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 12 ++++++------ library/ssl_tls.c | 5 +---- tests/ssl-opt.sh | 32 ++++++++------------------------ 3 files changed, 15 insertions(+), 34 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f788baf580..77f001a97b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1984,7 +1984,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( switch( sig_alg ) { -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; @@ -2003,7 +2003,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_PKCS1_V21 */ default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -2031,7 +2031,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( #endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: break; @@ -2044,7 +2044,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: break; #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_PKCS1_V21 */ default: return( 0 ); } @@ -2057,7 +2057,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( { switch( sig_alg ) { -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PKCS1_V15) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: break; @@ -2070,7 +2070,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: break; #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ +#endif /* MBEDTLS_PKCS1_V15 */ default: return( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( sig_alg ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c2f1f8562a..b40fbbbf64 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4916,10 +4916,7 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, sig_alg, mbedtls_ssl_sig_alg_to_str( sig_alg ) ) ); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && ( ! ( mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) && mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) ) ) { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 89565b4cb3..642e305618 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11883,7 +11883,6 @@ run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ -c "SSL 3.3 ChangeCipherSpec packet received" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11893,14 +11892,13 @@ run_test "TLS 1.3: Check signature algorithm order, m->O" \ -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ - min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11910,13 +11908,12 @@ run_test "TLS 1.3: Check signature algorithm order, m->G" \ -d 4 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ - min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -c "HTTP/1.0 200 [Oo][Kk]" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11929,7 +11926,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 \ - min_version=tls12 max_version=tls13 " \ + force_version=tls13" \ 0 \ -c "Protocol is TLSv1.3" \ -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ @@ -11938,12 +11935,10 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3: Check signature algorithm order, O->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -11958,12 +11953,10 @@ run_test "TLS 1.3: Check signature algorithm order, O->m" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3: Check signature algorithm order, G->m" \ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key @@ -11979,7 +11972,6 @@ run_test "TLS 1.3: Check signature algorithm order, G->m" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -11997,7 +11989,6 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12014,7 +12005,6 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12027,13 +12017,12 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ "$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512 \ - min_version=tls12 max_version=tls13 " \ + force_version=tls13" \ 1 \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12048,7 +12037,6 @@ run_test "TLS 1.3: Check server no suitable certificate, G->m" \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12062,7 +12050,6 @@ run_test "TLS 1.3: Check server no suitable certificate, O->m" \ 1 \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12074,12 +12061,11 @@ run_test "TLS 1.3: Check server no suitable certificate, m->m" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ "$P_CLI allow_sha1=0 debug_level=4 \ sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256 \ - min_version=tls12 max_version=tls13 " \ + force_version=tls13" \ 1 \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12089,12 +12075,11 @@ run_test "TLS 1.3: Check client no signature algorithm, m->O" \ -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ - min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12104,11 +12089,10 @@ run_test "TLS 1.3: Check client no signature algorithm, m->G" \ -d 4 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ - min_version=tls12 max_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C @@ -12121,7 +12105,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 \ - min_version=tls12 max_version=tls13 " \ + force_version=tls13" \ 1 \ -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" From 7ac0d498de1992ac5a5c3ad997434f8ea3e386f0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 1 Jul 2022 19:29:30 +0800 Subject: [PATCH 41/41] remove force_version for client Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 642e305618..4783c3dad3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11892,7 +11892,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->O" \ -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ - force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ @@ -11908,7 +11908,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->G" \ -d 4 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ - force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ @@ -11925,8 +11925,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \ crt_file=data_files/server5.crt key_file=data_files/server5.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 \ - force_version=tls13" \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 0 \ -c "Protocol is TLSv1.3" \ -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ @@ -12016,8 +12015,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ crt_file=data_files/server5.crt key_file=data_files/server5.key sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ "$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512 \ - force_version=tls13" \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ 1 \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" @@ -12060,8 +12058,7 @@ run_test "TLS 1.3: Check server no suitable certificate, m->m" \ crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ "$P_CLI allow_sha1=0 debug_level=4 \ - sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256 \ - force_version=tls13" \ + sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \ 1 \ -s "ssl_tls13_pick_key_cert:no suitable certificate found" @@ -12075,7 +12072,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->O" \ -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ - force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" @@ -12089,7 +12086,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->G" \ -d 4 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ - force_version=tls13 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" @@ -12104,8 +12101,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \ crt_file=data_files/server5.crt key_file=data_files/server5.key sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 \ - force_version=tls13" \ + sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 1 \ -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"