From beb3f41f2f528277d86840ec7bdbefce8d7194cd Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 16 Aug 2021 15:00:55 +0800 Subject: [PATCH 01/45] Add handshake_set_state helper function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b4f841a373..36754a3237 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1323,4 +1323,14 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl, + int state ) +{ + ssl->state = state; +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #endif /* ssl_misc.h */ From a13c7e739cf3200d4784e1fbbf1b0412d9aee467 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 17 Aug 2021 10:44:40 +0800 Subject: [PATCH 02/45] add dummy client hello process Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 3 +++ library/ssl_tls13_client.c | 51 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2909dc8e5b..54be3a5b9f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -573,6 +573,9 @@ typedef enum MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ } mbedtls_ssl_states; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 368b5572db..d619d80ed9 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -26,11 +26,58 @@ #if defined(MBEDTLS_SSL_CLI_C) #include "ssl_misc.h" +#include + +static int ssl_client_hello_process( mbedtls_ssl_context* ssl ); int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) { - ((void) ssl); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + int ret = 0; + + if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); + + switch( ssl->state ) + { + case MBEDTLS_SSL_HELLO_REQUEST: + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); + break; + + case MBEDTLS_SSL_CLIENT_HELLO: + ret = ssl_client_hello_process( ssl ); + break; + + case MBEDTLS_SSL_SERVER_HELLO: + // Stop here : we haven't finished whole flow + ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + break; + + default: + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + return( ret ); +} + +static int ssl_client_hello_process( mbedtls_ssl_context* ssl ) +{ + int ret = 0; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); + + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); + /* client_hello_process haven't finished */ + ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + return ret; } #endif /* MBEDTLS_SSL_CLI_C */ From 65dd2ccfe696d6cfaecfc376038db1d71dc1c28e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 18 Aug 2021 16:38:40 +0800 Subject: [PATCH 03/45] Add dummy stages for `client_hello_process` Signed-off-by: Jerry Yu --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/ssl_misc.h | 37 ++++++++++++++++++++ library/ssl_tls13_client.c | 54 ++++++++++++++++++++++++++++++ library/ssl_tls13_generic.c | 67 +++++++++++++++++++++++++++++++++++++ 5 files changed, 160 insertions(+) create mode 100644 library/ssl_tls13_generic.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5adc128c96..a5d692cbe4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -106,6 +106,7 @@ set(src_tls ssl_tls13_keys.c ssl_tls13_server.c ssl_tls13_client.c + ssl_tls13_generic.c ) if(CMAKE_COMPILER_IS_GNUCC) diff --git a/library/Makefile b/library/Makefile index 8c58fb8501..13cd7db0c6 100644 --- a/library/Makefile +++ b/library/Makefile @@ -169,6 +169,7 @@ OBJS_TLS= \ ssl_tls13_keys.o \ ssl_tls13_client.o \ ssl_tls13_server.o \ + ssl_tls13_generic.o \ # This line is intentionally left blank .SILENT: diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 36754a3237..4c3f6c0d5e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -26,6 +26,7 @@ #include "mbedtls/ssl.h" #include "mbedtls/cipher.h" +#include "mbedtls/debug.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" @@ -102,6 +103,30 @@ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ +#define MBEDTLS_SSL_PROC_STRIP_PARENS( ... ) __VA_ARGS__ + +#define MBEDTLS_SSL_PROC_CHK( fn, args ) \ + do { \ + ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \ + if( ret != 0 ) \ + { \ + if( ret > 0 ) \ + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; \ + MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret ); \ + goto cleanup; \ + } \ + } while( 0 ) + +#define MBEDTLS_SSL_PROC_CHK_NEG( fn, args ) \ + do { \ + ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \ + if( ret < 0 ) \ + { \ + MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret ); \ + goto cleanup; \ + } \ + } while( 0 ) + /* * DTLS retransmission states, see RFC 6347 4.2.4 * @@ -1331,6 +1356,18 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl, ssl->state = state; } +int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char **buf, + size_t *buflen ); +int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, + size_t buf_len, + size_t msg_len ); +void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + size_t total_hs_len ); + + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* ssl_misc.h */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d619d80ed9..46c071b6bb 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -28,6 +28,7 @@ #include "ssl_misc.h" #include +/* Main entry point; orchestrates the other functions */ static int ssl_client_hello_process( mbedtls_ssl_context* ssl ); int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) @@ -66,20 +67,73 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) return( ret ); } + +static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl ); +static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, + unsigned char* buf, size_t buflen, + size_t* len_without_binders, + size_t* len_with_binders ); +static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ); + static int ssl_client_hello_process( mbedtls_ssl_context* ssl ) { int ret = 0; + unsigned char *buf; + size_t buf_len, msg_len; + size_t len_without_binders = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); + MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl, + MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len, + &len_without_binders, + &msg_len ) ); + + mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + msg_len ); + ssl->handshake->update_checksum( ssl, buf, len_without_binders ); + + MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); +cleanup: + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); /* client_hello_process haven't finished */ ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; return ret; } +static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl ) +{ + ((void) ssl); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + +static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, + unsigned char* buf, size_t buflen, + size_t* len_without_binders, + size_t* len_with_binders ) +{ + ((void) ssl); + ((void) buf); + ((void) buflen); + ((void) len_without_binders); + ((void) len_with_binders); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + +static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) +{ + ((void) ssl); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + #endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c new file mode 100644 index 0000000000..51c8fe3bd5 --- /dev/null +++ b/library/ssl_tls13_generic.c @@ -0,0 +1,67 @@ +/* + * TLS 1.3 functionality shared between client and server + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_SSL_TLS_C) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +#include "ssl_misc.h" + +int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, + unsigned hs_type, + unsigned char **buf, + size_t *buflen ) +{ + ((void) ssl); + ((void) hs_type); + ((void) buf); + ((void) buflen); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + +int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, + size_t buf_len, + size_t msg_len ) +{ + ((void) ssl); + ((void) buf_len); + ((void) msg_len); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + +void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, + unsigned hs_type, + size_t total_hs_len ) +{ + unsigned char hs_hdr[4]; + + /* Build HS header for checksum update. */ + hs_hdr[0] = hs_type; + hs_hdr[1] = (unsigned char)( total_hs_len >> 16 ); + hs_hdr[2] = (unsigned char)( total_hs_len >> 8 ); + hs_hdr[3] = (unsigned char)( total_hs_len >> 0 ); + + ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +#endif /* MBEDTLS_SSL_TLS_C */ From c8a392c47e1c71b67b90c47f509f47fc57cefdc9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 18 Aug 2021 16:46:28 +0800 Subject: [PATCH 04/45] Implement stages except write_partial Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 34 ++++++++++++++++++++++++++-------- library/ssl_tls13_generic.c | 24 ++++++++++++++++-------- 2 files changed, 42 insertions(+), 16 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 46c071b6bb..b06147c0c9 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -99,7 +99,6 @@ static int ssl_client_hello_process( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) ); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) ); - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); cleanup: @@ -111,8 +110,31 @@ cleanup: static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl ) { - ((void) ssl); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + int ret; + size_t rand_bytes_len; + + if( ssl->conf->f_rng == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); + return( MBEDTLS_ERR_SSL_NO_RNG ); + } + + rand_bytes_len = 32; + + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); + return( ret ); + } + + return( 0 ); +} + +static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); + + return( 0 ); } static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, @@ -128,11 +150,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } -static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) -{ - ((void) ssl); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -} + #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 51c8fe3bd5..5aa5d8a014 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -23,6 +23,8 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +#include "mbedtls/error.h" + #include "ssl_misc.h" int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, @@ -30,21 +32,27 @@ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned char **buf, size_t *buflen ) { - ((void) ssl); - ((void) hs_type); - ((void) buf); - ((void) buflen); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + *buf = ssl->out_msg + 4; + *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; + + ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = hs_type; + + return( 0 ); } int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t buf_len, size_t msg_len ) { - ((void) ssl); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) buf_len); - ((void) msg_len); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + + ssl->out_msglen = msg_len + 4; + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext, ( ssl, 0 ) ); + +cleanup: + return( ret ); } void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, From 93bcd61a414c9e320b149a9d1e66009cd94dfd87 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 18 Aug 2021 12:47:24 +0800 Subject: [PATCH 05/45] Add field into handshake params Add `extensions_present` field. It represents which are present. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4c3f6c0d5e..5f15b8da77 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -103,6 +103,21 @@ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ +/* List of extensions used in extensions_present of mbedtls_ssl_handshake_params */ +#define MBEDTLS_SSL_EXT_NONE 0 +#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 0 ) +#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 1 ) +#define MBEDTLS_SSL_EXT_SIGNATURE_ALGORITHM ( 1 << 2 ) +#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 ) +#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 4 ) +#define MBEDTLS_SSL_EXT_ALPN ( 1 << 5 ) +#define MBEDTLS_SSL_EXT_SUPPORTED_VERSION ( 1 << 6 ) +#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 7 ) +#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 8 ) +#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 9 ) +#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 10 ) +#define MBEDTLS_SSL_EXT_CID ( 1 << 11 ) + #define MBEDTLS_SSL_PROC_STRIP_PARENS( ... ) __VA_ARGS__ #define MBEDTLS_SSL_PROC_CHK( fn, args ) \ @@ -631,6 +646,9 @@ struct mbedtls_ssl_handshake_params int max_major_ver; /*!< max. major version client*/ int max_minor_ver; /*!< max. minor version client*/ int cli_exts; /*!< client extension presence*/ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + int extensions_present; /*!< extension presence; Each bitfield represents an extension and defined as \c MBEDTLS_SSL_EXT_XXX */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) int new_session_ticket; /*!< use NewSessionTicket? */ From 7984d9931e549d040a75b964dd8a24dfd96f0b3d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 18 Aug 2021 10:31:29 +0800 Subject: [PATCH 06/45] Add tls1.3 extension IANA values Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 54be3a5b9f..f988c0d8f1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -474,6 +474,8 @@ #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 +#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* Renamed in TLS 1.3 */ + #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 #define MBEDTLS_TLS_EXT_SIG_ALG 13 @@ -487,6 +489,15 @@ #define MBEDTLS_TLS_EXT_SESSION_TICKET 35 +/* TLS 1.3 */ +#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 +#define MBEDTLS_TLS_EXT_EARLY_DATA 42 +#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 +#define MBEDTLS_TLS_EXT_COOKIE 44 +#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 + +#define MBEDTLS_TLS_EXT_KEY_SHARES 51 + /* The value of the CID extension is still TBD as of * draft-ietf-tls-dtls-connection-id-05 * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05). From bc20bdd3a9f271ac0605716714111090436d18d9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 24 Aug 2021 15:59:48 +0800 Subject: [PATCH 07/45] Implement write_partial with dummy exts Signed-off-by: Jerry Yu --- library/ssl_misc.h | 3 + library/ssl_tls13_client.c | 293 +++++++++++++++++++++++++++++++++++- library/ssl_tls13_generic.c | 34 +++++ 3 files changed, 327 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5f15b8da77..dfb5634974 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1385,6 +1385,9 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +int mbedtls_ssl_write_signature_algorithms_ext(mbedtls_ssl_context* ssl, unsigned char* buf, unsigned char* end, size_t* olen); +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b06147c0c9..fbc8fd5fb4 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -25,6 +25,8 @@ #if defined(MBEDTLS_SSL_CLI_C) +#include + #include "ssl_misc.h" #include @@ -137,20 +139,305 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) return( 0 ); } +/* Write extensions */ + +static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, + unsigned char* buf, + unsigned char* end, + size_t* olen ); + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, + unsigned char* buf, + unsigned char* end, + size_t* olen ); + +static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl, + unsigned char* buf, + unsigned char* end, + size_t* olen ); + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, unsigned char* buf, size_t buflen, size_t* len_without_binders, size_t* len_with_binders ) +{ + /* Extensions */ + + /* extension_start + * Used during extension writing where the + * buffer pointer to the beginning of the + * extension list must be kept to write + * the total extension list size in the end. + */ + + int ret; + unsigned char* extension_start; + size_t cur_ext_len; /* Size of the current extension */ + size_t total_ext_len; /* Size of list of extensions */ + + /* Length information */ + size_t rand_bytes_len; + size_t version_len; + + /* Buffer management */ + unsigned char* start = buf; + unsigned char* end = buf + buflen; + + /* Ciphersuite-related variables */ + const int* ciphersuites; + const mbedtls_ssl_ciphersuite_t* ciphersuite_info; + size_t i; /* used to iterate through ciphersuite list */ + /* ciphersuite_start points to the start of the ciphersuite list, i.e. to the length field*/ + unsigned char* ciphersuite_start; + size_t ciphersuite_count; + + /* Keeping track of the included extensions */ + ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; + + rand_bytes_len = 32; + + /* NOTE: + * Even for DTLS 1.3, we are writing a TLS handshake header here. + * The actual DTLS 1.3 handshake header is inserted in + * the record writing routine mbedtls_ssl_write_record(). + * + * For cTLS the length, and the version field + * are elided. The random bytes are shorter. + */ + version_len = 2; + + if( ssl->conf->max_major_ver == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, " + "consider using mbedtls_ssl_config_defaults()" ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + ssl->major_ver = ssl->conf->min_major_ver; + ssl->minor_ver = ssl->conf->min_minor_ver; + + /* For TLS 1.3 we use the legacy version number {0x03, 0x03} + * instead of the true version number. + * + * For DTLS 1.3 we use the legacy version number + * {254,253}. + * + * In cTLS the version number is elided. + */ + *buf++ = 0x03; + *buf++ = 0x03; + buflen -= version_len; + + /* Write random bytes */ + memcpy( buf, ssl->handshake->randbytes, rand_bytes_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, rand_bytes_len ); + + buf += rand_bytes_len; + buflen -= rand_bytes_len; + + /* Versions of TLS before TLS 1.3 supported a + * "session resumption" feature which has been merged with pre-shared + * keys in this version. A client which has a + * cached session ID set by a pre-TLS 1.3 server SHOULD set this + * field to that value. In compatibility mode, + * this field MUST be non-empty, so a client not offering a + * pre-TLS 1.3 session MUST generate a new 32-byte value. This value + * need not be random but SHOULD be unpredictable to avoid + * implementations fixating on a specific value ( also known as + * ossification ). Otherwise, it MUST be set as a zero-length vector + * ( i.e., a zero-valued single byte length field ). + */ + if( buflen < 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + *buf++ = 0; /* session id length set to zero */ + buflen -= 1; + + /* + * Ciphersuite list + * + * This is a list of the symmetric cipher options supported by + * the client, specifically the record protection algorithm + * ( including secret key length ) and a hash to be used with + * HKDF, in descending order of client preference. + */ + ciphersuites = ssl->conf->ciphersuite_list; + + if( buflen < 2 /* for ciphersuite list length */ ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + /* Skip writing ciphersuite length for now */ + ciphersuite_count = 0; + ciphersuite_start = buf; + buf += 2; + buflen -= 2; + + for ( i = 0; ciphersuites[i] != 0; i++ ) + { + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); + + if( ciphersuite_info == NULL ) + continue; + + if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 || + ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) + continue; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", + (unsigned int) ciphersuites[i], ciphersuite_info->name ) ); + + ciphersuite_count++; + + if( buflen < 2 /* for ciphersuite list length */ ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + *buf++ = (unsigned char)( ciphersuites[i] >> 8 ); + *buf++ = (unsigned char)( ciphersuites[i] ); + + buflen -= 2; + + } + + /* write ciphersuite length now */ + *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 >> 8 ); + *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", ciphersuite_count ) ); + + /* For every TLS 1.3 ClientHello, this vector MUST contain exactly + * one byte set to zero, which corresponds to the 'null' compression + * method in prior versions of TLS. + * + * For cTLS this field is elided. + */ + if( buflen < 2 /* for ciphersuite list length */ ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + *buf++ = 1; + *buf++ = MBEDTLS_SSL_COMPRESS_NULL; + + buflen -= 2; + + /* First write extensions, then the total length */ + extension_start = buf; + total_ext_len = 0; + buf += 2; + + /* Supported Versions Extension is mandatory with TLS 1.3. + * + * For cTLS we only need to provide it if there is more than one version + * and currently there is only one. + */ + ssl_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); + total_ext_len += cur_ext_len; + buf += cur_ext_len; + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + /* The supported_groups and the key_share extensions are + * REQUIRED for ECDHE ciphersuites. + */ + ret = ssl_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); + + total_ext_len += cur_ext_len; + buf += cur_ext_len; + + /* The supported_signature_algorithms extension is REQUIRED for + * certificate authenticated ciphersuites. */ + ret = mbedtls_ssl_write_signature_algorithms_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); + + total_ext_len += cur_ext_len; + buf += cur_ext_len; + + /* We need to send the key shares under three conditions: + * 1 ) A certificate-based ciphersuite is being offered. In this case + * supported_groups and supported_signature extensions have been successfully added. + * 2 ) A PSK-based ciphersuite with ECDHE is offered. In this case the + * psk_key_exchange_modes has been added as the last extension. + * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above ) + */ + + ret = ssl_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); + + total_ext_len += cur_ext_len; + buf += cur_ext_len; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + + /* Add more extensions here */ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET , + total_ext_len ) ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len ); + + /* Write extension length */ + *extension_start++ = (unsigned char)( ( total_ext_len >> 8 ) & 0xFF ); + *extension_start++ = (unsigned char)( ( total_ext_len ) & 0xFF ); + + *len_without_binders = buf - start; + *len_with_binders = ( extension_start + total_ext_len ) - start; + return( 0 ); +} + +static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, + unsigned char* buf, + unsigned char* end, + size_t* olen ) { ((void) ssl); ((void) buf); - ((void) buflen); - ((void) len_without_binders); - ((void) len_with_binders); + ((void) end); + ((void) olen); +} + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, + unsigned char* buf, + unsigned char* end, + size_t* olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + ((void) olen); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } +static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl, + unsigned char* buf, + unsigned char* end, + size_t* olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + ((void) olen); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5aa5d8a014..7ec7423ea0 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -70,6 +70,40 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) ); } +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +/* + * mbedtls_ssl_write_signature_algorithms_ext( ) + * + * enum { + * .... + * ecdsa_secp256r1_sha256( 0x0403 ), + * ecdsa_secp384r1_sha384( 0x0503 ), + * ecdsa_secp521r1_sha512( 0x0603 ), + * .... + * } SignatureScheme; + * + * struct { + * SignatureScheme supported_signature_algorithms<2..2^16-2>; + * } SignatureSchemeList; + * + * Only if we handle at least one key exchange that needs signatures. + */ + +int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, + unsigned char* buf, + unsigned char* end, + size_t* olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + ((void) olen); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_TLS_C */ From ef6b36b484ea00bae37c5833d14b15127d76ea98 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 24 Aug 2021 16:29:02 +0800 Subject: [PATCH 08/45] add supported versions extension Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 42 ++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fbc8fd5fb4..0b10b12f41 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -400,15 +400,49 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, return( 0 ); } +/* + * ssl_write_supported_versions_ext(): + * + * struct { + * ProtocolVersion versions<2..254>; + * } SupportedVersions; + */ static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, unsigned char* buf, unsigned char* end, size_t* olen ) { - ((void) ssl); - ((void) buf); - ((void) end); - ((void) olen); + unsigned char *p = buf; + + *olen = 0; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) ); + + if( end < p || (size_t)( end - p ) < 7 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) & 0xFF ); + + /* total length */ + *p++ = 0x00; + *p++ = 3; + + /* length of next field */ + *p++ = 0x2; + + /* This implementation only supports a single TLS version, and only + * advertises a single value. + */ + mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, + ssl->conf->transport, p ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + + *olen = 7; } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) From 32cd5b19dc15ece9669e6e40a1730301082297ff Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 24 Aug 2021 18:07:13 +0800 Subject: [PATCH 09/45] fix unused variable warning Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0b10b12f41..f6e145b294 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -173,8 +173,9 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, * extension list must be kept to write * the total extension list size in the end. */ - +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) int ret; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ unsigned char* extension_start; size_t cur_ext_len; /* Size of the current extension */ size_t total_ext_len; /* Size of list of extensions */ From b3317e1a01d2754e7ca1a9fbfb1566a8b5798d83 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 14:30:22 +0800 Subject: [PATCH 10/45] Add extension types in rfc8446 Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f988c0d8f1..b7b22c20d4 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -472,31 +472,37 @@ #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 +#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 -#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* Renamed in TLS 1.3 */ - +#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 -#define MBEDTLS_TLS_EXT_SIG_ALG 13 - +#define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_USE_SRTP 14 - +#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_ALPN 16 +#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 19 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 20 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ #define MBEDTLS_TLS_EXT_SESSION_TICKET 35 -/* TLS 1.3 */ -#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 -#define MBEDTLS_TLS_EXT_EARLY_DATA 42 -#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 -#define MBEDTLS_TLS_EXT_COOKIE 44 -#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 +#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_EARLY_DATA 42 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_COOKIE 44 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_KEY_SHARES 51 +#define MBEDTLS_TLS_EXT_CERT_AUTH 47 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_OID_FILTERS 48 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH 49 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ /* The value of the CID extension is still TBD as of * draft-ietf-tls-dtls-connection-id-05 From 8e7ca0432ef291e1e0502e352cf830cfbabdd875 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 15:31:37 +0800 Subject: [PATCH 11/45] fix extensions_present issues fix comments for the mask values. follow same order as IANA values. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 46 +++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index dfb5634974..bda2a7a1a6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -103,20 +103,34 @@ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ -/* List of extensions used in extensions_present of mbedtls_ssl_handshake_params */ -#define MBEDTLS_SSL_EXT_NONE 0 -#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 0 ) -#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 1 ) -#define MBEDTLS_SSL_EXT_SIGNATURE_ALGORITHM ( 1 << 2 ) -#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 ) -#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 4 ) -#define MBEDTLS_SSL_EXT_ALPN ( 1 << 5 ) -#define MBEDTLS_SSL_EXT_SUPPORTED_VERSION ( 1 << 6 ) -#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 7 ) -#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 8 ) -#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 9 ) -#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 10 ) -#define MBEDTLS_SSL_EXT_CID ( 1 << 11 ) +/* + * Mask of TLS 1.3 handshake extensions used in extensions_present + * of mbedtls_ssl_handshake_params. + */ +#define MBEDTLS_SSL_EXT_NONE 0 + +#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 ) +#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 ) +#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 ) +#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 ) +#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 ) +#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 ) +#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 ) +#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 ) +#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 ) +#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 9 ) +#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 10 ) +#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 ) +#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 ) +#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 ) +#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 ) +#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 ) +#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 ) +#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 ) +#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 ) +#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 ) +#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) +#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) #define MBEDTLS_SSL_PROC_STRIP_PARENS( ... ) __VA_ARGS__ @@ -647,7 +661,9 @@ struct mbedtls_ssl_handshake_params int max_minor_ver; /*!< max. minor version client*/ int cli_exts; /*!< client extension presence*/ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - int extensions_present; /*!< extension presence; Each bitfield represents an extension and defined as \c MBEDTLS_SSL_EXT_XXX */ + int extensions_present; /*!< extension presence; Each bitfield + represents an extension and defined + as \c MBEDTLS_SSL_EXT_XXX */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) From c7ddeec22988235608aa7a4f3647b14d74546a53 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 16:23:47 +0800 Subject: [PATCH 12/45] Remove `len_without_binders` Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f6e145b294..2cada0deca 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -73,8 +73,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl ); static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, unsigned char* buf, size_t buflen, - size_t* len_without_binders, - size_t* len_with_binders ); + size_t *len_with_binders ); static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ); static int ssl_client_hello_process( mbedtls_ssl_context* ssl ) @@ -82,7 +81,6 @@ static int ssl_client_hello_process( mbedtls_ssl_context* ssl ) int ret = 0; unsigned char *buf; size_t buf_len, msg_len; - size_t len_without_binders = 0; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); @@ -91,13 +89,11 @@ static int ssl_client_hello_process( mbedtls_ssl_context* ssl ) MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) ); - MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len, - &len_without_binders, - &msg_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len, &msg_len ) ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, msg_len ); - ssl->handshake->update_checksum( ssl, buf, len_without_binders ); + ssl->handshake->update_checksum( ssl, buf, 0 ); MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) ); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) ); @@ -162,8 +158,7 @@ static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl, static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, unsigned char* buf, size_t buflen, - size_t* len_without_binders, - size_t* len_with_binders ) + size_t *len_with_binders ) { /* Extensions */ @@ -396,7 +391,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, *extension_start++ = (unsigned char)( ( total_ext_len >> 8 ) & 0xFF ); *extension_start++ = (unsigned char)( ( total_ext_len ) & 0xFF ); - *len_without_binders = buf - start; *len_with_binders = ( extension_start + total_ext_len ) - start; return( 0 ); } From 708202b7d08812f3859b854cd8e534e4154655b0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 16:28:36 +0800 Subject: [PATCH 13/45] Move random function check move to `ssl_conf_check` Signed-off-by: Jerry Yu --- library/ssl_tls.c | 6 ++++++ library/ssl_tls13_client.c | 6 ------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 07b51003ab..1c8c7bd734 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3182,6 +3182,12 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) if( ret != 0 ) return( ret ); + if( ssl->conf->f_rng == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); + return( MBEDTLS_ERR_SSL_NO_RNG ); + } + /* Space for further checks */ return( 0 ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 2cada0deca..036c5e5537 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -111,12 +111,6 @@ static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl ) int ret; size_t rand_bytes_len; - if( ssl->conf->f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); - return( MBEDTLS_ERR_SSL_NO_RNG ); - } - rand_bytes_len = 32; if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 ) From 6f13f64aa668155a91e39e99f361687927a4b6f6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 17:18:15 +0800 Subject: [PATCH 14/45] fix various format issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 +- library/ssl_tls13_client.c | 94 ++++++++++++++++++-------------------- 2 files changed, 47 insertions(+), 51 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index bda2a7a1a6..9cf1e4ff39 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1402,7 +1402,9 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, size_t total_hs_len ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -int mbedtls_ssl_write_signature_algorithms_ext(mbedtls_ssl_context* ssl, unsigned char* buf, unsigned char* end, size_t* olen); +int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, unsigned char *end, + size_t *olen); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 036c5e5537..62b6ce18f8 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -30,8 +30,10 @@ #include "ssl_misc.h" #include +#define CLIENT_HELLO_RAND_BYTES_LEN 32 +#define CLIENT_HELLO_VERSION_LEN 2 /* Main entry point; orchestrates the other functions */ -static int ssl_client_hello_process( mbedtls_ssl_context* ssl ); +static int ssl_client_hello_process( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) { @@ -70,13 +72,13 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) } -static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl ); -static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, - unsigned char* buf, size_t buflen, +static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl ); +static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, + unsigned char *buf, size_t buflen, size_t *len_with_binders ); -static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ); +static int ssl_client_hello_postprocess( mbedtls_ssl_context *ssl ); -static int ssl_client_hello_process( mbedtls_ssl_context* ssl ) +static int ssl_client_hello_process( mbedtls_ssl_context *ssl ) { int ret = 0; unsigned char *buf; @@ -106,14 +108,13 @@ cleanup: return ret; } -static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl ) +static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl ) { int ret; - size_t rand_bytes_len; - rand_bytes_len = 32; - - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 ) + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, + ssl->handshake->randbytes, + CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); return( ret ); @@ -131,27 +132,27 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) /* Write extensions */ -static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, - unsigned char* buf, - unsigned char* end, - size_t* olen ); +static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, - unsigned char* buf, - unsigned char* end, - size_t* olen ); + unsigned char *buf, + unsigned char *end, + size_t *olen ); static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl, - unsigned char* buf, - unsigned char* end, - size_t* olen ); + unsigned char *buf, + unsigned char *end, + size_t *olen ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, - unsigned char* buf, size_t buflen, +static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, + unsigned char *buf, size_t buflen, size_t *len_with_binders ) { /* Extensions */ @@ -169,10 +170,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, size_t cur_ext_len; /* Size of the current extension */ size_t total_ext_len; /* Size of list of extensions */ - /* Length information */ - size_t rand_bytes_len; - size_t version_len; - /* Buffer management */ unsigned char* start = buf; unsigned char* end = buf + buflen; @@ -188,8 +185,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, /* Keeping track of the included extensions */ ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; - rand_bytes_len = 32; - /* NOTE: * Even for DTLS 1.3, we are writing a TLS handshake header here. * The actual DTLS 1.3 handshake header is inserted in @@ -198,7 +193,6 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, * For cTLS the length, and the version field * are elided. The random bytes are shorter. */ - version_len = 2; if( ssl->conf->max_major_ver == 0 ) { @@ -218,16 +212,18 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, * * In cTLS the version number is elided. */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN); *buf++ = 0x03; *buf++ = 0x03; - buflen -= version_len; + buflen -= CLIENT_HELLO_VERSION_LEN; /* Write random bytes */ - memcpy( buf, ssl->handshake->randbytes, rand_bytes_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, rand_bytes_len ); + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN); + memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN ); + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, CLIENT_HELLO_RAND_BYTES_LEN ); - buf += rand_bytes_len; - buflen -= rand_bytes_len; + buf += CLIENT_HELLO_RAND_BYTES_LEN; + buflen -= CLIENT_HELLO_RAND_BYTES_LEN; /* Versions of TLS before TLS 1.3 supported a * "session resumption" feature which has been merged with pre-shared @@ -396,10 +392,10 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl, * ProtocolVersion versions<2..254>; * } SupportedVersions; */ -static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, - unsigned char* buf, - unsigned char* end, - size_t* olen ) +static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { unsigned char *p = buf; @@ -407,11 +403,7 @@ static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) ); - if( end < p || (size_t)( end - p ) < 7 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) & 0xFF ); @@ -432,14 +424,16 @@ static void ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); *olen = 7; + + return( 0 ); } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, - unsigned char* buf, - unsigned char* end, - size_t* olen ) + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); @@ -449,9 +443,9 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, } static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl, - unsigned char* buf, - unsigned char* end, - size_t* olen ) + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); From e885b7698062920884a4e6b85b08129d2ab8c334 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 17:32:34 +0800 Subject: [PATCH 15/45] fix too long lines Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 62b6ce18f8..d293629857 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -59,7 +59,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_SERVER_HELLO: // Stop here : we haven't finished whole flow - ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); break; @@ -88,17 +88,20 @@ static int ssl_client_hello_process( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, ( ssl, - MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, + ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + &buf, &buf_len ) ); - MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, ( ssl, buf, buf_len, &msg_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, + ( ssl, buf, buf_len, &msg_len ) ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, msg_len ); ssl->handshake->update_checksum( ssl, buf, 0 ); MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, + ( ssl, buf_len, msg_len ) ); cleanup: @@ -112,8 +115,8 @@ static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl ) { int ret; - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, - ssl->handshake->randbytes, + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, + ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); @@ -177,8 +180,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, /* Ciphersuite-related variables */ const int* ciphersuites; const mbedtls_ssl_ciphersuite_t* ciphersuite_info; - size_t i; /* used to iterate through ciphersuite list */ - /* ciphersuite_start points to the start of the ciphersuite list, i.e. to the length field*/ + /* ciphersuite_start points to the start of + the ciphersuite list, i.e. to the length field*/ unsigned char* ciphersuite_start; size_t ciphersuite_count; @@ -220,7 +223,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, /* Write random bytes */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN); memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, CLIENT_HELLO_RAND_BYTES_LEN ); + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", + buf, CLIENT_HELLO_RAND_BYTES_LEN ); buf += CLIENT_HELLO_RAND_BYTES_LEN; buflen -= CLIENT_HELLO_RAND_BYTES_LEN; @@ -268,7 +272,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, buf += 2; buflen -= 2; - for ( i = 0; ciphersuites[i] != 0; i++ ) + for ( size_t i = 0; ciphersuites[i] != 0; i++ ) { ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); @@ -280,7 +284,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", - (unsigned int) ciphersuites[i], ciphersuite_info->name ) ); + (unsigned int) ciphersuites[i], + ciphersuite_info->name ) ); ciphersuite_count++; @@ -301,7 +306,9 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 >> 8 ); *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", ciphersuite_count ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", + ciphersuite_count ) ); /* For every TLS 1.3 ClientHello, this vector MUST contain exactly * one byte set to zero, which corresponds to the 'null' compression @@ -421,7 +428,8 @@ static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, ssl->conf->transport, p ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", + ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); *olen = 7; From 2ac64193ad5cafa401e69d40b1ff7bc93a584cda Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 18:38:58 +0800 Subject: [PATCH 16/45] Apply MBEDTLS_PUT_xyz Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 24 ++++++++++++------------ library/ssl_tls13_generic.c | 8 ++++---- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d293629857..cd929ce7ed 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -216,8 +216,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, * In cTLS the version number is elided. */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN); - *buf++ = 0x03; - *buf++ = 0x03; + MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0); + buf += 2; buflen -= CLIENT_HELLO_VERSION_LEN; /* Write random bytes */ @@ -295,16 +295,16 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - *buf++ = (unsigned char)( ciphersuites[i] >> 8 ); - *buf++ = (unsigned char)( ciphersuites[i] ); + MBEDTLS_PUT_UINT16_BE( ciphersuites[i], buf, 0); + buf += 2; buflen -= 2; } /* write ciphersuite length now */ - *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 >> 8 ); - *ciphersuite_start++ = (unsigned char)( ciphersuite_count*2 ); + MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0); + ciphersuite_start += 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", @@ -385,8 +385,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len ); /* Write extension length */ - *extension_start++ = (unsigned char)( ( total_ext_len >> 8 ) & 0xFF ); - *extension_start++ = (unsigned char)( ( total_ext_len ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0); + extension_start += 2; *len_with_binders = ( extension_start + total_ext_len ) - start; return( 0 ); @@ -412,12 +412,12 @@ static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ) & 0xFF ); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0); /* total length */ - *p++ = 0x00; - *p++ = 3; + MBEDTLS_PUT_UINT16_BE( 3, p, 2); + + p+=4; /* length of next field */ *p++ = 0x2; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7ec7423ea0..4a0493a940 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -62,10 +62,10 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, unsigned char hs_hdr[4]; /* Build HS header for checksum update. */ - hs_hdr[0] = hs_type; - hs_hdr[1] = (unsigned char)( total_hs_len >> 16 ); - hs_hdr[2] = (unsigned char)( total_hs_len >> 8 ); - hs_hdr[3] = (unsigned char)( total_hs_len >> 0 ); + hs_hdr[0] = MBEDTLS_BYTE_0( hs_type ); + hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len ); + hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len ); + hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len ); ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) ); } From 55b90386004e882922bbb045144e047865ba2fd2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 18:42:05 +0800 Subject: [PATCH 17/45] fix coding style issue Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index cd929ce7ed..8996e8adcb 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -107,7 +107,7 @@ cleanup: MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); /* client_hello_process haven't finished */ - ret=MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; return ret; } From f443681f561e604740f6626f8fb411c52e2bf696 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 22:59:56 +0800 Subject: [PATCH 18/45] fix function name conversion issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 12 ++++---- library/ssl_tls.c | 2 +- library/ssl_tls13_client.c | 55 +++++++++++++++++++------------------ library/ssl_tls13_generic.c | 10 +++---- 4 files changed, 40 insertions(+), 39 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9cf1e4ff39..016dfe162e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -949,7 +949,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ); #endif @@ -1385,24 +1385,24 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl, - int state ) + mbedtls_ssl_states state ) { ssl->state = state; } -int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, +int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, size_t *buflen ); -int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, +int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t buf_len, size_t msg_len ); -void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, +void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, +int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1c8c7bd734..831cc52ac0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5181,7 +5181,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) - ret = mbedtls_ssl_handshake_client_step_tls1_3( ssl ); + ret = mbedtls_ssl_tls13_handshake_client_step( ssl ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8996e8adcb..ceb692ea56 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -33,9 +33,9 @@ #define CLIENT_HELLO_RAND_BYTES_LEN 32 #define CLIENT_HELLO_VERSION_LEN 2 /* Main entry point; orchestrates the other functions */ -static int ssl_client_hello_process( mbedtls_ssl_context *ssl ); +static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; @@ -54,7 +54,7 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) break; case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_client_hello_process( ssl ); + ret = ssl_tls13_write_client_hello( ssl ); break; case MBEDTLS_SSL_SERVER_HELLO: @@ -72,13 +72,13 @@ int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl ) } -static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl ); -static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, +static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ); +static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, size_t *len_with_binders ); -static int ssl_client_hello_postprocess( mbedtls_ssl_context *ssl ); +static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl ); -static int ssl_client_hello_process( mbedtls_ssl_context *ssl ) +static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) { int ret = 0; unsigned char *buf; @@ -86,21 +86,21 @@ static int ssl_client_hello_process( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); - MBEDTLS_SSL_PROC_CHK( ssl_client_hello_prepare, ( ssl ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg, + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg, ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) ); - MBEDTLS_SSL_PROC_CHK( ssl_client_hello_write_partial, + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello, ( ssl, buf, buf_len, &msg_len ) ); - mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, msg_len ); ssl->handshake->update_checksum( ssl, buf, 0 ); - MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg, ( ssl, buf_len, msg_len ) ); cleanup: @@ -111,7 +111,7 @@ cleanup: return ret; } -static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl ) +static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) { int ret; @@ -126,7 +126,7 @@ static int ssl_client_hello_prepare( mbedtls_ssl_context *ssl ) return( 0 ); } -static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) +static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl ) { mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); @@ -135,26 +135,26 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl ) /* Write extensions */ -static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ); -static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, size_t *len_with_binders ) { @@ -337,7 +337,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, * For cTLS we only need to provide it if there is more than one version * and currently there is only one. */ - ssl_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); + ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); total_ext_len += cur_ext_len; buf += cur_ext_len; @@ -345,7 +345,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, /* The supported_groups and the key_share extensions are * REQUIRED for ECDHE ciphersuites. */ - ret = ssl_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); + ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); @@ -354,7 +354,8 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, /* The supported_signature_algorithms extension is REQUIRED for * certificate authenticated ciphersuites. */ - ret = mbedtls_ssl_write_signature_algorithms_ext( ssl, buf, end, &cur_ext_len ); + ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf, + end, &cur_ext_len ); if( ret != 0 ) return( ret ); @@ -369,7 +370,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above ) */ - ret = ssl_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); + ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); @@ -393,13 +394,13 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context *ssl, } /* - * ssl_write_supported_versions_ext(): + * ssl_tls13_write_supported_versions_ext(): * * struct { * ProtocolVersion versions<2..254>; * } SupportedVersions; */ -static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ) @@ -438,7 +439,7 @@ static int ssl_write_supported_versions_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ) @@ -450,7 +451,7 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } -static int ssl_write_key_shares_ext( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 4a0493a940..be44141518 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -27,7 +27,7 @@ #include "ssl_misc.h" -int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, +int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, size_t *buflen ) @@ -41,7 +41,7 @@ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, return( 0 ); } -int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, +int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t buf_len, size_t msg_len ) { @@ -55,7 +55,7 @@ cleanup: return( ret ); } -void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, +void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len ) { @@ -73,7 +73,7 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* - * mbedtls_ssl_write_signature_algorithms_ext( ) + * mbedtls_ssl_tls13_write_signature_algorithms_ext( ) * * enum { * .... @@ -90,7 +90,7 @@ void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, * Only if we handle at least one key exchange that needs signatures. */ -int mbedtls_ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, +int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, unsigned char* buf, unsigned char* end, size_t* olen ) From d532fe77206296f428aba403416e394bb0a1dc7c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 26 Aug 2021 23:11:55 +0800 Subject: [PATCH 19/45] write client hello also in hello reqeust Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ceb692ea56..0a07e06c40 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -49,10 +49,11 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) switch( ssl->state ) { + /* + * ssl->state is initialized as HELLO_REQUEST. It is same + * with CLIENT_HELLO status + */ case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); - break; - case MBEDTLS_SSL_CLIENT_HELLO: ret = ssl_tls13_write_client_hello( ssl ); break; From 9e42f6efd36a661f177da276487a5242fd1006fc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Aug 2021 15:14:01 +0800 Subject: [PATCH 20/45] Revert "Move random function check" This reverts commit cc88b34f7942f57ea0fd27ee4b3e29f49c91f10e. It causes many test fail. It should be re-considered. Signed-off-by: Jerry Yu --- library/ssl_tls.c | 6 ------ library/ssl_tls13_client.c | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 831cc52ac0..c43f95ee1b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3182,12 +3182,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) if( ret != 0 ) return( ret ); - if( ssl->conf->f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); - return( MBEDTLS_ERR_SSL_NO_RNG ); - } - /* Space for further checks */ return( 0 ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0a07e06c40..f5a6e20cab 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -116,6 +116,12 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) { int ret; + if( ssl->conf->f_rng == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); + return( MBEDTLS_ERR_SSL_NO_RNG ); + } + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 ) From 9176c3ad8c58b68d1770dcdf46fd90bbd5072968 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Aug 2021 14:58:49 +0800 Subject: [PATCH 21/45] trim spaces Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f5a6e20cab..3611f70b0d 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -49,7 +49,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) switch( ssl->state ) { - /* + /* * ssl->state is initialized as HELLO_REQUEST. It is same * with CLIENT_HELLO status */ @@ -361,7 +361,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, /* The supported_signature_algorithms extension is REQUIRED for * certificate authenticated ciphersuites. */ - ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf, + ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); From 92c6b402d7ccf127d4700b49af5a9977c908ee3f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Aug 2021 16:59:09 +0800 Subject: [PATCH 22/45] Remove prototype of static functions Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 318 +++++++++++++++++-------------------- 1 file changed, 147 insertions(+), 171 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 3611f70b0d..41b133437d 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -32,135 +32,82 @@ #define CLIENT_HELLO_RAND_BYTES_LEN 32 #define CLIENT_HELLO_VERSION_LEN 2 -/* Main entry point; orchestrates the other functions */ -static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ); - -int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) -{ - int ret = 0; - - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); - - switch( ssl->state ) - { - /* - * ssl->state is initialized as HELLO_REQUEST. It is same - * with CLIENT_HELLO status - */ - case MBEDTLS_SSL_HELLO_REQUEST: - case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_tls13_write_client_hello( ssl ); - break; - - case MBEDTLS_SSL_SERVER_HELLO: - // Stop here : we haven't finished whole flow - ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); - break; - - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - - return( ret ); -} - - -static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ); -static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t buflen, - size_t *len_with_binders ); -static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl ); - -static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) -{ - int ret = 0; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); - - MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) ); - - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg, - ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - &buf, &buf_len ) ); - - MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello, - ( ssl, buf, buf_len, &msg_len ) ); - - mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - msg_len ); - ssl->handshake->update_checksum( ssl, buf, 0 ); - - MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg, - ( ssl, buf_len, msg_len ) ); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); - /* client_hello_process haven't finished */ - ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - return ret; -} - -static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) -{ - int ret; - - if( ssl->conf->f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); - return( MBEDTLS_ERR_SSL_NO_RNG ); - } - - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, - ssl->handshake->randbytes, - CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); - return( ret ); - } - - return( 0 ); -} - -static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl ) -{ - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); - - return( 0 ); -} /* Write extensions */ +/* + * ssl_tls13_write_supported_versions_ext(): + * + * struct { + * ProtocolVersion versions<2..254>; + * } SupportedVersions; + */ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ); + size_t *olen ) +{ + unsigned char *p = buf; + + *olen = 0; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); + + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0); + + /* total length */ + MBEDTLS_PUT_UINT16_BE( 3, p, 2); + p+=4; + + /* length of next field */ + *p++ = 0x2; + + /* This implementation only supports a single TLS version, and only + * advertises a single value. + */ + mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, + ssl->conf->transport, p ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", + ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + + *olen = 7; + + return( 0 ); +} #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ); + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + ((void) olen); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *olen ); + size_t *olen ) +{ + ((void) ssl); + ((void) buf); + ((void) end); + ((void) olen); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); +} #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +/* Functions for ClientHello */ + static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, size_t *len_with_binders ) @@ -344,7 +291,9 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, * For cTLS we only need to provide it if there is more than one version * and currently there is only one. */ - ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); + ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); total_ext_len += cur_ext_len; buf += cur_ext_len; @@ -400,77 +349,104 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, return( 0 ); } -/* - * ssl_tls13_write_supported_versions_ext(): - * - * struct { - * ProtocolVersion versions<2..254>; - * } SupportedVersions; - */ -static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context* ssl ) { - unsigned char *p = buf; + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO ); + return( 0 ); +} - *olen = 0; +static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) +{ + int ret; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) ); + if( ssl->conf->f_rng == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) ); + return( MBEDTLS_ERR_SSL_NO_RNG ); + } - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); - - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0); - - /* total length */ - MBEDTLS_PUT_UINT16_BE( 3, p, 2); - - p+=4; - - /* length of next field */ - *p++ = 0x2; - - /* This implementation only supports a single TLS version, and only - * advertises a single value. - */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", - ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); - - *olen = 7; + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, + ssl->handshake->randbytes, + CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); + return( ret ); + } return( 0 ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +/* + * ClientHello Main entry point. + * orchestrates the other functions. + */ +static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) { - ((void) ssl); - ((void) buf); - ((void) end); - ((void) olen); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + int ret = 0; + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg, + ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello, + ( ssl, buf, buf_len, &msg_len ) ); + + mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + msg_len ); + ssl->handshake->update_checksum( ssl, buf, 0 ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg, + ( ssl, buf_len, msg_len ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); + return ret; } -static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) { - ((void) ssl); - ((void) buf); - ((void) end); - ((void) olen); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -} + int ret = 0; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); + + switch( ssl->state ) + { + /* + * ssl->state is initialized as HELLO_REQUEST. It is same + * with CLIENT_HELLO status + */ + case MBEDTLS_SSL_HELLO_REQUEST: + case MBEDTLS_SSL_CLIENT_HELLO: + ret = ssl_tls13_write_client_hello( ssl ); + break; + + case MBEDTLS_SSL_SERVER_HELLO: + // Stop here : we haven't finished whole flow + ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + break; + + default: + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + return( ret ); +} #endif /* MBEDTLS_SSL_CLI_C */ From 275619336a78c6879f82168e00fa6b510ee63ccc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Aug 2021 17:07:38 +0800 Subject: [PATCH 23/45] fix name conversion issue for tls13 server entry Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls13_server.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 016dfe162e..10b07b751a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -950,7 +950,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ); #endif int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c43f95ee1b..360419240f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5189,7 +5189,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) ) - ret = mbedtls_ssl_handshake_server_step_tls1_3( ssl ); + ret = mbedtls_ssl_tls13_handshake_server_step( ssl ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index a56727741b..0dcd7ed602 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -25,7 +25,7 @@ #include "ssl_misc.h" -int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) { ((void) ssl); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); From 5cc8f0a0d849407adac6e033a80a0b8cf34eb58a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Aug 2021 17:21:44 +0800 Subject: [PATCH 24/45] Add simple document for tls13 functions Signed-off-by: Jerry Yu --- library/ssl_misc.h | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 10b07b751a..8c38cd06e1 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -132,8 +132,15 @@ #define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) #define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) +/* + * Helper macros for function call with returen check. + */ +/* utils for strip parens in marcro */ #define MBEDTLS_SSL_PROC_STRIP_PARENS( ... ) __VA_ARGS__ +/* + * Exit and print debug message when return none zero value + */ #define MBEDTLS_SSL_PROC_CHK( fn, args ) \ do { \ ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \ @@ -146,6 +153,9 @@ } \ } while( 0 ) +/* + * Exit and print debug message when return negative value + */ #define MBEDTLS_SSL_PROC_CHK_NEG( fn, args ) \ do { \ ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \ @@ -949,7 +959,18 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/** + * \brief TLS1.3 client side state machine entry + * + * \param ssl SSL context + */ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ); + +/** + * \brief TLS1.3 server side state machine entry + * + * \param ssl SSL context + */ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ); #endif @@ -1390,18 +1411,30 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl, ssl->state = state; } +/* + * Write tls13 handshake message header + */ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, size_t *buflen ); +/* + * Write tls13 handshake message tail + */ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t buf_len, size_t msg_len ); +/* + * Update checksum with handshake header + */ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* + * Write TLS1.3 Signature Algorithm extesion + */ int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen); From c4d22444d65c6483e349f3019ed38454c41176e8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 27 Aug 2021 20:04:33 +0800 Subject: [PATCH 25/45] fix undeclared variable error Signed-off-by: Jerry Yu # Conflicts: # library/ssl_tls13_client.c --- library/ssl_tls13_client.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 41b133437d..a03aa8e461 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -112,7 +112,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, size_t *len_with_binders ) { - /* Extensions */ + /* Extensions */ /* extension_start * Used during extension writing where the @@ -120,9 +120,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, * extension list must be kept to write * the total extension list size in the end. */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) int ret; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ unsigned char* extension_start; size_t cur_ext_len; /* Size of the current extension */ size_t total_ext_len; /* Size of list of extensions */ From 995ecd396ffbba84dcf84d3399c6fd270ec1b820 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Aug 2021 17:53:49 +0800 Subject: [PATCH 26/45] fix wrong iana values and comments Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 14 +++++++------- library/ssl_misc.h | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b7b22c20d4..540ff1fc52 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -472,21 +472,21 @@ #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 -#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 -#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 #define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_USE_SRTP 14 -#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.3 */ #define MBEDTLS_TLS_EXT_ALPN 16 -#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 19 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 20 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 8446 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7259 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.3 */ #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8c38cd06e1..32017f3458 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -118,8 +118,8 @@ #define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 ) #define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 ) #define MBEDTLS_SSL_EXT_SCT ( 1 << 8 ) -#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 9 ) -#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 10 ) +#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 ) +#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 ) #define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 ) #define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 ) #define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 ) From eecfbf001cb6dff76bb6756e259818ce40fc38d1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Aug 2021 18:32:07 +0800 Subject: [PATCH 27/45] fix format issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 23 ++++++++-------- library/ssl_tls13_client.c | 55 +++++++++++++++++++------------------ library/ssl_tls13_generic.c | 23 ++++++++-------- 3 files changed, 53 insertions(+), 48 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 32017f3458..50aee6ffd2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1405,8 +1405,8 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl, - mbedtls_ssl_states state ) +static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, + mbedtls_ssl_states state ) { ssl->state = state; } @@ -1415,29 +1415,30 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context* ssl, * Write tls13 handshake message header */ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buflen ); + unsigned hs_type, + unsigned char **buf, + size_t *buflen ); /* * Write tls13 handshake message tail */ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, - size_t buf_len, - size_t msg_len ); + size_t buf_len, + size_t msg_len ); /* * Update checksum with handshake header */ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len ); + unsigned hs_type, + size_t total_hs_len ); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Write TLS1.3 Signature Algorithm extesion */ int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, unsigned char *end, - size_t *olen); + unsigned char *buf, + unsigned char *end, + size_t *olen); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a03aa8e461..ef9836d195 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -43,9 +43,9 @@ * } SupportedVersions; */ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) + unsigned char *buf, + unsigned char *end, + size_t *olen ) { unsigned char *p = buf; @@ -55,11 +55,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0); + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); /* total length */ MBEDTLS_PUT_UINT16_BE( 3, p, 2); - p+=4; + p += 4; /* length of next field */ *p++ = 0x2; @@ -67,11 +67,13 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, /* This implementation only supports a single TLS version, and only * advertises a single value. */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%d:%d]", - ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + ssl->conf->max_major_ver, + ssl->conf->max_minor_ver ) ); *olen = 7; @@ -81,9 +83,9 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); @@ -93,9 +95,9 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, } static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); @@ -109,8 +111,9 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, /* Functions for ClientHello */ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t buflen, - size_t *len_with_binders ) + unsigned char *buf, + size_t buflen, + size_t *len_with_binders ) { /* Extensions */ @@ -121,20 +124,20 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, * the total extension list size in the end. */ int ret; - unsigned char* extension_start; + unsigned char *extension_start; size_t cur_ext_len; /* Size of the current extension */ size_t total_ext_len; /* Size of list of extensions */ /* Buffer management */ - unsigned char* start = buf; - unsigned char* end = buf + buflen; + unsigned char *start = buf; + unsigned char *end = buf + buflen; /* Ciphersuite-related variables */ - const int* ciphersuites; - const mbedtls_ssl_ciphersuite_t* ciphersuite_info; + const int *ciphersuites; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; /* ciphersuite_start points to the start of the ciphersuite list, i.e. to the length field*/ - unsigned char* ciphersuite_start; + unsigned char *ciphersuite_start; size_t ciphersuite_count; /* Keeping track of the included extensions */ @@ -167,13 +170,13 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, * * In cTLS the version number is elided. */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN); + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN ); MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0); buf += 2; buflen -= CLIENT_HELLO_VERSION_LEN; /* Write random bytes */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN); + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN ); memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, CLIENT_HELLO_RAND_BYTES_LEN ); @@ -255,7 +258,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, } /* write ciphersuite length now */ - MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0); + MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0 ); ciphersuite_start += 2; MBEDTLS_SSL_DEBUG_MSG( 3, @@ -340,7 +343,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len ); /* Write extension length */ - MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0); + MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 ); extension_start += 2; *len_with_binders = ( extension_start + total_ext_len ) - start; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index be44141518..4b087baa26 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -28,9 +28,9 @@ #include "ssl_misc.h" int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buflen ) + unsigned hs_type, + unsigned char **buf, + size_t *buflen ) { *buf = ssl->out_msg + 4; *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; @@ -42,8 +42,8 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, } int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, - size_t buf_len, - size_t msg_len ) + size_t buf_len, + size_t msg_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) buf_len); @@ -56,8 +56,8 @@ cleanup: } void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len ) + unsigned hs_type, + size_t total_hs_len ) { unsigned char hs_hdr[4]; @@ -90,10 +90,11 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, * Only if we handle at least one key exchange that needs signatures. */ -int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char* buf, - unsigned char* end, - size_t* olen ) +int mbedtls_ssl_tls13_write_signature_algorithms_ext( + mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); From e41dec015846b3e0d461654f6ef06814d10bde61 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 10:57:07 +0800 Subject: [PATCH 28/45] Rename write signature algorithms function To keep similar name with other place. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 8 ++++---- library/ssl_tls13_client.c | 3 +-- library/ssl_tls13_generic.c | 11 +++++------ 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 50aee6ffd2..6b0bf574b6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1435,10 +1435,10 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, /* * Write TLS1.3 Signature Algorithm extesion */ -int mbedtls_ssl_tls13_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen); +int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ef9836d195..dce83f427b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -311,8 +311,7 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, /* The supported_signature_algorithms extension is REQUIRED for * certificate authenticated ciphersuites. */ - ret = mbedtls_ssl_tls13_write_signature_algorithms_ext( ssl, buf, - end, &cur_ext_len ); + ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 4b087baa26..1713d4c813 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -73,7 +73,7 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* - * mbedtls_ssl_tls13_write_signature_algorithms_ext( ) + * mbedtls_ssl_tls13_write_sig_alg_ext( ) * * enum { * .... @@ -90,11 +90,10 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, * Only if we handle at least one key exchange that needs signatures. */ -int mbedtls_ssl_tls13_write_signature_algorithms_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen ) +int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) { ((void) ssl); ((void) buf); From 08906d006b01566791587a2a9e6e9623bbea7a93 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 11:05:27 +0800 Subject: [PATCH 29/45] fix name conversion issues Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index dce83f427b..80386c80d3 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -30,8 +30,8 @@ #include "ssl_misc.h" #include -#define CLIENT_HELLO_RAND_BYTES_LEN 32 -#define CLIENT_HELLO_VERSION_LEN 2 +#define CLIENT_HELLO_RANDOM_LEN 32 +#define CLIENT_HELLO_LEGACY_VERSION_LEN 2 /* Write extensions */ @@ -110,7 +110,7 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, /* Functions for ClientHello */ -static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, +static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, size_t *len_with_binders ) @@ -170,19 +170,19 @@ static int ssl_tls13_write_exts_client_hello( mbedtls_ssl_context *ssl, * * In cTLS the version number is elided. */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_VERSION_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0); - buf += 2; - buflen -= CLIENT_HELLO_VERSION_LEN; + buf += CLIENT_HELLO_LEGACY_VERSION_LEN; + buflen -= CLIENT_HELLO_LEGACY_VERSION_LEN; /* Write random bytes */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RAND_BYTES_LEN ); - memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RAND_BYTES_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN ); + memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", - buf, CLIENT_HELLO_RAND_BYTES_LEN ); + buf, CLIENT_HELLO_RANDOM_LEN ); - buf += CLIENT_HELLO_RAND_BYTES_LEN; - buflen -= CLIENT_HELLO_RAND_BYTES_LEN; + buf += CLIENT_HELLO_RANDOM_LEN; + buflen -= CLIENT_HELLO_RANDOM_LEN; /* Versions of TLS before TLS 1.3 supported a * "session resumption" feature which has been merged with pre-shared @@ -367,7 +367,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, - CLIENT_HELLO_RAND_BYTES_LEN ) ) != 0 ) + CLIENT_HELLO_RANDOM_LEN ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); return( ret ); @@ -394,7 +394,7 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, &buf, &buf_len ) ); - MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_exts_client_hello, + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body, ( ssl, buf, buf_len, &msg_len ) ); mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, From 159c5a0e12b3769b14ae7c7e7aab2fe310eafd05 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 12:51:25 +0800 Subject: [PATCH 30/45] fix comments issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 6 +++--- library/ssl_tls13_client.c | 42 +++++++++++++++++++++++++++++--------- 2 files changed, 35 insertions(+), 13 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6b0bf574b6..b1f5f36f55 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1412,14 +1412,14 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, } /* - * Write tls13 handshake message header + * Write TLS 1.3 handshake message header */ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, size_t *buflen ); /* - * Write tls13 handshake message tail + * Write TLS 1.3 handshake message tail */ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t buf_len, @@ -1433,7 +1433,7 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* - * Write TLS1.3 Signature Algorithm extesion + * Write TLS 1.3 Signature Algorithm extension */ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 80386c80d3..f30d408230 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -51,17 +51,24 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported version extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); + /* + * ExtensionType 2 + * ExtensionLength 2 + * VersionSLength 1 + * Version 2 + */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); + /* Write Extension Type */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); - /* total length */ + /* Write Extension Length */ MBEDTLS_PUT_UINT16_BE( 3, p, 2); p += 4; - /* length of next field */ + /* Length of the SupportedVersions field data */ *p++ = 0x2; /* This implementation only supports a single TLS version, and only @@ -108,7 +115,7 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -/* Functions for ClientHello */ +/* Functions for writing ClientHello message */ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -319,11 +326,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, buf += cur_ext_len; /* We need to send the key shares under three conditions: - * 1 ) A certificate-based ciphersuite is being offered. In this case - * supported_groups and supported_signature extensions have been successfully added. - * 2 ) A PSK-based ciphersuite with ECDHE is offered. In this case the + * 1) A certificate-based ciphersuite is being offered. In this case + * supported_groups and supported_signature extensions have been + * successfully added. + * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the * psk_key_exchange_modes has been added as the last extension. - * 3 ) Or, in case all ciphers are supported ( which includes #1 and #2 from above ) + * 3) Or, in case all ciphers are supported ( which includes #1 and #2 + * from above ) */ ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); @@ -377,8 +386,21 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) } /* - * ClientHello Main entry point. - * orchestrates the other functions. + * Write ClientHello handshake message. + * + * Structure of this message: + * + * uint16 ProtocolVersion; + * opaque Random[32]; + * uint8 CipherSuite[2]; // Cryptographic suite selector + * struct { + * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 + * Random random; + * opaque legacy_session_id<0..32>; + * CipherSuite cipher_suites<2..2^16-2>; + * opaque legacy_compression_methods<1..2^8-1>; + * Extension extensions<8..2^16-1>; + * } ClientHello; */ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) { From 67d4ed5b22d846d05144989ad2ba33cb0656cb17 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 13:12:43 +0800 Subject: [PATCH 31/45] force change state type Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b1f5f36f55..e93e55b633 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1408,7 +1408,7 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, mbedtls_ssl_states state ) { - ssl->state = state; + ssl->state = ( int ) state; } /* From 6a643100029d4e739f0f45d5290b81fd3d9e836d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 14:40:36 +0800 Subject: [PATCH 32/45] Cleanup client_hello body. cleanup `ssl_tls13_write_client_hello_body`, fix comments issues. And move ciphersuites to separate function Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 186 ++++++++++++++++++------------------- 1 file changed, 89 insertions(+), 97 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f30d408230..f9cfff5217 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -115,8 +115,79 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -/* Functions for writing ClientHello message */ +/* Write ciphersuites + * CipherSuite cipher_suites<2..2^16-2>; + */ +static int ssl_tls13_write_client_hello_ciphersuites( + mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *olen ) +{ + /* Ciphersuite-related variables */ + const int *ciphersuites; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + /* ciphersuite_start points to the start of + the ciphersuite list, i.e. to the length field*/ + unsigned char *ciphersuite_start, *ciphersuite_iter; + size_t buf_len; + *olen = 0 ; + + /* + * Ciphersuite list + * + * This is a list of the symmetric cipher options supported by + * the client, specifically the record protection algorithm + * ( including secret key length ) and a hash to be used with + * HKDF, in descending order of client preference. + */ + ciphersuites = ssl->conf->ciphersuite_list; + + /* Check available spaces for ciphersuite */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); + + /* Write ciphersuites */ + ciphersuite_start = buf + 2; + ciphersuite_iter = ciphersuite_start; + + for ( size_t i = 0; ciphersuites[i] != 0; i++ ) + { + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); + + if( ciphersuite_info == NULL ) + continue; + + if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 || + ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) + continue; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", + (unsigned int) ciphersuites[i], + ciphersuite_info->name ) ); + + /* Check for available spaces */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); + + MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0); + ciphersuite_iter += 2; + + } + + buf_len = ciphersuite_iter - ciphersuite_start; + + /* write ciphersuite buf length */ + MBEDTLS_PUT_UINT16_BE( buf_len, buf, 0 ); + + + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", + buf_len/2 ) ); + + return( 0 ); +} + +/* Functions for writing ClientHello message */ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, @@ -139,13 +210,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *start = buf; unsigned char *end = buf + buflen; - /* Ciphersuite-related variables */ - const int *ciphersuites; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - /* ciphersuite_start points to the start of - the ciphersuite list, i.e. to the length field*/ - unsigned char *ciphersuite_start; - size_t ciphersuite_count; + *len_with_binders = 0; /* Keeping track of the included extensions */ ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; @@ -169,7 +234,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, ssl->major_ver = ssl->conf->min_major_ver; ssl->minor_ver = ssl->conf->min_minor_ver; - /* For TLS 1.3 we use the legacy version number {0x03, 0x03} + /* Write legacy_version + * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 + * For TLS 1.3 we use the legacy version number {0x03, 0x03} * instead of the true version number. * * For DTLS 1.3 we use the legacy version number @@ -180,16 +247,16 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0); buf += CLIENT_HELLO_LEGACY_VERSION_LEN; - buflen -= CLIENT_HELLO_LEGACY_VERSION_LEN; - /* Write random bytes */ + /* Write random bytes + Random random + */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN ); memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, CLIENT_HELLO_RANDOM_LEN ); buf += CLIENT_HELLO_RANDOM_LEN; - buflen -= CLIENT_HELLO_RANDOM_LEN; /* Versions of TLS before TLS 1.3 supported a * "session resumption" feature which has been merged with pre-shared @@ -203,74 +270,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * ossification ). Otherwise, it MUST be set as a zero-length vector * ( i.e., a zero-valued single byte length field ). */ - if( buflen < 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 ); *buf++ = 0; /* session id length set to zero */ - buflen -= 1; - /* - * Ciphersuite list - * - * This is a list of the symmetric cipher options supported by - * the client, specifically the record protection algorithm - * ( including secret key length ) and a hash to be used with - * HKDF, in descending order of client preference. - */ - ciphersuites = ssl->conf->ciphersuite_list; - - if( buflen < 2 /* for ciphersuite list length */ ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - - /* Skip writing ciphersuite length for now */ - ciphersuite_count = 0; - ciphersuite_start = buf; - buf += 2; - buflen -= 2; - - for ( size_t i = 0; ciphersuites[i] != 0; i++ ) - { - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); - - if( ciphersuite_info == NULL ) - continue; - - if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 || - ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) - continue; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", - (unsigned int) ciphersuites[i], - ciphersuite_info->name ) ); - - ciphersuite_count++; - - if( buflen < 2 /* for ciphersuite list length */ ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - - MBEDTLS_PUT_UINT16_BE( ciphersuites[i], buf, 0); - - buf += 2; - buflen -= 2; - - } - - /* write ciphersuite length now */ - MBEDTLS_PUT_UINT16_BE( ciphersuite_count*2, ciphersuite_start, 0 ); - ciphersuite_start += 2; - - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", - ciphersuite_count ) ); + /* Write ciphersuites */ + ret = ssl_tls13_write_client_hello_ciphersuites( ssl, buf, end, &cur_ext_len ); + if( ret != 0) + return( ret ); + buf += cur_ext_len; /* For every TLS 1.3 ClientHello, this vector MUST contain exactly * one byte set to zero, which corresponds to the 'null' compression @@ -278,20 +285,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * * For cTLS this field is elided. */ - if( buflen < 2 /* for ciphersuite list length */ ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small to hold ClientHello" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); *buf++ = 1; *buf++ = MBEDTLS_SSL_COMPRESS_NULL; - buflen -= 2; /* First write extensions, then the total length */ extension_start = buf; - total_ext_len = 0; buf += 2; /* Supported Versions Extension is mandatory with TLS 1.3. @@ -302,7 +302,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); - total_ext_len += cur_ext_len; buf += cur_ext_len; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -312,8 +311,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); - - total_ext_len += cur_ext_len; buf += cur_ext_len; /* The supported_signature_algorithms extension is REQUIRED for @@ -321,8 +318,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); - - total_ext_len += cur_ext_len; buf += cur_ext_len; /* We need to send the key shares under three conditions: @@ -338,13 +333,13 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); - - total_ext_len += cur_ext_len; buf += cur_ext_len; + #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Add more extensions here */ + total_ext_len = buf - extension_start - 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET , total_ext_len ) ); @@ -354,7 +349,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 ); extension_start += 2; - *len_with_binders = ( extension_start + total_ext_len ) - start; + *len_with_binders = buf - start; return( 0 ); } @@ -390,9 +385,6 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) * * Structure of this message: * - * uint16 ProtocolVersion; - * opaque Random[32]; - * uint8 CipherSuite[2]; // Cryptographic suite selector * struct { * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 * Random random; From a2cf7bd2436f3ad506272547e3674bc40a827527 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 16:12:00 +0800 Subject: [PATCH 33/45] fix comment issues Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 10 +++++----- library/ssl_misc.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 540ff1fc52..b0491bfead 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -472,19 +472,19 @@ #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 -#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 -#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 #define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_USE_SRTP 14 -#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_ALPN 16 -#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7259 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */ +#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.3 */ #define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.3 */ #define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.3 */ #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e93e55b633..6b17667bfe 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -960,14 +960,14 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) /** - * \brief TLS1.3 client side state machine entry + * \brief TLS 1.3 client side state machine entry * * \param ssl SSL context */ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ); /** - * \brief TLS1.3 server side state machine entry + * \brief TLS 1.3 server side state machine entry * * \param ssl SSL context */ From b7ab336b3a98c2d2e8c8ff0bd5d328647e01849a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 16:16:19 +0800 Subject: [PATCH 34/45] fix format issue Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f9cfff5217..736cd208e4 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -65,7 +65,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); /* Write Extension Length */ - MBEDTLS_PUT_UINT16_BE( 3, p, 2); + MBEDTLS_PUT_UINT16_BE( 3, p, 2 ); p += 4; /* Length of the SupportedVersions field data */ @@ -169,7 +169,7 @@ static int ssl_tls13_write_client_hello_ciphersuites( /* Check for available spaces */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0); + MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0 ); ciphersuite_iter += 2; } @@ -245,7 +245,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * In cTLS the version number is elided. */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); - MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0); + MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0 ); buf += CLIENT_HELLO_LEGACY_VERSION_LEN; /* Write random bytes From f171e836eb58f79f315f0d12cde0c50847a22647 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Aug 2021 18:31:09 +0800 Subject: [PATCH 35/45] fix lenght mismatch error Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 736cd208e4..41d2a321ec 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -184,6 +184,8 @@ static int ssl_tls13_write_client_hello_ciphersuites( ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", buf_len/2 ) ); + *olen = ciphersuite_iter - buf; + return( 0 ); } From 1bc2c1f1a3086a0d20c0251580f1ecd7564a0e7c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Sep 2021 12:57:29 +0800 Subject: [PATCH 36/45] fix various issues fix comments, format and name conversion issues Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 6 +- library/ssl_tls13_client.c | 240 ++++++++++++++++-------------------- library/ssl_tls13_generic.c | 8 ++ 3 files changed, 120 insertions(+), 134 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b0491bfead..f533859959 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -484,9 +484,9 @@ #define MBEDTLS_TLS_EXT_ALPN 16 #define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.3 */ +#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.2 and 1.3 */ +#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.2 and 1.3 */ +#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.2 and 1.3 */ #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 41d2a321ec..944e5b50c3 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -31,7 +31,7 @@ #include #define CLIENT_HELLO_RANDOM_LEN 32 -#define CLIENT_HELLO_LEGACY_VERSION_LEN 2 +#define CLIENT_HELLO_LEGACY_VERSION_LEN 2 /* Write extensions */ @@ -54,25 +54,31 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); /* - * ExtensionType 2 - * ExtensionLength 2 - * VersionSLength 1 - * Version 2 + * Reserve space for extension header. + * + * extension_type 2 + * extension_data_length 2 + * version_length 1 + * versions 2 */ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); - /* Write Extension Type */ + /* Write extension_type */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); - /* Write Extension Length */ + /* Write extension_data_length */ MBEDTLS_PUT_UINT16_BE( 3, p, 2 ); p += 4; - /* Length of the SupportedVersions field data */ + /* Length of versions */ *p++ = 0x2; - /* This implementation only supports a single TLS version, and only - * advertises a single value. + /* Write values of supported version. + * + * They are come from configuration values. And + * ssl_conf_check has valided the values. + * + * Currently, only one vesrion is advertised. */ mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, @@ -115,22 +121,22 @@ static int ssl_tls13_write_key_shares_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -/* Write ciphersuites +/* + * Functions for writing ClientHello message. + */ +/* Write cipher_suites * CipherSuite cipher_suites<2..2^16-2>; */ -static int ssl_tls13_write_client_hello_ciphersuites( +static int ssl_tls13_write_client_hello_cipher_suites( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen ) { - /* Ciphersuite-related variables */ - const int *ciphersuites; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - /* ciphersuite_start points to the start of - the ciphersuite list, i.e. to the length field*/ - unsigned char *ciphersuite_start, *ciphersuite_iter; - size_t buf_len; + const int *cipher_suite_list; + unsigned char *cipher_suites_start; /* start of the cipher_suite_list */ + unsigned char *cipher_suites_iter; /* iteration of the cipher_suite_list */ + size_t cipher_suites_len; *olen = 0 ; @@ -142,164 +148,146 @@ static int ssl_tls13_write_client_hello_ciphersuites( * ( including secret key length ) and a hash to be used with * HKDF, in descending order of client preference. */ - ciphersuites = ssl->conf->ciphersuite_list; + cipher_suite_list = ssl->conf->ciphersuite_list; - /* Check available spaces for ciphersuite */ + /* Check there is space for the cipher suite list length (2 bytes). */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - /* Write ciphersuites */ - ciphersuite_start = buf + 2; - ciphersuite_iter = ciphersuite_start; + /* Write cipher_suite_list */ + cipher_suites_start = buf + 2; + cipher_suites_iter = cipher_suites_start; - for ( size_t i = 0; ciphersuites[i] != 0; i++ ) + for ( size_t i = 0; cipher_suite_list[i] != 0; i++ ) { - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); + int cipher_suite = cipher_suite_list[i]; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); if( ciphersuite_info == NULL ) continue; - if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 || ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", - (unsigned int) ciphersuites[i], + (unsigned int) cipher_suite, ciphersuite_info->name ) ); - /* Check for available spaces */ + /* Check there is space for the cipher suite identifier (2 bytes). */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - - MBEDTLS_PUT_UINT16_BE( ciphersuites[i], ciphersuite_iter, 0 ); - ciphersuite_iter += 2; - + MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 ); + cipher_suites_iter += 2; } - buf_len = ciphersuite_iter - ciphersuite_start; - - /* write ciphersuite buf length */ - MBEDTLS_PUT_UINT16_BE( buf_len, buf, 0 ); - - + /* Write the cipher_suite_list length in number of bytes */ + cipher_suites_len = cipher_suites_iter - cipher_suites_start; + MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites", - buf_len/2 ) ); + ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", + cipher_suites_len/2 ) ); - *olen = ciphersuite_iter - buf; + /* Output the total length of cipher_suites field. */ + *olen = cipher_suites_iter - buf; return( 0 ); } -/* Functions for writing ClientHello message */ +/* + * Structure of ClientHello message: + * + * struct { + * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 + * Random random; + * opaque legacy_session_id<0..32>; + * CipherSuite cipher_suites<2..2^16-2>; + * opaque legacy_compression_methods<1..2^8-1>; + * Extension extensions<8..2^16-1>; + * } ClientHello; + */ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, - size_t *len_with_binders ) + size_t *olen ) { - /* Extensions */ - /* extension_start - * Used during extension writing where the - * buffer pointer to the beginning of the - * extension list must be kept to write - * the total extension list size in the end. - */ int ret; - unsigned char *extension_start; - size_t cur_ext_len; /* Size of the current extension */ - size_t total_ext_len; /* Size of list of extensions */ + unsigned char *extension_start; /* Start of extensions buffer */ + size_t cur_ext_len; /* Size of the current extension */ + size_t total_ext_len; /* Size of list of extensions */ /* Buffer management */ unsigned char *start = buf; unsigned char *end = buf + buflen; - *len_with_binders = 0; - - /* Keeping track of the included extensions */ - ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; - - /* NOTE: - * Even for DTLS 1.3, we are writing a TLS handshake header here. - * The actual DTLS 1.3 handshake header is inserted in - * the record writing routine mbedtls_ssl_write_record(). - * - * For cTLS the length, and the version field - * are elided. The random bytes are shorter. - */ - - if( ssl->conf->max_major_ver == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, " - "consider using mbedtls_ssl_config_defaults()" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } + *olen = 0; + /* No validation needed here. It has been done by ssl_conf_check() */ ssl->major_ver = ssl->conf->min_major_ver; ssl->minor_ver = ssl->conf->min_minor_ver; - /* Write legacy_version + /* + * Write legacy_version * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * For TLS 1.3 we use the legacy version number {0x03, 0x03} + * + * For TLS 1.3 we use the legacy version number {0x03, 0x03} * instead of the true version number. - * - * For DTLS 1.3 we use the legacy version number - * {254,253}. - * - * In cTLS the version number is elided. */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0 ); buf += CLIENT_HELLO_LEGACY_VERSION_LEN; - /* Write random bytes - Random random - */ + /* Write the random bytes ( random ).*/ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN ); memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf, CLIENT_HELLO_RANDOM_LEN ); - buf += CLIENT_HELLO_RANDOM_LEN; - /* Versions of TLS before TLS 1.3 supported a - * "session resumption" feature which has been merged with pre-shared - * keys in this version. A client which has a - * cached session ID set by a pre-TLS 1.3 server SHOULD set this - * field to that value. In compatibility mode, - * this field MUST be non-empty, so a client not offering a - * pre-TLS 1.3 session MUST generate a new 32-byte value. This value - * need not be random but SHOULD be unpredictable to avoid - * implementations fixating on a specific value ( also known as - * ossification ). Otherwise, it MUST be set as a zero-length vector - * ( i.e., a zero-valued single byte length field ). + /* + * Write legacy_session_id + * + * Versions of TLS before TLS 1.3 supported a "session resumption" feature + * which has been merged with pre-shared keys in this version. A client + * which has a cached session ID set by a pre-TLS 1.3 server SHOULD set + * this field to that value. In compatibility mode, this field MUST be + * non-empty, so a client not offering a pre-TLS 1.3 session MUST generate + * a new 32-byte value. This value need not be random but SHOULD be + * unpredictable to avoid implementations fixating on a specific value + * ( also known as ossification ). Otherwise, it MUST be set as a zero-length + * vector ( i.e., a zero-valued single byte length field ). */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 ); *buf++ = 0; /* session id length set to zero */ - /* Write ciphersuites */ - ret = ssl_tls13_write_client_hello_ciphersuites( ssl, buf, end, &cur_ext_len ); + /* Write cipher_suites */ + ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &cur_ext_len ); if( ret != 0) return( ret ); buf += cur_ext_len; - /* For every TLS 1.3 ClientHello, this vector MUST contain exactly + /* Write legacy_compression_methods + * + * For every TLS 1.3 ClientHello, this vector MUST contain exactly * one byte set to zero, which corresponds to the 'null' compression * method in prior versions of TLS. - * - * For cTLS this field is elided. */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); *buf++ = 1; *buf++ = MBEDTLS_SSL_COMPRESS_NULL; + /* Write extensions */ + + /* Keeping track of the included extensions */ + ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; /* First write extensions, then the total length */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); extension_start = buf; buf += 2; - /* Supported Versions Extension is mandatory with TLS 1.3. + /* Write supported_versions extension * - * For cTLS we only need to provide it if there is more than one version - * and currently there is only one. + * Supported Versions Extension is mandatory with TLS 1.3. */ ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) @@ -307,22 +295,18 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, buf += cur_ext_len; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - /* The supported_groups and the key_share extensions are - * REQUIRED for ECDHE ciphersuites. + /* Write supported_groups extension + * + * It is REQUIRED for ECDHE cipher_suites. */ ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); buf += cur_ext_len; - /* The supported_signature_algorithms extension is REQUIRED for - * certificate authenticated ciphersuites. */ - ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len ); - if( ret != 0 ) - return( ret ); - buf += cur_ext_len; - - /* We need to send the key shares under three conditions: + /* Write key_share extension + * + * We need to send the key shares under three conditions: * 1) A certificate-based ciphersuite is being offered. In this case * supported_groups and supported_signature extensions have been * successfully added. @@ -331,27 +315,32 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * 3) Or, in case all ciphers are supported ( which includes #1 and #2 * from above ) */ - ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); if( ret != 0 ) return( ret ); buf += cur_ext_len; + /* Write signature_algorithms extension + * + * It is REQUIRED for certificate authenticated cipher_suites. + */ + ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len ); + if( ret != 0 ) + return( ret ); + buf += cur_ext_len; + #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Add more extensions here */ + /* Write the length of the list of extensions. */ total_ext_len = buf - extension_start - 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET , total_ext_len ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len ); - - /* Write extension length */ MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 ); - extension_start += 2; - *len_with_binders = buf - start; + *olen = buf - start; return( 0 ); } @@ -384,17 +373,6 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) /* * Write ClientHello handshake message. - * - * Structure of this message: - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * Random random; - * opaque legacy_session_id<0..32>; - * CipherSuite cipher_suites<2..2^16-2>; - * opaque legacy_compression_methods<1..2^8-1>; - * Extension extensions<8..2^16-1>; - * } ClientHello; */ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1713d4c813..f33c2f636b 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -32,6 +32,13 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned char **buf, size_t *buflen ) { + /* + * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 ) + * ... + * HandshakeType msg_type; + * uint24 length; + * ... + */ *buf = ssl->out_msg + 4; *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; @@ -48,6 +55,7 @@ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) buf_len); + /* Add reserved 4 bytes for handshake header */ ssl->out_msglen = msg_len + 4; MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext, ( ssl, 0 ) ); From 790656a0a61961296552b75b446bc3f4c50d1b32 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 1 Sep 2021 15:51:48 +0800 Subject: [PATCH 37/45] fix name conversion issues fix name conversion issues in `ssl_tls13_write_client_hello_body` Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 944e5b50c3..d354087413 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -211,9 +211,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, { int ret; - unsigned char *extension_start; /* Start of extensions buffer */ - size_t cur_ext_len; /* Size of the current extension */ - size_t total_ext_len; /* Size of list of extensions */ + unsigned char *extensions_len_ptr; /* pointer of extensions length */ + size_t output_len; /* Length of buffer used by function */ + size_t extensions_len; /* Length of the list of extensions*/ /* Buffer management */ unsigned char *start = buf; @@ -260,10 +260,10 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, *buf++ = 0; /* session id length set to zero */ /* Write cipher_suites */ - ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &cur_ext_len ); + ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len ); if( ret != 0) return( ret ); - buf += cur_ext_len; + buf += output_len; /* Write legacy_compression_methods * @@ -282,27 +282,27 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, /* First write extensions, then the total length */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - extension_start = buf; + extensions_len_ptr = buf; buf += 2; /* Write supported_versions extension * * Supported Versions Extension is mandatory with TLS 1.3. */ - ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &cur_ext_len ); + ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &output_len ); if( ret != 0 ) return( ret ); - buf += cur_ext_len; + buf += output_len; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Write supported_groups extension * * It is REQUIRED for ECDHE cipher_suites. */ - ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &cur_ext_len ); + ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &output_len ); if( ret != 0 ) return( ret ); - buf += cur_ext_len; + buf += output_len; /* Write key_share extension * @@ -315,30 +315,30 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * 3) Or, in case all ciphers are supported ( which includes #1 and #2 * from above ) */ - ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &cur_ext_len ); + ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &output_len ); if( ret != 0 ) return( ret ); - buf += cur_ext_len; + buf += output_len; /* Write signature_algorithms extension * * It is REQUIRED for certificate authenticated cipher_suites. */ - ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &cur_ext_len ); + ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &output_len ); if( ret != 0 ) return( ret ); - buf += cur_ext_len; + buf += output_len; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Add more extensions here */ /* Write the length of the list of extensions. */ - total_ext_len = buf - extension_start - 2; + extensions_len = buf - extensions_len_ptr - 2; + MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_len_ptr, 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET , - total_ext_len ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extension_start, total_ext_len ); - MBEDTLS_PUT_UINT16_BE( total_ext_len, extension_start, 0 ); + extensions_len ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extensions_len_ptr, extensions_len ); *olen = buf - start; return( 0 ); From 0c63af6ed6576aebdb8dcc3ec9852ae42b53c75e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 2 Sep 2021 12:59:12 +0800 Subject: [PATCH 38/45] fix comment issues Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 35 +++++++++++++++++------------------ library/ssl_tls13_generic.c | 4 ++-- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d354087413..373efff10f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -54,7 +54,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); /* - * Reserve space for extension header. + * Check space for extension header. * * extension_type 2 * extension_data_length 2 @@ -73,12 +73,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, /* Length of versions */ *p++ = 0x2; - /* Write values of supported version. + /* Write values of supported versions. * - * They are come from configuration values. And - * ssl_conf_check has valided the values. + * They are defined by the configuration. * - * Currently, only one vesrion is advertised. + * Currently, only one version is advertised. */ mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, @@ -133,9 +132,9 @@ static int ssl_tls13_write_client_hello_cipher_suites( unsigned char *end, size_t *olen ) { - const int *cipher_suite_list; - unsigned char *cipher_suites_start; /* start of the cipher_suite_list */ - unsigned char *cipher_suites_iter; /* iteration of the cipher_suite_list */ + const int *ciphersuite_list; + unsigned char *cipher_suites_start; /* Start of the cipher_suites list */ + unsigned char *cipher_suites_iter; /* Iteration over the cipher_suites list */ size_t cipher_suites_len; *olen = 0 ; @@ -148,18 +147,18 @@ static int ssl_tls13_write_client_hello_cipher_suites( * ( including secret key length ) and a hash to be used with * HKDF, in descending order of client preference. */ - cipher_suite_list = ssl->conf->ciphersuite_list; + ciphersuite_list = ssl->conf->ciphersuite_list; /* Check there is space for the cipher suite list length (2 bytes). */ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - /* Write cipher_suite_list */ + /* Write cipher_suites */ cipher_suites_start = buf + 2; cipher_suites_iter = cipher_suites_start; - for ( size_t i = 0; cipher_suite_list[i] != 0; i++ ) + for ( size_t i = 0; ciphersuite_list[i] != 0; i++ ) { - int cipher_suite = cipher_suite_list[i]; + int cipher_suite = ciphersuite_list[i]; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); @@ -179,7 +178,7 @@ static int ssl_tls13_write_client_hello_cipher_suites( cipher_suites_iter += 2; } - /* Write the cipher_suite_list length in number of bytes */ + /* Write the cipher_suites length in number of bytes */ cipher_suites_len = cipher_suites_iter - cipher_suites_start; MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, @@ -211,7 +210,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, { int ret; - unsigned char *extensions_len_ptr; /* pointer of extensions length */ + unsigned char *extensions_len_ptr; /* Pointer of extensions length */ size_t output_len; /* Length of buffer used by function */ size_t extensions_len; /* Length of the list of extensions*/ @@ -392,8 +391,8 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) ( ssl, buf, buf_len, &msg_len ) ); mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - msg_len ); - ssl->handshake->update_checksum( ssl, buf, 0 ); + msg_len ); + ssl->handshake->update_checksum( ssl, buf, msg_len ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) ); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg, @@ -420,8 +419,8 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) switch( ssl->state ) { /* - * ssl->state is initialized as HELLO_REQUEST. It is same - * with CLIENT_HELLO status + * ssl->state is initialized as HELLO_REQUEST. It is the same + * as CLIENT_HELLO state. */ case MBEDTLS_SSL_HELLO_REQUEST: case MBEDTLS_SSL_CLIENT_HELLO: diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f33c2f636b..fb6da346fc 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -30,7 +30,7 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, - size_t *buflen ) + size_t *buf_len ) { /* * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 ) @@ -40,7 +40,7 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, * ... */ *buf = ssl->out_msg + 4; - *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; + *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = hs_type; From 2c0fbf3405aa1d71f8f2d966a06399454a53afce Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 2 Sep 2021 13:53:46 +0800 Subject: [PATCH 39/45] modify proc_chk macros - change the parameter - remove debug output - remove return value modify Signed-off-by: Jerry Yu --- library/ssl_misc.h | 17 ++++------------- library/ssl_tls13_client.c | 23 +++++++++++++---------- library/ssl_tls13_generic.c | 2 +- 3 files changed, 18 insertions(+), 24 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6b17667bfe..e16c674cb0 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -26,7 +26,6 @@ #include "mbedtls/ssl.h" #include "mbedtls/cipher.h" -#include "mbedtls/debug.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" @@ -135,33 +134,25 @@ /* * Helper macros for function call with returen check. */ -/* utils for strip parens in marcro */ -#define MBEDTLS_SSL_PROC_STRIP_PARENS( ... ) __VA_ARGS__ - /* * Exit and print debug message when return none zero value */ -#define MBEDTLS_SSL_PROC_CHK( fn, args ) \ +#define MBEDTLS_SSL_PROC_CHK( f ) \ do { \ - ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \ + ret = ( f ); \ if( ret != 0 ) \ { \ - if( ret > 0 ) \ - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; \ - MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret ); \ goto cleanup; \ } \ } while( 0 ) - /* * Exit and print debug message when return negative value */ -#define MBEDTLS_SSL_PROC_CHK_NEG( fn, args ) \ +#define MBEDTLS_SSL_PROC_CHK_NEG( f ) \ do { \ - ret = fn(MBEDTLS_SSL_PROC_STRIP_PARENS args); \ + ret = ( f ); \ if( ret < 0 ) \ { \ - MBEDTLS_SSL_DEBUG_RET( 1, #fn, ret ); \ goto cleanup; \ } \ } while( 0 ) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 373efff10f..6b89273353 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -381,22 +381,25 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); - MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello, ( ssl ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg, - ( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - &buf, &buf_len ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( + ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + &buf, &buf_len ) ); - MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body, - ( ssl, buf, buf_len, &msg_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body( ssl, buf, + buf_len, + &msg_len ) ); - mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, + mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, + MBEDTLS_SSL_HS_CLIENT_HELLO, msg_len ); ssl->handshake->update_checksum( ssl, buf, msg_len ); - MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello, ( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg, - ( ssl, buf_len, msg_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello( ssl ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl, + buf_len, + msg_len ) ); cleanup: diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index fb6da346fc..3c49a379bd 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -57,7 +57,7 @@ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, /* Add reserved 4 bytes for handshake header */ ssl->out_msglen = msg_len + 4; - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext, ( ssl, 0 ) ); + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) ); cleanup: return( ret ); From ef387d79a467c77b68605bcfd91a2981518e9b62 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 2 Sep 2021 13:59:41 +0800 Subject: [PATCH 40/45] change prototype of write body To keep consistence with others Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 6b89273353..262481c6a7 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -205,7 +205,7 @@ static int ssl_tls13_write_client_hello_cipher_suites( */ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, unsigned char *buf, - size_t buflen, + unsigned char *end, size_t *olen ) { @@ -216,7 +216,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, /* Buffer management */ unsigned char *start = buf; - unsigned char *end = buf + buflen; *olen = 0; @@ -388,7 +387,7 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl ) &buf, &buf_len ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_client_hello_body( ssl, buf, - buf_len, + buf + buf_len, &msg_len ) ); mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, From 8c02bb4b7194631f1a901745400ac76e1180f1a3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 3 Sep 2021 21:09:22 +0800 Subject: [PATCH 41/45] fix various comment issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 6 +++--- library/ssl_tls13_client.c | 16 +++++----------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e16c674cb0..7035c278cf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -132,10 +132,10 @@ #define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) /* - * Helper macros for function call with returen check. + * Helper macros for function call with return check. */ /* - * Exit and print debug message when return none zero value + * Exit when return non-zero value */ #define MBEDTLS_SSL_PROC_CHK( f ) \ do { \ @@ -146,7 +146,7 @@ } \ } while( 0 ) /* - * Exit and print debug message when return negative value + * Exit when return negative value */ #define MBEDTLS_SSL_PROC_CHK_NEG( f ) \ do { \ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 262481c6a7..f8779a09fd 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -164,8 +164,8 @@ static int ssl_tls13_write_client_hello_cipher_suites( ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); if( ciphersuite_info == NULL ) continue; - if( ciphersuite_info->min_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 || - ciphersuite_info->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) + if( !( MBEDTLS_SSL_MINOR_VERSION_4 > ciphersuite_info->min_minor_ver && + MBEDTLS_SSL_MINOR_VERSION_4 < ciphersuite_info->max_minor_ver ) ) continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", @@ -173,7 +173,7 @@ static int ssl_tls13_write_client_hello_cipher_suites( ciphersuite_info->name ) ); /* Check there is space for the cipher suite identifier (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 ); MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 ); cipher_suites_iter += 2; } @@ -210,7 +210,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, { int ret; - unsigned char *extensions_len_ptr; /* Pointer of extensions length */ + unsigned char *extensions_len_ptr; /* Pointer to extensions length */ size_t output_len; /* Length of buffer used by function */ size_t extensions_len; /* Length of the list of extensions*/ @@ -362,7 +362,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl ) ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); return( ret ); } @@ -410,12 +410,6 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Handshake completed but ssl->handshake is NULL.\n" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); switch( ssl->state ) From dbfb7bd873dfa8e5bf9afb5aae3aa2680e9e2fd4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 4 Sep 2021 09:58:58 +0800 Subject: [PATCH 42/45] fix various issues - wrong cipher suite filter condition - name conversion - format issue Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 6 +++--- library/ssl_tls13_generic.c | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f8779a09fd..2a62dc6fdd 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -164,8 +164,8 @@ static int ssl_tls13_write_client_hello_cipher_suites( ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); if( ciphersuite_info == NULL ) continue; - if( !( MBEDTLS_SSL_MINOR_VERSION_4 > ciphersuite_info->min_minor_ver && - MBEDTLS_SSL_MINOR_VERSION_4 < ciphersuite_info->max_minor_ver ) ) + if( !( MBEDTLS_SSL_MINOR_VERSION_4 >= ciphersuite_info->min_minor_ver && + MBEDTLS_SSL_MINOR_VERSION_4 <= ciphersuite_info->max_minor_ver ) ) continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s", @@ -259,7 +259,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, /* Write cipher_suites */ ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len ); - if( ret != 0) + if( ret != 0 ) return( ret ); buf += output_len; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3c49a379bd..ca4c167132 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -53,10 +53,12 @@ int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl, size_t msg_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t msg_len_with_header; ((void) buf_len); /* Add reserved 4 bytes for handshake header */ - ssl->out_msglen = msg_len + 4; + msg_len_with_header = msg_len + 4; + ssl->out_msglen = msg_len_with_header; MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) ); cleanup: From bbe09526b78746e37ebdfcb4d62a0f66581412a4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 6 Sep 2021 21:17:54 +0800 Subject: [PATCH 43/45] fix name conversion issues Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 74 +++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 2a62dc6fdd..fe2e6f850b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -133,8 +133,8 @@ static int ssl_tls13_write_client_hello_cipher_suites( size_t *olen ) { const int *ciphersuite_list; - unsigned char *cipher_suites_start; /* Start of the cipher_suites list */ - unsigned char *cipher_suites_iter; /* Iteration over the cipher_suites list */ + unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */ + unsigned char *p; /* Iteration over the cipher_suites list */ size_t cipher_suites_len; *olen = 0 ; @@ -153,8 +153,8 @@ static int ssl_tls13_write_client_hello_cipher_suites( MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); /* Write cipher_suites */ - cipher_suites_start = buf + 2; - cipher_suites_iter = cipher_suites_start; + cipher_suites_ptr = buf + 2; + p = cipher_suites_ptr; for ( size_t i = 0; ciphersuite_list[i] != 0; i++ ) { @@ -173,20 +173,20 @@ static int ssl_tls13_write_client_hello_cipher_suites( ciphersuite_info->name ) ); /* Check there is space for the cipher suite identifier (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 ); - MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 ); - cipher_suites_iter += 2; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( cipher_suite, p, 0 ); + p += 2; } /* Write the cipher_suites length in number of bytes */ - cipher_suites_len = cipher_suites_iter - cipher_suites_start; + cipher_suites_len = p - cipher_suites_ptr; MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", cipher_suites_len/2 ) ); /* Output the total length of cipher_suites field. */ - *olen = cipher_suites_iter - buf; + *olen = p - buf; return( 0 ); } @@ -215,7 +215,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, size_t extensions_len; /* Length of the list of extensions*/ /* Buffer management */ - unsigned char *start = buf; + unsigned char *p = buf; *olen = 0; @@ -230,16 +230,16 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * For TLS 1.3 we use the legacy version number {0x03, 0x03} * instead of the true version number. */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); - MBEDTLS_PUT_UINT16_BE( 0x0303, buf, 0 ); - buf += CLIENT_HELLO_LEGACY_VERSION_LEN; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); + MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 ); + p += CLIENT_HELLO_LEGACY_VERSION_LEN; /* Write the random bytes ( random ).*/ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, CLIENT_HELLO_RANDOM_LEN ); - memcpy( buf, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_RANDOM_LEN ); + memcpy( p, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", - buf, CLIENT_HELLO_RANDOM_LEN ); - buf += CLIENT_HELLO_RANDOM_LEN; + p, CLIENT_HELLO_RANDOM_LEN ); + p += CLIENT_HELLO_RANDOM_LEN; /* * Write legacy_session_id @@ -254,14 +254,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * ( also known as ossification ). Otherwise, it MUST be set as a zero-length * vector ( i.e., a zero-valued single byte length field ). */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 ); - *buf++ = 0; /* session id length set to zero */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); + *p++ = 0; /* session id length set to zero */ /* Write cipher_suites */ - ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len ); + ret = ssl_tls13_write_client_hello_cipher_suites( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); - buf += output_len; + p += output_len; /* Write legacy_compression_methods * @@ -269,9 +269,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * one byte set to zero, which corresponds to the 'null' compression * method in prior versions of TLS. */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - *buf++ = 1; - *buf++ = MBEDTLS_SSL_COMPRESS_NULL; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + *p++ = 1; + *p++ = MBEDTLS_SSL_COMPRESS_NULL; /* Write extensions */ @@ -279,28 +279,28 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE; /* First write extensions, then the total length */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); - extensions_len_ptr = buf; - buf += 2; + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + extensions_len_ptr = p; + p += 2; /* Write supported_versions extension * * Supported Versions Extension is mandatory with TLS 1.3. */ - ret = ssl_tls13_write_supported_versions_ext( ssl, buf, end, &output_len ); + ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); - buf += output_len; + p += output_len; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Write supported_groups extension * * It is REQUIRED for ECDHE cipher_suites. */ - ret = ssl_tls13_write_supported_groups_ext( ssl, buf, end, &output_len ); + ret = ssl_tls13_write_supported_groups_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); - buf += output_len; + p += output_len; /* Write key_share extension * @@ -313,32 +313,32 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * 3) Or, in case all ciphers are supported ( which includes #1 and #2 * from above ) */ - ret = ssl_tls13_write_key_shares_ext( ssl, buf, end, &output_len ); + ret = ssl_tls13_write_key_shares_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); - buf += output_len; + p += output_len; /* Write signature_algorithms extension * * It is REQUIRED for certificate authenticated cipher_suites. */ - ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, buf, end, &output_len ); + ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); - buf += output_len; + p += output_len; #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Add more extensions here */ /* Write the length of the list of extensions. */ - extensions_len = buf - extensions_len_ptr - 2; + extensions_len = p - extensions_len_ptr - 2; MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_len_ptr, 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET , extensions_len ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", extensions_len_ptr, extensions_len ); - *olen = buf - start; + *olen = p - buf; return( 0 ); } From 4e388286af740564055f004e99ae133f65b9aece Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 6 Sep 2021 21:28:08 +0800 Subject: [PATCH 44/45] fix usage of iteration Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index fe2e6f850b..b10e33bfbf 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -132,9 +132,9 @@ static int ssl_tls13_write_client_hello_cipher_suites( unsigned char *end, size_t *olen ) { + unsigned char *p = buf; /* Iteration over the cipher_suites list */ const int *ciphersuite_list; unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */ - unsigned char *p; /* Iteration over the cipher_suites list */ size_t cipher_suites_len; *olen = 0 ; @@ -150,12 +150,11 @@ static int ssl_tls13_write_client_hello_cipher_suites( ciphersuite_list = ssl->conf->ciphersuite_list; /* Check there is space for the cipher suite list length (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + p += 2; /* Write cipher_suites */ - cipher_suites_ptr = buf + 2; - p = cipher_suites_ptr; - + cipher_suites_ptr = p; for ( size_t i = 0; ciphersuite_list[i] != 0; i++ ) { int cipher_suite = ciphersuite_list[i]; From fec982eacc184b08d00eaeb118c06918147bcfe7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Sep 2021 17:26:06 +0800 Subject: [PATCH 45/45] fix coding style issues Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b10e33bfbf..41c7a4d144 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -31,7 +31,6 @@ #include #define CLIENT_HELLO_RANDOM_LEN 32 -#define CLIENT_HELLO_LEGACY_VERSION_LEN 2 /* Write extensions */ @@ -132,7 +131,7 @@ static int ssl_tls13_write_client_hello_cipher_suites( unsigned char *end, size_t *olen ) { - unsigned char *p = buf; /* Iteration over the cipher_suites list */ + unsigned char *p = buf; const int *ciphersuite_list; unsigned char *cipher_suites_ptr; /* Start of the cipher_suites list */ size_t cipher_suites_len; @@ -229,9 +228,9 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, * For TLS 1.3 we use the legacy version number {0x03, 0x03} * instead of the true version number. */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_LEGACY_VERSION_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 ); - p += CLIENT_HELLO_LEGACY_VERSION_LEN; + p += 2; /* Write the random bytes ( random ).*/ MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_RANDOM_LEN );