From d91526c17ffe8b3fa97591291c1f3e932382be86 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 12 Apr 2022 14:38:52 +0200 Subject: [PATCH 01/10] Refactor to make PSA and non-PSA ECDH(E) server code exclusive Signed-off-by: Neil Armstrong --- library/ssl_tls12_server.c | 245 +++++++++++++++++-------------------- 1 file changed, 112 insertions(+), 133 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 93cd0a585..7371acade 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3162,123 +3162,116 @@ curve_matching_done: MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_key_attributes_t key_attributes; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + size_t ecdh_bits = 0; + uint8_t *p = ssl->out_msg + ssl->out_msglen; + const size_t header_size = 4; // curve_type(1), namedcurve(2), + // data length(1) + const size_t data_length_size = 1; + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) ); + + /* Convert EC group to PSA key type. */ + handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( + (*curve)->tls_id, &ecdh_bits ); + + if( handshake->ecdh_psa_type == 0 ) { - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_key_attributes_t key_attributes; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - size_t ecdh_bits = 0; - uint8_t *p = ssl->out_msg + ssl->out_msglen; - const size_t header_size = 4; // curve_type(1), namedcurve(2), - // data length(1) - const size_t data_length_size = 1; - - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) ); - - /* Convert EC group to PSA key type. */ - handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( - (*curve)->tls_id, &ecdh_bits ); - - if( handshake->ecdh_psa_type == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } - handshake->ecdh_bits = ecdh_bits; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH ); - psa_set_key_type( &key_attributes, handshake->ecdh_psa_type ); - psa_set_key_bits( &key_attributes, handshake->ecdh_bits ); - - /* - * ECParameters curve_params - * - * First byte is curve_type, always named_curve - */ - *p++ = MBEDTLS_ECP_TLS_NAMED_CURVE; - - /* - * Next two bytes are the namedcurve value - */ - MBEDTLS_PUT_UINT16_BE( (*curve)->tls_id, p, 0 ); - p += 2; - - /* Generate ECDH private key. */ - status = psa_generate_key( &key_attributes, - &handshake->ecdh_psa_privkey ); - if( status != PSA_SUCCESS ) - { - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret ); - return( ret ); - } - - /* - * ECPoint public - * - * First byte is data length. - * It will be filled later. p holds now the data length location. - */ - - /* Export the public part of the ECDH private key from PSA. - * Make one byte space for the length. - */ - unsigned char *own_pubkey = p + data_length_size; - - size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN - - ( own_pubkey - ssl->out_msg ) ); - - status = psa_export_public_key( handshake->ecdh_psa_privkey, - own_pubkey, own_pubkey_max_len, - &len ); - if( status != PSA_SUCCESS ) - { - ret = psa_ssl_status_to_mbedtls( status ); - MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret ); - (void) psa_destroy_key( handshake->ecdh_psa_privkey ); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return( ret ); - } - - /* Store the length of the exported public key. */ - *p = (uint8_t) len; - - /* Determine full message length. */ - len += header_size; + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } - else + handshake->ecdh_bits = ecdh_bits; + + key_attributes = psa_key_attributes_init(); + psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH ); + psa_set_key_type( &key_attributes, handshake->ecdh_psa_type ); + psa_set_key_bits( &key_attributes, handshake->ecdh_bits ); + + /* + * ECParameters curve_params + * + * First byte is curve_type, always named_curve + */ + *p++ = MBEDTLS_ECP_TLS_NAMED_CURVE; + + /* + * Next two bytes are the namedcurve value + */ + MBEDTLS_PUT_UINT16_BE( (*curve)->tls_id, p, 0 ); + p += 2; + + /* Generate ECDH private key. */ + status = psa_generate_key( &key_attributes, + &handshake->ecdh_psa_privkey ); + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret ); + return( ret ); + } + + /* + * ECPoint public + * + * First byte is data length. + * It will be filled later. p holds now the data length location. + */ + + /* Export the public part of the ECDH private key from PSA. + * Make one byte space for the length. + */ + unsigned char *own_pubkey = p + data_length_size; + + size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN + - ( own_pubkey - ssl->out_msg ) ); + + status = psa_export_public_key( handshake->ecdh_psa_privkey, + own_pubkey, own_pubkey_max_len, + &len ); + if( status != PSA_SUCCESS ) + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret ); + (void) psa_destroy_key( handshake->ecdh_psa_privkey ); + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + return( ret ); + } + + /* Store the length of the exported public key. */ + *p = (uint8_t) len; + + /* Determine full message length. */ + len += header_size; +#else + if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, + (*curve)->grp_id ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); + return( ret ); + } + + if( ( ret = mbedtls_ecdh_make_params( + &ssl->handshake->ecdh_ctx, &len, + ssl->out_msg + ssl->out_msglen, + MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); + return( ret ); + } + + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, - (*curve)->grp_id ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); - return( ret ); - } - - if( ( ret = mbedtls_ecdh_make_params( - &ssl->handshake->ecdh_ctx, &len, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); - return( ret ); - } - } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) dig_signed = ssl->out_msg + ssl->out_msglen; #endif ssl->out_msglen += len; - - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q ); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ @@ -3926,11 +3919,11 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || @@ -3992,15 +3985,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; } else -#endif /* MBEDTLS_USE_PSA_CRYPTO && - ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +#else if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || @@ -4030,6 +4015,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_DEBUG_ECDH_Z ); } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || @@ -4143,8 +4129,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -4250,9 +4236,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) ssl->handshake->pmslen = psm - ssl->handshake->premaster; } else -#endif /* MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#else if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) @@ -4268,12 +4252,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#endif - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_QP ); @@ -4285,6 +4263,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) } } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) From d8419ff390fdae2f96b2725af5e83d5b03e5c714 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 12 Apr 2022 14:39:12 +0200 Subject: [PATCH 02/10] Refactor to make PSA and non-PSA ECDH(E) client code exclusive Signed-off-by: Neil Armstrong --- library/ssl_tls12_client.c | 92 +++++++++++--------------------------- 1 file changed, 27 insertions(+), 65 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 825026014..6e751793b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1771,12 +1771,10 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) ) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ) static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) { const mbedtls_ecp_curve_info *curve_info; @@ -1804,18 +1802,16 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) return( 0 ); } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - ( !MBEDTLS_USE_PSA_CRYPTO && - ( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) ) */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) -static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) { @@ -1878,13 +1874,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO && - ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#else static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) @@ -1919,6 +1909,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -2345,31 +2336,8 @@ start_processing: else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { - if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } - } - else -#endif /* MBEDTLS_USE_PSA_CRYPTO && - ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || @@ -2839,11 +2807,11 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || @@ -2921,15 +2889,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO && - ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +#else if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || @@ -2996,6 +2956,7 @@ ecdh_calc_secret: MBEDTLS_DEBUG_ECDH_Z ); } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || @@ -3247,7 +3208,8 @@ ecdh_calc_secret: } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3274,7 +3236,7 @@ ecdh_calc_secret: MBEDTLS_DEBUG_ECDH_Q ); } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); From a33a255dcf84ae7284f3010ae4afe6d7b36b1182 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 12 Apr 2022 14:40:47 +0200 Subject: [PATCH 03/10] Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong --- library/ssl_tls.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3fc07019d..66fae9224 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5390,6 +5390,11 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch const unsigned char *psk = NULL; size_t psk_len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) + (void) key_ex; +#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ + if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) { @@ -5462,7 +5467,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -5483,7 +5489,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_DEBUG_ECDH_Z ); } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); From 3ea01498d818208d318521243077123acb74e314 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 12 Apr 2022 14:41:50 +0200 Subject: [PATCH 04/10] Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected Signed-off-by: Neil Armstrong --- library/ssl_tls12_client.c | 6 ++++-- library/ssl_tls12_server.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 6e751793b..50d08267f 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -870,9 +870,11 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED ) { -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ) ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif +#endif /* !MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, p[0] ); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 7371acade..ec674f7e6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -448,9 +448,11 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED ) { -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ) ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif +#endif /* !MBEDTLS_USE_PSA_CRYPTO && + ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, p[0] ); From f3f46416e31187915dd22ab6c26688ca5b0d7d04 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 12 Apr 2022 14:43:39 +0200 Subject: [PATCH 05/10] Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected Signed-off-by: Neil Armstrong --- library/ssl_misc.h | 3 +++ library/ssl_tls.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 254627f5c..659d1519f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -640,7 +640,10 @@ struct mbedtls_ssl_handshake_params * seem correct. */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_key_type_t ecdh_psa_type; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 66fae9224..90fa686ce 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -626,7 +626,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_init( &handshake->dhm_ctx ); #endif -#if defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) mbedtls_ecdh_init( &handshake->ecdh_ctx ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -3134,7 +3134,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_free( &handshake->dhm_ctx ); #endif -#if defined(MBEDTLS_ECDH_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) mbedtls_ecdh_free( &handshake->ecdh_ctx ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) From 913b364a521c3c28d241b04f5c9febcd4fa30bb8 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 13 Apr 2022 14:59:48 +0200 Subject: [PATCH 06/10] Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong --- library/ssl_tls12_server.c | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index ec674f7e6..ba45e53d6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3925,12 +3925,12 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t data_len = (size_t)( *p++ ); size_t buf_len = (size_t)( end - p ); psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -3985,14 +3985,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) } } handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - } - else #else - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, p, end - p) ) != 0 ) { @@ -4015,9 +4008,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_Z ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || @@ -4132,9 +4125,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t ecpoint_len; @@ -4236,11 +4229,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) psm += psk_len; ssl->handshake->pmslen = psm - ssl->handshake->premaster; - } - else #else - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); @@ -4263,9 +4252,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) From 1f198d8deeaec601f7e0e2947e24c952c821e878 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 13 Apr 2022 15:02:30 +0200 Subject: [PATCH 07/10] Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block Signed-off-by: Neil Armstrong --- library/ssl_tls12_client.c | 64 +++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 36 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 50d08267f..7471cd0a6 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1773,42 +1773,6 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ) -static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) -{ - const mbedtls_ecp_curve_info *curve_info; - mbedtls_ecp_group_id grp_id; -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - grp_id = ssl->handshake->ecdh_ctx.grp.id; -#else - grp_id = ssl->handshake->ecdh_ctx.grp_id; -#endif - - curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); - if( curve_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); - - if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) - return( -1 ); - - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP ); - - return( 0 ); -} -#endif /* !MBEDTLS_USE_PSA_CRYPTO && - ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -1877,6 +1841,34 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, return( 0 ); } #else +static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) +{ + const mbedtls_ecp_curve_info *curve_info; + mbedtls_ecp_group_id grp_id; +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + grp_id = ssl->handshake->ecdh_ctx.grp.id; +#else + grp_id = ssl->handshake->ecdh_ctx.grp_id; +#endif + + curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); + if( curve_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); + + if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) + return( -1 ); + + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP ); + + return( 0 ); +} + static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) From 11d4945248fa89c4a3fc5884e90fe521a39d651a Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 13 Apr 2022 15:03:43 +0200 Subject: [PATCH 08/10] Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong --- library/ssl_tls12_client.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7471cd0a6..56aef8947 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2805,12 +2805,12 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; @@ -2881,14 +2881,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - else #else - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { /* * ECDH key exchange -- send client public value */ @@ -2948,9 +2941,9 @@ ecdh_calc_secret: MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_Z ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || From 282750215cc673d5aa83c5c392312c804dacce4c Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 13 Apr 2022 15:05:11 +0200 Subject: [PATCH 09/10] Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong --- library/ssl_tls12_client.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 56aef8947..bff9ded39 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -3199,12 +3199,6 @@ ecdh_calc_secret: defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * ClientECDiffieHellmanPublic public; */ From 769dc055975f2d4c8a0afb85fc0754e3f96a93fa Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 13 Apr 2022 15:12:43 +0200 Subject: [PATCH 10/10] Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard Signed-off-by: Neil Armstrong --- library/ssl_misc.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 659d1519f..1a8179646 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -640,10 +640,9 @@ struct mbedtls_ssl_handshake_params * seem correct. */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -#if !defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#endif /* !MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_key_type_t ecdh_psa_type;