From 693a47ab1d076164baf0e5baff645b0e0d4d966b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Jun 2022 14:02:28 +0800 Subject: [PATCH 1/8] add rsa_pss_rsae_* support in tls12 Signed-off-by: Jerry Yu --- library/ssl_tls.c | 24 ++++---- library/ssl_tls12_client.c | 121 +++++++++++++------------------------ 2 files changed, 55 insertions(+), 90 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index eefd89dd9..a25a05c75 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4355,18 +4355,6 @@ static uint16_t ssl_preset_default_sig_algs[] = { #endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ - #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA512_C) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA512_C */ @@ -4379,6 +4367,18 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ + MBEDTLS_TLS_SIG_NONE }; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 8a109698c..47557aea9 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2041,66 +2041,6 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end, - mbedtls_md_type_t *md_alg, - mbedtls_pk_type_t *pk_alg ) -{ - *md_alg = MBEDTLS_MD_NONE; - *pk_alg = MBEDTLS_PK_NONE; - - if( (*p) + 2 > end ) - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - - /* - * Get hash algorithm - */ - if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) - == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - /* - * Get signature algorithm - */ - if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) - == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - /* - * Check if the signature algorithm is acceptable - */ - if( !mbedtls_ssl_sig_alg_is_offered( ssl, MBEDTLS_GET_UINT16_BE( *p, 0 ) ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", - (*p)[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", - (*p)[0] ) ); - *p += 2; - - return( 0 ); -} -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -2398,14 +2338,31 @@ start_processing: unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; void *rs_ctx = NULL; + uint16_t sig_alg; mbedtls_pk_context * peer_pk; +#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + peer_pk = &ssl->handshake->peer_pubkey; +#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + if( ssl->session_negotiate->peer_cert == NULL ) + { + /* Should never happen */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + peer_pk = &ssl->session_negotiate->peer_cert->pk; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* * Handle the digitally-signed structure */ - if( ssl_parse_signature_algorithm( ssl, &p, end, - &md_alg, &pk_alg ) != 0 ) + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); + if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + sig_alg, &pk_alg, &md_alg ) != 0 && + ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) && + ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2415,9 +2372,9 @@ start_processing: MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } + p += 2; - if( pk_alg != - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) + if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -2475,18 +2432,6 @@ start_processing: MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* * Verify signature */ @@ -2505,8 +2450,28 @@ start_processing: rs_ctx = &ssl->handshake->ecrs_ctx.pk; #endif - if( ( ret = mbedtls_pk_verify_restartable( peer_pk, - md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) + { + const mbedtls_md_info_t* md_info; + mbedtls_pk_rsassa_pss_options rsassa_pss_options; + rsassa_pss_options.mgf1_hash_id = md_alg; + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); + ret = mbedtls_pk_verify_ext( pk_alg, &rsassa_pss_options, + peer_pk, + md_alg, hash, hashlen, + p, sig_len ); + } + else +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + ret = mbedtls_pk_verify_restartable( peer_pk, + md_alg, hash, hashlen, p, sig_len, rs_ctx ); + + if( ret != 0 ) { #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) From 6455b687feedb974707f4b598efa580b01fc1e9d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Jun 2022 14:18:29 +0800 Subject: [PATCH 2/8] add rsa_pss_rsae_* test for tls12 server Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7a2b58e80..b27fe61f0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12726,6 +12726,37 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->O" \ + "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key + -msg -tls1_2 + -Verify 10 " \ + "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key + sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 + min_version=tls12 max_version=tls13 " \ + 0 \ + -c "Protocol is TLSv1.2" \ + -c "HTTP/1.0 200 [Oo][Kk]" + + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->G" \ + "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key + -d 4 + --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ + "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key + sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 + min_version=tls12 max_version=tls13 " \ + 0 \ + -c "Protocol is TLSv1.2" \ + -c "HTTP/1.0 200 [Oo][Kk]" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 72a858517b36e89a53d01f38f1a365996647f91a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Jun 2022 14:40:08 +0800 Subject: [PATCH 3/8] add changelog entry Signed-off-by: Jerry Yu --- ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt diff --git a/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt b/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt new file mode 100644 index 000000000..d588cbd05 --- /dev/null +++ b/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt @@ -0,0 +1,7 @@ +Bugfix + * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate + declaring an RSA public key and Mbed TLS is configured in hybrid mode, if + `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then + the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm + for its signature in the key exchange message. As Mbed TLS 1.2 does not + support them, the handshake fails. From eec4f03c6092605aaf3cfb77a5d4c6c7a4503c3b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 23 Jul 2022 11:31:51 +0800 Subject: [PATCH 4/8] fix typo and changelog entry issues Signed-off-by: Jerry Yu --- ...able-issue.txt => add-rsa-pss-rsae-support-for-tls12.txt} | 5 +++-- tests/ssl-opt.sh | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) rename ChangeLog.d/{fix-rsa-pss-rsae-compitable-issue.txt => add-rsa-pss-rsae-support-for-tls12.txt} (75%) diff --git a/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt similarity index 75% rename from ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt rename to ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt index d588cbd05..f88eb9ed4 100644 --- a/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt +++ b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt @@ -1,7 +1,8 @@ -Bugfix +Features * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate declaring an RSA public key and Mbed TLS is configured in hybrid mode, if `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm for its signature in the key exchange message. As Mbed TLS 1.2 does not - support them, the handshake fails. + support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2 + to resolve the compitablity issue. diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b27fe61f0..357a10f20 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12730,7 +12730,7 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->O" \ +run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -msg -tls1_2 -Verify 10 " \ @@ -12746,7 +12746,7 @@ requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->G" \ +run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ From 95b743ca1771b15d1258bb20a3caf8552336805f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 23 Jul 2022 11:37:50 +0800 Subject: [PATCH 5/8] Rename get_pk_type_and_md_alg The function is for both tls12 and tls13 now. Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 88ba65d2e..e76086a12 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2092,7 +2092,7 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl return( 0 ); } -static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( +static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg ) { *pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff ); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 47557aea9..3ac17ce47 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2359,7 +2359,7 @@ start_processing: */ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); - if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( sig_alg, &pk_alg, &md_alg ) != 0 && ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) && ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d1e2e493d..64e134dfa 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -213,7 +213,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, goto error; } - if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( algorithm, &sig_alg, &md_alg ) != 0 ) { goto error; @@ -1029,7 +1029,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify with %s", mbedtls_ssl_sig_alg_to_str( algorithm )) ); - if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( algorithm, &pk_type, &md_alg ) != 0 ) { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); From 379b1ff3a55f19a89c77af88f1fc87a5105bf4d5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 23 Jul 2022 11:40:25 +0800 Subject: [PATCH 6/8] remove useless comment Signed-off-by: Jerry Yu --- library/ssl_tls.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a25a05c75..14222db2d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4327,13 +4327,6 @@ static int ssl_preset_suiteb_ciphersuites[] = { * - But if there is a good reason, do not change the order of the algorithms. * - ssl_tls12_present* is for TLS 1.2 use only. * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. - * - * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate - * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if - * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - * for its signature in the key exchange message. As Mbed TLS 1.2 does not - * support them, the handshake fails. */ static uint16_t ssl_preset_default_sig_algs[] = { From 09a99fcf8a68b022b774c2040ad57225fc695255 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 28 Jul 2022 14:22:17 +0800 Subject: [PATCH 7/8] Add rsa_pss_rsae_* sig algos for tls12 default Signed-off-by: Jerry Yu --- library/ssl_tls.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 14222db2d..ea2d8afeb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4325,7 +4325,7 @@ static int ssl_preset_suiteb_ciphersuites[] = { * rules SHOULD be upheld. * - No duplicate entries. * - But if there is a good reason, do not change the order of the algorithms. - * - ssl_tls12_present* is for TLS 1.2 use only. + * - ssl_tls12_preset* is for TLS 1.2 use only. * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. */ static uint16_t ssl_preset_default_sig_algs[] = { @@ -4382,6 +4382,9 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), #endif +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ), #endif @@ -4390,6 +4393,9 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ), #endif +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), #endif @@ -4398,6 +4404,9 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ), #endif +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ), #endif From c3bf748dc72eadddf0d87fdc0b57e56494613325 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 29 Jul 2022 10:27:17 +0800 Subject: [PATCH 8/8] fix vertical alignment Signed-off-by: Jerry Yu --- library/ssl_tls12_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 3ac17ce47..9a2afb4aa 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2360,7 +2360,7 @@ start_processing: MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - sig_alg, &pk_alg, &md_alg ) != 0 && + sig_alg, &pk_alg, &md_alg ) != 0 && ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) && ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) {