From 078e803d2ce3d4a8e9a6920dd20f7af9f5f71605 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 27 Apr 2022 21:17:56 +0200 Subject: [PATCH 01/12] Unify parsing of the signature algorithms extension Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 69 ++++---------- library/ssl_tls.c | 173 ++++++++++++++++++++++++++---------- library/ssl_tls12_server.c | 128 +++++--------------------- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 74 --------------- library/ssl_tls13_server.c | 2 +- 6 files changed, 167 insertions(+), 281 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 38453eb5f..b8fb4dcdf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -423,24 +423,6 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, extern "C" { #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* - * Abstraction for a grid of allowed signature-hash-algorithm pairs. - */ -struct mbedtls_ssl_sig_hash_set_t -{ - /* At the moment, we only need to remember a single suitable - * hash algorithm per signature algorithm. As long as that's - * the case - and we don't need a general lookup function - - * we can implement the sig-hash-set as a map from signatures - * to hash algorithms. */ - mbedtls_md_type_t rsa; - mbedtls_md_type_t ecdsa; -}; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, @@ -594,13 +576,7 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]; #endif @@ -1116,23 +1092,9 @@ int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg ); -/* Add a signature-hash-pair to a signature-hash set */ -void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg, - mbedtls_md_type_t md_alg ); -/* Allow exactly one hash algorithm for each signature. */ -void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_md_type_t md_alg ); - -/* Setup an empty signature-hash set */ -static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) -{ - mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2) && +mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_context *ssl, + mbedtls_pk_type_t pk_alg ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /** @@ -1806,9 +1768,9 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( /* * Parse TLS 1.3 Signature Algorithm extension */ -int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end ); +int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Get handshake transcript */ @@ -2155,16 +2117,21 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ - (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ + (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), #elif defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), #elif defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), #else -#define MBEDTLS_SSL_SIG_ALG( hash ) -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_RSA_C */ +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) +#endif + +#define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig) +#define MBEDTLS_SSL_SIG_FROM_SIG_ALG(alg) (alg & 0xFF) +#define MBEDTLS_SSL_HASH_FROM_SIG_ALG(alg) (alg >> 8) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae697b169..daddc5aa9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -616,11 +616,6 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) handshake->update_checksum = ssl_update_checksum_start; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs ); -#endif - #if defined(MBEDTLS_DHM_C) mbedtls_dhm_init( &handshake->dhm_ctx ); #endif @@ -4150,13 +4145,13 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_SHA512_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) + MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA512 ) #endif #if defined(MBEDTLS_SHA384_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) + MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA384 ) #endif #if defined(MBEDTLS_SHA256_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) + MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA256 ) #endif MBEDTLS_TLS1_3_SIG_NONE }; @@ -4191,10 +4186,10 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SHA256_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) + MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA256 ) #endif #if defined(MBEDTLS_SHA384_C) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) + MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA384 ) #endif MBEDTLS_TLS1_3_SIG_NONE }; @@ -4852,6 +4847,109 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, #endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +/* mbedtls_ssl_parse_sig_alg_ext() + * + * The `extension_data` field of signature algorithm contains a `SignatureSchemeList` + * value (TLS 1.3 RFC8446): + * enum { + * .... + * ecdsa_secp256r1_sha256( 0x0403 ), + * ecdsa_secp384r1_sha384( 0x0503 ), + * ecdsa_secp521r1_sha512( 0x0603 ), + * .... + * } SignatureScheme; + * + * struct { + * SignatureScheme supported_signature_algorithms<2..2^16-2>; + * } SignatureSchemeList; + * + * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm` + * value (TLS 1.2 RFC5246): + * enum { + * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), + * sha512(6), (255) + * } HashAlgorithm; + * + * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } + * SignatureAlgorithm; + * + * struct { + * HashAlgorithm hash; + * SignatureAlgorithm signature; + * } SignatureAndHashAlgorithm; + * + * SignatureAndHashAlgorithm + * supported_signature_algorithms<2..2^16-2>; + * + * The TLS 1.3 signature algorithm extension was defined to be a compatible + * generalization of the TLS 1.2 signature algorithm extension. + * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by + * `SignatureScheme` field of TLS 1.3 + * + */ +int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + const unsigned char *p = buf; + size_t supported_sig_algs_len = 0; + const unsigned char *supported_sig_algs_end; + uint16_t sig_alg; + uint32_t common_idx = 0; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + supported_sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + memset( ssl->handshake->received_sig_algs, 0, + sizeof(ssl->handshake->received_sig_algs) ); + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, supported_sig_algs_len ); + supported_sig_algs_end = p + supported_sig_algs_len; + while( p < supported_sig_algs_end ) + { + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 ); + sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + + MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x", + sig_alg ) ); + + if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) || + ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) + continue; + + if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) + { + ssl->handshake->received_sig_algs[common_idx] = sig_alg; + common_idx += 1; + } + } + /* Check that we consumed all the message. */ + if( p != end ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Signature algorithms extension length misaligned" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + if( common_idx == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithm in common" ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } + + ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE; + return( 0 ); +} + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -7555,49 +7653,26 @@ exit: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg ) +/* Find an entry in a signature-hash set matching a given sign algorithm. */ +mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_context *ssl, + mbedtls_pk_type_t pk_alg ) { - switch( sig_alg ) + unsigned int i; + uint16_t sig_alg = mbedtls_ssl_sig_from_pk_alg( pk_alg ); + uint16_t *set = ssl->handshake->received_sig_algs; + uint16_t invalid_sig_alg = MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, + MBEDTLS_SSL_HASH_NONE ); + + if( sig_alg == MBEDTLS_SSL_SIG_ANON ) + return( MBEDTLS_MD_NONE ); + + for( i = 0; set[i] != invalid_sig_alg; i++ ) { - case MBEDTLS_PK_RSA: - return( set->rsa ); - case MBEDTLS_PK_ECDSA: - return( set->ecdsa ); - default: - return( MBEDTLS_MD_NONE ); + if( sig_alg == MBEDTLS_SSL_SIG_FROM_SIG_ALG( set[i] ) ) + return MBEDTLS_SSL_HASH_FROM_SIG_ALG( set[i] ); } -} -/* Add a signature-hash-pair to a signature-hash set */ -void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg, - mbedtls_md_type_t md_alg ) -{ - switch( sig_alg ) - { - case MBEDTLS_PK_RSA: - if( set->rsa == MBEDTLS_MD_NONE ) - set->rsa = md_alg; - break; - - case MBEDTLS_PK_ECDSA: - if( set->ecdsa == MBEDTLS_MD_NONE ) - set->ecdsa = md_alg; - break; - - default: - break; - } -} - -/* Allow exactly one hash algorithm for each signature. */ -void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_md_type_t md_alg ) -{ - set->rsa = md_alg; - set->ecdsa = md_alg; + return( MBEDTLS_MD_NONE ); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a1505d16a..82b6e3a4c 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -209,96 +209,6 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, return( 0 ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -/* - * Status of the implementation of signature-algorithms extension: - * - * Currently, we are only considering the signature-algorithm extension - * to pick a ciphersuite which allows us to send the ServerKeyExchange - * message with a signature-hash combination that the user allows. - * - * We do *not* check whether all certificates in our certificate - * chain are signed with an allowed signature-hash pair. - * This needs to be done at a later stage. - * - */ -static int ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - size_t sig_alg_list_size; - - const unsigned char *p; - const unsigned char *end = buf + len; - - mbedtls_md_type_t md_cur; - mbedtls_pk_type_t sig_cur; - - if ( len < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); - if( sig_alg_list_size + 2 != len || - sig_alg_list_size % 2 != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - /* Currently we only guarantee signing the ServerKeyExchange message according - * to the constraints specified in this extension (see above), so it suffices - * to remember only one suitable hash for each possible signature algorithm. - * - * This will change when we also consider certificate signatures, - * in which case we will need to remember the whole signature-hash - * pair list from the extension. - */ - - for( p = buf + 2; p < end; p += 2 ) - { - /* Silently ignore unknown signature or hash algorithms. */ - - if( ( sig_cur = mbedtls_ssl_pk_alg_from_sig( p[1] ) ) == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext" - " unknown sig alg encoding %d", p[1] ) ); - continue; - } - - /* Check if we support the hash the user proposes */ - md_cur = mbedtls_ssl_md_alg_from_hash( p[0] ); - if( md_cur == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " unknown hash alg encoding %d", p[0] ) ); - continue; - } - - if( mbedtls_ssl_sig_alg_is_offered( - ssl, MBEDTLS_GET_UINT16_BE( p, 0 ) ) ) - { - mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " match sig %u and hash %u", - (unsigned) sig_cur, (unsigned) md_cur ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: " - "hash alg %u not supported", (unsigned) md_cur ) ); - } - } - - return( 0 ); -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* @@ -1078,7 +988,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info ); if( sig_type != MBEDTLS_PK_NONE && - mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) + mbedtls_ssl_sig_hash_set_find( ssl, sig_type ) == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " "for signature algorithm %u", (unsigned) sig_type ) ); @@ -1593,7 +1503,7 @@ read_record_header: case MBEDTLS_TLS_EXT_SIG_ALG: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); - ret = ssl_parse_sig_alg_ext( ssl, ext + 4, ext_size ); + ret = mbedtls_ssl_parse_sig_alg_ext( ssl, ext + 4, ext + 4 + ext_size ); if( ret != 0 ) return( ret ); @@ -1719,16 +1629,26 @@ read_record_header: */ if( sig_hash_alg_ext_present == 0 ) { - uint16_t sig_algs[] = { MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) }; - mbedtls_md_type_t md_default = MBEDTLS_MD_NONE; - for( i = 0; i < sizeof( sig_algs ) / sizeof( sig_algs[0] ) ; i++ ) - { - if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_algs[ i ] ) ) - md_default = MBEDTLS_MD_SHA1; - } + uint16_t *set = ssl->handshake->received_sig_algs; + const uint16_t sig_algs[] = { + MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA1 ) + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, MBEDTLS_SSL_HASH_NONE ) + }; + size_t count = sizeof( sig_algs ) / sizeof( sig_algs[0] ); - mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, - md_default ); + if( count <= MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) + { + memcpy( set, sig_algs, sizeof( sig_algs ) ); + } + else + { + size_t size = ( MBEDTLS_RECEIVED_SIG_ALGS_SIZE - 1 ) * + sizeof( sig_algs[0] ); + + memcpy( set, sig_algs, size ); + memcpy( &set[MBEDTLS_RECEIVED_SIG_ALGS_SIZE - 1], + &sig_algs[count - 1], sizeof( sig_algs[0] ) ); + } } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ @@ -1889,8 +1809,7 @@ have_ciphersuite: mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info ); if( sig_alg != MBEDTLS_PK_NONE ) { - mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, - sig_alg ); + mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", mbedtls_ssl_hash_from_md_alg( md_alg ) ) ); } @@ -3262,8 +3181,7 @@ curve_matching_done: /* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ if( sig_alg == MBEDTLS_PK_NONE || - ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, - sig_alg ) ) == MBEDTLS_MD_NONE ) + ( md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg ) ) == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); /* (... because we choose a cipher suite diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 320c5b4b2..69934bd30 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1612,7 +1612,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, case MBEDTLS_TLS_EXT_SIG_ALG: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature algorithms extension" ) ); - ret = mbedtls_ssl_tls13_parse_sig_alg_ext( ssl, p, + ret = mbedtls_ssl_parse_sig_alg_ext( ssl, p, p + extension_data_len ); if( ret != 0 ) return( ret ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 06ee46bd8..adedad55a 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -80,80 +80,6 @@ cleanup: } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* mbedtls_ssl_tls13_parse_sig_alg_ext() - * - * enum { - * .... - * ecdsa_secp256r1_sha256( 0x0403 ), - * ecdsa_secp384r1_sha384( 0x0503 ), - * ecdsa_secp521r1_sha512( 0x0603 ), - * .... - * } SignatureScheme; - * - * struct { - * SignatureScheme supported_signature_algorithms<2..2^16-2>; - * } SignatureSchemeList; - */ -int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end ) -{ - const unsigned char *p = buf; - size_t supported_sig_algs_len = 0; - const unsigned char *supported_sig_algs_end; - uint16_t sig_alg; - uint32_t common_idx = 0; - - MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); - supported_sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 ); - p += 2; - - memset( ssl->handshake->received_sig_algs, 0, - sizeof(ssl->handshake->received_sig_algs) ); - - MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, supported_sig_algs_len ); - supported_sig_algs_end = p + supported_sig_algs_len; - while( p < supported_sig_algs_end ) - { - MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 ); - sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); - p += 2; - - MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x", - sig_alg ) ); - - if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) || - ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) - continue; - - if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) - { - ssl->handshake->received_sig_algs[common_idx] = sig_alg; - common_idx += 1; - } - } - /* Check that we consumed all the message. */ - if( p != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "Signature algorithms extension length misaligned" ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - if( common_idx == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithm in common" ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - - ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE; - return( 0 ); -} - /* * STATE HANDLING: Read CertificateVerify */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 46a6a49dd..ce8c4025d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -651,7 +651,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, case MBEDTLS_TLS_EXT_SIG_ALG: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); - ret = mbedtls_ssl_tls13_parse_sig_alg_ext( + ret = mbedtls_ssl_parse_sig_alg_ext( ssl, p, extension_data_end ); if( ret != 0 ) { From 1a3be088bfdd235327f7dcdf7b39caae95f23e74 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 9 May 2022 15:41:44 +0200 Subject: [PATCH 02/12] Reorder defines to use previous definitions Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b8fb4dcdf..c7aa3b545 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2116,20 +2116,22 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \ - (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), -#elif defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), -#elif defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), -#else -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) -#endif #define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig) #define MBEDTLS_SSL_SIG_FROM_SIG_ALG(alg) (alg & 0xFF) #define MBEDTLS_SSL_HASH_FROM_SIG_ALG(alg) (alg >> 8) + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \ + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), +#elif defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), +#elif defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), +#else +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) +#endif + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) From 15b95a6c5276729e5929e9117afad204c538bd93 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 9 May 2022 16:37:58 +0200 Subject: [PATCH 03/12] Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3 Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm. It is intended to use in common code of TLS 1.2 and 1.3. Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 53 ++++++++++++++++++++++---------------- library/ssl_tls.c | 17 ++++++------ library/ssl_tls12_server.c | 4 +-- 3 files changed, 41 insertions(+), 33 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c7aa3b545..98cfebd5c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -243,6 +243,35 @@ #define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20 +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + +#define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig) +#define MBEDTLS_SSL_SIG_FROM_SIG_ALG(alg) (alg & 0xFF) +#define MBEDTLS_SSL_HASH_FROM_SIG_ALG(alg) (alg >> 8) + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \ + MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), +#elif defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), +#elif defined(MBEDTLS_RSA_C) +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), +#else +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) +#endif + +#define MBEDTLS_TLS_SIG_NONE MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, \ + MBEDTLS_SSL_HASH_NONE ) +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * Check that we obey the standard's message size bounds */ @@ -1916,7 +1945,7 @@ static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ss if( sig_alg == NULL ) return( 0 ); - for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ ) { if( *sig_alg == own_sig_alg ) return( 1 ); @@ -1932,7 +1961,7 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl if( sig_alg == NULL ) return( 0 ); - for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ ) { if( *sig_alg == proposed_sig_alg ) return( 1 ); @@ -2114,26 +2143,6 @@ static inline int mbedtls_ssl_sig_alg_is_supported( } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -#define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig) -#define MBEDTLS_SSL_SIG_FROM_SIG_ALG(alg) (alg & 0xFF) -#define MBEDTLS_SSL_HASH_FROM_SIG_ALG(alg) (alg >> 8) - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \ - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), -#elif defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), -#elif defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), -#else -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) -#endif - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is diff --git a/library/ssl_tls.c b/library/ssl_tls.c index daddc5aa9..3299159f6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -847,7 +847,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) p++; #endif } - *p = MBEDTLS_TLS1_3_SIG_NONE; + *p = MBEDTLS_TLS_SIG_NONE; ssl->handshake->sig_algs_heap_allocated = 1; } else @@ -4138,7 +4138,7 @@ static uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ - MBEDTLS_TLS1_3_SIG_NONE + MBEDTLS_TLS_SIG_NONE }; /* NOTICE: see above */ @@ -4153,7 +4153,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_SHA256_C) MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA256 ) #endif - MBEDTLS_TLS1_3_SIG_NONE + MBEDTLS_TLS_SIG_NONE }; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* NOTICE: see above */ @@ -4179,7 +4179,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ - MBEDTLS_TLS1_3_SIG_NONE + MBEDTLS_TLS_SIG_NONE }; /* NOTICE: see above */ @@ -4191,7 +4191,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SHA384_C) MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA384 ) #endif - MBEDTLS_TLS1_3_SIG_NONE + MBEDTLS_TLS_SIG_NONE }; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -4215,7 +4215,7 @@ static int ssl_check_no_sig_alg_duplication( uint16_t * sig_algs ) size_t i, j; int ret = 0; - for( i = 0; sig_algs[i] != MBEDTLS_TLS1_3_SIG_NONE; i++ ) + for( i = 0; sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++ ) { for( j = 0; j < i; j++ ) { @@ -4944,7 +4944,7 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE; + ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE; return( 0 ); } @@ -7660,8 +7660,7 @@ mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_context *ssl, unsigned int i; uint16_t sig_alg = mbedtls_ssl_sig_from_pk_alg( pk_alg ); uint16_t *set = ssl->handshake->received_sig_algs; - uint16_t invalid_sig_alg = MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, - MBEDTLS_SSL_HASH_NONE ); + uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE; if( sig_alg == MBEDTLS_SSL_SIG_ANON ) return( MBEDTLS_MD_NONE ); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 82b6e3a4c..6d07e267f 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1632,7 +1632,7 @@ read_record_header: uint16_t *set = ssl->handshake->received_sig_algs; const uint16_t sig_algs[] = { MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA1 ) - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, MBEDTLS_SSL_HASH_NONE ) + MBEDTLS_TLS_SIG_NONE }; size_t count = sizeof( sig_algs ) / sizeof( sig_algs[0] ); @@ -2647,7 +2647,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) if( sig_alg == NULL ) return( MBEDTLS_ERR_SSL_BAD_CONFIG ); - for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) + for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ ) { unsigned char hash = MBEDTLS_BYTE_1( *sig_alg ); From 1226590c888917cb6cb9ec2546f46d2a85f5deda Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 9 May 2022 16:43:21 +0200 Subject: [PATCH 04/12] Explicitly set invalid value for the end of the signiture algorithm set Signed-off-by: Gabor Mezei --- library/ssl_tls12_server.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6d07e267f..14dc8e1f7 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1632,13 +1632,14 @@ read_record_header: uint16_t *set = ssl->handshake->received_sig_algs; const uint16_t sig_algs[] = { MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA1 ) - MBEDTLS_TLS_SIG_NONE }; + const uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE; size_t count = sizeof( sig_algs ) / sizeof( sig_algs[0] ); - if( count <= MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) + if( count < MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) { memcpy( set, sig_algs, sizeof( sig_algs ) ); + memcpy( &set[count], &invalid_sig_alg, sizeof( sig_algs[0] ) ); } else { @@ -1647,7 +1648,7 @@ read_record_header: memcpy( set, sig_algs, size ); memcpy( &set[MBEDTLS_RECEIVED_SIG_ALGS_SIZE - 1], - &sig_algs[count - 1], sizeof( sig_algs[0] ) ); + &invalid_sig_alg, sizeof( sig_algs[0] ) ); } } From a3d016ce41a0fb9b862e99611c7786e4ab0ece8b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 10 May 2022 12:44:09 +0200 Subject: [PATCH 05/12] Rename and rewrite `mbedtls_ssl_sig_hash_set_find` function Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name and rewrite to operate TLS signature algorithm identifiers. Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 17 ++++++++++++++--- library/ssl_tls.c | 21 ++++++++++----------- library/ssl_tls12_server.c | 16 ++++++++++++---- 3 files changed, 36 insertions(+), 18 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 98cfebd5c..4d5663a33 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1120,9 +1120,20 @@ int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_context *ssl, - mbedtls_pk_type_t pk_alg ); +/** + * \brief Find the preferred hash for a given signature algorithm. + * + * \param[in] ssl SSL context + * \param[in] sig_alg A signature algorithm identifier as defined in the + * TLS 1.2 SignatureAlgorithm enumeration. + * + * \return The preferred hash algorithm for \p sig_alg. It is a hash algorithm + * identifier as defined in the TLS 1.2 HashAlgorithm enumeration. + */ +unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( + mbedtls_ssl_context *ssl, + unsigned int sig_alg ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3299159f6..ea1e6bada 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7653,25 +7653,24 @@ exit: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* Find an entry in a signature-hash set matching a given sign algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_context *ssl, - mbedtls_pk_type_t pk_alg ) +/* Find the preferred hash for a given signature algorithm. */ +unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( + mbedtls_ssl_context *ssl, + unsigned int sig_alg ) { unsigned int i; - uint16_t sig_alg = mbedtls_ssl_sig_from_pk_alg( pk_alg ); - uint16_t *set = ssl->handshake->received_sig_algs; - uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE; + uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; if( sig_alg == MBEDTLS_SSL_SIG_ANON ) - return( MBEDTLS_MD_NONE ); + return( MBEDTLS_SSL_HASH_NONE ); - for( i = 0; set[i] != invalid_sig_alg; i++ ) + for( i = 0; received_sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++ ) { - if( sig_alg == MBEDTLS_SSL_SIG_FROM_SIG_ALG( set[i] ) ) - return MBEDTLS_SSL_HASH_FROM_SIG_ALG( set[i] ); + if( sig_alg == MBEDTLS_SSL_SIG_FROM_SIG_ALG( received_sig_algs[i] ) ) + return MBEDTLS_SSL_HASH_FROM_SIG_ALG( received_sig_algs[i] ); } - return( MBEDTLS_MD_NONE ); + return( MBEDTLS_SSL_HASH_NONE ); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 14dc8e1f7..449b63570 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -988,7 +988,8 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info ); if( sig_type != MBEDTLS_PK_NONE && - mbedtls_ssl_sig_hash_set_find( ssl, sig_type ) == MBEDTLS_MD_NONE ) + mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( + ssl, mbedtls_ssl_sig_from_pk_alg( sig_type ) ) == MBEDTLS_SSL_HASH_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " "for signature algorithm %u", (unsigned) sig_type ) ); @@ -1810,7 +1811,9 @@ have_ciphersuite: mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info ); if( sig_alg != MBEDTLS_PK_NONE ) { - mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg ); + unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( + ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) ); + mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", mbedtls_ssl_hash_from_md_alg( md_alg ) ) ); } @@ -3175,14 +3178,19 @@ curve_matching_done: * to choose appropriate hash. */ - mbedtls_md_type_t md_alg; mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + unsigned int sig_hash = + mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( + ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) ); + + mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash ); + /* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ if( sig_alg == MBEDTLS_PK_NONE || - ( md_alg = mbedtls_ssl_sig_hash_set_find( ssl, sig_alg ) ) == MBEDTLS_MD_NONE ) + md_alg == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); /* (... because we choose a cipher suite From 24c7c2be08edb8f7a71fdf6e258fb1b155380730 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 10 May 2022 12:51:14 +0200 Subject: [PATCH 06/12] Unify `MBEDTLS_TLS_SIG_NONE` macro definition for TLS 1.2 and 1.3 Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4d5663a33..9433c0dc8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -245,6 +245,8 @@ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig) @@ -262,14 +264,8 @@ #define MBEDTLS_SSL_SIG_ALG_SET( hash ) #endif -#define MBEDTLS_TLS_SIG_NONE MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ANON, \ - MBEDTLS_SSL_HASH_NONE ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* From 3631cf693ad9749da52365b5bed87864b2aff314 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 10 May 2022 12:59:00 +0200 Subject: [PATCH 07/12] Rename signiture algorithm macros to better suite with TLS 1.2 Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 14 +++++++------- library/ssl_tls.c | 6 ++++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9433c0dc8..5479815c5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -249,17 +249,17 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_SIG_ALG( sig, hash ) (( hash << 8 ) | sig) -#define MBEDTLS_SSL_SIG_FROM_SIG_ALG(alg) (alg & 0xFF) -#define MBEDTLS_SSL_HASH_FROM_SIG_ALG(alg) (alg >> 8) +#define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( sig, hash ) (( hash << 8 ) | sig) +#define MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg & 0xFF) +#define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \ - MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \ + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, hash ), #elif defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), #elif defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_SIG_RSA, hash ), +#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, hash ), #else #define MBEDTLS_SSL_SIG_ALG_SET( hash ) #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ea1e6bada..34817d9ed 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7666,8 +7666,10 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( for( i = 0; received_sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++ ) { - if( sig_alg == MBEDTLS_SSL_SIG_FROM_SIG_ALG( received_sig_algs[i] ) ) - return MBEDTLS_SSL_HASH_FROM_SIG_ALG( received_sig_algs[i] ); + if( sig_alg == MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG( + received_sig_algs[i] ) ) + return MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG( + received_sig_algs[i] ); } return( MBEDTLS_SSL_HASH_NONE ); From c1051b62aaae6f6a916891a41810d55b7165105a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 10 May 2022 13:13:58 +0200 Subject: [PATCH 08/12] Remove `MBEDTLS_SSL_SIG_ALG_SET` macro Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 13 ------------- library/ssl_tls.c | 35 ++++++++++++++++++++++++++++++----- library/ssl_tls12_server.c | 9 ++++++++- 3 files changed, 38 insertions(+), 19 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5479815c5..9c3c2ddb8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -248,22 +248,9 @@ #define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - #define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( sig, hash ) (( hash << 8 ) | sig) #define MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg & 0xFF) #define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8) - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), \ - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, hash ), -#elif defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, hash ), -#elif defined(MBEDTLS_RSA_C) -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, hash ), -#else -#define MBEDTLS_SSL_SIG_ALG_SET( hash ) -#endif - #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 34817d9ed..8c0ac8f8c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4145,14 +4145,29 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_SHA512_C) - MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA512 ) +#if defined(MBEDTLS_ECDSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), #endif +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ), +#endif +#endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA384_C) - MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA384 ) +#if defined(MBEDTLS_ECDSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ), #endif +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), +#endif +#endif /* MBEDTLS_SHA384_C */ #if defined(MBEDTLS_SHA256_C) - MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA256 ) +#if defined(MBEDTLS_ECDSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ), #endif +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ), +#endif +#endif /* MBEDTLS_SHA256_C */ MBEDTLS_TLS_SIG_NONE }; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -4186,11 +4201,21 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SHA256_C) - MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA256 ) +#if defined(MBEDTLS_ECDSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ), #endif +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ), +#endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA384_C) - MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA384 ) +#if defined(MBEDTLS_ECDSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ), #endif +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ), +#endif +#endif /* MBEDTLS_SHA256_C */ MBEDTLS_TLS_SIG_NONE }; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 449b63570..e579a866e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1632,7 +1632,14 @@ read_record_header: { uint16_t *set = ssl->handshake->received_sig_algs; const uint16_t sig_algs[] = { - MBEDTLS_SSL_SIG_ALG_SET( MBEDTLS_SSL_HASH_SHA1 ) +#if defined(MBEDTLS_ECDSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, + MBEDTLS_SSL_HASH_SHA1 ), +#endif +#if defined(MBEDTLS_RSA_C) + MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, + MBEDTLS_SSL_HASH_SHA1 ), +#endif }; const uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE; size_t count = sizeof( sig_algs ) / sizeof( sig_algs[0] ); From 53a3b14823cc2274a0a30cbf4962b2ad5436d1d7 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 10 May 2022 13:20:55 +0200 Subject: [PATCH 09/12] Update documntation Signed-off-by: Gabor Mezei --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9c3c2ddb8..2858353b6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1789,7 +1789,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* - * Parse TLS 1.3 Signature Algorithm extension + * Parse TLS Signature Algorithm extension */ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, From 86acf05b1e3e139e686e530854ce470673d61286 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 10 May 2022 13:29:02 +0200 Subject: [PATCH 10/12] Update signiture algorithm handling Rename local variables and to simplify things use static_assert to determine if the default signiture algorithms are not fit into the SSL handshake structure. Signed-off-by: Gabor Mezei --- library/ssl_tls12_server.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e579a866e..38892220e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1628,10 +1628,10 @@ read_record_header: * Try to fall back to default hash SHA1 if the client * hasn't provided any preferred signature-hash combinations. */ - if( sig_hash_alg_ext_present == 0 ) + if( ! sig_hash_alg_ext_present ) { - uint16_t *set = ssl->handshake->received_sig_algs; - const uint16_t sig_algs[] = { + uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; + const uint16_t default_sig_algs[] = { #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA1 ), @@ -1640,24 +1640,15 @@ read_record_header: MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA1 ), #endif + MBEDTLS_TLS_SIG_NONE }; - const uint16_t invalid_sig_alg = MBEDTLS_TLS_SIG_NONE; - size_t count = sizeof( sig_algs ) / sizeof( sig_algs[0] ); - if( count < MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) - { - memcpy( set, sig_algs, sizeof( sig_algs ) ); - memcpy( &set[count], &invalid_sig_alg, sizeof( sig_algs[0] ) ); - } - else - { - size_t size = ( MBEDTLS_RECEIVED_SIG_ALGS_SIZE - 1 ) * - sizeof( sig_algs[0] ); +#if defined(static_assert) + static_assert( sizeof( default_sig_algs ) / sizeof( default_sig_algs[0] ) <= + MBEDTLS_RECEIVED_SIG_ALGS_SIZE, "default_sig_algs is too big" ); +#endif - memcpy( set, sig_algs, size ); - memcpy( &set[MBEDTLS_RECEIVED_SIG_ALGS_SIZE - 1], - &invalid_sig_alg, sizeof( sig_algs[0] ) ); - } + memcpy( received_sig_algs, default_sig_algs, sizeof( default_sig_algs ) ); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ From 0a4298bbe9d002a4ccb6af61d8dffaf152211483 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 13 May 2022 16:25:35 +0200 Subject: [PATCH 11/12] Remove unnecessary duble conversion Signed-off-by: Gabor Mezei --- library/ssl_tls12_server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 38892220e..93854df2d 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1811,9 +1811,8 @@ have_ciphersuite: { unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) ); - mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", - mbedtls_ssl_hash_from_md_alg( md_alg ) ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %u", + sig_hash ) ); } else { From 696956da24834600f887ab08f40ae3132ca28f19 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 13 May 2022 16:27:29 +0200 Subject: [PATCH 12/12] Typo Signed-off-by: Gabor Mezei --- library/ssl_tls.c | 4 ++-- library/ssl_tls12_server.c | 3 +-- library/ssl_tls13_client.c | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8c0ac8f8c..4d5fcefc7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7693,8 +7693,8 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( { if( sig_alg == MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG( received_sig_algs[i] ) ) - return MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG( - received_sig_algs[i] ); + return( MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG( + received_sig_algs[i] ) ); } return( MBEDTLS_SSL_HASH_NONE ); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 93854df2d..593acc576 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3186,8 +3186,7 @@ curve_matching_done: /* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ - if( sig_alg == MBEDTLS_PK_NONE || - md_alg == MBEDTLS_MD_NONE ) + if( sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); /* (... because we choose a cipher suite diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 69934bd30..305ac0050 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1613,7 +1613,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature algorithms extension" ) ); ret = mbedtls_ssl_parse_sig_alg_ext( ssl, p, - p + extension_data_len ); + p + extension_data_len ); if( ret != 0 ) return( ret ); if( ! sig_alg_ext_found )