Make calc_verify() return the length as well

Simplifies ssl_compute_hash(), but unfortunately not so much the other uses.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-05-03 11:43:28 +02:00 committed by Jarno Lamsa
parent 0d56aaac7b
commit de718b99b5
4 changed files with 46 additions and 50 deletions

View File

@ -458,7 +458,7 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *); void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
mbedtls_ssl_tls_prf_cb *tls_prf; mbedtls_ssl_tls_prf_cb *tls_prf;

View File

@ -3625,7 +3625,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
unsigned char hash[48]; unsigned char hash[48];
unsigned char *hash_start = hash; unsigned char *hash_start = hash;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
unsigned int hashlen; size_t hashlen;
void *rs_ctx = NULL; void *rs_ctx = NULL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
@ -3674,7 +3674,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
sign: sign:
#endif #endif
ssl->handshake->calc_verify( ssl, hash ); ssl->handshake->calc_verify( ssl, hash, &hashlen );
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) defined(MBEDTLS_SSL_PROTO_TLS1_1)
@ -3692,7 +3692,6 @@ sign:
* sha_hash * sha_hash
* SHA(handshake_messages); * SHA(handshake_messages);
*/ */
hashlen = 36;
md_alg = MBEDTLS_MD_NONE; md_alg = MBEDTLS_MD_NONE;
/* /*

View File

@ -4361,7 +4361,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
} }
/* Calculate hash and verify signature */ /* Calculate hash and verify signature */
ssl->handshake->calc_verify( ssl, hash ); {
size_t dummy_hlen;
ssl->handshake->calc_verify( ssl, hash, &dummy_hlen );
}
if( ( ret = mbedtls_pk_verify( peer_pk, if( ( ret = mbedtls_pk_verify( peer_pk,
md_alg, hash_start, hashlen, md_alg, hash_start, hashlen,

View File

@ -855,25 +855,25 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned c
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char * ); static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * );
static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char * ); static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char *, size_t * );
static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char * ); static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * );
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char * ); static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * );
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
#endif #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@ -1583,19 +1583,15 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
* Parameters: * Parameters:
* [in/out] handshake * [in/out] handshake
* [in] resume, premaster, extended_ms, calc_verify, tls_prf * [in] resume, premaster, extended_ms, calc_verify, tls_prf
* (PSA-PSK) ciphersuite_info * (PSA-PSK) ciphersuite_info, psk_opaque
* [out] premaster (cleared) * [out] premaster (cleared)
* [in] minor_ver (to compute hash_len)
* [in] hash_alg (to compute hash_len)
* [out] master * [out] master
* [in] ssl: optionally used for debugging, EMS and PSA-PSK * [in] ssl: optionally used for debugging, EMS and PSA-PSK
* debug: conf->f_dbg, conf->p_dbg * debug: conf->f_dbg, conf->p_dbg
* EMS: passed to calc_verify (debug + (SSL3) session_negotiate) * EMS: passed to calc_verify (debug + (SSL3) session_negotiate)
* PSA-PSA: conf * PSA-PSA: minor_ver, conf
*/ */
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
int minor_ver,
mbedtls_md_type_t hash_alg,
unsigned char *master, unsigned char *master,
const mbedtls_ssl_context *ssl ) const mbedtls_ssl_context *ssl )
{ {
@ -1630,12 +1626,6 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
!(defined(MBEDTLS_USE_PSA_CRYPTO) && \ !(defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
(void) ssl; (void) ssl;
#endif
#if !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) || !defined(MBEDTLS_SSL_PROTO_TLS1_2)
(void) minor_ver;
#if defined(MBEDTLS_SHA512_C)
(void) hash_alg;
#endif
#endif #endif
if( handshake->resume != 0 ) if( handshake->resume != 0 )
@ -1651,22 +1641,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
lbl = "extended master secret"; lbl = "extended master secret";
salt = session_hash; salt = session_hash;
handshake->calc_verify( ssl, session_hash ); handshake->calc_verify( ssl, session_hash, &salt_len );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
#if defined(MBEDTLS_SHA512_C)
if( hash_alg == MBEDTLS_MD_SHA384 )
{
salt_len = 48;
}
else
#endif /* MBEDTLS_SHA512_C */
salt_len = 32;
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
salt_len = 36;
MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, salt_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, salt_len );
} }
@ -1675,7 +1650,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_use_opaque_psk( ssl ) == 1 ) ssl_use_opaque_psk( ssl ) == 1 )
{ {
/* Perform PSK-to-MS expansion in a single step. */ /* Perform PSK-to-MS expansion in a single step. */
@ -1684,6 +1659,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
psa_key_handle_t psk; psa_key_handle_t psk;
psa_key_derivation_operation_t derivation = psa_key_derivation_operation_t derivation =
PSA_KEY_DERIVATION_OPERATION_INIT; PSA_KEY_DERIVATION_OPERATION_INIT;
mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
@ -1760,8 +1736,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
} }
ret = ssl_compute_master( ssl->handshake, ret = ssl_compute_master( ssl->handshake,
ssl->minor_ver,
ciphersuite_info->mac,
ssl->session_negotiate->master, ssl->session_negotiate->master,
ssl ); ssl );
if( ret != 0 ) if( ret != 0 )
@ -1774,7 +1748,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
} }
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, unsigned char hash[36] ) void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl,
unsigned char hash[36],
size_t *hlen )
{ {
mbedtls_md5_context md5; mbedtls_md5_context md5;
mbedtls_sha1_context sha1; mbedtls_sha1_context sha1;
@ -1812,7 +1788,9 @@ void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, unsigned char hash[36]
mbedtls_sha1_update_ret( &sha1, hash + 16, 20 ); mbedtls_sha1_update_ret( &sha1, hash + 16, 20 );
mbedtls_sha1_finish_ret( &sha1, hash + 16 ); mbedtls_sha1_finish_ret( &sha1, hash + 16 );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); *hlen = 36;
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_md5_free( &md5 ); mbedtls_md5_free( &md5 );
@ -1823,7 +1801,9 @@ void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, unsigned char hash[36]
#endif /* MBEDTLS_SSL_PROTO_SSL3 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, unsigned char hash[36] ) void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
unsigned char hash[36],
size_t *hlen )
{ {
mbedtls_md5_context md5; mbedtls_md5_context md5;
mbedtls_sha1_context sha1; mbedtls_sha1_context sha1;
@ -1839,7 +1819,9 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, unsigned char hash[36]
mbedtls_md5_finish_ret( &md5, hash ); mbedtls_md5_finish_ret( &md5, hash );
mbedtls_sha1_finish_ret( &sha1, hash + 16 ); mbedtls_sha1_finish_ret( &sha1, hash + 16 );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); *hlen = 36;
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_md5_free( &md5 ); mbedtls_md5_free( &md5 );
@ -1851,7 +1833,9 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, unsigned char hash[36]
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char hash[32] ) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
unsigned char hash[32],
size_t *hlen )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size; size_t hash_size;
@ -1872,7 +1856,9 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char h
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
return; return;
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 32 );
*hlen = 32;
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
#else #else
mbedtls_sha256_context sha256; mbedtls_sha256_context sha256;
@ -1884,7 +1870,9 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char h
mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
mbedtls_sha256_finish_ret( &sha256, hash ); mbedtls_sha256_finish_ret( &sha256, hash );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); *hlen = 32;
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha256_free( &sha256 ); mbedtls_sha256_free( &sha256 );
@ -1894,7 +1882,9 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, unsigned char h
#endif /* MBEDTLS_SHA256_C */ #endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, unsigned char hash[48] ) void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
unsigned char hash[48],
size_t *hlen )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size; size_t hash_size;
@ -1915,7 +1905,9 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, unsigned char h
MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
return; return;
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 48 );
*hlen = 48;
MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
#else #else
mbedtls_sha512_context sha512; mbedtls_sha512_context sha512;
@ -1927,7 +1919,9 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, unsigned char h
mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
mbedtls_sha512_finish_ret( &sha512, hash ); mbedtls_sha512_finish_ret( &sha512, hash );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); *hlen = 48;
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha512_free( &sha512 ); mbedtls_sha512_free( &sha512 );