From c7f6d7f75cec386d0147909c7522ee57d587eae2 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 15:47:31 +0100 Subject: [PATCH 01/32] Making sure that keep peer certificate option is set when server cert verification is used. --- include/mbedtls/check_config.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6e7c27098..13bd50cfa 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -910,6 +910,10 @@ #undef MBEDTLS_HASHES_ENABLED #endif /* MBEDTLS_MD_SINGLE_HASH */ +#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +#error "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" +#endif + /* * Note: the dependency on TinyCrypt is reflected in several ways in the code: * From f336c7ea7185e9e8624793edebd1adcaf4aea6db Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 15:47:47 +0100 Subject: [PATCH 02/32] Adding delayed server cert verification config option --- include/mbedtls/config.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ee25107d2..ebc28306c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -40,6 +40,15 @@ * \{ */ +/** + * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION + * + * Enable the delayed verification of server + * certificates on the client side. + * + */ +#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION + /** * \def MBEDTLS_HAVE_ASM * @@ -1592,6 +1601,20 @@ */ #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +/** + * \def MBEDTLS_SSL_FREE_SERVER_CERTIFICATE + * + * This option controls determines whether the server certificate is discarded + * after a handshake when the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is enabled. + * + * Use of this option is useful in combined with the delayed certificate verification + * when the server certificate has to be kept for the duration of the handshake + * but not afterwards. + * + */ +#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE + + /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL * From 4f8c88312c99062f77a1bdfcd97c82d7827c5a1b Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 15:48:12 +0100 Subject: [PATCH 03/32] Adding wrapper function for certificate verification function --- include/mbedtls/ssl_internal.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index ea1b847a7..c0a5db7be 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,14 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ); #endif +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +int ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + void *rs_ctx ); +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ + + static inline int mbedtls_ssl_get_minor_ver( mbedtls_ssl_context const *ssl ) { #if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER) From 635f86874fc4388192dfde34dcc341179607be9f Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 15:48:32 +0100 Subject: [PATCH 04/32] Adding delayed server cert verification to client state machine --- library/ssl_cli.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cec2f0962..eaba905c4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4218,6 +4218,11 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; +#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) + void *rs_ctx = NULL; + int authmode; + mbedtls_x509_crt *chain = NULL; +#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -4310,6 +4315,29 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) break; case MBEDTLS_SSL_CLIENT_FINISHED: + +#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET + ? ssl->handshake->sni_authmode + : mbedtls_ssl_conf_get_authmode( ssl->conf ); +#else + authmode = mbedtls_ssl_conf_get_authmode( ssl->conf ); +#endif +/* authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET + ? ssl->handshake->sni_authmode + : ssl->conf->authmode; +*/ + chain = ssl->session_negotiate->peer_cert; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "execute delayed server certificate verification" ) ); + + ret = ssl_parse_delayed_certificate_verify( ssl, authmode, + chain, rs_ctx ); + if( ret != 0 ) + break; +#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ + ret = mbedtls_ssl_write_finished( ssl ); break; From cb6410c67d95facd80eefd4cbbeefaf04c9eb3ab Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 15:48:55 +0100 Subject: [PATCH 05/32] Wrapper function for calling parse_certificate_verify --- library/ssl_tls.c | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a33760fdf..99a888da4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7972,6 +7972,26 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, return( verify_ret ); } + +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +/* ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify + * to call it in ssl_cli.c rather than purely internal to ssl_tls.c. + */ +int ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + void *rs_ctx ) +{ + + return( ssl_parse_certificate_verify( ssl, + authmode, + chain, + rs_ctx ) ); + +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ + + #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -8112,10 +8132,19 @@ crt_verify: rs_ctx = &ssl->handshake->ecrs_ctx; #endif - ret = ssl_parse_certificate_verify( ssl, authmode, - chain, rs_ctx ); - if( ret != 0 ) - goto exit; +#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) + if (mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "delay server certificate verification" ) ); + } + else +#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ + { + ret = ssl_parse_certificate_verify( ssl, authmode, + chain, rs_ctx ); + if( ret != 0 ) + goto exit; + } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) { @@ -12013,6 +12042,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) + mbedtls_free( ssl->session->peer_cert ); + ssl->session->peer_cert = NULL; +#endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ + #if defined(MBEDTLS_DHM_C) mbedtls_dhm_free( &handshake->dhm_ctx ); #endif From dfa4bae3206f7390b57a1906e5392a20f91733c9 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 15:49:35 +0100 Subject: [PATCH 06/32] Adding immediate transmission option --- include/mbedtls/config.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ebc28306c..e73047c90 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1615,6 +1615,16 @@ #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE +/** + * \def MBEDTLS_IMMEDIATE_TRANSMISSION + * + * Force stack to immediately transmit messages. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + */ +#define MBEDTLS_IMMEDIATE_TRANSMISSION + + /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL * From 2279ffd2a0bbcd0f5a31027f94e7cafc2a34da10 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 15:52:35 +0100 Subject: [PATCH 07/32] Adding immediate message transmission --- library/ssl_tls.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 99a888da4..c9517e3d2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4507,6 +4507,12 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) ); +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; + + return( 0 ); +#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ + ssl->handshake->cur_msg = ssl->handshake->flight; ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; if( ( ret = ssl_swap_epochs( ssl ) ) != 0 ) @@ -4861,6 +4867,14 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) ) { +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } +#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ + if( ( ret = ssl_flight_append( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); From 3cb3db79616d0697b34d538d352bc3da14976d7c Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 17:35:06 +0100 Subject: [PATCH 08/32] Adding early key computation config check --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 13bd50cfa..97dcc02c2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -914,6 +914,11 @@ #error "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" #endif + +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && !defined(MBEDTLS_USE_TINYCRYPT) +#error "MBEDTLS_EARLY_KEY_COMPUTATION can only be used with MBEDTLS_USE_TINYCRYPT" +#endif + /* * Note: the dependency on TinyCrypt is reflected in several ways in the code: * From 77cddb3ef7ff0e0e0280fc18fc284feb4166342b Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 17:36:00 +0100 Subject: [PATCH 09/32] Adding early key computation config option --- include/mbedtls/config.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e73047c90..872899c03 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1624,6 +1624,15 @@ */ #define MBEDTLS_IMMEDIATE_TRANSMISSION +/** + * \def MBEDTLS_EARLY_KEY_COMPUTATION + * + * Create ephemeral Diffie-Hellman key pair after + * the ClientHello has been successfully transmitted. + * + * Requires: + */ +#define MBEDTLS_EARLY_KEY_COMPUTATION /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL From c34d9cf37a3b394fe25d9087940c25e0ced26e53 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 17:37:06 +0100 Subject: [PATCH 10/32] Adding storage for public key to handshake_params --- include/mbedtls/ssl_internal.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index c0a5db7be..0b1f453e8 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -573,6 +573,9 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_USE_TINYCRYPT) uint8_t ecdh_privkey[NUM_ECC_BYTES]; +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) + uint8_t ecdh_publickey[2*NUM_ECC_BYTES]; +#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ uint8_t ecdh_peerkey[2*NUM_ECC_BYTES]; #endif /* MBEDTLS_USE_TINYCRYPT */ From e151a3528a856b7c677741fdefd2608e12f1d8a6 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Thu, 3 Dec 2020 17:37:49 +0100 Subject: [PATCH 11/32] Adding early ECDHE key generation to ssl_cli.c --- library/ssl_cli.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index eaba905c4..822b0697a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3661,11 +3661,15 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, *p++ = 2 * NUM_ECC_BYTES + 1; *p++ = 0x04; /* uncompressed point presentation */ +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) + memcpy( p, ssl->handshake->ecdh_publickey, 2 * NUM_ECC_BYTES ); +#else ret = uECC_make_key( p, ssl->handshake->ecdh_privkey ); if( ret == UECC_FAULT_DETECTED ) return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); if( ret != UECC_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); +#endif /* MBEDTLS_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ p += 2 * NUM_ECC_BYTES; } else @@ -4272,6 +4276,14 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) * ServerHelloDone */ case MBEDTLS_SSL_SERVER_HELLO: +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) + ret = uECC_make_key( ssl->handshake->ecdh_publickey, ssl->handshake->ecdh_privkey ); + if( ret == UECC_FAULT_DETECTED ) + return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + if( ret != UECC_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); +#endif /* MBEDTLS_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ + ret = ssl_parse_server_hello( ssl ); break; From c16289503038a14fd36d914ebfa06608ae23f055 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Mon, 7 Dec 2020 11:04:09 +0100 Subject: [PATCH 12/32] Add call to mbedtls_x509_crt_free() --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c9517e3d2..78637bad3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -12057,6 +12057,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) + mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); mbedtls_free( ssl->session->peer_cert ); ssl->session->peer_cert = NULL; #endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ From 34630562cd7078063418bf90a13e844baff0d439 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Tue, 15 Dec 2020 12:33:45 +0100 Subject: [PATCH 13/32] Making sure that the ECDHE pre-computation is only done once. --- library/ssl_cli.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 822b0697a..07d5825c4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4259,6 +4259,9 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) + int ecdhe_computed = 0; +#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ break; /* @@ -4277,11 +4280,16 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) */ case MBEDTLS_SSL_SERVER_HELLO: #if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) - ret = uECC_make_key( ssl->handshake->ecdh_publickey, ssl->handshake->ecdh_privkey ); - if( ret == UECC_FAULT_DETECTED ) - return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); - if( ret != UECC_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + /* Make sure that the ECDHE pre-computation is only done once */ + if( ecdhe_computed == 0 ) + { + ret = uECC_make_key( ssl->handshake->ecdh_publickey, ssl->handshake->ecdh_privkey ); + if( ret == UECC_FAULT_DETECTED ) + return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + if( ret != UECC_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + ecdhe_computed = 1; + } #endif /* MBEDTLS_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ ret = ssl_parse_server_hello( ssl ); From 32846c62acb10378eb5e9c58d798abd73aefde82 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Tue, 15 Dec 2020 12:50:37 +0100 Subject: [PATCH 14/32] Moving the ecdhe_computed variable into the handshake structure --- include/mbedtls/ssl_internal.h | 1 + library/ssl_cli.c | 7 ++----- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 0b1f453e8..6f1613f3d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -574,6 +574,7 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_USE_TINYCRYPT) uint8_t ecdh_privkey[NUM_ECC_BYTES]; #if defined(MBEDTLS_EARLY_KEY_COMPUTATION) + uint8_t ecdhe_computed; uint8_t ecdh_publickey[2*NUM_ECC_BYTES]; #endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ uint8_t ecdh_peerkey[2*NUM_ECC_BYTES]; diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 07d5825c4..5ed06d30f 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4259,9 +4259,6 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) - int ecdhe_computed = 0; -#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ break; /* @@ -4281,14 +4278,14 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_SERVER_HELLO: #if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) /* Make sure that the ECDHE pre-computation is only done once */ - if( ecdhe_computed == 0 ) + if( ssl->handshake->ecdhe_computed == 0 ) { ret = uECC_make_key( ssl->handshake->ecdh_publickey, ssl->handshake->ecdh_privkey ); if( ret == UECC_FAULT_DETECTED ) return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); if( ret != UECC_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - ecdhe_computed = 1; + ssl->handshake->ecdhe_computed = 1; } #endif /* MBEDTLS_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ From 131512440e9ff95bff1a1a75bff2720db89fa03b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 7 Dec 2020 09:29:48 -0500 Subject: [PATCH 15/32] Move the new config optimization defines to be optional Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 4 ++++ include/mbedtls/config.h | 12 ++++++------ library/ssl_tls.c | 4 ++-- scripts/config.pl | 7 +++++++ 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 80ed74c36..e49a52c71 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -160,6 +160,10 @@ /* Fault Injection Countermeasures */ #define MBEDTLS_FI_COUNTERMEASURES #define MBEDTLS_CCM_SHUFFLING_MASKING +/* Further optimizations */ +#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE +#define MBEDTLS_IMMEDIATE_TRANSMISSION +#define MBEDTLS_EARLY_KEY_COMPUTATION #if defined(MBEDTLS_USER_CONFIG_FILE) #include MBEDTLS_USER_CONFIG_FILE diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 872899c03..c675cbde1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -43,8 +43,8 @@ /** * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION * - * Enable the delayed verification of server - * certificates on the client side. + * Enable the delayed verification of server + * certificates on the client side. * */ #define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION @@ -1612,7 +1612,7 @@ * but not afterwards. * */ -#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE +//#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE /** @@ -1622,7 +1622,7 @@ * * Requires: MBEDTLS_SSL_PROTO_DTLS */ -#define MBEDTLS_IMMEDIATE_TRANSMISSION +//#define MBEDTLS_IMMEDIATE_TRANSMISSION /** * \def MBEDTLS_EARLY_KEY_COMPUTATION @@ -1630,9 +1630,9 @@ * Create ephemeral Diffie-Hellman key pair after * the ClientHello has been successfully transmitted. * - * Requires: + * Requires: */ -#define MBEDTLS_EARLY_KEY_COMPUTATION +//#define MBEDTLS_EARLY_KEY_COMPUTATION /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 78637bad3..0a013cab6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7989,7 +7989,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) /* ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify - * to call it in ssl_cli.c rather than purely internal to ssl_tls.c. + * to call it in ssl_cli.c rather than purely internal to ssl_tls.c. */ int ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, int authmode, @@ -8003,7 +8003,7 @@ int ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, rs_ctx ) ); } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) diff --git a/scripts/config.pl b/scripts/config.pl index af85824f1..f3b9da6a9 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -61,6 +61,10 @@ # MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY # MBEDTLS_OPTIMIZE_TINYCRYPT_ASM # MBEDTLS_AES_128_BIT_MASKED +# MBEDTLS_PLATFORM_FAULT_CALLBACKS +# MBEDTLS_SSL_FREE_SERVER_CERTIFICATE +# MBEDTLS_IMMEDIATE_TRANSMISSION +# MBEDTLS_EARLY_KEY_COMPUTATION # and any symbol beginning _ALT # # The baremetal configuration excludes options that require a library or @@ -149,6 +153,9 @@ MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY MBEDTLS_OPTIMIZE_TINYCRYPT_ASM MBEDTLS_AES_128_BIT_MASKED MBEDTLS_PLATFORM_FAULT_CALLBACKS +MBEDTLS_SSL_FREE_SERVER_CERTIFICATE +MBEDTLS_IMMEDIATE_TRANSMISSION +MBEDTLS_EARLY_KEY_COMPUTATION _ALT\s*$ ); From b22e64045b81f677aea3ca115df66e1a5fd2b44d Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 7 Dec 2020 09:30:54 -0500 Subject: [PATCH 16/32] Update generated files Signed-off-by: Andrzej Kurek --- library/version_features.c | 12 ++++++++++++ programs/ssl/query_config.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index ea072ac25..26bade403 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -33,6 +33,9 @@ static const char *features[] = { #if defined(MBEDTLS_VERSION_FEATURES) +#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) + "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", +#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ @@ -489,6 +492,15 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE", #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) + "MBEDTLS_SSL_FREE_SERVER_CERTIFICATE", +#endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + "MBEDTLS_IMMEDIATE_TRANSMISSION", +#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) + "MBEDTLS_EARLY_KEY_COMPUTATION", +#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) "MBEDTLS_SSL_HW_RECORD_ACCEL", #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 0711703fe..baf513b33 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -130,6 +130,14 @@ int query_config( const char *config ) { +#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) + if( strcmp( "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION ); + return( 0 ); + } +#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ + #if defined(MBEDTLS_HAVE_ASM) if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 ) { @@ -1346,6 +1354,30 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) + if( strcmp( "MBEDTLS_SSL_FREE_SERVER_CERTIFICATE", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_FREE_SERVER_CERTIFICATE ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ + +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + if( strcmp( "MBEDTLS_IMMEDIATE_TRANSMISSION", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_IMMEDIATE_TRANSMISSION ); + return( 0 ); + } +#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ + +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) + if( strcmp( "MBEDTLS_EARLY_KEY_COMPUTATION", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_EARLY_KEY_COMPUTATION ); + return( 0 ); + } +#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ + #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) if( strcmp( "MBEDTLS_SSL_HW_RECORD_ACCEL", config ) == 0 ) { From 777d4217f14a1cb356d7f80c7205f2046f5c2d57 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 7 Dec 2020 09:32:07 -0500 Subject: [PATCH 17/32] Fix define and function names to conform to Mbed TLS rules Signed-off-by: Andrzej Kurek --- include/mbedtls/ssl_internal.h | 10 +++++----- library/ssl_cli.c | 4 ++-- library/ssl_tls.c | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 6f1613f3d..97c00e256 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1090,11 +1090,11 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) -int ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - void *rs_ctx ); -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + void *rs_ctx ); +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ static inline int mbedtls_ssl_get_minor_ver( mbedtls_ssl_context const *ssl ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5ed06d30f..123454338 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4349,8 +4349,8 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "execute delayed server certificate verification" ) ); - ret = ssl_parse_delayed_certificate_verify( ssl, authmode, - chain, rs_ctx ); + ret = mbedtls_ssl_parse_delayed_certificate_verify( ssl, authmode, + chain, rs_ctx ); if( ret != 0 ) break; #endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0a013cab6..47611552e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7988,13 +7988,13 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) -/* ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify +/* mbedtls_ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify * to call it in ssl_cli.c rather than purely internal to ssl_tls.c. */ -int ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - void *rs_ctx ) +int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + void *rs_ctx ) { return( ssl_parse_certificate_verify( ssl, From 52e08cbcb2a97435ecdf694699b4c059c81b891c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 8 Dec 2020 04:46:25 -0500 Subject: [PATCH 18/32] Fix unused parameters and ifdefs Signed-off-by: Andrzej Kurek --- library/ssl_cli.c | 4 ++-- library/ssl_tls.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 123454338..08d5a7117 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3654,14 +3654,14 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, { ((void) n); - + ((void) ret); if( (size_t)( end - p ) < 2 * NUM_ECC_BYTES + 2 ) return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); *p++ = 2 * NUM_ECC_BYTES + 1; *p++ = 0x04; /* uncompressed point presentation */ -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) +#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) memcpy( p, ssl->handshake->ecdh_publickey, 2 * NUM_ECC_BYTES ); #else ret = uECC_make_key( p, ssl->handshake->ecdh_privkey ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 47611552e..64f43f0d1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -12056,7 +12056,9 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) +#if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) && \ + defined(MBEDTLS_X509_CRT_PARSE_C) && \ + defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); mbedtls_free( ssl->session->peer_cert ); ssl->session->peer_cert = NULL; From c3dde3f2f9cc5f4ff6d8a1240e0d166be84de1a4 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 8 Dec 2020 10:10:52 -0500 Subject: [PATCH 19/32] Fix unreachable code error Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 64f43f0d1..f5d663e42 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4511,7 +4511,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; return( 0 ); -#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ +#else ssl->handshake->cur_msg = ssl->handshake->flight; ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; @@ -4519,6 +4519,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) return( ret ); ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; +#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ } while( ssl->handshake->cur_msg != NULL ) From 5ac3a509243a72c46564d6ace0d6fbce30bf3353 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 8 Dec 2020 10:26:27 -0500 Subject: [PATCH 20/32] DTLS: disable datagram packing tests when immediate transmission is on Signed-off-by: Andrzej Kurek --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 81ea9e1f6..e452ca3cd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1368,6 +1368,7 @@ run_test "SHA-256 allowed by default in client certificate" \ 0 # Tests for datagram packing +requires_config_disabled MBEDTLS_IMMEDIATE_TRANSMISSION run_test "DTLS: multiple records in same datagram, client and server" \ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ @@ -1375,6 +1376,7 @@ run_test "DTLS: multiple records in same datagram, client and server" \ -c "next record in same datagram" \ -s "next record in same datagram" +requires_config_disabled MBEDTLS_IMMEDIATE_TRANSMISSION run_test "DTLS: multiple records in same datagram, client only" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ @@ -1382,6 +1384,7 @@ run_test "DTLS: multiple records in same datagram, client only" \ -s "next record in same datagram" \ -C "next record in same datagram" +requires_config_disabled MBEDTLS_IMMEDIATE_TRANSMISSION run_test "DTLS: multiple records in same datagram, server only" \ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ From 9627202d3ae7f47ec0fb1b299433fb556a261622 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 12 Dec 2020 07:33:20 -0500 Subject: [PATCH 21/32] Move MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION to baremetal config Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 3 +++ include/mbedtls/config.h | 2 +- scripts/config.pl | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index e49a52c71..43a488c2f 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -160,7 +160,10 @@ /* Fault Injection Countermeasures */ #define MBEDTLS_FI_COUNTERMEASURES #define MBEDTLS_CCM_SHUFFLING_MASKING + /* Further optimizations */ +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE #define MBEDTLS_IMMEDIATE_TRANSMISSION #define MBEDTLS_EARLY_KEY_COMPUTATION diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c675cbde1..3c3c1ce56 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -47,7 +47,7 @@ * certificates on the client side. * */ -#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +//#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION /** * \def MBEDTLS_HAVE_ASM diff --git a/scripts/config.pl b/scripts/config.pl index f3b9da6a9..d9aef53db 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -62,6 +62,7 @@ # MBEDTLS_OPTIMIZE_TINYCRYPT_ASM # MBEDTLS_AES_128_BIT_MASKED # MBEDTLS_PLATFORM_FAULT_CALLBACKS +# MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION # MBEDTLS_SSL_FREE_SERVER_CERTIFICATE # MBEDTLS_IMMEDIATE_TRANSMISSION # MBEDTLS_EARLY_KEY_COMPUTATION @@ -153,6 +154,7 @@ MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY MBEDTLS_OPTIMIZE_TINYCRYPT_ASM MBEDTLS_AES_128_BIT_MASKED MBEDTLS_PLATFORM_FAULT_CALLBACKS +MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION MBEDTLS_SSL_FREE_SERVER_CERTIFICATE MBEDTLS_IMMEDIATE_TRANSMISSION MBEDTLS_EARLY_KEY_COMPUTATION From d886d9f93cffeb6410d27677baac54d4b4e6d8cc Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 14 Dec 2020 06:01:43 -0500 Subject: [PATCH 22/32] Fix freeing uninitialized fields from the ssl context Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f5d663e42..038e581d5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -12060,9 +12060,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) && \ defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); - mbedtls_free( ssl->session->peer_cert ); - ssl->session->peer_cert = NULL; + if( ssl->session_negotiate ) + { + mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); + } + if( ssl->session ) + { + mbedtls_free( ssl->session->peer_cert ); + ssl->session->peer_cert = NULL; + } #endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ #if defined(MBEDTLS_DHM_C) From 38c7f2d32f36d4b43d53b9eb71dd5de896a74f9a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 15 Dec 2020 05:46:54 -0500 Subject: [PATCH 23/32] Refactor the immediate transmission feature The original way or handling it did not cover message fragmentation or retransmission. Now, the messages are always appended to the flight and sent immediately, using the same function as normal flight transmission. Moreover, epoch handling is different for this feature, with a possibility to perform the usual retransmission using previous methods. Signed-off-by: Andrzej Kurek --- include/mbedtls/ssl_internal.h | 3 + library/ssl_cli.c | 14 +- library/ssl_srv.c | 28 ++- library/ssl_tls.c | 307 ++++++++++++++++++--------------- 4 files changed, 205 insertions(+), 147 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 97c00e256..80da3ac1a 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1203,6 +1203,9 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +void mbedtls_ssl_immediate_flight_done( mbedtls_ssl_context *ssl ); +#endif #endif /* Visible for testing purposes only */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 08d5a7117..7f69b6242 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1141,11 +1141,17 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + mbedtls_ssl_immediate_flight_done( ssl ); +#else + if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); + return( ret ); + } +#endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 389a24e48..ce92f98dc 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2743,11 +2743,17 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + mbedtls_ssl_immediate_flight_done( ssl ); +#else + if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); + return( ret ); + } +#endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -3802,11 +3808,17 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + mbedtls_ssl_immediate_flight_done( ssl ); +#else + if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); + return( ret ); + } +#endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 038e581d5..f20faf92a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4360,6 +4360,131 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) * Functions to handle the DTLS retransmission state machine */ #if defined(MBEDTLS_SSL_PROTO_DTLS) +static int ssl_swap_epochs( mbedtls_ssl_context *ssl ); + +static int mbedtls_ssl_flight_transmit_msg( mbedtls_ssl_context *ssl, mbedtls_ssl_flight_item *msg ) +{ + size_t max_frag_len; + int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + int const is_retransmitting = + ( ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ); + int const is_finished = + ( msg->type == MBEDTLS_SSL_MSG_HANDSHAKE && + msg->p[0] == MBEDTLS_SSL_HS_FINISHED ); + + uint8_t const force_flush = ssl->disable_datagram_packing == 1 ? + SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; + + /* Swap epochs before sending Finished: we can't do it after + * sending ChangeCipherSpec, in case write returns WANT_READ. + * Must be done before copying, may change out_msg pointer */ + if( is_retransmitting && is_finished && ssl->handshake->cur_msg_p == ( msg->p + 12 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) ); + if( ( ret = ssl_swap_epochs( ssl ) ) != 0 ) + return( ret ); + } + + ret = ssl_get_remaining_payload_in_datagram( ssl ); + if( ret < 0 ) + return( ret ); + max_frag_len = (size_t) ret; + + /* CCS is copied as is, while HS messages may need fragmentation */ + if( msg->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) + { + if( max_frag_len == 0 ) + { + if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) + return( ret ); + + return( 0 ); + } + + mbedtls_platform_memcpy( ssl->out_msg, msg->p, msg->len ); + ssl->out_msglen = msg->len; + ssl->out_msgtype = msg->type; + + /* Update position inside current message */ + ssl->handshake->cur_msg_p += msg->len; + } + else + { + const unsigned char * const p = ssl->handshake->cur_msg_p; + const size_t hs_len = msg->len - 12; + const size_t frag_off = p - ( msg->p + 12 ); + const size_t rem_len = hs_len - frag_off; + size_t cur_hs_frag_len, max_hs_frag_len; + + if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) ) + { + if( is_finished && is_retransmitting ) + { + if( ( ret = ssl_swap_epochs( ssl ) ) != 0 ) + return( ret ); + } + + if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) + return( ret ); + + return( 0 ); + } + max_hs_frag_len = max_frag_len - 12; + + cur_hs_frag_len = rem_len > max_hs_frag_len ? + max_hs_frag_len : rem_len; + + if( frag_off == 0 && cur_hs_frag_len != hs_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)", + (unsigned) cur_hs_frag_len, + (unsigned) max_hs_frag_len ) ); + } + + /* Messages are stored with handshake headers as if not fragmented, + * copy beginning of headers then fill fragmentation fields. + * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ + mbedtls_platform_memcpy( ssl->out_msg, msg->p, 6 ); + + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[9], + cur_hs_frag_len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); + + /* Copy the handshake message content and set records fields */ + mbedtls_platform_memcpy( ssl->out_msg + 12, p, cur_hs_frag_len ); + ssl->out_msglen = cur_hs_frag_len + 12; + ssl->out_msgtype = msg->type; + + /* Update position inside current message */ + ssl->handshake->cur_msg_p += cur_hs_frag_len; + } + + /* If done with the current message move to the next one if any */ + if( ssl->handshake->cur_msg_p >= msg->p + msg->len ) + { + if( msg->next != NULL ) + { + ssl->handshake->cur_msg = msg->next; + ssl->handshake->cur_msg_p = msg->next->p + 12; + } + else + { + ssl->handshake->cur_msg = NULL; + ssl->handshake->cur_msg_p = NULL; + } + } + + /* Actually send the message out */ + if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); + return( ret ); + } + return( ret ); +} + /* * Append current handshake message to current outgoing flight */ @@ -4402,6 +4527,21 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl ) cur->next = msg; } +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + ssl->handshake->cur_msg = msg; + ssl->handshake->cur_msg_p = msg->p + 12; + { + int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; + while( ssl->handshake->cur_msg != NULL ) + { + if( ( ret = mbedtls_ssl_flight_transmit_msg( ssl, ssl->handshake->cur_msg ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit_msg", ret ); + return( ret ); + } + } + } +#endif MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) ); return( 0 ); } @@ -4491,6 +4631,24 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) return( ret ); } +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +void mbedtls_ssl_immediate_flight_done( mbedtls_ssl_context *ssl ) +{ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_immediate_flight_done" ) ); + + /* Update state and set timer */ + if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; + else + { + ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; + ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); + } + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_immediate_flight_done" ) ); +} +#endif + /* * Transmit or retransmit the current flight of messages. * @@ -4507,138 +4665,19 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) ); -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; - - return( 0 ); -#else - ssl->handshake->cur_msg = ssl->handshake->flight; ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; if( ( ret = ssl_swap_epochs( ssl ) ) != 0 ) return( ret ); ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; -#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ } while( ssl->handshake->cur_msg != NULL ) { - size_t max_frag_len; - const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg; - - int const is_finished = - ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && - cur->p[0] == MBEDTLS_SSL_HS_FINISHED ); - - uint8_t const force_flush = ssl->disable_datagram_packing == 1 ? - SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; - - /* Swap epochs before sending Finished: we can't do it after - * sending ChangeCipherSpec, in case write returns WANT_READ. - * Must be done before copying, may change out_msg pointer */ - if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) ) + if( ( ret = mbedtls_ssl_flight_transmit_msg( ssl, ssl->handshake->cur_msg ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) ); - if( ( ret = ssl_swap_epochs( ssl ) ) != 0 ) - return( ret ); - } - - ret = ssl_get_remaining_payload_in_datagram( ssl ); - if( ret < 0 ) - return( ret ); - max_frag_len = (size_t) ret; - - /* CCS is copied as is, while HS messages may need fragmentation */ - if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { - if( max_frag_len == 0 ) - { - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); - - continue; - } - - mbedtls_platform_memcpy( ssl->out_msg, cur->p, cur->len ); - ssl->out_msglen = cur->len; - ssl->out_msgtype = cur->type; - - /* Update position inside current message */ - ssl->handshake->cur_msg_p += cur->len; - } - else - { - const unsigned char * const p = ssl->handshake->cur_msg_p; - const size_t hs_len = cur->len - 12; - const size_t frag_off = p - ( cur->p + 12 ); - const size_t rem_len = hs_len - frag_off; - size_t cur_hs_frag_len, max_hs_frag_len; - - if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) ) - { - if( is_finished ) - { - if( ( ret = ssl_swap_epochs( ssl ) ) != 0 ) - return( ret ); - } - - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); - - continue; - } - max_hs_frag_len = max_frag_len - 12; - - cur_hs_frag_len = rem_len > max_hs_frag_len ? - max_hs_frag_len : rem_len; - - if( frag_off == 0 && cur_hs_frag_len != hs_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)", - (unsigned) cur_hs_frag_len, - (unsigned) max_hs_frag_len ) ); - } - - /* Messages are stored with handshake headers as if not fragmented, - * copy beginning of headers then fill fragmentation fields. - * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ - mbedtls_platform_memcpy( ssl->out_msg, cur->p, 6 ); - - (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off ); - (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[9], - cur_hs_frag_len ); - - MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); - - /* Copy the handshake message content and set records fields */ - mbedtls_platform_memcpy( ssl->out_msg + 12, p, cur_hs_frag_len ); - ssl->out_msglen = cur_hs_frag_len + 12; - ssl->out_msgtype = cur->type; - - /* Update position inside current message */ - ssl->handshake->cur_msg_p += cur_hs_frag_len; - } - - /* If done with the current message move to the next one if any */ - if( ssl->handshake->cur_msg_p >= cur->p + cur->len ) - { - if( cur->next != NULL ) - { - ssl->handshake->cur_msg = cur->next; - ssl->handshake->cur_msg_p = cur->next->p + 12; - } - else - { - ssl->handshake->cur_msg = NULL; - ssl->handshake->cur_msg_p = NULL; - } - } - - /* Actually send the message out */ - if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit_msg", ret ); return( ret ); } } @@ -4657,7 +4696,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) ); - return( 0 ); + return( ret ); } /* @@ -4868,14 +4907,6 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) ) { -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret ); - return( ret ); - } -#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ - if( ( ret = ssl_flight_append( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); @@ -8707,13 +8738,19 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); - } +#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) + mbedtls_ssl_immediate_flight_done( ssl ); +#else + if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); + return( ret ); + } #endif + } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); From e2134ed4b1726420462e4201e05d50f3d5a03acf Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 18 Dec 2020 08:03:17 -0500 Subject: [PATCH 24/32] Fix certificate management when freeing handshake Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f20faf92a..f7f9e326f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -12099,12 +12099,11 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if( ssl->session_negotiate ) { - mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert ); + ssl_clear_peer_cert( ssl->session_negotiate ); } if( ssl->session ) { - mbedtls_free( ssl->session->peer_cert ); - ssl->session->peer_cert = NULL; + ssl_clear_peer_cert( ssl->session ); } #endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ From e6c3aa7e7b2bc4294cc3653c7132bc97eb7f7250 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 18 Dec 2020 15:06:42 -0500 Subject: [PATCH 25/32] Fix minor issues and clean up the code Signed-off-by: Andrzej Kurek --- library/ssl_cli.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7f69b6242..eba30fa72 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3668,7 +3668,8 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, *p++ = 0x04; /* uncompressed point presentation */ #if defined(MBEDTLS_EARLY_KEY_COMPUTATION) - memcpy( p, ssl->handshake->ecdh_publickey, 2 * NUM_ECC_BYTES ); + mbedtls_platform_memcpy( p, ssl->handshake->ecdh_publickey, + 2 * NUM_ECC_BYTES ); #else ret = uECC_make_key( p, ssl->handshake->ecdh_privkey ); if( ret == UECC_FAULT_DETECTED ) @@ -4227,11 +4228,10 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) { - int ret = 0; + int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; #if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) void *rs_ctx = NULL; int authmode; - mbedtls_x509_crt *chain = NULL; #endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) @@ -4347,16 +4347,11 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) #else authmode = mbedtls_ssl_conf_get_authmode( ssl->conf ); #endif -/* authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; -*/ - chain = ssl->session_negotiate->peer_cert; MBEDTLS_SSL_DEBUG_MSG( 3, ( "execute delayed server certificate verification" ) ); ret = mbedtls_ssl_parse_delayed_certificate_verify( ssl, authmode, - chain, rs_ctx ); + ssl->session_negotiate->peer_cert, rs_ctx ); if( ret != 0 ) break; #endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ From 0719b3c1298b588dc18bf820599666025268b134 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 18 Dec 2020 15:07:02 -0500 Subject: [PATCH 26/32] Add output flushing after each message transmission Signed-off-by: Andrzej Kurek --- library/ssl_tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7f9e326f..b1205a4dc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4539,6 +4539,9 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit_msg", ret ); return( ret ); } + + if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) + return( ret ); } } #endif From df6e684460a5f4acb2bb0af8ad5a8e2882f59ea9 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 21 Dec 2020 07:45:43 -0500 Subject: [PATCH 27/32] Add a valgrind test for baremetal config Signed-off-by: Andrzej Kurek --- tests/scripts/all.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a8747c2a0..a9065c73d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1827,6 +1827,13 @@ component_test_baremetal () { msg "test: baremetal.h + baremetal_test.h" if_build_succeeded make test if_build_succeeded tests/ssl-opt.sh + + # Optional parts (slow; currently broken on OS X because programs don't + # seem to receive signals under valgrind on OS X). + if [ "$MEMORY" -gt 0 ]; then + msg "test: ssl-opt.sh --memcheck" + if_build_succeeded tests/ssl-opt.sh --memcheck + fi } component_test_hardware_entropy () { From 4f5549f595df905844bbc8a44cb7a63a764e7f89 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 21 Dec 2020 07:56:57 -0500 Subject: [PATCH 28/32] Add an "SSL" infix to MBEDTLS_IMMEDIATE_TRANSMISSION Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 2 +- include/mbedtls/config.h | 4 ++-- include/mbedtls/ssl_internal.h | 2 +- library/ssl_cli.c | 2 +- library/ssl_srv.c | 4 ++-- library/ssl_tls.c | 6 +++--- library/version_features.c | 6 +++--- programs/ssl/query_config.c | 8 ++++---- scripts/config.pl | 4 ++-- tests/ssl-opt.sh | 6 +++--- 10 files changed, 22 insertions(+), 22 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 43a488c2f..038b06026 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -165,7 +165,7 @@ #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE #define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE -#define MBEDTLS_IMMEDIATE_TRANSMISSION +#define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION #define MBEDTLS_EARLY_KEY_COMPUTATION #if defined(MBEDTLS_USER_CONFIG_FILE) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3c3c1ce56..0fca50a89 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1616,13 +1616,13 @@ /** - * \def MBEDTLS_IMMEDIATE_TRANSMISSION + * \def MBEDTLS_SSL_IMMEDIATE_TRANSMISSION * * Force stack to immediately transmit messages. * * Requires: MBEDTLS_SSL_PROTO_DTLS */ -//#define MBEDTLS_IMMEDIATE_TRANSMISSION +//#define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION /** * \def MBEDTLS_EARLY_KEY_COMPUTATION diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 80da3ac1a..bd2169ef3 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1203,7 +1203,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) void mbedtls_ssl_immediate_flight_done( mbedtls_ssl_context *ssl ); #endif #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index eba30fa72..bde7d10ff 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1143,7 +1143,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) mbedtls_ssl_immediate_flight_done( ssl ); #else if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ce92f98dc..7ef263c49 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2745,7 +2745,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) mbedtls_ssl_immediate_flight_done( ssl ); #else if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) @@ -3810,7 +3810,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) mbedtls_ssl_immediate_flight_done( ssl ); #else if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b1205a4dc..75ec82170 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4527,7 +4527,7 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl ) cur->next = msg; } -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) ssl->handshake->cur_msg = msg; ssl->handshake->cur_msg_p = msg->p + 12; { @@ -4634,7 +4634,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) void mbedtls_ssl_immediate_flight_done( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_immediate_flight_done" ) ); @@ -8743,7 +8743,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) mbedtls_ssl_immediate_flight_done( ssl ); #else if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) diff --git a/library/version_features.c b/library/version_features.c index 26bade403..11045f8bc 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -495,9 +495,9 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_FREE_SERVER_CERTIFICATE) "MBEDTLS_SSL_FREE_SERVER_CERTIFICATE", #endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) - "MBEDTLS_IMMEDIATE_TRANSMISSION", -#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) + "MBEDTLS_SSL_IMMEDIATE_TRANSMISSION", +#endif /* MBEDTLS_SSL_IMMEDIATE_TRANSMISSION */ #if defined(MBEDTLS_EARLY_KEY_COMPUTATION) "MBEDTLS_EARLY_KEY_COMPUTATION", #endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index baf513b33..6f4e67fb3 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1362,13 +1362,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_FREE_SERVER_CERTIFICATE */ -#if defined(MBEDTLS_IMMEDIATE_TRANSMISSION) - if( strcmp( "MBEDTLS_IMMEDIATE_TRANSMISSION", config ) == 0 ) +#if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) + if( strcmp( "MBEDTLS_SSL_IMMEDIATE_TRANSMISSION", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_IMMEDIATE_TRANSMISSION ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_IMMEDIATE_TRANSMISSION ); return( 0 ); } -#endif /* MBEDTLS_IMMEDIATE_TRANSMISSION */ +#endif /* MBEDTLS_SSL_IMMEDIATE_TRANSMISSION */ #if defined(MBEDTLS_EARLY_KEY_COMPUTATION) if( strcmp( "MBEDTLS_EARLY_KEY_COMPUTATION", config ) == 0 ) diff --git a/scripts/config.pl b/scripts/config.pl index d9aef53db..1fc156cbd 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -64,7 +64,7 @@ # MBEDTLS_PLATFORM_FAULT_CALLBACKS # MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION # MBEDTLS_SSL_FREE_SERVER_CERTIFICATE -# MBEDTLS_IMMEDIATE_TRANSMISSION +# MBEDTLS_SSL_IMMEDIATE_TRANSMISSION # MBEDTLS_EARLY_KEY_COMPUTATION # and any symbol beginning _ALT # @@ -156,7 +156,7 @@ MBEDTLS_AES_128_BIT_MASKED MBEDTLS_PLATFORM_FAULT_CALLBACKS MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION MBEDTLS_SSL_FREE_SERVER_CERTIFICATE -MBEDTLS_IMMEDIATE_TRANSMISSION +MBEDTLS_SSL_IMMEDIATE_TRANSMISSION MBEDTLS_EARLY_KEY_COMPUTATION _ALT\s*$ ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e452ca3cd..bcefb8e34 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1368,7 +1368,7 @@ run_test "SHA-256 allowed by default in client certificate" \ 0 # Tests for datagram packing -requires_config_disabled MBEDTLS_IMMEDIATE_TRANSMISSION +requires_config_disabled MBEDTLS_SSL_IMMEDIATE_TRANSMISSION run_test "DTLS: multiple records in same datagram, client and server" \ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ @@ -1376,7 +1376,7 @@ run_test "DTLS: multiple records in same datagram, client and server" \ -c "next record in same datagram" \ -s "next record in same datagram" -requires_config_disabled MBEDTLS_IMMEDIATE_TRANSMISSION +requires_config_disabled MBEDTLS_SSL_IMMEDIATE_TRANSMISSION run_test "DTLS: multiple records in same datagram, client only" \ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ @@ -1384,7 +1384,7 @@ run_test "DTLS: multiple records in same datagram, client only" \ -s "next record in same datagram" \ -C "next record in same datagram" -requires_config_disabled MBEDTLS_IMMEDIATE_TRANSMISSION +requires_config_disabled MBEDTLS_SSL_IMMEDIATE_TRANSMISSION run_test "DTLS: multiple records in same datagram, server only" \ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ From 6b5c9a3744e9547c59abb873bc744425951fd654 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 21 Dec 2020 08:02:59 -0500 Subject: [PATCH 29/32] Add an "SSL" infix to MBEDTLS_EARLY_KEY_COMPUTATION Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 2 +- include/mbedtls/check_config.h | 4 ++-- include/mbedtls/config.h | 4 ++-- include/mbedtls/ssl_internal.h | 4 ++-- library/ssl_cli.c | 8 ++++---- library/version_features.c | 6 +++--- programs/ssl/query_config.c | 8 ++++---- scripts/config.pl | 4 ++-- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 038b06026..3c59bb926 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -166,7 +166,7 @@ #define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE #define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION -#define MBEDTLS_EARLY_KEY_COMPUTATION +#define MBEDTLS_SSL_EARLY_KEY_COMPUTATION #if defined(MBEDTLS_USER_CONFIG_FILE) #include MBEDTLS_USER_CONFIG_FILE diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 97dcc02c2..2a2f19c14 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -915,8 +915,8 @@ #endif -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && !defined(MBEDTLS_USE_TINYCRYPT) -#error "MBEDTLS_EARLY_KEY_COMPUTATION can only be used with MBEDTLS_USE_TINYCRYPT" +#if defined(MBEDTLS_SSL_EARLY_KEY_COMPUTATION) && !defined(MBEDTLS_USE_TINYCRYPT) +#error "MBEDTLS_SSL_EARLY_KEY_COMPUTATION can only be used with MBEDTLS_USE_TINYCRYPT" #endif /* diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0fca50a89..d9b69224a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1625,14 +1625,14 @@ //#define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION /** - * \def MBEDTLS_EARLY_KEY_COMPUTATION + * \def MBEDTLS_SSL_EARLY_KEY_COMPUTATION * * Create ephemeral Diffie-Hellman key pair after * the ClientHello has been successfully transmitted. * * Requires: */ -//#define MBEDTLS_EARLY_KEY_COMPUTATION +//#define MBEDTLS_SSL_EARLY_KEY_COMPUTATION /** * \def MBEDTLS_SSL_HW_RECORD_ACCEL diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index bd2169ef3..5d8f6fdbd 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -573,10 +573,10 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_USE_TINYCRYPT) uint8_t ecdh_privkey[NUM_ECC_BYTES]; -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) +#if defined(MBEDTLS_SSL_EARLY_KEY_COMPUTATION) uint8_t ecdhe_computed; uint8_t ecdh_publickey[2*NUM_ECC_BYTES]; -#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ +#endif /* MBEDTLS_SSL_EARLY_KEY_COMPUTATION */ uint8_t ecdh_peerkey[2*NUM_ECC_BYTES]; #endif /* MBEDTLS_USE_TINYCRYPT */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index bde7d10ff..ba6a806e4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3667,7 +3667,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, *p++ = 2 * NUM_ECC_BYTES + 1; *p++ = 0x04; /* uncompressed point presentation */ -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) +#if defined(MBEDTLS_SSL_EARLY_KEY_COMPUTATION) mbedtls_platform_memcpy( p, ssl->handshake->ecdh_publickey, 2 * NUM_ECC_BYTES ); #else @@ -3676,7 +3676,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); if( ret != UECC_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); -#endif /* MBEDTLS_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ +#endif /* MBEDTLS_SSL_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ p += 2 * NUM_ECC_BYTES; } else @@ -4282,7 +4282,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) * ServerHelloDone */ case MBEDTLS_SSL_SERVER_HELLO: -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) +#if defined(MBEDTLS_SSL_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) /* Make sure that the ECDHE pre-computation is only done once */ if( ssl->handshake->ecdhe_computed == 0 ) { @@ -4293,7 +4293,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); ssl->handshake->ecdhe_computed = 1; } -#endif /* MBEDTLS_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ +#endif /* MBEDTLS_SSL_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ ret = ssl_parse_server_hello( ssl ); break; diff --git a/library/version_features.c b/library/version_features.c index 11045f8bc..0ada3c672 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -498,9 +498,9 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_IMMEDIATE_TRANSMISSION) "MBEDTLS_SSL_IMMEDIATE_TRANSMISSION", #endif /* MBEDTLS_SSL_IMMEDIATE_TRANSMISSION */ -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) - "MBEDTLS_EARLY_KEY_COMPUTATION", -#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ +#if defined(MBEDTLS_SSL_EARLY_KEY_COMPUTATION) + "MBEDTLS_SSL_EARLY_KEY_COMPUTATION", +#endif /* MBEDTLS_SSL_EARLY_KEY_COMPUTATION */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) "MBEDTLS_SSL_HW_RECORD_ACCEL", #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 6f4e67fb3..1f8ae210c 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1370,13 +1370,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_IMMEDIATE_TRANSMISSION */ -#if defined(MBEDTLS_EARLY_KEY_COMPUTATION) - if( strcmp( "MBEDTLS_EARLY_KEY_COMPUTATION", config ) == 0 ) +#if defined(MBEDTLS_SSL_EARLY_KEY_COMPUTATION) + if( strcmp( "MBEDTLS_SSL_EARLY_KEY_COMPUTATION", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_EARLY_KEY_COMPUTATION ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EARLY_KEY_COMPUTATION ); return( 0 ); } -#endif /* MBEDTLS_EARLY_KEY_COMPUTATION */ +#endif /* MBEDTLS_SSL_EARLY_KEY_COMPUTATION */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) if( strcmp( "MBEDTLS_SSL_HW_RECORD_ACCEL", config ) == 0 ) diff --git a/scripts/config.pl b/scripts/config.pl index 1fc156cbd..d2af5a475 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -65,7 +65,7 @@ # MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION # MBEDTLS_SSL_FREE_SERVER_CERTIFICATE # MBEDTLS_SSL_IMMEDIATE_TRANSMISSION -# MBEDTLS_EARLY_KEY_COMPUTATION +# MBEDTLS_SSL_EARLY_KEY_COMPUTATION # and any symbol beginning _ALT # # The baremetal configuration excludes options that require a library or @@ -157,7 +157,7 @@ MBEDTLS_PLATFORM_FAULT_CALLBACKS MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION MBEDTLS_SSL_FREE_SERVER_CERTIFICATE MBEDTLS_SSL_IMMEDIATE_TRANSMISSION -MBEDTLS_EARLY_KEY_COMPUTATION +MBEDTLS_SSL_EARLY_KEY_COMPUTATION _ALT\s*$ ); From ad3c4ffb5610f9b1f70eb3af824656e3c11bf594 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 21 Dec 2020 08:11:36 -0500 Subject: [PATCH 30/32] Add an "SSL" infix to MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 2 +- include/mbedtls/check_config.h | 4 ++-- include/mbedtls/config.h | 4 ++-- include/mbedtls/ssl_internal.h | 4 ++-- library/ssl_cli.c | 8 ++++---- library/ssl_tls.c | 8 ++++---- library/version_features.c | 6 +++--- programs/ssl/query_config.c | 8 ++++---- scripts/config.pl | 4 ++-- 9 files changed, 24 insertions(+), 24 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 3c59bb926..a0fb744e6 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -163,7 +163,7 @@ /* Further optimizations */ #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE #define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION #define MBEDTLS_SSL_EARLY_KEY_COMPUTATION diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 2a2f19c14..4c92954e9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -910,8 +910,8 @@ #undef MBEDTLS_HASHES_ENABLED #endif /* MBEDTLS_MD_SINGLE_HASH */ -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#error "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +#error "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d9b69224a..22eba11de 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -41,13 +41,13 @@ */ /** - * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION + * \def MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION * * Enable the delayed verification of server * certificates on the client side. * */ -//#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +//#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION /** * \def MBEDTLS_HAVE_ASM diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 5d8f6fdbd..441109dd4 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1089,12 +1089,12 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, int authmode, mbedtls_x509_crt *chain, void *rs_ctx ); -#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ static inline int mbedtls_ssl_get_minor_ver( mbedtls_ssl_context const *ssl ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index ba6a806e4..cc6c86d31 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4229,10 +4229,10 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) void *rs_ctx = NULL; int authmode; -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -4339,7 +4339,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_CLIENT_FINISHED: -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ? ssl->handshake->sni_authmode @@ -4354,7 +4354,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) ssl->session_negotiate->peer_cert, rs_ctx ); if( ret != 0 ) break; -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ ret = mbedtls_ssl_write_finished( ssl ); break; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 75ec82170..64152814a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8022,7 +8022,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, } -#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) /* mbedtls_ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify * to call it in ssl_cli.c rather than purely internal to ssl_tls.c. */ @@ -8038,7 +8038,7 @@ int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, rs_ctx ) ); } -#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) @@ -8181,13 +8181,13 @@ crt_verify: rs_ctx = &ssl->handshake->ecrs_ctx; #endif -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) if (mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "delay server certificate verification" ) ); } else -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ { ret = ssl_parse_certificate_verify( ssl, authmode, chain, rs_ctx ); diff --git a/library/version_features.c b/library/version_features.c index 0ada3c672..c270c3a63 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -33,9 +33,9 @@ static const char *features[] = { #if defined(MBEDTLS_VERSION_FEATURES) -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) - "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) + "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION", +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 1f8ae210c..4798f7ca7 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -130,13 +130,13 @@ int query_config( const char *config ) { -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) - if( strcmp( "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 ) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) + if( strcmp( "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION ); return( 0 ); } -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ #if defined(MBEDTLS_HAVE_ASM) if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 ) diff --git a/scripts/config.pl b/scripts/config.pl index d2af5a475..6d6a470b9 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -62,7 +62,7 @@ # MBEDTLS_OPTIMIZE_TINYCRYPT_ASM # MBEDTLS_AES_128_BIT_MASKED # MBEDTLS_PLATFORM_FAULT_CALLBACKS -# MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +# MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION # MBEDTLS_SSL_FREE_SERVER_CERTIFICATE # MBEDTLS_SSL_IMMEDIATE_TRANSMISSION # MBEDTLS_SSL_EARLY_KEY_COMPUTATION @@ -154,7 +154,7 @@ MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY MBEDTLS_OPTIMIZE_TINYCRYPT_ASM MBEDTLS_AES_128_BIT_MASKED MBEDTLS_PLATFORM_FAULT_CALLBACKS -MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION MBEDTLS_SSL_FREE_SERVER_CERTIFICATE MBEDTLS_SSL_IMMEDIATE_TRANSMISSION MBEDTLS_SSL_EARLY_KEY_COMPUTATION From 25997053a8201cc6796a7999ca1e5d4d36899e2a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 23 Dec 2020 03:34:24 -0500 Subject: [PATCH 31/32] Introduce FI protection to ssl client handshake step handling Signed-off-by: Andrzej Kurek --- library/ssl_cli.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cc6c86d31..cef58e527 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4261,10 +4261,12 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) } #endif + ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; switch( ssl->state ) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + ret = 0; break; /* @@ -4381,6 +4383,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_FLUSH_BUFFERS: MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + ret = 0; break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: From 5d3d2327ce2e0455518d1b86acdc7d92effb5048 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 23 Dec 2020 03:45:02 -0500 Subject: [PATCH 32/32] Introduce additional fault injection protection to ssl_cli.c Signed-off-by: Andrzej Kurek --- library/ssl_cli.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cef58e527..85473e689 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3599,7 +3599,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, size_t buflen, size_t *olen ) { - int ret; + int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; unsigned char *p, *end; size_t n; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = @@ -4285,8 +4285,10 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) */ case MBEDTLS_SSL_SERVER_HELLO: #if defined(MBEDTLS_SSL_EARLY_KEY_COMPUTATION) && defined(MBEDTLS_USE_TINYCRYPT) + { + volatile uint8_t ecdhe_computed = ssl->handshake->ecdhe_computed; /* Make sure that the ECDHE pre-computation is only done once */ - if( ssl->handshake->ecdhe_computed == 0 ) + if( ecdhe_computed == 0 ) { ret = uECC_make_key( ssl->handshake->ecdh_publickey, ssl->handshake->ecdh_privkey ); if( ret == UECC_FAULT_DETECTED ) @@ -4294,7 +4296,11 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) if( ret != UECC_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); ssl->handshake->ecdhe_computed = 1; + ecdhe_computed = 1; } + if( ecdhe_computed == 0 || ssl->handshake->ecdhe_computed == 0 ) + return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); + } #endif /* MBEDTLS_SSL_EARLY_KEY_COMPUTATION && MBEDTLS_USE_TINYCRYPT */ ret = ssl_parse_server_hello( ssl );