diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 00a8db44e..4cfe1540c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -231,6 +231,8 @@ struct mbedtls_ssl_handshake_params mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ enum { ssl_ecrs_init = 0, /*!< just getting started */ + ssl_ecrs_crt_parsed, /*!< server certificate was parsed */ + ssl_ecrs_crt_verified, /*!< server certificate was verified*/ ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */ ssl_ecrs_ske_verified, /*!< ServerKeyExchange was verified */ ssl_ecrs_ecdh_public_done, /*!< wrote ECDHE public share */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f91e2a885..f3cde7f0a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4518,6 +4518,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #else const int authmode = ssl->conf->authmode; #endif + void *rs_ctx = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); @@ -4545,11 +4546,20 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->state++; return( 0 ); } #endif +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_crt_parsed ) + { + goto crt_verify; + } +#endif + if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) { /* mbedtls_ssl_read_record may have sent an alert already. We @@ -4572,6 +4582,15 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) return( ret ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled) + ssl->handshake->ecrs_state++; + +crt_verify: + if( ssl->handshake->ecrs_enabled) + rs_ctx = &ssl->handshake->ecrs_ctx; +#endif + if( authmode != MBEDTLS_SSL_VERIFY_NONE ) { mbedtls_x509_crt *ca_chain; @@ -4593,19 +4612,24 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) /* * Main check: verify certificate */ - ret = mbedtls_x509_crt_verify_with_profile( + ret = mbedtls_x509_crt_verify_restartable( ssl->session_negotiate->peer_cert, ca_chain, ca_crl, ssl->conf->cert_profile, ssl->hostname, &ssl->session_negotiate->verify_result, - ssl->conf->f_vrfy, ssl->conf->p_vrfy ); + ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + return( ret ); +#endif + /* * Secondary checks: always done, but change 'ret' only if it was 0 */ @@ -4702,6 +4726,11 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_DEBUG_C */ } +#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) + if( ssl->handshake->ecrs_enabled) + ssl->handshake->ecrs_state++; +#endif + ssl->state++; MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2e03758e6..1dea049da 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3450,6 +3450,7 @@ run_test "EC restart: TLS, default" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3461,6 +3462,7 @@ run_test "EC restart: TLS, max_ops=0" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3472,6 +3474,7 @@ run_test "EC restart: TLS, max_ops=65535" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3483,10 +3486,62 @@ run_test "EC restart: TLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ + -c "x509_verify_cert.*4b80" \ -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -c "mbedtls_pk_sign.*4b80" +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000, badsign" \ + "$P_SRV auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000" \ + 1 \ + -c "x509_verify_cert.*4b80" \ + -C "mbedtls_pk_verify.*4b80" \ + -C "mbedtls_ecdh_make_public.*4b80" \ + -C "mbedtls_pk_sign.*4b80" \ + -c "! The certificate is not correctly signed by the trusted CA" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ + "$P_SRV auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=optional" \ + 0 \ + -c "x509_verify_cert.*4b80" \ + -c "mbedtls_pk_verify.*4b80" \ + -c "mbedtls_ecdh_make_public.*4b80" \ + -c "mbedtls_pk_sign.*4b80" \ + -c "! The certificate is not correctly signed by the trusted CA" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ + "$P_SRV auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=none" \ + 0 \ + -C "x509_verify_cert.*4b80" \ + -c "mbedtls_pk_verify.*4b80" \ + -c "mbedtls_ecdh_make_public.*4b80" \ + -c "mbedtls_pk_sign.*4b80" \ + -C "! The certificate is not correctly signed by the trusted CA" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: DTLS, max_ops=1000" \ "$P_SRV auth_mode=required dtls=1" \ @@ -3494,6 +3549,7 @@ run_test "EC restart: DTLS, max_ops=1000" \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ + -c "x509_verify_cert.*4b80" \ -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -c "mbedtls_pk_sign.*4b80" @@ -3504,6 +3560,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ 0 \ + -c "x509_verify_cert.*4b80" \ -c "mbedtls_pk_verify.*4b80" \ -c "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80" @@ -3514,6 +3571,7 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ psk=abc123 debug_level=1 ec_max_ops=1000" \ 0 \ + -C "x509_verify_cert.*4b80" \ -C "mbedtls_pk_verify.*4b80" \ -C "mbedtls_ecdh_make_public.*4b80" \ -C "mbedtls_pk_sign.*4b80"