Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
Unify non-opaque and opaque PSKs
diff --git a/.travis.yml b/.travis.yml
index 82e7d30..67cb3ca 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -54,7 +54,7 @@
env:
global:
- SEED=1
- - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg="
+ - secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4="
install:
- $PYTHON scripts/min_requirements.py
@@ -65,7 +65,7 @@
- gnutls-bin
coverity_scan:
project:
- name: "Mbed-TLS/mbedtls"
+ name: "ARMmbed/mbedtls"
notification_email: support-mbedtls@arm.com
build_command_prepend:
build_command: make
diff --git a/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt b/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt
new file mode 100644
index 0000000..b30f7fa
--- /dev/null
+++ b/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
+ not NULL and val_len is zero.
diff --git a/library/asn1write.c b/library/asn1write.c
index dc61854..2110052 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -472,7 +472,7 @@
cur->val.len = val_len;
}
- if( val != NULL )
+ if( val != NULL && val_len != 0 )
memcpy( cur->val.p, val, val_len );
return( cur );
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 0c32f07..22ca57c 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -308,110 +308,6 @@
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/*
- * Function for writing a signature algorithm extension.
- *
- * The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
- * value (TLS 1.3 RFC8446):
- * enum {
- * ....
- * ecdsa_secp256r1_sha256( 0x0403 ),
- * ecdsa_secp384r1_sha384( 0x0503 ),
- * ecdsa_secp521r1_sha512( 0x0603 ),
- * ....
- * } SignatureScheme;
- *
- * struct {
- * SignatureScheme supported_signature_algorithms<2..2^16-2>;
- * } SignatureSchemeList;
- *
- * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm`
- * value (TLS 1.2 RFC5246):
- * enum {
- * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
- * sha512(6), (255)
- * } HashAlgorithm;
- *
- * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
- * SignatureAlgorithm;
- *
- * struct {
- * HashAlgorithm hash;
- * SignatureAlgorithm signature;
- * } SignatureAndHashAlgorithm;
- *
- * SignatureAndHashAlgorithm
- * supported_signature_algorithms<2..2^16-2>;
- *
- * The TLS 1.3 signature algorithm extension was defined to be a compatible
- * generalization of the TLS 1.2 signature algorithm extension.
- * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by
- * `SignatureScheme` field of TLS 1.3
- *
- */
-static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
- const unsigned char *end, size_t *out_len )
-{
- unsigned char *p = buf;
- unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
- size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
-
- *out_len = 0;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
-
- /* Check if we have space for header and length field:
- * - extension_type (2 bytes)
- * - extension_data_length (2 bytes)
- * - supported_signature_algorithms_length (2 bytes)
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- p += 6;
-
- /*
- * Write supported_signature_algorithms
- */
- supported_sig_alg = p;
- const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
- if( sig_alg == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
- {
- if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
- continue;
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
- p += 2;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
- }
-
- /* Length of supported_signature_algorithms */
- supported_sig_alg_len = p - supported_sig_alg;
- if( supported_sig_alg_len == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /* Write extension_type */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
- /* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
- /* Write length of supported_signature_algorithms */
- MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
-
- /* Output the total length of signature algorithms extension. */
- *out_len = p - buf;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
- return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
static int ssl_write_client_hello_cipher_suites(
mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -721,7 +617,7 @@
#endif
0 )
{
- ret = ssl_write_sig_alg_ext( ssl, p, end, &output_len );
+ ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index b0424bf..c2c3cd2 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2293,4 +2293,7 @@
mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version );
+int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
+ const unsigned char *end, size_t *out_len );
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 99b7d04..ae697b1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8010,4 +8010,104 @@
return( 0 );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * Function for writing a signature algorithm extension.
+ *
+ * The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
+ * value (TLS 1.3 RFC8446):
+ * enum {
+ * ....
+ * ecdsa_secp256r1_sha256( 0x0403 ),
+ * ecdsa_secp384r1_sha384( 0x0503 ),
+ * ecdsa_secp521r1_sha512( 0x0603 ),
+ * ....
+ * } SignatureScheme;
+ *
+ * struct {
+ * SignatureScheme supported_signature_algorithms<2..2^16-2>;
+ * } SignatureSchemeList;
+ *
+ * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm`
+ * value (TLS 1.2 RFC5246):
+ * enum {
+ * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
+ * sha512(6), (255)
+ * } HashAlgorithm;
+ *
+ * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
+ * SignatureAlgorithm;
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * SignatureAndHashAlgorithm
+ * supported_signature_algorithms<2..2^16-2>;
+ *
+ * The TLS 1.3 signature algorithm extension was defined to be a compatible
+ * generalization of the TLS 1.2 signature algorithm extension.
+ * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by
+ * `SignatureScheme` field of TLS 1.3
+ *
+ */
+int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
+ const unsigned char *end, size_t *out_len )
+{
+ unsigned char *p = buf;
+ unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
+ size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
+
+ /* Check if we have space for header and length field:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - supported_signature_algorithms_length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ p += 6;
+
+ /*
+ * Write supported_signature_algorithms
+ */
+ supported_sig_alg = p;
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ {
+ if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
+ continue;
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
+ }
+
+ /* Length of supported_signature_algorithms */
+ supported_sig_alg_len = p - supported_sig_alg;
+ if( supported_sig_alg_len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
+
+ *out_len = p - buf;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index d024abf..59e42c8 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1189,8 +1189,6 @@
static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_ssl_key_set traffic_keys;
- mbedtls_ssl_transform *transform_handshake = NULL;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/* Determine the key exchange mode:
@@ -1234,50 +1232,21 @@
ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_early_data",
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_early",
ret );
goto cleanup;
}
- /* Compute handshake secret */
- ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl );
+ ret = mbedtls_ssl_tls13_compute_handshake_transform( ssl );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_master_secret", ret );
- goto cleanup;
- }
-
- /* Next evolution in key schedule: Establish handshake secret and
- * key material. */
- ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys",
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_tls13_compute_handshake_transform",
ret );
goto cleanup;
}
- transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
- if( transform_handshake == NULL )
- {
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto cleanup;
- }
-
- ret = mbedtls_ssl_tls13_populate_transform( transform_handshake,
- ssl->conf->endpoint,
- ssl->session_negotiate->ciphersuite,
- &traffic_keys,
- ssl );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
- goto cleanup;
- }
-
- handshake->transform_handshake = transform_handshake;
- mbedtls_ssl_set_inbound_transform( ssl, transform_handshake );
-
+ mbedtls_ssl_set_inbound_transform( ssl, handshake->transform_handshake );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
ssl->session_in = ssl->session_negotiate;
@@ -1287,16 +1256,13 @@
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
cleanup:
-
- mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
if( ret != 0 )
{
- mbedtls_free( transform_handshake );
-
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
+
return( ret );
}
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 6559bc9..8ffd9a1 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -27,6 +27,7 @@
#include "mbedtls/hkdf.h"
#include "mbedtls/debug.h"
#include "mbedtls/error.h"
+#include "mbedtls/platform.h"
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
@@ -1506,8 +1507,62 @@
/* randbytes is not used again */
mbedtls_platform_zeroize( ssl->handshake->randbytes,
sizeof( ssl->handshake->randbytes ) );
+
mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
return( ret );
}
+int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_key_set traffic_keys;
+ mbedtls_ssl_transform *transform_handshake = NULL;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /* Compute handshake secret */
+ ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_master_secret", ret );
+ goto cleanup;
+ }
+
+ /* Next evolution in key schedule: Establish handshake secret and
+ * key material. */
+ ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys",
+ ret );
+ goto cleanup;
+ }
+
+ transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
+ if( transform_handshake == NULL )
+ {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto cleanup;
+ }
+
+ ret = mbedtls_ssl_tls13_populate_transform(
+ transform_handshake,
+ ssl->conf->endpoint,
+ ssl->session_negotiate->ciphersuite,
+ &traffic_keys,
+ ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
+ goto cleanup;
+ }
+ handshake->transform_handshake = transform_handshake;
+
+cleanup:
+ mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
+ if( ret != 0 )
+ mbedtls_free( transform_handshake );
+
+ return( ret );
+}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index d56067c..676ebae 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -638,6 +638,17 @@
size_t *actual_len,
int which );
+/**
+ * \brief Compute TLS 1.3 handshake transform
+ *
+ * \param ssl The SSL context to operate on. The early secret must have been
+ * computed.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl );
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index d06b9a8..775443c 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -22,6 +22,8 @@
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "mbedtls/debug.h"
+#include "mbedtls/error.h"
+#include "mbedtls/platform.h"
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
@@ -39,6 +41,10 @@
#define mbedtls_free free
#endif /* MBEDTLS_PLATFORM_C */
+#include "ssl_misc.h"
+#include "ssl_tls13_keys.h"
+#include "ssl_debug_helpers.h"
+
/* From RFC 8446:
* struct {
* ProtocolVersion versions<2..254>;
@@ -1024,6 +1030,26 @@
return( ret );
}
+static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ ret = mbedtls_ssl_tls13_compute_handshake_transform( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_tls13_compute_handshake_transform",
+ ret );
+ return( ret );
+ }
+
+ mbedtls_ssl_set_outbound_transform( ssl,
+ ssl->handshake->transform_handshake );
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "switching to handshake transform for outbound data" ) );
+
+ return( ret );
+}
+
static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1047,7 +1073,10 @@
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_server_hello( ssl ) );
+
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
@@ -1055,6 +1084,199 @@
}
/*
+ * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
+ */
+
+/*
+ * struct {
+ * Extension extensions<0..2 ^ 16 - 1>;
+ * } EncryptedExtensions;
+ *
+ */
+static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf;
+ size_t extensions_len = 0;
+ unsigned char *p_extensions_len;
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ p_extensions_len = p;
+ p += 2;
+
+ ((void) ssl);
+
+ extensions_len = ( p - p_extensions_len ) - 2;
+ MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
+
+ *out_len = p - buf;
+
+ MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len );
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_encrypted_extensions_body(
+ ssl, buf, buf + buf_len, &msg_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+ else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
+#else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+#endif
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extensions" ) );
+ return( ret );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0
+#define SSL_CERTIFICATE_REQUEST_SKIP 1
+/* Coordination:
+ * Check whether a CertificateRequest message should be written.
+ * Returns a negative code on failure, or
+ * - SSL_CERTIFICATE_REQUEST_SEND_REQUEST
+ * - SSL_CERTIFICATE_REQUEST_SKIP
+ * indicating if the writing of the CertificateRequest
+ * should be skipped or not.
+ */
+static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
+{
+ int authmode;
+
+ authmode = ssl->conf->authmode;
+
+ if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+ return( SSL_CERTIFICATE_REQUEST_SKIP );
+
+ return( SSL_CERTIFICATE_REQUEST_SEND_REQUEST );
+}
+
+/*
+ * struct {
+ * opaque certificate_request_context<0..2^8-1>;
+ * Extension extensions<2..2^16-1>;
+ * } CertificateRequest;
+ *
+ */
+static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ size_t output_len = 0;
+ unsigned char *p_extensions_len;
+
+ *out_len = 0;
+
+ /* Check if we have enough space:
+ * - certificate_request_context (1 byte)
+ * - extensions length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
+
+ /*
+ * Write certificate_request_context
+ */
+ /*
+ * We use a zero length context for the normal handshake
+ * messages. For post-authentication handshake messages
+ * this request context would be set to a non-zero value.
+ */
+ *p++ = 0x0;
+
+ /*
+ * Write extensions
+ */
+ /* The extensions must contain the signature_algorithms. */
+ p_extensions_len = p;
+ p += 2;
+ ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+
+ p += output_len;
+ MBEDTLS_PUT_UINT16_BE( p - p_extensions_len - 2, p_extensions_len, 0 );
+
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+
+ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
+
+ if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
+ {
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
+ ssl, buf, buf + buf_len, &msg_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
+ }
+ else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+ ret = 0;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
+ return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+/*
* TLS 1.3 State Machine -- server side
*/
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
@@ -1089,6 +1311,21 @@
ret = ssl_tls13_write_server_hello( ssl );
break;
+ case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
+ ret = ssl_tls13_write_encrypted_extensions( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_encrypted_extensions", ret );
+ return( ret );
+ }
+ break;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+ ret = ssl_tls13_write_certificate_request( ssl );
+ break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 64d1aac..754d669 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -11205,6 +11205,25 @@
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_openssl_tls1_3
+run_test "TLS 1.3: Server side check - openssl with client authentication" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "=> write certificate request" \
-s "SSL - The requested feature is not available" \
-s "=> parse client hello" \
-s "<= parse client hello"
@@ -11221,6 +11240,26 @@
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3: Server side check - gnutls with client authentication" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$G_NEXT_CLI localhost -d 4 --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "=> write certificate request" \
-s "SSL - The requested feature is not available" \
-s "=> parse client hello" \
-s "<= parse client hello"
@@ -11236,7 +11275,26 @@
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
- -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "=> write certificate request" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Server side check - mbedtls with client authentication" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
-s "SSL - The requested feature is not available" \
-s "=> parse client hello" \
-s "<= parse client hello"
diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data
index 7f5f536..f844d48 100644
--- a/tests/suites/test_suite_asn1write.data
+++ b/tests/suites/test_suite_asn1write.data
@@ -374,10 +374,13 @@
store_named_data_val_found:4:9
Store named data: new, val_len=0
-store_named_data_val_new:0
+store_named_data_val_new:0:1
+
+Stored named data: new, val_len=0, val=NULL
+store_named_data_val_new:0:0
Store named data: new, val_len=4
-store_named_data_val_new:4
+store_named_data_val_new:4:1
Store named data: new, val_len=4, val=NULL
-store_named_data_val_new:-4
+store_named_data_val_new:4:0
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index 103a024..8d5579d 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -431,7 +431,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void store_named_data_val_new( int new_len )
+void store_named_data_val_new( int new_len, int set_new_val )
{
mbedtls_asn1_named_data *head = NULL;
mbedtls_asn1_named_data *found = NULL;
@@ -439,10 +439,8 @@
size_t oid_len = strlen( (const char *) oid );
const unsigned char *new_val = (unsigned char *) "new value";
- if( new_len <= 0 )
+ if( set_new_val == 0 )
new_val = NULL;
- if( new_len < 0 )
- new_len = - new_len;
found = mbedtls_asn1_store_named_data( &head,
(const char *) oid, oid_len,