Commit 6934afa2 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard

Merge branch 'profiles' into development

* profiles:
  Update Changelog for the profiles branch
  Add SSL presets.
  Implement sig_hashes
  Create API for mbedtls_ssl_conf_sig_hashes().
  Small internal changes in curve checking
  Extra check in verify_with_profile()
  Clarify a point in the documentation
  Fix define for ssl_conf_curves()
  Add mbedtls_ssl_conf_cert_profile()
  Implement cert profile checking
  Change data structure of profiles to bitfields
  Add pre-defined profiles for cert verification
  Create cert profile API (unimplemented yet)
  Remove duplicated tests for x509_verify_info()
  Add tests for dhm_min_bitlen
  Add dhmlen option in ssl_client2.c
  Add ssl_conf_dhm_min_bitlen()
parents bf27eaac 88d37859
......@@ -9,8 +9,12 @@ Features
ability to override the whole module.
* New server-side implementation of session tickets that rotate keys to
preserve forward secrecy, and allows sharing across multiple contexts.
* Reduced ROM fooprint of SHA-256 and added an option to reduce it even
more (at the expense of performance) MBEDTLS_SHA256_SMALLER.
* Added a concept of X.509 cerificate verification profile that controls
which algorithms and key sizes (curves for ECDSA) are acceptable.
* Expanded configurability of security parameters in the SSL module with
mbedtls_ssl_conf_dhm_min_bitlen() and mbedtls_ssl_conf_sig_hashes().
* Introduced a concept of presets for SSL security-relevant configuration
parameters.
API Changes
* All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace.
......@@ -129,6 +133,8 @@ Default behavior changes
enabled in the default configuration, this is only noticeable if using a
custom config.h
* Default DHM parameters server-side upgraded from 1024 to 2048 bits.
* A minimum RSA key size of 2048 bits is now enforced during ceritificate
chain verification.
* Negotiation of truncated HMAC is now disabled by default on server too.
* The following functions are now case-sensitive:
mbedtls_cipher_info_from_string()
......@@ -157,6 +163,8 @@ API changes from the 1.4 preview branch
Changes
* mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now
thread-safe if MBEDTLS_THREADING_C is enabled.
* Reduced ROM fooprint of SHA-256 and added an option to reduce it even
more (at the expense of performance) MBEDTLS_SHA256_SMALLER.
= mbed TLS 1.3 branch
......
......@@ -585,9 +585,6 @@
#if defined MBEDTLS_SSL_SESSION_TICKETS
#define POLARSSL_SSL_SESSION_TICKETS MBEDTLS_SSL_SESSION_TICKETS
#endif
#if defined MBEDTLS_SSL_SET_CURVES
#define POLARSSL_SSL_SET_CURVES MBEDTLS_SSL_SET_CURVES
#endif
#if defined MBEDTLS_SSL_SRV_C
#define POLARSSL_SSL_SRV_C MBEDTLS_SSL_SRV_C
#endif
......
......@@ -1154,20 +1154,6 @@
*/
#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_SSL_SET_CURVES
*
* Enable mbedtls_ssl_conf_curves().
*
* This is disabled by default since it breaks binary compatibility with the
* 1.3.x line. If you choose to enable it, you will need to rebuild your
* application against the new header files, relinking will not be enough.
* It will be enabled by default, or no longer an option, in the 1.4 branch.
*
* Uncomment to make mbedtls_ssl_conf_curves() available.
*/
//#define MBEDTLS_SSL_SET_CURVES
/**
* \def MBEDTLS_THREADING_ALT
*
......
......@@ -70,6 +70,12 @@
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
#endif
/*
* SSL Error codes
*/
......@@ -190,6 +196,9 @@
#define MBEDTLS_SSL_ARC4_ENABLED 0
#define MBEDTLS_SSL_ARC4_DISABLED 1
#define MBEDTLS_SSL_PRESET_DEFAULT 0
#define MBEDTLS_SSL_PRESET_SUITEB 2
/*
* Default range for DTLS retransmission timer value, in milliseconds.
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
......@@ -529,12 +538,17 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SET_CURVES)
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
const int *sig_hashes; /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
#endif
......@@ -577,6 +591,10 @@ struct mbedtls_ssl_config
unsigned int badmac_limit; /*!< limit of records with a bad MAC */
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
#endif
unsigned char max_major_ver; /*!< max. major version used */
unsigned char max_minor_ver; /*!< max. minor version used */
unsigned char min_major_ver; /*!< min. major version used */
......@@ -1347,6 +1365,15 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
int major, int minor );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Set the X.509 security profile used for verification
*
* \param conf SSL configuration
* \param profile Profile to use
*/
void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
mbedtls_x509_crt_profile *profile );
/**
* \brief Set the data required to verify peer certificate
*
......@@ -1477,7 +1504,20 @@ int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, cons
int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
#if defined(MBEDTLS_SSL_SET_CURVES)
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
/**
* \brief Set the minimum length for Diffie-Hellman parameters.
* (Client-side only.)
* (Default: 1024 bits.)
*
* \param conf SSL configuration
* \param bitlen Minimum bit length of the DHM prime
*/
void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
unsigned int bitlen );
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
/**
* \brief Set the allowed curves in order of preference.
* (Default: all defined curves.)
......@@ -1490,14 +1530,49 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context
* use. The server can override our preference order.
*
* Both sides: limits the set of curves used by peer to the
* listed curves for any use (ECDH(E), certificates).
* listed curves for any use ECDHE and the end-entity
* certificate.
*
* \note This has no influence on which curve are allowed inside the
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
* for that. For example, if the peer's certificate chain is
* EE -> CA_int -> CA_root, then the allowed curves for EE are
* controlled by \c mbedtls_ssl_conf_curves() but for CA_int
* and CA_root it's \c mbedtls_ssl_conf_cert_profile().
*
* \note This list should be ordered by decreasing preference
* (preferred curve first).
*
* \param conf SSL configuration
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
#endif /* MBEDTLS_SSL_SET_CURVES */
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves );
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
* (Default: all available hashes.)
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
* authentication and the TLS PRF are controlled by the
* ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
* used for certificate signature are controlled by the
* verification profile, see \c mbedtls_ssl_conf_cert_profile().
*
* \note This list should be ordered by decreasing preference
* (preferred hash first).
*
* \param conf SSL configuration
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.
*/
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes );
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
......@@ -2093,6 +2168,8 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
* \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
* \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
* \param preset a MBEDTLS_SSL_PRESET_XXX value
* (currently unused).
*
* \note See \c mbedtls_ssl_conf_transport() for notes on DTLS.
*
......@@ -2100,7 +2177,7 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
*/
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
int endpoint, int transport );
int endpoint, int transport, int preset );
/**
* \brief Free an SSL configuration context
......
......@@ -374,9 +374,15 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
#endif
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
unsigned char mbedtls_ssl_hash_from_md_alg( int md );
#if defined(MBEDTLS_SSL_SET_CURVES)
int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
#if defined(MBEDTLS_ECP_C)
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
......
......@@ -97,6 +97,13 @@
#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 /**< The certificate is signed with an unacceptable hash. */
#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
/* \} name */
/* \} addtogroup x509_module */
......
......@@ -94,6 +94,26 @@ typedef struct mbedtls_x509_crt
}
mbedtls_x509_crt;
/**
* Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it.
*/
#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
/**
* Security profile for certificate verification.
*
* All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
*/
typedef struct
{
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
}
mbedtls_x509_crt_profile;
#define MBEDTLS_X509_CRT_VERSION_1 0
#define MBEDTLS_X509_CRT_VERSION_2 1
#define MBEDTLS_X509_CRT_VERSION_3 2
......@@ -120,6 +140,23 @@ typedef struct mbedtls_x509write_cert
mbedtls_x509write_cert;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* Default security profile. Should provide a good balance between security
* and compatibility with current deployments.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
/**
* Expected next default profile. Recommended for new deployments.
* Currently targets a 128-bit security level, except for RSA-2048.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
/**
* NSA Suite B profile.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
/**
* \brief Parse a single DER formatted certificate and add it
* to the chained list.
......@@ -232,6 +269,9 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
* \note In case verification failed, the results can be displayed
* using \c mbedtls_x509_crt_verify_info()
*
* \note Same as \c mbedtls_x509_crt_verify_with_profile() with the
* default security profile.
*
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
......@@ -255,6 +295,41 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
/**
* \brief Verify the certificate signature according to profile
*
* \note Same as \c mbedtls_x509_crt_verify(), but with explicit
* security profile.
*
* \note The restrictions on keys (RSA minimum size, allowed curves
* for ECDSA) only applys to (intermediate) CAs, not to the
* end-entity certificate.
*
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
* \param profile security profile for verification
* \param cn expected Common Name (can be set to
* NULL if the CN must not be verified)
* \param flags result of the verification
* \param f_vrfy verification function
* \param p_vrfy verification parameter
*
* \return 0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
* in which case *flags will have one or more
* MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
* set,
* or another error in case of a fatal error encountered
* during the verification process.
*/
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
/**
* \brief Check usage of certificate against keyUsage extension.
......
......@@ -124,6 +124,8 @@ typedef enum
*
* Curves are listed in order: largest curves first, and for a given size,
* fastest curves first. This provides the default order for the SSL module.
*
* Reminder: update profiles in x509_crt.c when adding a new curves!
*/
static const mbedtls_ecp_curve_info ecp_supported_curves[] =
{
......
......@@ -54,6 +54,9 @@ static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* Reminder: update profiles in x509_crt.c when adding a new hash!
*/
static const int supported_digests[] = {
#if defined(MBEDTLS_SHA512_C)
......
......@@ -156,6 +156,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
{
unsigned char *p = buf;
size_t sig_alg_len = 0;
const int *md;
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
#endif
......@@ -170,55 +171,22 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
/*
* Prepare signature_algorithms extension (TLS 1.2)
*/
#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_SHA512_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA512;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA384;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
#if defined(MBEDTLS_SHA256_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA256;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA224;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
#if defined(MBEDTLS_SHA1_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA1;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
#if defined(MBEDTLS_MD5_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_MD5;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
#endif /* MBEDTLS_RSA_C */
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA512_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA512;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA384;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
#if defined(MBEDTLS_SHA256_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA256;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA224;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
#if defined(MBEDTLS_SHA1_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_SHA1;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
#if defined(MBEDTLS_MD5_C)
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_HASH_MD5;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#if defined(MBEDTLS_RSA_C)
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
#endif /* MBEDTLS_ECDSA_C */
}
/*
* enum {
* none(0), mbedtls_md5(1), mbedtls_sha1(2), sha224(3), mbedtls_sha256(4), sha384(5),
* mbedtls_sha512(6), (255)
* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
* sha512(6), (255)
* } HashAlgorithm;
*
* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
......@@ -255,7 +223,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
#if defined(MBEDTLS_SSL_SET_CURVES)
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *grp_id;
#else
((void) ssl);
......@@ -265,7 +233,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
#if defined(MBEDTLS_SSL_SET_CURVES)
#if defined(MBEDTLS_ECP_C)
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
......@@ -1648,10 +1616,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char *
return( ret );
}
if( ssl->handshake->dhm_ctx.len < 64 ||
ssl->handshake->dhm_ctx.len > 512 )
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (DHM length)" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
ssl->handshake->dhm_ctx.len * 8,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
......@@ -1682,8 +1651,8 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
#if defined(MBEDTLS_SSL_SET_CURVES)
if( ! mbedtls_ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
#if defined(MBEDTLS_ECP_C)
if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
......@@ -1835,9 +1804,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
unsigned char **p,
unsigned char *end,
......@@ -1877,18 +1844,25 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
/*
* Check if the hash is acceptable
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used HashAlgorithm "
"that was not offered" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) );
*p += 2;
return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
......
......@@ -211,7 +211,7 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
*
* So, just look at the HashAlgorithm part.
*/
for( md_cur = mbedtls_md_list(); *md_cur != MBEDTLS_MD_NONE; md_cur++ ) {
for( md_cur = ssl->conf->sig_hashes; *md_cur != MBEDTLS_MD_NONE; md_cur++ ) {
for( p = buf + 2; p < end; p += 2 ) {
if( *md_cur == (int) mbedtls_ssl_md_alg_from_hash( p[0] ) ) {
ssl->handshake->sig_alg = p[0];
......@@ -2641,7 +2641,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info **curve = NULL;
#if defined(MBEDTLS_SSL_SET_CURVES)
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *gid;
/* Match our preference list against the offered curves */
......
This diff is collapsed.
......@@ -385,9 +385,6 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
"MBEDTLS_SSL_TRUNCATED_HMAC",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_SET_CURVES)
"MBEDTLS_SSL_SET_CURVES",
#endif /* MBEDTLS_SSL_SET_CURVES */
#if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */
......
This diff is collapsed.
......@@ -163,7 +163,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
......
......@@ -199,7 +199,8 @@ int main( void )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
......
......@@ -191,7 +191,8 @@ int main( void )
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM) != 0 )
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
{
ret = ssl_config_defaults_failed;
goto exit;
......
......@@ -153,7 +153,8 @@ int main( void )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
......
......@@ -95,6 +95,7 @@ int main( void )
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
#define DFL_RECSPLIT -1
#define DFL_DHMLEN -1
#define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
......@@ -164,6 +165,13 @@ int main( void )
#define USAGE_RECSPLIT
#endif
#if defined(MBEDTLS_DHM_C)
#define USAGE_DHMLEN \
" dhmlen=%%d default: (library default: 1024 bits)\n"
#else
#define USAGE_DHMLEN
#endif
#if defined(MBEDTLS_SSL_ALPN)
#define USAGE_ALPN \
" alpn=%%s default: \"\" (disabled)\n" \
......@@ -246,6 +254,7 @@ int main( void )
USAGE_EMS \
USAGE_ETM \
USAGE_RECSPLIT \
USAGE_DHMLEN \
"\n" \
" arc4=%%d default: (library default: 0)\n" \
" min_version=%%s default: (library default: tls1)\n" \
......@@ -289,6 +298,7 @@ struct options
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */
int recsplit; /* enable record splitting? */
int dhmlen; /* minimum DHM params len in bits */
int reconnect; /* attempt to resume session */
int reco_delay; /* delay in seconds before resuming session */
int tickets; /* enable / disable session tickets */
......@@ -468,6 +478,7 @@ int main( int argc, char *argv[] )
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.recsplit = DFL_RECSPLIT;
opt.dhmlen = DFL_DHMLEN;
opt.reconnect = DFL_RECONNECT;
opt.reco_delay = DFL_RECO_DELAY;
opt.tickets = DFL_TICKETS;
......@@ -758,6 +769,12 @@ int main( int argc, char *argv[] )
if( opt.recsplit < 0 || opt.recsplit > 1 )
goto usage;
}
else if( strcmp( p, "dhmlen" ) == 0 )
{
opt.dhmlen = atoi( q );
if( opt.dhmlen < 0 )
goto usage;
}
else
goto usage;
}
......@@ -1042,7 +1059,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
opt.transport ) ) != 0 )
opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
goto exit;
......@@ -1091,6 +1109,11 @@ int main( int argc, char *argv[] )
: MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
#endif
#if defined(MBEDTLS_DHM_C)
if( opt.dhmlen != DFL_DHMLEN )
mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
......
......@@ -177,7 +177,8 @@ int main( void )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
......
......@@ -587,7 +587,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
......
......@@ -412,7 +412,8 @@ int main( void )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
-ret );
......
......@@ -193,7 +193,8 @@ int main( void )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
......
......@@ -1533,7 +1533,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
opt.transport ) ) != 0 )
opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );