From 7f376f4ece7a3e71a51c91f094fe99981ca6f46f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Jun 2019 16:20:48 +0100 Subject: [PATCH 01/10] Allow compile-time configuration of DTLS anti replay Introduce MBEDTLS_SSL_CONF_ANTI_REPLAY to allow configuring the use/nonuse of DTLS anti replay protection at compile-time. Impact on code-size, measured with > ./scripts/baremetal.sh --rom --gcc --armc5 --armc6 | | GCC | ARMC5 | ARMC6 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23559 | 24089 | 27921 | | `libmbedtls.a` after | 23511 | 24049 | 27903 | | gain in Bytes | 48 | 40 | 18 | --- configs/baremetal.h | 1 + include/mbedtls/config.h | 3 +++ include/mbedtls/ssl.h | 16 ++++++++++++---- include/mbedtls/ssl_internal.h | 17 +++++++++++++++++ library/ssl_tls.c | 20 ++++++++++++++------ programs/ssl/query_config.c | 8 ++++++++ programs/ssl/ssl_server2.c | 8 ++++++-- tests/ssl-opt.sh | 7 ++++++- 8 files changed, 67 insertions(+), 13 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 330b513fc..2a3e39af7 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,6 +80,7 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ +#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED #define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET \ MBEDTLS_SSL_EXTENDED_MS_ENABLED #define MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET \ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2116521dc..1ff34dc47 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3450,6 +3450,9 @@ * \{ */ +/* DTLS Anti replay */ +//#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED + /* ExtendedMasterSecret extension * The following two options must be set/unset simultaneously. */ //#define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MS_ENABLED diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b51708970..fbc61099f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1070,8 +1070,10 @@ struct mbedtls_ssl_config #endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */ #endif #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) unsigned int anti_replay : 1; /*!< detect and prevent replay? */ -#endif +#endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */ +#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */ #endif @@ -2016,14 +2018,16 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ + !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) /** * \brief Enable or disable anti-replay protection for DTLS. * (DTLS only, no effect on TLS.) * Default: enabled. * * \param conf SSL configuration - * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. + * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or + * MBEDTLS_SSL_ANTI_REPLAY_DISABLED. * * \warning Disabling this is a security risk unless the application * protocol handles duplicated packets in a safe way. You @@ -2031,9 +2035,13 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, * However, if your application already detects duplicated * packets and needs information about them to adjust its * transmission strategy, then you'll want to disable this. + * + * \note On constrained systems, this option can also be + * fixed at compile-time by defining the constant + * MBEDTLS_SSL_CONF_ANTI_REPLAY. */ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ +#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY && !MBEDTLS_SSL_CONF_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 7009c4f8b..092819e31 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,23 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) +static inline unsigned int mbedtls_ssl_conf_get_anti_replay( + mbedtls_ssl_config const *conf ) +{ + return( conf->anti_replay ); +} +#else /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */ +static inline unsigned int mbedtls_ssl_conf_get_anti_replay( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_ANTI_REPLAY ); +} +#endif /* MBEDTLS_SSL_CONF_ANTI_REPLAY */ +#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ + #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) static inline unsigned int mbedtls_ssl_conf_get_ems( mbedtls_ssl_config const *conf ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fff20ff1b..c70bc21eb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4322,8 +4322,11 @@ int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ) uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); uint64_t bit; - if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) + if( mbedtls_ssl_conf_get_anti_replay( ssl->conf ) == + MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) + { return( 0 ); + } if( rec_seqnum > ssl->in_window_top ) return( 0 ); @@ -4346,8 +4349,11 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) { uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); - if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) + if( mbedtls_ssl_conf_get_anti_replay( ssl->conf ) == + MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) + { return; + } if( rec_seqnum > ssl->in_window_top ) { @@ -8054,12 +8060,13 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) conf->transport = transport; } -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ + !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) { - conf->anti_replay = mode; + conf->anti_replay = mode; } -#endif +#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY && !MBEDTLS_SSL_CONF_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) @@ -10738,7 +10745,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->f_cookie_check = ssl_cookie_check_dummy; #endif -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ + !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; #endif diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index d45a6634f..35b3fe932 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2578,6 +2578,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) + if( strcmp( "MBEDTLS_SSL_CONF_ANTI_REPLAY", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_ANTI_REPLAY ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_ANTI_REPLAY */ + #if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5d751b6a7..b76473f01 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -317,7 +317,8 @@ int main( void ) #define USAGE_COOKIES "" #endif -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ + !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) #define USAGE_ANTI_REPLAY \ " anti_replay=0/1 default: (library default: enabled)\n" #else @@ -1889,12 +1890,14 @@ int main( int argc, char *argv[] ) if( opt.cookies < -1 || opt.cookies > 1) goto usage; } +#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) else if( strcmp( p, "anti_replay" ) == 0 ) { opt.anti_replay = atoi( q ); if( opt.anti_replay < 0 || opt.anti_replay > 1) goto usage; } +#endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */ else if( strcmp( p, "badmac_limit" ) == 0 ) { opt.badmac_limit = atoi( q ); @@ -2580,7 +2583,8 @@ int main( int argc, char *argv[] ) ; /* Nothing to do */ } -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ + !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) if( opt.anti_replay != DFL_ANTI_REPLAY ) mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay ); #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7bcba2438..6d71120dc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -544,6 +544,11 @@ check_cmdline_compat() { "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET" check_cmdline_param_compat "enforce_extended_master_secret" \ "MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET" + + # DTLS anti replay protection configuration + check_cmdline_param_compat "anti_replay" \ + "MBEDTLS_SSL_CONF_ANTI_REPLAY" + } # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] @@ -7669,7 +7674,7 @@ run_test "DTLS proxy: reference" \ not_with_valgrind # spurious resend due to timeout run_test "DTLS proxy: duplicate every packet" \ -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ + "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=1" \ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 0 \ -c "replayed record" \ From de67154658677b32d41ffdbf60c1bd1cd3b782cb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Jun 2019 16:30:46 +0100 Subject: [PATCH 02/10] Allow compile-time configuration of DTLS badmac limit Introduces MBEDTLS_SSL_CONF_BADMAC_LIMIT to fix the maximum number of records with bad MAC tolerated in DTLS at compile-time. Impact on code-size: | | GCC | ARMC5 | ARMC6 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23511 | 24049 | 27903 | | `libmbedtls.a` after | 23487 | 24025 | 27885 | | gain in Bytes | 24 | 24 | 18 | --- configs/baremetal.h | 1 + include/mbedtls/config.h | 3 ++- include/mbedtls/ssl.h | 11 +++++++++-- include/mbedtls/ssl_internal.h | 17 +++++++++++++++++ library/ssl_tls.c | 12 +++++++----- programs/ssl/query_config.c | 8 ++++++++ programs/ssl/ssl_server2.c | 8 ++++++-- tests/ssl-opt.sh | 3 +++ 8 files changed, 53 insertions(+), 10 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 2a3e39af7..bacc9d167 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,6 +80,7 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ +#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 #define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED #define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET \ MBEDTLS_SSL_EXTENDED_MS_ENABLED diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1ff34dc47..ee292c532 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3450,8 +3450,9 @@ * \{ */ -/* DTLS Anti replay */ +/* DTLS-specific settings */ //#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED +//#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 /* ExtendedMasterSecret extension * The following two options must be set/unset simultaneously. */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fbc61099f..dd546b8a2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1029,7 +1029,9 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) +#if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) unsigned int badmac_limit; /*!< limit of records with a bad MAC */ +#endif /* !MBEDTLS_SSL_CONF_BADMAC_LIMIT */ #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) @@ -2043,7 +2045,8 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY && !MBEDTLS_SSL_CONF_ANTI_REPLAY */ -#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) +#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ + !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) /** * \brief Set a limit on the number of records with a bad MAC * before terminating the connection. @@ -2066,9 +2069,13 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); * connection. On the other hand, a high limit or no limit * might make us waste resources checking authentication on * many bogus packets. + * + * \note On constrained systems, this option can also be + * fixed at compile-time by defining the constant + * MBEDTLS_SSL_CONF_BADMAC_LIMIT. */ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); -#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ +#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT && !MBEDTLS_SSL_CONF_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 092819e31..49c60506c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,23 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) +#if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) +static inline unsigned int mbedtls_ssl_conf_get_badmac_limit( + mbedtls_ssl_config const *conf ) +{ + return( conf->badmac_limit ); +} +#else /* !MBEDTLS_SSL_CONF_BADMAC_LIMIT */ +static inline unsigned int mbedtls_ssl_conf_get_badmac_limit( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_BADMAC_LIMIT ); +} +#endif /* MBEDTLS_SSL_CONF_BADMAC_LIMIT */ +#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ + #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) static inline unsigned int mbedtls_ssl_conf_get_anti_replay( diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c70bc21eb..a79ce8d78 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5780,8 +5780,8 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - if( ssl->conf->badmac_limit != 0 && - ++ssl->badmac_seen >= ssl->conf->badmac_limit ) + if( mbedtls_ssl_conf_get_badmac_limit( ssl->conf ) != 0 && + ++ssl->badmac_seen >= mbedtls_ssl_conf_get_badmac_limit( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); @@ -8068,12 +8068,14 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) } #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY && !MBEDTLS_SSL_CONF_ANTI_REPLAY */ -#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) -void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) +#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ + !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) +void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, + unsigned limit ) { conf->badmac_limit = limit; } -#endif +#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT && !MBEDTLS_SSL_CONF_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 35b3fe932..2a7ca130d 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2586,6 +2586,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_ANTI_REPLAY */ +#if defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) + if( strcmp( "MBEDTLS_SSL_CONF_BADMAC_LIMIT", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_BADMAC_LIMIT ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_BADMAC_LIMIT */ + #if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b76473f01..3fcc120d2 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -325,7 +325,8 @@ int main( void ) #define USAGE_ANTI_REPLAY "" #endif -#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) +#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ + !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) #define USAGE_BADMAC_LIMIT \ " badmac_limit=%%d default: (library default: disabled)\n" #else @@ -1898,12 +1899,14 @@ int main( int argc, char *argv[] ) goto usage; } #endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */ +#if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) else if( strcmp( p, "badmac_limit" ) == 0 ) { opt.badmac_limit = atoi( q ); if( opt.badmac_limit < 0 ) goto usage; } +#endif /* !MBEDTLS_SSL_CONF_BADMAC_LIMIT */ else if( strcmp( p, "hs_timeout" ) == 0 ) { if( ( p = strchr( q, '-' ) ) == NULL ) @@ -2589,7 +2592,8 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay ); #endif -#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) +#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ + !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) if( opt.badmac_limit != DFL_BADMAC_LIMIT ) mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit ); #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6d71120dc..87c1d24be 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -549,6 +549,9 @@ check_cmdline_compat() { check_cmdline_param_compat "anti_replay" \ "MBEDTLS_SSL_CONF_ANTI_REPLAY" + # DTLS bad MAC limit + check_cmdline_param_compat "badmac_limit" \ + "MBEDTLS_SSL_CONF_BADMAC_LIMIT" } # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] From acd4fc0ac941db79a9ba6e50f8f6f58d02865d4c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Jun 2019 16:40:50 +0100 Subject: [PATCH 03/10] Allow compile-time configuration of authentication mode Introduces MBEDTLS_SSL_CONF_AUTHMODE to fix the authentication mode (none, optional, mandatory) at compile-time. Impact on code-size: | | GCC | ARMC5 | ARMC6 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23487 | 24025 | 27885 | | `libmbedtls.a` after | 23379 | 23929 | 27727 | | gain in Bytes | 108 | 96 | 157 | --- configs/baremetal.h | 1 + include/mbedtls/config.h | 2 ++ include/mbedtls/ssl.h | 2 ++ include/mbedtls/ssl_internal.h | 15 +++++++++++++++ library/ssl_srv.c | 2 +- library/ssl_tls.c | 13 ++++++++++--- programs/ssl/query_config.c | 8 ++++++++ programs/ssl/ssl_client2.c | 13 +++++++++++-- programs/ssl/ssl_server2.c | 17 +++++++++++++++-- tests/ssl-opt.sh | 17 +++++++++++++++++ 10 files changed, 82 insertions(+), 8 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index bacc9d167..fad39927d 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,6 +80,7 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ +#define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED #define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 #define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED #define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET \ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ee292c532..3381b7990 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3450,6 +3450,8 @@ * \{ */ +//#define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED + /* DTLS-specific settings */ //#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED //#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index dd546b8a2..492a3243d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1049,7 +1049,9 @@ struct mbedtls_ssl_config unsigned int endpoint : 1; /*!< 0: client, 1: server */ unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */ +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ +#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */ /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */ #if defined(MBEDTLS_ARC4_C) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 49c60506c..378db24d8 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,21 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) +static inline int mbedtls_ssl_conf_get_authmode( + mbedtls_ssl_config const *conf ) +{ + return( conf->authmode ); +} +#else /* !MBEDTLS_SSL_CONF_AUTHMODE */ +static inline int mbedtls_ssl_conf_get_authmode( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_AUTHMODE ); +} +#endif /* MBEDTLS_SSL_CONF_AUTHMODE */ + #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) #if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT) static inline unsigned int mbedtls_ssl_conf_get_badmac_limit( diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ecde1b0b5..9cc8be725 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2848,7 +2848,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) authmode = ssl->handshake->sni_authmode; else #endif - authmode = ssl->conf->authmode; + authmode = mbedtls_ssl_conf_get_authmode( ssl->conf ); if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) || authmode == MBEDTLS_SSL_VERIFY_NONE ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a79ce8d78..0c05b50ab 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6664,9 +6664,9 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ? ssl->handshake->sni_authmode - : ssl->conf->authmode; + : mbedtls_ssl_conf_get_authmode( ssl->conf ); #else - const int authmode = ssl->conf->authmode; + const int authmode = mbedtls_ssl_conf_get_authmode( ssl->conf ); #endif void *rs_ctx = NULL; mbedtls_x509_crt *chain = NULL; @@ -8095,7 +8095,12 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) { - conf->authmode = authmode; +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) + conf->authmode = authmode; +#else + ((void) conf); + ((void) authmode); +#endif /* MBEDTLS_SSL_CONF_AUTHMODE */ } #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -10713,7 +10718,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_CLI_C) if( endpoint == MBEDTLS_SSL_IS_CLIENT ) { +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; +#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; #endif diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 2a7ca130d..2557675bc 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2578,6 +2578,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_SSL_CONF_AUTHMODE) + if( strcmp( "MBEDTLS_SSL_CONF_AUTHMODE", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_AUTHMODE ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_AUTHMODE */ + #if defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) if( strcmp( "MBEDTLS_SSL_CONF_ANTI_REPLAY", config ) == 0 ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 982857659..dc5542e19 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -293,6 +293,14 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) +#define USAGE_AUTH_MODE \ + " auth_mode=%%s default: (library default: none)\n" \ + " options: none, optional, required\n" +#else +#define USAGE_AUTH_MODE "" +#endif + #define USAGE \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -317,8 +325,7 @@ int main( void ) USAGE_DTLS \ USAGE_CID \ "\n" \ - " auth_mode=%%s default: (library default: none)\n" \ - " options: none, optional, required\n" \ + USAGE_AUTH_MODE \ USAGE_IO \ "\n" \ USAGE_PSK \ @@ -1175,6 +1182,7 @@ int main( int argc, char *argv[] ) else goto usage; } +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) else if( strcmp( p, "auth_mode" ) == 0 ) { if( strcmp( q, "none" ) == 0 ) @@ -1186,6 +1194,7 @@ int main( int argc, char *argv[] ) else goto usage; } +#endif else if( strcmp( p, "max_frag_len" ) == 0 ) { if( strcmp( q, "512" ) == 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3fcc120d2..89bd4f4c0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -400,6 +400,14 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) +#define USAGE_AUTH_MODE \ + " auth_mode=%%s default: (library default: none)\n" \ + " options: none, optional, required\n" +#else +#define USAGE_AUTH_MODE "" +#endif + #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -422,8 +430,7 @@ int main( void ) USAGE_ANTI_REPLAY \ USAGE_BADMAC_LIMIT \ "\n" \ - " auth_mode=%%s default: (library default: none)\n" \ - " options: none, optional, required\n" \ + USAGE_AUTH_MODE \ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ " options: 1 (send ca list), 0 (don't send)\n" \ USAGE_IO \ @@ -619,6 +626,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len ) return( ret ); } +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) /* * Return authmode from string, or -1 on error */ @@ -633,6 +641,7 @@ static int get_auth_mode( const char *s ) return( -1 ); } +#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */ /* * Used by sni_parse and psk_parse to handle coma-separated lists @@ -1787,11 +1796,13 @@ int main( int argc, char *argv[] ) else goto usage; } +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) else if( strcmp( p, "auth_mode" ) == 0 ) { if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 ) goto usage; } +#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */ else if( strcmp( p, "cert_req_ca_list" ) == 0 ) { opt.cert_req_ca_list = atoi( q ); @@ -2445,8 +2456,10 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if !defined(MBEDTLS_SSL_CONF_AUTHMODE) if( opt.auth_mode != DFL_AUTH_MODE ) mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); +#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */ if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST ) mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 87c1d24be..4c3fc151e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -529,6 +529,20 @@ check_cmdline_param_compat() { fi } +check_cmdline_authmode_compat() { + __VAL="$( get_config_value_or_default "MBEDTLS_SSL_CONF_AUTHMODE" )" + if [ ! -z "$__VAL" ]; then + extract_cmdline_argument "auth_mode" + if [ "$__ARG" = "none" ] && [ "$__VAL" != "0" ]; then + SKIP_NEXT="YES"; + elif [ "$__ARG" = "optional" ] && [ "$__VAL" != "1" ]; then + SKIP_NEXT="YES" + elif [ "$__ARG" = "required" ] && [ "$__VAL" != "2" ]; then + SKIP_NEXT="YES" + fi + fi +} + # Go through all options that can be hardcoded at compile-time and # detect whether the command line configures them in a conflicting # way. If so, skip the test. Otherwise, remove the corresponding @@ -552,6 +566,9 @@ check_cmdline_compat() { # DTLS bad MAC limit check_cmdline_param_compat "badmac_limit" \ "MBEDTLS_SSL_CONF_BADMAC_LIMIT" + + # Authentication mode + check_cmdline_authmode_compat } # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] From b0b2b675681d94d70d0afe2ebb030df74be92c90 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Jun 2019 16:58:10 +0100 Subject: [PATCH 04/10] Allow compile-time configuration of legacy renegotiation Introduces MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION allowing to configure enforcing secure renegotiation at compile-time. Impact on code-size: | | GCC | ARMC5 | ARMC6 | | --- | --- | --- | --- | | `libmbedtls.a` after | 23379 | 23929 | 27727 | | `libmbedtls.a` before | 23307 | 23865 | 27615 | | gain in Bytes | 72 | 64 | 112 | --- configs/baremetal.h | 2 ++ include/mbedtls/config.h | 2 ++ include/mbedtls/ssl.h | 9 +++++++++ include/mbedtls/ssl_internal.h | 15 +++++++++++++++ library/ssl_cli.c | 6 ++++-- library/ssl_srv.c | 9 ++++++--- library/ssl_tls.c | 4 +++- programs/ssl/query_config.c | 8 ++++++++ programs/ssl/ssl_client2.c | 12 +++++++++++- programs/ssl/ssl_server2.c | 13 ++++++++++++- tests/ssl-opt.sh | 17 +++++++++++++++++ 11 files changed, 89 insertions(+), 8 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index fad39927d..a836d4a7f 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,6 +80,8 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ +#define MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION \ + MBEDTLS_SSL_SECURE_RENEGOTIATION #define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED #define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 #define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3381b7990..d45d887b3 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3450,6 +3450,8 @@ * \{ */ +//#define MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION + //#define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED /* DTLS-specific settings */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 492a3243d..d783d073e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1052,8 +1052,10 @@ struct mbedtls_ssl_config #if !defined(MBEDTLS_SSL_CONF_AUTHMODE) unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ #endif /* !MBEDTLS_SSL_CONF_AUTHMODE */ +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */ +#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ #if defined(MBEDTLS_ARC4_C) unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites? */ #endif @@ -3047,6 +3049,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) /** * \brief Prevent or allow legacy renegotiation. * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) @@ -3073,8 +3076,14 @@ void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, * SSL_ALLOW_LEGACY_RENEGOTIATION or * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) + * + * + * \note On constrained systems, this option can also be + * fixed at compile-time by defining the constant + * MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION. */ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ); +#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 378db24d8..20d2006d8 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,21 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) +static inline unsigned int mbedtls_ssl_conf_get_allow_legacy_renegotiation( + mbedtls_ssl_config const *conf ) +{ + return( conf->allow_legacy_renegotiation ); +} +#else /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ +static inline unsigned int mbedtls_ssl_conf_get_allow_legacy_renegotiation( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION ); +} +#endif /* MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ + #if !defined(MBEDTLS_SSL_CONF_AUTHMODE) static inline int mbedtls_ssl_conf_get_authmode( mbedtls_ssl_config const *conf ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 17611d6fc..92c7c7344 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2059,7 +2059,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * Renegotiation security checks */ if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) + mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) == + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); handshake_failure = 1; @@ -2074,7 +2075,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) + mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); handshake_failure = 1; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9cc8be725..0009f8bed 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1227,7 +1227,8 @@ have_ciphersuite_v2: * SSLv2 Client Hello relevant renegotiation security checks */ if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) + mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) == + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -2004,7 +2005,8 @@ read_record_header: * Renegotiation security checks */ if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) + mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) == + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); handshake_failure = 1; @@ -2019,7 +2021,8 @@ read_record_header: } else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) + mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) + == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); handshake_failure = 1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c05b50ab..65cdd49d8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8675,10 +8675,12 @@ void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split } #endif +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) { conf->allow_legacy_renegotiation = allow_legacy; } +#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) @@ -9999,7 +10001,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* Determine whether renegotiation attempt should be accepted */ if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == + mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) ) { /* diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 2557675bc..2871fd746 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2578,6 +2578,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) + if( strcmp( "MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ + #if defined(MBEDTLS_SSL_CONF_AUTHMODE) if( strcmp( "MBEDTLS_SSL_CONF_AUTHMODE", config ) == 0 ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index dc5542e19..879fcf469 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -301,6 +301,12 @@ int main( void ) #define USAGE_AUTH_MODE "" #endif +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) +#define USAGE_ALLOW_LEGACY_RENEGO " allow_legacy=%%d default: (library default: no)\n" +#else +#define USAGE_ALLOW_LEGACY_RENEGO "" +#endif + #define USAGE \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -332,7 +338,7 @@ int main( void ) USAGE_ECJPAKE \ USAGE_ECRESTART \ "\n" \ - " allow_legacy=%%d default: (library default: no)\n" \ + USAGE_ALLOW_LEGACY_RENEGO \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ " reconnect=%%d number of reconnections using session resumption\n" \ @@ -987,6 +993,7 @@ int main( int argc, char *argv[] ) MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED; } +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) else if( strcmp( p, "allow_legacy" ) == 0 ) { switch( atoi( q ) ) @@ -1003,6 +1010,7 @@ int main( int argc, char *argv[] ) default: goto usage; } } +#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ else if( strcmp( p, "renegotiate" ) == 0 ) { opt.renegotiate = atoi( q ); @@ -1771,8 +1779,10 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 ); #endif +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) if( opt.allow_legacy != DFL_ALLOW_LEGACY ) mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); +#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation ); #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 89bd4f4c0..2196dd1e3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -408,6 +408,13 @@ int main( void ) #define USAGE_AUTH_MODE "" #endif +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) +#define USAGE_ALLOW_LEGACY_RENEGO \ + " allow_legacy=%%d default: (library default: no)\n" +#else +#define USAGE_ALLOW_LEGACY_RENEGO "" +#endif + #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -440,7 +447,7 @@ int main( void ) USAGE_PSK \ USAGE_ECJPAKE \ "\n" \ - " allow_legacy=%%d default: (library default: no)\n" \ + USAGE_ALLOW_LEGACY_RENEGO \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ "\n" \ @@ -1668,6 +1675,7 @@ int main( int argc, char *argv[] ) MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED; } +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) else if( strcmp( p, "allow_legacy" ) == 0 ) { switch( atoi( q ) ) @@ -1684,6 +1692,7 @@ int main( int argc, char *argv[] ) default: goto usage; } } +#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ else if( strcmp( p, "renegotiate" ) == 0 ) { opt.renegotiate = atoi( q ); @@ -2637,8 +2646,10 @@ int main( int argc, char *argv[] ) MBEDTLS_SSL_MINOR_VERSION_3 ); } +#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) if( opt.allow_legacy != DFL_ALLOW_LEGACY ) mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); +#endif #if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4c3fc151e..c5ff97e29 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -543,6 +543,20 @@ check_cmdline_authmode_compat() { fi } +check_cmdline_legacy_renego_compat() { + __VAL="$( get_config_value_or_default "MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION" )" + if [ ! -z "$__VAL" ]; then + extract_cmdline_argument "allow_legacy" + if [ "$__ARG" = "-1" ] && [ "$__VAL" != "2" ]; then + SKIP_NEXT="YES"; + elif [ "$__ARG" = "0" ] && [ "$__VAL" != "0" ]; then + SKIP_NEXT="YES" + elif [ "$__ARG" = "1" ] && [ "$__VAL" != "1" ]; then + SKIP_NEXT="YES" + fi + fi +} + # Go through all options that can be hardcoded at compile-time and # detect whether the command line configures them in a conflicting # way. If so, skip the test. Otherwise, remove the corresponding @@ -569,6 +583,9 @@ check_cmdline_compat() { # Authentication mode check_cmdline_authmode_compat + + # Legacy renegotiation + check_cmdline_legacy_renego_compat } # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] From e0200dad634d4ce61d2c835fa620ddb55b821101 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Jun 2019 09:23:43 +0100 Subject: [PATCH 05/10] Allow configuration of ConnectionID at compile-time Introduces - MBEDTLS_SSL_CONF_CID_LEN and - MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID to control - the length of incoming CIDs - the behaviour in receipt of unexpected CIDs at compile-time. Impact on code-size: | | GCC 82.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23223 | 23865 | 26775 | | `libmbedtls.a` after | 23147 | 23781 | 26703 | | gain in Bytes | 76 | 84 | 72 | --- configs/baremetal.h | 2 ++ include/mbedtls/check_config.h | 7 +++++++ include/mbedtls/config.h | 2 ++ include/mbedtls/ssl.h | 16 ++++++++++++++-- include/mbedtls/ssl_internal.h | 32 ++++++++++++++++++++++++++++++++ library/ssl_tls.c | 30 ++++++++++++++++++++++++------ programs/ssl/query_config.c | 16 ++++++++++++++++ programs/ssl/ssl_client2.c | 8 ++++++-- programs/ssl/ssl_server2.c | 8 ++++++-- 9 files changed, 109 insertions(+), 12 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index a836d4a7f..c6ba057aa 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,6 +80,8 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ +#define MBEDTLS_SSL_CONF_CID_LEN 0 +#define MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID MBEDTLS_SSL_UNEXPECTED_CID_IGNORE #define MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION \ MBEDTLS_SSL_SECURE_RENEGOTIATION #define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 88f47011b..a03812159 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -631,6 +631,13 @@ #error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" #endif +#if ( defined(MBEDTLS_SSL_CONF_CID_LEN) && \ + !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) ) || \ + ( !defined(MBEDTLS_SSL_CONF_CID_LEN) && \ + defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) ) +#error "MBEDTLS_SSL_CONF_CID_LEN and MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID must be defined simultaneously" +#endif + #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) #error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d45d887b3..5af2e79d1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3457,6 +3457,8 @@ /* DTLS-specific settings */ //#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED //#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 +//#define MBEDTLS_SSL_CONF_CID_LEN 0 +//#define MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID MBEDTLS_SSL_UNEXPECTED_CID_IGNORE /* ExtendedMasterSecret extension * The following two options must be set/unset simultaneously. */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d783d073e..e68eb1c9d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -957,7 +957,9 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +#if !defined(MBEDTLS_SSL_CONF_CID_LEN) size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */ +#endif /* !MBEDTLS_SSL_CONF_CID_LEN */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1100,9 +1102,11 @@ struct mbedtls_ssl_config Certificate Request messages? */ #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +#if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS * record with unexpected CID * should lead to failure. */ +#endif /* !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ }; @@ -2312,9 +2316,11 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 #define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ + !defined(MBEDTLS_SSL_CONF_CID_LEN) && \ + !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) /** * \brief Specify the length of Connection IDs for incoming * encrypted DTLS records, as well as the behaviour @@ -2343,13 +2349,19 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, * same SSL configuration; this allows simpler parsing of * record headers. * + * \note On constrained systems, this configuration can also be + * fixed at compile-time via MBEDTLS_SSL_CONF_CID_LEN and + * MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID. + * * \return \c 0 on success. * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len * is too large. */ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, int ignore_other_cids ); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID && + !MBEDTLS_SSL_CONF_CID_LEN && + !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ /** * \brief Set the list of allowed ciphersuites and the diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 20d2006d8..57fe486e0 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,38 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +#if !defined(MBEDTLS_SSL_CONF_CID_LEN) +static inline size_t mbedtls_ssl_conf_get_cid_len( + mbedtls_ssl_config const *conf ) +{ + return( conf->cid_len ); +} +#else /* !MBEDTLS_SSL_CONF_CID_LEN */ +static inline size_t mbedtls_ssl_conf_get_cid_len( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_CID_LEN ); +} +#endif /* MBEDTLS_SSL_CONF_CID_LEN */ + +#if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) +static inline unsigned int mbedtls_ssl_conf_get_ignore_unexpected_cid( + mbedtls_ssl_config const *conf ) +{ + return( conf->ignore_unexpected_cid ); +} +#else /* !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ +static inline unsigned int mbedtls_ssl_conf_get_ignore_unexpected_cid( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID ); +} +#endif /* MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + #if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) static inline unsigned int mbedtls_ssl_conf_get_allow_legacy_renegotiation( mbedtls_ssl_config const *conf ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 65cdd49d8..7729cbca6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -117,6 +117,9 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Top-level Connection ID API */ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ + !defined(MBEDTLS_SSL_CONF_CID_LEN) && \ + !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, int ignore_other_cid ) @@ -134,6 +137,21 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, conf->cid_len = len; return( 0 ); } +#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID && + !MBEDTLS_SSL_CONF_CID_LEN && + !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ + +#if MBEDTLS_SSL_CONF_CID_LEN > MBEDTLS_SSL_CID_IN_LEN_MAX +#error "Invalid hardcoded value for MBEDTLS_SSL_CONF_CID_LEN" +#endif +#if MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE && \ + MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID != MBEDTLS_SSL_UNEXPECTED_CID_FAIL +#error "Invalid hardcoded value for MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID" +#endif + +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID && + !MBEDTLS_SSL_CONF_CID_LEN && + !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, int enable, @@ -152,11 +170,11 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len ); - if( own_cid_len != ssl->conf->cid_len ) + if( own_cid_len != mbedtls_ssl_conf_get_cid_len( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config", (unsigned) own_cid_len, - (unsigned) ssl->conf->cid_len ) ); + (unsigned) mbedtls_ssl_conf_get_cid_len( ssl->conf ) ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -4617,7 +4635,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && ssl->in_msgtype == MBEDTLS_SSL_MSG_CID && - ssl->conf->cid_len != 0 ) + mbedtls_ssl_conf_get_cid_len( ssl->conf ) != 0 ) { /* Shift pointers to account for record header including CID * struct { @@ -4634,7 +4652,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) /* So far, we only support static CID lengths * fixed in the configuration. */ - ssl->in_len = ssl->in_cid + ssl->conf->cid_len; + ssl->in_len = ssl->in_cid + mbedtls_ssl_conf_get_cid_len( ssl->conf ); ssl->in_iv = ssl->in_msg = ssl->in_len + 2; } else @@ -4863,8 +4881,8 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && - ssl->conf->ignore_unexpected_cid - == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) + mbedtls_ssl_conf_get_ignore_unexpected_cid( ssl->conf ) + == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) ); ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 2871fd746..99217ba6b 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2610,6 +2610,22 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_BADMAC_LIMIT */ +#if defined(MBEDTLS_SSL_CONF_CID_LEN) + if( strcmp( "MBEDTLS_SSL_CONF_CID_LEN", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_CID_LEN ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_CID_LEN */ + +#if defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) + if( strcmp( "MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ + #if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 879fcf469..9e9a44bf3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1672,7 +1672,9 @@ int main( int argc, char *argv[] ) memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ + !defined(MBEDTLS_SSL_CONF_CID_LEN) && \ + !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 ) { if( opt.cid_enabled == 1 && @@ -1697,7 +1699,9 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID && + !MBEDTLS_SSL_CONF_CID_LEN && + !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ if( opt.auth_mode != DFL_AUTH_MODE ) mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 2196dd1e3..a4624fc78 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2489,7 +2489,9 @@ int main( int argc, char *argv[] ) }; #endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ + !defined(MBEDTLS_SSL_CONF_CID_LEN) && \ + !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 ) { if( opt.cid_enabled == 1 && @@ -2514,7 +2516,9 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID && + !MBEDTLS_SSL_CONF_CID_LEN && + !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) From 1f835fa22b948339b6d583ae8beb2827a96d5159 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Jun 2019 10:14:59 +0100 Subject: [PATCH 06/10] Allow configuration of read timeouts at compile-time Introduces compile-time constants - MBEDTLS_SSL_CONF_READ_TIMEOUT - MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN - MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX which allow to configure the read timeouts and minimum/maximum handshake timeout at compile time. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23147 | 23781 | 26703 | | `libmbedtls.a` after | 23131 | 23753 | 26673 | | gain in Bytes | 16 | 28 | 30 | --- configs/baremetal.h | 3 ++ include/mbedtls/check_config.h | 7 +++++ include/mbedtls/config.h | 5 ++++ include/mbedtls/ssl.h | 13 ++++++++- include/mbedtls/ssl_internal.h | 47 +++++++++++++++++++++++++++++++ library/ssl_tls.c | 51 ++++++++++++++++++++++++++-------- programs/ssl/query_config.c | 24 ++++++++++++++++ programs/ssl/ssl_client2.c | 13 ++++++++- programs/ssl/ssl_server2.c | 13 ++++++++- 9 files changed, 161 insertions(+), 15 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index c6ba057aa..37e2444c7 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,6 +80,9 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ +#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0 +#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000 +#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX 16000 #define MBEDTLS_SSL_CONF_CID_LEN 0 #define MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID MBEDTLS_SSL_UNEXPECTED_CID_IGNORE #define MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION \ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a03812159..4487bd775 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -638,6 +638,13 @@ #error "MBEDTLS_SSL_CONF_CID_LEN and MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID must be defined simultaneously" #endif +#if ( defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) && \ + !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX) ) || \ + ( !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) && \ + defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX) ) +#error "MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN and MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX must be defined simultaneously" +#endif + #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) #error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5af2e79d1..e87284017 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3454,7 +3454,12 @@ //#define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED +/* Timeout */ +//#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0 + /* DTLS-specific settings */ +//#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN +//#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX //#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED //#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0 //#define MBEDTLS_SSL_CONF_CID_LEN 0 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e68eb1c9d..1d7c05d40 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1015,14 +1015,20 @@ struct mbedtls_ssl_config * Numerical settings (int then char) */ +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */ +#endif /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */ #if defined(MBEDTLS_SSL_PROTO_DTLS) +#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) uint32_t hs_timeout_min; /*!< initial value of the handshake retransmission timeout (ms) */ +#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */ +#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX) uint32_t hs_timeout_max; /*!< maximum value of the handshake retransmission timeout (ms) */ -#endif +#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */ +#endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_RENEGOTIATION) int renego_max_records; /*!< grace period for renegotiation */ @@ -1692,6 +1698,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) /** * \brief Set the timeout period for mbedtls_ssl_read() * (Default: no timeout.) @@ -1705,10 +1712,14 @@ void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); * With non-blocking I/O, this will only work if timer * callbacks were set with \c mbedtls_ssl_set_timer_cb(). * + * \note On constrained systems, this option can also be configured + * at compile-time via MBEDTLS_SSL_CONF_READ_TIMEOUT. + * * \note With non-blocking I/O, you may also skip this function * altogether and handle timeouts at the application layer. */ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); +#endif /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */ /** * \brief Set the timer callbacks (Mandatory for DTLS.) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 57fe486e0..093c4ac13 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,53 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) +static inline uint32_t mbedtls_ssl_conf_get_read_timeout( + mbedtls_ssl_config const *conf ) +{ + return( conf->read_timeout ); +} +#else /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */ +static inline uint32_t mbedtls_ssl_conf_get_read_timeout( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_READ_TIMEOUT ); +} +#endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */ + +#if defined(MBEDTLS_SSL_PROTO_DTLS) +#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) +static inline uint32_t mbedtls_ssl_conf_get_hs_timeout_min( + mbedtls_ssl_config const *conf ) +{ + return( conf->hs_timeout_min ); +} +#else /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */ +static inline uint32_t mbedtls_ssl_conf_get_hs_timeout_min( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN ); +} +#endif /* MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */ + +#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX) +static inline uint32_t mbedtls_ssl_conf_get_hs_timeout_max( + mbedtls_ssl_config const *conf ) +{ + return( conf->hs_timeout_max ); +} +#else /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */ +static inline uint32_t mbedtls_ssl_conf_get_hs_timeout_max( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX ); +} +#endif /* MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */ +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if !defined(MBEDTLS_SSL_CONF_CID_LEN) static inline size_t mbedtls_ssl_conf_get_cid_len( diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7729cbca6..95cf554f0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -318,8 +318,11 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) { uint32_t new_timeout; - if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) + if( ssl->handshake->retransmit_timeout >= + mbedtls_ssl_conf_get_hs_timeout_max( ssl->conf ) ) + { return( -1 ); + } /* Implement the final paragraph of RFC 6347 section 4.1.1.1 * in the following way: after the initial transmission and a first @@ -327,7 +330,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) * This value is guaranteed to be deliverable (if not guaranteed to be * delivered) of any compliant IPv4 (and IPv6) network, and should work * on most non-IP stacks too. */ - if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min ) + if( ssl->handshake->retransmit_timeout != + mbedtls_ssl_conf_get_hs_timeout_min( ssl->conf ) ) { ssl->handshake->mtu = 508; MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) ); @@ -337,9 +341,9 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) /* Avoid arithmetic overflow and range overflow */ if( new_timeout < ssl->handshake->retransmit_timeout || - new_timeout > ssl->conf->hs_timeout_max ) + new_timeout > mbedtls_ssl_conf_get_hs_timeout_max( ssl->conf ) ) { - new_timeout = ssl->conf->hs_timeout_max; + new_timeout = mbedtls_ssl_conf_get_hs_timeout_max( ssl->conf ); } ssl->handshake->retransmit_timeout = new_timeout; @@ -351,7 +355,7 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) { - ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; + ssl->handshake->retransmit_timeout = mbedtls_ssl_conf_get_hs_timeout_min( ssl->conf ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs", ssl->handshake->retransmit_timeout ) ); } @@ -3011,7 +3015,9 @@ static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) * timeout if we were using the usual handshake doubling scheme */ if( ssl->conf->renego_max_records < 0 ) { - uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; + uint32_t ratio = + mbedtls_ssl_conf_get_hs_timeout_max( ssl->conf ) / + mbedtls_ssl_conf_get_hs_timeout_min( ssl->conf ) + 1; unsigned char doublings = 1; while( ratio != 0 ) @@ -3152,7 +3158,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) timeout = ssl->handshake->retransmit_timeout; else - timeout = ssl->conf->read_timeout; + timeout = mbedtls_ssl_conf_get_read_timeout( ssl->conf ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) ); @@ -3227,8 +3233,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->f_recv_timeout != NULL ) { ret = ssl->f_recv_timeout( ssl->p_bio, - ssl->in_hdr + ssl->in_left, len, - ssl->conf->read_timeout ); + ssl->in_hdr + ssl->in_left, len, + mbedtls_ssl_conf_get_read_timeout( ssl->conf ) ); } else { @@ -8103,13 +8109,27 @@ void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, ssl->disable_datagram_packing = !allow_packing; } +#if !( defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX) && \ + defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) ) void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ) { conf->hs_timeout_min = min; conf->hs_timeout_max = max; } -#endif +#else /* !( MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN && + MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX ) */ +void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, + uint32_t min, uint32_t max ) +{ + ((void) conf); + ((void) min); + ((void) max); +} +#endif /* MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN && + MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */ + +#endif /* MBEDTLS_SSL_PROTO_DTLS */ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) { @@ -8166,10 +8186,12 @@ void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ) } #endif +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) { conf->read_timeout = timeout; } +#endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, @@ -9932,7 +9954,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) if( ssl->f_get_timer != NULL && ssl->f_get_timer( ssl->p_timer ) == -1 ) { - ssl_set_timer( ssl, ssl->conf->read_timeout ); + ssl_set_timer( ssl, + mbedtls_ssl_conf_get_read_timeout( ssl->conf ) ); } if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) @@ -10784,9 +10807,13 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) +#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; +#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */ +#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX) conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; -#endif +#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */ +#endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_RENEGOTIATION) conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 99217ba6b..e58ddc4d5 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2594,6 +2594,30 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_AUTHMODE */ +#if defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) + if( strcmp( "MBEDTLS_SSL_CONF_READ_TIMEOUT", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_READ_TIMEOUT ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */ + +#if defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) + if( strcmp( "MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */ + +#if defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX) + if( strcmp( "MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */ + #if defined(MBEDTLS_SSL_CONF_ANTI_REPLAY) if( strcmp( "MBEDTLS_SSL_CONF_ANTI_REPLAY", config ) == 0 ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9e9a44bf3..391513b0c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -307,6 +307,13 @@ int main( void ) #define USAGE_ALLOW_LEGACY_RENEGO "" #endif +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) +#define USAGE_READ_TIMEOUT \ + " read_timeout=%%d default: 0 ms (no timeout)\n" +#else +#define USAGE_READ_TIMEOUT "" +#endif + #define USAGE \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -325,7 +332,7 @@ int main( void ) " options: 1 (non-blocking), 2 (added delays)\n" \ " event=%%d default: 0 (loop)\n" \ " options: 1 (level-triggered, implies nbio=1),\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ + USAGE_READ_TIMEOUT \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ "\n" \ USAGE_DTLS \ @@ -921,8 +928,10 @@ int main( int argc, char *argv[] ) if( opt.event < 0 || opt.event > 2 ) goto usage; } +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); +#endif else if( strcmp( p, "max_resend" ) == 0 ) { opt.max_resend = atoi( q ); @@ -1769,7 +1778,9 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); +#endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_conf_session_tickets( &conf, opt.tickets ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a4624fc78..707660f66 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -415,6 +415,13 @@ int main( void ) #define USAGE_ALLOW_LEGACY_RENEGO "" #endif +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) +#define USAGE_READ_TIMEOUT \ + " read_timeout=%%d default: 0 ms (no timeout)\n" +#else +#define USAGE_READ_TIMEOUT "" +#endif + #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -430,7 +437,7 @@ int main( void ) " options: 1 (non-blocking), 2 (added delays)\n" \ " event=%%d default: 0 (loop)\n" \ " options: 1 (level-triggered, implies nbio=1),\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ + USAGE_READ_TIMEOUT \ "\n" \ USAGE_DTLS \ USAGE_COOKIES \ @@ -1575,8 +1582,10 @@ int main( int argc, char *argv[] ) if( opt.event < 0 || opt.event > 2 ) goto usage; } +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); +#endif else if( strcmp( p, "buffer_size" ) == 0 ) { opt.buffer_size = atoi( q ); @@ -2927,7 +2936,9 @@ reset: goto exit; } +#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); +#endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */ #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) From 2d9623f7d5da1069b61d0993fad34e517f26fe56 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Jun 2019 12:07:05 +0100 Subject: [PATCH 07/10] Allow configuration of endpoint (cli/srv) at compile-time Introduces MBEDTLS_SSL_CONF_ENDPOINT to allow to choose between server- or client-builds at compile-time. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` (client only) before | 18355 | 18815 | 21485 | | `libmbedtls.a` (client only) after | 18219 | 18683 | 21347 | | gain in Bytes (client only) | 136 | 132 | 138 | | `libmbedtls.a` (server only) before | 18715 | 18987 | 21883 | | `libmbedtls.a` (server only) after | 18595 | 18823 | 21717 | | gain in Bytes (server only) | 120 | 164 | 166 | --- include/mbedtls/config.h | 3 ++ include/mbedtls/ssl.h | 7 +++ include/mbedtls/ssl_internal.h | 15 ++++++ library/ssl_srv.c | 2 +- library/ssl_tls.c | 86 ++++++++++++++++++++++------------ programs/ssl/query_config.c | 8 ++++ 6 files changed, 90 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e87284017..fcb92f2c7 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3457,6 +3457,9 @@ /* Timeout */ //#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0 +/* Endpoint (Client/Server) */ +//#define MBEDTLS_SSL_CONF_ENDPOINT MBED + /* DTLS-specific settings */ //#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN //#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1d7c05d40..86759e50c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1055,7 +1055,9 @@ struct mbedtls_ssl_config * Flags (bitfields) */ +#if !defined(MBEDTLS_SSL_CONF_ENDPOINT) unsigned int endpoint : 1; /*!< 0: client, 1: server */ +#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */ unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */ #if !defined(MBEDTLS_SSL_CONF_AUTHMODE) unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ @@ -1381,13 +1383,18 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); +#if !defined(MBEDTLS_SSL_CONF_ENDPOINT) /** * \brief Set the current endpoint type * + * \note On constrained systems, this can also be configured + * at compile-time via MBEDTLS_SSL_CONF_ENDPOINT. + * * \param conf SSL configuration * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER */ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); +#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */ /** * \brief Set the transport type (TLS or DTLS). diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 093c4ac13..b08aae288 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,21 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if !defined(MBEDTLS_SSL_CONF_ENDPOINT) +static inline unsigned int mbedtls_ssl_conf_get_endpoint( + mbedtls_ssl_config const *conf ) +{ + return( conf->endpoint ); +} +#else /* !MBEDTLS_SSL_CONF_ENDPOINT */ +static inline unsigned int mbedtls_ssl_conf_get_endpoint( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_ENDPOINT ); +} +#endif /* MBEDTLS_SSL_CONF_ENDPOINT */ + #if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) static inline uint32_t mbedtls_ssl_conf_get_read_timeout( mbedtls_ssl_config const *conf ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0009f8bed..b6b7750c7 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -55,7 +55,7 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, const unsigned char *info, size_t ilen ) { - if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) != MBEDTLS_SSL_IS_SERVER ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); mbedtls_free( ssl->cli_id ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 95cf554f0..cfd6589b1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1388,7 +1388,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) ssl->handshake->tls_prf, ssl->handshake->randbytes, ssl->minor_ver, - ssl->conf->endpoint, + mbedtls_ssl_conf_get_endpoint( ssl->conf ), ssl ); if( ret != 0 ) { @@ -3196,7 +3196,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) return( MBEDTLS_ERR_SSL_WANT_READ ); } #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + else if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_SERVER && ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) @@ -3722,7 +3723,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ) + mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_CLIENT ) ) #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -4754,7 +4756,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) * have an active transform (possibly iv_len != 0), so use the * fact that the record header len is 13 instead. */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_SERVER && ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && rec_epoch == 0 && ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && @@ -5937,7 +5940,8 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_SERVER && ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) { @@ -6104,7 +6108,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_CLIENT ) { if( ssl->client_auth == 0 ) { @@ -6133,7 +6138,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER ) { if( mbedtls_ssl_own_cert( ssl ) == NULL ) { @@ -6337,7 +6342,8 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, /* Check if we're handling the first CRT in the chain. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) if( crt_cnt++ == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_CLIENT && ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) { /* During client-side renegotiation, check that the server's @@ -6403,7 +6409,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SRV_C) static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) { - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT ) return( -1 ); #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -6461,7 +6467,7 @@ static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, return( SSL_CERTIFICATE_SKIP ); #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER ) { if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) return( SSL_CERTIFICATE_SKIP ); @@ -6551,7 +6557,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, if( mbedtls_ssl_check_cert_usage( chain, ciphersuite_info, - ! ssl->conf->endpoint, + ( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_CLIENT ), &ssl->session_negotiate->verify_result ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); @@ -7371,7 +7378,8 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) ssl_update_out_pointers( ssl, ssl->transform_negotiate ); - ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); + ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, + mbedtls_ssl_conf_get_endpoint( ssl->conf ) ); /* * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites @@ -7397,12 +7405,18 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) if( ssl->handshake->resume != 0 ) { #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_CLIENT ) + { ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + } #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_SERVER ) + { ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + } #endif } else @@ -7499,7 +7513,8 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); - ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); + ssl->handshake->calc_finished( ssl, buf, + mbedtls_ssl_conf_get_endpoint( ssl->conf ) ^ 1 ); if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) { @@ -7549,11 +7564,11 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) if( ssl->handshake->resume != 0 ) { #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT ) ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER ) ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; #endif } @@ -7702,7 +7717,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) { ssl->handshake->alt_transform_out = ssl->transform_out; - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT ) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; else ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; @@ -8074,10 +8089,12 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) /* * SSL set accessors */ +#if !defined(MBEDTLS_SSL_CONF_ENDPOINT) void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) { conf->endpoint = endpoint; } +#endif /* MBEDTLS_SSL_CONF_ENDPOINT */ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) { @@ -8226,7 +8243,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session if( ssl == NULL || session == NULL || ssl->session_negotiate == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) + mbedtls_ssl_conf_get_endpoint( ssl->conf ) != MBEDTLS_SSL_IS_CLIENT ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -8354,7 +8371,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, if( ssl->handshake == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER ) role = MBEDTLS_ECJPAKE_SERVER; else role = MBEDTLS_ECJPAKE_CLIENT; @@ -9024,7 +9041,7 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) { /* Return unlimited mtu for client hello messages to avoid fragmentation. */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT && ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) return ( 0 ); @@ -9106,7 +9123,7 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, if( ssl == NULL || dst == NULL || ssl->session == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) + mbedtls_ssl_conf_get_endpoint( ssl->conf ) != MBEDTLS_SSL_IS_CLIENT ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -9690,11 +9707,11 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT ) ret = mbedtls_ssl_handshake_client_step( ssl ); #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER ) ret = mbedtls_ssl_handshake_server_step( ssl ); #endif @@ -9777,10 +9794,15 @@ static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_SERVER ) + { ssl->handshake->out_msg_seq = 1; + } else + { ssl->handshake->in_msg_seq = 1; + } } #endif @@ -9811,7 +9833,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SRV_C) /* On server, just send the request */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER ) { if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -9994,7 +10016,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) */ #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_CLIENT && ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) { @@ -10017,7 +10040,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_SERVER && ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); @@ -10052,7 +10076,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* DTLS clients need to know renego is server-initiated */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_CLIENT ) { ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; } @@ -10165,7 +10190,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * Do it now, after setting in_offt, to avoid taking this branch * again if ssl_write_hello_request() returns WANT_WRITE */ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == + MBEDTLS_SSL_IS_SERVER && ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index e58ddc4d5..29b778c4c 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2602,6 +2602,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */ +#if defined(MBEDTLS_SSL_CONF_ENDPOINT) + if( strcmp( "MBEDTLS_SSL_CONF_ENDPOINT", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_ENDPOINT ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_ENDPOINT */ + #if defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) if( strcmp( "MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN", config ) == 0 ) { From c2cfdaa693773ab8ad441173dcb269222b0dd9cd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Jun 2019 12:33:03 +0100 Subject: [PATCH 08/10] Allow config'n of incl of CertificateReq CA list Y/N at compile-time Introduces MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST which allows to configure at compile-time whether a CA list should be included in the CertificateRequest message sent by the server. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23131 | 23805 | 26673 | | `libmbedtls.a` after | 23099 | 23781 | 26639 | | gain in Bytes | 32 | 24 | 34 | --- configs/baremetal.h | 1 + include/mbedtls/config.h | 4 +++- include/mbedtls/ssl.h | 9 +++++++-- include/mbedtls/ssl_internal.h | 17 +++++++++++++++++ library/ssl_srv.c | 3 ++- library/ssl_tls.c | 6 ++++-- programs/ssl/query_config.c | 8 ++++++++ programs/ssl/ssl_server2.c | 13 +++++++++++-- 8 files changed, 53 insertions(+), 8 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 37e2444c7..399b6e515 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,6 +80,7 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ +#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED #define MBEDTLS_SSL_CONF_READ_TIMEOUT 0 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX 16000 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index fcb92f2c7..3e70260e6 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3458,7 +3458,9 @@ //#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0 /* Endpoint (Client/Server) */ -//#define MBEDTLS_SSL_CONF_ENDPOINT MBED +//#define MBEDTLS_SSL_CONF_ENDPOINT MBEDTLS_SSL_IS_CLIENT + +//#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED /* DTLS-specific settings */ //#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 86759e50c..7c5cadcbb 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1106,8 +1106,10 @@ struct mbedtls_ssl_config unsigned int fallback : 1; /*!< is this a fallback? */ #endif #if defined(MBEDTLS_SSL_SRV_C) +#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in Certificate Request messages? */ +#endif /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */ #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID) @@ -2965,19 +2967,22 @@ void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ); #endif /* MBEDTLS_ARC4_C */ -#if defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) /** * \brief Whether to send a list of acceptable CAs in * CertificateRequest messages. * (Default: do send) * + * \note On constrained systems, this options can also be configured + * at compile-time via MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST. + * * \param conf SSL configuration * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED */ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, char cert_req_ca_list ); -#endif /* MBEDTLS_SSL_SRV_C */ +#endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index b08aae288..138b6fdd7 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1085,6 +1085,23 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, * be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX. */ +#if defined(MBEDTLS_SSL_SRV_C) +#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) +static inline unsigned int mbedtls_ssl_conf_get_cert_req_ca_list( + mbedtls_ssl_config const *conf ) +{ + return( conf->cert_req_ca_list ); +} +#else /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */ +static inline unsigned int mbedtls_ssl_conf_get_cert_req_ca_list( + mbedtls_ssl_config const *conf ) +{ + ((void) conf); + return( MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST ); +} +#endif /* MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */ +#endif /* MBEDTLS_SSL_SRV_C */ + #if !defined(MBEDTLS_SSL_CONF_ENDPOINT) static inline unsigned int mbedtls_ssl_conf_get_endpoint( mbedtls_ssl_config const *conf ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b6b7750c7..f8d2ec480 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2947,7 +2947,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) total_dn_size = 0; - if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED ) + if( mbedtls_ssl_conf_get_cert_req_ca_list( ssl->conf ) + == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED ) { #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ssl->handshake->sni_ca_chain != NULL ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cfd6589b1..dc0eaf9c3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8665,7 +8665,7 @@ void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) } #endif -#if defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, char cert_req_ca_list ) { @@ -10829,8 +10829,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif #if defined(MBEDTLS_SSL_SRV_C) +#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; -#endif +#endif /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */ +#endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_PROTO_DTLS) #if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 29b778c4c..bcdafb6bd 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2610,6 +2610,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_ENDPOINT */ +#if defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) + if( strcmp( "MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */ + #if defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN) if( strcmp( "MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN", config ) == 0 ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 707660f66..5fbbddd3b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -422,6 +422,14 @@ int main( void ) #define USAGE_READ_TIMEOUT "" #endif +#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) +#define USAGE_CERT_REQ_CA_LIST \ + " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ + " options: 1 (send ca list), 0 (don't send)\n" +#else +#define USAGE_CERT_REQ_CA_LIST "" +#endif + #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -445,8 +453,7 @@ int main( void ) USAGE_BADMAC_LIMIT \ "\n" \ USAGE_AUTH_MODE \ - " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ - " options: 1 (send ca list), 0 (don't send)\n" \ + USAGE_CERT_REQ_CA_LIST \ USAGE_IO \ USAGE_SSL_ASYNC \ USAGE_SNI \ @@ -2479,8 +2486,10 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); #endif /* !MBEDTLS_SSL_CONF_AUTHMODE */ +#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST) if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST ) mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list ); +#endif #if defined(MBEDTLS_SSL_PROTO_DTLS) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) From f3400da3cadbbf3c106ab76ca833b3c48c7f470e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 13 Jun 2019 12:36:31 +0100 Subject: [PATCH 09/10] Don't incl. CAs in CertReq message in baremetal build This commit modifies the baremetal configuration to disables the inclusion of the list of accepted CAs in the CertificateRequest message sent by the server. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23099 | 23781 | 26639 | | `libmbedtls.a` before | 22995 | 23689 | 26515 | | gain in Bytes | 104 | 92 | 124 | --- configs/baremetal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 399b6e515..e61538459 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,7 +80,7 @@ #define MBEDTLS_SSL_DTLS_CONNECTION_ID /* Compile-time fixed parts of the SSL configuration */ -#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED +#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED #define MBEDTLS_SSL_CONF_READ_TIMEOUT 0 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX 16000 From 3b876acff4a28db7718893db9b1868b0e79e78b3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 21 Jun 2019 15:51:19 +0100 Subject: [PATCH 10/10] Adapt baremetal.h and baremetal.sh --- configs/baremetal.h | 2 +- scripts/baremetal.sh | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index e61538459..7c09051ac 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -84,7 +84,7 @@ #define MBEDTLS_SSL_CONF_READ_TIMEOUT 0 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX 16000 -#define MBEDTLS_SSL_CONF_CID_LEN 0 +#define MBEDTLS_SSL_CONF_CID_LEN 2 #define MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID MBEDTLS_SSL_UNEXPECTED_CID_IGNORE #define MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION \ MBEDTLS_SSL_SECURE_RENEGOTIATION diff --git a/scripts/baremetal.sh b/scripts/baremetal.sh index be5fd0488..7cd1e7005 100755 --- a/scripts/baremetal.sh +++ b/scripts/baremetal.sh @@ -213,7 +213,8 @@ baremetal_ram_heap() { : ${CLI:=./programs/ssl/ssl_client2} : ${CLI_PARAMS:="dtls=1 cid=1 cid_val=beef"} : ${SRV:=./programs/ssl/ssl_server2} - : ${SRV_PARAMS:="dtls=1 renegotiation=1 auth_mode=required cid=1 cid_val=dead"} + : ${SRV_PARAMS:="dtls=1 cid=1 cid_val=dead"} # renegotiation=1 auth_mode=required implicit + # compile-time hardcoding of configuration : ${VALGRIND:=valgrind} : ${VALGRIND_MASSIF_PARAMS="--time-unit=B --threshold=0.01 --detailed-freq=1"} @@ -271,7 +272,8 @@ baremetal_ram_stack() { : ${CLI:=./programs/ssl/ssl_client2} : ${CLI_PARAMS:="dtls=1"} : ${SRV:=./programs/ssl/ssl_server2} - : ${SRV_PARAMS:="dtls=1 renegotiation=1 auth_mode=required"} + : ${SRV_PARAMS:="dtls=1"} # renegotiation=1 auth_mode=required implicit + # compile-time hardcoding of configuration : ${VALGRIND:=valgrind} : ${VALGRIND_CALLGRIND_PARAMS:="--separate-callers=100"}