From 5f43f978f013381343d8084a5ce1ae633cf8d7e4 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 14 Jun 2021 11:41:23 +0100 Subject: [PATCH 01/16] Removes tests from ssl-opt.sh Commit removes tests from ssl-opt.sh that were specific to MBEDTLS_SSL_TRUNCATED_HMAC extention. Signed-off-by: Thomas Daubney --- tests/ssl-opt.sh | 190 ----------------------------------------------- 1 file changed, 190 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d1221112a..89eece6f6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1464,102 +1464,6 @@ run_test "DTLS: multiple records in same datagram, neither client nor server" -S "next record in same datagram" \ -C "next record in same datagram" -# Tests for Truncated HMAC extension - -run_test "Truncated HMAC: client default, server default" \ - "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client disabled, server default" \ - "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client enabled, server default" \ - "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client enabled, server disabled" \ - "$P_SRV debug_level=4 trunc_hmac=0" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client disabled, server enabled" \ - "$P_SRV debug_level=4 trunc_hmac=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client enabled, server enabled" \ - "$P_SRV debug_level=4 trunc_hmac=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -S "dumping 'expected mac' (20 bytes)" \ - -s "dumping 'expected mac' (10 bytes)" - -run_test "Truncated HMAC, DTLS: client default, server default" \ - "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client disabled, server default" \ - "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client enabled, server default" \ - "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ - "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ - "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ - "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -S "dumping 'expected mac' (20 bytes)" \ - -s "dumping 'expected mac' (10 bytes)" - # Tests for Context serialization requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION @@ -5660,22 +5564,6 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -s "Read from client: 1 bytes read" - run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ @@ -5708,24 +5596,6 @@ run_test "Small client packet DTLS 1.2, without EtM" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet DTLS 1.2, truncated hmac" \ - "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ - "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ - 0 \ - -s "Read from client: 1 bytes read" - # Tests for small server packets run_test "Small server packet TLS 1.2 BlockCipher" \ @@ -5749,22 +5619,6 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV response_size=1 trunc_hmac=1" \ - "$P_CLI force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV response_size=1 trunc_hmac=1" \ - "$P_CLI force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -c "Read from server: 1 bytes read" - run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls1_2 \ @@ -5797,24 +5651,6 @@ run_test "Small server packet DTLS 1.2, without EtM" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet DTLS 1.2, truncated hmac" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ - 0 \ - -c "Read from server: 1 bytes read" - # Test for large client packets # How many fragments do we expect to write $1 bytes? @@ -5845,23 +5681,6 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ @@ -5900,15 +5719,6 @@ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ - "$P_SRV response_size=16384" \ - "$P_CLI force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ - 0 \ - -c "Read from server: 16384 bytes read" - run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV response_size=16384 trunc_hmac=1" \ "$P_CLI force_version=tls1_2 \ From ce9e716a2bdc411df9d4bbf74d384d7013b527a6 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 14 Jun 2021 14:04:25 +0100 Subject: [PATCH 02/16] Modifies tests in context-info.sh Commit modifies tests involving MBEDTLS_SSL_TRUNCATED_HMAC in the context-info.sh script. Signed-off-by: Thomas Daubney --- tests/context-info.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/context-info.sh b/tests/context-info.sh index e02d33084..88dfcaa5e 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -210,7 +210,6 @@ run_test "Default configuration, server" \ -u "MBEDTLS_HAVE_TIME$" \ -u "MBEDTLS_X509_CRT_PARSE_C$" \ -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -u "MBEDTLS_SSL_SESSION_TICKETS$" \ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ @@ -233,7 +232,6 @@ run_test "Default configuration, client" \ -u "MBEDTLS_HAVE_TIME$" \ -u "MBEDTLS_X509_CRT_PARSE_C$" \ -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -u "MBEDTLS_SSL_SESSION_TICKETS$" \ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ @@ -339,7 +337,6 @@ run_test "Minimal configuration, server" \ "srv_min_cfg.txt" \ -n "ERROR" \ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -n "MBEDTLS_SSL_SESSION_TICKETS$" \ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ @@ -350,7 +347,6 @@ run_test "Minimal configuration, client" \ "cli_min_cfg.txt" \ -n "ERROR" \ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -n "MBEDTLS_SSL_SESSION_TICKETS$" \ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ From c46bf3c79c2a23d2f67f1a2d01dd980416f3286f Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 14 Jun 2021 14:15:21 +0100 Subject: [PATCH 03/16] Modifies tests in test_suite_ssl.function Commit removes conditional compilation code blocks relating to MBEDTLS_SSL_TRUNCATED_HMAC config option. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_ssl.function | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c555d74a2..e175db277 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1504,9 +1504,6 @@ static int ssl_populate_session( mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) session->mfl_code = 1; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - session->trunc_hmac = 1; -#endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) session->encrypt_then_mac = 1; #endif @@ -4078,10 +4075,6 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file ) TEST_ASSERT( original.mfl_code == restored.mfl_code ); #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac ); -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac ); #endif From 22989d027a00f5c3a21dc2387fb6b4a559f127c9 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 14 Jun 2021 15:34:28 +0100 Subject: [PATCH 04/16] Removes MBEDTLS_SSL_TRUNCATED_HMAC code from ssl programs Commit removes code dependent on MBEDTLS_SSL_TRUNCATED_HMAC from SSL client and sever example programs. Signed-off-by: Thomas Daubney --- programs/ssl/ssl_client2.c | 13 ------------- programs/ssl/ssl_server2.c | 13 ------------- 2 files changed, 26 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 98a304868..ce9bcc302 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -235,13 +235,6 @@ int main( void ) #define USAGE_SRTP "" #endif /* MBEDTLS_SSL_EXPORT_KEYS */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -#define USAGE_TRUNC_HMAC \ - " trunc_hmac=%%d default: library default\n" -#else -#define USAGE_TRUNC_HMAC "" -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #define USAGE_MAX_FRAG_LEN \ " max_frag_len=%%d default: 16384 (tls default)\n" \ @@ -394,7 +387,6 @@ int main( void ) USAGE_TICKETS \ USAGE_EAP_TLS \ USAGE_MAX_FRAG_LEN \ - USAGE_TRUNC_HMAC \ USAGE_CONTEXT_CRT_CB \ USAGE_ALPN \ USAGE_EMS \ @@ -1721,11 +1713,6 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( opt.trunc_hmac != DFL_TRUNC_HMAC ) - mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); -#endif - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index de4eb6d87..f0ca72f2c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -334,13 +334,6 @@ int main( void ) #define USAGE_MAX_FRAG_LEN "" #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -#define USAGE_TRUNC_HMAC \ - " trunc_hmac=%%d default: library default\n" -#else -#define USAGE_TRUNC_HMAC "" -#endif - #if defined(MBEDTLS_SSL_ALPN) #define USAGE_ALPN \ " alpn=%%s default: \"\" (disabled)\n" \ @@ -487,7 +480,6 @@ int main( void ) USAGE_NSS_KEYLOG_FILE \ USAGE_CACHE \ USAGE_MAX_FRAG_LEN \ - USAGE_TRUNC_HMAC \ USAGE_ALPN \ USAGE_EMS \ USAGE_ETM \ @@ -2506,11 +2498,6 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( opt.trunc_hmac != DFL_TRUNC_HMAC ) - mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); -#endif - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms ); From 909d3bfa432c2c26834d9e9ba3e9373df0eddc65 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 14 Jun 2021 15:37:45 +0100 Subject: [PATCH 05/16] Removes MBEDTLS_SSL_TRUNCATED_HMAC code from fuzz programs Commit removes conditional compilation code blocks dependent on MBEDTLS_SSL_TRUNCATED_HMAC config option. Signed-off-by: Thomas Daubney --- programs/fuzz/fuzz_client.c | 3 --- programs/fuzz/fuzz_server.c | 3 --- 2 files changed, 6 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index cbd9483f8..ab2d13494 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -102,9 +102,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { { mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); } -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -#endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); #endif diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 5480e3e87..e3bee2b65 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -127,9 +127,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { &ticket_ctx ); } #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -#endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); #endif From 40d49b1e54c7447354e498af5dd22ab1e7880ad5 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 14 Jun 2021 15:46:45 +0100 Subject: [PATCH 06/16] Removes truncated HMAC code from ssl_context_info program Commit removes conditional compilation block which depends on MBEDTLS_SSL_TRUNCATED_HMAC config option. Signed-off-by: Thomas Daubney --- programs/ssl/ssl_context_info.c | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index b36099115..a8a815235 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -868,7 +868,6 @@ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len ) print_if_bit( "MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag ); - print_if_bit( "MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag ); From 32fb900eee9b69abddbbe4a6115f0193858fffe6 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 14 Jun 2021 17:25:08 +0100 Subject: [PATCH 07/16] Removes truncated HMAC code from ssl_tls.c Removes conditional code compilation blocks and code paths relating to the MBEDTLS_SSL_TRUNCATED_HMAC config option. Signed-off-by: Thomas Daubney --- library/ssl_tls.c | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5c1bc3207..eb5d9db1c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -672,9 +672,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - int trunc_hmac, -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], @@ -845,18 +842,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, mac_key_len = mbedtls_md_get_size( md_info ); transform->maclen = mac_key_len; -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - /* - * If HMAC is to be truncated, we shall keep the leftmost bytes, - * (rfc 6066 page 13 or rfc 2104 section 4), - * so we only need to adjust the length here. - */ - if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) - { - transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; - } -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - /* IV length */ transform->ivlen = cipher_info->iv_size; @@ -1368,9 +1353,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl->session_negotiate->encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session_negotiate->trunc_hmac, -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl->handshake->tls_prf, ssl->handshake->randbytes, @@ -4138,13 +4120,6 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) -{ - conf->trunc_hmac = truncate; -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) { conf->allow_legacy_renegotiation = allow_legacy; @@ -4519,11 +4494,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co #define SSL_SERIALIZED_SESSION_CONFIG_MFL 0 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 1 -#else #define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 0 -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #define SSL_SERIALIZED_SESSION_CONFIG_ETM 1 @@ -4766,13 +4737,6 @@ static int ssl_session_save( const mbedtls_ssl_session *session, *p++ = session->mfl_code; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - used += 1; - - if( used <= buf_len ) - *p++ = (unsigned char)( ( session->trunc_hmac ) & 0xFF ); -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) used += 1; @@ -5008,13 +4972,6 @@ static int ssl_session_load( mbedtls_ssl_session *session, session->mfl_code = *p++; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->trunc_hmac = *p++; -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( 1 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -5831,9 +5788,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl->session->encrypt_then_mac, #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session->trunc_hmac, -#endif #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls12prf_from_cs( ssl->session->ciphersuite ), p, /* currently pointing to randbytes */ From e1c9a40bc41e8b868847879b111cce447419a882 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 15 Jun 2021 11:26:43 +0100 Subject: [PATCH 08/16] Removes truncated HMAC code from ssl_X.c Removes conditional code blocks relating to MBEDTLS_SSL_TRUNCATED_HMAC from ssl_cli.c and ssl_srv.c. Signed-off-by: Thomas Daubney --- library/ssl_cli.c | 78 ----------------------------------------------- library/ssl_srv.c | 64 +------------------------------------- 2 files changed, 1 insertion(+), 141 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9a441385d..30e64c484 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -559,36 +559,6 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ - unsigned char *p = buf; - - *olen = 0; - - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - return( 0 ); - - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding truncated_hmac extension" ) ); - - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -1304,16 +1274,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret ); - return( ret ); - } - ext_len += olen; -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) @@ -1479,31 +1439,6 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching truncated HMAC extension" ) ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); - } - - ((void) buf); - - ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -2346,19 +2281,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) ); - - if( ( ret = ssl_parse_truncated_hmac_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } - - break; -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) case MBEDTLS_TLS_EXT_CID: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 29569d176..47151298d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -543,28 +543,6 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - - ((void) buf); - - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) - ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1703,16 +1681,6 @@ read_record_header: break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); - - ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) case MBEDTLS_TLS_EXT_CID: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); @@ -1721,7 +1689,7 @@ read_record_header: if( ret != 0 ) return( ret ); break; -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: @@ -1967,31 +1935,6 @@ have_ciphersuite: return( 0 ); } -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ - unsigned char *p = buf; - - if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -2654,11 +2597,6 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; -#endif - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; From d7171e9f59b5648b2ae9d0e96f84022fd7e5bc3b Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 15 Jun 2021 12:43:45 +0100 Subject: [PATCH 09/16] Removes truncated HMAC code from ssl.h Commit removes conditionally compiled code relating to MBEDTLS_SSL_TRUNCATED_HMAC from ssl.h. Signed-off-by: Thomas Daubney --- include/mbedtls/ssl.h | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b2f5c67a2..a93a32588 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -956,10 +956,6 @@ struct mbedtls_ssl_session unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */ -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ #endif @@ -1180,9 +1176,6 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_RENEGOTIATION) unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */ #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */ -#endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */ #endif @@ -3315,18 +3308,6 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ); #endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -/** - * \brief Activate negotiation of truncated HMAC - * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED) - * - * \param conf SSL configuration - * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or - * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) - */ -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) /** * \brief Enable / Disable session tickets (client only). From 4a7010d1aaae937dfa328ef253d70d04b3b260ff Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 15 Jun 2021 12:54:14 +0100 Subject: [PATCH 10/16] Removes MBEDTLS_SSL_TRUNCATED_HMAC config option Commit removes the MBEDTLS_SSL_TRUNCATED_HMAC config option from config.h and places a check that it is unset in check_config.h. Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 4 ++++ include/mbedtls/config.h | 9 --------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 90dee6c1a..b0d61a3fa 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -837,6 +837,10 @@ #error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335" #endif +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names +#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 16f8f8b35..2b4976de7 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1648,15 +1648,6 @@ */ #define MBEDTLS_SSL_SERVER_NAME_INDICATION -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - /** * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH * From 22ecf49e9a577cb3ad3a64dbc337b26917039a3d Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 15 Jun 2021 13:04:11 +0100 Subject: [PATCH 11/16] Adds ChangeLog entry Commit adds ChangeLog entry for removal of MBEDTLS_SSL_TRUNCATED_HMAC. Signed-off-by: Thomas Daubney --- ChangeLog.d/rm-truncated-hmac-ext.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/rm-truncated-hmac-ext.txt diff --git a/ChangeLog.d/rm-truncated-hmac-ext.txt b/ChangeLog.d/rm-truncated-hmac-ext.txt new file mode 100644 index 000000000..e3391f885 --- /dev/null +++ b/ChangeLog.d/rm-truncated-hmac-ext.txt @@ -0,0 +1,3 @@ +Removals + * Remove MBEDTLS_SSL_TRUNCATED_HMAC config option since it is no longer + supported in 3.0. Addresses #4341. From 50afb4378f1282eaf3d62a579016787add81e2ec Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 17 Jun 2021 09:23:41 +0100 Subject: [PATCH 12/16] Adds Migration guide Commit adds a migraiton guide entry that was missing. Signed-off-by: Thomas Daubney --- .../remove-truncated-HMAC-extension.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md diff --git a/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md b/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md new file mode 100644 index 000000000..12f7c2385 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md @@ -0,0 +1,10 @@ +Remove the truncated HMAC extension +----------------------------------- + +This affects all users who use the truncated HMAC extension for cryptographic +operations. + +The config option `MBEDTLS_SSL_TRUNCATED_HMAC` has been removed. Users concerned +about overhead are better served by using any of the CCM-8 ciphersuites rather +than a CBC ciphersuite with truncated HMAC, and so going forward this must be +the approach taken. From a42bf29b2c125f10a01fad34f2e287ed44c39aa8 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 18 Jun 2021 09:13:53 +0100 Subject: [PATCH 13/16] Modifies ChangeLog entry Corrects wording in ChangeLog entry as requested in review. Signed-off-by: Thomas Daubney --- ChangeLog.d/rm-truncated-hmac-ext.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/rm-truncated-hmac-ext.txt b/ChangeLog.d/rm-truncated-hmac-ext.txt index e3391f885..c82415ba7 100644 --- a/ChangeLog.d/rm-truncated-hmac-ext.txt +++ b/ChangeLog.d/rm-truncated-hmac-ext.txt @@ -1,3 +1,4 @@ Removals - * Remove MBEDTLS_SSL_TRUNCATED_HMAC config option since it is no longer - supported in 3.0. Addresses #4341. + * Remove MBEDTLS_SSL_TRUNCATED_HMAC config option. Users are better served by + using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC. + Addresses #4341. From 379227cc596d8dbb293c8056e7c6ed9abe9724be Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 18 Jun 2021 10:46:12 +0100 Subject: [PATCH 14/16] Modifies ChangeLog and Migration Guide Entries in ChangeLog and Migration guide files have been merged to cover both the removal of MBEDTLS_SSL_TRUNCATED_HMAC and MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT. Signed-off-by: Thomas Daubney --- ChangeLog | 12 ------------ ChangeLog.d/rm-truncated-hmac-ext.txt | 5 +++-- .../remove-truncated-HMAC-extension.md | 10 ---------- docs/3.0-migration-guide.md | 16 ++++++---------- 4 files changed, 9 insertions(+), 34 deletions(-) delete mode 100644 docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md diff --git a/ChangeLog b/ChangeLog index ddaf3fd9f..b525492fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,8 +32,6 @@ API changes * Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO). * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3). - * Drop support for compatibility with our own previous buggy - implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT). * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT). * Drop support for RC4 TLS ciphersuites. * Drop support for single-DES ciphersuites. @@ -1688,16 +1686,6 @@ Changes = mbed TLS 2.8.0 branch released 2018-03-16 -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). - Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the diff --git a/ChangeLog.d/rm-truncated-hmac-ext.txt b/ChangeLog.d/rm-truncated-hmac-ext.txt index c82415ba7..373925695 100644 --- a/ChangeLog.d/rm-truncated-hmac-ext.txt +++ b/ChangeLog.d/rm-truncated-hmac-ext.txt @@ -1,4 +1,5 @@ Removals - * Remove MBEDTLS_SSL_TRUNCATED_HMAC config option. Users are better served by + * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove + MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC. - Addresses #4341. + See issue #4341 for more details. diff --git a/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md b/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md deleted file mode 100644 index 12f7c2385..000000000 --- a/docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md +++ /dev/null @@ -1,10 +0,0 @@ -Remove the truncated HMAC extension ------------------------------------ - -This affects all users who use the truncated HMAC extension for cryptographic -operations. - -The config option `MBEDTLS_SSL_TRUNCATED_HMAC` has been removed. Users concerned -about overhead are better served by using any of the CCM-8 ciphersuites rather -than a CBC ciphersuite with truncated HMAC, and so going forward this must be -the approach taken. diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index a4a59b889..a30e78677 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -137,17 +137,13 @@ and relied on that version in order to communicate with peers that are not up to date. If one of your peers is in that case, please try contacting them and encouraging them to upgrade their software. -Remove support for compatibility with old Mbed TLS's truncated HMAC -------------------------------------------------------------------- +Remove support for truncated HMAC +--------------------------------- -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and -used the Truncated HMAC extension to communicate with peers using old version -of Mbed TLS. Please consider using a CCM-8 ciphersuite instead of the -Truncated HMAC extension, or convincing your peer to upgrade their version of -Mbed TLS. +This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC` +`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and used the truncated HMAC extension. +Please consider using a CCM-8 ciphersuite instead of the Truncated HMAC +extension, or convincing your peer to upgrade their version of Mbed TLS. Remove support for TLS record-level compression ----------------------------------------------- From d596e99d61608df51ac4323148482a373ef0b25d Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 18 Jun 2021 11:50:56 +0100 Subject: [PATCH 15/16] Modifies ChangeLog Corrects erroneous removal from ChangeLog. Signed-off-by: Thomas Daubney --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index b525492fb..565ce1c78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1686,6 +1686,16 @@ Changes = mbed TLS 2.8.0 branch released 2018-03-16 +Default behavior changes + * The truncated HMAC extension now conforms to RFC 6066. This means + that when both sides of a TLS connection negotiate the truncated + HMAC extension, Mbed TLS can now interoperate with other + compliant implementations, but this breaks interoperability with + prior versions of Mbed TLS. To restore the old behavior, enable + the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in + config.h. Found by Andreas Walz (ivESK, Offenburg University of + Applied Sciences). + Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the From ac84469dd1f93e285cc571c0202b14b63a42ebfc Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 18 Jun 2021 14:08:56 +0100 Subject: [PATCH 16/16] Modifies Migration Guide entry Commit makes corrections to Migration Guide entry for this task. Signed-off-by: Thomas Daubney --- docs/3.0-migration-guide.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index a30e78677..6a21a653a 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -140,10 +140,13 @@ encouraging them to upgrade their software. Remove support for truncated HMAC --------------------------------- -This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC` -`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and used the truncated HMAC extension. -Please consider using a CCM-8 ciphersuite instead of the Truncated HMAC -extension, or convincing your peer to upgrade their version of Mbed TLS. +This affects users of truncated HMAC, that is, users who called +`mbedtls_ssl_conf_truncated_hmac( ..., MBEDTLS_SSL_TRUNC_HMAC_ENABLED)`, +regardless of whether the standard version was used or compatibility version +(`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). + +The recommended migration path for people who want minimal overhead is to use a +CCM-8 ciphersuite. Remove support for TLS record-level compression -----------------------------------------------