From 15f1d7f812520c76a7b4ed59b6557a51377b351f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 10 Jul 2025 09:41:09 +0100 Subject: [PATCH 01/40] Remove support for static ECDH cipher suites Signed-off-by: Ben Taylor --- docs/architecture/tls13-support.md | 2 - docs/proposed/config-split.md | 2 - include/mbedtls/mbedtls_config.h | 48 ---- include/mbedtls/private/config_adjust_ssl.h | 2 - include/mbedtls/ssl.h | 4 +- include/mbedtls/ssl_ciphersuites.h | 12 +- library/mbedtls_check_config.h | 15 - library/ssl_ciphersuites.c | 264 ------------------ library/ssl_ciphersuites_internal.h | 10 +- library/ssl_tls.c | 5 - library/ssl_tls12_client.c | 99 +------ library/ssl_tls12_server.c | 106 +------ .../components-configuration-crypto.sh | 8 +- tests/scripts/depends.py | 4 +- tests/ssl-opt.sh | 7 +- tests/suites/test_suite_ssl.data | 44 --- 16 files changed, 14 insertions(+), 618 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index f49e9194ba..c7b11fd1dd 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -118,8 +118,6 @@ Support description | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a | | | | | MBEDTLS_PSA_CRYPTO_C | no (1) | diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..aa1090328f 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -392,8 +392,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 827b96165f..f11bcb3fb0 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -273,54 +273,6 @@ */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_RSA_C - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED * diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h index 040216a04e..ee35a67c9f 100644 --- a/include/mbedtls/private/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -64,8 +64,6 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #endif diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 44d28a2d81..02e527cdf5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -659,9 +659,7 @@ union mbedtls_ssl_premaster_secret { unsigned char dummy; /* Make the union non-empty even with SSL disabled */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index c97f6abeee..d6c0667aa6 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -163,16 +163,12 @@ typedef enum { MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_KEY_EXCHANGE_ECJPAKE, } mbedtls_key_exchange_type_t; /* Key exchanges using a certificate */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED #endif @@ -220,12 +216,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif -/* Key exchanges using ECDH */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED -#endif - /* Key exchanges that don't involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 82fef7481d..3107c11077 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -55,19 +55,6 @@ #endif /* not all curves accelerated */ #endif /* some curve accelerated */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || \ - !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ !defined(MBEDTLS_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" @@ -150,8 +137,6 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index b979cad94f..961a4205e7 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -467,186 +467,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_GCM) @@ -898,41 +718,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) @@ -1024,41 +809,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #endif /* PSA_WANT_KEY_TYPE_ARIA */ @@ -1203,10 +953,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return MBEDTLS_PK_ECDSA; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return MBEDTLS_PK_ECKEY; - default: return MBEDTLS_PK_NONE; } @@ -1222,10 +968,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_ALG_ECDH; - default: return PSA_ALG_NONE; } @@ -1238,10 +980,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_KEY_USAGE_SIGN_HASH; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_KEY_USAGE_DERIVE; - default: return 0; } @@ -1272,8 +1010,6 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: return 1; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index d1db2dba46..54199dba8a 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -45,8 +45,6 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_PSK: return 1; @@ -60,9 +58,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return 1; + return 1; default: return 0; @@ -73,9 +69,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return 1; @@ -87,9 +81,7 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return 1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 78bcb92f4c..38db9cd103 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8623,11 +8623,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; break; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - usage = MBEDTLS_X509_KU_KEY_AGREEMENT; - break; - /* Don't use default: we want warnings when adding new values */ case MBEDTLS_KEY_EXCHANGE_NONE: case MBEDTLS_KEY_EXCHANGE_PSK: diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..7675f95e37 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1732,71 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *peer_pk; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* This is a public key, so it can't be opaque, so can_do() is a good - * enough check to ensure pk_ec() is safe to use below. */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - uint16_t tls_id = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); - - if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not supported", - grp_id)); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* If the above conversion to TLS ID was fine, then also this one will be, - so there is no need to check the return value here */ - mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_psa_bits); - - ssl->handshake->xxdh_psa_type = key_type; - - /* Store peer's public key in psa format. */ - memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); - ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; - ret = 0; -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it, - * so that more RAM is available for upcoming expensive - * operations like ECDHE. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) { @@ -1807,28 +1742,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { - if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - ((void) p); - ((void) end); -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ssl->handshake->ecrs_enabled && ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { @@ -2380,13 +2293,9 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; @@ -2460,9 +2369,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 181c6de3a0..96598cc427 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2513,100 +2513,6 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *pk; - mbedtls_pk_type_t pk_type; - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; - size_t key_len; - - pk = mbedtls_ssl_own_key(ssl); - - if (pk == NULL) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - pk_type = mbedtls_pk_get_type(pk); - - switch (pk_type) { - case MBEDTLS_PK_OPAQUE: - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - /* Get the attributes of the key previously parsed by PK module in - * order to extract its type and length (in bits). */ - status = psa_get_key_attributes(pk->priv_id, &key_attributes); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); - ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - - if (pk_type != MBEDTLS_PK_OPAQUE) { - /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK - * module and only have ECDSA capabilities. Since we need - * them for ECDH later, we export and then re-import them with - * proper flags and algorithm. Of course We also set key's type - * and bits that we just got above. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - - status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - /* Set this key as owned by the TLS library: it will be its duty - * to clear it exit. */ - ssl->handshake->xxdh_psa_privkey_is_external = 0; - - ret = 0; - break; - } - - /* Opaque key is created by the user (externally from Mbed TLS) - * so we assume it already has the right algorithm and flags - * set. Just copy its ID as reference. */ - ssl->handshake->xxdh_psa_privkey = pk->priv_id; - ssl->handshake->xxdh_psa_privkey_is_external = 1; - ret = 0; - break; - - default: - ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - -exit: - psa_reset_key_attributes(&key_attributes); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) MBEDTLS_CHECK_RETURN_CRITICAL @@ -3210,13 +3116,9 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { size_t data_len = (size_t) (*p++); size_t buf_len = (size_t) (end - p); psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -3279,9 +3181,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index be2b040c29..38a5d85e7d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -437,7 +437,6 @@ component_test_everest_curve25519_only () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_ECDSA scripts/config.py set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset PSA_WANT_ALG_JPAKE @@ -574,7 +573,6 @@ component_test_psa_crypto_config_accel_ecdsa () { # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED # Build # ----- @@ -615,8 +613,6 @@ component_test_psa_crypto_config_accel_ecdh () { scripts/config.py unset MBEDTLS_ECDH_C # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -1147,7 +1143,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and @@ -1496,7 +1491,8 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index cd91b78479..34ecf4cdbc 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -280,7 +280,6 @@ REVERSE_DEPENDENCIES = { 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', 'MBEDTLS_ECDSA_C'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', @@ -294,7 +293,6 @@ REVERSE_DEPENDENCIES = { 'MBEDTLS_ECP_RESTARTABLE', 'MBEDTLS_PK_PARSE_EC_EXTENDED', 'MBEDTLS_PK_PARSE_EC_COMPRESSED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', @@ -313,7 +311,7 @@ REVERSE_DEPENDENCIES = { 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], + 'MBEDTLS_RSA_C'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a90d5afa9f..a13afd6206 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -312,12 +312,9 @@ requires_any_configs_disabled() { } TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" +TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ec62c2cb2e..6c5e718c60 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -380,10 +380,6 @@ Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 -Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 - Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 @@ -408,10 +404,6 @@ DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 -DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 - DTLS Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 @@ -479,42 +471,6 @@ Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - Sending app data via TLS, MFL=512 without fragmentation depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 From 558766d814c42d49c7a3548bbfcb97bb078c8b01 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Jul 2025 08:37:22 +0100 Subject: [PATCH 02/40] Remove additional ifdef's Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 6 ++---- library/ssl_ciphersuites_internal.h | 12 ------------ library/ssl_tls12_server.c | 15 +-------------- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index d6c0667aa6..11eaf6ba14 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -217,8 +217,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif @@ -244,8 +243,7 @@ typedef enum { #endif /* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 54199dba8a..2e9f077571 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -54,18 +54,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 96598cc427..755b837bca 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -22,8 +22,7 @@ /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, @@ -2914,18 +2913,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { - /* For suites involving ECDH, extract DH parameters - * from certificate at this point. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) { - ret = ssl_get_ecdh_params_from_cert(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - return ret; - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); From 50b45a98ce54b977eaf66f932ba2d571c0365692 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 10:43:05 +0100 Subject: [PATCH 03/40] Reverted changes to config-split Signed-off-by: Ben Taylor --- docs/proposed/config-split.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index aa1090328f..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -392,6 +392,8 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED From 4d7f715c0775144bb8be651ee8157e7ba78d6577 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 09:56:11 +0100 Subject: [PATCH 04/40] Remove further symbols that are not required Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 29 --------------------- library/ssl_ciphersuites.c | 42 ------------------------------ 2 files changed, 71 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 11eaf6ba14..5ef0786eb5 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -38,38 +38,25 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A -#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F - #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 @@ -81,20 +68,12 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ @@ -104,21 +83,13 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 961a4205e7..39826eee66 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -109,46 +109,6 @@ static const int ciphersuite_preference[] = /* The ECJPAKE suite */ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, - /* All AES-256 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - - /* All CAMELLIA-256 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - - /* All ARIA-256 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - - /* All AES-128 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - - /* All CAMELLIA-128 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - - /* All ARIA-128 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, @@ -178,8 +138,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, MBEDTLS_TLS_PSK_WITH_NULL_SHA384, MBEDTLS_TLS_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_PSK_WITH_NULL_SHA, From 3116f2febeab278b9be662ac236c0297e67229f6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 10:48:45 +0100 Subject: [PATCH 05/40] Remove further symbols Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5ef0786eb5..17666b2de2 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -37,8 +37,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ - #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A From 39280a411055cf3318bc6f5f1db137d06be41b8f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 13:43:21 +0100 Subject: [PATCH 06/40] Remove ECDH from ssl-opt Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 63 ++++++------------------------------------------ 1 file changed, 7 insertions(+), 56 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a13afd6206..9a6b5bfd92 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -433,14 +433,12 @@ requires_cipher_enabled() { # - $1 = command line (call to a TLS client or server program) # - $2 = client/server # - $3 = TLS version (TLS12 or TLS13) -# - $4 = Use an external tool without ECDH support -# - $5 = run test options +# - $4 = run test options detect_required_features() { CMD_LINE=$1 ROLE=$2 TLS_VERSION=$3 - EXT_WO_ECDH=$4 - TEST_OPTIONS=${5:-} + TEST_OPTIONS=${4:-} case "$CMD_LINE" in *\ force_version=*) @@ -522,24 +520,9 @@ detect_required_features() { else # For TLS12 requirements are different between server and client if [ "$ROLE" = "server" ]; then - # If the server uses "server5*" certificates, then an ECDSA based - # key exchange is required. However gnutls also does not - # support ECDH, so this limit the choice to ECDHE-ECDSA - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT - fi + requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED elif [ "$ROLE" = "client" ]; then - # On the client side it is enough to have any certificate - # based authentication together with support for ECDSA. - # Of course the GnuTLS limitation mentioned above applies - # also here. - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - fi + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH requires_pk_alg "ECDSA" fi fi @@ -801,10 +784,6 @@ requires_openssl_tls1_3_with_ffdh() { # skip next test if openssl cannot handle ephemeral key exchange requires_openssl_tls1_3_with_compatible_ephemeral() { requires_openssl_next - - if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then - requires_openssl_tls1_3_with_ffdh - fi } # skip next test if tls1_3 is not available @@ -1302,28 +1281,6 @@ is_gnutls() { esac } -# Some external tools (gnutls or openssl) might not have support for static ECDH -# and this limit the tests that can be run with them. This function checks server -# and client command lines, given as input, to verify if the current test -# is using one of these tools. -use_ext_tool_without_ecdh_support() { - case "$1" in - *$GNUTLS_SERV*|\ - *${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - case "$2" in - *$GNUTLS_CLI*|\ - *${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - echo "no" -} - # Generate random psk_list argument for ssl_server2 get_srv_psk_list () { @@ -1810,26 +1767,20 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi - # Check if we are trying to use an external tool which does not support ECDH - EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") # Guess the TLS version which is going to be used. # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - if [ "$EXT_WO_ECDH" = "no" ]; then - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") - else - TLS_VERSION="TLS12" - fi + TLS_VERSION="TLS12" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" # If the client or server requires certain features that can be detected # from their command-line arguments, check whether they're enabled. - detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" - detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" + detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@" + detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then From dbf397710743ff01e403217de81fcc2d97c64d70 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 11 Aug 2025 11:22:50 +0100 Subject: [PATCH 07/40] Remove tests from ssl-opt.sh that are depedendent the removed ECDH algorithm's Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a6b5bfd92..b67a371134 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2627,30 +2627,6 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" -# Test for correctness of sent single supported algorithm -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: mbedtls client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ - 0 \ - -c "Supported Signature Algorithm found: 04 03" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: openssl client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ - -key $DATA_FILES_PATH/server6.key" \ - 0 - # Tests for certificate verification callback run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ From 0a7c5588db6f793cca03ba43226d7b411440dae6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 11 Aug 2025 14:43:32 +0100 Subject: [PATCH 08/40] Remove further ECDH tests Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 77 +----------------------------------------------- 1 file changed, 1 insertion(+), 76 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b67a371134..401ca85d4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2306,22 +2306,7 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDH-" \ - "$P_SRV auth_mode=required key_opaque=1\ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDH-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_ALG_ECDSA +requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 @@ -6103,31 +6088,6 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client SHA256, server required" \ "$P_SRV auth_mode=required" \ @@ -6480,33 +6440,6 @@ run_test "Authentication, CA callback: server badcert, client none" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)" \ - -c "! Certificate verification flags" \ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ @@ -7911,14 +7844,6 @@ run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \ 0 \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" - -run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-ECDH-" - run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ From 5802394451911448c020daa791f0b1a07f6f1b66 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 08:20:07 +0100 Subject: [PATCH 09/40] Remove further ECDH testd from ssl-opt.sh Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 401ca85d4c..0b182c93d0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2305,37 +2305,6 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ From fbd806ae95a656f1c474a3435ab17ceffc235491 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 11:41:20 +0100 Subject: [PATCH 10/40] Remove everest ECDH test as it is no longer required Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 38a5d85e7d..c103a6420e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -430,28 +430,6 @@ component_test_everest () { tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } -component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset PSA_WANT_ALG_JPAKE - - # Disable all curves - scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 - - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: Everest ECDH context, only Curve25519" # ~ 50s - make test -} - component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full From a1914ef45371d0491e35cf460bf9e12c7c29f029 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 11:56:04 +0100 Subject: [PATCH 11/40] further removals of ssh tests from ssl-opt Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b182c93d0..29d0b3f53f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2337,24 +2337,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ - key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ - key_opaque_algs2=ecdh,none debug_level=3" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDH-ECDSA" \ - -S "error" \ - -C "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO From 1d651cc8a17d11380c5584cd0dcd6c52264b8cfa Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 14:24:49 +0100 Subject: [PATCH 12/40] Remove additional occurances of static ECDH symbols Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 1 - tests/compat.sh | 15 --------------- 2 files changed, 16 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 17666b2de2..48e77d1026 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -47,7 +47,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ diff --git a/tests/compat.sh b/tests/compat.sh index a11fffda06..2b6f454127 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -359,13 +359,6 @@ add_openssl_ciphersuites() "ECDSA") CIPHERS="$CIPHERS \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_NULL_SHA \ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ @@ -468,14 +461,6 @@ add_mbedtls_ciphersuites() "ECDSA") M_CIPHERS="$M_CIPHERS \ - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \ " From 013f8aee4ef26fea69dfbb25e887ab7504e09abe Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:03:57 +0100 Subject: [PATCH 13/40] Replace MBEDTLS_KEY_EXCHANGE_PSK_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48e77d1026..05cd666ffc 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -185,7 +185,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif From b2f6a69d852a3cb621be9fde4427766e79d4bd0c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:08:00 +0100 Subject: [PATCH 14/40] Replace MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 05cd666ffc..80d5c7efd6 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -210,8 +210,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +/* TLS 1.2 key exchanges using ECDHE*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif From 844a264317b573c88c4658be83ae56e809b641de Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:10:55 +0100 Subject: [PATCH 15/40] Remove stray MBEDTLS_PKCS1_V15 and MBEDTLS_PKCS1_V21 Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c103a6420e..fcca5ffa0a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1469,8 +1469,6 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From 0fe02bb1bfa8c070e518756634ce78716ae9b721 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:20:03 +0100 Subject: [PATCH 16/40] Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is no longer used Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 29d0b3f53f..7976eec6a7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -314,8 +314,6 @@ requires_any_configs_disabled() { TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" From e16798ec67befca59c1858ee07a12087cf850bb7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:25:11 +0100 Subject: [PATCH 17/40] Re-add reference to PSA_WANT_ALG_ECDH as this will be mantained Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7976eec6a7..8633953f90 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -782,6 +782,11 @@ requires_openssl_tls1_3_with_ffdh() { # skip next test if openssl cannot handle ephemeral key exchange requires_openssl_tls1_3_with_compatible_ephemeral() { requires_openssl_next + + if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then + requires_openssl_tls1_3_with_ffdh + fi + } # skip next test if tls1_3 is not available From b191c02f6bf582aa0961f943ff207d49b28dab15 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:28:42 +0100 Subject: [PATCH 18/40] Correct style issues Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8633953f90..4a22686757 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -786,7 +786,6 @@ requires_openssl_tls1_3_with_compatible_ephemeral() { if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then requires_openssl_tls1_3_with_ffdh fi - } # skip next test if tls1_3 is not available From 6f0eb791110b1d929df6002ba2a8a0c7b0ab6dfb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:37:23 +0100 Subject: [PATCH 19/40] Use get_tls_version to determine TLS_VERSION instead of statically assigning it Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4a22686757..2978a0e401 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION="TLS12" + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD"); # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From 59213b66df2286039904f68c43d3318deab4182f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 10:01:06 +0100 Subject: [PATCH 20/40] Re-add everest test, as it was mislabelled Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index fcca5ffa0a..05c480675c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -430,6 +430,29 @@ component_test_everest () { tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } +component_test_everest_curve25519_only () { + msg "build: Everest ECDH context, only Curve25519" # ~ 6 min + scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + + # Disable all curves + scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" + scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + msg "test: Everest ECDH context, only Curve25519" # ~ 50s + make test +} + component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full From 677994af64b1e577c7aba3231efab75cbe95566a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 08:22:04 +0100 Subject: [PATCH 21/40] Change ecdh to ecdhe on everest test Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 05c480675c..b153fc043d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -431,7 +431,7 @@ component_test_everest () { } component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min + msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From a7b3f26864bd413a5de083778f9be4c5f37d6b40 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 09:31:17 +0100 Subject: [PATCH 22/40] reverted change to MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED, as it appears it could be causing issues Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 80d5c7efd6..cc9f8d819d 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -185,7 +185,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif From 7b14d8228e0103d42cb91567d1ad5b4f4b552607 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 10:45:00 +0100 Subject: [PATCH 23/40] Reverting TLS_VERSION derivation improvement, as it appear to be causing issues Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2978a0e401..4a22686757 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD"); + TLS_VERSION="TLS12" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From c8823a262d4985757f03e2b4cc7eca4ac7932bb3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 14:17:19 +0100 Subject: [PATCH 24/40] Remove MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED as it appears to be causing issues Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index cc9f8d819d..48e77d1026 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -210,8 +210,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) +/* TLS 1.2 key exchanges using ECDH or ECDHE*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif From 4766a23f9cf4fbd1f87ac6cc7cd403fd0e252ea5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 08:26:07 +0100 Subject: [PATCH 25/40] change MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED to MBEDTLS_KEY_EXCHANGE_PSK_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48e77d1026..d3519f1969 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -198,7 +198,7 @@ typedef enum { #endif /* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif From f57293654e7ab62960400dc425441d3faef0a1a4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 13:10:52 +0100 Subject: [PATCH 26/40] Revert change to Everest test message back to ECDH Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index b153fc043d..05c480675c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -431,7 +431,7 @@ component_test_everest () { } component_test_everest_curve25519_only () { - msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min + msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From 837167404876a715b659c34ceed82cdea9dd57dc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 3 Sep 2025 08:16:52 +0100 Subject: [PATCH 27/40] re-add TLS_VERSION derivation Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4a22686757..1a30d0e2af 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION="TLS12" + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From 120bd868b6d85254eec5eeadd989deb19645497a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 3 Sep 2025 15:33:46 +0100 Subject: [PATCH 28/40] add filter to component_full_without_ecdhe_ecdsa Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index b74b30477c..28f4f79515 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -235,6 +235,7 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { # - test only TLS (i.e. test_suite_tls and ssl-opt) build_full_minus_something_and_test_tls () { symbols_to_disable="$1" + filter="${2-.}" msg "build: full minus something, test TLS" @@ -250,11 +251,12 @@ build_full_minus_something_and_test_tls () { ( cd tests; ./test_suite_ssl ) msg "ssl-opt: full minus something, test TLS" - tests/ssl-opt.sh + tests/ssl-opt.sh -f "$filter" } +#TODO raise a issue to explain this. component_full_without_ecdhe_ecdsa () { - build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" + build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3' } component_full_without_ecdhe_ecdsa_and_tls13 () { From 1a4f4b32a4059b5e0dc7c33a7d2a3999402c3b3b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 10:13:09 +0100 Subject: [PATCH 29/40] Add filter to test_tls13_only_ephemeral_ffdh to remove ffdh tests Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 28f4f79515..abee9f61b0 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -483,7 +483,7 @@ component_test_tls13_only_ephemeral_ffdh () { cd tests; ./test_suite_ssl; cd .. msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode" - tests/ssl-opt.sh + tests/ssl-opt.sh -f "ffdh" } component_test_tls13_only_psk_ephemeral () { From a47fd0faf4b9fa78afc4c63358498b7440a694c3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 10:34:24 +0100 Subject: [PATCH 30/40] Add bug link to test modifications Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index abee9f61b0..e9f2666d3f 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -254,7 +254,7 @@ build_full_minus_something_and_test_tls () { tests/ssl-opt.sh -f "$filter" } -#TODO raise a issue to explain this. +#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. component_full_without_ecdhe_ecdsa () { build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3' } @@ -466,6 +466,7 @@ component_test_tls13_only_ephemeral () { tests/ssl-opt.sh } +#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. component_test_tls13_only_ephemeral_ffdh () { msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED From 9e360b8f33410343d1d54d92197119ea7c2ad13d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 5 Sep 2025 09:09:28 +0100 Subject: [PATCH 31/40] Remove MBEDTLS_RSA_C from depends.py Signed-off-by: Ben Taylor --- tests/scripts/depends.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 34ecf4cdbc..ad78c26e1c 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -310,8 +310,7 @@ REVERSE_DEPENDENCIES = { 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_RSA_C'], + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', From 5cdbe308043883679b88b844a071e36c4f95f094 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 8 Sep 2025 13:12:43 +0100 Subject: [PATCH 32/40] replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED After the ECDH keyexchange removal the two became synonyms so the former can be removed. Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 7 +------ library/ssl_ciphersuites_internal.h | 4 ++-- library/ssl_tls12_server.c | 8 ++++---- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index d3519f1969..dfd369416b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -184,11 +184,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif -/* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED -#endif - /* Key exchanges that involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ @@ -198,7 +193,7 @@ typedef enum { #endif /* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 2e9f077571..524e419f47 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -41,7 +41,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_ } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { @@ -52,7 +52,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t return 0; } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 755b837bca..1f498e0109 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2902,14 +2902,14 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t signature_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { @@ -2919,7 +2919,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) From df3e595536080189989bad945cf3787cdc57a63c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:30:12 +0100 Subject: [PATCH 33/40] Re-instate test for correctness of sent single supported algorithm Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a30d0e2af..22377b8d04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2565,6 +2565,30 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" +# Test for correctness of sent single supported algorithm +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" +requires_hash_alg SHA_256 +run_test "Single supported algorithm sending: mbedtls client" \ + "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ + "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ + 0 \ + -c "Supported Signature Algorithm found: 04 03" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 +requires_hash_alg SHA_256 +run_test "Single supported algorithm sending: openssl client" \ + "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ + "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ + -key $DATA_FILES_PATH/server6.key" \ + 0 + # Tests for certificate verification callback run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ From 337161eb41f9b4829450921f3db559cd378c16f9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:39:41 +0100 Subject: [PATCH 34/40] Remove comment referencing ECDH Signed-off-by: Ben Taylor --- library/ssl_tls12_server.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 1f498e0109..256f1b1583 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2910,8 +2910,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - /* Extract static ECDH parameters and abort if ServerKeyExchange - * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ From 59474406a6c5bc53293dc8a727ef68e3b40fa0bf Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:47:12 +0100 Subject: [PATCH 35/40] Re-instate MBEDTLS_PKCS1_V15 unset Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 05c480675c..f0c217ba4f 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1492,6 +1492,7 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies + scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From 2f3523313bdcb5f4ff9202e5115de277546fd4b9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 09:08:50 +0100 Subject: [PATCH 36/40] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/static-ecdh-removal.txt diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt new file mode 100644 index 0000000000..d73add317f --- /dev/null +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for static ECDH suites. From 26cdf6ee2b0ac1595034ae510bfd290564302c0e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 07:52:53 +0100 Subject: [PATCH 37/40] Re-adding tests for ECDH Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 22377b8d04..2b10cde5a1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2357,6 +2357,52 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -S "error" \ -C "error" +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: ECDH-" \ + "$P_SRV auth_mode=required key_opaque=1\ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ + "$P_CLI force_version=tls12" \ + 0 \ + -c "Verifying peer X.509 certificate... ok" \ + -c "Ciphersuite is TLS-ECDH-" \ + -s "key types: Opaque, none" \ + -s "Ciphersuite is TLS-ECDH-" \ + -S "error" \ + -C "error" + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled PSA_WANT_ALG_ECDSA +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ + debug_level=1" \ + "$P_CLI force_version=tls12" \ + 1 \ + -s "key types: Opaque, none" \ + -s "error" \ + -c "error" \ + -c "Public key type mismatch" + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ + debug_level=1" \ + "$P_CLI force_version=tls12" \ + 1 \ + -s "key types: Opaque, none" \ + -s "got ciphersuites in common, but none of them usable" \ + -s "error" \ + -c "error" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C From 485d4c1343bae888e39dde8068be2d0ba593262d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 13:14:10 +0100 Subject: [PATCH 38/40] reverting last commit as the tests cause failures Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2b10cde5a1..22377b8d04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2357,52 +2357,6 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDH-" \ - "$P_SRV auth_mode=required key_opaque=1\ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDH-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_ALG_ECDSA -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C From 486ec6e9b62a39dec39ccc2ab643e5df5a523fab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 13:21:52 +0100 Subject: [PATCH 39/40] Improved the text in the Changelog Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt index d73add317f..b67ee288d7 100644 --- a/ChangeLog.d/static-ecdh-removal.txt +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -1,2 +1,3 @@ Removals - * Remove support for static ECDH suites. + * Removed support for TLS 1.2 static ECDH key + exchanges (ECDH-ECDSA and ECDH-RSA). From c1e76e04fed2ff722ae162228ba0537a0aa16498 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 12 Sep 2025 08:33:38 +0100 Subject: [PATCH 40/40] correct whitespace style issue Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt index b67ee288d7..94512a21f9 100644 --- a/ChangeLog.d/static-ecdh-removal.txt +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -1,3 +1,3 @@ Removals - * Removed support for TLS 1.2 static ECDH key + * Removed support for TLS 1.2 static ECDH key exchanges (ECDH-ECDSA and ECDH-RSA).