diff --git a/ChangeLog b/ChangeLog index ddaf3fd9f..565ce1c78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,8 +32,6 @@ API changes * Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO). * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3). - * Drop support for compatibility with our own previous buggy - implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT). * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT). * Drop support for RC4 TLS ciphersuites. * Drop support for single-DES ciphersuites. diff --git a/ChangeLog.d/rm-truncated-hmac-ext.txt b/ChangeLog.d/rm-truncated-hmac-ext.txt new file mode 100644 index 000000000..373925695 --- /dev/null +++ b/ChangeLog.d/rm-truncated-hmac-ext.txt @@ -0,0 +1,5 @@ +Removals + * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove + MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by + using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC. + See issue #4341 for more details. diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index d0ba43d0f..d76cc1742 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -137,17 +137,16 @@ and relied on that version in order to communicate with peers that are not up to date. If one of your peers is in that case, please try contacting them and encouraging them to upgrade their software. -Remove support for compatibility with old Mbed TLS's truncated HMAC -------------------------------------------------------------------- +Remove support for truncated HMAC +--------------------------------- -This doesn't affect people using the default configuration as it was already -disabled by default. +This affects users of truncated HMAC, that is, users who called +`mbedtls_ssl_conf_truncated_hmac( ..., MBEDTLS_SSL_TRUNC_HMAC_ENABLED)`, +regardless of whether the standard version was used or compatibility version +(`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). -This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and -used the Truncated HMAC extension to communicate with peers using old version -of Mbed TLS. Please consider using a CCM-8 ciphersuite instead of the -Truncated HMAC extension, or convincing your peer to upgrade their version of -Mbed TLS. +The recommended migration path for people who want minimal overhead is to use a +CCM-8 ciphersuite. Remove support for TLS record-level compression ----------------------------------------------- diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 85f7efde2..36959ed63 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -829,6 +829,10 @@ #error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335" #endif +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names +#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 16f93f9ab..1a9c9241d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1617,15 +1617,6 @@ */ #define MBEDTLS_SSL_SERVER_NAME_INDICATION -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - /** * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 603615b3c..1a963c5c9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -958,10 +958,6 @@ struct mbedtls_ssl_session unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */ -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ #endif @@ -1182,9 +1178,6 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_RENEGOTIATION) unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */ #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */ -#endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */ #endif @@ -3330,18 +3323,6 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ); #endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -/** - * \brief Activate negotiation of truncated HMAC - * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED) - * - * \param conf SSL configuration - * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or - * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) - */ -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) /** * \brief Enable / Disable session tickets (client only). diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9a441385d..30e64c484 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -559,36 +559,6 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ - unsigned char *p = buf; - - *olen = 0; - - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - return( 0 ); - - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding truncated_hmac extension" ) ); - - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -1304,16 +1274,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret ); - return( ret ); - } - ext_len += olen; -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) @@ -1479,31 +1439,6 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching truncated HMAC extension" ) ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); - } - - ((void) buf); - - ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -2346,19 +2281,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) ); - - if( ( ret = ssl_parse_truncated_hmac_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } - - break; -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) case MBEDTLS_TLS_EXT_CID: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 29569d176..47151298d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -543,28 +543,6 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - - ((void) buf); - - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) - ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1703,16 +1681,6 @@ read_record_header: break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); - - ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) case MBEDTLS_TLS_EXT_CID: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); @@ -1721,7 +1689,7 @@ read_record_header: if( ret != 0 ) return( ret ); break; -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: @@ -1967,31 +1935,6 @@ have_ciphersuite: return( 0 ); } -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ - unsigned char *p = buf; - - if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -2654,11 +2597,6 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; -#endif - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2961637a8..1bfbc8402 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -672,9 +672,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - int trunc_hmac, -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], @@ -845,18 +842,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, mac_key_len = mbedtls_md_get_size( md_info ); transform->maclen = mac_key_len; -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - /* - * If HMAC is to be truncated, we shall keep the leftmost bytes, - * (rfc 6066 page 13 or rfc 2104 section 4), - * so we only need to adjust the length here. - */ - if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) - { - transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; - } -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - /* IV length */ transform->ivlen = cipher_info->iv_size; @@ -1368,9 +1353,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl->session_negotiate->encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session_negotiate->trunc_hmac, -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl->handshake->tls_prf, ssl->handshake->randbytes, @@ -4141,13 +4123,6 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) -{ - conf->trunc_hmac = truncate; -} -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) { conf->allow_legacy_renegotiation = allow_legacy; @@ -4536,11 +4511,7 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, #define SSL_SERIALIZED_SESSION_CONFIG_MFL 0 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 1 -#else #define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 0 -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #define SSL_SERIALIZED_SESSION_CONFIG_ETM 1 @@ -4783,13 +4754,6 @@ static int ssl_session_save( const mbedtls_ssl_session *session, *p++ = session->mfl_code; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - used += 1; - - if( used <= buf_len ) - *p++ = (unsigned char)( ( session->trunc_hmac ) & 0xFF ); -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) used += 1; @@ -5025,13 +4989,6 @@ static int ssl_session_load( mbedtls_ssl_session *session, session->mfl_code = *p++; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - session->trunc_hmac = *p++; -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( 1 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -5848,9 +5805,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl->session->encrypt_then_mac, #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session->trunc_hmac, -#endif #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls12prf_from_cs( ssl->session->ciphersuite ), p, /* currently pointing to randbytes */ diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index cbd9483f8..ab2d13494 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -102,9 +102,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { { mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); } -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -#endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); #endif diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index c35b42523..e6eb5a71d 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -128,9 +128,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { &ticket_ctx ); } #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -#endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); #endif diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 322cef8b4..dad65e3f4 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -235,13 +235,6 @@ int main( void ) #define USAGE_SRTP "" #endif /* MBEDTLS_SSL_EXPORT_KEYS */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -#define USAGE_TRUNC_HMAC \ - " trunc_hmac=%%d default: library default\n" -#else -#define USAGE_TRUNC_HMAC "" -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #define USAGE_MAX_FRAG_LEN \ " max_frag_len=%%d default: 16384 (tls default)\n" \ @@ -394,7 +387,6 @@ int main( void ) USAGE_TICKETS \ USAGE_EAP_TLS \ USAGE_MAX_FRAG_LEN \ - USAGE_TRUNC_HMAC \ USAGE_CONTEXT_CRT_CB \ USAGE_ALPN \ USAGE_EMS \ @@ -1721,11 +1713,6 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( opt.trunc_hmac != DFL_TRUNC_HMAC ) - mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); -#endif - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms ); diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 1c506b729..b04d4b538 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -862,7 +862,6 @@ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len ) print_if_bit( "MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag ); - print_if_bit( "MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag ); print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 51125bdb6..0e242a5a3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -334,13 +334,6 @@ int main( void ) #define USAGE_MAX_FRAG_LEN "" #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -#define USAGE_TRUNC_HMAC \ - " trunc_hmac=%%d default: library default\n" -#else -#define USAGE_TRUNC_HMAC "" -#endif - #if defined(MBEDTLS_SSL_ALPN) #define USAGE_ALPN \ " alpn=%%s default: \"\" (disabled)\n" \ @@ -487,7 +480,6 @@ int main( void ) USAGE_NSS_KEYLOG_FILE \ USAGE_CACHE \ USAGE_MAX_FRAG_LEN \ - USAGE_TRUNC_HMAC \ USAGE_ALPN \ USAGE_EMS \ USAGE_ETM \ @@ -2510,11 +2502,6 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( opt.trunc_hmac != DFL_TRUNC_HMAC ) - mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); -#endif - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms ); diff --git a/tests/context-info.sh b/tests/context-info.sh index e02d33084..88dfcaa5e 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -210,7 +210,6 @@ run_test "Default configuration, server" \ -u "MBEDTLS_HAVE_TIME$" \ -u "MBEDTLS_X509_CRT_PARSE_C$" \ -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -u "MBEDTLS_SSL_SESSION_TICKETS$" \ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ @@ -233,7 +232,6 @@ run_test "Default configuration, client" \ -u "MBEDTLS_HAVE_TIME$" \ -u "MBEDTLS_X509_CRT_PARSE_C$" \ -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -u "MBEDTLS_SSL_SESSION_TICKETS$" \ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ @@ -339,7 +337,6 @@ run_test "Minimal configuration, server" \ "srv_min_cfg.txt" \ -n "ERROR" \ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -n "MBEDTLS_SSL_SESSION_TICKETS$" \ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ @@ -350,7 +347,6 @@ run_test "Minimal configuration, client" \ "cli_min_cfg.txt" \ -n "ERROR" \ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ -n "MBEDTLS_SSL_SESSION_TICKETS$" \ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d1221112a..89eece6f6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1464,102 +1464,6 @@ run_test "DTLS: multiple records in same datagram, neither client nor server" -S "next record in same datagram" \ -C "next record in same datagram" -# Tests for Truncated HMAC extension - -run_test "Truncated HMAC: client default, server default" \ - "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client disabled, server default" \ - "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client enabled, server default" \ - "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client enabled, server disabled" \ - "$P_SRV debug_level=4 trunc_hmac=0" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client disabled, server enabled" \ - "$P_SRV debug_level=4 trunc_hmac=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC: client enabled, server enabled" \ - "$P_SRV debug_level=4 trunc_hmac=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -S "dumping 'expected mac' (20 bytes)" \ - -s "dumping 'expected mac' (10 bytes)" - -run_test "Truncated HMAC, DTLS: client default, server default" \ - "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client disabled, server default" \ - "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client enabled, server default" \ - "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ - "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ - "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ - 0 \ - -s "dumping 'expected mac' (20 bytes)" \ - -S "dumping 'expected mac' (10 bytes)" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ - "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ - 0 \ - -S "dumping 'expected mac' (20 bytes)" \ - -s "dumping 'expected mac' (10 bytes)" - # Tests for Context serialization requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION @@ -5660,22 +5564,6 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -s "Read from client: 1 bytes read" - run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ @@ -5708,24 +5596,6 @@ run_test "Small client packet DTLS 1.2, without EtM" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet DTLS 1.2, truncated hmac" \ - "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ - "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ - 0 \ - -s "Read from client: 1 bytes read" - # Tests for small server packets run_test "Small server packet TLS 1.2 BlockCipher" \ @@ -5749,22 +5619,6 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV response_size=1 trunc_hmac=1" \ - "$P_CLI force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV response_size=1 trunc_hmac=1" \ - "$P_CLI force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -c "Read from server: 1 bytes read" - run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1" \ "$P_CLI force_version=tls1_2 \ @@ -5797,24 +5651,6 @@ run_test "Small server packet DTLS 1.2, without EtM" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet DTLS 1.2, truncated hmac" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ - 0 \ - -c "Read from server: 1 bytes read" - # Test for large client packets # How many fragments do we expect to write $1 bytes? @@ -5845,23 +5681,6 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ - 0 \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV trunc_hmac=1" \ - "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ @@ -5900,15 +5719,6 @@ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -c "Read from server: 16384 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ - "$P_SRV response_size=16384" \ - "$P_CLI force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ - 0 \ - -c "Read from server: 16384 bytes read" - run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV response_size=16384 trunc_hmac=1" \ "$P_CLI force_version=tls1_2 \ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d4aad60f8..d5123fac1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1508,9 +1508,6 @@ static int ssl_populate_session( mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) session->mfl_code = 1; #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - session->trunc_hmac = 1; -#endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) session->encrypt_then_mac = 1; #endif @@ -4082,10 +4079,6 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file ) TEST_ASSERT( original.mfl_code == restored.mfl_code ); #endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac ); -#endif - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac ); #endif