lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr

Browse Source 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit is contained in:
Minos Galanakis
2025-03-18 16:28:26 +00:00
parent f985bee481 739ad37249
commit 7a95d16a31
16 changed files with 592 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ChangeLog.d/mbedtls_ssl_set_hostname.txt Normal file
View File

@ -0,0 +1,18 @@
Default behavior changes
* In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
mbedtls_ssl_handshake() now fails with
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
if certificate-based authentication of the server is attempted.
This is because authenticating a server without knowing what name
to expect is usually insecure. To restore the old behavior, either
call mbedtls_ssl_set_hostname() with NULL as the hostname, or
enable the new compile-time option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
Security
* Note that TLS clients should generally call mbedtls_ssl_set_hostname()
if they use certificate authentication (i.e. not pre-shared keys).
Otherwise, in many scenarios, the server could be impersonated.
The library will now prevent the handshake and return
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
if mbedtls_ssl_set_hostname() has not been called.

4
ChangeLog.d/psa-zeroize.txt Normal file
View File

@ -0,0 +1,4 @@
Security
* Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
when deriving an ECC key pair.
* Zeroize temporary heap buffers used in PSA operations.

6
ChangeLog.d/tls12-check-finished-calc.txt Normal file
View File

@ -0,0 +1,6 @@
Security
* Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
or there was a cryptographic hardware failure when calculating the
Finished message, it could be calculated incorrectly. This would break
the security guarantees of the TLS handshake.
CVE-2025-27810

2
include/mbedtls/error.h
View File

@ -81,7 +81,7 @@
* MD 5 5 * MD 5 5
* HKDF 5 1 (Started from top) * HKDF 5 1 (Started from top)
* PKCS7 5 12 (Started from 0x5300) * PKCS7 5 12 (Started from 0x5300)
* SSL 5 2 (Started from 0x5F00) * SSL 5 3 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080) * CIPHER 6 8 (Started from 0x6080)
* SSL 6 22 (Started from top, plus 0x6000) * SSL 6 22 (Started from top, plus 0x6000)
* SSL 7 20 (Started from 0x7000, gaps at * SSL 7 20 (Started from 0x7000, gaps at

40
include/mbedtls/mbedtls_config.h
View File

@ -1622,6 +1622,46 @@
*/ */
//#define MBEDTLS_SSL_ASYNC_PRIVATE //#define MBEDTLS_SSL_ASYNC_PRIVATE
/** \def MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
*
* In TLS clients, when a client authenticates a server through its
* certificate, the client normally checks three things:
* - the certificate chain must be valid;
* - the chain must start from a trusted CA;
* - the certificate must cover the server name that is expected by the client.
*
* Omitting any of these checks is generally insecure, and can allow a
* malicious server to impersonate a legitimate server.
*
* The third check may be safely skipped in some unusual scenarios,
* such as networks where eavesdropping is a risk but not active attacks,
* or a private PKI where the client equally trusts all servers that are
* accredited by the root CA.
*
* You should call mbedtls_ssl_set_hostname() with the expected server name
* before starting a TLS handshake on a client (unless the client is
* set up to only use PSK-based authentication, which does not rely on the
* host name). This configuration option controls what happens if a TLS client
* is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED
* (default), certificate authentication is enabled and the client does not
* call mbedtls_ssl_set_hostname():
*
* - If this option is unset (default), the connection attempt is aborted
* with the error #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
* - If this option is set, the TLS library does not check the server name
* that the certificate is valid for. This is the historical behavior
* of Mbed TLS, but may be insecure as explained above.
*
* Enable this option for strict backward compatibility if you have
* determined that it is secure in the scenario where you are using
* Mbed TLS.
*
* \deprecated This option exists only for backward compatibility and will
* be removed in the next major version of Mbed TLS.
*
*/
//#define MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
/** /**
* \def MBEDTLS_SSL_CONTEXT_SERIALIZATION * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
* *

102
include/mbedtls/ssl.h
View File

@ -166,6 +166,42 @@
#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
/** Invalid value in SSL config */ /** Invalid value in SSL config */
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
/* Error space gap */
/** Attempt to verify a certificate without an expected hostname.
* This is usually insecure.
*
* In TLS clients, when a client authenticates a server through its
* certificate, the client normally checks three things:
* - the certificate chain must be valid;
* - the chain must start from a trusted CA;
* - the certificate must cover the server name that is expected by the client.
*
* Omitting any of these checks is generally insecure, and can allow a
* malicious server to impersonate a legitimate server.
*
* The third check may be safely skipped in some unusual scenarios,
* such as networks where eavesdropping is a risk but not active attacks,
* or a private PKI where the client equally trusts all servers that are
* accredited by the root CA.
*
* You should call mbedtls_ssl_set_hostname() with the expected server name
* before starting a TLS handshake on a client (unless the client is
* set up to only use PSK-based authentication, which does not rely on the
* host name). If you have determined that server name verification is not
* required for security in your scenario, call mbedtls_ssl_set_hostname()
* with \p NULL as the server name.
*
* This error is raised if all of the following conditions are met:
*
* - A TLS client is configured with the authentication mode
* #MBEDTLS_SSL_VERIFY_REQUIRED (default).
* - Certificate authentication is enabled.
* - The client does not call mbedtls_ssl_set_hostname().
* - The configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is not enabled.
*/
#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80
/* /*
* Constants from RFC 8446 for TLS 1.3 PSK modes * Constants from RFC 8446 for TLS 1.3 PSK modes
@ -1893,8 +1929,35 @@ struct mbedtls_ssl_context {
* User settings * User settings
*/ */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification /** Expected peer CN for verification.
(and SNI if available) */ *
* Also used on clients for SNI,
* and for TLS 1.3 session resumption using tickets.
*
* The value of this field can be:
* - \p NULL in a newly initialized or reset context.
* - A heap-allocated copy of the last value passed to
* mbedtls_ssl_set_hostname(), if the last call had a non-null
* \p hostname argument.
* - A special value to indicate that mbedtls_ssl_set_hostname()
* was called with \p NULL (as opposed to never having been called).
* See `mbedtls_ssl_get_hostname_pointer()` in `ssl_tls.c`.
*
* If this field contains the value \p NULL and the configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is unset, on a TLS client, attempting to verify a server certificate
* results in the error
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
*
* If this field contains the special value described above, or if
* the value is \p NULL and the configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is set, then the peer name verification is skipped, which may be
* insecure, especially on a client. Furthermore, on a client, the
* server_name extension is not sent, and the server name is ignored
* in TLS 1.3 session resumption using tickets.
*/
char *MBEDTLS_PRIVATE(hostname);
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
@ -2002,6 +2065,14 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
* Calling mbedtls_ssl_setup again is not supported, even * Calling mbedtls_ssl_setup again is not supported, even
* if no session is active. * if no session is active.
* *
* \warning After setting up a client context, if certificate-based
* authentication is enabled, you should call
* mbedtls_ssl_set_hostname() to specifiy the expected
* name of the server. Without this, in most scenarios,
* the TLS connection is insecure. See
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* for more information.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling * subsystem must have been initialized by calling
* psa_crypto_init() before calling this function. * psa_crypto_init() before calling this function.
@ -3976,16 +4047,29 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** /**
* \brief Set or reset the hostname to check against the received * \brief Set or reset the hostname to check against the received
* server certificate. It sets the ServerName TLS extension, * peer certificate. On a client, this also sets the
* too, if that extension is enabled. (client-side only) * ServerName TLS extension, if that extension is enabled.
* On a TLS 1.3 client, this also sets the server name in
* the session resumption ticket, if that feature is enabled.
* *
* \param ssl SSL context * \param ssl SSL context
* \param hostname the server hostname, may be NULL to clear hostname * \param hostname The server hostname. This may be \c NULL to clear
* the hostname.
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
* *
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN.
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on *
* \note If the hostname is \c NULL on a client, then the server
* is not authenticated: it only needs to have a valid
* certificate, not a certificate matching its name.
* Therefore you should always call this function on a client,
* unless the connection is set up to only allow
* pre-shared keys, or in scenarios where server
* impersonation is not a concern. See the documentation of
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* for more details.
*
* \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
* allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname. * too long input hostname.
* *
* Hostname set to the one provided on success (cleared * Hostname set to the one provided on success (cleared

12
library/psa_crypto.c
View File

@ -6316,7 +6316,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t m; size_t m;
size_t m_bytes; size_t m_bytes = 0;
mbedtls_mpi_init(&k); mbedtls_mpi_init(&k);
mbedtls_mpi_init(&diff_N_2); mbedtls_mpi_init(&diff_N_2);
@ -6389,7 +6389,7 @@ cleanup:
status = mbedtls_to_psa_error(ret); status = mbedtls_to_psa_error(ret);
} }
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
mbedtls_free(*data); mbedtls_zeroize_and_free(*data, m_bytes);
*data = NULL; *data = NULL;
} }
mbedtls_mpi_free(&k); mbedtls_mpi_free(&k);
@ -6564,7 +6564,7 @@ static psa_status_t psa_generate_derived_key_internal(
} }
exit: exit:
mbedtls_free(data); mbedtls_zeroize_and_free(data, bytes);
return status; return status;
} }
@ -9313,7 +9313,7 @@ psa_status_t psa_crypto_local_input_alloc(const uint8_t *input, size_t input_len
return PSA_SUCCESS; return PSA_SUCCESS;
error: error:
mbedtls_free(local_input->buffer); mbedtls_zeroize_and_free(local_input->buffer, local_input->length);
local_input->buffer = NULL; local_input->buffer = NULL;
local_input->length = 0; local_input->length = 0;
return status; return status;
@ -9321,7 +9321,7 @@ error:
void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input) void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input)
{ {
mbedtls_free(local_input->buffer); mbedtls_zeroize_and_free(local_input->buffer, local_input->length);
local_input->buffer = NULL; local_input->buffer = NULL;
local_input->length = 0; local_input->length = 0;
} }
@ -9365,7 +9365,7 @@ psa_status_t psa_crypto_local_output_free(psa_crypto_local_output_t *local_outpu
return status; return status;
} }
mbedtls_free(local_output->buffer); mbedtls_zeroize_and_free(local_output->buffer, local_output->length);
local_output->buffer = NULL; local_output->buffer = NULL;
local_output->length = 0; local_output->length = 0;

18
library/ssl_client.c
View File

@ -29,19 +29,20 @@ static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
size_t *olen) size_t *olen)
{ {
unsigned char *p = buf; unsigned char *p = buf;
const char *hostname = mbedtls_ssl_get_hostname_pointer(ssl);
size_t hostname_len; size_t hostname_len;
*olen = 0; *olen = 0;
if (ssl->hostname == NULL) { if (hostname == NULL) {
return 0; return 0;
} }
MBEDTLS_SSL_DEBUG_MSG(3, MBEDTLS_SSL_DEBUG_MSG(3,
("client hello, adding server name extension: %s", ("client hello, adding server name extension: %s",
ssl->hostname)); hostname));
hostname_len = strlen(ssl->hostname); hostname_len = strlen(hostname);
MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9); MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9);
@ -85,7 +86,7 @@ static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
p += 2; p += 2;
memcpy(p, ssl->hostname, hostname_len); memcpy(p, hostname, hostname_len);
*olen = hostname_len + 9; *olen = hostname_len + 9;
@ -881,13 +882,14 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
const char *context_hostname = mbedtls_ssl_get_hostname_pointer(ssl);
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
ssl->handshake->resume) { ssl->handshake->resume) {
int hostname_mismatch = ssl->hostname != NULL || int hostname_mismatch = context_hostname != NULL ||
session_negotiate->hostname != NULL; session_negotiate->hostname != NULL;
if (ssl->hostname != NULL && session_negotiate->hostname != NULL) { if (context_hostname != NULL && session_negotiate->hostname != NULL) {
hostname_mismatch = strcmp( hostname_mismatch = strcmp(
ssl->hostname, session_negotiate->hostname) != 0; context_hostname, session_negotiate->hostname) != 0;
} }
if (hostname_mismatch) { if (hostname_mismatch) {
@ -898,7 +900,7 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
} }
} else { } else {
return mbedtls_ssl_session_set_hostname(session_negotiate, return mbedtls_ssl_session_set_hostname(session_negotiate,
ssl->hostname); context_hostname);
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && #endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SESSION_TICKETS &&

12
library/ssl_misc.h
View File

@ -2900,6 +2900,18 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
unsigned char *buf, unsigned char *end); unsigned char *buf, unsigned char *end);
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Get the host name from the SSL context.
*
* \param[in] ssl SSL context
*
* \return The \p hostname pointer from the SSL context.
* \c NULL if mbedtls_ssl_set_hostname() has never been called on
* \p ssl or if it was last called with \p NULL.
*/
const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl);
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \

101
library/ssl_tls.c
View File

@ -2769,6 +2769,51 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/* A magic value for `ssl->hostname` indicating that
* mbedtls_ssl_set_hostname() has been called with `NULL`.
* If mbedtls_ssl_set_hostname() has never been called on `ssl`, then
* `ssl->hostname == NULL`. */
static const char *const ssl_hostname_skip_cn_verification = "";
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/** Whether mbedtls_ssl_set_hostname() has been called.
*
* \param[in] ssl SSL context
*
* \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl
* (including `mbedtls_ssl_set_hostname(ssl, NULL)`),
* otherwise \c 0.
*/
static int mbedtls_ssl_has_set_hostname_been_called(
const mbedtls_ssl_context *ssl)
{
return ssl->hostname != NULL;
}
#endif
/* Micro-optimization: don't export this function if it isn't needed outside
* of this source file. */
#if !defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
static
#endif
const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl)
{
if (ssl->hostname == ssl_hostname_skip_cn_verification) {
return NULL;
}
return ssl->hostname;
}
static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl)
{
if (ssl->hostname != NULL &&
ssl->hostname != ssl_hostname_skip_cn_verification) {
mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
}
ssl->hostname = NULL;
}
int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
{ {
/* Initialize to suppress unnecessary compiler warning */ /* Initialize to suppress unnecessary compiler warning */
@ -2786,18 +2831,21 @@ int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
/* Now it's clear that we will overwrite the old hostname, /* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */ * so we can free it safely */
mbedtls_ssl_free_hostname(ssl);
if (ssl->hostname != NULL) {
mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
}
/* Passing NULL as hostname shall clear the old one */
if (hostname == NULL) { if (hostname == NULL) {
ssl->hostname = NULL; /* Passing NULL as hostname clears the old one, but leaves a
* special marker to indicate that mbedtls_ssl_set_hostname()
* has been called. */
/* ssl->hostname should be const, but isn't. We won't actually
* write to the buffer, so it's ok to cast away the const. */
ssl->hostname = (char *) ssl_hostname_skip_cn_verification;
} else { } else {
ssl->hostname = mbedtls_calloc(1, hostname_len + 1); ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
if (ssl->hostname == NULL) { if (ssl->hostname == NULL) {
/* mbedtls_ssl_set_hostname() has been called, but unsuccessfully.
* Leave ssl->hostname in the same state as if the function had
* not been called, i.e. a null pointer. */
return MBEDTLS_ERR_SSL_ALLOC_FAILED; return MBEDTLS_ERR_SSL_ALLOC_FAILED;
} }
@ -5583,9 +5631,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl)
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if (ssl->hostname != NULL) { mbedtls_ssl_free_hostname(ssl);
mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
}
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
@ -8323,6 +8369,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
return ret;
} }
/* /*
@ -8436,6 +8483,7 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
return ret;
} }
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
@ -9796,6 +9844,27 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
return ret; return ret;
} }
static int get_hostname_for_verification(mbedtls_ssl_context *ssl,
const char **hostname)
{
if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname"));
#if !defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT &&
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME;
}
#endif
}
*hostname = mbedtls_ssl_get_hostname_pointer(ssl);
if (*hostname == NULL) {
MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification"));
}
return 0;
}
int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
int authmode, int authmode,
mbedtls_x509_crt *chain, mbedtls_x509_crt *chain,
@ -9821,7 +9890,13 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
p_vrfy = ssl->conf->p_vrfy; p_vrfy = ssl->conf->p_vrfy;
} }
int ret = 0; const char *hostname = "";
int ret = get_hostname_for_verification(ssl, &hostname);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret);
return ret;
}
int have_ca_chain_or_callback = 0; int have_ca_chain_or_callback = 0;
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
if (ssl->conf->f_ca_cb != NULL) { if (ssl->conf->f_ca_cb != NULL) {
@ -9834,7 +9909,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
ssl->conf->f_ca_cb, ssl->conf->f_ca_cb,
ssl->conf->p_ca_cb, ssl->conf->p_ca_cb,
ssl->conf->cert_profile, ssl->conf->cert_profile,
ssl->hostname, hostname,
&ssl->session_negotiate->verify_result, &ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy); f_vrfy, p_vrfy);
} else } else
@ -9861,7 +9936,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
chain, chain,
ca_chain, ca_crl, ca_chain, ca_crl,
ssl->conf->cert_profile, ssl->conf->cert_profile,
ssl->hostname, hostname,
&ssl->session_negotiate->verify_result, &ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy, rs_ctx); f_vrfy, p_vrfy, rs_ctx);
} }

39
programs/ssl/ssl_client2.c
View File

@ -68,6 +68,7 @@ int main(void)
#define DFL_MAX_VERSION -1 #define DFL_MAX_VERSION -1
#define DFL_SHA1 -1 #define DFL_SHA1 -1
#define DFL_AUTH_MODE -1 #define DFL_AUTH_MODE -1
#define DFL_SET_HOSTNAME 1
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1 #define DFL_TRUNC_HMAC -1
#define DFL_RECSPLIT -1 #define DFL_RECSPLIT -1
@ -407,6 +408,9 @@ int main(void)
#define USAGE2 \ #define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \ " auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
" set_hostname=%%s call mbedtls_ssl_set_hostname()?" \
" options: no, server_name, NULL\n" \
" default: server_name (but ignored if certs disabled)\n" \
USAGE_IO \ USAGE_IO \
USAGE_KEY_OPAQUE \ USAGE_KEY_OPAQUE \
USAGE_CA_CALLBACK \ USAGE_CA_CALLBACK \
@ -509,6 +513,8 @@ struct options {
int max_version; /* maximum protocol version accepted */ int max_version; /* maximum protocol version accepted */
int allow_sha1; /* flag for SHA-1 support */ int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */ int auth_mode; /* verify mode for connection */
int set_hostname; /* call mbedtls_ssl_set_hostname()? */
/* 0=no, 1=yes, -1=NULL */
unsigned char mfl_code; /* code for maximum fragment length */ unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */ int trunc_hmac; /* negotiate truncated hmac or not */
int recsplit; /* enable record splitting? */ int recsplit; /* enable record splitting? */
@ -965,6 +971,7 @@ int main(int argc, char *argv[])
opt.max_version = DFL_MAX_VERSION; opt.max_version = DFL_MAX_VERSION;
opt.allow_sha1 = DFL_SHA1; opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE; opt.auth_mode = DFL_AUTH_MODE;
opt.set_hostname = DFL_SET_HOSTNAME;
opt.mfl_code = DFL_MFL_CODE; opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC; opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.recsplit = DFL_RECSPLIT; opt.recsplit = DFL_RECSPLIT;
@ -1364,6 +1371,16 @@ usage:
} else { } else {
goto usage; goto usage;
} }
} else if (strcmp(p, "set_hostname") == 0) {
if (strcmp(q, "no") == 0) {
opt.set_hostname = 0;
} else if (strcmp(q, "server_name") == 0) {
opt.set_hostname = 1;
} else if (strcmp(q, "NULL") == 0) {
opt.set_hostname = -1;
} else {
goto usage;
}
} else if (strcmp(p, "max_frag_len") == 0) { } else if (strcmp(p, "max_frag_len") == 0) {
if (strcmp(q, "512") == 0) { if (strcmp(q, "512") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
@ -2081,10 +2098,24 @@ usage:
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { switch (opt.set_hostname) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", case -1:
ret); if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) {
goto exit; mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret);
goto exit;
}
break;
case 0:
/* Skip the call */
break;
default:
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret);
goto exit;
}
break;
} }
#endif #endif

4
programs/ssl/ssl_test_common_source.c
View File

@ -315,7 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = {
}; };
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
* for more info. * for more info.
*/ */
@ -350,9 +350,7 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix,
return (int) (size - n); return (int) (size - n);
#endif /* MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_REMOVE_INFO */
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static void mbedtls_print_supported_sig_algs(void) static void mbedtls_print_supported_sig_algs(void)
{ {
mbedtls_printf("supported signature algorithms:\n"); mbedtls_printf("supported signature algorithms:\n");

1
scripts/config.py
View File

@ -229,6 +229,7 @@ def crypto_adapter(adapter):
DEPRECATED = frozenset([ DEPRECATED = frozenset([
'MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_SE_C',
'MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME',
]) ])
def no_deprecated_adapter(adapter): def no_deprecated_adapter(adapter):
"""Modify an adapter to disable deprecated symbols. """Modify an adapter to disable deprecated symbols.

3
tests/scripts/components-configuration.sh
View File

@ -175,6 +175,9 @@ component_test_full_no_deprecated () {
msg "test: ensure that X509 has no direct dependency on BIGNUM_C" msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
not grep mbedtls_mpi library/libmbedx509.a not grep mbedtls_mpi library/libmbedx509.a
msg "test: ssl-opt.sh authentication, full_no_deprecated config" # ~ 10s
tests/ssl-opt.sh -f 'Default\|Authentication'
} }
component_test_full_no_deprecated_deprecated_warning () { component_test_full_no_deprecated_deprecated_warning () {

4
tests/src/test_helpers/ssl_helpers.c
View File

@ -868,6 +868,10 @@ int mbedtls_test_ssl_endpoint_init(
ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
TEST_ASSERT(ret == 0); TEST_ASSERT(ret == 0);
if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
}
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);

288
tests/ssl-opt.sh
View File

@ -492,6 +492,11 @@ detect_required_features() {
requires_certificate_authentication;; requires_certificate_authentication;;
esac esac
case " $CMD_LINE " in
*\ ca_callback=1\ *)
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;;
esac
case " $CMD_LINE " in case " $CMD_LINE " in
*"programs/ssl/dtls_client "*|\ *"programs/ssl/dtls_client "*|\
*"programs/ssl/ssl_client1 "*) *"programs/ssl/ssl_client1 "*)
@ -2256,7 +2261,6 @@ run_test "TLS: password protected server key, two certificates" \
"$P_CLI" \ "$P_CLI" \
0 0
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \ run_test "CA callback on client" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
"$P_CLI ca_callback=1 debug_level=3 " \ "$P_CLI ca_callback=1 debug_level=3 " \
@ -2265,7 +2269,6 @@ run_test "CA callback on client" \
-S "error" \ -S "error" \
-C "error" -C "error"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256 requires_hash_alg SHA_256
run_test "CA callback on server" \ run_test "CA callback on server" \
@ -6074,6 +6077,271 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)"
-C "X509 - Certificate verification failed" \ -C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate" -C "SSL - No CA Chain is set, but required to operate"
# The next few tests check what happens if the server has a valid certificate
# that does not match its name (impersonation).
run_test "Authentication: hostname match, client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhost debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname match, client required, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (wrong), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (empty), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name= debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (truncated), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhos debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (last char), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhoss debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (trailing), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhostt debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \
0 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client required" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, secure config" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=2" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, historical config" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, secure config, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, historical config, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-c "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client default, secure config, server picks cert, 1.2" \
"$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Authentication: hostname unset, client default, secure config, server picks cert, 1.3" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client default, historical config, server picks cert, 1.2" \
"$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "Authentication: hostname unset, client default, historical config, server picks cert, 1.3" \
"$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \
"$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \
"$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
# The purpose of the next two tests is to test the client's behaviour when receiving a server # The purpose of the next two tests is to test the client's behaviour when receiving a server
# certificate with an unsupported elliptic curve. This should usually not happen because # certificate with an unsupported elliptic curve. This should usually not happen because
# the client informs the server about the supported curves - it does, though, in the # the client informs the server about the supported curves - it does, though, in the
@ -6418,7 +6686,6 @@ run_test "Authentication: send alt hs DN hints in CertificateRequest" \
# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests # Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
# When updating these tests, modify the matching authentication tests accordingly # When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \ run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
@ -6430,7 +6697,6 @@ run_test "Authentication, CA callback: server badcert, client required" \
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed" -c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client optional" \ run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
@ -6442,7 +6708,6 @@ run_test "Authentication, CA callback: server badcert, client optional" \
-C "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed" -C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client none" \ run_test "Authentication, CA callback: server badcert, client none" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
@ -6461,7 +6726,6 @@ run_test "Authentication, CA callback: server badcert, client none" \
# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a # occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
# different means to have the server ignoring the client's supported curve list. # different means to have the server ignoring the client's supported curve list.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
@ -6472,7 +6736,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p
-c "! Certificate verification flags" \ -c "! Certificate verification flags" \
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
@ -6483,7 +6746,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p
-c "! Certificate verification flags"\ -c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA384, server required" \ run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
@ -6495,7 +6757,6 @@ run_test "Authentication, CA callback: client SHA384, server required" \
-c "Supported Signature Algorithm found: 04 " \ -c "Supported Signature Algorithm found: 04 " \
-c "Supported Signature Algorithm found: 05 " -c "Supported Signature Algorithm found: 05 "
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA256, server required" \ run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
@ -6507,7 +6768,6 @@ run_test "Authentication, CA callback: client SHA256, server required" \
-c "Supported Signature Algorithm found: 04 " \ -c "Supported Signature Algorithm found: 04 " \
-c "Supported Signature Algorithm found: 05 " -c "Supported Signature Algorithm found: 05 "
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server required" \ run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@ -6529,7 +6789,6 @@ run_test "Authentication, CA callback: client badcert, server required" \
# detect that its write end of the connection is closed and abort # detect that its write end of the connection is closed and abort
# before reading the alert message. # before reading the alert message.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client cert not trusted, server required" \ run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
@ -6547,7 +6806,6 @@ run_test "Authentication, CA callback: client cert not trusted, server requir
-s "! mbedtls_ssl_handshake returned" \ -s "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed" -s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server optional" \ run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@ -6568,7 +6826,6 @@ run_test "Authentication, CA callback: client badcert, server optional" \
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \ run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
@ -6579,7 +6836,6 @@ run_test "Authentication, CA callback: server max_int chain, client default"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \ run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
@ -6590,7 +6846,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
@ -6602,7 +6857,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
@ -6613,7 +6867,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \ run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
@ -6624,7 +6877,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \ run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \