From ee1715cb5b7edf166b5e88a7532820885df79705 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Aug 2024 12:49:57 +0200 Subject: [PATCH 01/10] Test cert alert KEY_USAGE -> UNSUPPORTED_CERT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In terms of line coverage, this was covered, except we never checked the behaviour was as intended. Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b8f129048..22e6d5ea6e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7721,22 +7721,26 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=1 \ + "$P_CLI debug_level=3 \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" + -C "Ciphersuite is TLS-" \ + -c "send alert level=2 message=43" \ + -C "! Usage does not match the keyUsage extension" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=1 auth_mode=optional \ + "$P_CLI debug_level=3 auth_mode=optional \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -c "bad certificate (usage extensions)" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" \ + -C "send alert level=2 message=43" \ -c "! Usage does not match the keyUsage extension" run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ @@ -7752,22 +7756,26 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ run_test "keyUsage cli: DigitalSignature, RSA: fail" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=1 \ + "$P_CLI debug_level=3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" + -C "Ciphersuite is TLS-" \ + -c "send alert level=2 message=43" \ + -C "! Usage does not match the keyUsage extension" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=1 auth_mode=optional \ + "$P_CLI debug_level=3 auth_mode=optional \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -c "bad certificate (usage extensions)" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" \ + -C "send alert level=2 message=43" \ -c "! Usage does not match the keyUsage extension" requires_openssl_tls1_3_with_compatible_ephemeral From 36d1b4a80fa6ee346cfa81d1984be1c82431c247 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Aug 2024 12:14:04 +0200 Subject: [PATCH 02/10] Rationalize ssl-opt tests for keyUsage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - consistent naming with explicit version - in each section, have a positive case with just the needed bit set, and one with an irrelevant bit set in addition (cli 1.3 only had the former, and cli-auth 1.3 only the later) - when auth_mode optional is supported failing cases should come in pairs: soft+hard, this wasn't the case for cli-auth 1.3. (Note: cli 1.3 currently does not support auth_mode optional.) - failing cases should check that the correct flag is printed and the expected alert is sent. The last (two) points have uncovered a bug in 1.3 code: - In fail (hard) cases the correct alert isn't send, but a more generic one instead. - In fail (soft) cases the issue with the certificate is not reported, actually the certificate is reported as valid. Both share the same root cause: the flags are not updated properly when checking the keyUsage extension. This will be addressed in future commits. Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 150 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 126 insertions(+), 24 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 22e6d5ea6e..b37747e914 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7640,22 +7640,26 @@ run_test "ALPN: both, no common" \ # Tests for keyUsage in leaf certificates, part 1: # server-side certificate/suite selection +# +# This is only about 1.2 (for 1.3, all key exchanges use signatures). +# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use +# signatures too, following the removal of RSA #8170 and static ECDH #9201. -run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ +run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI" \ 0 \ -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" -run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ +run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-" -run_test "keyUsage srv: RSA, keyAgreement -> fail" \ +run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \ "$P_CLI" \ @@ -7663,7 +7667,7 @@ run_test "keyUsage srv: RSA, keyAgreement -> fail" \ -C "Ciphersuite is " requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ +run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \ "$P_CLI" \ @@ -7671,14 +7675,14 @@ run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" -run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ +run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI" \ 0 \ -c "Ciphersuite is TLS-ECDH-" -run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ +run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ "$P_CLI" \ @@ -7687,8 +7691,12 @@ run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ # Tests for keyUsage in leaf certificates, part 2: # client-side checking of server cert +# +# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange. +# In 4.0 this will probably change as all TLS 1.2 key exchanges will use +# signatures too, following the removal of RSA #8170 and static ECDH #9201. -run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ +run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ "$P_CLI debug_level=1 \ @@ -7698,7 +7706,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ +run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ "$P_CLI debug_level=1 \ @@ -7708,7 +7716,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ +run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=1 \ @@ -7718,7 +7726,7 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ +run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=3 \ @@ -7731,7 +7739,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ -C "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT -run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ +run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail, soft" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=3 auth_mode=optional \ @@ -7743,7 +7751,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ -C "send alert level=2 message=43" \ -c "! Usage does not match the keyUsage extension" -run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ +run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=1 \ @@ -7753,7 +7761,7 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli: DigitalSignature, RSA: fail" \ +run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=3 \ @@ -7766,7 +7774,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \ -C "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT -run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ +run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail, soft" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=3 auth_mode=optional \ @@ -7778,6 +7786,18 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ -C "send alert level=2 message=43" \ -c "! Usage does not match the keyUsage extension" +requires_openssl_tls1_3_with_compatible_ephemeral +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \ + "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ + "$P_CLI debug_level=3" \ + 0 \ + -C "bad certificate (usage extensions)" \ + -C "Processing of the Certificate handshake message failed" \ + -c "Ciphersuite is" + requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7801,6 +7821,9 @@ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" + #-c "send alert level=2 message=43" \ + #-C "! Usage does not match the keyUsage extension" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -7813,6 +7836,9 @@ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" + #-c "send alert level=2 message=43" \ + #-C "! Usage does not match the keyUsage extension" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -7837,6 +7863,9 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" + #-c "send alert level=2 message=43" \ + #-C "! Usage does not match the keyUsage extension" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -7849,12 +7878,17 @@ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" + #-c "send alert level=2 message=43" \ + #-C "! Usage does not match the keyUsage extension" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT # Tests for keyUsage in leaf certificates, part 3: # server-side checking of client cert +# +# Here, both 1.2 and 1.3 only use signatures. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ +run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ @@ -7864,25 +7898,29 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ - "$P_SRV debug_level=1 auth_mode=optional" \ +run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \ + "$P_SRV debug_level=3 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 0 \ -s "bad certificate (usage extensions)" \ + -S "send alert level=2 message=43" \ + -s "! Usage does not match the keyUsage extension" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ - "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ +run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \ + "$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ 1 \ -s "bad certificate (usage extensions)" \ + -s "send alert level=2 message=43" \ -s "Processing of the Certificate handshake message failed" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ +run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ @@ -7892,14 +7930,27 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ - "$P_SRV debug_level=1 auth_mode=optional" \ +run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \ + "$P_SRV debug_level=3 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 0 \ -s "bad certificate (usage extensions)" \ + -S "send alert level=2 message=43" \ + -s "! Usage does not match the keyUsage extension" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \ + "$P_SRV debug_level=3 auth_mode=required" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ + 1 \ + -s "bad certificate (usage extensions)" \ + -s "send alert level=2 message=43" \ + -s "Processing of the Certificate handshake message failed" + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT + requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED @@ -7915,13 +7966,45 @@ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ +run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEnciphermen: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ + 0 \ + -s "Verifying peer X.509 certificate... ok" \ + -S "bad certificate (usage extensions)" \ + -S "Processing of the Certificate handshake message failed" + +requires_openssl_tls1_3_with_compatible_ephemeral +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ + "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ 0 \ -s "bad certificate (usage extensions)" \ + -S "send alert level=2 message=43" \ -S "Processing of the Certificate handshake message failed" + #-s "! Usage does not match the keyUsage extension" \ + +requires_openssl_tls1_3_with_compatible_ephemeral +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \ + "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ + 0 \ + -s "bad certificate (usage extensions)" \ + -s "Processing of the Certificate handshake message failed" \ + -s "! mbedtls_ssl_handshake returned" \ + #-s "send alert level=2 message=43" \ + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT + # (not working now, getting alert 46 instead) + # + # OpenSSL client does not seem to mind that the server aborts the + # handshake with a fatal alert and still exits 0... requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -7939,12 +8022,31 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ + "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" + #-s "! Usage does not match the keyUsage extension" \ + +requires_openssl_tls1_3_with_compatible_ephemeral +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ + "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ + "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ + 0 \ + -s "bad certificate (usage extensions)" \ + -s "Processing of the Certificate handshake message failed" \ + -s "! mbedtls_ssl_handshake returned" + #-s "send alert level=2 message=43" \ + # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT + # (not working now, getting alert 46 instead) + # + # OpenSSL client does not seem to mind that the server aborts the + # handshake with a fatal alert and still exits 0... # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection From ef41d8ccbe91c5c59e32f47ceda3365525c47124 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Aug 2024 10:28:56 +0200 Subject: [PATCH 03/10] Fix 1.3 failure to update flags for (ext)KeyUsage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_generic.c | 18 +++++++++++---- tests/ssl-opt.sh | 44 ++++++++++++++++++------------------- 2 files changed, 35 insertions(+), 27 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 8ac6579e05..651a17b5a2 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -714,6 +714,18 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) /* * Secondary checks: always done, but change 'ret' only if it was 0 */ + /* keyUsage */ + if ((mbedtls_x509_crt_check_key_usage( + ssl->session_negotiate->peer_cert, + MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); + if (ret == 0) { + ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; + } + verify_result |= MBEDTLS_X509_BADCERT_KEY_USAGE; + } + + /* extKeyUsage */ if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ext_oid = MBEDTLS_OID_SERVER_AUTH; ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH); @@ -722,16 +734,14 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH); } - if ((mbedtls_x509_crt_check_key_usage( - ssl->session_negotiate->peer_cert, - MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0) || - (mbedtls_x509_crt_check_extended_key_usage( + if ((mbedtls_x509_crt_check_extended_key_usage( ssl->session_negotiate->peer_cert, ext_oid, ext_len) != 0)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); if (ret == 0) { ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; } + verify_result |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; } /* mbedtls_x509_crt_verify_with_profile is supposed to report a diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b37747e914..895d8fcb36 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7816,13 +7816,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - "$P_CLI debug_level=1" \ + "$P_CLI debug_level=3" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" - #-c "send alert level=2 message=43" \ - #-C "! Usage does not match the keyUsage extension" + -C "Ciphersuite is" \ + -c "send alert level=2 message=43" \ + -C "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral @@ -7831,13 +7831,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \ - "$P_CLI debug_level=1" \ + "$P_CLI debug_level=3" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" - #-c "send alert level=2 message=43" \ - #-C "! Usage does not match the keyUsage extension" + -C "Ciphersuite is" \ + -c "send alert level=2 message=43" \ + -C "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral @@ -7858,13 +7858,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.ku-ke.crt" \ - "$P_CLI debug_level=1" \ + "$P_CLI debug_level=3" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" - #-c "send alert level=2 message=43" \ - #-C "! Usage does not match the keyUsage extension" + -C "Ciphersuite is" \ + -c "send alert level=2 message=43" \ + -C "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral @@ -7873,13 +7873,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI debug_level=1" \ + "$P_CLI debug_level=3" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" - #-c "send alert level=2 message=43" \ - #-C "! Usage does not match the keyUsage extension" + -C "Ciphersuite is" \ + -c "send alert level=2 message=43" \ + -C "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT # Tests for keyUsage in leaf certificates, part 3: @@ -7985,8 +7985,8 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ 0 \ -s "bad certificate (usage extensions)" \ -S "send alert level=2 message=43" \ + -s "! Usage does not match the keyUsage extension" \ -S "Processing of the Certificate handshake message failed" - #-s "! Usage does not match the keyUsage extension" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -7998,10 +7998,9 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \ 0 \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" \ - -s "! mbedtls_ssl_handshake returned" \ - #-s "send alert level=2 message=43" \ + -s "send alert level=2 message=43" \ + -s "! mbedtls_ssl_handshake returned" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - # (not working now, getting alert 46 instead) # # OpenSSL client does not seem to mind that the server aborts the # handshake with a fatal alert and still exits 0... @@ -8027,8 +8026,8 @@ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ 0 \ -s "bad certificate (usage extensions)" \ + -s "! Usage does not match the keyUsage extension" \ -S "Processing of the Certificate handshake message failed" - #-s "! Usage does not match the keyUsage extension" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -8040,10 +8039,9 @@ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ 0 \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" \ + -s "send alert level=2 message=43" \ -s "! mbedtls_ssl_handshake returned" - #-s "send alert level=2 message=43" \ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - # (not working now, getting alert 46 instead) # # OpenSSL client does not seem to mind that the server aborts the # handshake with a fatal alert and still exits 0... From 013d0798c0b5f72661edee4a7adf48bd5b26f671 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Aug 2024 10:56:41 +0200 Subject: [PATCH 04/10] Always print detailed cert errors in test programs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously the client was only printing them on handshake success, and the server was printing them on success and some but not all failures. This makes ssl-opt.sh more consistent as we can always check for the presence of the expected message in the output, regardless of whether the failure is hard or soft. Signed-off-by: Manuel Pégourié-Gonnard --- programs/ssl/ssl_client2.c | 10 +++++++++- programs/ssl/ssl_server2.c | 3 ++- tests/ssl-opt.sh | 16 ++++++++++------ 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 43133d901c..64564ab07c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2204,7 +2204,9 @@ usage: ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret); - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || + ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) { mbedtls_printf( " Unable to verify the server's certificate. " "Either it is invalid,\n" @@ -2215,7 +2217,13 @@ usage: "not using TLS 1.3.\n" " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`" "or other folder that has root certificates\n"); + + flags = mbedtls_ssl_get_verify_result(&ssl); + char vrfy_buf[512]; + x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); + mbedtls_printf("%s\n", vrfy_buf); } +#endif mbedtls_printf("\n"); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a5d2ed1020..0f871f7123 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3504,7 +3504,8 @@ handshake: (unsigned int) -ret); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { + if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || + ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) { char vrfy_buf[512]; flags = mbedtls_ssl_get_verify_result(&ssl); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 895d8fcb36..69568058bc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7736,7 +7736,7 @@ run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is TLS-" \ -c "send alert level=2 message=43" \ - -C "! Usage does not match the keyUsage extension" + -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail, soft" \ @@ -7771,7 +7771,7 @@ run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is TLS-" \ -c "send alert level=2 message=43" \ - -C "! Usage does not match the keyUsage extension" + -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail, soft" \ @@ -7822,7 +7822,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" \ -c "send alert level=2 message=43" \ - -C "! Usage does not match the keyUsage extension" + -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral @@ -7837,7 +7837,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" \ -c "send alert level=2 message=43" \ - -C "! Usage does not match the keyUsage extension" + -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral @@ -7864,7 +7864,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" \ -c "send alert level=2 message=43" \ - -C "! Usage does not match the keyUsage extension" + -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral @@ -7879,7 +7879,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ -c "Processing of the Certificate handshake message failed" \ -C "Ciphersuite is" \ -c "send alert level=2 message=43" \ - -C "! Usage does not match the keyUsage extension" + -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT # Tests for keyUsage in leaf certificates, part 3: @@ -7916,6 +7916,7 @@ run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \ 1 \ -s "bad certificate (usage extensions)" \ -s "send alert level=2 message=43" \ + -s "! Usage does not match the keyUsage extension" \ -s "Processing of the Certificate handshake message failed" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT @@ -7948,6 +7949,7 @@ run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \ 1 \ -s "bad certificate (usage extensions)" \ -s "send alert level=2 message=43" \ + -s "! Usage does not match the keyUsage extension" \ -s "Processing of the Certificate handshake message failed" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT @@ -7999,6 +8001,7 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" \ -s "send alert level=2 message=43" \ + -s "! Usage does not match the keyUsage extension" \ -s "! mbedtls_ssl_handshake returned" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT # @@ -8040,6 +8043,7 @@ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" \ -s "send alert level=2 message=43" \ + -s "! Usage does not match the keyUsage extension" \ -s "! mbedtls_ssl_handshake returned" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT # From 52c0f5a0fd60688b263b97c39fea232eedff6009 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 8 Aug 2024 12:19:46 +0200 Subject: [PATCH 05/10] Rationalize keyUsage testing, round 2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - cli-auth 1.2 was missing a test with an irrelevant bit set in addition to the relevant bit (which was added for 1.3 previously) - use consistent naming for fail (hard/soft) Note: currently there are no "fail (soft)" cases for 1.3 authentication of server by client, as server auth is mandatory in 1.3 (this will change in 3.6.1). Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 69568058bc..e6e2f99553 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7726,7 +7726,7 @@ run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail" \ +run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=3 \ @@ -7739,7 +7739,7 @@ run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail" \ -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT -run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail, soft" \ +run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=3 auth_mode=optional \ @@ -7761,7 +7761,7 @@ run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail" \ +run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=3 \ @@ -7774,7 +7774,7 @@ run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail" \ -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail, soft" \ +run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=3 auth_mode=optional \ @@ -7813,7 +7813,7 @@ run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ +run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ "$P_CLI debug_level=3" \ @@ -7828,7 +7828,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ +run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \ "$P_CLI debug_level=3" \ @@ -7855,7 +7855,7 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ +run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.ku-ke.crt" \ "$P_CLI debug_level=3" \ @@ -7870,7 +7870,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ +run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ "$P_CLI debug_level=3" \ @@ -7897,6 +7897,16 @@ run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \ -S "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \ + "$P_SRV debug_level=1 auth_mode=optional" \ + "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ + -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ + 0 \ + -s "Verifying peer X.509 certificate... ok" \ + -S "bad certificate (usage extensions)" \ + -S "Processing of the Certificate handshake message failed" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -7968,7 +7978,7 @@ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEnciphermen: OK" \ +run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ From cdd5b07eb146f47a8917cba5809d3b4a18037c0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Aug 2024 09:50:18 +0200 Subject: [PATCH 06/10] Use P_CLI when O_CLI's status is not reliable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Generally speaking, in this group of test we use O_SRV when testing our client's behaviour, and O_CLI when testing our server's behaviour. I don't think that's essential, but why not. Well, for these two tests there's a reason why not: O_CLI often exits 0, seemingly not minding that the server aborted the handshake with a fatal alert, but sometimes it exits 1. (I've observed 0 on my machine, on two runs of OpenCI and Internal CI, and 1 in some test in one run of Internal CI.) So, use our client instead, which exits non-zero consistently. Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e6e2f99553..ac6df5a7a4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8005,18 +8005,15 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \ "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - 0 \ + "$P_CLI key_file=$DATA_FILES_PATH/server2.key \ + crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ + 1 \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" \ -s "send alert level=2 message=43" \ -s "! Usage does not match the keyUsage extension" \ -s "! mbedtls_ssl_handshake returned" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - # - # OpenSSL client does not seem to mind that the server aborts the - # handshake with a fatal alert and still exits 0... requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -8047,18 +8044,15 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - 0 \ + "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ + 1 \ -s "bad certificate (usage extensions)" \ -s "Processing of the Certificate handshake message failed" \ -s "send alert level=2 message=43" \ -s "! Usage does not match the keyUsage extension" \ -s "! mbedtls_ssl_handshake returned" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - # - # OpenSSL client does not seem to mind that the server aborts the - # handshake with a fatal alert and still exits 0... # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection From e74c840b5ec578cbe9011d0b28bb0d228b53d4fd Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 15 Aug 2024 15:24:09 +0100 Subject: [PATCH 07/10] Rationalize extKeyUsage tests Signed-off-by: Elena Uziunaite --- tests/ssl-opt.sh | 49 ++++++++++++++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ac6df5a7a4..e1229406e3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8087,7 +8087,7 @@ run_test "extKeyUsage srv: codeSign -> fail" \ # Tests for extendedKeyUsage, part 2: client-side checking of server cert requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli: serverAuth -> OK" \ +run_test "extKeyUsage cli 1.2: serverAuth -> OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ "$P_CLI debug_level=1" \ @@ -8097,7 +8097,7 @@ run_test "extKeyUsage cli: serverAuth -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ +run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ "$P_CLI debug_level=1" \ @@ -8107,7 +8107,7 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ +run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ "$P_CLI debug_level=1" \ @@ -8117,14 +8117,17 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli: codeSign -> fail" \ +run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=1" \ + "$P_CLI debug_level=3" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" + -C "Ciphersuite is TLS-" \ + -c "send alert level=2 message=43" \ + -c "! Usage does not match the extendedKeyUsage extension" + # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -8165,19 +8168,22 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: codeSign -> fail" \ +run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=1" \ + "$P_CLI debug_level=3" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" + -C "Ciphersuite is" \ + -c "send alert level=2 message=43" \ + -c "! Usage does not match the extendedKeyUsage extension" + # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT # Tests for extendedKeyUsage, part 3: server-side checking of client cert requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth: clientAuth -> OK" \ +run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ @@ -8186,7 +8192,7 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ +run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ @@ -8195,7 +8201,7 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ +run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ @@ -8204,22 +8210,27 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ - "$P_SRV debug_level=1 auth_mode=optional" \ +run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \ + "$P_SRV debug_level=3 auth_mode=optional" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 0 \ -s "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" + -S "send alert level=2 message=43" \ + -s "! Usage does not match the extendedKeyUsage extension" \ + -S "Processing of the Certificate handshake message failed" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ - "$P_SRV debug_level=1 auth_mode=required" \ +run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \ + "$P_SRV debug_level=3 auth_mode=required" \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 1 \ -s "bad certificate (usage extensions)" \ + -s "send alert level=2 message=43" \ + -s "! Usage does not match the extendedKeyUsage extension" \ -s "Processing of the Certificate handshake message failed" + # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ @@ -8258,11 +8269,13 @@ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ + "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ 0 \ -s "bad certificate (usage extensions)" \ + -S "send alert level=2 message=43" \ + -s "! Usage does not match the extendedKeyUsage extension" \ -S "Processing of the Certificate handshake message failed" # Tests for DHM parameters loading From 04db1fb481e9b1cbe10f506e6e184f5dab438bce Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Fri, 16 Aug 2024 17:18:28 +0100 Subject: [PATCH 08/10] Add test cases for extKeyUsage Signed-off-by: Elena Uziunaite --- tests/ssl-opt.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e1229406e3..91828ef03a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8116,6 +8116,19 @@ run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \ + "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ + -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ + "$P_CLI debug_level=3 auth_mode=optional" \ + 0 \ + -c "bad certificate (usage extensions)" \ + -C "Processing of the Certificate handshake message failed" \ + -c "Ciphersuite is TLS-" \ + -C "send alert level=2 message=43" \ + -c "! Usage does not match the extendedKeyUsage extension" + # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ @@ -8278,6 +8291,20 @@ run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ -s "! Usage does not match the extendedKeyUsage extension" \ -S "Processing of the Certificate handshake message failed" +requires_openssl_tls1_3_with_compatible_ephemeral +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \ + "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ + "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ + crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \ + 1 \ + -s "bad certificate (usage extensions)" \ + -s "send alert level=2 message=43" \ + -s "! Usage does not match the extendedKeyUsage extension" \ + -s "Processing of the Certificate handshake message failed" + # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT + # Tests for DHM parameters loading run_test "DHM parameters: reference" \ From 777e3e77c9ff78039101ab881d53206bb7852082 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Mon, 19 Aug 2024 12:10:22 +0100 Subject: [PATCH 09/10] Update ChangeLog Signed-off-by: Elena Uziunaite --- ChangeLog.d/fix_reporting_of_key_usage_issues.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt new file mode 100644 index 0000000000..12f1bb3799 --- /dev/null +++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix the failure to correctly update verification flags when + checking the (ext)KeyUsage extension. + Resolves #1260 From b0b71dc5d5748fec0476d0aac876d95c8bc669bd Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Tue, 20 Aug 2024 12:11:57 +0100 Subject: [PATCH 10/10] Edit ChangeLog entry Signed-off-by: Elena Uziunaite --- ChangeLog.d/fix_reporting_of_key_usage_issues.txt | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt index 12f1bb3799..75fbb6cc15 100644 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt @@ -1,4 +1,11 @@ -Bugfix - * Fix the failure to correctly update verification flags when - checking the (ext)KeyUsage extension. - Resolves #1260 +Security + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in if keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert).