Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks

TLS 1.3: Fix certificate key usage checks
2025-07-29 11:41:15 +03:00 · 2022-06-27 08:32:17 +02:00
parent 4f799fc333 f9c13fe69f
commit 9738a8d0fd
4 changed files with 242 additions and 6 deletions
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -546,6 +546,8 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
    int authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
    mbedtls_x509_crt *ca_chain;
    mbedtls_x509_crl *ca_crl;
+    const char *ext_oid;
+    size_t ext_len;
    uint32_t verify_result = 0;

    /* If SNI was used, overwrite authentication mode
@ -627,12 +629,25 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
    /*
     * Secondary checks: always done, but change 'ret' only if it was 0
     */
-    if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
-                                      ssl->handshake->ciphersuite_info,
-                                      !ssl->conf->endpoint,
-                                      &verify_result ) != 0 )
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( usage extensions )" ) );
+        ext_oid = MBEDTLS_OID_SERVER_AUTH;
+        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
+    }
+    else
+    {
+        ext_oid = MBEDTLS_OID_CLIENT_AUTH;
+        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
+    }
+
+    if( ( mbedtls_x509_crt_check_key_usage(
+              ssl->session_negotiate->peer_cert,
+              MBEDTLS_X509_KU_DIGITAL_SIGNATURE ) != 0 ) ||
+        ( mbedtls_x509_crt_check_extended_key_usage(
+              ssl->session_negotiate->peer_cert,
+              ext_oid, ext_len ) != 0 ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
        if( ret == 0 )
            ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
    }