Fix 1.3 failure to update flags for (ext)KeyUsage

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

library/ssl_tls13_generic.c

@@ -714,6 +714,18 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
     /*
      * Secondary checks: always done, but change 'ret' only if it was 0
      */
+    /* keyUsage */
+    if ((mbedtls_x509_crt_check_key_usage(
+             ssl->session_negotiate->peer_cert,
+             MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
+        if (ret == 0) {
+            ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+        }
+        verify_result |= MBEDTLS_X509_BADCERT_KEY_USAGE;
+    }
+
+    /* extKeyUsage */
     if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
         ext_oid = MBEDTLS_OID_SERVER_AUTH;
         ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
@@ -722,16 +734,14 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
         ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
     }
 
-    if ((mbedtls_x509_crt_check_key_usage(
+    if ((mbedtls_x509_crt_check_extended_key_usage(
-             ssl->session_negotiate->peer_cert,
-             MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0) ||
-        (mbedtls_x509_crt_check_extended_key_usage(
              ssl->session_negotiate->peer_cert,
              ext_oid, ext_len) != 0)) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
         if (ret == 0) {
             ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
         }
+        verify_result |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
     }
 
     /* mbedtls_x509_crt_verify_with_profile is supposed to report a

tests/ssl-opt.sh

@@ -7816,13 +7816,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
 run_test    "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
             "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
              -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
-            "$P_CLI debug_level=1" \
+            "$P_CLI debug_level=3" \
             1 \
             -c "bad certificate (usage extensions)" \
             -c "Processing of the Certificate handshake message failed" \
-            -C "Ciphersuite is"
+            -C "Ciphersuite is" \
-            #-c "send alert level=2 message=43" \
+            -c "send alert level=2 message=43" \
-            #-C "! Usage does not match the keyUsage extension"
+            -C "! Usage does not match the keyUsage extension"
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
 
 requires_openssl_tls1_3_with_compatible_ephemeral
@@ -7831,13 +7831,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
 run_test    "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
             "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
              -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
-            "$P_CLI debug_level=1" \
+            "$P_CLI debug_level=3" \
             1 \
             -c "bad certificate (usage extensions)" \
             -c "Processing of the Certificate handshake message failed" \
-            -C "Ciphersuite is"
+            -C "Ciphersuite is" \
-            #-c "send alert level=2 message=43" \
+            -c "send alert level=2 message=43" \
-            #-C "! Usage does not match the keyUsage extension"
+            -C "! Usage does not match the keyUsage extension"
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
 
 requires_openssl_tls1_3_with_compatible_ephemeral
@@ -7858,13 +7858,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
 run_test    "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
             "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
              -cert $DATA_FILES_PATH/server5.ku-ke.crt" \
-            "$P_CLI debug_level=1" \
+            "$P_CLI debug_level=3" \
             1 \
             -c "bad certificate (usage extensions)" \
             -c "Processing of the Certificate handshake message failed" \
-            -C "Ciphersuite is"
+            -C "Ciphersuite is" \
-            #-c "send alert level=2 message=43" \
+            -c "send alert level=2 message=43" \
-            #-C "! Usage does not match the keyUsage extension"
+            -C "! Usage does not match the keyUsage extension"
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
 
 requires_openssl_tls1_3_with_compatible_ephemeral
@@ -7873,13 +7873,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
 run_test    "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
             "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
              -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
-            "$P_CLI debug_level=1" \
+            "$P_CLI debug_level=3" \
             1 \
             -c "bad certificate (usage extensions)" \
             -c "Processing of the Certificate handshake message failed" \
-            -C "Ciphersuite is"
+            -C "Ciphersuite is" \
-            #-c "send alert level=2 message=43" \
+            -c "send alert level=2 message=43" \
-            #-C "! Usage does not match the keyUsage extension"
+            -C "! Usage does not match the keyUsage extension"
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
 
 # Tests for keyUsage in leaf certificates, part 3:
@@ -7985,8 +7985,8 @@ run_test    "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
             0 \
             -s "bad certificate (usage extensions)" \
             -S "send alert level=2 message=43" \
+            -s "! Usage does not match the keyUsage extension" \
             -S "Processing of the Certificate handshake message failed"
-            #-s "! Usage does not match the keyUsage extension" \
 
 requires_openssl_tls1_3_with_compatible_ephemeral
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -7998,10 +7998,9 @@ run_test    "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
             0 \
             -s "bad certificate (usage extensions)" \
             -s "Processing of the Certificate handshake message failed" \
-            -s "! mbedtls_ssl_handshake returned" \
+            -s "send alert level=2 message=43" \
-            #-s "send alert level=2 message=43" \
+            -s "! mbedtls_ssl_handshake returned"
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-            # (not working now, getting alert 46 instead)
             #
             # OpenSSL client does not seem to mind that the server aborts the
             # handshake with a fatal alert and still exits 0...
@@ -8027,8 +8026,8 @@ run_test    "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
              -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
             0 \
             -s "bad certificate (usage extensions)" \
+            -s "! Usage does not match the keyUsage extension" \
             -S "Processing of the Certificate handshake message failed"
-            #-s "! Usage does not match the keyUsage extension" \
 
 requires_openssl_tls1_3_with_compatible_ephemeral
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -8040,10 +8039,9 @@ run_test    "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
             0 \
             -s "bad certificate (usage extensions)" \
             -s "Processing of the Certificate handshake message failed" \
+            -s "send alert level=2 message=43" \
             -s "! mbedtls_ssl_handshake returned"
-            #-s "send alert level=2 message=43" \
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-            # (not working now, getting alert 46 instead)
             #
             # OpenSSL client does not seem to mind that the server aborts the
             # handshake with a fatal alert and still exits 0...