Clean up mbedtls_ssl_check_cert_usage()

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-02-10 15:40:30 +00:00 · 2024-08-09 11:26:25 +02:00 · 2024-08-09 11:26:25 +02:00 · 94f70228e9
commit 94f70228e9
parent 2ffa53aa28
3 changed files with 13 additions and 10 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -1674,18 +1674,18 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
 }

 /*
- * Check usage of a certificate wrt extensions:
- * keyUsage, extendedKeyUsage (later), and nSCertType (later).
+ * Check usage of a certificate wrt usage extensions:
+ * keyUsage and extendedKeyUsage.
+ * (Note: nSCertType is deprecated and not standard, we don't check it.)
 *
- * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
- * check a cert we received from them)!
+ * Note: recv_endpoint is the receiver's endpoint.
 *
 * Return 0 if everything is OK, -1 if not.
 */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
                                 const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                                 int cert_endpoint,
+                                 int recv_endpoint,
                                 uint32_t *flags);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -6361,7 +6361,7 @@ const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
                                 const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                                 int cert_endpoint,
+                                 int recv_endpoint,
                                 uint32_t *flags)
 {
    int ret = 0;
@ -6369,7 +6369,10 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
    const char *ext_oid;
    size_t ext_len;

-    if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
+    /* Note: don't guard this with MBEDTLS_SSL_CLI_C because the server wants
+     * to check what a compliant client will think while choosing which cert
+     * to send to the client. */
+    if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
        /* Server part of the key exchange */
        switch (ciphersuite->key_exchange) {
            case MBEDTLS_KEY_EXCHANGE_RSA:
@ -6406,7 +6409,7 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
        ret = -1;
    }

-    if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
+    if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
        ext_oid = MBEDTLS_OID_SERVER_AUTH;
        ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
    } else {
@ -8061,7 +8064,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,

    if (mbedtls_ssl_check_cert_usage(chain,
                                     ciphersuite_info,
-                                     !ssl->conf->endpoint,
+                                     ssl->conf->endpoint,
                                     &ssl->session_negotiate->verify_result) != 0) {
        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
        if (ret == 0) {
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -756,7 +756,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
         * and decrypting with the same RSA key.
         */
        if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info,
-                                         MBEDTLS_SSL_IS_SERVER, &flags) != 0) {
+                                         MBEDTLS_SSL_IS_CLIENT, &flags) != 0) {
            MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
                                      "(extended) key usage extension"));
            continue;