From 94f70228e9b93cf84b8cb00e544d8a66dc108011 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 9 Aug 2024 11:26:25 +0200 Subject: [PATCH] Clean up mbedtls_ssl_check_cert_usage() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 10 +++++----- library/ssl_tls.c | 11 +++++++---- library/ssl_tls12_server.c | 2 +- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 120f8ca3ca..e00dcfcf49 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1674,18 +1674,18 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl) } /* - * Check usage of a certificate wrt extensions: - * keyUsage, extendedKeyUsage (later), and nSCertType (later). + * Check usage of a certificate wrt usage extensions: + * keyUsage and extendedKeyUsage. + * (Note: nSCertType is deprecated and not standard, we don't check it.) * - * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we - * check a cert we received from them)! + * Note: recv_endpoint is the receiver's endpoint. * * Return 0 if everything is OK, -1 if not. */ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, - int cert_endpoint, + int recv_endpoint, uint32_t *flags); #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 018eb93d88..865f984b9a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6361,7 +6361,7 @@ const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, - int cert_endpoint, + int recv_endpoint, uint32_t *flags) { int ret = 0; @@ -6369,7 +6369,10 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const char *ext_oid; size_t ext_len; - if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) { + /* Note: don't guard this with MBEDTLS_SSL_CLI_C because the server wants + * to check what a compliant client will think while choosing which cert + * to send to the client. */ + if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { /* Server part of the key exchange */ switch (ciphersuite->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: @@ -6406,7 +6409,7 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, ret = -1; } - if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) { + if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { ext_oid = MBEDTLS_OID_SERVER_AUTH; ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH); } else { @@ -8061,7 +8064,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, if (mbedtls_ssl_check_cert_usage(chain, ciphersuite_info, - !ssl->conf->endpoint, + ssl->conf->endpoint, &ssl->session_negotiate->verify_result) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); if (ret == 0) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 81ee6002e1..e250fc03d3 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -756,7 +756,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, * and decrypting with the same RSA key. */ if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, - MBEDTLS_SSL_IS_SERVER, &flags) != 0) { + MBEDTLS_SSL_IS_CLIENT, &flags) != 0) { MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " "(extended) key usage extension")); continue;