mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 21:33:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1272 from eleuzi01/forward-1263

Browse Source 
Fix 1.3 cli-auth optional reporting of (ext)KeyUsage issues
This commit is contained in:
Gilles Peskine 2024-08-28 19:38:36 +02:00 committed by GitHub
commit 99b57bd35a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 251 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog.d/fix_reporting_of_key_usage_issues.txt Normal file
View File

@ -0,0 +1,11 @@
Security
* With TLS 1.3, when a server enables optional authentication of the
client, if the client-provided certificate does not have appropriate values
in keyUsage or extKeyUsage extensions, then the return value of
mbedtls_ssl_get_verify_result() would incorrectly have the
MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
clear. As a result, an attacker that had a certificate valid for uses other
than TLS client authentication could be able to use it for TLS client
authentication anyway. Only TLS 1.3 servers were affected, and only with
optional authentication (required would abort the handshake with a fatal
alert).

18
library/ssl_tls13_generic.c
View File

@ -714,6 +714,18 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
/*
* Secondary checks: always done, but change 'ret' only if it was 0
*/
/* keyUsage */
if ((mbedtls_x509_crt_check_key_usage(
ssl->session_negotiate->peer_cert,
MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
verify_result |= MBEDTLS_X509_BADCERT_KEY_USAGE;
}
/* extKeyUsage */
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
@ -722,16 +734,14 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
}
if ((mbedtls_x509_crt_check_key_usage(
ssl->session_negotiate->peer_cert,
MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0) ||
(mbedtls_x509_crt_check_extended_key_usage(
if ((mbedtls_x509_crt_check_extended_key_usage(
ssl->session_negotiate->peer_cert,
ext_oid, ext_len) != 0)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
verify_result |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
}
/* mbedtls_x509_crt_verify_with_profile is supposed to report a

10
programs/ssl/ssl_client2.c
View File

@ -2204,7 +2204,9 @@ usage:
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
(unsigned int) -ret);
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) {
mbedtls_printf(
" Unable to verify the server's certificate. "
"Either it is invalid,\n"
@ -2215,7 +2217,13 @@ usage:
"not using TLS 1.3.\n"
" For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
"or other folder that has root certificates\n");
flags = mbedtls_ssl_get_verify_result(&ssl);
char vrfy_buf[512];
x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
mbedtls_printf("%s\n", vrfy_buf);
}
#endif
mbedtls_printf("\n");
goto exit;
}

3
programs/ssl/ssl_server2.c
View File

@ -3505,7 +3505,8 @@ handshake:
(unsigned int) -ret);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) {
char vrfy_buf[512];
flags = mbedtls_ssl_get_verify_result(&ssl);

274
tests/ssl-opt.sh
View File

@ -7640,22 +7640,26 @@ run_test "ALPN: both, no common" \
# Tests for keyUsage in leaf certificates, part 1:
# server-side certificate/suite selection
#
# This is only about 1.2 (for 1.3, all key exchanges use signatures).
# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-"
run_test "keyUsage srv: RSA, keyAgreement -> fail" \
run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \
"$P_CLI" \
@ -7663,7 +7667,7 @@ run_test "keyUsage srv: RSA, keyAgreement -> fail" \
-C "Ciphersuite is "
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \
"$P_CLI" \
@ -7671,14 +7675,14 @@ run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDH-"
run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI" \
@ -7687,8 +7691,12 @@ run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
# Tests for keyUsage in leaf certificates, part 2:
# client-side checking of server cert
#
# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange.
# In 4.0 this will probably change as all TLS 1.2 key exchanges will use
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
@ -7698,7 +7706,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
@ -7708,7 +7716,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
@ -7718,28 +7726,32 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
"$P_CLI debug_level=3 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
-C "Ciphersuite is TLS-" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
"$P_CLI debug_level=3 auth_mode=optional \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \
-C "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
@ -7749,27 +7761,43 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature, RSA: fail" \
run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
"$P_CLI debug_level=3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
-C "Ciphersuite is TLS-" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
"$P_CLI debug_level=3 auth_mode=optional \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \
-C "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -7785,26 +7813,32 @@ run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -7821,32 +7855,40 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert
#
# Here, both 1.2 and 1.3 only use signatures.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
@ -7856,25 +7898,40 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \
run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ds.crt" \
@ -7884,14 +7941,28 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -7907,14 +7978,43 @@ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "! mbedtls_ssl_handshake returned"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -7931,13 +8031,29 @@ requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "! mbedtls_ssl_handshake returned"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
@ -7971,7 +8087,7 @@ run_test "extKeyUsage srv: codeSign -> fail" \
# Tests for extendedKeyUsage, part 2: client-side checking of server cert
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth -> OK" \
run_test "extKeyUsage cli 1.2: serverAuth -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
@ -7981,7 +8097,7 @@ run_test "extKeyUsage cli: serverAuth -> OK" \
-c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
@ -7991,7 +8107,7 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
-c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
@ -8001,14 +8117,30 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
-c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign -> fail" \
run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3 auth_mode=optional" \
0 \
-c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \
-C "send alert level=2 message=43" \
-c "! Usage does not match the extendedKeyUsage extension"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
-C "Ciphersuite is TLS-" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the extendedKeyUsage extension"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -8049,19 +8181,22 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail" \
run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the extendedKeyUsage extension"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for extendedKeyUsage, part 3: server-side checking of client cert
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cli.crt" \
@ -8070,7 +8205,7 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
@ -8079,7 +8214,7 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
@ -8088,22 +8223,27 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
-S "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-S "Processing of the Certificate handshake message failed" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -8142,13 +8282,29 @@ requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for DHM parameters loading
run_test "DHM parameters: reference" \