From 56ee69de5bbf1c6b522845665afe5a1674c17cf5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 13:52:14 +0200 Subject: [PATCH 01/14] Fix "Renegotiation: openssl server, client-initiated" with OpenSSL 3 Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6afc26a112..1ff08a0019 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -795,6 +795,14 @@ requires_openssl_tls1_3() { fi } +# OpenSSL 3 servers forbid client renegotiation by default. +# Older versions always alow it. +OPENSSL_S_SERVER_CLIENT_RENEGOTIATION= +case $($OPENSSL s_server -help 2>&1) in + *-client_renegotiation*) + OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=-client_renegotiation;; +esac + # skip next test if tls1_3 is not available requires_gnutls_tls1_3() { requires_gnutls_next @@ -5550,7 +5558,7 @@ run_test "Renegotiation: nbio, server-initiated" \ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: openssl server, client-initiated" \ - "$O_SRV -www -tls1_2" \ + "$O_SRV -www $OPENSSL_S_SERVER_CLIENT_RENEGOTIATION -tls1_2" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ From 9404169146964099b7f3b9d40ede0fde982df9f9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 14:43:17 +0200 Subject: [PATCH 02/14] Use CONFIGS_ENABLED instead of repeatedly calling query_compile_time_config It's faster and more readable. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1ff08a0019..5829cb7081 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -273,31 +273,39 @@ requires_config_disabled() { } requires_all_configs_enabled() { - if ! $P_QUERY -all $* 2>&1 > /dev/null - then - SKIP_NEXT="YES" - fi + for x in "$@"; do + if ! is_config_enabled "$x"; then + SKIP_NEXT="YES" + return + fi + done } requires_all_configs_disabled() { - if $P_QUERY -any $* 2>&1 > /dev/null - then - SKIP_NEXT="YES" - fi + for x in "$@"; do + if is_config_enabled "$x"; then + SKIP_NEXT="YES" + return + fi + done } requires_any_configs_enabled() { - if ! $P_QUERY -any $* 2>&1 > /dev/null - then - SKIP_NEXT="YES" - fi + for x in "$@"; do + if is_config_enabled "$x"; then + return + fi + done + SKIP_NEXT="YES" } requires_any_configs_disabled() { - if $P_QUERY -all $* 2>&1 > /dev/null - then - SKIP_NEXT="YES" - fi + for x in "$@"; do + if ! is_config_enabled "$x"; then + return + fi + done + SKIP_NEXT="YES" } TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ @@ -318,10 +326,10 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { - if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 + if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 then requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + elif ! is_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED then SKIP_NEXT="YES" fi @@ -1653,7 +1661,7 @@ get_tls_version() { esac # Third if the version is not forced, if TLS 1.3 is enabled then the test # is aimed to run a TLS 1.3 handshake. - if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_3 + if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 then echo "TLS13" else From 6f9952abfcebc6a567cddbdb700419837f29f50d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 15:27:57 +0200 Subject: [PATCH 03/14] ssl-opt: Fix GnuTLS PSK injection Signed-off-by: Gilles Peskine --- framework | 2 +- tests/ssl-opt.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 7acada6a92..071831e25b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 7acada6a928031340d390b2dce645a3b6129ddad +Subproject commit 071831e25bd336baa58bbdf65e985283f56e1b86 diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5829cb7081..0ac37f91a9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -543,7 +543,8 @@ adapt_cmd_for_psk () { case "$2" in *openssl*s_server*) s='-psk 73776f726466697368 -nocert';; *openssl*) s='-psk 73776f726466697368';; - *gnutls-*) s='--pskusername=Client_identity --pskkey=73776f726466697368';; + *gnutls-cli*) s='--pskusername=Client_identity --pskkey=73776f726466697368';; + *gnutls-serv*) s='--pskpasswd=../framework/data_files/simplepass.psk';; *) s='psk=73776f726466697368';; esac eval $1='"$2 $s"' From ae3dc17e50e3c830640187ac07990099cec627ee Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 15:34:59 +0200 Subject: [PATCH 04/14] Detect more cases where certificates are required When requiring a cryptographic mechanism for the sake of certificate authentication, also require that certificate authentication is enabled. Setting auth_mode explicitly means that we're testing something related to how certificate-based authentication is handled, so require a key exchange with certificate-based authentication. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0ac37f91a9..7ecae81cfd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -483,10 +483,16 @@ detect_required_features() { requires_config_enabled MBEDTLS_SSL_ALPN;; esac + case " $CMD_LINE " in + *\ auth_mode=*|*[-_\ =]crt[_=]*) + requires_certificate_authentication;; + esac + case "$CMD_LINE" in */server5*|\ */server7*|\ */dir-maxpath*) + requires_certificate_authentication if [ "$TLS_VERSION" = "TLS13" ]; then # In case of TLS13 the support for ECDSA is enough requires_pk_alg "ECDSA" @@ -521,6 +527,7 @@ detect_required_features() { */server1*|\ */server2*|\ */server7*) + requires_certificate_authentication # Certificates with an RSA key. The algorithm requirement is # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature, # PSS signature}. We can't easily tell which subset works, and From 4f0986487d100c555d3ce01eda63c83e2d3e4112 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 15:35:58 +0200 Subject: [PATCH 05/14] Fix PSK-only mode doing less than it should Don't add a certificate requirement when PSK is enabled. Do command line requirement detection after the injection of PSK into the command line in PSK-only mode. Otherwise certificate requirements would be added even in PSK-only mode. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7ecae81cfd..489c67c6c6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -489,6 +489,7 @@ detect_required_features() { esac case "$CMD_LINE" in + *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK */server5*|\ */server7*|\ */dir-maxpath*) @@ -524,6 +525,7 @@ detect_required_features() { esac case "$CMD_LINE" in + *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK */server1*|\ */server2*|\ */server7*) @@ -1755,14 +1757,14 @@ run_test() { TLS_VERSION="TLS12" fi + # If we're in a PSK-only build and the test can be adapted to PSK, do that. + maybe_adapt_for_psk "$@" + # If the client or server requires certain features that can be detected # from their command-line arguments, check whether they're enabled. detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" - # If we're in a PSK-only build and the test can be adapted to PSK, do that. - maybe_adapt_for_psk "$@" - # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then SKIP_NEXT="NO" From 24b4303dddf8218749102b18e7c6003f79f50f5b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 15:38:20 +0200 Subject: [PATCH 06/14] Detect PSK-only mode in TLS 1.3 as well Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 489c67c6c6..41ad97d638 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -604,14 +604,20 @@ maybe_adapt_for_psk() { adapt_cmd_for_psk SRV_CMD "$SRV_CMD" } -case " $CONFIGS_ENABLED " in - *\ MBEDTLS_KEY_EXCHANGE_[^P]*) PSK_ONLY="NO";; - *\ MBEDTLS_KEY_EXCHANGE_P[^S]*) PSK_ONLY="NO";; - *\ MBEDTLS_KEY_EXCHANGE_PS[^K]*) PSK_ONLY="NO";; - *\ MBEDTLS_KEY_EXCHANGE_PSK[^_]*) PSK_ONLY="NO";; - *\ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED\ *) PSK_ONLY="YES";; - *) PSK_ONLY="NO";; -esac +# PSK_PRESENT="YES" if at least one protocol versions supports pure-PSK. +PSK_PRESENT="NO" +# PSK_ONLY="YES" if no key exchange is enabled except pure-PSK. +PSK_ONLY="" +for c in $CONFIGS_ENABLED; do + case $c in + MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";; + MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";; + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";; + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";; + esac +done +: ${PSK_ONLY:=$PSK_PRESENT} +unset c HAS_ALG_MD5="NO" HAS_ALG_SHA_1="NO" From 9d3b2079a51c7167deb233dcfab9f749730fc136 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 15:38:47 +0200 Subject: [PATCH 07/14] Unify the two requires-key-exchange-with-certificate function requires_certificate_authentication was called in more places, but did not do fine-grained analysis of key exchanges and so gave the wrong results in some builds. requires_key_exchange_with_cert_in_tls12_or_tls13_enabled gave the correct result but was only used in some test cases, not in the automatic detection code. Remove all uses of requires_key_exchange_with_cert_in_tls12_or_tls13_enabled because they are in fact covered by automated detection that calls requires_certificate_authentication. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 52 +----------------------------------------------- 1 file changed, 1 insertion(+), 51 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 41ad97d638..0fd3387bcf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -325,7 +325,7 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { +requires_certificate_authentication () { if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 then requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -542,12 +542,6 @@ detect_required_features() { unset tmp } -requires_certificate_authentication () { - if [ "$PSK_ONLY" = "YES" ]; then - SKIP_NEXT="YES" - fi -} - adapt_cmd_for_psk () { case "$2" in *openssl*s_server*) s='-psk 73776f726466697368 -nocert';; @@ -2124,7 +2118,6 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "TLS client auth: required" \ "$P_SRV auth_mode=required" \ "$P_CLI" \ @@ -2754,7 +2747,6 @@ run_test "Single supported algorithm sending: openssl client" \ 0 # Tests for certificate verification callback -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ "$P_CLI context_crt_cb=0 debug_level=3" \ @@ -2765,7 +2757,6 @@ run_test "Configuration-specific CRT verification callback" \ -C "Use context-specific verification callback" \ -C "error" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Context-specific CRT verification callback" \ "$P_SRV debug_level=3" \ "$P_CLI context_crt_cb=1 debug_level=3" \ @@ -5844,7 +5835,6 @@ run_test "DER format: with 9 trailing random bytes" \ # When updating these tests, modify the matching authentication tests accordingly # The next 4 cases test the 3 auth modes with a badly signed server cert. -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: server badcert, client required" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -5916,7 +5906,6 @@ run_test "Authentication: server badcert, client none (1.2)" \ -C "send alert level=2 message=48" \ -C "X509 - Certificate verification failed" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ @@ -5938,7 +5927,6 @@ run_test "Authentication: server goodcert, client required, no trusted CA (1. -c "! mbedtls_ssl_handshake returned" \ -c "SSL - No CA Chain is set, but required to operate" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: server goodcert, client optional, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ @@ -5962,7 +5950,6 @@ run_test "Authentication: server goodcert, client optional, no trusted CA (1. -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: server goodcert, client none, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \ @@ -6031,7 +6018,6 @@ run_test "Authentication: client SHA384, server required" \ -c "Supported Signature Algorithm found: 04 " \ -c "Supported Signature Algorithm found: 05 " -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client has no cert, server required (TLS)" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=none \ @@ -6047,7 +6033,6 @@ run_test "Authentication: client has no cert, server required (TLS)" \ -s "! mbedtls_ssl_handshake returned" \ -s "No client certification received from the client, but required by the authentication mode" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client badcert, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6068,7 +6053,6 @@ run_test "Authentication: client badcert, server required" \ # detect that its write end of the connection is closed and abort # before reading the alert message. -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client cert self-signed and trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required ca_file=$DATA_FILES_PATH/server5-selfsigned.crt" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ @@ -6084,7 +6068,6 @@ run_test "Authentication: client cert self-signed and trusted, server require -S "! The certificate is not correctly signed" \ -S "X509 - Certificate verification failed" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ @@ -6101,7 +6084,6 @@ run_test "Authentication: client cert not trusted, server required" \ -s "! mbedtls_ssl_handshake returned" \ -s "X509 - Certificate verification failed" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6119,7 +6101,6 @@ run_test "Authentication: client badcert, server optional" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client badcert, server none" \ "$P_SRV debug_level=3 auth_mode=none" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6137,7 +6118,6 @@ run_test "Authentication: client badcert, server none" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -6155,7 +6135,6 @@ run_test "Authentication: client no cert, server optional" \ -S "X509 - Certificate verification failed" requires_openssl_tls1_3_with_compatible_ephemeral -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Authentication: openssl client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -no_middlebox" \ @@ -6569,7 +6548,6 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ # tests for SNI requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: no SNI callback" \ "$P_SRV debug_level=3 \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ @@ -6579,7 +6557,6 @@ run_test "SNI: no SNI callback" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: matching cert 1" \ "$P_SRV debug_level=3 \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6591,7 +6568,6 @@ run_test "SNI: matching cert 1" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: matching cert 2" \ "$P_SRV debug_level=3 \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6603,7 +6579,6 @@ run_test "SNI: matching cert 2" \ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: no matching cert" \ "$P_SRV debug_level=3 \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6616,7 +6591,6 @@ run_test "SNI: no matching cert" \ -c "mbedtls_ssl_handshake returned" \ -c "SSL - A fatal alert message was received from our peer" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: client auth no override: optional" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6630,7 +6604,6 @@ run_test "SNI: client auth no override: optional" \ -C "skip write certificate verify" \ -S "skip parse certificate verify" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: client auth override: none -> optional" \ "$P_SRV debug_level=3 auth_mode=none \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6644,7 +6617,6 @@ run_test "SNI: client auth override: none -> optional" \ -C "skip write certificate verify" \ -S "skip parse certificate verify" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: client auth override: optional -> none" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6656,7 +6628,6 @@ run_test "SNI: client auth override: optional -> none" \ -c "got no certificate request" \ -c "skip write certificate" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: CA no override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6675,7 +6646,6 @@ run_test "SNI: CA no override" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "The certificate has been revoked (is on a CRL)" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: CA override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6694,7 +6664,6 @@ run_test "SNI: CA override" \ -S "! The certificate is not correctly signed by the trusted CA" \ -S "The certificate has been revoked (is on a CRL)" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "SNI: CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ @@ -6867,7 +6836,6 @@ run_test "SNI: DTLS, CA override with CRL" \ # Tests for non-blocking I/O: exercise a variety of handshake flows -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Non-blocking I/O: basic handshake" \ "$P_SRV nbio=2 tickets=0 auth_mode=none" \ "$P_CLI nbio=2 tickets=0" \ @@ -6876,7 +6844,6 @@ run_test "Non-blocking I/O: basic handshake" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Non-blocking I/O: client auth" \ "$P_SRV nbio=2 tickets=0 auth_mode=required" \ "$P_CLI nbio=2 tickets=0" \ @@ -6885,7 +6852,6 @@ run_test "Non-blocking I/O: client auth" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: ticket" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ @@ -6895,7 +6861,6 @@ run_test "Non-blocking I/O: ticket" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: ticket + client auth" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ @@ -6960,7 +6925,6 @@ run_test "Non-blocking I/O: session-id resume" \ # Tests for event-driven I/O: exercise a variety of handshake flows -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Event-driven I/O: basic handshake" \ "$P_SRV event=1 tickets=0 auth_mode=none" \ "$P_CLI event=1 tickets=0" \ @@ -6969,7 +6933,6 @@ run_test "Event-driven I/O: basic handshake" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "Event-driven I/O: client auth" \ "$P_SRV event=1 tickets=0 auth_mode=required" \ "$P_CLI event=1 tickets=0" \ @@ -6978,7 +6941,6 @@ run_test "Event-driven I/O: client auth" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: ticket" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ @@ -6988,7 +6950,6 @@ run_test "Event-driven I/O: ticket" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: ticket + client auth" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ @@ -7683,7 +7644,6 @@ run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.2" \ # Tests for ALPN extension -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "ALPN: none" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -7696,7 +7656,6 @@ run_test "ALPN: none" \ -C "Application Layer Protocol is" \ -S "Application Layer Protocol is" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "ALPN: client only" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 alpn=abc,1234" \ @@ -7709,7 +7668,6 @@ run_test "ALPN: client only" \ -c "Application Layer Protocol is (none)" \ -S "Application Layer Protocol is" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "ALPN: server only" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3" \ @@ -7722,7 +7680,6 @@ run_test "ALPN: server only" \ -C "Application Layer Protocol is" \ -s "Application Layer Protocol is (none)" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "ALPN: both, common cli1-srv1" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=abc,1234" \ @@ -7735,7 +7692,6 @@ run_test "ALPN: both, common cli1-srv1" \ -c "Application Layer Protocol is abc" \ -s "Application Layer Protocol is abc" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "ALPN: both, common cli2-srv1" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=1234,abc" \ @@ -7748,7 +7704,6 @@ run_test "ALPN: both, common cli2-srv1" \ -c "Application Layer Protocol is abc" \ -s "Application Layer Protocol is abc" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "ALPN: both, common cli1-srv2" \ "$P_SRV debug_level=3 alpn=abc,1234" \ "$P_CLI debug_level=3 alpn=1234,abcde" \ @@ -7761,7 +7716,6 @@ run_test "ALPN: both, common cli1-srv2" \ -c "Application Layer Protocol is 1234" \ -s "Application Layer Protocol is 1234" -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "ALPN: both, no common" \ "$P_SRV debug_level=3 alpn=abc,123" \ "$P_CLI debug_level=3 alpn=1234,abcde" \ @@ -8193,28 +8147,24 @@ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: serverAuth -> OK" \ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ "$P_CLI" \ 0 -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ "$P_CLI" \ 0 -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.eku-cs_any.crt" \ "$P_CLI" \ 0 -requires_key_exchange_with_cert_in_tls12_or_tls13_enabled run_test "extKeyUsage srv: codeSign -> fail" \ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.eku-cli.crt" \ From db264069346d980e6ce048affe27c296d09f8d10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 19:08:41 +0200 Subject: [PATCH 08/14] Also activate PSK-only mode when PSK-ephemeral key exchanges are available The point of PSK-only mode is to transform certificate-based command lines into PSK-based command lines, when the certificates are not relevant to what is being tested. So it makes sense to do that in with PSK-ephemeral key exchanges too. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0fd3387bcf..4c5bd0c1a2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -598,15 +598,19 @@ maybe_adapt_for_psk() { adapt_cmd_for_psk SRV_CMD "$SRV_CMD" } -# PSK_PRESENT="YES" if at least one protocol versions supports pure-PSK. +# PSK_PRESENT="YES" if at least one protocol versions supports at least +# one PSK key exchange mode. PSK_PRESENT="NO" -# PSK_ONLY="YES" if no key exchange is enabled except pure-PSK. +# PSK_ONLY="YES" if all the available key exchange modes are PSK-based +# (pure-PSK or PSK-ephemeral, possibly both). PSK_ONLY="" for c in $CONFIGS_ENABLED; do case $c in MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";; + MBEDTLS_KEY_EXCHANGE_PSK_*_ENABLED) PSK_PRESENT="YES";; MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";; + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";; esac done From cd4fe70fe27dc9bde90b1f5e49d667ed199a2e61 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Sep 2024 19:50:17 +0200 Subject: [PATCH 09/14] Fix weirdly quoted invocations of requires_any_configs_enabled Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4c5bd0c1a2..5f80df7d04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2100,8 +2100,8 @@ trap cleanup INT TERM HUP # - the expected parameters are selected requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 requires_hash_alg SHA_512 # "signature_algorithm ext: 6" -requires_any_configs_enabled "MBEDTLS_ECP_DP_CURVE25519_ENABLED \ - PSA_WANT_ECC_MONTGOMERY_255" +requires_any_configs_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED \ + PSA_WANT_ECC_MONTGOMERY_255 run_test "Default, TLS 1.2" \ "$P_SRV debug_level=3" \ "$P_CLI force_version=tls12" \ @@ -2725,8 +2725,8 @@ run_test "Unique IV in GCM" \ -U "IV used" # Test for correctness of sent single supported algorithm -requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256" +requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ + PSA_WANT_ECC_SECP_R1_256 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2741,8 +2741,8 @@ run_test "Single supported algorithm sending: mbedtls client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256" +requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ + PSA_WANT_ECC_SECP_R1_256 requires_hash_alg SHA_256 run_test "Single supported algorithm sending: openssl client" \ "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ From 78df617362418d69ff0b0999c5c503fa98049553 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Sep 2024 19:50:46 +0200 Subject: [PATCH 10/14] Remove unused auth_mode parameter on a PSK test case It was causing the test case to be incorrectly skipped as needing certificate authentication. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5f80df7d04..f0ee03ba2e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12248,7 +12248,7 @@ run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragme client_needs_more_time 2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ + "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ psk=73776f726466697368" \ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ From 7f453bfad453bf1ffdd0efca337d5b84fdca3198 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Sep 2024 10:57:01 +0200 Subject: [PATCH 11/14] Improve some comments Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f0ee03ba2e..7aef6fd617 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -614,6 +614,10 @@ for c in $CONFIGS_ENABLED; do MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";; esac done +# At this stage, $PSK_ONLY is empty if we haven't detected a non-PSK +# key exchange, i.e. if we're in a PSK-only build or a build with no +# key exchanges at all. We avoid triggering PSK-only adaptation code in +# the edge case of no key exchangs. : ${PSK_ONLY:=$PSK_PRESENT} unset c @@ -817,8 +821,8 @@ requires_openssl_tls1_3() { fi } -# OpenSSL 3 servers forbid client renegotiation by default. -# Older versions always alow it. +# OpenSSL servers forbid client renegotiation by default since OpenSSL 3.0. +# Older versions always allow it and have no command-line option. OPENSSL_S_SERVER_CLIENT_RENEGOTIATION= case $($OPENSSL s_server -help 2>&1) in *-client_renegotiation*) From 2dd4395da01af551379ff986fa16500b576da2b6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Sep 2024 11:24:17 +0200 Subject: [PATCH 12/14] Fix detection of TLS 1.2 PSK-ephemeral key exchange modes Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7aef6fd617..59c84f9ecb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -607,7 +607,7 @@ PSK_ONLY="" for c in $CONFIGS_ENABLED; do case $c in MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_KEY_EXCHANGE_PSK_*_ENABLED) PSK_PRESENT="YES";; + MBEDTLS_KEY_EXCHANGE_*_PSK_ENABLED) PSK_PRESENT="YES";; MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";; From 6e85e35fccc0cd71b5b0621732791ed49f06f092 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Sep 2024 12:06:33 +0200 Subject: [PATCH 13/14] Documentation improvements Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 59c84f9ecb..08f78e117f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -485,6 +485,8 @@ detect_required_features() { case " $CMD_LINE " in *\ auth_mode=*|*[-_\ =]crt[_=]*) + # The test case involves certificates (crt), or a relevant + # aspect of it is the (certificate-based) authentication mode. requires_certificate_authentication;; esac @@ -617,7 +619,7 @@ done # At this stage, $PSK_ONLY is empty if we haven't detected a non-PSK # key exchange, i.e. if we're in a PSK-only build or a build with no # key exchanges at all. We avoid triggering PSK-only adaptation code in -# the edge case of no key exchangs. +# the edge case of no key exchanges. : ${PSK_ONLY:=$PSK_PRESENT} unset c From e3eab32600f1af22b934109782ca252ad5e45e3d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Sep 2024 12:24:23 +0200 Subject: [PATCH 14/14] requires_certificate_authentication: prioritize TLS 1.3 When checking whether the build supports certificate authentication, check the key exchange modes enabled in the default protocol version. This is TLS 1.3 when it's enabled. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 08f78e117f..beb9aa5925 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -326,12 +326,13 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" requires_certificate_authentication () { - if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 + if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 then + # TLS 1.3 is negotiated by default, so check whether it supports + # certificate-based authentication. + requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + else # Only TLS 1.2 is enabled. requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - elif ! is_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - then - SKIP_NEXT="YES" fi }