Merge pull request #1272 from eleuzi01/forward-1263
Fix 1.3 cli-auth optional reporting of (ext)KeyUsage issues
diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
new file mode 100644
index 0000000..b81fb42
--- /dev/null
+++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
@@ -0,0 +1,11 @@
+Security
+ * With TLS 1.3, when a server enables optional authentication of the
+ client, if the client-provided certificate does not have appropriate values
+ in keyUsage or extKeyUsage extensions, then the return value of
+ mbedtls_ssl_get_verify_result() would incorrectly have the
+ MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
+ clear. As a result, an attacker that had a certificate valid for uses other
+ than TLS client authentication could be able to use it for TLS client
+ authentication anyway. Only TLS 1.3 servers were affected, and only with
+ optional authentication (required would abort the handshake with a fatal
+ alert).
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 8ac6579..651a17b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -714,6 +714,18 @@
/*
* Secondary checks: always done, but change 'ret' only if it was 0
*/
+ /* keyUsage */
+ if ((mbedtls_x509_crt_check_key_usage(
+ ssl->session_negotiate->peer_cert,
+ MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
+ if (ret == 0) {
+ ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+ }
+ verify_result |= MBEDTLS_X509_BADCERT_KEY_USAGE;
+ }
+
+ /* extKeyUsage */
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
@@ -722,16 +734,14 @@
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
}
- if ((mbedtls_x509_crt_check_key_usage(
- ssl->session_negotiate->peer_cert,
- MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0) ||
- (mbedtls_x509_crt_check_extended_key_usage(
+ if ((mbedtls_x509_crt_check_extended_key_usage(
ssl->session_negotiate->peer_cert,
ext_oid, ext_len) != 0)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
+ verify_result |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
}
/* mbedtls_x509_crt_verify_with_profile is supposed to report a
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f1f85a0..b0ecfd0 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2204,7 +2204,9 @@
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
(unsigned int) -ret);
- if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+ ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) {
mbedtls_printf(
" Unable to verify the server's certificate. "
"Either it is invalid,\n"
@@ -2215,7 +2217,13 @@
"not using TLS 1.3.\n"
" For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
"or other folder that has root certificates\n");
+
+ flags = mbedtls_ssl_get_verify_result(&ssl);
+ char vrfy_buf[512];
+ x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+ mbedtls_printf("%s\n", vrfy_buf);
}
+#endif
mbedtls_printf("\n");
goto exit;
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index cc895a1..714f71d 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3505,7 +3505,8 @@
(unsigned int) -ret);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
- if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+ ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) {
char vrfy_buf[512];
flags = mbedtls_ssl_get_verify_result(&ssl);
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 216bbd0..531eb74 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -7640,22 +7640,26 @@
# Tests for keyUsage in leaf certificates, part 1:
# server-side certificate/suite selection
+#
+# This is only about 1.2 (for 1.3, all key exchanges use signatures).
+# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
+# signatures too, following the removal of RSA #8170 and static ECDH #9201.
-run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
+run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
-run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
+run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-"
-run_test "keyUsage srv: RSA, keyAgreement -> fail" \
+run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \
"$P_CLI" \
@@ -7663,7 +7667,7 @@
-C "Ciphersuite is "
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
+run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \
"$P_CLI" \
@@ -7671,14 +7675,14 @@
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
-run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
+run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDH-"
-run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
+run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI" \
@@ -7687,8 +7691,12 @@
# Tests for keyUsage in leaf certificates, part 2:
# client-side checking of server cert
+#
+# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange.
+# In 4.0 this will probably change as all TLS 1.2 key exchanges will use
+# signatures too, following the removal of RSA #8170 and static ECDH #9201.
-run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
+run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
@@ -7698,7 +7706,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
-run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
+run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
@@ -7708,7 +7716,7 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
-run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
+run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
@@ -7718,28 +7726,32 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
-run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
+run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
- "$P_CLI debug_level=1 \
+ "$P_CLI debug_level=3 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is TLS-"
+ -C "Ciphersuite is TLS-" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the keyUsage extension"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
+run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
- "$P_CLI debug_level=1 auth_mode=optional \
+ "$P_CLI debug_level=3 auth_mode=optional \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \
+ -C "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
-run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
+run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
@@ -7749,30 +7761,46 @@
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
-run_test "keyUsage cli: DigitalSignature, RSA: fail" \
+run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
- "$P_CLI debug_level=1 \
+ "$P_CLI debug_level=3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is TLS-"
+ -C "Ciphersuite is TLS-" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the keyUsage extension"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
+run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
- "$P_CLI debug_level=1 auth_mode=optional \
+ "$P_CLI debug_level=3 auth_mode=optional \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \
+ -C "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
+ "$P_CLI debug_level=3" \
+ 0 \
+ -C "bad certificate (usage extensions)" \
+ -C "Processing of the Certificate handshake message failed" \
+ -c "Ciphersuite is"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
@@ -7785,26 +7813,32 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
+run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
- "$P_CLI debug_level=1" \
+ "$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is"
+ -C "Ciphersuite is" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the keyUsage extension"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
+run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
- "$P_CLI debug_level=1" \
+ "$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is"
+ -C "Ciphersuite is" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the keyUsage extension"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -7821,32 +7855,40 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
+run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ke.crt" \
- "$P_CLI debug_level=1" \
+ "$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is"
+ -C "Ciphersuite is" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the keyUsage extension"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
+run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
- "$P_CLI debug_level=1" \
+ "$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is"
+ -C "Ciphersuite is" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the keyUsage extension"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert
+#
+# Here, both 1.2 and 1.3 only use signatures.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
+run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \
@@ -7856,25 +7898,40 @@
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
+run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
+ 0 \
+ -s "Verifying peer X.509 certificate... ok" \
+ -S "bad certificate (usage extensions)" \
+ -S "Processing of the Certificate handshake message failed"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \
+ "$P_SRV debug_level=3 auth_mode=optional" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
+ -S "send alert level=2 message=43" \
+ -s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
- "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \
+run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \
+ "$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
+ -s "send alert level=2 message=43" \
+ -s "! Usage does not match the keyUsage extension" \
-s "Processing of the Certificate handshake message failed"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
+run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ds.crt" \
@@ -7884,14 +7941,28 @@
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \
+ "$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
+ -S "send alert level=2 message=43" \
+ -s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \
+ "$P_SRV debug_level=3 auth_mode=required" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
+ 1 \
+ -s "bad certificate (usage extensions)" \
+ -s "send alert level=2 message=43" \
+ -s "! Usage does not match the keyUsage extension" \
+ -s "Processing of the Certificate handshake message failed"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -7907,17 +7978,46 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
+run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
+ 0 \
+ -s "Verifying peer X.509 certificate... ok" \
+ -S "bad certificate (usage extensions)" \
+ -S "Processing of the Certificate handshake message failed"
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
+ "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
+ -S "send alert level=2 message=43" \
+ -s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
+ "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
+ "$P_CLI key_file=$DATA_FILES_PATH/server2.key \
+ crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
+ 1 \
+ -s "bad certificate (usage extensions)" \
+ -s "Processing of the Certificate handshake message failed" \
+ -s "send alert level=2 message=43" \
+ -s "! Usage does not match the keyUsage extension" \
+ -s "! mbedtls_ssl_handshake returned"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
@@ -7931,13 +8031,29 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
- "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
+ "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
+ -s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
+ "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
+ "$P_CLI key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
+ 1 \
+ -s "bad certificate (usage extensions)" \
+ -s "Processing of the Certificate handshake message failed" \
+ -s "send alert level=2 message=43" \
+ -s "! Usage does not match the keyUsage extension" \
+ -s "! mbedtls_ssl_handshake returned"
+ # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+
# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
@@ -7971,7 +8087,7 @@
# Tests for extendedKeyUsage, part 2: client-side checking of server cert
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli: serverAuth -> OK" \
+run_test "extKeyUsage cli 1.2: serverAuth -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
@@ -7981,7 +8097,7 @@
-c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
+run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
@@ -7991,7 +8107,7 @@
-c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
+run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
@@ -8001,14 +8117,30 @@
-c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli: codeSign -> fail" \
+run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
- "$P_CLI debug_level=1" \
+ "$P_CLI debug_level=3 auth_mode=optional" \
+ 0 \
+ -c "bad certificate (usage extensions)" \
+ -C "Processing of the Certificate handshake message failed" \
+ -c "Ciphersuite is TLS-" \
+ -C "send alert level=2 message=43" \
+ -c "! Usage does not match the extendedKeyUsage extension"
+ # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
+ "$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is TLS-"
+ -C "Ciphersuite is TLS-" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the extendedKeyUsage extension"
+ # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -8049,19 +8181,22 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-run_test "extKeyUsage cli 1.3: codeSign -> fail" \
+run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
- "$P_CLI debug_level=1" \
+ "$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
- -C "Ciphersuite is"
+ -C "Ciphersuite is" \
+ -c "send alert level=2 message=43" \
+ -c "! Usage does not match the extendedKeyUsage extension"
+ # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for extendedKeyUsage, part 3: server-side checking of client cert
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli-auth: clientAuth -> OK" \
+run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cli.crt" \
@@ -8070,7 +8205,7 @@
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
+run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
@@ -8079,7 +8214,7 @@
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
+run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
@@ -8088,22 +8223,27 @@
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
- "$P_SRV debug_level=1 auth_mode=optional" \
+run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \
+ "$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
- -S "Processing of the Certificate handshake message failed"
+ -S "send alert level=2 message=43" \
+ -s "! Usage does not match the extendedKeyUsage extension" \
+ -S "Processing of the Certificate handshake message failed" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
- "$P_SRV debug_level=1 auth_mode=required" \
+run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \
+ "$P_SRV debug_level=3 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
1 \
-s "bad certificate (usage extensions)" \
+ -s "send alert level=2 message=43" \
+ -s "! Usage does not match the extendedKeyUsage extension" \
-s "Processing of the Certificate handshake message failed"
+ # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -8142,13 +8282,29 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
- "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
+ "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
+ -S "send alert level=2 message=43" \
+ -s "! Usage does not match the extendedKeyUsage extension" \
-S "Processing of the Certificate handshake message failed"
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \
+ "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
+ "$P_CLI key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \
+ 1 \
+ -s "bad certificate (usage extensions)" \
+ -s "send alert level=2 message=43" \
+ -s "! Usage does not match the extendedKeyUsage extension" \
+ -s "Processing of the Certificate handshake message failed"
+ # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+
# Tests for DHM parameters loading
run_test "DHM parameters: reference" \