From 01e3c37f7b88fbd46972c7204cf0e0585caefa40 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 11 Mar 2022 17:15:23 +0100 Subject: [PATCH 1/4] compat.sh: Restore full TLS compatibility testing Signed-off-by: Ronald Cron --- tests/compat.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 444c80cb3..775d9231f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -231,7 +231,7 @@ filter_ciphersuites() # supports from the s_server help. (The s_client help isn't # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it. # But the s_server help seems to be accurate.) - if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then + if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then M_CIPHERS="" O_CIPHERS="" fi @@ -870,6 +870,7 @@ add_mbedtls_ciphersuites() setup_arguments() { + O_MODE="" G_MODE="" case "$MODE" in "ssl3") @@ -882,6 +883,7 @@ setup_arguments() G_PRIO_MODE="+VERS-TLS1.1" ;; "tls12") + O_MODE="tls1_2" G_PRIO_MODE="+VERS-TLS1.2" ;; "dtls1") @@ -889,6 +891,7 @@ setup_arguments() G_MODE="-u" ;; "dtls12") + O_MODE="dtls1_2" G_PRIO_MODE="+VERS-DTLS1.2" G_MODE="-u" ;; @@ -905,7 +908,7 @@ setup_arguments() fi M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" - O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE" + O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" @@ -930,7 +933,7 @@ setup_arguments() fi M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" - O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" + O_CLIENT_ARGS="-connect localhost:$PORT -$O_MODE" G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" From c2e2876e0e5f50d4851d818ca866829af2822ac2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 23 Mar 2022 14:14:19 +0100 Subject: [PATCH 2/4] compat.sh: Fix check for OpenSSL support If OpenSSL does not support a mode (tls12 or dtls12 or tls13) just skip the tests involving OpenSSL. Signed-off-by: Ronald Cron --- tests/compat.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 775d9231f..42b9cdb9f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -227,15 +227,6 @@ filter_ciphersuites() G_CIPHERS=$( filter "$G_CIPHERS" ) fi - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL - # supports from the s_server help. (The s_client help isn't - # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it. - # But the s_server help seems to be accurate.) - if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then - M_CIPHERS="" - O_CIPHERS="" - fi - # For GnuTLS client -> mbed TLS server, # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then @@ -1332,6 +1323,15 @@ for VERIFY in $VERIFIES; do continue; fi + # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL + # supports $O_MODE from the s_server help. (The s_client + # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 + # but doesn't list it. But the s_server help seems to be + # accurate.) + if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then + continue; + fi + reset_ciphersuites add_common_ciphersuites add_openssl_ciphersuites From f1ed5951e353ea4e5173cef5bd533cb9c9e52440 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 24 Mar 2022 14:15:28 +0100 Subject: [PATCH 3/4] ssl_srv.c: Mark ETM as disabled if cipher is not CBC Encrypt-Then-Mac (ETM) is supported in Mbed TLS server for TLS version geater than SSLv3 and only for the CBC cipher mode thus make it clear in the SSL context. The previous code was ok as long as the check of the ETM status was done only in the case of the CBC cipher mode but fragile as #5573 revealed. Signed-off-by: Ronald Cron --- library/ssl_srv.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1a6317320..8d5e39fe3 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2354,12 +2354,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - *olen = 0; - return; - } + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; /* * RFC 7366: "If a server receives an encrypt-then-MAC request extension @@ -2371,6 +2367,11 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ssl->session_negotiate->ciphersuite ) ) == NULL || ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || cipher->mode != MBEDTLS_MODE_CBC ) + { + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; + } + + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) { *olen = 0; return; From e7dad1f616f630b375a15f849e7f57aa317111be Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 28 Mar 2022 10:19:54 +0200 Subject: [PATCH 4/4] ssl_tls.c: Fix inappropriate use of ssl context Signed-off-by: Ronald Cron --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bd0eb10ec..c85291e1e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1361,7 +1361,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, cipher_info, transform->taglen ); @@ -1404,7 +1404,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, cipher_info, transform->taglen );