manually merge 9f98251 make extKeyUsage accessible

ChangeLog

@@ -70,6 +70,9 @@ Changes
 = mbed TLS 1.3 branch
 
 Security
+   * With authmode set to MBEDTLS_SSL_VERIFY_OPTIONAL, verification of keyUsage and
+     extendedKeyUsage on the leaf certificate was lost (results not accessible
+     via ssl_get_verify_results()).
 
 Features
    * Add mbedtls_x509_crt_verify_info() to display certificate verification results.

include/mbedtls/ssl.h

@@ -2281,7 +2281,8 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
  */
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
                           const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint );
+                          int cert_endpoint,
+                          int *flags );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 void mbedtls_ssl_write_version( int major, int minor, int transport,

library/ssl_srv.c

@@ -868,6 +868,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
 {
     mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
     mbedtls_pk_type_t pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+    int flags;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     if( ssl->handshake->sni_key_cert != NULL )
@@ -901,7 +902,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
          * and decrypting with the same RSA key.
          */
         if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info,
-                                  MBEDTLS_SSL_IS_SERVER ) != 0 )
+                                  MBEDTLS_SSL_IS_SERVER, &flags ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
                                 "(extended) key usage extension" ) );

library/ssl_tls.c

@@ -4059,7 +4059,8 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
 
         if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
                                   ciphersuite_info,
-                                  ! ssl->endpoint ) != 0 )
+                                  ! ssl->endpoint,
+                                 &ssl->session_negotiate->verify_result ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
             if( ret == 0 )
@@ -6789,8 +6790,10 @@ int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
                           const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint )
+                          int cert_endpoint,
+                          int *flags )
 {
+    int ret = 0;
 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
     int usage = 0;
 #endif
@@ -6803,6 +6806,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
     !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
     ((void) cert);
     ((void) cert_endpoint);
+    ((void) flags);
 #endif
 
 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
@@ -6842,7 +6846,10 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
     }
 
     if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
-        return( -1 );
+    {
+        *flags |= MBEDTLS_BADCERT_KEY_USAGE;
+        ret = -1;
+    }
 #else
     ((void) ciphersuite);
 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
@@ -6860,10 +6867,13 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
     }
 
     if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
-        return( -1 );
+    {
+        *flags |= MBEDTLS_BADCERT_EXT_KEY_USAGE;
+        ret = -1;
+    }
 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
 
-    return( 0 );
+    return( ret );
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 

tests/ssl-opt.sh

@@ -2094,6 +2094,17 @@ run_test    "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
             -c "Processing of the Certificate handshake message failed" \
             -C "Ciphersuite is TLS-"
 
+run_test    "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
+            "$O_SRV -key data_files/server2.key \
+             -cert data_files/server2.ku-ke.crt" \
+            "$P_CLI debug_level=1 auth_mode=optional \
+             force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+            0 \
+            -c "bad certificate (usage extensions)" \
+            -C "Processing of the Certificate handshake message failed" \
+            -c "Ciphersuite is TLS-" \
+            -c "! Usage does not match the keyUsage extension"
+
 run_test    "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
             "$O_SRV -key data_files/server2.key \
              -cert data_files/server2.ku-ds.crt" \
@@ -2114,6 +2125,17 @@ run_test    "keyUsage cli: DigitalSignature, RSA: fail" \
             -c "Processing of the Certificate handshake message failed" \
             -C "Ciphersuite is TLS-"
 
+run_test    "keyUsage cli: DigitalSignature, RSA: fail, soft" \
+            "$O_SRV -key data_files/server2.key \
+             -cert data_files/server2.ku-ds.crt" \
+            "$P_CLI debug_level=1 auth_mode=optional \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+            0 \
+            -c "bad certificate (usage extensions)" \
+            -C "Processing of the Certificate handshake message failed" \
+            -c "Ciphersuite is TLS-" \
+            -c "! Usage does not match the keyUsage extension"
+
 # Tests for keyUsage in leaf certificates, part 3:
 # server-side checking of client cert