From 2c74ff629d4ed55730c83265f1eb67e45af3d4df Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 11 Mar 2022 17:15:23 +0100 Subject: [PATCH 1/4] compat.sh: Restore full TLS compatibility testing Signed-off-by: Ronald Cron --- tests/compat.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index ce77658b5..cd05ec266 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -217,7 +217,7 @@ filter_ciphersuites() # supports from the s_server help. (The s_client help isn't # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it. # But the s_server help seems to be accurate.) - if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then + if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then M_CIPHERS="" O_CIPHERS="" fi @@ -631,12 +631,15 @@ add_mbedtls_ciphersuites() setup_arguments() { + O_MODE="" G_MODE="" case "$MODE" in "tls12") + O_MODE="tls1_2" G_PRIO_MODE="+VERS-TLS1.2" ;; "dtls12") + O_MODE="dtls1_2" G_PRIO_MODE="+VERS-DTLS1.2" G_MODE="-u" ;; @@ -653,7 +656,7 @@ setup_arguments() fi M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" - O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE" + O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" @@ -678,7 +681,7 @@ setup_arguments() fi M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" - O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" + O_CLIENT_ARGS="-connect localhost:$PORT -$O_MODE" G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" From 618955d38143cc468c23b7fa6ffccde4e3e7db5c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 23 Mar 2022 14:14:19 +0100 Subject: [PATCH 2/4] compat.sh: Fix check for OpenSSL support If OpenSSL does not support a mode (tls12 or dtls12 or tls13) just skip the tests involving OpenSSL. Signed-off-by: Ronald Cron --- tests/compat.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index cd05ec266..c069237e1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -213,15 +213,6 @@ filter_ciphersuites() G_CIPHERS=$( filter "$G_CIPHERS" ) fi - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL - # supports from the s_server help. (The s_client help isn't - # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it. - # But the s_server help seems to be accurate.) - if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then - M_CIPHERS="" - O_CIPHERS="" - fi - # For GnuTLS client -> mbed TLS server, # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then @@ -1080,6 +1071,15 @@ for VERIFY in $VERIFIES; do continue; fi + # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL + # supports $O_MODE from the s_server help. (The s_client + # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 + # but doesn't list it. But the s_server help seems to be + # accurate.) + if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then + continue; + fi + reset_ciphersuites add_common_ciphersuites add_openssl_ciphersuites From 862902dd5704bfbd52732a7028d0de36e00a06b4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 24 Mar 2022 14:15:28 +0100 Subject: [PATCH 3/4] ssl_srv.c: Mark ETM as disabled if cipher is not CBC Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS 1.2 server only for the CBC cipher mode thus make it clear in the SSL context. The previous code was ok as long as the check of the ETM status was done only in the case of the CBC cipher mode but fragile as #5573 revealed. Signed-off-by: Ronald Cron --- library/ssl_srv.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 094fca893..e9fa63311 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2047,12 +2047,6 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_cipher_info_t *cipher = NULL; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) - { - *olen = 0; - return; - } - /* * RFC 7366: "If a server receives an encrypt-then-MAC request extension * from a client and then selects a stream or Authenticated Encryption @@ -2069,6 +2063,11 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || cipher->mode != MBEDTLS_MODE_CBC ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ + { + ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; + } + + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) { *olen = 0; return; From fb39f15fa1fac02bb963cd8f9eb700725009453a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 25 Mar 2022 14:36:28 +0100 Subject: [PATCH 4/4] ssl_tls.c: Use ETM status only in CBC mode case Signed-off-by: Ronald Cron --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0177add1f..2ff324925 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7450,9 +7450,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, goto end; } - if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER || - transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) && - transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) + if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) || + ( ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) && + ( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) ) ) /* mbedtls_ct_hmac() requires the key to be exportable */ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH );