From 85e1dcff6a90d7aa3bbf3abce64ac97b775fda64 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 6 Feb 2018 15:59:38 +0200 Subject: [PATCH 1/4] Fix handshake failure in suite B Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY` instead of `MBEDTLS_ECDSA` --- ChangeLog | 6 ++++++ library/x509_crt.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8db021591..48529f309 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix handshake failure in NIST suite b, where the key was determined as + MBEDTLS_ECKEY instead of MBEDTLS_ECDSA. + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/library/x509_crt.c b/library/x509_crt.c index c6209fb40..0e28dac01 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -133,7 +133,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), /* Only ECDSA */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ), + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), #if defined(MBEDTLS_ECP_C) /* Only NIST P-256 and P-384 */ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | From 099e61df522ddc3e242c113a636111b5e9d55004 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 6 Feb 2018 17:34:27 +0200 Subject: [PATCH 2/4] Rephrase Changelog Rephrase Changelog to be more coherent to users --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 48529f309..5945b7eae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Fix handshake failure in NIST suite b, where the key was determined as - MBEDTLS_ECKEY instead of MBEDTLS_ECDSA. + * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates + with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. + In the context of SSL, this resulted in handshake failure. = mbed TLS 2.7.0 branch released 2018-02-03 From c15399843ef42a41d03374cf64de29a7716b7481 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 6 Feb 2018 18:47:17 +0200 Subject: [PATCH 3/4] Add some tests for different available profiles Add tests for suite b profile and for the next profile --- tests/suites/test_suite_x509parse.data | 20 ++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 4 ++++ 2 files changed, 24 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d4cc11a08..73ccead25 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -735,6 +735,26 @@ X509 Certificate verification #87 (Expired CA and invalid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" +X509 Certificate verification #88 (Suite B invalid, EC cert, RSA CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" + +X509 Certificate verification #89 (Suite B invalid, RSA cert, EC CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" + +X509 Certificate verification #90 (Suite B Valid, EC cert, EC CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" + +X509 Certificate verification #91 (next profile Invalid Cert SHA224 Digest) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" + +X509 Certificate verification #92 (next profile Valid Cert SHA256 Digest) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 0dfdd61c2..2a98771a7 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -250,6 +250,10 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, if( strcmp( profile_str, "default" ) == 0 ) profile = &mbedtls_x509_crt_profile_default; + else if( strcmp( profile_str, "next" ) == 0 ) + profile = &mbedtls_x509_crt_profile_next; + else if( strcmp( profile_str, "suite_b" ) == 0 ) + profile = &mbedtls_x509_crt_profile_suiteb; else if( strcmp( profile_str, "compat" ) == 0 ) profile = &compat_profile; else From 200b24fdf8a9d686e46e3e4d2d87638fd84303df Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Feb 2018 16:40:11 +0100 Subject: [PATCH 4/4] Mention in ChangeLog that this fixes #1351 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 5945b7eae..1838ccf12 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. - In the context of SSL, this resulted in handshake failure. + In the context of SSL, this resulted in handshake failure. #1351 = mbed TLS 2.7.0 branch released 2018-02-03