diff --git a/ChangeLog.d/verify-result-default-value.txt b/ChangeLog.d/verify-result-default-value.txt new file mode 100644 index 0000000000..2cf3f0c21b --- /dev/null +++ b/ChangeLog.d/verify-result-default-value.txt @@ -0,0 +1,5 @@ +Changes + * Harden mbedtls_ssl_get_verify_result() against misuse. + If the handshake has not yet been attempted, return -1u to indicate + that the result is not available. Previously the result of verification + was zero-initialized so the function would return 0 (indicating success). diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c99becd9bb..e8a44f834c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -962,6 +962,8 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) void mbedtls_ssl_session_init(mbedtls_ssl_session *session) { memset(session, 0, sizeof(mbedtls_ssl_session)); + /* Set verify_result to -1u to indicate 'result not available'. */ + session->verify_result = 0xFFFFFFFF; } MBEDTLS_CHECK_RETURN_CRITICAL @@ -4570,6 +4572,9 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session) #endif mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); + + /* Set verify_result to -1u to indicate 'result not available'. */ + session->verify_result = 0xFFFFFFFF; } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) @@ -6977,6 +6982,7 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, ssl->handshake->ciphersuite_info; if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; return SSL_CERTIFICATE_SKIP; } @@ -8692,6 +8698,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, void *rs_ctx) { if (authmode == MBEDTLS_SSL_VERIFY_NONE) { + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; return 0; } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b7b075cc97..9b7ca82f91 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2264,6 +2264,9 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); + + /* Since we're not using a certificate, set verify_result to skipped */ + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; } else { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 982e6f8c3b..270dcd0e6e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2616,6 +2616,9 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); + + /* Since we're not using a certificate, set verify_result to skipped */ + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; } else { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); } diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 1bb251fdb8..a8864559e8 100644 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -482,7 +482,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -503,7 +504,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -546,7 +548,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -567,7 +570,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -611,7 +615,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -634,7 +639,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -656,7 +662,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -701,7 +708,8 @@ run_test "TLS 1.3: G->m: all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -723,7 +731,8 @@ run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -768,7 +777,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -813,7 +823,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -835,7 +846,8 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -878,7 +890,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1319,7 +1332,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1339,7 +1353,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1380,7 +1395,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1400,7 +1416,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1442,7 +1459,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1463,7 +1481,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1506,7 +1525,8 @@ run_test "TLS 1.3: O->m: all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1527,7 +1547,8 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1570,7 +1591,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1591,7 +1613,8 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1880,7 +1903,9 @@ run_test "TLS 1.3: m->m: psk/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1995,7 +2020,9 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2083,7 +2110,9 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2215,7 +2244,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2274,7 +2305,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2319,7 +2352,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2366,7 +2401,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2515,7 +2552,9 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2605,7 +2644,9 @@ run_test "TLS 1.3: m->m: psk_all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2652,7 +2693,9 @@ run_test "TLS 1.3: m->m: all/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2699,7 +2742,9 @@ run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2762,7 +2807,9 @@ run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2810,7 +2857,9 @@ run_test "TLS 1.3: m->m: all/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2857,7 +2906,9 @@ run_test "TLS 1.3: m->m: all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -3038,7 +3089,8 @@ run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3056,7 +3108,8 @@ run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #OPENSSL-SERVER all mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3076,7 +3129,8 @@ run_test "TLS 1.3: m->O: all/all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3095,7 +3149,8 @@ run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER psk mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3259,7 +3314,8 @@ run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3279,7 +3335,8 @@ run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER all mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3301,7 +3358,8 @@ run_test "TLS 1.3: m->G: all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3322,4 +3380,5 @@ run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a999c94f5b..370a988791 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5772,6 +5772,7 @@ run_test "Authentication: server badcert, client none" \ key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 auth_mode=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ @@ -5783,12 +5784,14 @@ run_test "Authentication: server badcert, client none (1.2)" \ key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ -C "X509 - Certificate verification failed" + run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ @@ -5837,6 +5840,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ @@ -5844,11 +5848,13 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" \ "$P_SRV" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=none ca_file=none ca_path=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ @@ -5856,6 +5862,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" + # The next few tests check what happens if the server has a valid certificate # that does not match its name (impersonation). @@ -5939,12 +5946,14 @@ run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \ 0 \ + -c "! Certificate verification was skipped" \ -C "does not match with the expected CN" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" + run_test "Authentication: hostname null, client required" \ "$P_SRV" \ "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \ @@ -5970,12 +5979,14 @@ run_test "Authentication: hostname null, client none" \ "$P_SRV" \ "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \ 0 \ + -c "! Certificate verification was skipped" \ -C "does not match with the expected CN" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" + run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ "$P_CLI auth_mode=required set_hostname=no debug_level=2" \ @@ -6015,6 +6026,7 @@ run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ "$P_CLI auth_mode=none set_hostname=no debug_level=2" \ 0 \ + -c "! Certificate verification was skipped" \ -C "does not match with the expected CN" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ @@ -6173,6 +6185,7 @@ run_test "Authentication: client badcert, server none" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ 0 \ + -s "! Certificate verification was skipped" \ -s "skip write certificate request" \ -C "skip parse certificate request" \ -c "got no certificate request" \ @@ -6280,6 +6293,7 @@ run_test "Authentication: server max_int+1 chain, client none" \ "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ auth_mode=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "X509 - A fatal error occurred" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index cdbd73ab25..0d635ee6c8 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3527,3 +3527,6 @@ ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTI TLS fatal alert getter ssl_get_alert_after_fatal + +Default verify_result before doing a handshake +verify_result_without_handshake diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b70a815fc6..cb9c2fbeeb 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6040,3 +6040,46 @@ exit: USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +void verify_result_without_handshake(void) +{ + /* Test the result of verification before we perform a handshake. */ + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + + PSA_INIT(); + + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), 0); + + mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); + mbedtls_ssl_conf_ca_chain(&conf, NULL, NULL); + + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); + + uint32_t verify_result = mbedtls_ssl_get_verify_result(&ssl); + + TEST_EQUAL(verify_result, 0xFFFFFFFF); + + /* Set the verify result manually and check that session_free resets it. */ + + /* Set the verify result to 0. */ + ssl.session_negotiate->verify_result = 0; + + mbedtls_ssl_session_free(ssl.session_negotiate); + + verify_result = mbedtls_ssl_get_verify_result(&ssl); + TEST_EQUAL(verify_result, 0xFFFFFFFF); + +exit: + mbedtls_ssl_config_free(&conf); + mbedtls_ssl_free(&ssl); + PSA_DONE(); +} +/* END_CASE */