From fb2ce055a3303efd37895df48a2b11e0cb5adbab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 17:36:12 +0200 Subject: [PATCH] SSL tests: make client authentication more uniform, defaulting on There was a discrepancy between how `mbedtls_test_ssl_endpoint_init()` and `mbedtls_test_ssl_perform_handshake()` handled client authentication: `mbedtls_test_ssl_endpoint_init()` defaulted to `MBEDTLS_SSL_VERIFY_REQUIRED` on both sides, whereas `mbedtls_test_ssl_perform_handshake()` obeyed `options->srv_auth_mode` which defaulted to no verification of the client certificate. Make this more uniform. Now `mbedtls_test_ssl_endpoint_init()` obeys `options->srv_auth_mode` on servers (still forcing verification on clients, which is the library default anyway). Also, `options->srv_auth_mode` is now enabled by default. Thus: * Tests that call `mbedtls_test_ssl_perform_handshake()` now perform client certificate verification, unless they disable it explicitly. * Tests that call `mbedtls_test_ssl_endpoint_init()` on a server are unchanged. (They would change if they were setting `options->srv_auth_mode` explicitly, which previously was ignored, but no test function did this.) This means that a few test functions now perform client certificate verification whereas they previously don't. This is harmless except in `handshake_ciphersuite_select`, where one test case `Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque` fails with client authentication because the test code doesn't deal with the weirdness of static ECDH correctly with respect to client authentication. So keep the previous behavior in `handshake_ciphersuite_select`, by explicitly turning off client authentication. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 9 ++++++--- tests/suites/test_suite_ssl.function | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a7b154a7e1..c38d24aa8e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -71,7 +71,7 @@ void mbedtls_test_init_handshake_options( opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; opts->pk_alg = MBEDTLS_PK_RSA; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; + opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; @@ -876,7 +876,11 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { + mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode); + } else { + mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + } #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); @@ -2440,7 +2444,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, MBEDTLS_SSL_IS_SERVER, options), 0); - mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); if (options->dtls) { TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 052a9d8f4a..652576b127 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3043,6 +3043,7 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, options.opaque_alg = psa_alg; options.opaque_alg2 = psa_alg2; options.opaque_usage = psa_usage; + options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; options.expected_handshake_result = expected_handshake_result; options.expected_ciphersuite = expected_ciphersuite;