From 7a5e2bec753ea6bd49aa020b3d658e95a7c91006 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 10 Jun 2019 10:13:03 +0300 Subject: [PATCH 1/9] Create a new flag for enforcing the extended master secret If the flag is enabled, drop the connection if peer doesn't support extended master secret extension. --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ library/ssl_tls.c | 6 ++++++ 2 files changed, 24 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7f073afba..a3a5d4f55 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1031,6 +1031,9 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) unsigned int extended_ms : 1; /*!< negotiate extended master secret? */ + unsigned int enforce_extended_master_secret : 1; /*!< enforce the usage + * of extended master + * secret */ #endif #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) unsigned int anti_replay : 1; /*!< detect and prevent replay? */ @@ -2820,6 +2823,21 @@ void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED */ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ); + +/** + * \brief Enable or disable Extended Master Secret enforcing. + * (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED) + * + * \note This enforces the peer to use the Extended Master Secret + * extension, if the option is enabled and the peer doesn't + * support the extension, the connection is dropped. + * + * \param conf SSL configuration + * \param ems_enf MBEDTLS_SSL_EXTENDED_MS_ENFROCE_ENABLED or + * MBEDTLS_SSL_EXTENDED_MS_DISABLED + */ +void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, + char ems_enf); #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_ARC4_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b61453fe5..8cf9a497e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8341,6 +8341,12 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems { conf->extended_ms = ems; } + +void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, + char ems_enf); +{ + conf->enforce_extended_master_secret = ems_enf; +} #endif #if defined(MBEDTLS_ARC4_C) From 95f752e679a86da0cb0470a89c06f66d05ca0f1a Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 10 Jun 2019 10:15:49 +0300 Subject: [PATCH 2/9] Fix typo --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a3a5d4f55..6a6d8aed3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2833,7 +2833,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems * support the extension, the connection is dropped. * * \param conf SSL configuration - * \param ems_enf MBEDTLS_SSL_EXTENDED_MS_ENFROCE_ENABLED or + * \param ems_enf MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED or * MBEDTLS_SSL_EXTENDED_MS_DISABLED */ void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, From d9382f85e7b8f5d518a4ad713045f2891b705280 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 10 Jun 2019 10:27:14 +0300 Subject: [PATCH 3/9] Add definitions for enforce flag values --- include/mbedtls/ssl.h | 7 +++++-- library/ssl_tls.c | 4 +++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6a6d8aed3..38546ac2d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -158,6 +158,9 @@ #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 +#define MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED 0 +#define MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED 1 + #define MBEDTLS_SSL_CID_DISABLED 0 #define MBEDTLS_SSL_CID_ENABLED 1 @@ -2834,10 +2837,10 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems * * \param conf SSL configuration * \param ems_enf MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED or - * MBEDTLS_SSL_EXTENDED_MS_DISABLED + * MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED */ void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, - char ems_enf); + char ems_enf ); #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_ARC4_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8cf9a497e..ca9131aea 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8343,7 +8343,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems } void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, - char ems_enf); + char ems_enf ); { conf->enforce_extended_master_secret = ems_enf; } @@ -10301,6 +10301,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; + conf->enforce_extended_master_secret = + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED; #endif #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) From 842be1680097c23429c3c307b782c79fa18aa654 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 10 Jun 2019 15:05:33 +0300 Subject: [PATCH 4/9] Check for the enforcing and fail handshake if the peer doesn't support --- library/ssl_cli.c | 15 +++++++++++++++ library/ssl_srv.c | 15 +++++++++++++++ library/ssl_tls.c | 2 +- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index be80de71d..64870b132 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2090,6 +2090,21 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_RENEGOTIATION */ + /* + * Check if extended master secret is being enforced + */ +#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) + if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && + ssl->conf->enforce_extended_master_secret == + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED && + ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master " + "secret, while it is enforced") ); + handshake_failure = 1; + } +#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ + if( handshake_failure == 1 ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, diff --git a/library/ssl_srv.c b/library/ssl_srv.c index c152bc3a8..0c65d8558 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2024,6 +2024,21 @@ read_record_header: } #endif /* MBEDTLS_SSL_RENEGOTIATION */ + /* + * Check if extended master secret is being enforced + */ +#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) + if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && + ssl->conf->enforce_extended_master_secret == + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED && + ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master " + "secret, while it is enforced") ); + handshake_failure = 1; + } +#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ + if( handshake_failure == 1 ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ca9131aea..27e55d93b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8343,7 +8343,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems } void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, - char ems_enf ); + char ems_enf ) { conf->enforce_extended_master_secret = ems_enf; } From 18b9a491e116d27128eb17b6091ff4f837a04ed5 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 10 Jun 2019 15:23:29 +0300 Subject: [PATCH 5/9] Disable the enforce flag by default --- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 38546ac2d..bc42d5495 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2829,7 +2829,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems /** * \brief Enable or disable Extended Master Secret enforcing. - * (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED) + * (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED) * * \note This enforces the peer to use the Extended Master Secret * extension, if the option is enabled and the peer doesn't diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 27e55d93b..1f8690a64 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -10302,7 +10302,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; conf->enforce_extended_master_secret = - MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED; + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED; #endif #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) From 41b359114d74abfacc14eafb0a1bb0a6d1a8a3af Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 10 Jun 2019 15:51:11 +0300 Subject: [PATCH 6/9] Add tests for enforced extended master secret flag --- programs/ssl/ssl_client2.c | 25 ++++++++++++++++++++++++- programs/ssl/ssl_server2.c | 25 ++++++++++++++++++++++++- tests/ssl-opt.sh | 37 ++++++++++++++++++++++++++++++++++--- 3 files changed, 82 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 38c94be60..9220d5d5f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -122,6 +122,7 @@ int main( void ) #define DFL_FALLBACK -1 #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 +#define DFL_EXTENDED_MS_ENFORCE -1 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -243,7 +244,8 @@ int main( void ) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #define USAGE_EMS \ - " extended_ms=0/1 default: (library default: on)\n" + " extended_ms=0/1 default: (library default: on)\n" \ + " enforce_extended_master_secret=0/1 default: (library default: off)\n" #else #define USAGE_EMS "" #endif @@ -410,6 +412,8 @@ struct options int fallback; /* is this a fallback connection? */ int dgram_packing; /* allow/forbid datagram packing */ int extended_ms; /* negotiate extended master secret? */ + int enforce_extended_master_secret; /* Enforce the usage of extended + * master secret */ int etm; /* negotiate encrypt then mac? */ int cid_enabled; /* whether to use the CID extension or not */ int cid_enabled_renego; /* whether to use the CID extension or not @@ -825,6 +829,7 @@ int main( int argc, char *argv[] ) opt.dtls_mtu = DFL_DTLS_MTU; opt.fallback = DFL_FALLBACK; opt.extended_ms = DFL_EXTENDED_MS; + opt.enforce_extended_master_secret = DFL_EXTENDED_MS_ENFORCE; opt.etm = DFL_ETM; opt.dgram_packing = DFL_DGRAM_PACKING; @@ -1025,6 +1030,21 @@ int main( int argc, char *argv[] ) default: goto usage; } } + else if( strcmp( p, "enforce_extended_master_secret" ) == 0 ) + { + switch( atoi( q ) ) + { + case 0: + opt.enforce_extended_master_secret = + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED; + break; + case 1: + opt.enforce_extended_master_secret = + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED; + break; + default: goto usage; + } + } else if( strcmp( p, "curves" ) == 0 ) opt.curves = q; else if( strcmp( p, "etm" ) == 0 ) @@ -1638,6 +1658,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms ); + if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE ) + mbedtls_ssl_conf_extended_master_secret_enforce( &conf, + opt.enforce_extended_master_secret ); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ec18dd91c..4dcbb1659 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -163,6 +163,7 @@ int main( void ) #define DFL_DGRAM_PACKING 1 #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 +#define DFL_EXTENDED_MS_ENFORCE -1 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -342,7 +343,8 @@ int main( void ) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #define USAGE_EMS \ - " extended_ms=0/1 default: (library default: on)\n" + " extended_ms=0/1 default: (library default: on)\n" \ + " enforce_extended_master_secret=0/1 default: (library default: off)\n" #else #define USAGE_EMS "" #endif @@ -525,6 +527,8 @@ struct options const char *alpn_string; /* ALPN supported protocols */ const char *dhm_file; /* the file with the DH parameters */ int extended_ms; /* allow negotiation of extended MS? */ + int enforce_extended_master_secret; /* Enforce the usage of extended + * master secret */ int etm; /* allow negotiation of encrypt-then-MAC? */ int transport; /* TLS or DTLS? */ int cookies; /* Use cookies for DTLS? -1 to break them */ @@ -1494,6 +1498,7 @@ int main( int argc, char *argv[] ) opt.dgram_packing = DFL_DGRAM_PACKING; opt.badmac_limit = DFL_BADMAC_LIMIT; opt.extended_ms = DFL_EXTENDED_MS; + opt.enforce_extended_master_secret = DFL_EXTENDED_MS_ENFORCE; opt.etm = DFL_ETM; for( i = 1; i < argc; i++ ) @@ -1813,6 +1818,21 @@ int main( int argc, char *argv[] ) default: goto usage; } } + else if( strcmp( p, "enforce_extended_master_secret" ) == 0 ) + { + switch( atoi( q ) ) + { + case 0: + opt.enforce_extended_master_secret = + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED; + break; + case 1: + opt.enforce_extended_master_secret = + MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED; + break; + default: goto usage; + } + } else if( strcmp( p, "etm" ) == 0 ) { switch( atoi( q ) ) @@ -2440,6 +2460,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms ); + if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE ) + mbedtls_ssl_conf_extended_master_secret_enforce( &conf, + opt.enforce_extended_master_secret ); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index da89642e3..b87a684f7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1763,7 +1763,38 @@ run_test "Encrypt then MAC: client enabled, server SSLv3" \ # Tests for Extended Master Secret extension -run_test "Extended Master Secret: default" \ +run_test "Extended Master Secret enforced: default" \ + "$P_SRV debug_level=3 enforce_extended_master_secret=1" \ + "$P_CLI debug_level=3 enforce_extended_master_secret=1" \ + 0 \ + -c "client hello, adding extended_master_secret extension" \ + -s "found extended master secret extension" \ + -s "server hello, adding extended master secret extension" \ + -c "found extended_master_secret extension" \ + -c "session hash for extended master secret" \ + -s "session hash for extended master secret" + +run_test "Extended Master Secret enforced: client enabled, server disabled" \ + "$P_SRV debug_level=3 extended_ms=0 enforce_extended_master_secret=1" \ + "$P_CLI debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \ + 1 \ + -c "client hello, adding extended_master_secret extension" \ + -s "found extended master secret extension" \ + -S "server hello, adding extended master secret extension" \ + -C "found extended_master_secret extension" \ + -c "Peer not offering extended master secret, while it is enforced" + +run_test "Extended Master Secret enforced: client disabled, server enabled" \ + "$P_SRV debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \ + "$P_CLI debug_level=3 extended_ms=0 enforce_extended_master_secret=1" \ + 1 \ + -C "client hello, adding extended_master_secret extension" \ + -S "found extended master secret extension" \ + -S "server hello, adding extended master secret extension" \ + -C "found extended_master_secret extension" \ + -s "Peer not offering extended master secret, while it is enforced" + +run_test "Extended Master Secret not enforced: default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ @@ -1774,7 +1805,7 @@ run_test "Extended Master Secret: default" \ -c "session hash for extended master secret" \ -s "session hash for extended master secret" -run_test "Extended Master Secret: client enabled, server disabled" \ +run_test "Extended Master Secret not enforced: client enabled, server disabled" \ "$P_SRV debug_level=3 extended_ms=0" \ "$P_CLI debug_level=3 extended_ms=1" \ 0 \ @@ -1785,7 +1816,7 @@ run_test "Extended Master Secret: client enabled, server disabled" \ -C "session hash for extended master secret" \ -S "session hash for extended master secret" -run_test "Extended Master Secret: client disabled, server enabled" \ +run_test "Extended Master Secret not enforced: client disabled, server enabled" \ "$P_SRV debug_level=3 extended_ms=1" \ "$P_CLI debug_level=3 extended_ms=0" \ 0 \ From 20095afc582eca6cd0809c95bdc50cb011edd8d6 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 11 Jun 2019 17:16:58 +0300 Subject: [PATCH 7/9] Changes according to review comments --- include/mbedtls/ssl.h | 15 ++++++++----- library/ssl_cli.c | 2 +- library/ssl_srv.c | 2 +- tests/ssl-opt.sh | 49 ++++++++++++++++++++++++++++++++++++------- 4 files changed, 53 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bc42d5495..d21932227 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2831,16 +2831,21 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems * \brief Enable or disable Extended Master Secret enforcing. * (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED) * - * \note This enforces the peer to use the Extended Master Secret - * extension, if the option is enabled and the peer doesn't - * support the extension, the connection is dropped. + * \note If the use of extended master secret is configured (see + * `mbedtls_ssl_conf_extended_master_secret()`) and this + * option is set, handshakes not leading to the use of the + * extended master secret will be aborted: On the server, fail + * the handshake if the client doesn't advertise the + * ExtendedMasterSecret extension. On the client: Fail the + * handshake if the server doesn't consent to the use of the + * ExtendedMasterSecret extension in its ServerHello. * - * \param conf SSL configuration + * \param conf Currently used SSL configuration struct. * \param ems_enf MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED or * MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED */ void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf, - char ems_enf ); + char ems_enf ); #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_ARC4_C) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 64870b132..2cf9c7908 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2097,7 +2097,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && ssl->conf->enforce_extended_master_secret == MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED && - ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) + ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master " "secret, while it is enforced") ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0c65d8558..14202d879 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2031,7 +2031,7 @@ read_record_header: if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && ssl->conf->enforce_extended_master_secret == MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED && - ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) + ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master " "secret, while it is enforced") ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b87a684f7..531d96a04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1763,7 +1763,7 @@ run_test "Encrypt then MAC: client enabled, server SSLv3" \ # Tests for Extended Master Secret extension -run_test "Extended Master Secret enforced: default" \ +run_test "Extended Master Secret: default (both enabled, both enforcing)" \ "$P_SRV debug_level=3 enforce_extended_master_secret=1" \ "$P_CLI debug_level=3 enforce_extended_master_secret=1" \ 0 \ @@ -1774,8 +1774,30 @@ run_test "Extended Master Secret enforced: default" \ -c "session hash for extended master secret" \ -s "session hash for extended master secret" -run_test "Extended Master Secret enforced: client enabled, server disabled" \ - "$P_SRV debug_level=3 extended_ms=0 enforce_extended_master_secret=1" \ +run_test "Extended Master Secret: both enabled, client enforcing" \ + "$P_SRV debug_level=3 enforce_extended_master_secret=0" \ + "$P_CLI debug_level=3 enforce_extended_master_secret=1" \ + 0 \ + -c "client hello, adding extended_master_secret extension" \ + -s "found extended master secret extension" \ + -s "server hello, adding extended master secret extension" \ + -c "found extended_master_secret extension" \ + -c "session hash for extended master secret" \ + -s "session hash for extended master secret" + +run_test "Extended Master Secret: both enabled, server enforcing" \ + "$P_SRV debug_level=3 enforce_extended_master_secret=1" \ + "$P_CLI debug_level=3 enforce_extended_master_secret=0" \ + 0 \ + -c "client hello, adding extended_master_secret extension" \ + -s "found extended master secret extension" \ + -s "server hello, adding extended master secret extension" \ + -c "found extended_master_secret extension" \ + -c "session hash for extended master secret" \ + -s "session hash for extended master secret" + +run_test "Extended Master Secret: client enabled, server disabled, client enforcing" \ + "$P_SRV debug_level=3 extended_ms=0" \ "$P_CLI debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \ 1 \ -c "client hello, adding extended_master_secret extension" \ @@ -1784,9 +1806,9 @@ run_test "Extended Master Secret enforced: client enabled, server disabled" \ -C "found extended_master_secret extension" \ -c "Peer not offering extended master secret, while it is enforced" -run_test "Extended Master Secret enforced: client disabled, server enabled" \ +run_test "Extended Master Secret enforced: client disabled, server enabled, server enforcing" \ "$P_SRV debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \ - "$P_CLI debug_level=3 extended_ms=0 enforce_extended_master_secret=1" \ + "$P_CLI debug_level=3 extended_ms=0" \ 1 \ -C "client hello, adding extended_master_secret extension" \ -S "found extended master secret extension" \ @@ -1794,7 +1816,7 @@ run_test "Extended Master Secret enforced: client disabled, server enabled" \ -C "found extended_master_secret extension" \ -s "Peer not offering extended master secret, while it is enforced" -run_test "Extended Master Secret not enforced: default" \ +run_test "Extended Master Secret: default (not enforcing)" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ @@ -1805,7 +1827,7 @@ run_test "Extended Master Secret not enforced: default" \ -c "session hash for extended master secret" \ -s "session hash for extended master secret" -run_test "Extended Master Secret not enforced: client enabled, server disabled" \ +run_test "Extended Master Secret: client enabled, server disabled, not enforcing" \ "$P_SRV debug_level=3 extended_ms=0" \ "$P_CLI debug_level=3 extended_ms=1" \ 0 \ @@ -1816,7 +1838,7 @@ run_test "Extended Master Secret not enforced: client enabled, server disable -C "session hash for extended master secret" \ -S "session hash for extended master secret" -run_test "Extended Master Secret not enforced: client disabled, server enabled" \ +run_test "Extended Master Secret: client disabled, server enabled, not enforcing" \ "$P_SRV debug_level=3 extended_ms=1" \ "$P_CLI debug_level=3 extended_ms=0" \ 0 \ @@ -1827,6 +1849,17 @@ run_test "Extended Master Secret not enforced: client disabled, server enable -C "session hash for extended master secret" \ -S "session hash for extended master secret" +run_test "Extended Master Secret: client disabled, server disabled" \ + "$P_SRV debug_level=3 extended_ms=0" \ + "$P_CLI debug_level=3 extended_ms=0" \ + 0 \ + -C "client hello, adding extended_master_secret extension" \ + -S "found extended master secret extension" \ + -S "server hello, adding extended master secret extension" \ + -C "found extended_master_secret extension" \ + -C "session hash for extended master secret" \ + -S "session hash for extended master secret" + requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Extended Master Secret: client SSLv3, server enabled" \ "$P_SRV debug_level=3 min_version=ssl3" \ From 31d940ba5e55f64c1548145a28a08eb94ac1aade Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 12 Jun 2019 10:21:33 +0300 Subject: [PATCH 8/9] Change test name --- tests/ssl-opt.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 531d96a04..2ba099183 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1763,7 +1763,18 @@ run_test "Encrypt then MAC: client enabled, server SSLv3" \ # Tests for Extended Master Secret extension -run_test "Extended Master Secret: default (both enabled, both enforcing)" \ +run_test "Extended Master Secret: default (not enforcing)" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3" \ + 0 \ + -c "client hello, adding extended_master_secret extension" \ + -s "found extended master secret extension" \ + -s "server hello, adding extended master secret extension" \ + -c "found extended_master_secret extension" \ + -c "session hash for extended master secret" \ + -s "session hash for extended master secret" + +run_test "Extended Master Secret: both enabled, both enforcing" \ "$P_SRV debug_level=3 enforce_extended_master_secret=1" \ "$P_CLI debug_level=3 enforce_extended_master_secret=1" \ 0 \ @@ -1816,17 +1827,6 @@ run_test "Extended Master Secret enforced: client disabled, server enabled, s -C "found extended_master_secret extension" \ -s "Peer not offering extended master secret, while it is enforced" -run_test "Extended Master Secret: default (not enforcing)" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "client hello, adding extended_master_secret extension" \ - -s "found extended master secret extension" \ - -s "server hello, adding extended master secret extension" \ - -c "found extended_master_secret extension" \ - -c "session hash for extended master secret" \ - -s "session hash for extended master secret" - run_test "Extended Master Secret: client enabled, server disabled, not enforcing" \ "$P_SRV debug_level=3 extended_ms=0" \ "$P_CLI debug_level=3 extended_ms=1" \ From 2e51098b34ff57cd9601f2ad27faae9e296eb237 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 13 Jun 2019 10:42:13 +0300 Subject: [PATCH 9/9] Add changelog entry --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index e769dc27a..a48baf43e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,14 @@ Features mbedtls_ssl_session_load() to allow serializing a session, for example to store it in non-volatile storage, and later using it for TLS session resumption. + * Add new API function mbedtls_ssl_conf_extended_master_secret_enforce() to + allow enforcing the usage of ExtendedMasterSecret extension. If the + extension is used and this option is enabled, handshakes not leading to + the use of the extended master secret will be aborted. On the server, + fail the handshake if client doesn't advertise the ExtendedMasterSecret + extension. On the client, fail the handshake if the server doesn't + consent to the use of the ExtendedMasterSecret extension in its + ServerHello. Bugfix * Server's RSA certificate in certs.c was SHA-1 signed. In the default