From e8553179572733788e47dbe56083a5c330497fa5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Apr 2024 21:28:49 +0200 Subject: [PATCH 01/15] Fix skipped tests in configurations without RSA Tighten the matching when detecting which certificates are in use to determine algorithm requirements. This fixes a bug whereby all tests were skipped in configurations without RSA except for an Mbed TLS client against a GnuTLS or OpenSSL server, due to *server2* matching ssl_server2. Fixes #8366. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3549a7b941ff..8e32a698f414 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -443,9 +443,9 @@ detect_required_features() { esac case "$CMD_LINE" in - *server5*|\ - *server7*|\ - *dir-maxpath*) + */server5*|\ + */server7*|\ + */dir-maxpath*) if [ "$TLS_VERSION" = "TLS13" ]; then # In case of TLS13 the support for ECDSA is enough requires_pk_alg "ECDSA" @@ -477,8 +477,8 @@ detect_required_features() { esac case "$CMD_LINE" in - *server2*|\ - *server7*) + */server2*|\ + */server7*) # server2 and server7 certificates use RSA encryption requires_config_enabled "MBEDTLS_RSA_C" esac From dde67bbb5aa0267417e184fd88f54ab8376ca0f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 12:38:16 +0200 Subject: [PATCH 02/15] Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled It isn't detected on the CI because we only test this with an ancient Clang that doesn't warn. Old GCC, modern GCC and modern Clang do warn (-Wunused-but-set-variable). Signed-off-by: Gilles Peskine --- ChangeLog.d/pk-norsa-warning.txt | 2 ++ library/pk.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/pk-norsa-warning.txt diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt new file mode 100644 index 000000000000..d00aa8a870c4 --- /dev/null +++ b/ChangeLog.d/pk-norsa-warning.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/library/pk.c b/library/pk.c index c29318dd9714..84af773768be 100644 --- a/library/pk.c +++ b/library/pk.c @@ -868,7 +868,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, psa_status_t status; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; - psa_algorithm_t alg_type; size_t key_bits; /* Use a buffer size large enough to contain either a key pair or public key. */ unsigned char exp_key[PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE]; @@ -899,7 +898,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type); } key_bits = psa_get_key_bits(&key_attr); - alg_type = psa_get_key_algorithm(&key_attr); #if defined(MBEDTLS_RSA_C) if ((key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) || @@ -919,6 +917,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, goto exit; } + psa_algorithm_t alg_type = psa_get_key_algorithm(&key_attr); mbedtls_md_type_t md_type = MBEDTLS_MD_NONE; if (PSA_ALG_GET_HASH(alg_type) != PSA_ALG_ANY_HASH) { md_type = mbedtls_md_type_from_psa_alg(alg_type); From d00b93b6211b208aaeb45d7e33bbdf43ccb4fc5c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:03:02 +0200 Subject: [PATCH 03/15] Require RSA when using server1* key or certificate Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e32a698f414..b40e32211335 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -477,9 +477,15 @@ detect_required_features() { esac case "$CMD_LINE" in + */server1*|\ */server2*|\ */server7*) - # server2 and server7 certificates use RSA encryption + # Certificates with an RSA key. The algorithm requirement is + # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature, + # PSS signature}. We can't easily tell which subset works, and + # we aren't currently running ssl-opt.sh in configurations + # where partial RSA support is a problem, so generically, we + # just require RSA and it works out for our tests so far. requires_config_enabled "MBEDTLS_RSA_C" esac From 2776240af4eb0e6afd111a77c51a9076ccc73154 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:05:38 +0200 Subject: [PATCH 04/15] Fix PSK invocation: OpenSSL client Only s_server has a -nocert option, s_client doesn't. Fixes OpenSSL client test cases in PSK-only builds. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b40e32211335..031a9ce5b5da 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -500,7 +500,8 @@ requires_certificate_authentication () { adapt_cmd_for_psk () { case "$2" in - *openssl*) s='-psk abc123 -nocert';; + *openssl*s_server*) s='-psk abc123 -nocert';; + *openssl*) s='-psk abc123';; *gnutls-*) s='--pskkey=abc123';; *) s='psk=abc123';; esac From c158fe6eb8dad8d8e137f0bfe9f8e8a2f33c2794 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:05:54 +0200 Subject: [PATCH 05/15] Fix PSK invocation: GnuTLS prompting When given a PSK key but no username, gnutls-cli prompts for a password. Prevent that by passing --pskusername with the same identity that ssl_server2 uses by default. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 031a9ce5b5da..e46ce5c266a4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -502,7 +502,7 @@ adapt_cmd_for_psk () { case "$2" in *openssl*s_server*) s='-psk abc123 -nocert';; *openssl*) s='-psk abc123';; - *gnutls-*) s='--pskkey=abc123';; + *gnutls-*) s='--pskusername=Client_identity --pskkey=abc123';; *) s='psk=abc123';; esac eval $1='"$2 $s"' From 77c13e67d4d0f83e359d72683ca1c27cac89da3e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:09:52 +0200 Subject: [PATCH 06/15] Fix PSK invocation: GnuTLS PSK length ssl-opt.sh uses a 3-byte PSK in many test cases. Unfortunately GnuTLS >=3.4.0 rejects a PSK that is less than 4 bytes long: > Error setting the PSK credentials: The request is invalid. Use a longer PSK throughout ssl-opt. Only the test cases involving GnuTLS need to change, but it's easier to do a global search-and-replace, and it's easier to not have to worry about mismatches in constructed test cases later, so replace everything. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 202 +++++++++++++++++++++++------------------------ 1 file changed, 101 insertions(+), 101 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e46ce5c266a4..63dc39d8f605 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -500,10 +500,10 @@ requires_certificate_authentication () { adapt_cmd_for_psk () { case "$2" in - *openssl*s_server*) s='-psk abc123 -nocert';; - *openssl*) s='-psk abc123';; - *gnutls-*) s='--pskusername=Client_identity --pskkey=abc123';; - *) s='psk=abc123';; + *openssl*s_server*) s='-psk 73776f726466697368 -nocert';; + *openssl*) s='-psk 73776f726466697368';; + *gnutls-*) s='--pskusername=Client_identity --pskkey=73776f726466697368';; + *) s='psk=73776f726466697368';; esac eval $1='"$2 $s"' unset s @@ -2456,9 +2456,9 @@ requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: RSA-PSK" \ "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \ - psk=abc123 psk_identity=foo" \ + psk=73776f726466697368 psk_identity=foo" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ - psk=abc123 psk_identity=foo" \ + psk=73776f726466697368 psk_identity=foo" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-RSA-PSK-" \ @@ -8190,9 +8190,9 @@ run_test "DHM size: server default, client 2049, rejected" \ # Tests for PSK callback run_test "PSK callback: psk, no callback" \ - "$P_SRV psk=abc123 psk_identity=foo" \ + "$P_SRV psk=73776f726466697368 psk_identity=foo" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ @@ -8200,9 +8200,9 @@ run_test "PSK callback: psk, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8212,9 +8212,9 @@ run_test "PSK callback: opaque psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8224,9 +8224,9 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8236,9 +8236,9 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8248,9 +8248,9 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8260,9 +8260,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8272,9 +8272,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8284,9 +8284,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8296,9 +8296,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8308,9 +8308,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8320,9 +8320,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8332,9 +8332,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8344,9 +8344,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8356,9 +8356,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8368,9 +8368,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8380,9 +8380,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8392,9 +8392,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8404,9 +8404,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8416,10 +8416,10 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8429,10 +8429,10 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8442,9 +8442,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8454,9 +8454,9 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8466,10 +8466,10 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8479,10 +8479,10 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8492,9 +8492,9 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8504,9 +8504,9 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8516,10 +8516,10 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8529,10 +8529,10 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8542,9 +8542,9 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8554,9 +8554,9 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8566,10 +8566,10 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8579,10 +8579,10 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8792,7 +8792,7 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8804,7 +8804,7 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8816,7 +8816,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8828,7 +8828,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8840,7 +8840,7 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 1 \ @@ -8849,16 +8849,16 @@ run_test "PSK callback: raw psk on client, matching opaque PSK on server, wro run_test "PSK callback: no psk, no callback" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 1 \ -s "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" run_test "PSK callback: callback overrides other settings" \ - "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ + "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 1 \ -S "SSL - The handshake negotiation failed" \ -s "SSL - Unknown identity received" \ @@ -9690,9 +9690,9 @@ run_test "SSL async private: decrypt, delay=1" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt RSA-PSK, delay=0" \ - "$P_SRV psk=abc123 \ + "$P_SRV psk=73776f726466697368 \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI psk=abc123 \ + "$P_CLI psk=73776f726466697368 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async decrypt callback: using key slot " \ @@ -9700,9 +9700,9 @@ run_test "SSL async private: decrypt RSA-PSK, delay=0" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt RSA-PSK, delay=1" \ - "$P_SRV psk=abc123 \ + "$P_SRV psk=73776f726466697368 \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI psk=abc123 \ + "$P_CLI psk=73776f726466697368 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async decrypt callback: using key slot " \ @@ -10152,7 +10152,7 @@ run_test "DTLS client auth: none, client has no cert" \ -s "! Certificate verification was skipped" run_test "DTLS wrong PSK: badmac alert" \ - "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ + "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ "$P_CLI dtls=1 psk=abc124" \ 1 \ -s "SSL - Verification of the message MAC failed" \ @@ -11921,8 +11921,8 @@ requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ - "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \ + "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ 0 \ -s "Buffer record from epoch 1" \ -s "Found buffered record from current epoch - load" \ @@ -11936,8 +11936,8 @@ client_needs_more_time 2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ -s "Extra-header:" \ @@ -12012,8 +12012,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 debug_level=3" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 debug_level=3" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12027,8 +12027,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 debug_level=3 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 debug_level=3 nbio=2" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 0 \ @@ -12042,8 +12042,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 renegotiation=1 debug_level=2" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12057,8 +12057,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 renegotiation=1 debug_level=2" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12072,9 +12072,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ + psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiation=1 exchanges=4 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12088,9 +12088,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ + psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ From 3b81ea1e9ca5b6508ef0949190f92117153d9ed3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:42:52 +0200 Subject: [PATCH 07/15] Add some missing dependencies on crypto features Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 63dc39d8f605..2740415e9a0d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2705,12 +2705,15 @@ run_test "Context-specific CRT verification callback" \ -C "error" # Tests for SHA-1 support +requires_hash_alg SHA_1 +requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 forbidden by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ 1 \ -c "The certificate is signed with an unacceptable hash" +requires_hash_alg SHA_1 run_test "SHA-1 explicitly allowed in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI force_version=tls12 allow_sha1=1" \ @@ -2721,17 +2724,23 @@ run_test "SHA-256 allowed by default in server certificate" \ "$P_CLI force_version=tls12 allow_sha1=0" \ 0 +requires_hash_alg SHA_1 +requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1 \ -s "The certificate is signed with an unacceptable hash" +requires_hash_alg SHA_1 +requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 explicitly allowed in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 0 +requires_config_enabled MBEDTLS_RSA_C +requires_hash_alg SHA_256 run_test "SHA-256 allowed by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ @@ -9076,11 +9085,24 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Test for ClientHello without extensions +# Without extensions, ECC is impossible (no curve negotiation). +requires_config_enabled MBEDTLS_RSA_C requires_gnutls -run_test "ClientHello without extensions" \ +run_test "ClientHello without extensions: RSA" \ "$P_SRV force_version=tls12 debug_level=3" \ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 0 \ + -s "Ciphersuite is .*-RSA-WITH-.*" \ + -S "Ciphersuite is .*-EC.*" \ + -s "dumping 'client hello extensions' (0 bytes)" + +requires_gnutls +run_test "ClientHello without extensions: PSK" \ + "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \ + "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \ + 0 \ + -s "Ciphersuite is .*-PSK-.*" \ + -S "Ciphersuite is .*-EC.*" \ -s "dumping 'client hello extensions' (0 bytes)" # Tests for mbedtls_ssl_get_bytes_avail() From 01fde2c3cc9012c5e6e329691a47114874a44065 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:44:19 +0200 Subject: [PATCH 08/15] Force some test cases to use TLS 1.2 Some OpenSSL or GnuTLS interoperability test cases fail if the other implementation is recent enough to support TLS 1.3. Force those test cases to use TLS 1.2 so that the script works with more recent $OPENSSL or $GNUTLS_CLI or $GNUTLS_SERV than our official CI versions. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2740415e9a0d..875b8b8aceb5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3836,7 +3836,7 @@ run_test "Session resume using tickets: openssl server" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: openssl client" \ - "$P_SRV debug_level=3 tickets=1" \ + "$P_SRV force_version=tls12 debug_level=3 tickets=1" \ "( $O_CLI -sess_out $SESSION; \ $O_CLI -sess_in $SESSION; \ rm -f $SESSION )" \ @@ -5675,7 +5675,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client strict, server default" \ "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -s "server hello, secure renegotiation extension" @@ -5684,7 +5684,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server default" \ "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ 0 \ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -S "server hello, secure renegotiation extension" @@ -5693,7 +5693,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server break legacy" \ "$P_SRV debug_level=3 allow_legacy=-1" \ - "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ 1 \ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -S "server hello, secure renegotiation extension" @@ -7823,7 +7823,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ - "$P_SRV debug_level=1 auth_mode=required" \ + "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ "$O_CLI -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ 1 \ @@ -8055,7 +8055,7 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ - "$P_SRV debug_level=1 auth_mode=required" \ + "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ "$O_CLI -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ 1 \ From dd782f4197832dfe9b2f579218631c0d0698beb4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:46:24 +0200 Subject: [PATCH 09/15] Default NEXT versions to be the base executables This allows many tests to pass with the system openssl and gnutls-*. As before, not all test cases will pass due to differences between versions and build options. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 875b8b8aceb5..be458e034b4e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -70,6 +70,32 @@ TCP_CLIENT="$PERL scripts/tcp_client.pl" # alternative versions of OpenSSL and GnuTLS (no default path) +# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well. +if [ -z "${OPENSSL_NEXT:-}" ]; then + case $($OPENSSL version) in + OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;; + OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;; + esac +fi + +# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well. +if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then + case $($GNUTLS_CLI --version) in + gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; + gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; + gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; + esac +fi + +# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well. +if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then + case $($GNUTLS_SERV --version) in + gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; + gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; + gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; + esac +fi + if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key" From 6191f4aeb567beb356eee03c984950f0cb10a559 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:47:35 +0200 Subject: [PATCH 10/15] Add seme missing dependencies on renegotiation support Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index be458e034b4e..50798d36ce0e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5668,6 +5668,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ # Test for the "secure renegotiation" extension only (no actual renegotiation) requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server strict, client default" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ @@ -5678,6 +5679,7 @@ run_test "Renego ext: gnutls server strict, client default" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client default" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ @@ -5688,6 +5690,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client break legacy" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ @@ -5698,6 +5701,7 @@ run_test "Renego ext: gnutls server unsafe, client break legacy" \ -C "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client strict, server default" \ "$P_SRV debug_level=3" \ @@ -5707,6 +5711,7 @@ run_test "Renego ext: gnutls client strict, server default" \ -s "server hello, secure renegotiation extension" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server default" \ "$P_SRV debug_level=3" \ @@ -5716,6 +5721,7 @@ run_test "Renego ext: gnutls client unsafe, server default" \ -S "server hello, secure renegotiation extension" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server break legacy" \ "$P_SRV debug_level=3 allow_legacy=-1" \ From ff3b8211ffb9c4231e21bd452dd0426a248587a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Apr 2024 14:25:30 +0200 Subject: [PATCH 11/15] Driver-only FFDH is not good enough for DHE support in TLS 1.2 Signed-off-by: Gilles Peskine --- docs/driver-only-builds.md | 5 +++++ tests/scripts/analyze_outcomes.py | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 4095d8ee774b..5d950b068d2d 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -277,6 +277,11 @@ The same holds for the associated algorithm: `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and removing builtin support (i.e. `MBEDTLS_DHM_C`). +Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the +Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer +of Mbed TLS only supports DHE cipher suites if built-in FFDH +(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled. + RSA --- diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5b4deb629871..5193a3bd0658 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -468,6 +468,12 @@ def do_analyze_driver_vs_reference(results: Results, outcomes: Outcomes, args) - 'bignum.generated', 'bignum.misc', ], 'ignored_tests': { + 'ssl-opt': [ + # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C + # (because it needs custom groups, which PSA does not + # provide), even with MBEDTLS_USE_PSA_CRYPTO. + re.compile(r'PSK callback:.*\bdhe-psk\b.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component From f9f3d21a675be03f7e875ef7f6b2f0b96b882880 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:06:26 +0200 Subject: [PATCH 12/15] Fix PSK invocation: GnuTLS PSK length (more) Replace more sample PSK by longer (GnuTLS-compatible) strings, taking care of keeping distinct PSK distinct for wrong-PSK tests. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 50798d36ce0e..134d319f73f4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10207,7 +10207,7 @@ run_test "DTLS client auth: none, client has no cert" \ run_test "DTLS wrong PSK: badmac alert" \ "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ - "$P_CLI dtls=1 psk=abc124" \ + "$P_CLI dtls=1 psk=73776f726466697374" \ 1 \ -s "SSL - Verification of the message MAC failed" \ -c "SSL - A fatal alert message was received from our peer" @@ -14123,8 +14123,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ - "$P_SRV nbio=2 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ - "$P_CLI nbio=2 debug_level=3 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ + "$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \ 0 \ -C "received HelloRetryRequest message" \ -c "Selected key exchange mode: psk$" \ From d9c7be775e79e1dc762263aad6ebcd0a64fe3de8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:17:35 +0200 Subject: [PATCH 13/15] Explicitly use TLS 1.2 on <=1.2-specific keyUsage/extKeyusage tests Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 134d319f73f4..375073d5a546 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7837,7 +7837,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server2.key \ + "$O_CLI -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ @@ -7847,7 +7847,7 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server2.key \ + "$O_CLI -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ 0 \ -s "bad certificate (usage extensions)" \ @@ -7856,7 +7856,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ - "$O_CLI -key data_files/server2.key \ + "$O_CLI -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ 1 \ -s "bad certificate (usage extensions)" \ @@ -7865,7 +7865,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ @@ -7875,7 +7875,7 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.ku-ka.crt" \ 0 \ -s "bad certificate (usage extensions)" \ @@ -8052,7 +8052,7 @@ run_test "extKeyUsage cli 1.3: codeSign -> fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ @@ -8061,7 +8061,7 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ @@ -8070,7 +8070,7 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ 0 \ -S "bad certificate (usage extensions)" \ @@ -8079,7 +8079,7 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ 0 \ -s "bad certificate (usage extensions)" \ @@ -8087,8 +8087,8 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ - "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ - "$O_CLI -key data_files/server5.key \ + "$P_SRV debug_level=1 auth_mode=required" \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ 1 \ -s "bad certificate (usage extensions)" \ From f5a30afdae2191416baf5f03776e1285085531cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:18:28 +0200 Subject: [PATCH 14/15] Remove redundant RSA dependency Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 375073d5a546..f21cfc9b8162 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2732,7 +2732,6 @@ run_test "Context-specific CRT verification callback" \ # Tests for SHA-1 support requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 forbidden by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ From fc73aa02b0b0fdd9d7fe5b1daaaa6cbdb7b70c15 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:18:41 +0200 Subject: [PATCH 15/15] Add missing dependency that isn't autodetected Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f21cfc9b8162..f4c7f6d49fcc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9127,6 +9127,7 @@ run_test "ClientHello without extensions: RSA" \ -S "Ciphersuite is .*-EC.*" \ -s "dumping 'client hello extensions' (0 bytes)" +requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED requires_gnutls run_test "ClientHello without extensions: PSK" \ "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \