From b779bae5f785456bb3701abde7dd12f6ea63f9fd Mon Sep 17 00:00:00 2001 From: K1 Date: Tue, 28 Nov 2023 15:44:45 +0800 Subject: [PATCH] Fix NTLS failed when set min and max version for TLS Fixed #513 Set min and max TLS version should not affect NTLS. NTLS only has v1.1, so it's reasonable for API set_min_proto_version/set_max_proto_version to take effect for TLS only. Delete useless code about renegotion and SCSV in NTLS. --- include/openssl/prov_ssl.h | 2 + ssl/statem_ntls/ntls_extensions.c | 10 +- ssl/statem_ntls/ntls_ssl_local.h | 5 - ssl/statem_ntls/ntls_statem_clnt.c | 16 +- ssl/statem_ntls/ntls_statem_lib.c | 318 +------------------------- ssl/statem_ntls/ntls_statem_srvr.c | 61 +---- test/ssl-tests/31-ntls.cnf | 343 ++++++++++++++++------------- test/ssl-tests/31-ntls.cnf.in | 24 ++ test/ssl_test.c | 6 +- 9 files changed, 241 insertions(+), 544 deletions(-) diff --git a/include/openssl/prov_ssl.h b/include/openssl/prov_ssl.h index 7464f9c6c..f86028a95 100644 --- a/include/openssl/prov_ssl.h +++ b/include/openssl/prov_ssl.h @@ -20,6 +20,8 @@ extern "C" { # define SSL_MAX_MASTER_KEY_LENGTH 48 # define NTLS1_1_VERSION 0x0101 +# define NTLS_MAX_VERSION NTLS1_1_VERSION + # define SSL3_VERSION 0x0300 # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 diff --git a/ssl/statem_ntls/ntls_extensions.c b/ssl/statem_ntls/ntls_extensions.c index 75c3d76a1..b7a77c404 100644 --- a/ssl/statem_ntls/ntls_extensions.c +++ b/ssl/statem_ntls/ntls_extensions.c @@ -758,7 +758,7 @@ int tls_construct_extensions_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { size_t i; - int min_version, max_version = 0, reason; + int max_version = NTLS_MAX_VERSION; const EXTENSION_DEFINITION *thisexd; if (!WPACKET_start_sub_packet_u16(pkt) @@ -775,14 +775,6 @@ int tls_construct_extensions_ntls(SSL *s, WPACKET *pkt, unsigned int context, return 0; } - if ((context & SSL_EXT_CLIENT_HELLO) != 0) { - reason = ssl_get_min_max_version_ntls(s, &min_version, &max_version, NULL); - if (reason != 0) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, reason); - return 0; - } - } - /* Add custom extensions first */ if ((context & SSL_EXT_CLIENT_HELLO) != 0) { /* On the server side with initialise during ClientHello parsing */ diff --git a/ssl/statem_ntls/ntls_ssl_local.h b/ssl/statem_ntls/ntls_ssl_local.h index 3c9f179dc..62a2886eb 100644 --- a/ssl/statem_ntls/ntls_ssl_local.h +++ b/ssl/statem_ntls/ntls_ssl_local.h @@ -36,16 +36,11 @@ __owur int ssl_allow_compression_ntls(SSL *s); __owur int ssl_version_supported_ntls(const SSL *s, int version, const SSL_METHOD **meth); -__owur int ssl_set_client_hello_version_ntls(SSL *s); -__owur int ssl_check_version_downgrade_ntls(SSL *s); __owur int ssl_set_version_bound_ntls(int method_version, int version, int *bound); __owur int ssl_choose_server_version_ntls(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd); __owur int ssl_choose_client_version_ntls(SSL *s, int version, RAW_EXTENSION *extensions); -__owur int ssl_get_min_max_version_ntls(const SSL *s, int *min_version, - int *max_version, int *real_max); - __owur int ntls_alert_code(int code); __owur int send_certificate_request_ntls(SSL *s); diff --git a/ssl/statem_ntls/ntls_statem_clnt.c b/ssl/statem_ntls/ntls_statem_clnt.c index 5a7faada9..cc4be6f41 100644 --- a/ssl/statem_ntls/ntls_statem_clnt.c +++ b/ssl/statem_ntls/ntls_statem_clnt.c @@ -743,22 +743,13 @@ int tls_construct_client_hello_ntls(SSL *s, WPACKET *pkt) { unsigned char *p; size_t sess_id_len; - int i, protverr; SSL_SESSION *sess = s->session; unsigned char *session_id; - /* Work out what SSL/TLS version to use */ - protverr = ssl_set_client_hello_version_ntls(s); - if (protverr != 0) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, protverr); - return 0; - } - if (sess == NULL || !ssl_version_supported_ntls(s, sess->ssl_version, NULL) || !SSL_SESSION_is_resumable(sess)) { - if (s->hello_retry_request == SSL_HRR_NONE - && !ssl_get_new_session(s, 0)) { + if (!ssl_get_new_session(s, 0)) { /* SSLfatal_ntls() already called */ return 0; } @@ -766,10 +757,9 @@ int tls_construct_client_hello_ntls(SSL *s, WPACKET *pkt) /* else use the pre-loaded session */ p = s->s3.client_random; - i = (s->hello_retry_request == SSL_HRR_NONE); - if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), - DOWNGRADE_NONE) <= 0) { + if (ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), + DOWNGRADE_NONE) <= 0) { SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/ssl/statem_ntls/ntls_statem_lib.c b/ssl/statem_ntls/ntls_statem_lib.c index b2ea565c2..e48e2874c 100644 --- a/ssl/statem_ntls/ntls_statem_lib.c +++ b/ssl/statem_ntls/ntls_statem_lib.c @@ -1103,69 +1103,29 @@ typedef struct { #endif /* Must be in order high to low */ -static const version_info tls_version_table[] = { -#ifndef OPENSSL_NO_TLS1_3 - {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, -#else - {TLS1_3_VERSION, NULL, NULL}, -#endif -#ifndef OPENSSL_NO_TLS1_2 - {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, -#else - {TLS1_2_VERSION, NULL, NULL}, -#endif -#ifndef OPENSSL_NO_TLS1_1 - {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method}, -#else - {TLS1_1_VERSION, NULL, NULL}, -#endif -#ifndef OPENSSL_NO_TLS1 - {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method}, -#else - {TLS1_VERSION, NULL, NULL}, -#endif +static const version_info ntls_version_table[] = { #ifndef OPENSSL_NO_NTLS - {NTLS_VERSION, ntls_client_method, ntls_server_method}, + {NTLS1_1_VERSION, ntls_client_method, ntls_server_method}, #else - {NTLS_VERSION, NULL, NULL}, -#endif -#ifndef OPENSSL_NO_SSL3 - {SSL3_VERSION, sslv3_client_method, sslv3_server_method}, -#else - {SSL3_VERSION, NULL, NULL}, + {NTLS1_1_VERSION, NULL, NULL}, #endif {0, NULL, NULL}, }; - - - - /* - * ssl_method_error - Check whether an SSL_METHOD is enabled. - * - * @s: The SSL handle for the candidate method - * @method: the intended method. + * Now there is only version 1.1 * * Returns 0 on success, or an SSL error reason on failure. */ -static int ssl_method_error(const SSL *s, const SSL_METHOD *method) +static int ssl_method_error_ntls(const SSL *s, const SSL_METHOD *method) { int version = method->version; - if ((s->min_proto_version != 0 && - version_cmp(s, version, s->min_proto_version) < 0) || - ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) + if (ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) return SSL_R_VERSION_TOO_LOW; - if (s->max_proto_version != 0 && - version_cmp(s, version, s->max_proto_version) > 0) - return SSL_R_VERSION_TOO_HIGH; - if ((s->options & method->mask) != 0) return SSL_R_UNSUPPORTED_PROTOCOL; - if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s)) - return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE; return 0; } @@ -1189,7 +1149,7 @@ int ssl_version_supported_ntls(const SSL *s, int version, const SSL_METHOD **met /* Version should match method version for non-ANY method */ return version_cmp(s, version, s->version) == 0; case TLS_ANY_VERSION: - table = tls_version_table; + table = ntls_version_table; break; } @@ -1198,7 +1158,7 @@ int ssl_version_supported_ntls(const SSL *s, int version, const SSL_METHOD **met ++vent) { if (vent->cmeth != NULL && version_cmp(s, version, vent->version) == 0 - && ssl_method_error(s, vent->cmeth()) == 0 + && ssl_method_error_ntls(s, vent->cmeth()) == 0 && (!s->server || version != TLS1_3_VERSION)) { if (meth != NULL) @@ -1209,46 +1169,6 @@ int ssl_version_supported_ntls(const SSL *s, int version, const SSL_METHOD **met return 0; } -/* - * ssl_check_version_downgrade_ntls - In response to RFC7507 SCSV version - * fallback indication from a client check whether we're using the highest - * supported protocol version. - * - * @s server SSL handle. - * - * Returns 1 when using the highest enabled version, 0 otherwise. - */ -int ssl_check_version_downgrade_ntls(SSL *s) -{ - const version_info *vent; - const version_info *table; - - /* - * Check that the current protocol is the highest enabled version - * (according to s->ctx->method, as version negotiation may have changed - * s->method). - */ - if (s->version == s->ctx->method->version) - return 1; - - /* - * Apparently we're using a version-flexible SSL_METHOD (not at its - * highest protocol version). - */ - if (s->ctx->method->version == TLS_method()->version) - table = tls_version_table; - else { - /* Unexpected state; fail closed. */ - return 0; - } - - for (vent = table; vent->version != 0; ++vent) { - if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0) - return s->version == vent->version; - } - return 0; -} - /* * ssl_set_version_bound_ntls - set an upper or lower bound on the supported (D)TLS * protocols, provided the initial (D)TLS method is version-flexible. This @@ -1357,13 +1277,8 @@ int ssl_choose_server_version_ntls(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dg * ssl_method_error(s, s->method) */ return 0; - /* - * Fall through if we are TLSv1.3 already (this means we must be after - * a HelloRetryRequest - */ - /* fall thru */ case TLS_ANY_VERSION: - table = tls_version_table; + table = ntls_version_table; break; } @@ -1377,7 +1292,7 @@ int ssl_choose_server_version_ntls(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dg version_cmp(s, client_version, vent->version) < 0) continue; method = vent->smeth(); - if (ssl_method_error(s, method) == 0) { + if (ssl_method_error_ntls(s, method) == 0) { check_for_downgrade(s, vent->version, dgrd); s->version = vent->version; s->method = method; @@ -1403,18 +1318,11 @@ int ssl_choose_client_version_ntls(SSL *s, int version, RAW_EXTENSION *extension { const version_info *vent; const version_info *table; - int ret, ver_min, ver_max, real_max, origv; + int origv; origv = s->version; s->version = version; - if (s->hello_retry_request != SSL_HRR_NONE - && s->version != TLS1_3_VERSION) { - s->version = origv; - SSLfatal_ntls(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); - return 0; - } - switch (s->method->version) { default: if (s->version != s->method->version) { @@ -1422,62 +1330,12 @@ int ssl_choose_client_version_ntls(SSL *s, int version, RAW_EXTENSION *extension SSLfatal_ntls(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); return 0; } - /* - * If this SSL handle is not from a version flexible method we don't - * (and never did) check min/max, FIPS or Suite B constraints. Hope - * that's OK. It is up to the caller to not choose fixed protocol - * versions they don't want. If not, then easy to fix, just return - * ssl_method_error(s, s->method) - */ return 1; case TLS_ANY_VERSION: - table = tls_version_table; + table = ntls_version_table; break; } - ret = ssl_get_min_max_version_ntls(s, &ver_min, &ver_max, &real_max); - if (ret != 0) { - s->version = origv; - SSLfatal_ntls(s, SSL_AD_PROTOCOL_VERSION, ret); - return 0; - } - if (s->version < ver_min) { - s->version = origv; - SSLfatal_ntls(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); - return 0; - } else if (s->version > ver_max) { - s->version = origv; - SSLfatal_ntls(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); - return 0; - } - - if ((s->mode & SSL_MODE_SEND_FALLBACK_SCSV) == 0) - real_max = ver_max; - - /* Check for downgrades */ - if (s->version == TLS1_2_VERSION && real_max > s->version) { - if (memcmp(tls12downgrade, - s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls12downgrade), - sizeof(tls12downgrade)) == 0) { - s->version = origv; - SSLfatal_ntls(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); - return 0; - } - } else if (s->version < TLS1_2_VERSION - && real_max > s->version) { - if (memcmp(tls11downgrade, - s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls11downgrade), - sizeof(tls11downgrade)) == 0) { - s->version = origv; - SSLfatal_ntls(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); - return 0; - } - } - for (vent = table; vent->version != 0; ++vent) { if (vent->cmeth == NULL || s->version != vent->version) continue; @@ -1491,158 +1349,6 @@ int ssl_choose_client_version_ntls(SSL *s, int version, RAW_EXTENSION *extension return 0; } -/* - * ssl_get_min_max_version_ntls - get minimum and maximum protocol version - * @s: The SSL connection - * @min_version: The minimum supported version - * @max_version: The maximum supported version - * @real_max: The highest version below the lowest compile time version hole - * where that hole lies above at least one run-time enabled - * protocol. - * - * Work out what version we should be using for the initial ClientHello if the - * version is initially (D)TLS_ANY_VERSION. We apply any explicit SSL_OP_NO_xxx - * options, the MinProtocol and MaxProtocol configuration commands, any Suite B - * constraints and any floor imposed by the security level here, - * so we don't advertise the wrong protocol version to only reject the outcome later. - * - * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled, - * TLS 1.1 is disabled, but the security level, Suite-B and/or MinProtocol - * only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1. - * - * Returns 0 on success or an SSL error reason number on failure. On failure - * min_version and max_version will also be set to 0. - */ -int ssl_get_min_max_version_ntls(const SSL *s, int *min_version, int *max_version, - int *real_max) -{ - int version, tmp_real_max; - int hole; - const SSL_METHOD *single = NULL; - const SSL_METHOD *method; - const version_info *table; - const version_info *vent; - - switch (s->method->version) { - default: - /* - * If this SSL handle is not from a version flexible method we don't - * (and never did) check min/max FIPS or Suite B constraints. Hope - * that's OK. It is up to the caller to not choose fixed protocol - * versions they don't want. If not, then easy to fix, just return - * ssl_method_error(s, s->method) - */ - *min_version = *max_version = s->version; - /* - * Providing a real_max only makes sense where we're using a version - * flexible method. - */ - if (!ossl_assert(real_max == NULL)) - return ERR_R_INTERNAL_ERROR; - return 0; - case TLS_ANY_VERSION: - table = tls_version_table; - break; - } - - /* - * SSL_OP_NO_X disables all protocols above X *if* there are some protocols - * below X enabled. This is required in order to maintain the "version - * capability" vector contiguous. Any versions with a NULL client method - * (protocol version client is disabled at compile-time) is also a "hole". - * - * Our initial state is hole == 1, version == 0. That is, versions above - * the first version in the method table are disabled (a "hole" above - * the valid protocol entries) and we don't have a selected version yet. - * - * Whenever "hole == 1", and we hit an enabled method, its version becomes - * the selected version, and the method becomes a candidate "single" - * method. We're no longer in a hole, so "hole" becomes 0. - * - * If "hole == 0" and we hit an enabled method, then "single" is cleared, - * as we support a contiguous range of at least two methods. If we hit - * a disabled method, then hole becomes true again, but nothing else - * changes yet, because all the remaining methods may be disabled too. - * If we again hit an enabled method after the new hole, it becomes - * selected, as we start from scratch. - */ - *min_version = version = 0; - hole = 1; - if (real_max != NULL) - *real_max = 0; - tmp_real_max = 0; - for (vent = table; vent->version != 0; ++vent) { - /* - * A table entry with a NULL client method is still a hole in the - * "version capability" vector. - */ - if (vent->cmeth == NULL) { - hole = 1; - tmp_real_max = 0; - continue; - } - method = vent->cmeth(); - - if (hole == 1 && tmp_real_max == 0) - tmp_real_max = vent->version; - - if (ssl_method_error(s, method) != 0) { - hole = 1; - } else if (!hole) { - single = NULL; - *min_version = method->version; - } else { - if (real_max != NULL && tmp_real_max != 0) - *real_max = tmp_real_max; - version = (single = method)->version; - *min_version = version; - hole = 0; - } - } - - *max_version = version; - - /* Fail if everything is disabled */ - if (version == 0) - return SSL_R_NO_PROTOCOLS_AVAILABLE; - - return 0; -} - -/* - * ssl_set_client_hello_version_ntls - Work out what version we should be using for - * the initial ClientHello.legacy_version field. - * - * @s: client SSL handle. - * - * Returns 0 on success or an SSL error reason number on failure. - */ -int ssl_set_client_hello_version_ntls(SSL *s) -{ - int ver_min, ver_max, ret; - - /* - * In a renegotiation we always send the same client_version that we sent - * last time, regardless of which version we eventually negotiated. - */ - if (!SSL_IS_FIRST_HANDSHAKE(s)) - return 0; - - ret = ssl_get_min_max_version_ntls(s, &ver_min, &ver_max, NULL); - - if (ret != 0) - return ret; - - s->version = ver_max; - - /* TLS1.3 always uses TLS1.2 in the legacy_version field */ - if (ver_max > TLS1_2_VERSION) - ver_max = TLS1_2_VERSION; - - s->client_version = ver_max; - return 0; -} - /* * Checks a list of |groups| to determine if the |group_id| is in it. If it is * and |checkallow| is 1 then additionally check if the group is allowed to be diff --git a/ssl/statem_ntls/ntls_statem_srvr.c b/ssl/statem_ntls/ntls_statem_srvr.c index 798b0f83b..ed274c45e 100644 --- a/ssl/statem_ntls/ntls_statem_srvr.c +++ b/ssl/statem_ntls/ntls_statem_srvr.c @@ -749,31 +749,16 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) ext_len); } -#define RENEG_OPTIONS_OK(options) \ - ((options & SSL_OP_NO_RENEGOTIATION) == 0 \ - && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) - MSG_PROCESS_RETURN tls_process_client_hello_ntls(SSL *s, PACKET *pkt) { PACKET session_id, compression, extensions, cookie; static const unsigned char null_compression = 0; CLIENTHELLO_MSG *clienthello = NULL; - /* Check if this is actually an unexpected renegotiation ClientHello */ - if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) { - if (!ossl_assert(!SSL_IS_TLS13(s))) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - if (!RENEG_OPTIONS_OK(s->options) - || (!s->s3.send_connection_binding - && (s->options - & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - return MSG_PROCESS_FINISHED_READING; - } - s->renegotiate = 1; - s->new_session = 1; + /* unexpected ClientHello */ + if (!SSL_IS_FIRST_HANDSHAKE(s)) { + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + return MSG_PROCESS_FINISHED_READING; } clienthello = OPENSSL_zalloc(sizeof(*clienthello)); @@ -964,7 +949,7 @@ MSG_PROCESS_RETURN tls_process_client_hello_ntls(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -static int tls_early_post_process_client_hello(SSL *s) +static int tls_early_post_process_client_hello_ntls(SSL *s) { unsigned int j; int i, al = SSL_AD_INTERNAL_ERROR; @@ -974,7 +959,6 @@ static int tls_early_post_process_client_hello(SSL *s) const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *ciphers = NULL; - STACK_OF(SSL_CIPHER) *scsvs = NULL; CLIENTHELLO_MSG *clienthello = s->clienthello; DOWNGRADE dgrd = DOWNGRADE_NONE; @@ -1046,41 +1030,12 @@ static int tls_early_post_process_client_hello(SSL *s) if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites, clienthello->isv2) || - !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs, + !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, NULL, clienthello->isv2, 1)) { /* SSLfatal_ntls() already called */ goto err; } - s->s3.send_connection_binding = 0; - /* Check what signalling cipher-suite values were received. */ - if (scsvs != NULL) { - for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { - c = sk_SSL_CIPHER_value(scsvs, i); - if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) { - if (s->renegotiate) { - /* SCSV is fatal if renegotiating */ - SSLfatal_ntls(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - goto err; - } - s->s3.send_connection_binding = 1; - } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && - !ssl_check_version_downgrade_ntls(s)) { - /* - * This SCSV indicates that the client previously tried - * a higher version. We should fail if the current version - * is an unexpected downgrade, as that indicates that the first - * connection may have been tampered with in order to trigger - * an insecure downgrade. - */ - SSLfatal_ntls(s, SSL_AD_INAPPROPRIATE_FALLBACK, - SSL_R_INAPPROPRIATE_FALLBACK); - goto err; - } - } - } - /* * We don't allow resumption in a backwards compatible ClientHello. * In TLS1.1+, session_id MUST be empty. @@ -1270,14 +1225,12 @@ static int tls_early_post_process_client_hello(SSL *s) } sk_SSL_CIPHER_free(ciphers); - sk_SSL_CIPHER_free(scsvs); OPENSSL_free(clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); s->clienthello = NULL; return 1; err: sk_SSL_CIPHER_free(ciphers); - sk_SSL_CIPHER_free(scsvs); OPENSSL_free(clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); s->clienthello = NULL; @@ -1418,7 +1371,7 @@ WORK_STATE tls_post_process_client_hello_ntls(SSL *s, WORK_STATE wst) const SSL_CIPHER *cipher; if (wst == WORK_MORE_A) { - int rv = tls_early_post_process_client_hello(s); + int rv = tls_early_post_process_client_hello_ntls(s); if (rv == 0) { /* SSLfatal_ntls() was already called */ goto err; diff --git a/test/ssl-tests/31-ntls.cnf b/test/ssl-tests/31-ntls.cnf index 350d93f5a..0066e7214 100644 --- a/test/ssl-tests/31-ntls.cnf +++ b/test/ssl-tests/31-ntls.cnf @@ -1,44 +1,47 @@ # Generated with generate_ssl_tests.pl -num_tests = 17 - -test-0 = 0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only -test-1 = 1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only -test-2 = 2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode -test-3 = 3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode -test-4 = 4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode -test-5 = 5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode -test-6 = 6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode -test-7 = 7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode -test-8 = 8-test ntls client doing handshake without setting certs and pkey -test-9 = 9-test server encryption certificate expired -test-10 = 10-test server sign certificate expired -test-11 = 11-test server certificates expired -test-12 = 12-test server choose ECC-SM2-SM4 with SM2 double certs only -test-13 = 13-test server choose RSA-SM4 with RSA double certs only -test-14 = 14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs -test-15 = 15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs -test-16 = 16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs +num_tests = 18 + +test-0 = 0-test server set min and max TLS version should not affect NTLS +test-1 = 1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only +test-2 = 2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only +test-3 = 3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode +test-4 = 4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode +test-5 = 5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode +test-6 = 6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode +test-7 = 7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode +test-8 = 8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode +test-9 = 9-test ntls client doing handshake without setting certs and pkey +test-10 = 10-test server encryption certificate expired +test-11 = 11-test server sign certificate expired +test-12 = 12-test server certificates expired +test-13 = 13-test server choose ECC-SM2-SM4 with SM2 double certs only +test-14 = 14-test server choose RSA-SM4 with RSA double certs only +test-15 = 15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs +test-16 = 16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs +test-17 = 17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs # =========================================================== -[0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only] -ssl_conf = 0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl +[0-test server set min and max TLS version should not affect NTLS] +ssl_conf = 0-test server set min and max TLS version should not affect NTLS-ssl -[0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl] -server = 0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server -client = 0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client +[0-test server set min and max TLS version should not affect NTLS-ssl] +server = 0-test server set min and max TLS version should not affect NTLS-server +client = 0-test server set min and max TLS version should not affect NTLS-client -[0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server] +[0-test server set min and max TLS version should not affect NTLS-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on EncCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_enc.crt EncPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_enc.key +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[0-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client] +[0-test server set min and max TLS version should not affect NTLS-client] CipherString = ECC-SM2-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt @@ -53,14 +56,14 @@ Method = NTLS # =========================================================== -[1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only] -ssl_conf = 1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl +[1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only] +ssl_conf = 1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl -[1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl] -server = 1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server -client = 1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client +[1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl] +server = 1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server +client = 1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client -[1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server] +[1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -70,13 +73,45 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[1-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client] -CipherString = ECC-SM2-SM4-GCM-SM3 +[1-test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client] +CipherString = ECC-SM2-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer [test-1] +ExpectedCipher = ECC-SM2-SM4-CBC-SM3 +ExpectedProtocol = NTLS +ExpectedResult = Success +Method = NTLS + + +# =========================================================== + +[2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only] +ssl_conf = 2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl + +[2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-ssl] +server = 2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server +client = 2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client + +[2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Enable_ntls = on +EncCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_enc.crt +EncPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_enc.key +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt +SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key + +[2-test cipher ECC-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only-client] +CipherString = ECC-SM2-SM4-GCM-SM3 +Enable_ntls = on +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt +VerifyMode = Peer + +[test-2] ExpectedCipher = ECC-SM2-SM4-GCM-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -85,14 +120,14 @@ Method = NTLS # =========================================================== -[2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode] -ssl_conf = 2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl +[3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode] +ssl_conf = 3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl -[2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl] -server = 2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-server -client = 2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-client +[3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl] +server = 3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-server +client = 3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-client -[2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-server] +[3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -103,7 +138,7 @@ SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt -[2-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-client] +[3-test cipher ECDHE-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode-client] CipherString = ECDHE-SM2-SM4-CBC-SM3 Enable_ntls = on EncCertificate = ${ENV::TEST_CERTS_DIR}/sm2/client_enc.crt @@ -113,7 +148,7 @@ SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/client_sign.key VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-2] +[test-3] ExpectedCipher = ECDHE-SM2-SM4-CBC-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -122,14 +157,14 @@ Method = NTLS # =========================================================== -[3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode] -ssl_conf = 3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl +[4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode] +ssl_conf = 4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl -[3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl] -server = 3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-server -client = 3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-client +[4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl] +server = 4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-server +client = 4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-client -[3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-server] +[4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -140,7 +175,7 @@ SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt -[3-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-client] +[4-test cipher ECDHE-SM2-SM4-GCM-SM3 in NTLS_UNIQUE mode-client] CipherString = ECDHE-SM2-SM4-GCM-SM3 Enable_ntls = on EncCertificate = ${ENV::TEST_CERTS_DIR}/sm2/client_enc.crt @@ -150,7 +185,7 @@ SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/client_sign.key VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-3] +[test-4] ExpectedCipher = ECDHE-SM2-SM4-GCM-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -159,14 +194,14 @@ Method = NTLS # =========================================================== -[4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode] -ssl_conf = 4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl +[5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode] +ssl_conf = 5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl -[4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl] -server = 4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-server -client = 4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-client +[5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-ssl] +server = 5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-server +client = 5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-client -[4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-server] +[5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -176,13 +211,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.key -[4-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-client] +[5-test cipher RSA-SM4-CBC-SM3 in NTLS_UNIQUE mode-client] CipherString = RSA-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Peer -[test-4] +[test-5] ExpectedCipher = RSA-SM4-CBC-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -191,14 +226,14 @@ Method = NTLS # =========================================================== -[5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode] -ssl_conf = 5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl +[6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode] +ssl_conf = 6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl -[5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl] -server = 5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-server -client = 5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-client +[6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-ssl] +server = 6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-server +client = 6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-client -[5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-server] +[6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -208,13 +243,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.key -[5-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-client] +[6-test cipher RSA-SM4-GCM-SM3 in NTLS_UNIQUE mode-client] CipherString = RSA-SM4-GCM-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Peer -[test-5] +[test-6] ExpectedCipher = RSA-SM4-GCM-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -223,14 +258,14 @@ Method = NTLS # =========================================================== -[6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode] -ssl_conf = 6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-ssl +[7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode] +ssl_conf = 7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-ssl -[6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-ssl] -server = 6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-server -client = 6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-client +[7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-ssl] +server = 7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-server +client = 7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-client -[6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-server] +[7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -240,13 +275,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.key -[6-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-client] +[7-test cipher RSA-SM4-CBC-SHA256 in NTLS_UNIQUE mode-client] CipherString = RSA-SM4-CBC-SHA256 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Peer -[test-6] +[test-7] ExpectedCipher = RSA-SM4-CBC-SHA256 ExpectedProtocol = NTLS ExpectedResult = Success @@ -255,14 +290,14 @@ Method = NTLS # =========================================================== -[7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode] -ssl_conf = 7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-ssl +[8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode] +ssl_conf = 8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-ssl -[7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-ssl] -server = 7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-server -client = 7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-client +[8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-ssl] +server = 8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-server +client = 8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-client -[7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-server] +[8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -272,13 +307,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.key -[7-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-client] +[8-test cipher RSA-SM4-GCM-SHA256 in NTLS_UNIQUE mode-client] CipherString = RSA-SM4-GCM-SHA256 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Peer -[test-7] +[test-8] ExpectedCipher = RSA-SM4-GCM-SHA256 ExpectedProtocol = NTLS ExpectedResult = Success @@ -287,40 +322,40 @@ Method = NTLS # =========================================================== -[8-test ntls client doing handshake without setting certs and pkey] -ssl_conf = 8-test ntls client doing handshake without setting certs and pkey-ssl +[9-test ntls client doing handshake without setting certs and pkey] +ssl_conf = 9-test ntls client doing handshake without setting certs and pkey-ssl -[8-test ntls client doing handshake without setting certs and pkey-ssl] -server = 8-test ntls client doing handshake without setting certs and pkey-server -client = 8-test ntls client doing handshake without setting certs and pkey-client +[9-test ntls client doing handshake without setting certs and pkey-ssl] +server = 9-test ntls client doing handshake without setting certs and pkey-server +client = 9-test ntls client doing handshake without setting certs and pkey-client -[8-test ntls client doing handshake without setting certs and pkey-server] +[9-test ntls client doing handshake without setting certs and pkey-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-test ntls client doing handshake without setting certs and pkey-client] +[9-test ntls client doing handshake without setting certs and pkey-client] CipherString = ECC-SM2-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-9] ExpectedResult = ServerFail Method = NTLS # =========================================================== -[9-test server encryption certificate expired] -ssl_conf = 9-test server encryption certificate expired-ssl +[10-test server encryption certificate expired] +ssl_conf = 10-test server encryption certificate expired-ssl -[9-test server encryption certificate expired-ssl] -server = 9-test server encryption certificate expired-server -client = 9-test server encryption certificate expired-client +[10-test server encryption certificate expired-ssl] +server = 10-test server encryption certificate expired-server +client = 10-test server encryption certificate expired-client -[9-test server encryption certificate expired-server] +[10-test server encryption certificate expired-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -330,13 +365,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[9-test server encryption certificate expired-client] +[10-test server encryption certificate expired-client] CipherString = DEFAULT Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-9] +[test-10] ExpectedClientAlert = CertificateExpired ExpectedResult = ClientFail Method = NTLS @@ -344,14 +379,14 @@ Method = NTLS # =========================================================== -[10-test server sign certificate expired] -ssl_conf = 10-test server sign certificate expired-ssl +[11-test server sign certificate expired] +ssl_conf = 11-test server sign certificate expired-ssl -[10-test server sign certificate expired-ssl] -server = 10-test server sign certificate expired-server -client = 10-test server sign certificate expired-client +[11-test server sign certificate expired-ssl] +server = 11-test server sign certificate expired-server +client = 11-test server sign certificate expired-client -[10-test server sign certificate expired-server] +[11-test server sign certificate expired-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -361,13 +396,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign_expire.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[10-test server sign certificate expired-client] +[11-test server sign certificate expired-client] CipherString = DEFAULT Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-10] +[test-11] ExpectedClientAlert = CertificateExpired ExpectedResult = ClientFail Method = NTLS @@ -375,14 +410,14 @@ Method = NTLS # =========================================================== -[11-test server certificates expired] -ssl_conf = 11-test server certificates expired-ssl +[12-test server certificates expired] +ssl_conf = 12-test server certificates expired-ssl -[11-test server certificates expired-ssl] -server = 11-test server certificates expired-server -client = 11-test server certificates expired-client +[12-test server certificates expired-ssl] +server = 12-test server certificates expired-server +client = 12-test server certificates expired-client -[11-test server certificates expired-server] +[12-test server certificates expired-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Enable_ntls = on @@ -392,13 +427,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign_expire.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[11-test server certificates expired-client] +[12-test server certificates expired-client] CipherString = DEFAULT Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-11] +[test-12] ExpectedClientAlert = CertificateExpired ExpectedResult = ClientFail Method = NTLS @@ -406,14 +441,14 @@ Method = NTLS # =========================================================== -[12-test server choose ECC-SM2-SM4 with SM2 double certs only] -ssl_conf = 12-test server choose ECC-SM2-SM4 with SM2 double certs only-ssl +[13-test server choose ECC-SM2-SM4 with SM2 double certs only] +ssl_conf = 13-test server choose ECC-SM2-SM4 with SM2 double certs only-ssl -[12-test server choose ECC-SM2-SM4 with SM2 double certs only-ssl] -server = 12-test server choose ECC-SM2-SM4 with SM2 double certs only-server -client = 12-test server choose ECC-SM2-SM4 with SM2 double certs only-client +[13-test server choose ECC-SM2-SM4 with SM2 double certs only-ssl] +server = 13-test server choose ECC-SM2-SM4 with SM2 double certs only-server +client = 13-test server choose ECC-SM2-SM4 with SM2 double certs only-client -[12-test server choose ECC-SM2-SM4 with SM2 double certs only-server] +[13-test server choose ECC-SM2-SM4 with SM2 double certs only-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = RSA-SM4-CBC-SM3:ECC-SM2-SM4-CBC-SM3 Enable_ntls = on @@ -423,13 +458,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[12-test server choose ECC-SM2-SM4 with SM2 double certs only-client] +[13-test server choose ECC-SM2-SM4 with SM2 double certs only-client] CipherString = ECC-SM2-SM4-CBC-SM3:RSA-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-12] +[test-13] ExpectedCipher = ECC-SM2-SM4-CBC-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -438,14 +473,14 @@ Method = NTLS # =========================================================== -[13-test server choose RSA-SM4 with RSA double certs only] -ssl_conf = 13-test server choose RSA-SM4 with RSA double certs only-ssl +[14-test server choose RSA-SM4 with RSA double certs only] +ssl_conf = 14-test server choose RSA-SM4 with RSA double certs only-ssl -[13-test server choose RSA-SM4 with RSA double certs only-ssl] -server = 13-test server choose RSA-SM4 with RSA double certs only-server -client = 13-test server choose RSA-SM4 with RSA double certs only-client +[14-test server choose RSA-SM4 with RSA double certs only-ssl] +server = 14-test server choose RSA-SM4 with RSA double certs only-server +client = 14-test server choose RSA-SM4 with RSA double certs only-client -[13-test server choose RSA-SM4 with RSA double certs only-server] +[14-test server choose RSA-SM4 with RSA double certs only-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = ECC-SM2-SM4-CBC-SM3:RSA-SM4-CBC-SM3 Enable_ntls = on @@ -455,13 +490,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem SignCertificate = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.crt SignPrivateKey = ${ENV::TEST_CERTS_DIR}/server-rsa-sign.key -[13-test server choose RSA-SM4 with RSA double certs only-client] +[14-test server choose RSA-SM4 with RSA double certs only-client] CipherString = ECC-SM2-SM4-CBC-SM3:RSA-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Peer -[test-13] +[test-14] ExpectedCipher = RSA-SM4-CBC-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -470,14 +505,14 @@ Method = NTLS # =========================================================== -[14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs] -ssl_conf = 14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-ssl +[15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs] +ssl_conf = 15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-ssl -[14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-ssl] -server = 14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-server -client = 14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-client +[15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-ssl] +server = 15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-server +client = 15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-client -[14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-server] +[15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = ECC-SM2-SM4-CBC-SM3:RSA-SM4-CBC-SM3 Enable_ntls = on @@ -492,13 +527,13 @@ SM2.EncPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_enc.key SM2.SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SM2.SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[14-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-client] +[15-test server choose the preferred cipher ECC-SM2 with SM2 and RSA double certs-client] CipherString = RSA-SM4-CBC-SM3:ECC-SM2-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-14] +[test-15] ExpectedCipher = ECC-SM2-SM4-CBC-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -507,14 +542,14 @@ Method = NTLS # =========================================================== -[15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs] -ssl_conf = 15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl +[16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs] +ssl_conf = 16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl -[15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl] -server = 15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-server -client = 15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-client +[16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl] +server = 16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-server +client = 16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-client -[15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-server] +[16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = RSA-SM4-CBC-SM3:ECC-SM2-SM4-CBC-SM3 Enable_ntls = on @@ -529,13 +564,13 @@ SM2.EncPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_enc.key SM2.SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SM2.SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[15-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-client] +[16-test server choose the preferred cipher RSA-SM4 with SM2 and RSA double certs-client] CipherString = ECC-SM2-SM4-CBC-SM3:RSA-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Peer -[test-15] +[test-16] ExpectedCipher = RSA-SM4-CBC-SM3 ExpectedProtocol = NTLS ExpectedResult = Success @@ -544,14 +579,14 @@ Method = NTLS # =========================================================== -[16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs] -ssl_conf = 16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl +[17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs] +ssl_conf = 17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl -[16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl] -server = 16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-server -client = 16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-client +[17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-ssl] +server = 17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-server +client = 17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-client -[16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-server] +[17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = RSA-SM4-CBC-SM3:ECC-SM2-SM4-CBC-SM3 Enable_ntls = on @@ -565,13 +600,13 @@ SM2.EncPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_enc.key SM2.SignCertificate = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.crt SM2.SignPrivateKey = ${ENV::TEST_CERTS_DIR}/sm2/server_sign.key -[16-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-client] +[17-test server choose the client preferred cipher RSA-SM4 with SM2 and RSA double certs-client] CipherString = ECC-SM2-SM4-CBC-SM3:RSA-SM4-CBC-SM3 Enable_ntls = on VerifyCAFile = ${ENV::TEST_CERTS_DIR}/sm2/chain-ca.crt VerifyMode = Peer -[test-16] +[test-17] ExpectedCipher = ECC-SM2-SM4-CBC-SM3 ExpectedProtocol = NTLS ExpectedResult = Success diff --git a/test/ssl-tests/31-ntls.cnf.in b/test/ssl-tests/31-ntls.cnf.in index 147cc3c8d..7ce80955f 100644 --- a/test/ssl-tests/31-ntls.cnf.in +++ b/test/ssl-tests/31-ntls.cnf.in @@ -16,6 +16,30 @@ use OpenSSL::Test::Utils; our @tests = ( + { + name => "test server set min and max TLS version should not affect NTLS", + server => { + "SignCertificate" => test_pem("sm2", "server_sign.crt"), + "SignPrivateKey" => test_pem("sm2", "server_sign.key"), + "EncCertificate" => test_pem("sm2", "server_enc.crt"), + "EncPrivateKey" => test_pem("sm2", "server_enc.key"), + "Enable_ntls" => "on", + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.3" + }, + client => { + "CipherString" => "ECC-SM2-SM4-CBC-SM3", + "VerifyCAFile" => test_pem("sm2", "chain-ca.crt"), + "Enable_ntls" => "on", + }, + test => { + "Method" => "NTLS", + "ExpectedResult" => "Success", + "ExpectedCipher" => "ECC-SM2-SM4-CBC-SM3", + "ExpectedProtocol" => "NTLS", + }, + }, + { name => "test cipher ECC-SM2-SM4-CBC-SM3 in NTLS_UNIQUE mode, NTLS_UNIQUE test server and client all use NTLS only", server => { diff --git a/test/ssl_test.c b/test/ssl_test.c index 5ea022e3f..6bb8ac585 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -497,14 +497,14 @@ static int test_handshake(int idx) #endif #ifndef OPENSSL_NO_NTLS if (test_ctx->method == SSL_TEST_METHOD_NTLS) { - server_ctx = SSL_CTX_new_ex(libctx, NULL, NTLS_server_method()); + server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); if (!TEST_ptr(server_ctx)) { goto err; } if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { - if (!TEST_ptr(server2_ctx = SSL_CTX_new_ex(libctx, NULL, NTLS_server_method()))) + if (!TEST_ptr(server2_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) goto err; } @@ -514,7 +514,7 @@ static int test_handshake(int idx) } if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { - resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, NTLS_server_method()); + resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, NTLS_client_method()); if (!TEST_ptr(resume_server_ctx)