search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.45k stars 2.59k forks source link

ssl-opt.sh fail with openssl 1.1.1f #4660

Closed yuhaoth closed 1 year ago

yuhaoth commented 3 years ago

Summary

Build and test in ubuntu20.04 , ssl-opt.sh reports fail with development branch.

System information

Mbed TLS version (number or commit id): cee21d Operating system and version: Ubuntu 20.04

Expected behavior

ssl-opt.sh PASSED.

Actual behavior

ssl-opt.sh reports below fail

keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK ................ SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-322.log
keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK ............ SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-323.log
keyUsage cli: KeyEncipherment, RSA: OK ................................. SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-324.log
keyUsage cli: KeyEncipherment, DHE-RSA: fail ........................... SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-325.log
keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft ..................... SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-326.log
keyUsage cli: DigitalSignature, DHE-RSA: OK ............................ SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-327.log
keyUsage cli: DigitalSignature, RSA: fail .............................. SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-328.log
keyUsage cli: DigitalSignature, RSA: fail, soft ........................ SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-329.log
keyUsage cli-auth: RSA, DigitalSignature: OK ........................... FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-330.log
keyUsage cli-auth: RSA, KeyEncipherment: fail (soft) ................... FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-331.log
keyUsage cli-auth: RSA, KeyEncipherment: fail (hard) ................... FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-332.log

o-srv-3*.log report below error

SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310:

Steps to reproduce

# OS=Ubuntu20.04
make
./tests/ssl-opt.sh

Additional information

gilles-peskine-arm commented 3 years ago

The SSL test scripts assume that openssl and gnutls have certain features and don't work with versions that are too recent, too old, or built with certain features disabled. Our CI script (all.sh) are set up to use three different versions of each of openssl and gnutls depending on what is being tested. See https://developer.trustedfirmware.org/w/mbed-tls/testing/ci/#tooling-for-all-sh

mpg commented 3 years ago

Thanks for your report! As Gilles said, currently this script is not meant to work our of the box with arbitrary versions of OpenSSL, so the behaviour you're reporting is not entirely unexpected.

However, of course it's desirable to be able to use it with the latest version. If you want to investigate the reason for this failure and raise a PR improving the script so that it can be used with OpenSSL 1.1.1, that would be welcome!

yuhaoth commented 3 years ago

I regenerate tests/data_files/dhparams.pem with openssl dhparam -out dhparams.pem 2048 . It can pass test both versions( openssl1.1.1 and openssl1.1.1f )

Can I fix it with above command ? I am not sure if it is right way.

gilles-peskine-arm commented 3 years ago

With a recent development branch with https://github.com/ARMmbed/mbedtls/pull/4429 merged, dhparams.pem shouldn't be a problem: it isn't used with recent openssl versions anymore. However it looks like we need to update some certificates.

$ tests/ssl-opt.sh -f 'keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK'
keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK ................ SERVER START TIMEOUT
./tests/ssl-opt.sh: 828: kill: No such process

FAIL
  ! server or client failed to reach handshake stage
  ! outputs saved to o-XXX-1.log
$ cat tests/o-srv-1.log 
# keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK
openssl s_server -www -cert data_files/server5.crt -key data_files/server5.key -accept 17469 -key data_files/server2.key              -cert data_files/server2.ku-ds_ke.crt
Using default temp DH parameters
error setting certificate
140304611403072:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS
140304611403072:error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310:
SERVER START TIMEOUT

Some of our test certificates are still using SHA-1, for example server2.ku-ds_ke.crt. I think that's the problem.

yuhaoth commented 3 years ago

Should we add generate command into tests/data_files/Makefile ? dhparams.pem is not in the file

gilles-peskine-arm commented 3 years ago

Yes, eventually. We register all the new files in tests/data_files/Makefile, but dhparams.pem is an old file from before that makefile existed. It's a pretty low-priority backlog item right now, we don't even have an issue for it.