search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.26k stars 2.57k forks source link

ssl_client2 can't verify qq.com #6678

Closed cloudyfly closed 11 months ago

cloudyfly commented 1 year ago

Summary

Hi: I compile mbedTls source, and use ssl_client2 program to have a test for qq.com, followed:

./ssl_client2 server_name=qq.com server_port=443 ca_file=root.pem debug_level=1

Log START.... . Seeding the random number generator... ok . Loading the CA root certificate ... ok (0 skipped) . Loading the client cert. and key... ok (key type: none) . Setting up the SSL/TLS structure... ok . Connecting to tcp/qq.com/443... ok . Performing the SSL/TLS handshake...ssl_tls13_generic.c:1464: |1| Perform PSA-based ECDH computation. ssl_client.c:0261: |1| got supported group(001d) ssl_client.c:0261: |1| got supported group(0017) ssl_client.c:0261: |1| got supported group(0018) ssl_client.c:0261: |1| got supported group(001e) ssl_client.c:0261: |1| got supported group(0019) ssl_client.c:0261: |1| got supported group(001a) ssl_client.c:0261: |1| got supported group(001b) ssl_client.c:0261: |1| got supported group(001c)

Verify requested for (Depth 2): cert. version : 3 serial number : 08:3B:E0:56:90:42:46:B1:A1:75:6A:C9:59:91:C7:4A issuer name : C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA subject name : C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA issued on : 2006-11-10 00:00:00 expires on : 2031-11-10 00:00:00 signed using : RSA with SHA1 RSA key size : 2048 bits basic constraints : CA=true key usage : Digital Signature, Key Cert Sign, CRL Sign This certificate has no flags

Verify requested for (Depth 1): cert. version : 3 serial number : 06:C9:35:1A:E6:F0:AC:6E:B0:06:FB:0C:2A:A7:32:41 issuer name : C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA subject name : C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 issued on : 2020-03-13 12:00:00 expires on : 2030-03-13 12:00:00 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true, max_pathlen=0 key usage : Digital Signature, Key Cert Sign, CRL Sign ext key usage : TLS Web Server Authentication, TLS Web Client Authentication certificate policies : Any Policy This certificate has no flags

Verify requested for (Depth 0): cert. version : 3 serial number : 04:E1:23:89:1E:E9:8F:01:2E:5A:7F:6B:B5:8E:DC:DC issuer name : C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 subject name : C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=qq.com issued on : 2022-06-09 00:00:00 expires on : 2023-06-09 23:59:59 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : dNSName : qq.com dNSName : qq.wang dNSName : www.qq.com key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication, TLS Web Client Authentication certificate policies : ??? This certificate has no flags ssl_tls12_client.c:2071: |1| Server used unsupported HashAlgorithm 8 ssl_tls12_client.c:2415: |1| bad server key exchange message failed ! mbedtls_ssl_handshake returned -0x6600

Last error was: -0x6600 - SSL - A field in a message was incorrect or inconsistent with other fields Log END....

Hi, I input other sites, such as baidu.com, no problem, is it a bug for ECDH ?

System information

Mbed TLS version (number or commit id): 3.2.1 Operating system and version: ubuntu Configuration (if not default, please attach mbedtls_config.h): python3 $MBEDTLS_CONFIG set MBEDTLS_AES_C python3 $MBEDTLS_CONFIG set MBEDTLS_AES_ROM_TABLES python3 $MBEDTLS_CONFIG unset MBEDTLS_AESNI_C python3 $MBEDTLS_CONFIG unset MBEDTLS_ARIA_C python3 $MBEDTLS_CONFIG set MBEDTLS_ASN1_PARSE_C python3 $MBEDTLS_CONFIG set MBEDTLS_ASN1_WRITE_C python3 $MBEDTLS_CONFIG set MBEDTLS_BASE64_C python3 $MBEDTLS_CONFIG set MBEDTLS_BIGNUM_C python3 $MBEDTLS_CONFIG unset MBEDTLS_CAMELLIA_C python3 $MBEDTLS_CONFIG set MBEDTLS_CCM_C python3 $MBEDTLS_CONFIG set MBEDTLS_CHACHA20_C python3 $MBEDTLS_CONFIG set MBEDTLS_CHACHAPOLY_C python3 $MBEDTLS_CONFIG set MBEDTLS_CIPHER_C python3 $MBEDTLS_CONFIG set MBEDTLS_CIPHER_MODE_CBC python3 $MBEDTLS_CONFIG unset MBEDTLS_CIPHER_MODE_CFB python3 $MBEDTLS_CONFIG unset MBEDTLS_CIPHER_MODE_CTR python3 $MBEDTLS_CONFIG unset MBEDTLS_CIPHER_MODE_OFB python3 $MBEDTLS_CONFIG unset MBEDTLS_CIPHER_MODE_XTS python3 $MBEDTLS_CONFIG unset MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS python3 $MBEDTLS_CONFIG set MBEDTLS_CIPHER_PADDING_PKCS7 python3 $MBEDTLS_CONFIG unset MBEDTLS_CIPHER_PADDING_ZEROS python3 $MBEDTLS_CONFIG unset MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN python3 $MBEDTLS_CONFIG unset MBEDTLS_CMAC_C python3 $MBEDTLS_CONFIG set MBEDTLS_CTR_DRBG_C python3 $MBEDTLS_CONFIG set MBEDTLS_DEBUG_C python3 $MBEDTLS_CONFIG unset MBEDTLS_DES_C python3 $MBEDTLS_CONFIG set MBEDTLS_DHM_C python3 $MBEDTLS_CONFIG set MBEDTLS_ECDH_C python3 $MBEDTLS_CONFIG set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECDSA_C python3 $MBEDTLS_CONFIG set MBEDTLS_ECDSA_DETERMINISTIC python3 $MBEDTLS_CONFIG set MBEDTLS_ECJPAKE_C python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_C python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_BP256R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_BP384R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_BP512R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_CURVE25519_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_CURVE448_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP192K1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP192R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP224K1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP224R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP256K1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP256R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP384R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_DP_SECP521R1_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_ECP_NIST_OPTIM python3 $MBEDTLS_CONFIG unset MBEDTLS_ECP_RESTARTABLE python3 $MBEDTLS_CONFIG set MBEDTLS_ENTROPY_C python3 $MBEDTLS_CONFIG set MBEDTLS_ERROR_C python3 $MBEDTLS_CONFIG set MBEDTLS_ERROR_STRERROR_DUMMY python3 $MBEDTLS_CONFIG set MBEDTLS_FS_IO python3 $MBEDTLS_CONFIG set MBEDTLS_GCM_C python3 $MBEDTLS_CONFIG set MBEDTLS_GENPRIME python3 $MBEDTLS_CONFIG unset MBEDTLS_HAVE_ASM python3 $MBEDTLS_CONFIG unset MBEDTLS_HAVE_TIME python3 $MBEDTLS_CONFIG unset MBEDTLS_HAVE_TIME_DATE python3 $MBEDTLS_CONFIG set MBEDTLS_HKDF_C python3 $MBEDTLS_CONFIG set MBEDTLS_HMAC_DRBG_C python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_PSK_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_RSA_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED python3 $MBEDTLS_CONFIG set MBEDTLS_MD_C python3 $MBEDTLS_CONFIG unset MBEDTLS_MD5_C python3 $MBEDTLS_CONFIG unset MBEDTLS_MEMORY_BUFFER_ALLOC_C python3 $MBEDTLS_CONFIG set MBEDTLS_NET_C python3 $MBEDTLS_CONFIG unset MBEDTLS_NIST_KW_C python3 $MBEDTLS_CONFIG unset MBEDTLS_NO_UDBL_DIVISION python3 $MBEDTLS_CONFIG set MBEDTLS_OID_C python3 $MBEDTLS_CONFIG unset MBEDTLS_PADLOCK_C python3 $MBEDTLS_CONFIG set MBEDTLS_PEM_PARSE_C python3 $MBEDTLS_CONFIG set MBEDTLS_PEM_WRITE_C python3 $MBEDTLS_CONFIG set MBEDTLS_PK_C python3 $MBEDTLS_CONFIG set MBEDTLS_PK_PARSE_C python3 $MBEDTLS_CONFIG set MBEDTLS_PK_PARSE_EC_EXTENDED python3 $MBEDTLS_CONFIG set MBEDTLS_PK_RSA_ALT_SUPPORT python3 $MBEDTLS_CONFIG set MBEDTLS_PK_WRITE_C python3 $MBEDTLS_CONFIG set MBEDTLS_PKCS1_V15 python3 $MBEDTLS_CONFIG set MBEDTLS_PKCS1_V21 python3 $MBEDTLS_CONFIG unset MBEDTLS_PKCS12_C python3 $MBEDTLS_CONFIG set MBEDTLS_PKCS5_C python3 $MBEDTLS_CONFIG set MBEDTLS_PLATFORM_C python3 $MBEDTLS_CONFIG unset MBEDTLS_PLATFORM_MEMORY python3 $MBEDTLS_CONFIG unset MBEDTLS_PLATFORM_NO_STD_FUNCTIONS python3 $MBEDTLS_CONFIG unset MBEDTLS_PLATFORM_ZEROIZE_ALT python3 $MBEDTLS_CONFIG set MBEDTLS_POLY1305_C python3 $MBEDTLS_CONFIG set MBEDTLS_PSA_CRYPTO_C python3 $MBEDTLS_CONFIG unset MBEDTLS_PSA_CRYPTO_SPM python3 $MBEDTLS_CONFIG set MBEDTLS_PSA_CRYPTO_DRIVERS python3 $MBEDTLS_CONFIG set MBEDTLS_PSA_CRYPTO_SE_C python3 $MBEDTLS_CONFIG set MBEDTLS_PSA_CRYPTO_STORAGE_C python3 $MBEDTLS_CONFIG set MBEDTLS_PSA_ITS_FILE_C python3 $MBEDTLS_CONFIG unset MBEDTLS_RIPEMD160_C python3 $MBEDTLS_CONFIG set MBEDTLS_RSA_C python3 $MBEDTLS_CONFIG set MBEDTLS_SELF_TEST python3 $MBEDTLS_CONFIG set MBEDTLS_SHA1_C python3 $MBEDTLS_CONFIG set MBEDTLS_SHA224_C python3 $MBEDTLS_CONFIG set MBEDTLS_SHA256_C python3 $MBEDTLS_CONFIG set MBEDTLS_SHA384_C python3 $MBEDTLS_CONFIG set MBEDTLS_SHA512_C python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_ALL_ALERT_MESSAGES python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_ALPN python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_CACHE_C python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_CLI_C python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_CONTEXT_SERIALIZATION python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_COOKIE_C python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_DEBUG_ALL python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_DTLS_ANTI_REPLAY python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_DTLS_HELLO_VERIFY python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_DTLS_SRTP python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_ENCRYPT_THEN_MAC python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_EXTENDED_MASTER_SECRET python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_KEEP_PEER_CERTIFICATE python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_PROTO_DTLS python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_PROTO_TLS1_2 python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_PROTO_TLS1_3 python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_RENEGOTIATION python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_SERVER_NAME_INDICATION python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_SESSION_TICKETS python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_SRV_C python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_TICKET_C python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_TLS_C python3 $MBEDTLS_CONFIG set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH python3 $MBEDTLS_CONFIG unset MBEDTLS_THREADING_C python3 $MBEDTLS_CONFIG unset MBEDTLS_TIMING_ALT python3 $MBEDTLS_CONFIG unset MBEDTLS_TIMING_C python3 $MBEDTLS_CONFIG unset MBEDTLS_USE_PSA_CRYPTO python3 $MBEDTLS_CONFIG unset MBEDTLS_VERSION_C python3 $MBEDTLS_CONFIG unset MBEDTLS_VERSION_FEATURES python3 $MBEDTLS_CONFIG set MBEDTLS_X509_CREATE_C python3 $MBEDTLS_CONFIG set MBEDTLS_X509_CRL_PARSE_C python3 $MBEDTLS_CONFIG set MBEDTLS_X509_CRT_PARSE_C python3 $MBEDTLS_CONFIG set MBEDTLS_X509_CRT_WRITE_C python3 $MBEDTLS_CONFIG set MBEDTLS_X509_CSR_PARSE_C python3 $MBEDTLS_CONFIG set MBEDTLS_X509_CSR_WRITE_C python3 $MBEDTLS_CONFIG set MBEDTLS_X509_RSASSA_PSS_SUPPORT python3 $MBEDTLS_CONFIG set MBEDTLS_X509_USE_C

Compiler and options (if you used a pre-built binary, please indicate how you obtained it): 1) cmake . 2) make

Additional environment information:

Expected behavior

Actual behavior

Steps to reproduce

Additional information

gilles-peskine-arm commented 11 months ago

This looks like a bug in TLS 1.3 support. I'm not sure but I think that the server offers a TLS 1.3 SignatureScheme which our TLS 1.2 code rejects because it's not a valid TLS 1.2 SignatureAlgorithm. The connection works if you build with TLS 1.3 disabled, or if you pass force_version=tls12 with ssl_client2.

In Mbed TLS 3.5, this error no longer occurs, even when TLS 1.3 support is active.

I haven't checked precisely, but I suspect this was fixed as part of several bug fixes related to 1.2/1.3 negotiation in Mbed TLS 3.3.

Since the bug is fixed, I am closing this issue.