The branch master has been updated via 8ca6c6669fb6ebd4412be7e243eefdaa6b88aec6 (commit) via a361cb841d75eae2c1c385f869fbdb598d2c60a7 (commit) from 2a33470b4f23bcf1cd66bbf645c855142efa0ed9 (commit)
- Log ----------------------------------------------------------------- commit 8ca6c6669fb6ebd4412be7e243eefdaa6b88aec6 Author: Matt Caswell <m...@openssl.org> Date: Tue Aug 18 17:25:51 2020 +0100 Test mte with stitched ciphersuites in TLSv1.0 The previous commit fixed a bug with mte, stitched ciphersuites and TLSv1.0. We now add a test for that scenario. Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12670) commit a361cb841d75eae2c1c385f869fbdb598d2c60a7 Author: Matt Caswell <m...@openssl.org> Date: Tue Aug 18 12:28:45 2020 +0100 Fix stitched ciphersuites in TLS1.0 TLS1.0 does not have an explicit IV in the record, and therefore we should not attempt to remove it. Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12670) ----------------------------------------------------------------------- Summary of changes: .../ciphers/cipher_aes_cbc_hmac_sha.c | 22 ++++++ test/ssl-tests/19-mac-then-encrypt.cnf | 84 +++++++++++++++++++++- test/ssl-tests/19-mac-then-encrypt.cnf.in | 53 ++++++++++++++ 3 files changed, 158 insertions(+), 1 deletion(-) diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index ae853b7eb9..9c927352a2 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -16,6 +16,8 @@ /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */ +/* Only for SSL3_VERSION and TLS1_VERSION */ +#include <openssl/ssl.h> #include "cipher_aes_cbc_hmac_sha.h" #include "prov/implementations.h" @@ -172,6 +174,26 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; } } + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION); + if (p != NULL) { + if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + if (ctx->base.tlsversion == SSL3_VERSION + || ctx->base.tlsversion == TLS1_VERSION) { + if (!ossl_assert(ctx->base.removetlspad >= AES_BLOCK_SIZE)) { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return 0; + } + /* + * There is no explicit IV with these TLS versions, so don't attempt + * to remove it. + */ + ctx->base.removetlspad -= AES_BLOCK_SIZE; + } + } return ret; } diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf b/test/ssl-tests/19-mac-then-encrypt.cnf index 0dd384ea6c..803c2c0c0f 100644 --- a/test/ssl-tests/19-mac-then-encrypt.cnf +++ b/test/ssl-tests/19-mac-then-encrypt.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 6 +num_tests = 9 test-0 = 0-disable-encrypt-then-mac-server-sha test-1 = 1-disable-encrypt-then-mac-client-sha @@ -8,6 +8,9 @@ test-2 = 2-disable-encrypt-then-mac-both-sha test-3 = 3-disable-encrypt-then-mac-server-sha2 test-4 = 4-disable-encrypt-then-mac-client-sha2 test-5 = 5-disable-encrypt-then-mac-both-sha2 +test-6 = 6-disable-encrypt-then-mac-server-sha-tls1 +test-7 = 7-disable-encrypt-then-mac-client-sha-tls1 +test-8 = 8-disable-encrypt-then-mac-both-sha-tls1 # =========================================================== [0-disable-encrypt-then-mac-server-sha] @@ -160,3 +163,82 @@ VerifyMode = Peer ExpectedResult = Success +# =========================================================== + +[6-disable-encrypt-then-mac-server-sha-tls1] +ssl_conf = 6-disable-encrypt-then-mac-server-sha-tls1-ssl + +[6-disable-encrypt-then-mac-server-sha-tls1-ssl] +server = 6-disable-encrypt-then-mac-server-sha-tls1-server +client = 6-disable-encrypt-then-mac-server-sha-tls1-client + +[6-disable-encrypt-then-mac-server-sha-tls1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-disable-encrypt-then-mac-server-sha-tls1-client] +CipherString = AES128-SHA@SECLEVEL=0 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + +# =========================================================== + +[7-disable-encrypt-then-mac-client-sha-tls1] +ssl_conf = 7-disable-encrypt-then-mac-client-sha-tls1-ssl + +[7-disable-encrypt-then-mac-client-sha-tls1-ssl] +server = 7-disable-encrypt-then-mac-client-sha-tls1-server +client = 7-disable-encrypt-then-mac-client-sha-tls1-client + +[7-disable-encrypt-then-mac-client-sha-tls1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-disable-encrypt-then-mac-client-sha-tls1-client] +CipherString = AES128-SHA@SECLEVEL=0 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success + + +# =========================================================== + +[8-disable-encrypt-then-mac-both-sha-tls1] +ssl_conf = 8-disable-encrypt-then-mac-both-sha-tls1-ssl + +[8-disable-encrypt-then-mac-both-sha-tls1-ssl] +server = 8-disable-encrypt-then-mac-both-sha-tls1-server +client = 8-disable-encrypt-then-mac-both-sha-tls1-client + +[8-disable-encrypt-then-mac-both-sha-tls1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-disable-encrypt-then-mac-both-sha-tls1-client] +CipherString = AES128-SHA@SECLEVEL=0 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success + + diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in index 32b7b7dfdb..074b1d1380 100644 --- a/test/ssl-tests/19-mac-then-encrypt.cnf.in +++ b/test/ssl-tests/19-mac-then-encrypt.cnf.in @@ -13,6 +13,8 @@ package ssltests; use OpenSSL::Test::Utils; +our $fips_mode; + our @tests = ( { name => "disable-encrypt-then-mac-server-sha", @@ -99,4 +101,55 @@ my @tests_tls1_2 = ( }, ); +our @tests_tls1 = ( + { + name => "disable-encrypt-then-mac-server-sha-tls1", + server => { + "CipherString" => 'DEFAULT:@SECLEVEL=0', + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => 'AES128-SHA@SECLEVEL=0', + "MinProtocol" => "TLSv1", + "MaxProtocol" => "TLSv1" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha-tls1", + server => { + "CipherString" => 'DEFAULT:@SECLEVEL=0', + }, + client => { + "CipherString" => 'AES128-SHA@SECLEVEL=0', + "Options" => "-EncryptThenMac", + "MinProtocol" => "TLSv1", + "MaxProtocol" => "TLSv1" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha-tls1", + server => { + "CipherString" => 'DEFAULT:@SECLEVEL=0', + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => 'AES128-SHA@SECLEVEL=0', + "Options" => "-EncryptThenMac", + "MinProtocol" => "TLSv1", + "MaxProtocol" => "TLSv1" + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); + + push @tests, @tests_tls1_2 unless disabled("tls1_2"); +push @tests, @tests_tls1 unless disabled("tls1") || $fips_mode;