The branch master has been updated via 4832560be3b2a709557497cd881f8c390ba7ec34 (commit) from 835dd706d3a916dacdb302905899a32638ed8adc (commit)
- Log ----------------------------------------------------------------- commit 4832560be3b2a709557497cd881f8c390ba7ec34 Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Mon Jun 14 11:40:31 2021 +0200 Disabling Encrypt-then-MAC extension in s_client/s_server Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15735) ----------------------------------------------------------------------- Summary of changes: apps/include/opt.h | 9 ++++++--- doc/man1/openssl-s_client.pod.in | 5 +++++ doc/man1/openssl-s_server.pod.in | 5 +++++ doc/perlvars.pm | 3 ++- ssl/ssl_conf.c | 6 +++++- 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/apps/include/opt.h b/apps/include/opt.h index b77c5a52e5..96e78e4b79 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -163,7 +163,7 @@ OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ OPT_S_MINPROTO, OPT_S_MAXPROTO, \ - OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST + OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST # define OPT_S_OPTIONS \ OPT_SECTION("TLS/SSL"), \ @@ -216,7 +216,9 @@ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ "Perform all sorts of protocol violations for testing purposes"}, \ {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ - "Disable TLSv1.3 middlebox compat mode" } + "Disable TLSv1.3 middlebox compat mode" }, \ + {"no_etm", OPT_S_NO_ETM, '-', \ + "Disable Encrypt-then-Mac extension"} # define OPT_S_CASES \ OPT_S__FIRST: case OPT_S__LAST: break; \ @@ -250,7 +252,8 @@ case OPT_S_MINPROTO: \ case OPT_S_MAXPROTO: \ case OPT_S_DEBUGBROKE: \ - case OPT_S_NO_MIDDLEBOX + case OPT_S_NO_MIDDLEBOX: \ + case OPT_S_NO_ETM #define IS_NO_PROT_FLAG(o) \ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 144e367d4e..6328cd07d9 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -56,6 +56,7 @@ B<openssl> B<s_client> [B<-msg>] [B<-timeout>] [B<-mtu> I<size>] +[B<-no_etm>] [B<-keymatexport> I<label>] [B<-keymatexportlen> I<len>] [B<-msgfile> I<filename>] @@ -448,6 +449,10 @@ Enable send/receive timeout on DTLS connections. Set MTU of the link layer to the specified size. +=item B<-no_etm> + +Disable Encrypt-then-MAC negotiation. + =item B<-keymatexport> I<label> Export keying material using the specified label. diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index c4289a12e3..115eceb0e3 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -70,6 +70,7 @@ B<openssl> B<s_server> [B<-verify_quiet>] [B<-ign_eof>] [B<-no_ign_eof>] +[B<-no_etm>] [B<-status>] [B<-status_verbose>] [B<-status_timeout> I<int>] @@ -487,6 +488,10 @@ Ignore input EOF (default: when B<-quiet>). Do not ignore input EOF. +=item B<-no_etm> + +Disable Encrypt-then-MAC negotiation. + =item B<-status> Enables certificate status request support (aka OCSP stapling). diff --git a/doc/perlvars.pm b/doc/perlvars.pm index 133ad3c416..f4c20aa392 100644 --- a/doc/perlvars.pm +++ b/doc/perlvars.pm @@ -185,6 +185,7 @@ $OpenSSL::safe::opt_s_synopsis = "" . "[B<-no_resumption_on_reneg>]\n" . "[B<-legacy_server_connect>]\n" . "[B<-no_legacy_server_connect>]\n" +. "[B<-no_etm>]\n" . "[B<-allow_no_dhe_kex>]\n" . "[B<-prioritize_chacha>]\n" . "[B<-strict>]\n" @@ -205,7 +206,7 @@ $OpenSSL::safe::opt_s_item = "" . "B<-client_renegotiation>,\n" . "B<-legacy_renegotiation>, B<-no_renegotiation>,\n" . "B<-no_resumption_on_reneg>,\n" -. "B<-legacy_server_connect>, B<-no_legacy_server_connect>,\n" +. "B<-legacy_server_connect>, B<-no_legacy_server_connect>, B<-no_etm>\n" . "B<-allow_no_dhe_kex>, B<-prioritize_chacha>, B<-strict>, B<-sigalgs>\n" . "I<algs>, B<-client_sigalgs> I<algs>, B<-groups> I<groups>, B<-curves>\n" . "I<curves>, B<-named_curve> I<curve>, B<-cipher> I<ciphers>, B<-ciphersuites>\n" diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index b15c847176..c0cbbe5e2c 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -676,7 +676,8 @@ typedef struct { #define SSL_CONF_CMD_SWITCH(name, flags) \ {0, NULL, name, flags, SSL_CONF_TYPE_NONE} -/* See apps/apps.h if you change this table. */ +/* See apps/include/opt.h if you change this table. */ +/* The SSL_CONF_CMD_SWITCH should be the same order as ssl_cmd_switches */ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("no_ssl3", 0), SSL_CONF_CMD_SWITCH("no_tls1", 0), @@ -701,6 +702,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("no_middlebox", 0), SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_etm", 0), SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), SSL_CONF_CMD_STRING(Curves, "curves", 0), @@ -790,6 +792,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV}, /* no_anti_replay */ {SSL_OP_NO_ANTI_REPLAY, 0}, + /* no Encrypt-then-Mac */ + {SSL_OP_NO_ENCRYPT_THEN_MAC, 0}, }; static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)