[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Mon May 16 18:50:46 UTC 2016
The branch master has been updated
via d139723b0e6718410d0f11f645387f9c90c1424d (commit)
via 05df5c2036f1244fe3df70de7d8079a5d86b999d (commit)
via 4e2e1ec9d53696abeb6873f700ec1da141cdd9a9 (commit)
from c821defc3f728a491856b7286e5b2cbda96a3563 (commit)
- Log -----------------------------------------------------------------
commit d139723b0e6718410d0f11f645387f9c90c1424d
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Wed Mar 2 14:39:14 2016 +0100
session tickets: use more sizeof
Reviewed-by: Matt Caswell <matt at openssl.org>
MR: #2153
commit 05df5c2036f1244fe3df70de7d8079a5d86b999d
Author: TJ Saunders <tj at castaglia.org>
Date: Sat Feb 27 19:37:34 2016 +0100
Use AES256 for the default encryption algoritm for TLS session tickets
This involves providing more session ticket key data, for both the cipher and
the digest
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Matt Caswell <matt at openssl.org>
GH: #515, MR: #2153
commit 4e2e1ec9d53696abeb6873f700ec1da141cdd9a9
Author: TJ Saunders <tj at castaglia.org>
Date: Sat Feb 27 19:36:00 2016 +0100
session tickets: Use sizeof() for the various fields
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Matt Caswell <matt at openssl.org>
GH: #515, MR: #2153
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_lib.c | 30 +++++++++++++++++++++---------
ssl/ssl_lib.c | 8 ++++----
ssl/ssl_locl.h | 8 +++++---
ssl/statem/statem_srvr.c | 36 ++++++++++++++++++++++--------------
ssl/t1_lib.c | 10 ++++++----
5 files changed, 58 insertions(+), 34 deletions(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index eaf6ee2..a742b95 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3395,20 +3395,32 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
{
unsigned char *keys = parg;
- if (!keys)
- return 48;
- if (larg != 48) {
+ long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
+ sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key));
+ if (keys == NULL)
+ return tlsext_tick_keylen;
+ if (larg != tlsext_tick_keylen) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
return 0;
}
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
- memcpy(ctx->tlsext_tick_key_name, keys, 16);
- memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
- memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
+ memcpy(ctx->tlsext_tick_key_name, keys,
+ sizeof(ctx->tlsext_tick_key_name));
+ memcpy(ctx->tlsext_tick_hmac_key,
+ keys + sizeof(ctx->tlsext_tick_key_name),
+ sizeof(ctx->tlsext_tick_hmac_key));
+ memcpy(ctx->tlsext_tick_aes_key,
+ keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
+ sizeof(ctx->tlsext_tick_aes_key));
} else {
- memcpy(keys, ctx->tlsext_tick_key_name, 16);
- memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
- memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
+ memcpy(keys, ctx->tlsext_tick_key_name,
+ sizeof(ctx->tlsext_tick_key_name));
+ memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
+ ctx->tlsext_tick_hmac_key,
+ sizeof(ctx->tlsext_tick_hmac_key));
+ memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
+ ctx->tlsext_tick_aes_key,
+ sizeof(ctx->tlsext_tick_aes_key));
}
return 1;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 471779b..2c5548d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2461,10 +2461,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
- /* Setup RFC4507 ticket keys */
- if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0)
- || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
- || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
+ /* Setup RFC5077 ticket keys */
+ if ((RAND_bytes(ret->tlsext_tick_key_name, sizeof(ret->tlsext_tick_key_name)) <= 0)
+ || (RAND_bytes(ret->tlsext_tick_hmac_key, sizeof(ret->tlsext_tick_hmac_key)) <= 0)
+ || (RAND_bytes(ret->tlsext_tick_aes_key, sizeof(ret->tlsext_tick_aes_key)) <= 0))
ret->options |= SSL_OP_NO_TICKET;
#ifndef OPENSSL_NO_SRP
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 9bc9892..5cc1dcf 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -686,6 +686,8 @@ DEFINE_LHASH_OF(SSL_SESSION);
/* Needed in ssl_cert.c */
DEFINE_LHASH_OF(X509_NAME);
+#define TLSEXT_KEYNAME_LENGTH 16
+
struct ssl_ctx_st {
const SSL_METHOD *method;
STACK_OF(SSL_CIPHER) *cipher_list;
@@ -857,9 +859,9 @@ struct ssl_ctx_st {
int (*tlsext_servername_callback) (SSL *, int *, void *);
void *tlsext_servername_arg;
/* RFC 4507 session ticket keys */
- unsigned char tlsext_tick_key_name[16];
- unsigned char tlsext_tick_hmac_key[16];
- unsigned char tlsext_tick_aes_key[16];
+ unsigned char tlsext_tick_key_name[TLSEXT_KEYNAME_LENGTH];
+ unsigned char tlsext_tick_hmac_key[32];
+ unsigned char tlsext_tick_aes_key[32];
/* Callback to support customisation of ticket key setting */
int (*tlsext_ticket_key_cb) (SSL *ssl,
unsigned char *name, unsigned char *iv,
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 90b9d2d..8aa0915 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2978,7 +2978,8 @@ int tls_construct_new_session_ticket(SSL *s)
unsigned int hlen;
SSL_CTX *tctx = s->initial_ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char key_name[16];
+ unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
+ int iv_len;
/* get session encoding length */
slen_full = i2d_SSL_SESSION(s->session, NULL);
@@ -3028,13 +3029,14 @@ int tls_construct_new_session_ticket(SSL *s)
* Grow buffer if need be: the length calculation is as
* follows handshake_header_length +
* 4 (ticket lifetime hint) + 2 (ticket length) +
- * 16 (key name) + max_iv_len (iv length) +
- * session_length + max_enc_block_size (max encrypted session
- * length) + max_md_size (HMAC).
+ * sizeof(keyname) + max_iv_len (iv length) +
+ * max_enc_block_size (max encrypted session * length) +
+ * max_md_size (HMAC) + session_length.
*/
if (!BUF_MEM_grow(s->init_buf,
- SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH +
- EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
+ SSL_HM_HEADER_LENGTH(s) + 6 + sizeof(key_name) +
+ EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
+ EVP_MAX_MD_SIZE + slen))
goto err;
p = ssl_handshake_start(s);
@@ -3045,16 +3047,22 @@ int tls_construct_new_session_ticket(SSL *s)
if (tctx->tlsext_ticket_key_cb) {
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)
goto err;
+ iv_len = EVP_CIPHER_CTX_iv_length(ctx);
} else {
- if (RAND_bytes(iv, 16) <= 0)
+ const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+
+ iv_len = EVP_CIPHER_iv_length(cipher);
+ if (RAND_bytes(iv, iv_len) <= 0)
goto err;
- if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+ if (!EVP_EncryptInit_ex(ctx, cipher, NULL,
tctx->tlsext_tick_aes_key, iv))
goto err;
- if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
+ if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
+ sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL))
goto err;
- memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+ memcpy(key_name, tctx->tlsext_tick_key_name,
+ sizeof(tctx->tlsext_tick_key_name));
}
/*
@@ -3068,11 +3076,11 @@ int tls_construct_new_session_ticket(SSL *s)
p += 2;
/* Output key name */
macstart = p;
- memcpy(p, key_name, 16);
- p += 16;
+ memcpy(p, key_name, sizeof(key_name));
+ p += sizeof(key_name);
/* output IV */
- memcpy(p, iv, EVP_CIPHER_CTX_iv_length(ctx));
- p += EVP_CIPHER_CTX_iv_length(ctx);
+ memcpy(p, iv, iv_len);
+ p += iv_len;
/* Encrypt session data */
if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
goto err;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3082a59..ef8d0ae 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3129,15 +3129,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
renew_ticket = 1;
} else {
/* Check key name matches */
- if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) {
+ if (memcmp(etick, tctx->tlsext_tick_key_name,
+ sizeof(tctx->tlsext_tick_key_name)) != 0) {
ret = 2;
goto err;
}
- if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
+ if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
+ sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL) <= 0
- || EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+ || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
tctx->tlsext_tick_aes_key,
- etick + 16) <= 0) {
+ etick + sizeof(tctx->tlsext_tick_key_name)) <= 0) {
goto err;
}
}
More information about the openssl-commits
mailing list